1
0
mirror of https://github.com/aquasecurity/kube-bench.git synced 2024-11-23 00:28:07 +00:00

Check string size (#915)

ASFF ProductFields[] string can't be longer than 1024 characters, could explain https://github.com/aquasecurity/kube-bench/issues/903
`Message:Finding does not adhere to Amazon Finding Format. data.Remediation.Recommendation.Text should NOT be longer than 512 characters.
Error Code:InvalidInput`
This commit is contained in:
Yoav Rotem 2021-06-20 14:28:22 +03:00 committed by GitHub
parent 1173667622
commit aedc2942bd
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23

View File

@ -229,9 +229,22 @@ func (controls *Controls) ASFF() ([]*securityhub.AwsSecurityFinding, error) {
if check.State == FAIL || check.State == WARN { if check.State == FAIL || check.State == WARN {
// ASFF ProductFields['Actual result'] can't be longer than 1024 characters // ASFF ProductFields['Actual result'] can't be longer than 1024 characters
actualValue := check.ActualValue actualValue := check.ActualValue
remediation := check.Remediation
reason := check.Reason
if len(check.ActualValue) > 1024 { if len(check.ActualValue) > 1024 {
actualValue = check.ActualValue[0:1023] actualValue = check.ActualValue[0:1023]
} }
// Fix issue https://github.com/aquasecurity/kube-bench/issues/903
if len(check.Remediation) > 512 {
remediation = check.Remediation[0:511]
}
if len(check.Reason) > 1024 {
reason = check.Reason[0:1023]
}
f := securityhub.AwsSecurityFinding{ f := securityhub.AwsSecurityFinding{
AwsAccountId: aws.String(a), AwsAccountId: aws.String(a),
Confidence: aws.Int64(100), Confidence: aws.Int64(100),
@ -249,11 +262,11 @@ func (controls *Controls) ASFF() ([]*securityhub.AwsSecurityFinding, error) {
}, },
Remediation: &securityhub.Remediation{ Remediation: &securityhub.Remediation{
Recommendation: &securityhub.Recommendation{ Recommendation: &securityhub.Recommendation{
Text: aws.String(check.Remediation), Text: aws.String(remediation),
}, },
}, },
ProductFields: map[string]*string{ ProductFields: map[string]*string{
"Reason": aws.String(check.Reason), "Reason": aws.String(reason),
"Actual result": aws.String(actualValue), "Actual result": aws.String(actualValue),
"Expected result": aws.String(check.ExpectedResult), "Expected result": aws.String(check.ExpectedResult),
"Section": aws.String(fmt.Sprintf("%s %s", controls.ID, controls.Text)), "Section": aws.String(fmt.Sprintf("%s %s", controls.ID, controls.Text)),