Feature/separate queries inside folders (#1653)

Author: cx-joao-reigota

…3_bucket_rules_with_awskms/metadata.json …3_bucket_rules_with_awskms/metadata.jsonassets/queries/ansible/s3_bucket_rules_with_awskms/metadata.json renamed to assets/queries/ansible/aws/s3_bucket_rules_with_awskms/metadata.json assets/queries/ansible/s3_bucket_rules_with_awskms/metadata.json renamed to assets/queries/ansible/aws/s3_bucket_rules_with_awskms/metadata.json

@@ -12,7 +12,7 @@ CxPolicy [ result ] {
 
     result := {
             "documentId": document.id,
-            "searchKey": sprintf("name=%s.{{amazon.aws.s3_bucket}}.encryption", [s3_bucket.name]),
+            "searchKey": sprintf("name=%s.{{amazon.aws.s3_bucket}}.encryption", [tasks[t].name]),
             "issueType": "MissingAttribute",
             "keyExpectedValue": "amazon.aws.s3_bucket.encryption_key_id is defined",
             "keyActualValue": "amazon.aws.s3_bucket.encryption_key_id is undefined"
@@ -31,7 +31,7 @@ CxPolicy [ result ] {
 
     result := {
             "documentId": document.id,
-            "searchKey": sprintf("name=%s.{{amazon.aws.s3_bucket}}.encryption", [s3_bucket.name]),
+            "searchKey": sprintf("name=%s.{{amazon.aws.s3_bucket}}.encryption", [tasks[t].name]),
             "issueType": "IncorrectValue",
             "keyExpectedValue": "amazon.aws.s3_bucket.encryption_key_id is defined",
             "keyActualValue": "amazon.aws.s3_bucket.encryption_key_id is empty or null"

…e/s3_bucket_rules_with_awskms/query.rego …s/s3_bucket_rules_with_awskms/query.regoassets/queries/ansible/s3_bucket_rules_with_awskms/query.rego renamed to assets/queries/ansible/aws/s3_bucket_rules_with_awskms/query.rego assets/queries/ansible/s3_bucket_rules_with_awskms/query.rego renamed to assets/queries/ansible/aws/s3_bucket_rules_with_awskms/query.rego

@@ -0,0 +1,6 @@
+---
+- name: mys3Bucket
+  amazon.aws.s3_bucket:
+      name: mys3bucket
+      state: present
+      encryption: "AES256"

assets/queries/ansible/aws/s3_bucket_rules_with_awskms/test/negative.yaml

@@ -0,0 +1,6 @@
+---
+- name: mys3Bucket
+  amazon.aws.s3_bucket:
+      name: mys3bucket
+      state: present
+      encryption: "aws:kms"

assets/queries/ansible/aws/s3_bucket_rules_with_awskms/test/positive.yaml

@@ -2,6 +2,6 @@
 	{
 		"queryName": "S3 Bucket Rules With Master Key Id Null",
 		"severity": "HIGH",
-		"line": 3
+		"line": 6
 	}
 ]

…wskms/test/positive_expected_result.json …wskms/test/positive_expected_result.jsonassets/queries/ansible/s3_bucket_rules_with_awskms/test/positive_expected_result.json renamed to assets/queries/ansible/aws/s3_bucket_rules_with_awskms/test/positive_expected_result.json assets/queries/ansible/s3_bucket_rules_with_awskms/test/positive_expected_result.json renamed to assets/queries/ansible/aws/s3_bucket_rules_with_awskms/test/positive_expected_result.json

@@ -3,45 +3,45 @@ package Cx
 CxPolicy [ result ] {
    document := input.document
    metadata := document[i].metadata
-   spec := document[i].spec 
+   spec := document[i].spec
    containers := spec.containers
-   images = object.get(containers[c], "image", "undefined") != "undefined" 
+   images = object.get(containers[c], "image", "undefined") != "undefined"
    not images
-   
+
    result := {
                 "documentId": 		input.document[i].id,
-                "searchKey": 	    sprintf("metadata.name=%s.spec.containers[%d].image", [metadata.name, c]),
+                "searchKey": 	    sprintf("metadata.name=%s.spec.containers.name=%s", [metadata.name, containers[c].name]),
                 "issueType":		   "MissingAttribute",
-                "keyExpectedValue": sprintf("metadata.name=%s.spec.containers[%d].image is defined", [metadata.name, c]),
-                "keyActualValue": 	sprintf("metadata.name=%s.spec.containers[%d].image is undefined", [metadata.name, c])
+                "keyExpectedValue": sprintf("metadata.name=%s.spec.containers.name=%s.image is defined", [metadata.name, containers[c].name]),
+                "keyActualValue": 	sprintf("metadata.name=%s.spec.containers.name=%s.image is undefined", [metadata.name, containers[c].name])
               }
 }
 
 CxPolicy [ result ] {
    document := input.document
    metadata := document[i].metadata
-   spec := document[i].spec 
+   spec := document[i].spec
    containers := spec.containers
    images = containers[c].image
-   check_content(images)	
-   
+   check_content(images)
+
    result := {
                 "documentId": 		input.document[i].id,
-                "searchKey": 	    sprintf("metadata.name=%s.spec.containers[%d].image", [metadata.name, c]),
+                "searchKey": 	    sprintf("metadata.name=%s.spec.containers.name=%s.image", [metadata.name, containers[c].name]),
                 "issueType":		   "MissingAttribute",
-                "keyExpectedValue": sprintf("metadata.name=%s.spec.containers[%d].image is not null, empty or latest", [metadata.name, c]),
-                "keyActualValue": 	sprintf("metadata.name=%s.spec.containers[%d].image is null, empty or latest", [metadata.name, c])
+                "keyExpectedValue": sprintf("metadata.name=%s.spec.containers.name=%s.image is not null, empty or latest", [metadata.name, containers[c].name]),
+                "keyActualValue": 	sprintf("metadata.name=%s.spec.containers.name=%s.image is null, empty or latest", [metadata.name, containers[c].name])
               }
 }
 
-check_content(images) {	
+check_content(images) {
 	images == ""
 }
 
-check_content(images) {	
+check_content(images) {
 	images == "latest"
 }
 
-check_content(images) {	
+check_content(images) {
 	images == null
 }