@@ -32,6 +32,11 @@ export interface IamPolicy {
3232export interface ApiKey {
3333 id : string
3434}
35+ export interface EssentialContact {
36+ id : string
37+ notificationCategorySubscriptions : string [ ]
38+ email : string
39+ }
3540export interface Folder {
3641 iamPolicies : IamPolicy [ ]
3742}
@@ -82,6 +87,7 @@ export interface QuerygcpProject {
8287 id : string
8388 iamPolicies ?: IamPolicy [ ]
8489 apiKeys ?: ApiKey [ ]
90+ essentialContacts ?: EssentialContact [ ]
8591}
8692
8793export interface QuerygcpServiceAccount {
@@ -105,19 +111,13 @@ export interface QuerygcpIamPolicy {
105111 bindings : Bindings [ ]
106112}
107113
108- export interface QuerygcpEssentialContact {
109- id : string
110- notificationCategorySubscriptions : string [ ]
111- email : string
112- }
113114export interface CIS1xQueryResponse {
114115 querygcpOrganization ?: QuerygcpOrganization [ ]
115116 querygcpProject ?: QuerygcpProject [ ]
116117 querygcpApiKey ?: QuerygcpApiKey [ ]
117118 querygcpServiceAccount ?: QuerygcpServiceAccount [ ]
118119 querygcpKmsKeyRing ?: QuerygcpKmsKeyRing [ ]
119120 querygcpIamPolicy ?: QuerygcpIamPolicy [ ]
120- querygcpEssentialContact ?: QuerygcpEssentialContact [ ]
121121}
122122
123123describe ( 'CIS Google Cloud Platform Foundations: 1.3.0' , ( ) => {
@@ -905,56 +905,84 @@ describe('CIS Google Cloud Platform Foundations: 1.3.0', () => {
905905 expect ( processedRule . result ) . toBe ( expectedResult )
906906 }
907907
908- test ( 'Emails subscribed all required categories' , async ( ) => {
908+ test ( 'No Security Issue when Emails subscribed all required categories' , async ( ) => {
909909 const data : CIS1xQueryResponse = {
910- querygcpEssentialContact : [
911- {
912- id : cuid ( ) ,
913- notificationCategorySubscriptions : [ 'LEGAL' , 'TECHNICAL' , 'SUSPENSION' , 'SECURITY' ] ,
914- email : 'a@gmail.com'
915- } ,
910+ querygcpProject : [
916911 {
917912 id : cuid ( ) ,
918- notificationCategorySubscriptions : [ 'TECHNICAL_INCIDENTS' , 'SECURITY' , 'BILLING' ] ,
919- email : 'b@gmail.com'
913+ essentialContacts : [
914+ {
915+ id : cuid ( ) ,
916+ notificationCategorySubscriptions : [ 'LEGAL' , 'TECHNICAL' , 'SUSPENSION' , 'SECURITY' ] ,
917+ email : 'a@gmail.com'
918+ } ,
919+ {
920+ id : cuid ( ) ,
921+ notificationCategorySubscriptions : [ 'TECHNICAL_INCIDENTS' , 'SECURITY' , 'BILLING' ] ,
922+ email : 'b@gmail.com'
923+ } ,
924+ ] ,
920925 } ,
921926 ] ,
922927 }
923928 await testRule ( data , Result . PASS )
924929 } )
925- test ( 'Emails missed one required subscription category' , async ( ) => {
930+ test ( 'Security Issue when Emails missed one required subscription category' , async ( ) => {
926931 const data : CIS1xQueryResponse = {
927- querygcpEssentialContact : [
928- {
929- id : cuid ( ) ,
930- notificationCategorySubscriptions : [ 'LEGAL' , 'SUSPENSION' , 'SECURITY' ] ,
931- email : 'a@gmail.com'
932- } ,
933- {
934- id : cuid ( ) ,
935- notificationCategorySubscriptions : [ 'TECHNICAL_INCIDENTS' , 'SECURITY' , 'BILLING' ] ,
936- email : 'b@gmail.com'
937- } ,
938- ] ,
932+ querygcpProject : [ {
933+ id : cuid ( ) ,
934+ essentialContacts : [
935+ {
936+ id : cuid ( ) ,
937+ notificationCategorySubscriptions : [ 'LEGAL' , 'SUSPENSION' , 'SECURITY' ] ,
938+ email : 'a@gmail.com'
939+ } ,
940+ {
941+ id : cuid ( ) ,
942+ notificationCategorySubscriptions : [ 'TECHNICAL_INCIDENTS' , 'SECURITY' , 'BILLING' ] ,
943+ email : 'b@gmail.com'
944+ } ,
945+ ] ,
946+ } ]
939947 }
940948 await testRule ( data , Result . FAIL )
941949 } )
942- test ( 'An email subscribed ALL category' , async ( ) => {
950+ test ( 'No Security Issue when an email subscribed ALL category' , async ( ) => {
943951 const data : CIS1xQueryResponse = {
944- querygcpEssentialContact : [
945- {
946- id : cuid ( ) ,
947- notificationCategorySubscriptions : [ 'LEGAL' , 'TECHNICAL' , 'SUSPENSION' , 'SECURITY' ] ,
948- email : 'a@gmail.com'
949- } ,
950- {
951- id : cuid ( ) ,
952- notificationCategorySubscriptions : [ 'ALL' ] ,
953- email : 'b@gmail.com'
954- } ,
955- ] ,
952+ querygcpProject : [ {
953+ id : cuid ( ) ,
954+ essentialContacts : [
955+ {
956+ id : cuid ( ) ,
957+ notificationCategorySubscriptions : [ 'LEGAL' , 'TECHNICAL' , 'SUSPENSION' , 'SECURITY' ] ,
958+ email : 'a@gmail.com'
959+ } ,
960+ {
961+ id : cuid ( ) ,
962+ notificationCategorySubscriptions : [ 'ALL' ] ,
963+ email : 'b@gmail.com'
964+ } ,
965+ ] ,
966+ } ]
956967 }
957968 await testRule ( data , Result . PASS )
958969 } )
970+ test ( 'Security Issue when Essential contact API is not enabled' , async ( ) => {
971+ const data : CIS1xQueryResponse = {
972+ querygcpProject : [ {
973+ id : cuid ( ) ,
974+ } ]
975+ }
976+ await testRule ( data , Result . FAIL )
977+ } )
978+ test ( 'Security Issue when Essential contact is either not configured' , async ( ) => {
979+ const data : CIS1xQueryResponse = {
980+ querygcpProject : [ {
981+ id : cuid ( ) ,
982+ essentialContacts : [ ] ,
983+ } ]
984+ }
985+ await testRule ( data , Result . FAIL )
986+ } )
959987 } )
960988} )
0 commit comments