From aedc2942bdb22455117382dd02e1d18212ed0a66 Mon Sep 17 00:00:00 2001
From: Yoav Rotem <yoavrotems97@gmail.com>
Date: Sun, 20 Jun 2021 14:28:22 +0300
Subject: [PATCH] Check string size (#915)
ASFF ProductFields[] string can't be longer than 1024 characters, could explain https://github.com/aquasecurity/kube-bench/issues/903
`Message:Finding does not adhere to Amazon Finding Format. data.Remediation.Recommendation.Text should NOT be longer than 512 characters.
Error Code:InvalidInput`
---
check/controls.go | 17 +++++++++++++++--
1 file changed, 15 insertions(+), 2 deletions(-)
diff --git a/check/controls.go b/check/controls.go
index dff0c02..f84acf7 100644
--- a/check/controls.go
+++ b/check/controls.go
@@ -229,9 +229,22 @@ func (controls *Controls) ASFF() ([]*securityhub.AwsSecurityFinding, error) {
if check.State == FAIL || check.State == WARN {
// ASFF ProductFields['Actual result'] can't be longer than 1024 characters
actualValue := check.ActualValue
+ remediation := check.Remediation
+ reason := check.Reason
+
if len(check.ActualValue) > 1024 {
actualValue = check.ActualValue[0:1023]
}
+
+ // Fix issue https://github.com/aquasecurity/kube-bench/issues/903
+ if len(check.Remediation) > 512 {
+ remediation = check.Remediation[0:511]
+ }
+
+ if len(check.Reason) > 1024 {
+ reason = check.Reason[0:1023]
+ }
+
f := securityhub.AwsSecurityFinding{
AwsAccountId: aws.String(a),
Confidence: aws.Int64(100),
@@ -249,11 +262,11 @@ func (controls *Controls) ASFF() ([]*securityhub.AwsSecurityFinding, error) {
},
Remediation: &securityhub.Remediation{
Recommendation: &securityhub.Recommendation{
- Text: aws.String(check.Remediation),
+ Text: aws.String(remediation),
},
},
ProductFields: map[string]*string{
- "Reason": aws.String(check.Reason),
+ "Reason": aws.String(reason),
"Actual result": aws.String(actualValue),
"Expected result": aws.String(check.ExpectedResult),
"Section": aws.String(fmt.Sprintf("%s %s", controls.ID, controls.Text)),
--
GitLab