Don't apply http security to anything with a cert (#402)

Fix the filter to be an AND not an OR Signed-off-by: Tim Smith <[email protected]>
mondoohq · May 24, 2024 · b7b082c · b7b082c
1 parent 69bd39e
commit b7b082c
Showing 1 changed file with 4 additions and 4 deletions.
diff --git a/core/mondoo-http-security.mql.yaml b/core/mondoo-http-security.mql.yaml
@@ -46,9 +46,9 @@ policies:
           - uid: mondoo-http-security-x-content-type-options-nosniff
           - uid: mondoo-http-security-content-security-policy
       - title: Headers for HTTPS communication
-        filters:
-          - asset.platform == 'host'
-          - tls.certificates != null
+        filters: |
+          asset.platform == 'host'
+          tls.certificates != null
         checks:
           - uid: mondoo-http-security-strict-transport-security
     scoring_system: 2
@@ -79,4 +79,4 @@ queries:
         Use the Strict-Transport-Security (HSTS) to eliminate the need for a HTTP to HTTPS redirect and protect against man in the middle attacks.
     refs:
       - url: https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP
-        title: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Strict-Transport-Security
+        title: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Strict-Transport-Security