Merge pull request #99 from aquasecurity/liamg-fixaws-vpc-metadata-is…

…sues Fix aws vpc metadata issues
aquasecurity · Jan 24, 2022 · 702185b · 702185b
2 parents 963e0c7 + 1f527df
commit 702185b
Show file tree

Hide file tree

Showing 3 changed files with 29 additions and 29 deletions.
diff --git a/rules/aws/vpc/add_description_to_security_group_rule.go b/rules/aws/vpc/add_description_to_security_group_rule.go
@@ -22,28 +22,28 @@ Simplifies auditing, debugging, and managing security groups.`,
 		Links: []string{
 			"https://www.cloudconformity.com/knowledge-base/aws/EC2/security-group-rules-description.html",
 		},
-		Terraform:   &rules.EngineMetadata{
-            GoodExamples:        terraformAddDescriptionToSecurityGroupRuleGoodExamples,
-            BadExamples:         terraformAddDescriptionToSecurityGroupRuleBadExamples,
-            Links:               terraformAddDescriptionToSecurityGroupRuleLinks,
-            RemediationMarkdown: terraformAddDescriptionToSecurityGroupRuleRemediationMarkdown,
-        },
-        CloudFormation:   &rules.EngineMetadata{
-            GoodExamples:        cloudFormationAddDescriptionToSecurityGroupRuleGoodExamples,
-            BadExamples:         cloudFormationAddDescriptionToSecurityGroupRuleBadExamples,
-            Links:               cloudFormationAddDescriptionToSecurityGroupRuleLinks,
-            RemediationMarkdown: cloudFormationAddDescriptionToSecurityGroupRuleRemediationMarkdown,
-        },
-        Severity: severity.Low,
+		Terraform: &rules.EngineMetadata{
+			GoodExamples:        terraformAddDescriptionToSecurityGroupRuleGoodExamples,
+			BadExamples:         terraformAddDescriptionToSecurityGroupRuleBadExamples,
+			Links:               terraformAddDescriptionToSecurityGroupRuleLinks,
+			RemediationMarkdown: terraformAddDescriptionToSecurityGroupRuleRemediationMarkdown,
+		},
+		CloudFormation: &rules.EngineMetadata{
+			GoodExamples:        cloudFormationAddDescriptionToSecurityGroupRuleGoodExamples,
+			BadExamples:         cloudFormationAddDescriptionToSecurityGroupRuleBadExamples,
+			Links:               cloudFormationAddDescriptionToSecurityGroupRuleLinks,
+			RemediationMarkdown: cloudFormationAddDescriptionToSecurityGroupRuleRemediationMarkdown,
+		},
+		Severity: severity.Low,
 	},
 	func(s *state.State) (results rules.Results) {
 		for _, group := range s.AWS.VPC.SecurityGroups {
 			for _, rule := range append(group.EgressRules, group.IngressRules...) {
 				if rule.Description.IsEmpty() {
 					results.Add(
 						"Security group rule does not have a description.",
-						&group,
 						&rule,
+						rule.Description,
 					)
 				} else {
 					results.AddPassed(&rule)

diff --git a/rules/aws/vpc/no_public_egress_sgr.go b/rules/aws/vpc/no_public_egress_sgr.go
@@ -44,7 +44,7 @@ var CheckNoPublicEgressSgr = rules.Register(
 						fail = true
 						results.Add(
 							"Security group rule allows egress to multiple public internet addresses.",
-							&group,
+							&rule,
 							block,
 						)
 					}

diff --git a/rules/aws/vpc/no_public_ingress_sgr.go b/rules/aws/vpc/no_public_ingress_sgr.go
@@ -21,19 +21,19 @@ var CheckNoPublicIngressSgr = rules.Register(
 		Links: []string{
 			"https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/security-group-rules-reference.html",
 		},
-		Terraform:   &rules.EngineMetadata{
-            GoodExamples:        terraformNoPublicIngressSgrGoodExamples,
-            BadExamples:         terraformNoPublicIngressSgrBadExamples,
-            Links:               terraformNoPublicIngressSgrLinks,
-            RemediationMarkdown: terraformNoPublicIngressSgrRemediationMarkdown,
-        },
-        CloudFormation:   &rules.EngineMetadata{
-            GoodExamples:        cloudFormationNoPublicIngressSgrGoodExamples,
-            BadExamples:         cloudFormationNoPublicIngressSgrBadExamples,
-            Links:               cloudFormationNoPublicIngressSgrLinks,
-            RemediationMarkdown: cloudFormationNoPublicIngressSgrRemediationMarkdown,
-        },
-        Severity: severity.Critical,
+		Terraform: &rules.EngineMetadata{
+			GoodExamples:        terraformNoPublicIngressSgrGoodExamples,
+			BadExamples:         terraformNoPublicIngressSgrBadExamples,
+			Links:               terraformNoPublicIngressSgrLinks,
+			RemediationMarkdown: terraformNoPublicIngressSgrRemediationMarkdown,
+		},
+		CloudFormation: &rules.EngineMetadata{
+			GoodExamples:        cloudFormationNoPublicIngressSgrGoodExamples,
+			BadExamples:         cloudFormationNoPublicIngressSgrBadExamples,
+			Links:               cloudFormationNoPublicIngressSgrLinks,
+			RemediationMarkdown: cloudFormationNoPublicIngressSgrRemediationMarkdown,
+		},
+		Severity: severity.Critical,
 	},
 	func(s *state.State) (results rules.Results) {
 		for _, group := range s.AWS.VPC.SecurityGroups {
@@ -44,7 +44,7 @@ var CheckNoPublicIngressSgr = rules.Register(
 						failed = true
 						results.Add(
 							"Security group rule allows ingress from public internet.",
-							&group,
+							&rule,
 							block,
 						)
 					}