Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat(terraform): add CKV NCP rules about Load Balancer Listener Using HTTPS #3858

Merged
merged 31 commits into from
Nov 29, 2022
Merged

feat(terraform): add CKV NCP rules about Load Balancer Listener Using HTTPS #3858

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
31 commits
Select commit Hold shift + click to select a range
6b5d88a
[22.10.27][add]LBListenerUsesSecureProtocols
pj991207 Oct 27, 2022
bc86ad9
Merge branch 'bridgecrewio:master' into master
Floodnut Nov 1, 2022
1a03f18
Merge branch 'bridgecrewio:master' into master
pj991207 Nov 5, 2022
77b362b
[22.11.05][add]NCP_LBTargetGroupUsingHTTPS
pj991207 Nov 5, 2022
5952dd8
[22.11.05][delete]ncp_13_rule
pj991207 Nov 5, 2022
7ad9795
Merge branch 'bridgecrewio:master' into master
pj991207 Nov 6, 2022
7a416e8
Update checkov/terraform/checks/resource/ncp/LBTargetGroupUsingHTTPS.py
pj991207 Nov 7, 2022
cc64169
Update checkov/terraform/checks/resource/ncp/LBTargetGroupUsingHTTPS.py
pj991207 Nov 7, 2022
218ebab
[22.11.08][delete]CKVP_NCP_15
pj991207 Nov 8, 2022
c3aa017
[22.11.08]CKV_NCP_32
pj991207 Nov 8, 2022
f9be912
Revert "[22.11.08]CKV_NCP_32"
pj991207 Nov 8, 2022
b7341f7
[22.11.08][add]CKV_NCP_32
pj991207 Nov 8, 2022
b92c23b
Revert "[22.11.08][add]CKV_NCP_32"
pj991207 Nov 8, 2022
e840d67
Merge branch 'bridgecrewio:master' into master
Floodnut Nov 9, 2022
54e6d81
Merge branch 'master' of https://github.com/init-cloud/checkov
pj991207 Nov 10, 2022
51e7f0c
Merge branch 'bridgecrewio:master' into master
Floodnut Nov 11, 2022
8837631
[22.11.11[[add]CKV2_AWS_42
pj991207 Nov 11, 2022
4275cac
Merge branch 'ncp/rule-15' of https://github.com/init-cloud/checkov i…
pj991207 Nov 11, 2022
e773947
[22.11.12][fix]CKV_NCP_15
pj991207 Nov 11, 2022
f0a7a74
Revert "[22.11.12][fix]CKV_NCP_15"
pj991207 Nov 11, 2022
a8d41e3
Merge branch 'bridgecrewio:master' into master
pj991207 Nov 11, 2022
30e09d4
Merge branch 'master' of https://github.com/init-cloud/checkov into n…
pj991207 Nov 11, 2022
17f1a26
[22.11.12][fix]CKV2_AWS_42
pj991207 Nov 11, 2022
74c076b
[22.11.12][add]CKV_NCP_30
pj991207 Nov 11, 2022
c56863c
[22.11.12][fix]CKV_NCP_24
pj991207 Nov 12, 2022
0b62bdc
[22.11.12][fix]CKV_NCP_24
pj991207 Nov 12, 2022
5f388cf
[22.11.28][fix]CKV_NCP_24
pj991207 Nov 27, 2022
ec4cc7a
Merge branch 'bridgecrewio:main' into ncp/rule-24
pj991207 Nov 27, 2022
4a52f4b
Update checkov/terraform/checks/resource/ncp/LBListenerUsingHTTPS.py
pj991207 Nov 28, 2022
db7a2e5
[22.11.29][fix]CKV_NCP_24
pj991207 Nov 28, 2022
8432a66
[22.11.29][fix]CKV_NCP_24
pj991207 Nov 29, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
23 changes: 23 additions & 0 deletions checkov/terraform/checks/resource/ncp/LBListenerUsingHTTPS.py
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,23 @@
from __future__ import annotations

from checkov.common.models.enums import CheckCategories
from checkov.terraform.checks.resource.base_resource_value_check import BaseResourceValueCheck


class LBListenerUsingHTTPS(BaseResourceValueCheck):

def __init__(self):
name = "Ensure Load Balancer Listener Using HTTPS"
id = "CKV_NCP_24"
supported_resources = ("ncloud_lb_listener",)
categories = (CheckCategories.GENERAL_SECURITY,)
super().__init__(name=name, id=id, categories=categories, supported_resources=supported_resources)

def get_inspected_key(self):
return 'protocol'

def get_expected_value(self):
return 'HTTPS'


check = LBListenerUsingHTTPS()
12 changes: 12 additions & 0 deletions tests/terraform/checks/resource/ncp/example_LBListenerUsingHTTPS/main.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,12 @@
resource "ncloud_lb_listener" "pass" {
load_balancer_no = ncloud_lb.test.load_balancer_no
protocol = "HTTPS"
port = 80
target_group_no = ncloud_lb_target_group.test.target_group_no
}
resource "ncloud_lb_listener" "fail" {
load_balancer_no = ncloud_lb.test.load_balancer_no
protocol = "HTTP"
port = 80
target_group_no = ncloud_lb_target_group.test.target_group_no
}
40 changes: 40 additions & 0 deletions tests/terraform/checks/resource/ncp/test_LBListenerUsingHTTPS.py
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,40 @@
import unittest
from pathlib import Path

from checkov.runner_filter import RunnerFilter
from checkov.terraform.checks.resource.ncp.LBListenerUsingHTTPS import check
from checkov.terraform.runner import Runner


class TestLBListenerUsingHTTPS(unittest.TestCase):
def test(self):
# given
test_files_dir = Path(__file__).parent / "example_LBListenerUsingHTTPS"

# when
report = Runner().run(root_folder=str(test_files_dir), runner_filter=RunnerFilter(checks=[check.id]))

# then
summary = report.get_summary()

passing_resources = {
"ncloud_lb_listener.pass",
}
failing_resources = {
"ncloud_lb_listener.fail",
}

passed_check_resources = {c.resource for c in report.passed_checks}
failed_check_resources = {c.resource for c in report.failed_checks}

self.assertEqual(summary["passed"], 1)
self.assertEqual(summary["failed"], 1)
self.assertEqual(summary["skipped"], 0)
self.assertEqual(summary["parsing_errors"], 0)

self.assertEqual(passing_resources, passed_check_resources)
self.assertEqual(failing_resources, failed_check_resources)


if __name__ == "__main__":
unittest.main()