Skip to content

Commit

Permalink
Merge pull request #483 from bridgecrewio/bugfix/extra748_check_for_a…
Browse files Browse the repository at this point in the history 
…ll_ports

Check extra748 should fail in case of all ports (0-65535) open
  • Loading branch information
@toniblyx
toniblyx committed Feb 19, 2020
2 parents fff605b + 28a8ae7 commit bf9ffc0
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion checks/check_extra748
View file
Original file line number Diff line number Diff line change
Expand Up @@ -18,7 +18,7 @@ CHECK_ALTERNATE_check748="extra748"

extra748(){
for regx in $REGIONS; do
SG_LIST=$($AWSCLI ec2 describe-security-groups --query 'SecurityGroups[?length(IpPermissions[?((FromPort==null && ToPort==null) || (FromPort==null && ToPort==null)) && (contains(IpRanges[].CidrIp, `0.0.0.0/0`) || contains(Ipv6Ranges[].CidrIpv6, `::/0`))]) > `0`].{GroupId:GroupId}' $PROFILE_OPT --region $regx --output text)
SG_LIST=$($AWSCLI ec2 describe-security-groups --query 'SecurityGroups[?length(IpPermissions[?((FromPort==null && ToPort==null) || (FromPort==`0` && ToPort==`65535`)) && (contains(IpRanges[].CidrIp, `0.0.0.0/0`) || contains(Ipv6Ranges[].CidrIpv6, `::/0`))]) > `0`].{GroupId:GroupId}' $PROFILE_OPT --region $regx --output text)
if [[ $SG_LIST ]];then
for SG in $SG_LIST;do
textFail "$regx: Found Security Group: $SG open to 0.0.0.0/0" "$regx"
Expand Down

0 comments on commit bf9ffc0

Please sign in to comment.