diff --git a/assets/queries/cloudFormation/aws/api_gateway_access_logging_disabled/query.rego b/assets/queries/cloudFormation/aws/api_gateway_access_logging_disabled/query.rego index 3596a1b00eb..a0421a9a34f 100644 --- a/assets/queries/cloudFormation/aws/api_gateway_access_logging_disabled/query.rego +++ b/assets/queries/cloudFormation/aws/api_gateway_access_logging_disabled/query.rego @@ -114,8 +114,8 @@ CxPolicy[result] { resource.Type == "AWS::ApiGateway::Stage" properties := resource.Properties - methodSettings := properties.MethodSettings - not common_lib.valid_key(methodSettings, "LoggingLevel") + methodSetting := properties.MethodSettings[j] + not common_lib.valid_key(methodSetting, "LoggingLevel") result := { "documentId": input.document[i].id, @@ -123,9 +123,9 @@ CxPolicy[result] { "resourceName": cf_lib.get_resource_name(resource, name), "searchKey": sprintf("Resources.%s.Properties.MethodSettings", [name]), "issueType": "MissingAttribute", - "keyExpectedValue": sprintf("Resources.%s.Properties.MethodSettings.LoggingLevel should be defined and not null", [name]), - "keyActualValue": sprintf("Resources.%s.Properties.MethodSettings.LoggingLevel are undefined or null", [name]), - "searchLine": common_lib.build_search_line(["Resources", name, "Properties", "MethodSettings"], []), + "keyExpectedValue": sprintf("Resources.%s.Properties.MethodSettings[%d].LoggingLevel should be defined and not null", [name, j]), + "keyActualValue": sprintf("Resources.%s.Properties.MethodSettings[%d].LoggingLevel is undefined or null", [name, j]), + "searchLine": common_lib.build_search_line(["Resources", name, "Properties", "MethodSettings", j], []), } } @@ -135,18 +135,18 @@ CxPolicy[result] { resource.Type == "AWS::ApiGateway::Stage" properties := resource.Properties - loggingLevel := properties.MethodSettings.LoggingLevel + loggingLevel := properties.MethodSettings[j].LoggingLevel loggingLevel == "" result := { "documentId": input.document[i].id, "resourceType": resource.Type, "resourceName": cf_lib.get_resource_name(resource, name), - "searchKey": sprintf("Resources.%s.Properties.MethodSettings.LoggingLevel", [name]), + "searchKey": sprintf("Resources.%s.Properties.MethodSettings[%d].LoggingLevel", [name, j]), "issueType": "IncorrectValue", - "keyExpectedValue": sprintf("Resources.%s.Properties.MethodSettings.LoggingLevel should be not be empty", [name]), - "keyActualValue": sprintf("Resources.%s.Properties.MethodSettings.LoggingLevel is empty", [name]), - "searchLine": common_lib.build_search_line(["Resources", name, "Properties", "MethodSettings", "LoggingLevel"], []), + "keyExpectedValue": sprintf("Resources.%s.Properties.MethodSettings[%d].LoggingLevel should not be empty", [name, j]), + "keyActualValue": sprintf("Resources.%s.Properties.MethodSettings[%d].LoggingLevel is empty", [name, j]), + "searchLine": common_lib.build_search_line(["Resources", name, "Properties", "MethodSettings", j, "LoggingLevel"], []), } } @@ -156,18 +156,18 @@ CxPolicy[result] { resource.Type == "AWS::ApiGateway::Stage" properties := resource.Properties - loggingLevel := properties.MethodSettings.LoggingLevel + loggingLevel := properties.MethodSettings[j].LoggingLevel loggingLevel == "OFF" result := { "documentId": input.document[i].id, "resourceType": resource.Type, "resourceName": cf_lib.get_resource_name(resource, name), - "searchKey": sprintf("Resources.%s.Properties.MethodSettings.LoggingLevel", [name]), + "searchKey": sprintf("Resources.%s.Properties.MethodSettings[%d].LoggingLevel", [name, j]), "issueType": "IncorrectValue", - "keyExpectedValue": sprintf("Resources.%s.Properties.MethodSettings.LoggingLevel should not be set to OFF", [name]), - "keyActualValue": sprintf("Resources.%s.Properties.MethodSettings.LoggingLevel is OFF", [name]), - "searchLine": common_lib.build_search_line(["Resources", name, "Properties", "MethodSettings", "LoggingLevel"], []), + "keyExpectedValue": sprintf("Resources.%s.Properties.MethodSettings[%d].LoggingLevel should not be set to OFF", [name, j]), + "keyActualValue": sprintf("Resources.%s.Properties.MethodSettings[%d].LoggingLevel is OFF", [name, j]), + "searchLine": common_lib.build_search_line(["Resources", name, "Properties", "MethodSettings", j, "LoggingLevel"], []), } } diff --git a/assets/queries/cloudFormation/aws/api_gateway_access_logging_disabled/test/negative3.json b/assets/queries/cloudFormation/aws/api_gateway_access_logging_disabled/test/negative3.json index 9d769ca6ee0..fc1c2174cec 100644 --- a/assets/queries/cloudFormation/aws/api_gateway_access_logging_disabled/test/negative3.json +++ b/assets/queries/cloudFormation/aws/api_gateway_access_logging_disabled/test/negative3.json @@ -13,13 +13,15 @@ "DeploymentId": { "Ref": "MyDeployment" }, - "MethodSettings": { - "DetailedMetricsEnabled": true, - "LoggingLevel": "INFO", - "DataTraceEnabled": false, - "ThrottlingBurstLimit": 10, - "ThrottlingRateLimit": 10 - }, + "MethodSettings": [ + { + "DetailedMetricsEnabled": true, + "LoggingLevel": "INFO", + "DataTraceEnabled": false, + "ThrottlingBurstLimit": 10, + "ThrottlingRateLimit": 10 + } + ], "RestApiId": { "Ref": "CFNWebSocket" } diff --git a/assets/queries/cloudFormation/aws/api_gateway_access_logging_disabled/test/negative4.yaml b/assets/queries/cloudFormation/aws/api_gateway_access_logging_disabled/test/negative4.yaml index 1785d620fae..2b3b563c4a3 100644 --- a/assets/queries/cloudFormation/aws/api_gateway_access_logging_disabled/test/negative4.yaml +++ b/assets/queries/cloudFormation/aws/api_gateway_access_logging_disabled/test/negative4.yaml @@ -8,7 +8,7 @@ Resources: DeploymentId: !Ref TestDeployment DocumentationVersion: "" MethodSettings: - LoggingLevel: "ON" + - LoggingLevel: "INFO" AccessLogSetting: DestinationArn: "dest" Format: "format" \ No newline at end of file diff --git a/assets/queries/cloudFormation/aws/api_gateway_access_logging_disabled/test/positive10.json b/assets/queries/cloudFormation/aws/api_gateway_access_logging_disabled/test/positive10.json index 8dd532335a1..7b63630ac37 100644 --- a/assets/queries/cloudFormation/aws/api_gateway_access_logging_disabled/test/positive10.json +++ b/assets/queries/cloudFormation/aws/api_gateway_access_logging_disabled/test/positive10.json @@ -16,8 +16,9 @@ "RestApiId": { "Ref": "CFNWebSocket" }, - "MethodSettings": { - } + "MethodSettings": [ + {} + ] } } } diff --git a/assets/queries/cloudFormation/aws/api_gateway_access_logging_disabled/test/positive12.json b/assets/queries/cloudFormation/aws/api_gateway_access_logging_disabled/test/positive12.json index 3bbd4b22c77..437d744f274 100644 --- a/assets/queries/cloudFormation/aws/api_gateway_access_logging_disabled/test/positive12.json +++ b/assets/queries/cloudFormation/aws/api_gateway_access_logging_disabled/test/positive12.json @@ -16,13 +16,15 @@ "RestApiId": { "Ref": "CFNWebSocket" }, - "MethodSettings": { - "DetailedMetricsEnabled": true, - "LoggingLevel": "OFF", - "DataTraceEnabled": false, - "ThrottlingBurstLimit": 10, - "ThrottlingRateLimit": 10 - } + "MethodSettings": [ + { + "DetailedMetricsEnabled": true, + "LoggingLevel": "OFF", + "DataTraceEnabled": false, + "ThrottlingBurstLimit": 10, + "ThrottlingRateLimit": 10 + } + ] } } } diff --git a/assets/queries/cloudFormation/aws/api_gateway_access_logging_disabled/test/positive14.yaml b/assets/queries/cloudFormation/aws/api_gateway_access_logging_disabled/test/positive14.yaml index 91e68e12d8f..c3ead642fa4 100644 --- a/assets/queries/cloudFormation/aws/api_gateway_access_logging_disabled/test/positive14.yaml +++ b/assets/queries/cloudFormation/aws/api_gateway_access_logging_disabled/test/positive14.yaml @@ -11,4 +11,4 @@ Resources: DeploymentId: !Ref TestDeployment DocumentationVersion: "" MethodSettings: - LoggingLevel: "OFF" \ No newline at end of file + - LoggingLevel: "OFF" \ No newline at end of file diff --git a/assets/queries/cloudFormation/aws/api_gateway_access_logging_disabled/test/positive16.yaml b/assets/queries/cloudFormation/aws/api_gateway_access_logging_disabled/test/positive16.yaml index 11ebeedb967..f157b31db8b 100644 --- a/assets/queries/cloudFormation/aws/api_gateway_access_logging_disabled/test/positive16.yaml +++ b/assets/queries/cloudFormation/aws/api_gateway_access_logging_disabled/test/positive16.yaml @@ -8,4 +8,4 @@ Resources: DeploymentId: !Ref TestDeployment DocumentationVersion: "" MethodSettings: - LoggingLevel: "ON" \ No newline at end of file + - LoggingLevel: "INFO" \ No newline at end of file diff --git a/assets/queries/cloudFormation/aws/api_gateway_access_logging_disabled/test/positive6.json b/assets/queries/cloudFormation/aws/api_gateway_access_logging_disabled/test/positive6.json index 2133df7f76a..f41668d62ab 100644 --- a/assets/queries/cloudFormation/aws/api_gateway_access_logging_disabled/test/positive6.json +++ b/assets/queries/cloudFormation/aws/api_gateway_access_logging_disabled/test/positive6.json @@ -9,13 +9,15 @@ "DeploymentId": { "Ref": "MyDeployment" }, - "MethodSettings": { - "DetailedMetricsEnabled": true, - "LoggingLevel": "INFO", - "DataTraceEnabled": false, - "ThrottlingBurstLimit": 10, - "ThrottlingRateLimit": 10 - }, + "MethodSettings": [ + { + "DetailedMetricsEnabled": true, + "LoggingLevel": "INFO", + "DataTraceEnabled": false, + "ThrottlingBurstLimit": 10, + "ThrottlingRateLimit": 10 + } + ], "RestApiId": { "Ref": "CFNWebSocket" } diff --git a/assets/queries/cloudFormation/aws/api_gateway_access_logging_disabled/test/positive_expected_result.json b/assets/queries/cloudFormation/aws/api_gateway_access_logging_disabled/test/positive_expected_result.json index 4038d0f764d..9387c92c29a 100644 --- a/assets/queries/cloudFormation/aws/api_gateway_access_logging_disabled/test/positive_expected_result.json +++ b/assets/queries/cloudFormation/aws/api_gateway_access_logging_disabled/test/positive_expected_result.json @@ -2,7 +2,19 @@ { "queryName": "API Gateway V2 Stage Access Logging Settings Not Defined", "severity": "MEDIUM", - "line": 16, + "line": 17, + "fileName": "positive1.yaml" + }, + { + "queryName": "API Gateway V2 Stage Access Logging Settings Not Defined", + "severity": "MEDIUM", + "line": 21, + "fileName": "positive1.yaml" + }, + { + "queryName": "API Gateway V2 Stage Access Logging Settings Not Defined", + "severity": "MEDIUM", + "line": 25, "fileName": "positive1.yaml" }, { @@ -68,13 +80,7 @@ { "queryName": "API Gateway V2 Stage Access Logging Settings Not Defined", "severity": "MEDIUM", - "line": 13, - "fileName": "positive11.yaml" - }, - { - "queryName": "API Gateway V2 Stage Access Logging Settings Not Defined", - "severity": "MEDIUM", - "line": 21, + "line": 22, "fileName": "positive12.json" }, {