Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Rule IDs with spaces cannot be skipped #610

Closed
adamjohnson01 opened this issue Mar 10, 2021 · 9 comments · Fixed by #833
Closed

Rule IDs with spaces cannot be skipped #610

adamjohnson01 opened this issue Mar 10, 2021 · 9 comments · Fixed by #833
Assignees
@harkirat22 @patilpankaj212 @nasir-rabbani
Labels
bug policy Issue concerning policy maintainers.

Comments

@adamjohnson01
Copy link

adamjohnson01 commented Mar 10, 2021
edited
Loading

  • terrascan version: 1.4.0
  • Operating System: Docker and Darwin

Description

I am trying to skip the following but the rule id has spaces in it so it does not work.

	Description    :	Ensure CloudWatch logging is enabled for Route53 hosted zones.
	File           :	route53.tf
	Line           :	66
	Severity       :	MEDIUM
	Rule Name      :	route53LoggingDisabled
	Rule ID        :	AWS.Route53 query logs.Logging.Medium.0574
	Resource Name  :	dns
	Resource Type  :	aws_route53_zone
	Category       :	Logging

	-----------------------------------------------------------------------

What I Did

I added the following to the resource

ts:skip=AWS.Route53 query logs.Logging.Medium.0574 Only works with public route53
@fetep
Copy link

fetep commented Mar 20, 2021

Also seeing this behavior. Should we fix the rule skipper to support spaces, or rename policies to not have spaces in their reference_id?

@MrMickS
Copy link

MrMickS commented May 7, 2021

We are seeing the same issue with rules of the form AC_AWS_078 or AC_AWS_070.

@kanchwala-yusuf
Copy link
Contributor

kanchwala-yusuf commented May 7, 2021
edited
Loading

@MrMickS, Can you please share an example of your IaC file with us? Just want to reproduce it on my own? Also, please let us know how are you using rule skipping

@harkirat22
Copy link
Contributor

@fetep we will make changes to all such policie's reference ids.

@harkirat22 harkirat22 self-assigned this May 7, 2021
@amirbenv amirbenv added the bug label May 7, 2021
@kanchwala-yusuf kanchwala-yusuf added the policy Issue concerning policy maintainers. label May 11, 2021
@nasir-rabbani nasir-rabbani linked a pull request Jun 3, 2021 that will close this issue
Support for spaces in policy reference_id #833
Merged
@nasir-rabbani
Copy link
Contributor

@adamjohnson01 @MrMickS

Sorry for causing confusions and the issues, which were due to inconsistency in nomenclature of reference_id. With PR #786 we are intending to standardize the Rule IDs.

Even though we have added support for spaces while skipping rule, we highly recommend everyone to refer newly added id instead of reference_id for the scanning or suppressing of specific policy.

Please feel free to re-open this issue if it doesn't work as expected. Thanks.

@nasir-rabbani
Copy link
Contributor

  • terrascan version: 1.4.0
  • Operating System: Docker and Darwin

Description

I am trying to skip the following but the rule id has spaces in it so it does not work.

	Description    :	Ensure CloudWatch logging is enabled for Route53 hosted zones.
	File           :	route53.tf
	Line           :	66
	Severity       :	MEDIUM
	Rule Name      :	route53LoggingDisabled
	Rule ID        :	AWS.Route53 query logs.Logging.Medium.0574
	Resource Name  :	dns
	Resource Type  :	aws_route53_zone
	Category       :	Logging

	-----------------------------------------------------------------------

What I Did

I added the following to the resource

ts:skip=AWS.Route53 query logs.Logging.Medium.0574 Only works with public route53

The corresponding id for this policy is AC_AWS_0204. Please let us know if this works for you.

@nasir-rabbani
Copy link
Contributor

AC_AWS_078

Please use the following corresponding id values:

AC_AWS_0497 instead of AC_AWS_078
AC_AWS_0480 instead of AC_AWS_070

Please confirm if this solves your purpose.

@sarahc23
Copy link

sarahc23 commented Jul 28, 2021
edited
Loading

Hi there, we're having a similar issue. We're trying to suppress AC_AWS_0320, whose id field has the same name.

We've tried

#ts:skip=AC_AWS_0320 Allow SSH

and also (just for good measure)

#ts:skip=networkPort22ExposedToprivate Allow SSH

but neither worked.

As a shot in the dark, terrascan flagged the issue inside an aws_security_group_rule so that's where we placed the comment. Is this supposed to go inside an aws_security_group resource instead?

@nasir-rabbani
Copy link
Contributor

@sarahc23

It would be better for us to understand if you could please attach some reference of where exactly you are putting the comment.

We need to put the comment inside the resource block which is violating the policy. Refer this.

Do let us know if this helped.

@sarahc23 sarahc23 mentioned this issue Aug 2, 2021
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@harkirat22 harkirat22

@patilpankaj212 patilpankaj212

@nasir-rabbani nasir-rabbani

Labels
bug policy Issue concerning policy maintainers.
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Support for spaces in policy reference_id nasir-rabbani/terrascan
9 participants
@fetep @MrMickS @adamjohnson01 @harkirat22 @patilpankaj212 @kanchwala-yusuf @sarahc23 @nasir-rabbani @amirbenv