Merge pull request #6970 from Checkmarx/joaom/kics-1361

feat(engine): similarity id improve
Checkmarx · May 16, 2024 · 9fca6c8 · 9fca6c8
2 parents 98076c1 + cced901
commit 9fca6c8
Show file tree

Hide file tree

Showing 52 changed files with 4,725 additions and 4,264 deletions.
diff --git a/assets/libraries/cloudformation.rego b/assets/libraries/cloudformation.rego
@@ -258,3 +258,11 @@ getPath(path) = result {
 	count(path) == 0
 	result := ""
 }
+
+createSearchKey(elem) = search {
+	not elem.Name.Ref
+	search := sprintf("=%s", [elem.Name])
+} else = search {
+	elem.Name.Ref
+	search := sprintf(".Ref=%s", [elem.Name.Ref])
+}
diff --git a/assets/queries/cloudFormation/aws/ecs_task_definition_healthcheck_missing/query.rego b/assets/queries/cloudFormation/aws/ecs_task_definition_healthcheck_missing/query.rego
@@ -9,14 +9,17 @@ CxPolicy[result] {
 	contDef := resource.Properties.ContainerDefinitions[idx]
 	not common_lib.valid_key(contDef, "HealthCheck")
 
+    getkey := cf_lib.createSearchKey(contDef)
+    searchkey := sprintf("Resources.%s.Properties.ContainerDefinitions.%v.Name%s", [name,idx,getkey])
+
 	result := {
 		"documentId": input.document[i].id,
 		"resourceType": resource.Type,
 		"resourceName": cf_lib.get_resource_name(resource, name),
-		"searchKey": sprintf("Resources.%s.Properties.ContainerDefinitions", [name]),
+        "searchKey": searchkey,
 		"issueType": "MissingAttribute",
 		"keyExpectedValue": sprintf("'Resources.%s.Properties.ContainerDefinitions' should contain 'HealthCheck' property", [name]),
 		"keyActualValue": sprintf("'Resources.%s.Properties.ContainerDefinitions' doesn't contain 'HealthCheck' property", [name]),
-		"searchLine": common_lib.build_search_line(["Resources", name, "Properties", "ContainerDefinitions"], [idx]),
+		"searchLine": common_lib.build_search_line(["Resources", name, "Properties", "ContainerDefinitions"], [idx, "Name","Ref" ]),
 	}
 }
diff --git a/...dFormation/aws/ecs_task_definition_healthcheck_missing/test/positive_expected_result.json b/...dFormation/aws/ecs_task_definition_healthcheck_missing/test/positive_expected_result.json
@@ -3,10 +3,10 @@
     "fileName": "positive1.yaml",
     "queryName": "ECS Task Definition HealthCheck Missing",
     "severity": "LOW",
-    "line": 47
+    "line": 48
   },
   {
-    "line": 29,
+    "line": 55,
     "fileName": "positive2.json",
     "queryName": "ECS Task Definition HealthCheck Missing",
     "severity": "LOW"

diff --git a/assets/queries/cloudFormation/aws/ecs_task_definition_invalid_cpu_or_memory/query.rego b/assets/queries/cloudFormation/aws/ecs_task_definition_invalid_cpu_or_memory/query.rego
@@ -19,7 +19,9 @@ CxPolicy[result] {
 	}
 
 	checkMemory(taskDef, memory) == true
-	searchkey := createSearchKey(name2, taskDef.Properties.ContainerDefinitions[_])
+
+    getkey := cf_lib.createSearchKey(taskDef.Properties.ContainerDefinitions[_])
+    searchkey = sprintf("Resources.%s.Properties.ContainerDefinitions.Name%s", [name2, getkey])
 
 	result := {
 		"documentId": input.document[i].id,
@@ -41,7 +43,8 @@ CxPolicy[result] {
 	cpuMem := {256, 512, 1024, 2048, 4096}
 	cpu := taskDef.Properties.ContainerDefinitions[_].Cpu
 	not commonLib.inArray(cpuMem, cpu)
-	searchkey := createSearchKey(name2, taskDef.Properties.ContainerDefinitions[_])
+	getkey := cf_lib.createSearchKey(taskDef.Properties.ContainerDefinitions[_])
+    searchkey := sprintf("Resources.%s.Properties.ContainerDefinitions.Name%s", [name2, getkey])
 
 	result := {
 		"documentId": input.document[i].id,
@@ -75,12 +78,4 @@ checkRemainder(mem, cpu) {
 	not mem % 1024 == 0
 }
 
-createSearchKey(a, b) = search {
-	not b.Name.Ref
-	search := sprintf("Resources.%s.Properties.ContainerDefinitions.Name=%s", [a, b.Name])
-}
 
-createSearchKey(a, b) = search {
-	b.Name.Ref
-	search := sprintf("Resources.%s.Properties.ContainerDefinitions.Name.Ref=%s", [a, b.Name.Ref])
-}