-
Notifications
You must be signed in to change notification settings - Fork 1.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
fix(security-groups): remove RFC1918 from ec2_securitygroup_allow_wide_open_public_ipv4 #4951
fix(security-groups): remove RFC1918 from ec2_securitygroup_allow_wide_open_public_ipv4 #4951
Conversation
…e_open_public_ipv4
...roup_allow_wide_open_public_ipv4/ec2_securitygroup_allow_wide_open_public_ipv4.metadata.json
Outdated
Show resolved
Hide resolved
...roup_allow_wide_open_public_ipv4/ec2_securitygroup_allow_wide_open_public_ipv4.metadata.json
Outdated
Show resolved
Hide resolved
Codecov ReportAll modified and coverable lines are covered by tests ✅
Additional details and impacted files@@ Coverage Diff @@
## master #4951 +/- ##
=======================================
Coverage 88.96% 88.97%
=======================================
Files 940 940
Lines 28777 28777
=======================================
+ Hits 25602 25604 +2
+ Misses 3175 3173 -2 ☔ View full report in Codecov by Sentry. |
💚 All backports created successfully
Questions ?Please refer to the Backport tool documentation and see the Github Action logs for details |
@@ -10,7 +10,7 @@ | |||
"ResourceIdTemplate": "arn:partition:service:region:account-id:resource-id", | |||
"Severity": "high", | |||
"ResourceType": "AwsEc2SecurityGroup", | |||
"Description": "Ensure no security groups allow ingress and egress from wide-open non-RFC1918 address.", | |||
"Description": "Ensure no security groups allow ingress and egress from ide-open IP address with a mask between 0 and 24.", |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
typo: should be wide ?
Context
#4936
Description
This check only ensures that netmask from IP are between 0 and 24, both not included. Updated the metadata and comments from check.
Checklist
License
By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.