APPSEC-1087: S6413 Improve RSPEC (#3091)

## Review A dedicated reviewer checked the rule description successfully for: - [ ] logical errors and incorrect information - [ ] information gaps and missing content - [ ] text style and tone - [ ] PR summary and labels follow [the guidelines](https://github.com/SonarSource/rspec/#to-modify-an-existing-rule) --------- Co-authored-by: Loris S. <91723853+loris-s-sonarsource@users.noreply.github.com>
2023-09-18 17:25:58 +02:00 · 2023-09-18 17:25:58 +02:00 · aa1d8509a5
commit aa1d8509a5
parent a8bb67f631
2 changed files with 6 additions and 12 deletions
--- a/rules/S6413/azureresourcemanager/rule.adoc
+++ b/rules/S6413/azureresourcemanager/rule.adoc
@ -41,8 +41,6 @@ resource firewallPolicy 'Microsoft.Network/firewallPolicies@2022-07-01' = {
 }
 ----

-Raise issue when `retentionDays` is smaller than `14`, but not `0` (zero), or if `isEnabled` is `false` or the `insights` block is missing.
-
 For https://learn.microsoft.com/en-us/azure/templates/microsoft.network/networkwatchers/flowlogs[Microsoft Network Network Watchers Flow Logs]:

 [source,json,diff-id=3,diff-type=noncompliant]
@ -78,8 +76,6 @@ resource networkWatchersFlowLogs 'Microsoft.Network/networkWatchers/flowLogs@202
 }
 ----

-Raise issue when `days` is smaller than `14`, but not `0` (zero), or if `enabled` is set to `false` or `retentionPolicy` is missing.
-
 For https://learn.microsoft.com/en-us/azure/templates/microsoft.sql/2021-11-01/servers/auditingsettings[Microsoft SQL Servers Auditing Settings]:

 [source,json,diff-id=5,diff-type=noncompliant]
@ -110,9 +106,7 @@ resource sqlServerAudit 'Microsoft.Sql/servers/auditingSettings@2021-11-01' = {
 }
 ----

-Raise issue when retentionDays is smaller than `14`, but not `0` (zero).
-
-The same case applies to other types (when `type` field is set to one of following):
+This rule also applies to log retention periods that are too short, on the following resources:

 * `Microsoft.DBforMariaDB/servers/securityAlertPolicies` - for https://learn.microsoft.com/en-us/azure/templates/microsoft.dbformariadb/2018-06-01/servers/securityalertpolicies[Microsoft DB for MariaDB Servers Security Alert Policies]
 * `Microsoft.Sql/servers/databases/securityAlertPolicies` - for https://learn.microsoft.com/en-us/azure/templates/microsoft.sql/servers/databases/securityalertpolicies[Microsoft Sql Servers Databases Security Alert Policies]
@ -151,7 +145,7 @@ resource firewallPolicy 'Microsoft.Network/firewallPolicies@2022-07-01' = {
  properties: {
    insights: {
      isEnabled: true
-      retentionDays: 30  // Compliant
+      retentionDays: 30
    }
  }
 }
@ -185,7 +179,7 @@ For https://learn.microsoft.com/en-us/azure/templates/microsoft.network/networkw
 resource networkWatchersFlowLogs 'Microsoft.Network/networkWatchers/flowLogs@2022-07-01' = {
  properties: {
    retentionPolicy: {
-      days: 30      // Compliant
+      days: 30
      enabled: true
    }
  }
@ -217,7 +211,7 @@ For https://learn.microsoft.com/en-us/azure/templates/microsoft.sql/2021-11-01/s
 ----
 resource sqlServerAudit 'Microsoft.Sql/servers/auditingSettings@2021-11-01' = {
  properties: {
-    retentionDays: 30    // Compliant
+    retentionDays: 30
  }
 }
 ----
--- a/rules/S6413/recommended.adoc
+++ b/rules/S6413/recommended.adoc
@ -1,4 +1,4 @@
 == Recommended Secure Coding Practices

-Setting log retention period to 14 days is the bare minimum. 
-It's recommended to increase it to 30 days or above.
+Increase the log retention period to an amount of time sufficient
+enough to be able to investigate and restore service in case of an incident.