How to use the checkov.terraform.models.enums.CheckResult function in checkov

To help you get started, we’ve selected a few checkov examples, based on popular ways it is used in public projects.

Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.

github bridgecrewio / checkov / tests / terraform / checks / resource / aws / test_PasswordPolicyReuse.py View on Github external
def test_failure(self):
        resource_conf = {
            "minimum_password_length": [15],
            "require_lowercase_characters": [True],
            "require_numbers": [True],
            "require_uppercase_characters": [True],
            "require_symbols": [True],
            "allow_users_to_change_password": [True],
            "max_password_age": [89],
            "password_reuse_prevention": [4]
        }
        scan_result = check.scan_resource_conf(conf=resource_conf)
        self.assertEqual(CheckResult.FAILED, scan_result)
github bridgecrewio / checkov / tests / terraform / checks / resource / aws / test_PasswordPolicyExpiration.py View on Github external
def test_failure_on_missing_property(self):
        resource_conf = {
            "minimum_password_length": [15],
            "require_lowercase_characters": [True],
            "require_numbers": [True],
            "require_uppercase_characters": [True],
            "require_symbols": [True],
            "allow_users_to_change_password": [True],
        }
        scan_result = check.scan_resource_conf(conf=resource_conf)
        self.assertEqual(CheckResult.FAILED, scan_result)
github bridgecrewio / checkov / tests / terraform / checks / resource / aws / test_S3AccessLogs.py View on Github external
def test_failure_s3_accesslogs(self):
        resource_conf = {"region": ["us-west-2"],
                         "bucket": ["my_bucket"],
                         "acl": ["public-read"],
                         "force_destroy": [True],
                         "tags": [{"Name": "my-bucket"}]}
        scan_result = check.scan_resource_conf(conf=resource_conf)
        self.assertEqual(CheckResult.FAILED, scan_result)
github bridgecrewio / checkov / checkov / terraform / checks / resource / aws / PasswordPolicyLowercaseLetter.py View on Github external
def scan_resource_conf(self, conf):
        """
            validates iam password policy
            https://www.terraform.io/docs/providers/aws/r/iam_account_password_policy.html
        :param conf: aws_iam_account_password_policy configuration
        :return: 
        """
        key = 'require_lowercase_characters'
        if key in conf.keys():
            if conf[key][0]:
                return CheckResult.PASSED
        return CheckResult.FAILED
github bridgecrewio / checkov / checkov / terraform / checks / resource / gcp / GoogleContainerClusterMonitoringEnabled.py View on Github external
def scan_resource_conf(self, conf):
        """
            Looks for monitoring configuration on google_container_cluster:
            https://www.terraform.io/docs/providers/google/r/container_cluster.html
        :param conf: google_container_cluster configuration
        :return: 
        """
        if 'monitoring_service' in conf:
            if conf['monitoring_service'][0] == "none":
                return CheckResult.FAILED
        return CheckResult.PASSED
github bridgecrewio / checkov / checkov / terraform / checks / resource / aws / PasswordPolicyUppercaseLetter.py View on Github external
def scan_resource_conf(self, conf):
        """
            validates iam password policy
            https://www.terraform.io/docs/providers/aws/r/iam_account_password_policy.html
        :param conf: aws_iam_account_password_policy configuration
        :return: 
        """
        key = 'require_uppercase_characters'
        if key in conf.keys():
            if conf[key][0]:
                return CheckResult.PASSED
        return CheckResult.FAILED
github bridgecrewio / checkov / checkov / terraform / checks / resource / aws / KMSRotation.py View on Github external
def scan_resource_conf(self, conf):
        """
            validates kms rotation
            https://www.terraform.io/docs/providers/aws/r/kms_key.html
        :param conf: aws_kms_key configuration
        :return: 
        """
        key = 'enable_key_rotation'
        if key in conf.keys():
            if conf[key]:
                return CheckResult.PASSED
        return CheckResult.FAILED
github bridgecrewio / checkov / checkov / terraform / checks / resource / aws / ElasticsearchNodeToNodeEncryption.py View on Github external
:return: 
        """
        if "cluster_config" in conf.keys():

            instance_count = conf["cluster_config"][0]["instance_count"][0]
            if isinstance(instance_count,int):
                if instance_count > 1:
                    if "node_to_node_encryption" in conf.keys():
                        if conf["node_to_node_encryption"][0]["enabled"][0]:
                            return CheckResult.PASSED
                        else:
                            return CheckResult.FAILED
                    else:
                        return CheckResult.FAILED
                else:
                    return CheckResult.PASSED
            else:
                return CheckResult.UNKNOWN
        return CheckResult.PASSED

checkov

Infrastructure as code static analysis

Apache-2.0
Latest version published 3 days ago

Package Health Score

94 / 100
Full package analysis