Skip to content
This repository was archived by the owner on Sep 3, 2024. It is now read-only.

FG_R00252 incorrectly identifies KMS keys as publicly accessible #386

Open
matt-slalom opened this issue Feb 2, 2023 · 0 comments
Open

FG_R00252 incorrectly identifies KMS keys as publicly accessible #386

matt-slalom opened this issue Feb 2, 2023 · 0 comments

Comments

@matt-slalom
Copy link
Contributor

matt-slalom commented Feb 2, 2023
edited
Loading

Describe the bug
FG_R00252 incorrectly identifies KMS keys as publicly accessible. Specifically, key_not_public.rego does not appear to distinguish between an Allow and a Deny statement.

How you're running Regula

% regula version                                                                                                              ✘ 1 
v2.10.0, build fd60949, built with OPA v0.43.1

% terraform version
Terraform v1.3.7
on darwin_arm64

Terraform JSON plan output using version above (de-identified plan here)

Operating System
macOS Monterey (12.6.3)
Darwin MHQYFNHR7K 21.6.0 Darwin Kernel Version 21.6.0: Mon Dec 19 20:43:09 PST 2022; root:xnu-8020.240.18~2/RELEASE_ARM64_T6000 arm64

Steps to reproduce
Copy key_not_public.rego from GitHub:
regula run --no-built-ins test.json --include key_not_public.rego

Additional context
Looking through key_not_public.rego at least one problem seems to be all_principals doesn't distinguish whether the policy rule is Effect: deny
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@matt-slalom