✨ Add direction to network security rules. Ensure destination port ra…

…nges are always populated. Signed-off-by: Preslav <preslav@mondoo.com>
mondoohq · Jan 22, 2024 · ff05bed · ff05bed
1 parent 1da52db
commit ff05bed
Show file tree

Hide file tree

Showing 4 changed files with 38 additions and 6 deletions.
diff --git a/providers/azure/resources/azure.lr b/providers/azure/resources/azure.lr
@@ -757,6 +757,8 @@ private azure.subscription.networkService.securityrule @defaults("id name") {
   properties dict
   // Security rule destination port range
   destinationPortRange []dict
+  // Security rule direction (outbound or inbound)
+  direction string
 }
 
 // Azure Network Watcher

diff --git a/providers/azure/resources/azure.lr.go b/providers/azure/resources/azure.lr.go
diff --git a/providers/azure/resources/azure.lr.manifest.yaml b/providers/azure/resources/azure.lr.manifest.yaml
@@ -10,8 +10,8 @@ resources:
       - azure
   azure.subscription:
     docs:
-      desc: |
-        Use the `azure.subscription` resource to assess the configuration of Azure subscriptions. 
+      desc: "Use the `azure.subscription` resource to assess the configuration of
+        Azure subscriptions. \n"
     fields:
       advisor: {}
       aks: {}
@@ -64,8 +64,8 @@ resources:
       - azure
   azure.subscription.advisorService:
     docs:
-      desc: |
-        Use the `azure.subscription.advisorService` resource to retrieve scoring and recommendations from Microsoft Azure Advisor. 
+      desc: "Use the `azure.subscription.advisorService` resource to retrieve scoring
+        and recommendations from Microsoft Azure Advisor. \n"
     fields:
       averageScore: {}
       recommendations: {}
@@ -77,8 +77,12 @@ resources:
       name:
       - azure
     snippets:
-    - query: "azure.subscription.advisorService {\n  averageScore > 90\n}\n"
-      title: Check if the average score that the Azure Advisor service gives the subscription is greater than 90
+    - query: |
+        azure.subscription.advisorService {
+          averageScore > 90
+        }
+      title: Check if the average score that the Azure Advisor service gives the subscription
+        is greater than 90
   azure.subscription.advisorService.recommendation:
     fields:
       category: {}
@@ -1429,6 +1433,7 @@ resources:
   azure.subscription.networkService.securityrule:
     fields:
       destinationPortRange: {}
+      direction: {}
       etag: {}
       id: {}
       name: {}

diff --git a/providers/azure/resources/network.go b/providers/azure/resources/network.go
@@ -2050,11 +2050,24 @@ func azureSecurityRuleToMql(runtime *plugin.Runtime, secRule network.SecurityRul
 		}
 	}
 
+	if secRule.Properties != nil && secRule.Properties.DestinationPortRanges != nil {
+		for _, r := range secRule.Properties.DestinationPortRanges {
+			dPortRange := parseAzureSecurityRulePortRange(*r)
+			for i := range dPortRange {
+				destinationPortRange = append(destinationPortRange, map[string]interface{}{
+					"fromPort": dPortRange[i].FromPort,
+					"toPort":   dPortRange[i].ToPort,
+				})
+			}
+		}
+	}
+
 	res, err := CreateResource(runtime, "azure.subscription.networkService.securityrule",
 		map[string]*llx.RawData{
 			"id":                   llx.StringData(convert.ToString(secRule.ID)),
 			"name":                 llx.StringData(convert.ToString(secRule.Name)),
 			"etag":                 llx.StringData(convert.ToString(secRule.Etag)),
+			"direction":            llx.StringDataPtr((*string)(secRule.Properties.Direction)),
 			"properties":           llx.DictData(properties),
 			"destinationPortRange": llx.ArrayData(destinationPortRange, types.String),
 		})