rule

package

v0.58.12 Latest Latest Go to latest Published: Oct 1, 2021 License: MIT Imports: 10 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/aquasecurity/tfsec

Links

Open Source Insights

Documentation ¶

Index ¶

func CheckRule(r *Rule, resourceBlock block.Block, module block.Module, ignoreErrors bool) (resultSet result.Set)
func IsRuleRequiredForBlock(rule *Rule, b block.Block) bool
type Rule
- func (r Rule) ID() string
- func (r Rule) MatchesID(id string) bool
type RuleDocumentation

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func CheckRule ¶

func CheckRule(r *Rule, resourceBlock block.Block, module block.Module, ignoreErrors bool) (resultSet result.Set)

CheckRule the provided HCL block against the rule

func IsRuleRequiredForBlock ¶

func IsRuleRequiredForBlock(rule *Rule, b block.Block) bool

IsRuleRequiredForBlock returns true if the Rule should be applied to the given HCL block

Types ¶

type Rule ¶

type Rule struct {
	LegacyID string

	Service   string // EC2
	ShortCode string // ebs-volume-encrypted

	Documentation   RuleDocumentation
	Provider        provider.Provider
	RequiredTypes   []string
	RequiredLabels  []string
	RequiredSources []string
	DefaultSeverity severity.Severity
	CheckFunc       func(result.Set, block.Block, block.Module)
}

Rule is a targeted security test which can be applied to terraform templates. It includes the types to run on e.g. "resource", and the labels to run on e.g. "aws_s3_bucket".

func (Rule) ID ¶

func (r Rule) ID() string

func (Rule) MatchesID ¶ added in v0.50.0

func (r Rule) MatchesID(id string) bool

type RuleDocumentation ¶

type RuleDocumentation struct {

	// Summary is a brief description of the check, e.g. "Unencrypted S3 Bucket"
	Summary string

	// Explanation (markdown) contains reasoning for the check, details on it's value, and remediation info
	Explanation string

	// Impact contains a brief summary of the impact of failing the check
	Impact string

	// Resolution contains a brief summary of the resolution for the failing check
	Resolution string

	// BadExample (hcl) contains Terraform code which would cause the check to fail
	BadExample []string

	// GoodExample (hcl) modifies the BadExample content to cause the check to pass
	GoodExample []string

	// Links are URLs which contain further reading related to the check
	Links []string
}

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL