Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat(terraform): add CKV NCP rules about access control group Inbound rule. #3627

Merged
merged 38 commits into from
Oct 25, 2022
Merged

feat(terraform): add CKV NCP rules about access control group Inbound rule. #3627

merged 38 commits into from
Oct 25, 2022

Conversation

Floodnut
Copy link
Contributor

@Floodnut Floodnut commented Oct 9, 2022
edited
Loading

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

Description

Add terraform scan rules about provider Naver Cloud Platform.

CKV_NCP_4, 5 is associated with Access Control Group Inbound Rule.
This rule suggests no access control groups allow inbound from 0.0.0.0 to port 22 and 3389.

Description

https://registry.terraform.io/providers/NaverCloudPlatform/ncloud/latest/docs/resources/access_control_group_rule

Checklist:

  • My code follows the style guidelines of this project
  • I have performed a self-review of my own code
  • I have commented my code, particularly in hard-to-understand areas
  • I have made corresponding changes to the documentation
  • I have added tests that prove my feature, policy, or fix is effective and works
  • New and existing tests pass locally with my changes
  • Any dependent changes have been merged and published in downstream modules

pj991207 and others added 30 commits September 27, 2022 14:52
@pj991207
[22.09.27][추가] CKV_NCP_1
5afbd24
@Floodnut
[22.09.27][추가] CKV_NCP_2
4d48fe1
@Floodnut
[22.09.27][Merge]
9011d54 
branch 'master' of https://github.com/init-cloud/checkov
@pj991207 @gruebel
Apply suggestions from code review
ea829d9 
Co-authored-by: Anton Grübel <[email protected]>
@pj991207 @gruebel
Apply suggestions from code review
0e76a1f 
Co-authored-by: Anton Grübel <[email protected]>
@pj991207 @gruebel
Apply suggestions from code review
5150177 
Co-authored-by: Anton Grübel <[email protected]>
@pj991207
Create main.yml
d2b322f
@Floodnut
[22.09.28][수정] Lint test
a7e3000
@Floodnut
Merge branch 'master' of https://github.com/init-cloud/checkov
2f7dcdf
@pj991207
Delete main.yml
f8e7357
@pj991207
[22.09.29][수정]testcode 수정
52cb35d
@Floodnut
[22.09.29][수정] 테스트 코드 수정
b1555cb
@Floodnut
[22.09.29][수정] 테스트코드 수정
e77773d
@pj991207
Merge branch 'master' into master
51d2b71
@Floodnut
[22.09.29][수정] add test resource for 'ncloud_access_control_group_rule'
1ccffed
@Floodnut
Merge branch 'master' of https://github.com/init-cloud/checkov
49fb76a
@Floodnut
Merge branch 'bridgecrewio:master' into master
a8ef4c5
@Floodnut
Merge branch 'bridgecrewio:master' into master
281c4dc
@pj991207
Merge branch 'bridgecrewio:master' into master
ad93303
@pj991207
[22.10.03][add]CKV_AWS_3 RULE
5d8360b
@pj991207
Merge branch 'bridgecrewio:master' into master
b21c1f4
@pj991207
[22.10.04][add]CKV_NCP_4, CKV_NCP_5 RULE
3b28b37
@Floodnut
[22.10.04][add] NCP ACG Inbound for port 22, 3389
87ecf3d
@taeng0204
[22.10.04][add] NCP NACL for port 20, 21, 22, 3389
53cd21b
@taeng0204
[22.10.05][modify] LBSecureProtocols.py
8867513
@taeng0204
[22.10.05][add] NCP ACGIngress & Egress Check
ab60ab0
@Floodnut
[22.10.06][add] NCP rules about ACG, LB, NACL, Encrpytion
f8be0ae
@Floodnut
[22.10.06][refactor] rename rules
edfeef9
[22.10.07][add] NCP NACLPortCheck
0a66496
@Floodnut
[22.10.08][refactor] modify rule id 77 to 14
740fc95
gruebel
gruebel reviewed Oct 14, 2022
View reviewed changes
Copy link
Contributor

@gruebel gruebel left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

great job on crating an abstract class for inbound rule checks 💪 left some comments

checkov/terraform/checks/resource/ncp/AccessControlGroupRuleDescription.py Outdated Show resolved Hide resolved
checkov/terraform/checks/resource/ncp/AccessControlGroupInboundRule.py Outdated Show resolved Hide resolved
checkov/terraform/checks/resource/ncp/AccessControlGroupInboundRule.py Outdated Show resolved Hide resolved
checkov/terraform/checks/resource/ncp/AccessControlGroupInboundRulePort22.py Outdated Show resolved Hide resolved
checkov/terraform/checks/resource/ncp/AccessControlGroupInboundRulePort3389.py Outdated Show resolved Hide resolved
@Floodnut
Copy link
Contributor Author

Thank you for all advice! I modified this PR!

gruebel
gruebel approved these changes Oct 21, 2022
View reviewed changes
Copy link
Contributor

@gruebel gruebel left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nice, great work 🥇

@nimrodkor nimrodkor merged commit 74e86b8 into bridgecrewio:master Oct 25, 2022
PelegLi pushed a commit that referenced this pull request Oct 25, 2022
@Floodnut @pj991207
@gruebel @taeng0204 @schosterbarak
feat(terraform): add CKV NCP rules about access control group Inbound…
495cc84 
… rule. (#3627)

* [22.09.27][추가] CKV_NCP_1

* [22.09.27][추가] CKV_NCP_2

* Apply suggestions from code review

Co-authored-by: Anton Grübel <[email protected]>

* Apply suggestions from code review

Co-authored-by: Anton Grübel <[email protected]>

* Apply suggestions from code review

Co-authored-by: Anton Grübel <[email protected]>

* Create main.yml

* [22.09.28][수정] Lint test

* Delete main.yml

* [22.09.29][수정]testcode 수정

* [22.09.29][수정] 테스트 코드 수정

* [22.09.29][수정] 테스트코드 수정

* [22.09.29][수정] add test resource for 'ncloud_access_control_group_rule'

* [22.10.03][add]CKV_AWS_3 RULE

* [22.10.04][add]CKV_NCP_4, CKV_NCP_5 RULE

* [22.10.04][add] NCP ACG Inbound for port 22, 3389

* [22.10.04][add] NCP NACL for port 20, 21, 22, 3389

* [22.10.05][modify] LBSecureProtocols.py

* [22.10.05][add] NCP ACGIngress & Egress Check

* [22.10.06][add] NCP rules about ACG, LB, NACL, Encrpytion

* [22.10.06][refactor] rename rules

* [22.10.07][add] NCP NACLPortCheck

* [22.10.08][refactor] modify rule id 77 to 14

* [22.10.09][refactor] modify for ncp tf rules 4, 5

* [22.10.15][refactor] refactoring acg rule 4, 5

* [22.10.15][refactor] refactoring ncp acg absclass

* [22.10.18][fix] ncp rule 2 id fix

* [22.10.19][refactor] adjust ncp rule 4, 5

Co-authored-by: pj991207 <[email protected]>
Co-authored-by: Anton Grübel <[email protected]>
Co-authored-by: taeng0204 <[email protected]>
Co-authored-by: yudam <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@gruebel gruebel gruebel approved these changes

@nimrodkor nimrodkor nimrodkor approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@Floodnut @nimrodkor @gruebel @pj991207 @taeng0204