From 32abeeef8664ee5d7a76039cfde9c0361b548776 Mon Sep 17 00:00:00 2001
From: Xavier Garceau-Aranda <xavier.garceau-aranda@nccgroup.com>
Date: Thu, 13 Feb 2020 19:36:42 +0100
Subject: [PATCH] Improve rationales

---
 .../findings/cloudresourcemanager-primitive-role-in-use.json    | 1 +
 .../findings/cloudresourcemanager-sa-has-admin-privileges.json  | 2 +-
 2 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/ScoutSuite/providers/gcp/rules/findings/cloudresourcemanager-primitive-role-in-use.json b/ScoutSuite/providers/gcp/rules/findings/cloudresourcemanager-primitive-role-in-use.json
index 9849f3f64..f9b896276 100644
--- a/ScoutSuite/providers/gcp/rules/findings/cloudresourcemanager-primitive-role-in-use.json
+++ b/ScoutSuite/providers/gcp/rules/findings/cloudresourcemanager-primitive-role-in-use.json
@@ -1,6 +1,7 @@
 {
   "dashboard_name": "Bindings",
   "description": "Primitive Role In Use",
+  "rationale": "<b>Description:</b><br><br>Primitive roles grant significant privileges. In most cases, usage of these roles is not recommended and does not follow security best practice.<br><br><b>Note: </b>This rule may flag Google-Managed Service Accounts. Google services rely on these Service Accounts having access to the project, and recommends not removing or changing the Service Account's role (see https://cloud.google.com/iam/docs/service-accounts#google-managed).<br><br><b>References:</b><ul><li>CIS Google Cloud Platform Foundations v1.0.0 1.4</li></ul>",
   "path": "cloudresourcemanager.projects.id.bindings.id",
   "conditions": [ "and",
     [ "cloudresourcemanager.projects.id.bindings.id.name", "containAtLeastOneOf", ["owner", "editor", "viewer"] ]
diff --git a/ScoutSuite/providers/gcp/rules/findings/cloudresourcemanager-sa-has-admin-privileges.json b/ScoutSuite/providers/gcp/rules/findings/cloudresourcemanager-sa-has-admin-privileges.json
index 80e911a09..65b298a43 100644
--- a/ScoutSuite/providers/gcp/rules/findings/cloudresourcemanager-sa-has-admin-privileges.json
+++ b/ScoutSuite/providers/gcp/rules/findings/cloudresourcemanager-sa-has-admin-privileges.json
@@ -1,7 +1,7 @@
 {
   "dashboard_name": "Bindings",
   "description": "Service Account with Admin Privileges",
-  "rationale": "<b>Description:</b><br><br>Service accounts represent service-level security of the Resources (application or a VM) which can be determined by the roles assigned to it. Enrolling ServiceAccount with Admin rights gives full access to assigned application or a VM, ServiceAccount Access holder can user, so It's recommended not to have Admin rights.<br><br><b>References:</b><ul><li>CIS Google Cloud Platform Foundations v1.0.0 1.4</li></ul>",
+  "rationale": "<b>Description:</b><br><br>Service accounts represent service-level security of the Resources (application or a VM) which can be determined by the roles assigned to it. Enrolling Service Accounts with administrative privileges grants full access to assigned application or a VM, Service Account Access holder can user.<br><br><b>Note: </b>This rule may flag Google-Managed Service Accounts. Google services rely on these Service Accounts having access to the project, and recommends not removing or changing the Service Account's role (see https://cloud.google.com/iam/docs/service-accounts#google-managed).<br><br><b>References:</b><ul><li>CIS Google Cloud Platform Foundations v1.0.0 1.4</li></ul>",
   "path": "cloudresourcemanager.projects.id.bindings.id",
   "conditions": [ "and",
     [ "or",