kics
kics copied to clipboard
KICS Auto Remediation: support for Ansible [AZURE] queries
Description
At the moment, KICS provides auto remediation for simple replacements and simple additions in a single line in Terraform queries. It would be great if this feature was also implemented for Ansible [AZURE] queries.
Steps
- Add
remediationandremediation_typein the following queries:
| QUERY NAME | QUERY ID | REMEDIATION |
|---|---|---|
| Admin User Enabled For Container Registry | 29f35127-98e6-43af-8ec1-201b79f99604 | Replacement |
| AKS Monitoring Logging Disabled | d5e83b32-56dd-4247-8c2e-074f43b38a5e | Replacement |
| AKS RBAC Disabled | 149fa56c-4404-4f90-9e25-d34b676d5b39 | Replacement Addition |
| Default Network Access is Allowed | 974e6fe7-63fd-4fa4-aa72-77b21a4a959d | Replacement |
| Firewall Rule Allows Too Many Hosts To Access Redis Cache | 69f72007-502e-457b-bd2d-5012e31ac049 | Replacement |
| Key Vault Soft Delete Is Disabled | 881696a8-68c5-4073-85bc-7c38a3deb854 | Replacement Addition |
| Log Retention Is Not Set | 0461b4fd-21ef-4687-929e-484ee4796785 | Replacement |
| Monitoring Log Profile Without All Activities | 89f84a1e-75f8-47c5-83b5-bee8e2de4168 | Replacement |
| MySQL SSL Connection Disabled | 2a901825-0f3b-4655-a0fe-e0470e50f8e6 | Replacement Addition |
| PostgreSQL Log Checkpoints Disabled | 7ab33ac0-e4a3-418f-a673-50da4e34df21 | Replacement |
| PostgreSQL Log Connections Not Set | 7b47138f-ec0e-47dc-8516-e7728fe3cc17 | Replacement |
| PostgreSQL Log Duration Not Set | 729ebb15-8060-40f7-9017-cb72676a5487 | Replacement |
| PostgreSQL Server Without Connection Throttling | a9becca7-892a-4af7-b9e1-44bf20a4cd9a | Replacement |
| PostgreSQL Log Disconnections Not Set | 054d07b5-941b-4c28-8eef-18989dc62323 | Replacement |
| Public Storage Account | 35e2f133-a395-40de-a79d-b260d973d1bd | Replacement |
| Redis Cache Allows Non SSL Connections | 869e7fb4-30f0-4bdb-b360-ad548f337f2f | Replacement |
| Small Activity Log Retention Period | 37fafbea-dedb-4e0d-852e-d16ee0589326 | Replacement Addition |
| SSL Enforce Disabled | 961ce567-a16d-4d7d-9027-f0ec2628a555 | Replacement Addicion |
| Storage Account Not Forcing HTTPS | 2c99a474-2a3c-4c17-8294-53ffa5ed0522 | Replacement Addition |
| Storage Account Not Using Latest TLS Encryption Version | c62746cf-92d5-4649-9acf-7d48d086f2ee | Replacement Addition |
| Web App Accepting Traffic Other Than HTTPS | eb8c2560-8bee-4248-9d0d-e80c8641dd91 | Replacement Addition |
-
Change
test/queries_test.go(line 262) andpkg/remediation/utils.go(line 37) -
Test through
go test ./test --timeout 1500s -v