Skip to content

feat(terraform): 7 new policies #7056

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 32 commits into from
May 19, 2025
Merged

feat(terraform): 7 new policies #7056

merged 32 commits into from
May 19, 2025

Conversation

TomerSegev241
Copy link
Collaborator

@TomerSegev241 TomerSegev241 commented Mar 17, 2025
edited by tsmithv11
Loading

User description

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

Description

  • CKV2_AWS_76 aligns to "AWS ALB attached WAFv2 WebACL is not configured with AMR for Log4j Vulnerability" 974cbc1a-d26b-4465-bbdc-991edf2a334b
  • CKV2_AWS_77 aligns to "AWS API Gateway Rest API attached WAFv2 WebACL is not configured with AMR for Log4j Vulnerability" 8d65d3b7-75f2-4628-b07b-ab574041dbdf
  • CKV2_AWS_78 aligns to "AWS AppSync attached WAFv2 WebACL is not configured with AMR for Log4j Vulnerability" efecd50f-5a1f-4d6d-b862-8e760b9612e4
  • CKV_AWS_389 aligns to "AWS Auto Scaling group launch configuration has public IP address assignment enabled" 8336772f-d32c-4a8f-9c72-0ae7dcb637e9
  • CKV_AWS_390 aligns to "AWS EMR Block public access setting disabled" 0bcfdab2-31d8-4dc9-a91c-42c7a7242e01
  • CKV_AWS_391 aligns to "AWS Redshift cluster with commonly used master username and public access setting enabled" 4482eb7e-513a-4620-922f-16f495fbc4b0
  • CKV_AWS_392 aligns to "AWS S3 access point Block public access setting disabled" b1b718d8-e62e-497d-80f2-2baa66a4f8bd
  • CKV_AWS_388 aligns to "Ensure AWS Aurora PostgreSQL is not exposed to local file read vulnerability" c69f2020-a640-4df1-91fc-f1a14e480cb8

Checklist:

  • I have performed a self-review of my own code
  • I have commented my code, particularly in hard-to-understand areas
  • I have made corresponding changes to the documentation
  • I have added tests that prove my feature, policy, or fix is effective and works
  • New and existing tests pass locally with my changes

@TomerSegev241 TomerSegev241 changed the title 7 new policies feat(terraform): 7 new policies Mar 17, 2025
tsmithv11
tsmithv11 requested changes Mar 22, 2025
View reviewed changes
Copy link
Collaborator

@tsmithv11 tsmithv11 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nice work! Left some comments. Also:

  1. Please add in the description the CKV ID to Prisma Cloud ID mapping
  2. Make sure the tests pass
  3. Add evaluated_keys or get_evaluated_keys

@TomerSegev241
update due to Taylor comments
756672e
@TomerSegev241
Merge remote-tracking branch 'origin/feat(terraform)-medium-policies-…
6748fe6 
…from-CSPM' into feat(terraform)-medium-policies-from-CSPM

# Conflicts:
#	checkov/terraform/checks/resource/aws/EMRPubliclyAccessible.py
#	checkov/terraform/checks/resource/aws/RedshiftClusterWithCommonUsernameAndPublicAccess.py
#	checkov/terraform/checks/resource/aws/S3BucketPubliclyReadableViaACL.py
#	checkov/terraform/checks/resource/aws/WAFv2VulnerableForLog4j.py
tsmithv11
tsmithv11 reviewed May 13, 2025
View reviewed changes
@TomerSegev241 TomerSegev241 requested a review from tsmithv11 May 18, 2025 10:14
@tsmithv11 tsmithv11 merged commit 88c08b9 into main May 19, 2025
43 of 44 checks passed
@tsmithv11 tsmithv11 deleted the feat(terraform)-medium-policies-from-CSPM branch May 19, 2025 15:13
Saarett pushed a commit that referenced this pull request May 19, 2025
@TomerSegev241 @tsmithv11 @actions-user
feat(terraform): 7 new policies (#7056)
3962f1f 
* 7 new policies

* Update checkov/terraform/checks/resource/aws/AutoScalingGroupWithPublicAccess.py

Co-authored-by: Taylor <[email protected]>

* Update checkov/terraform/checks/resource/aws/EMRPubliclyAccessible.py

Co-authored-by: Taylor <[email protected]>

* Update checkov/terraform/checks/resource/aws/RedshiftClusterWithCommonUsernameAndPublicAccess.py

Co-authored-by: Taylor <[email protected]>

* Update checkov/terraform/checks/resource/aws/S3BucketPubliclyReadableViaACL.py

Co-authored-by: Taylor <[email protected]>

* Update checkov/terraform/checks/resource/aws/UnpatchedAuroraPostgresDB.py

Co-authored-by: Taylor <[email protected]>

* Update checkov/terraform/checks/resource/aws/WAFv2VulnerableForLog4j.py

Co-authored-by: Taylor <[email protected]>

* Update checkov/terraform/checks/resource/aws/S3AccessPointPubliclyAccessible.py

Co-authored-by: Taylor <[email protected]>

* changes due to @taylor comments

* pre-commit warnings fixed

* update due to Taylor comments

* delete auto created init file

* delete auto created init file

* delete python test file

* fix expected failures

* Switch class

* Fixes

* fix flake8

* fix tests

* Update IDs

* fix id

---------

Co-authored-by: Taylor <[email protected]>
Co-authored-by: Taylor <[email protected]>
Saarett pushed a commit that referenced this pull request May 19, 2025
@TomerSegev241 @tsmithv11 @actions-user
feat(terraform): 7 new policies (#7056)
50100e8 
* 7 new policies

* Update checkov/terraform/checks/resource/aws/AutoScalingGroupWithPublicAccess.py

Co-authored-by: Taylor <[email protected]>

* Update checkov/terraform/checks/resource/aws/EMRPubliclyAccessible.py

Co-authored-by: Taylor <[email protected]>

* Update checkov/terraform/checks/resource/aws/RedshiftClusterWithCommonUsernameAndPublicAccess.py

Co-authored-by: Taylor <[email protected]>

* Update checkov/terraform/checks/resource/aws/S3BucketPubliclyReadableViaACL.py

Co-authored-by: Taylor <[email protected]>

* Update checkov/terraform/checks/resource/aws/UnpatchedAuroraPostgresDB.py

Co-authored-by: Taylor <[email protected]>

* Update checkov/terraform/checks/resource/aws/WAFv2VulnerableForLog4j.py

Co-authored-by: Taylor <[email protected]>

* Update checkov/terraform/checks/resource/aws/S3AccessPointPubliclyAccessible.py

Co-authored-by: Taylor <[email protected]>

* changes due to @taylor comments

* pre-commit warnings fixed

* update due to Taylor comments

* delete auto created init file

* delete auto created init file

* delete python test file

* fix expected failures

* Switch class

* Fixes

* fix flake8

* fix tests

* Update IDs

* fix id

---------

Co-authored-by: Taylor <[email protected]>
Co-authored-by: Taylor <[email protected]>
@sourcery-ai sourcery-ai bot mentioned this pull request May 19, 2025
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@tsmithv11 tsmithv11 tsmithv11 approved these changes

@bo156 bo156 bo156 approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@TomerSegev241 @tsmithv11 @bo156