From b24e7cb3403ba8805886b4ee26fd89ce75d41f0e Mon Sep 17 00:00:00 2001 From: cmendible <266546+cmendible@users.noreply.github.com> Date: Fri, 26 Apr 2024 17:55:00 +0200 Subject: [PATCH] chore: Fixed SQL Database diagnostic settings rule --- internal/scanners/sql/rules.go | 22 +++++++++--------- internal/scanners/sql/rules_test.go | 36 ++++++++++++++--------------- 2 files changed, 29 insertions(+), 29 deletions(-) diff --git a/internal/scanners/sql/rules.go b/internal/scanners/sql/rules.go index d74f32f1..756693f3 100644 --- a/internal/scanners/sql/rules.go +++ b/internal/scanners/sql/rules.go @@ -24,17 +24,6 @@ func (a *SQLScanner) GetRules() map[string]scanners.AzureRule { func (a *SQLScanner) getServerRules() map[string]scanners.AzureRule { return map[string]scanners.AzureRule{ - "sql-001": { - Id: "sql-001", - Category: scanners.RulesCategoryMonitoringAndAlerting, - Recommendation: "SQL should have diagnostic settings enabled", - Impact: scanners.ImpactLow, - Eval: func(target interface{}, scanContext *scanners.ScanContext) (bool, string) { - service := target.(*armsql.Server) - _, ok := scanContext.DiagnosticsSettings[strings.ToLower(*service.ID)] - return !ok, "" - }, - }, "sql-004": { Id: "sql-004", Category: scanners.RulesCategorySecurity, @@ -85,6 +74,17 @@ func (a *SQLScanner) getServerRules() map[string]scanners.AzureRule { func (a *SQLScanner) getDatabaseRules() map[string]scanners.AzureRule { return map[string]scanners.AzureRule{ + "sqldb-001": { + Id: "sqldb-001", + Category: scanners.RulesCategoryMonitoringAndAlerting, + Recommendation: "SQL Database should have diagnostic settings enabled", + Impact: scanners.ImpactLow, + Eval: func(target interface{}, scanContext *scanners.ScanContext) (bool, string) { + service := target.(*armsql.Database) + _, ok := scanContext.DiagnosticsSettings[strings.ToLower(*service.ID)] + return !ok, "" + }, + }, "sqldb-002": { Id: "sqldb-002", Category: scanners.RulesCategoryHighAvailability, diff --git a/internal/scanners/sql/rules_test.go b/internal/scanners/sql/rules_test.go index 08784b8a..c90ed089 100644 --- a/internal/scanners/sql/rules_test.go +++ b/internal/scanners/sql/rules_test.go @@ -27,24 +27,6 @@ func TestSQLScanner_Rules(t *testing.T) { fields fields want want }{ - { - name: "SQLScanner DiagnosticSettings", - fields: fields{ - rule: "sql-001", - target: &armsql.Server{ - ID: to.Ptr("test"), - }, - scanContext: &scanners.ScanContext{ - DiagnosticsSettings: map[string]bool{ - "test": true, - }, - }, - }, - want: want{ - broken: false, - result: "", - }, - }, { name: "SQLScanner Private Endpoint", fields: fields{ @@ -127,6 +109,24 @@ func TestSQLScanner_DatabaseRules(t *testing.T) { fields fields want want }{ + { + name: "SQLScanner DiagnosticSettings", + fields: fields{ + rule: "sqldb-001", + target: &armsql.Database{ + ID: to.Ptr("test"), + }, + scanContext: &scanners.ScanContext{ + DiagnosticsSettings: map[string]bool{ + "test": true, + }, + }, + }, + want: want{ + broken: false, + result: "", + }, + }, { name: "SQLScanner Availability Zones", fields: fields{