bug: ec2/security_groups_with_access_to_unauthorized_ports.sql is missing parenthesis for where statement #13766
Description
Is there an existing issue for this?
- I have searched the existing issues
Current Behavior
EC2.18 control.
Like EC2.19' sql, ip condition should be conjunction with port conditions by using parenthesis at where statement.
Expected Behavior
Patch it works:
diff --git a/plugins/source/aws/policies/queries/ec2/security_groups_with_access_to_unauthorized_ports.sql b/plugins/source/aws/policies/queries/ec2/security_groups_with_access_to_unauthorized_ports.sql
index f7c424fcf..f5f0d776a 100644
--- a/plugins/source/aws/policies/queries/ec2/security_groups_with_access_to_unauthorized_ports.sql
+++ b/plugins/source/aws/policies/queries/ec2/security_groups_with_access_to_unauthorized_ports.sql
@@ -9,12 +9,13 @@ SELECT
id as resource_id,
case when
(ip = '0.0.0.0/0' OR ip = '::/0')
- AND (from_port IS NULL AND to_port IS NULL) -- all prots
+ AND ((from_port IS NULL AND to_port IS NULL) -- all ports
OR from_port IS DISTINCT FROM 80
OR to_port IS DISTINCT FROM 80
OR from_port IS DISTINCT FROM 443
- OR to_port IS DISTINCT FROM 443
+ OR to_port IS DISTINCT FROM 443)
then 'fail'
else 'pass'
- end
+ end as status
FROM view_aws_security_group_ingress_rules
+GROUP BY account_id, resource_id, status
CloudQuery (redacted) config
N/A
Steps To Reproduce
No response
CloudQuery (redacted) logs
N/A
CloudQuery version
main
Additional Context
No response
Pull request (optional)
- I can submit a pull request
Metadata
Metadata
Assignees
Labels
No labels