Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat(terraform): add CKV NCP rules about Load Balancer Exposed to Internet #3819

Merged
merged 32 commits into from
Nov 14, 2022
Merged

feat(terraform): add CKV NCP rules about Load Balancer Exposed to Internet #3819

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
32 commits
Select commit Hold shift + click to select a range
6b5d88a
[22.10.27][add]LBListenerUsesSecureProtocols
pj991207 Oct 27, 2022
bc86ad9
Merge branch 'bridgecrewio:master' into master
Floodnut Nov 1, 2022
1a03f18
Merge branch 'bridgecrewio:master' into master
pj991207 Nov 5, 2022
77b362b
[22.11.05][add]NCP_LBTargetGroupUsingHTTPS
pj991207 Nov 5, 2022
5952dd8
[22.11.05][delete]ncp_13_rule
pj991207 Nov 5, 2022
7ad9795
Merge branch 'bridgecrewio:master' into master
pj991207 Nov 6, 2022
e7ffe7d
[22.11.06][addNCP_LBNetworkPrivate
pj991207 Nov 6, 2022
20caece
Merge branch 'bridgecrewio:master' into ncp/rule-16
pj991207 Nov 8, 2022
255ac39
Delete LBTargetGroupUsingHTTPS.py
pj991207 Nov 8, 2022
750f155
Delete tests/terraform/checks/resource/ncp/example_LBTargetGroupUsing…
pj991207 Nov 8, 2022
8c1fb91
Delete test_LBTargetGroupUsingHTTPS.py
pj991207 Nov 8, 2022
cd3a124
[22.11.08][add]ncp_ckv_16 example tf code
pj991207 Nov 8, 2022
8f915a9
Merge branch 'ncp/rule-16' of https://github.com/init-cloud/checkov i…
pj991207 Nov 8, 2022
218ebab
[22.11.08][delete]CKVP_NCP_15
pj991207 Nov 8, 2022
c3aa017
[22.11.08]CKV_NCP_32
pj991207 Nov 8, 2022
f9be912
Revert "[22.11.08]CKV_NCP_32"
pj991207 Nov 8, 2022
b7341f7
[22.11.08][add]CKV_NCP_32
pj991207 Nov 8, 2022
b92c23b
Revert "[22.11.08][add]CKV_NCP_32"
pj991207 Nov 8, 2022
e840d67
Merge branch 'bridgecrewio:master' into master
Floodnut Nov 9, 2022
798c698
Update checkov/terraform/checks/resource/ncp/LBNetworkPrivate.py
pj991207 Nov 10, 2022
66f424b
Update checkov/terraform/checks/resource/ncp/LBNetworkPrivate.py
pj991207 Nov 10, 2022
54e6d81
Merge branch 'master' of https://github.com/init-cloud/checkov
pj991207 Nov 10, 2022
51e7f0c
Merge branch 'bridgecrewio:master' into master
Floodnut Nov 11, 2022
a8d41e3
Merge branch 'bridgecrewio:master' into master
pj991207 Nov 11, 2022
d250948
Merge branch 'master' of https://github.com/init-cloud/checkov
pj991207 Nov 11, 2022
25d3a6e
[22.11.12][fix]NCP_CKV_16
pj991207 Nov 12, 2022
ec25900
Revert "[22.11.12][fix]NCP_CKV_16"
pj991207 Nov 12, 2022
74715cb
[22.11.12][fix]CKV_NCP_16
pj991207 Nov 12, 2022
2e814c2
[22.11.12][fix]CKV_NCP_16
pj991207 Nov 12, 2022
5cda816
[22.11.13][fix]CKV_NCP_16
pj991207 Nov 13, 2022
c0062a3
Update checkov/terraform/checks/resource/ncp/LBNetworkPrivate.py
pj991207 Nov 14, 2022
105467d
Update checkov/terraform/checks/resource/ncp/LBNetworkPrivate.py
pj991207 Nov 14, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
24 changes: 24 additions & 0 deletions checkov/terraform/checks/resource/ncp/LBNetworkPrivate.py
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,24 @@
from __future__ import annotations

from checkov.common.models.enums import CheckCategories
from checkov.terraform.checks.resource.base_resource_value_check import BaseResourceValueCheck
from typing import Any


class LBNetworkPrivate(BaseResourceValueCheck):

def __init__(self):
name = "Ensure Load Balancer isn't exposed to the internet"
id = "CKV_NCP_16"
supported_resources = ("ncloud_lb",)
categories = (CheckCategories.NETWORKING,)
super().__init__(name=name, id=id, categories=categories, supported_resources=supported_resources)

def get_inspected_key(self) -> str:
return "network_type"

def get_expected_value(self) -> Any:
return "PRIVATE"


check = LBNetworkPrivate()
18 changes: 18 additions & 0 deletions tests/terraform/checks/resource/ncp/example_LBNetworkPrivate/main.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,18 @@
resource "ncloud_lb" "pass" {
name = "tf-lb-test"
network_type = "PRIVATE"
type = "APPLICATION"
subnet_no_list = [ ncloud_subnet.test.subnet_no ]
}

resource "ncloud_lb" "fail" {
name = "tf-lb-test"
network_type = "PUBLIC"
type = "APPLICATION"
subnet_no_list = [ ncloud_subnet.test.subnet_no ]
}
resource "ncloud_lb" "fail2" {
name = "tf-lb-test"
type = "APPLICATION"
subnet_no_list = [ ncloud_subnet.test.subnet_no ]
}
41 changes: 41 additions & 0 deletions tests/terraform/checks/resource/ncp/test_LBNetworkPrivate.py
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,41 @@
import unittest
from pathlib import Path

from checkov.runner_filter import RunnerFilter
from checkov.terraform.checks.resource.ncp.LBNetworkPrivate import check
from checkov.terraform.runner import Runner


class TestLBNetworkPrivate(unittest.TestCase):
def test(self):
# given
test_files_dir = Path(__file__).parent / "example_LBNetworkPrivate"

# when
report = Runner().run(root_folder=str(test_files_dir), runner_filter=RunnerFilter(checks=[check.id]))

# then
summary = report.get_summary()

passing_resources = {
"ncloud_lb.pass",
}
failing_resources = {
"ncloud_lb.fail",
"ncloud_lb.fail2"
}

passed_check_resources = {c.resource for c in report.passed_checks}
failed_check_resources = {c.resource for c in report.failed_checks}

self.assertEqual(summary["passed"], 1)
self.assertEqual(summary["failed"], 2)
self.assertEqual(summary["skipped"], 0)
self.assertEqual(summary["parsing_errors"], 0)

self.assertEqual(passing_resources, passed_check_resources)
self.assertEqual(failing_resources, failed_check_resources)


if __name__ == "__main__":
unittest.main()