Merge pull request #270 from accurics/bugfix/policy-exporter-update-r…

…ule-json

added line number and file name output support

go.mod

@@ -15,7 +15,7 @@ require (
 	github.com/zclconf/go-cty v1.2.1
 	go.uber.org/zap v1.9.1
 	golang.org/x/net v0.0.0-20200625001655-4c5254603344 // indirect
-	golang.org/x/tools v0.0.0-20200811215021-48a8ffc5b207 // indirect
+	golang.org/x/tools v0.0.0-20200812231640-9176cd30088c // indirect
 	golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1 // indirect
 	gopkg.in/yaml.v2 v2.3.0
 	honnef.co/go/tools v0.0.1-2020.1.5 // indirect

go.sum

@@ -447,6 +447,8 @@ golang.org/x/tools v0.0.0-20200809012840-6f4f008689da h1:ml5G98G4/tdKT1XNq+ky5iS
 golang.org/x/tools v0.0.0-20200809012840-6f4f008689da/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA=
 golang.org/x/tools v0.0.0-20200811215021-48a8ffc5b207 h1:8Kg+JssU1jBZs8GIrL5pl4nVyaqyyhdmHAR4D1zGErg=
 golang.org/x/tools v0.0.0-20200811215021-48a8ffc5b207/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA=
+golang.org/x/tools v0.0.0-20200812231640-9176cd30088c h1:ZSTOUQugXA1i88foZV5ck1FrcnEYhGmlpiPXgDWmhG0=
+golang.org/x/tools v0.0.0-20200812231640-9176cd30088c/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA=
 golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543 h1:E7g+9GITq07hpfrRu66IVDexMakfv52eLZ2CXBWiKr4=

pkg/policies/opa/rego/aws/aws_cloudfront_distribution/AWS.CloudFront.EncryptionandKeyManagement.High.0407.json

@@ -1,13 +1,12 @@
 {
-    "ruleName": "cloudfrontNoHTTPSTraffic",
+    "name": "cloudfrontNoHTTPSTraffic",
     "file": "cloudfrontNoHTTPSTraffic.rego",
-    "ruleTemplate": "cloudfrontNoHTTPSTraffic",
-    "ruleTemplateArgs": {
+    "templateArgs": {
         "prefix": ""
     },
     "severity": "HIGH",
     "description": "Use encrypted connection between CloudFront and origin server",
-    "ruleReferenceId": "AWS.CloudFront.EncryptionandKeyManagement.High.0407",
+    "referenceId": "AWS.CloudFront.EncryptionandKeyManagement.High.0407",
     "category": "Encryption and Key Management",
     "version": 2
 }

pkg/policies/opa/rego/aws/aws_cloudfront_distribution/AWS.CloudFront.EncryptionandKeyManagement.High.0408.json

@@ -1,13 +1,12 @@
 {
-    "ruleName": "cloudfrontNoSecureCiphers",
+    "name": "cloudfrontNoSecureCiphers",
     "file": "cloudfrontNoSecureCiphers.rego",
-    "ruleTemplate": "cloudfrontNoSecureCiphers",
-    "ruleTemplateArgs": {
+    "templateArgs": {
         "prefix": ""
     },
     "severity": "HIGH",
     "description": "Secure ciphers are not used in CloudFront distribution",
-    "ruleReferenceId": "AWS.CloudFront.EncryptionandKeyManagement.High.0408",
+    "referenceId": "AWS.CloudFront.EncryptionandKeyManagement.High.0408",
     "category": "Encryption and Key Management",
     "version": 2
 }

pkg/policies/opa/rego/aws/aws_cloudfront_distribution/AWS.CloudFront.Logging.Medium.0567.json

@@ -1,13 +1,12 @@
 {
-    "ruleName": "cloudfrontNoLogging",
+    "name": "cloudfrontNoLogging",
     "file": "cloudfrontNoLogging.rego",
-    "ruleTemplate": "cloudfrontNoLogging",
-    "ruleTemplateArgs": {
+    "templateArgs": {
         "prefix": ""
     },
     "severity": "MEDIUM",
     "description": "Ensure that your AWS Cloudfront distributions have the Logging feature enabled in order to track all viewer requests for the content delivered through the Content Delivery Network (CDN).",
-    "ruleReferenceId": "AWS.CloudFront.Logging.Medium.0567",
+    "referenceId": "AWS.CloudFront.Logging.Medium.0567",
     "category": "Logging",
     "version": 2
 }

pkg/policies/opa/rego/aws/aws_cloudtrail/AWS.CloudTrail.Logging.High.0399.json

@@ -1,13 +1,12 @@
 {
-    "ruleName": "cloudTrailLogNotEncrypted",
+    "name": "cloudTrailLogNotEncrypted",
     "file": "cloudTrailLogNotEncrypted.rego",
-    "ruleTemplate": "cloudTrailLogNotEncrypted",
-    "ruleTemplateArgs": {
+    "templateArgs": {
         "prefix": ""
     },
     "severity": "HIGH",
     "description": "Cloud Trail Log Not Enabled",
-    "ruleReferenceId": "AWS.CloudTrail.Logging.High.0399",
+    "referenceId": "AWS.CloudTrail.Logging.High.0399",
     "category": "Logging",
     "version": 2
 }

pkg/policies/opa/rego/aws/aws_cloudtrail/AWS.CloudTrail.Logging.Low.0559.json

@@ -1,13 +1,12 @@
 {
-    "ruleName": "reme_enableSNSTopic",
+    "name": "reme_enableSNSTopic",
     "file": "enableSNSTopic.rego",
-    "ruleTemplate": "enableSNSTopic",
-    "ruleTemplateArgs": {
+    "templateArgs": {
         "prefix": "reme_"
     },
     "severity": "MEDIUM",
     "description": "Ensure appropriate subscribers to each SNS topic",
-    "ruleReferenceId": "AWS.CloudTrail.Logging.Low.0559",
+    "referenceId": "AWS.CloudTrail.Logging.Low.0559",
     "category": "Logging",
-    "version": 0
+    "version": 1
 }

pkg/policies/opa/rego/aws/aws_cloudtrail/AWS.CloudTrail.Logging.Medium.0460.json

@@ -1,13 +1,12 @@
 {
-    "ruleName": "cloudTrailMultiRegionNotCreated",
+    "name": "cloudTrailMultiRegionNotCreated",
     "file": "cloudTrailMultiRegionNotCreated.rego",
-    "ruleTemplate": "cloudTrailMultiRegionNotCreated",
-    "ruleTemplateArgs": {
+    "templateArgs": {
         "prefix": ""
     },
     "severity": "MEDIUM",
     "description": "Cloud Trail Multi Region not enabled",
-    "ruleReferenceId": "AWS.CloudTrail.Logging.Medium.0460",
+    "referenceId": "AWS.CloudTrail.Logging.Medium.0460",
     "category": "Logging",
     "version": 2
 }

pkg/policies/opa/rego/aws/aws_iam_access_key/AWS.IamUser.IAM.High.0390.json

@@ -1,13 +1,12 @@
 {
-    "ruleName": "noAccessKeyForRootAccount",
+    "name": "noAccessKeyForRootAccount",
     "file": "noAccessKeyForRootAccount.rego",
-    "ruleTemplate": "noAccessKeyForRootAccount",
-    "ruleTemplateArgs": {
+    "templateArgs": {
         "prefix": ""
     },
     "severity": "HIGH",
     "description": "The root account is the most privileged user in an AWS account. AWS Access Keys provide programmatic access to a given AWS account. It is recommended that all access keys associated with the root account be removed. Removing access keys associated with the root account limits vectors by which the account can be compromised. Additionally, removing the root access keys encourages the creation and use of role based accounts that are least privileged.",
-    "ruleReferenceId": "AWS.IamUser.IAM.High.0390",
+    "referenceId": "AWS.IamUser.IAM.High.0390",
     "category": "Identity and Access Management",
     "version": 2
 }

pkg/policies/opa/rego/aws/aws_iam_account_password_policy/AWS.Iam.IAM.Low.0540.json

@@ -1,14 +1,13 @@
 {
-    "ruleName": "passwordRotateEvery90Days",
+    "name": "passwordRotateEvery90Days",
     "file": "passwordRotateEvery90Days.rego",
-    "ruleTemplate": "passwordRotateEvery90Days",
-    "ruleTemplateArgs": {
+    "templateArgs": {
         "name": "passwordRotateEvery90Days",
         "prefix": ""
     },
     "severity": "LOW",
     "description": "Reducing the password lifetime increases account resiliency against brute force login attempts",
-    "ruleReferenceId": "AWS.Iam.IAM.Low.0540",
+    "referenceId": "AWS.Iam.IAM.Low.0540",
     "category": "IAM",
     "version": 2
 }

pkg/policies/opa/rego/aws/aws_iam_account_password_policy/AWS.Iam.IAM.Medium.0454.json

@@ -1,15 +1,14 @@
 {
-    "ruleName": "passwordRequireLowerCase",
+    "name": "passwordRequireLowerCase",
     "file": "passwordPolicyRequirement.rego",
-    "ruleTemplate": "passwordRequireLowerCase",
-    "ruleTemplateArgs": {
+    "templateArgs": {
         "name": "passwordRequireLowerCase",
         "prefix": "",
         "required_parameter": "require_lowercase_characters"
     },
     "severity": "MEDIUM",
     "description": "Lower case alphabet not present in the Password, Password Complexity is not high. Increased Password complexity increases resiliency against brute force attack",
-    "ruleReferenceId": "AWS.Iam.IAM.Medium.0454",
+    "referenceId": "AWS.Iam.IAM.Medium.0454",
     "category": "IAM",
     "version": 2
 }

pkg/policies/opa/rego/aws/aws_iam_account_password_policy/AWS.Iam.IAM.Medium.0455.json

@@ -1,15 +1,14 @@
 {
-    "ruleName": "passwordRequireNumber",
+    "name": "passwordRequireNumber",
     "file": "passwordPolicyRequirement.rego",
-    "ruleTemplate": "passwordRequireNumber",
-    "ruleTemplateArgs": {
+    "templateArgs": {
         "name": "passwordRequireNumber",
         "prefix": "",
         "required_parameter": "require_numbers"
     },
     "severity": "MEDIUM",
     "description": "Number not present in the Password, Password Complexity is not high. Increased Password complexity increases resiliency against brute force attack",
-    "ruleReferenceId": "AWS.Iam.IAM.Medium.0455",
+    "referenceId": "AWS.Iam.IAM.Medium.0455",
     "category": "IAM",
     "version": 2
 }

pkg/policies/opa/rego/aws/aws_iam_account_password_policy/AWS.Iam.IAM.Medium.0456.json

@@ -1,15 +1,14 @@
 {
-    "ruleName": "passwordRequireSymbol",
+    "name": "passwordRequireSymbol",
     "file": "passwordPolicyRequirement.rego",
-    "ruleTemplate": "passwordRequireSymbol",
-    "ruleTemplateArgs": {
+    "templateArgs": {
         "name": "passwordRequireSymbol",
         "prefix": "",
         "required_parameter": "require_symbols"
     },
     "severity": "MEDIUM",
     "description": "Special symbols not present in the Password, Password Complexity is not high. Increased Password complexity increases resiliency against brute force attack",
-    "ruleReferenceId": "AWS.Iam.IAM.Medium.0456",
+    "referenceId": "AWS.Iam.IAM.Medium.0456",
     "category": "IAM",
     "version": 2
 }

pkg/policies/opa/rego/aws/aws_iam_account_password_policy/AWS.Iam.IAM.Medium.0457.json

@@ -1,15 +1,14 @@
 {
-    "ruleName": "passwordRequireUpperCase",
+    "name": "passwordRequireUpperCase",
     "file": "passwordPolicyRequirement.rego",
-    "ruleTemplate": "passwordRequireUpperCase",
-    "ruleTemplateArgs": {
+    "templateArgs": {
         "name": "passwordRequireUpperCase",
         "prefix": "",
         "required_parameter": "require_uppercase_characters"
     },
     "severity": "MEDIUM",
     "description": "Upper case alphabet not present in the Password, Password Complexity is not high. Increased Password complexity increases resiliency against brute force attack",
-    "ruleReferenceId": "AWS.Iam.IAM.Medium.0457",
+    "referenceId": "AWS.Iam.IAM.Medium.0457",
     "category": "IAM",
     "version": 2
 }

pkg/policies/opa/rego/aws/aws_iam_account_password_policy/AWS.Iam.IAM.Medium.0458.json

@@ -1,16 +1,15 @@
 {
-    "ruleName": "passwordRequireMinLength14",
+    "name": "passwordRequireMinLength14",
     "file": "passwordMinLength.rego",
-    "ruleTemplate": "passwordRequireMinLength14",
-    "ruleTemplateArgs": {
+    "templateArgs": {
         "name": "passwordRequireMinLength14",
         "parameter": "minimum_password_length",
         "prefix": "",
         "value": 14
     },
     "severity": "MEDIUM",
     "description": "Setting a lengthy password increases account resiliency against brute force login attempts",
-    "ruleReferenceId": "AWS.Iam.IAM.Medium.0458",
+    "referenceId": "AWS.Iam.IAM.Medium.0458",
     "category": "IAM",
     "version": 2
 }

pkg/policies/opa/rego/aws/aws_iam_account_password_policy/AWS.Iam.IAM.Medium.0495.json

@@ -1,16 +1,15 @@
 {
-    "ruleName": "passwordRequireMinLength",
+    "name": "passwordRequireMinLength",
     "file": "passwordMinLength.rego",
-    "ruleTemplate": "passwordRequireMinLength",
-    "ruleTemplateArgs": {
+    "templateArgs": {
         "name": "passwordRequireMinLength",
         "parameter": "minimum_password_length",
         "prefix": "",
         "value": 7
     },
     "severity": "MEDIUM",
     "description": "Setting a lengthy password increases account resiliency against brute force login attempts",
-    "ruleReferenceId": "AWS.Iam.IAM.Medium.0495",
+    "referenceId": "AWS.Iam.IAM.Medium.0495",
     "category": "IAM",
     "version": 2
 }

pkg/policies/opa/rego/aws/aws_iam_group_policy/AWS.IamPolicy.IAM.High.0392.json

@@ -1,13 +1,12 @@
 {
-    "ruleName": "iamGrpPolicyWithFullAdminCntrl",
+    "name": "iamGrpPolicyWithFullAdminCntrl",
     "file": "iamGrpPolicyWithFullAdminCntrl.rego",
-    "ruleTemplate": "iamGrpPolicyWithFullAdminCntrl",
-    "ruleTemplateArgs": {
+    "templateArgs": {
         "prefix": ""
     },
     "severity": "HIGH",
     "description": "It is recommended and considered a standard security advice to grant least privileges that is, granting only the permissions required to perform a task. IAM policies are the means by which privileges are granted to users, groups, or roles. Determine what users need to do and then craft policies for them that let the users perform only those tasks, instead of granting full administrative privileges.",
-    "ruleReferenceId": "AWS.IamPolicy.IAM.High.0392",
+    "referenceId": "AWS.IamPolicy.IAM.High.0392",
     "category": "Identity and Access Management",
     "version": 2
 }

pkg/policies/opa/rego/aws/aws_iam_policy/AWS.IamPolicy.IAM.High.0392.json

@@ -1,13 +1,12 @@
 {
-    "ruleName": "reme_iamPolicyWithFullAdminControl",
+    "name": "reme_iamPolicyWithFullAdminControl",
     "file": "iamPolicyWithFullAdminControl.rego",
-    "ruleTemplate": "iamPolicyWithFullAdminControl",
-    "ruleTemplateArgs": {
+    "templateArgs": {
         "prefix": "reme_"
     },
     "severity": "HIGH",
     "description": "It is recommended and considered a standard security advice to grant least privileges that is, granting only the permissions required to perform a task. IAM policies are the means by which privileges are granted to users, groups, or roles. Determine what users need to do and then craft policies for them that let the users perform only those tasks, instead of granting full administrative privileges.",
-    "ruleReferenceId": "AWS.IamPolicy.IAM.High.0392",
+    "referenceId": "AWS.IamPolicy.IAM.High.0392",
     "category": "Identity and Access Management",
     "version": 2
 }

pkg/policies/opa/rego/aws/aws_iam_user_policy/AWS.IamUser.IAM.High.0387.json

@@ -1,13 +1,12 @@
 {
-    "ruleName": "rootUserNotContainMfaTypeHardware",
+    "name": "rootUserNotContainMfaTypeHardware",
     "file": "rootUserNotContainMfaTypeHardware.rego",
-    "ruleTemplate": "rootUserNotContainMfaTypeHardware",
-    "ruleTemplateArgs": {
+    "templateArgs": {
         "prefix": ""
     },
     "severity": "HIGH",
     "description": "Ensure Hardware MFA device is enabled for the \"root\" account",
-    "ruleReferenceId": "AWS.IamUser.IAM.High.0387",
+    "referenceId": "AWS.IamUser.IAM.High.0387",
     "category": "Identity and Access Management",
-    "version": 0
+    "version": 1
 }

pkg/policies/opa/rego/aws/aws_iam_user_policy/AWS.IamUser.IAM.High.0388.json

@@ -1,13 +1,12 @@
 {
-    "ruleName": "rootUserNotContainMfaTypeVirtual",
+    "name": "rootUserNotContainMfaTypeVirtual",
     "file": "rootUserNotContainMfaTypeVirtual.rego",
-    "ruleTemplate": "rootUserNotContainMfaTypeVirtual",
-    "ruleTemplateArgs": {
+    "templateArgs": {
         "prefix": ""
     },
     "severity": "HIGH",
     "description": "Ensure Virtual MFA device is enabled for the \"root\" account",
-    "ruleReferenceId": "AWS.IamUser.IAM.High.0388",
+    "referenceId": "AWS.IamUser.IAM.High.0388",
     "category": "Identity and Access Management",
-    "version": 0
+    "version": 1
 }