Skip to content

Commit

Permalink
Update AWS Account ID rule
Browse files Browse the repository at this point in the history
  • Loading branch information
@adeptex
adeptex committed Oct 4, 2024
1 parent ff79bc3 commit 25ab7d9
Show file tree
Hide file tree
Showing 6 changed files with 14 additions and 14 deletions.
6 changes: 3 additions & 3 deletions tests/fixtures/arn.xml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,8 +5,8 @@
<ok02>arn:aws:kms:{REGION}:{ACCOUNT}:key/{KEY_ID}</ok02>
</compliant>
<noncompliant>
<arn01>arn:aws:kms:eu-central-1:123456123456:key/hardcoded</arn01>
<arn02>arn:aws:kms:ap-southeast-1:123456123456:key/hardcoded</arn02>
<arn03>arn:aws:iam::123456123456:oidc-provider/auth-dev.mozilla.auth0.com</arn03>
<arn01>arn:aws:kms:eu-central-1:111122223333:key/hardcoded</arn01>
<arn02>arn:aws:kms:ap-southeast-1:111122223333:key/hardcoded</arn02>
<arn03>arn:aws:iam::111122223333:oidc-provider/auth-dev.mozilla.auth0.com</arn03>
</noncompliant>
</tests>
8 changes: 4 additions & 4 deletions tests/fixtures/arn.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,8 +4,8 @@ compliant:


noncompliant:
arn01: arn:aws:kms:eu-central-1:123456123456:key/hardcoded
arn02: arn:aws:kms:ap-southeast-1:123456123456:key/hardcoded
arn03: arn:aws:iam::123456123456:oidc-provider/auth-dev.mozilla.auth0.com
arn01: arn:aws:kms:eu-central-1:111122223333:key/hardcoded
arn02: arn:aws:kms:ap-southeast-1:111122223333:key/hardcoded
arn03: arn:aws:iam::111122223333:oidc-provider/auth-dev.mozilla.auth0.com
arn_list:
- arn:aws:kms:eu-central-1:123456123456:key/hardcoded
- arn:aws:kms:eu-central-1:111122223333:key/hardcoded
4 changes: 2 additions & 2 deletions tests/fixtures/aws.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@
"aws_id": "{{ AWS ID }}",
"aws_key": "${AWS_KEY}",
"commit_id": "912ec803b2ce49e4a541068d495ab57000000000",
"role": "arn:aws:iam::123456789000:role/role-name"
"role": "arn:aws:iam::111122223333:role/role-name"
},
{
"aws_account01": "000000000000",
Expand All @@ -18,7 +18,7 @@
"aws_token": "FakeYXdzELv//////////wEldj3948yOJRO84jgpoip239232hEOHhfkjhefkwue97jorhfiuh+XjFC9Je/YG7JCqKjrspab2lB+7/Fb1NJFjgwur47Dbhs/L7nh+/VGnwLoAo8CIqoPBLRmXItaoiuuofZnr+ktihZk1Yi55sYZ12hfRMPVbDmhf9Ke683+e9bJirhUEghw9424JOhgwrgqq99MvzCEFe4eXPOSgAcQcD2xqnnKO738tjhoh23HFqjflhefibWegfqefgqUF12hvgfwegqf"
},
{
"aws_account01": "123456789123"
"aws_account01": "111122223333"
}
]
}
4 changes: 2 additions & 2 deletions tests/fixtures/aws.xml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,14 +4,14 @@
<aws_id>{{ AWS ID }}</aws_id>
<aws_key>${AWS_KEY}</aws_key>
<commit_id>912ec803b2ce49e4a541068d495ab57000000000</commit_id>
<role>arn:aws:iam::123456789000:role/role-name</role>
<role>arn:aws:iam::111122223333:role/role-name</role>
<aws_account>000000000000</aws_account>
<aws_account>111111111111</aws_account>
</compliant>
<noncompliant>
<aws_id>AKIAHI38FAKE1IWUQEEN</aws_id>
<aws_key>PA3XsxZ8d8cPQLmnZzFAKEdzC6ND2a8vhbyXU/Dw</aws_key>
<aws_token>FakeYXdzELv//////////wEldj3948yOJRO84jgpoip239232hEOHhfkjhefkwue97jorhfiuh+XjFC9Je/YG7JCqKjrspab2lB+7/Fb1NJFjgwur47Dbhs/L7nh+/VGnwLoAo8CIqoPBLRmXItaoiuuofZnr+ktihZk1Yi55sYZ12hfRMPVbDmhf9Ke683+e9bJirhUEghw9424JOhgwrgqq99MvzCEFe4eXPOSgAcQcD2xqnnKO738tjhoh23HFqjflhefibWegfqefgqUF12hvgfwegqf</aws_token>
<aws_account>123456789123</aws_account>
<aws_account>111122223333</aws_account>
</noncompliant>
</tests>
4 changes: 2 additions & 2 deletions tests/fixtures/aws.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,12 +2,12 @@ compliant:
aws_id: "{{ AWS ID }}"
aws_key: "${AWS_KEY}"
commit_id: 912ec803b2ce49e4a541068d495ab57000000000
role: arn:aws:iam::123456789000:role/role-name
role: arn:aws:iam::111122223333:role/role-name
aws_account01: '000000000000'
aws_account02: '111111111111'

noncompliant:
aws_id: AKIAHI38FAKE1IWUQEEN
aws_key: PA3XsxZ8d8cPQLmnZzFAKEdzC6ND2a8vhbyXU/Dw
aws_token: FakeYXdzELv//////////wEldj3948yOJRO84jgpoip239232hEOHhfkjhefkwue97jorhfiuh+XjFC9Je/YG7JCqKjrspab2lB+7/Fb1NJFjgwur47Dbhs/L7nh+/VGnwLoAo8CIqoPBLRmXItaoiuuofZnr+ktihZk1Yi55sYZ12hfRMPVbDmhf9Ke683+e9bJirhUEghw9424JOhgwrgqq99MvzCEFe4eXPOSgAcQcD2xqnnKO738tjhoh23HFqjflhefibWegfqefgqUF12hvgfwegqf
aws_account: '123456789123'
aws_account: '111122223333'
2 changes: 1 addition & 1 deletion whispers/rules/keys.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -56,7 +56,7 @@
regex: .*aws.*
ignorecase: False
value:
regex: "^(?!.*\\s)(?!(.)\\1{11})[0-9]{12}$"
regex: "^(?!.*\\s)(?!(.)\\1{11})(?!.*1234.*)[0-9]{12}$"
ignorecase: False


Expand Down

0 comments on commit 25ab7d9

Please sign in to comment.