fix(queries): update queries severities

assets/queries/ansible/aws/ses_policy_with_allowed_iam_actions/metadata.json

@@ -1,12 +1,12 @@
 {
   "id": "8ed0bfce-f780-46d4-b086-21c3628f09ad",
   "queryName": "SES Policy With Allowed IAM Actions",
-  "severity": "MEDIUM",
+  "severity": "HIGH",
   "category": "Access Control",
   "descriptionText": "SES policy should not allow IAM actions to all principals",
   "descriptionUrl": "https://docs.ansible.com/ansible/latest/collections/community/aws/aws_ses_identity_policy_module.html#parameter-policy",
   "platform": "Ansible",
   "descriptionID": "89d6e6fd",
   "cloudProvider": "aws",
   "cwe": "284"
-}
+}

assets/queries/ansible/aws/ses_policy_with_allowed_iam_actions/test/positive_expected_result.json

@@ -1,7 +1,7 @@
 [
   {
     "queryName": "SES Policy With Allowed IAM Actions",
-    "severity": "MEDIUM",
+    "severity": "HIGH",
     "line": 5,
     "fileName": "positive.yaml"
   }

assets/queries/ansible/aws/sns_topic_is_publicly_accessible/metadata.json

@@ -1,12 +1,12 @@
 {
   "id": "905f4741-f965-45c1-98db-f7a00a0e5c73",
   "queryName": "SNS Topic is Publicly Accessible",
-  "severity": "HIGH",
+  "severity": "CRITICAL",
   "category": "Access Control",
   "descriptionText": "SNS Topic Policy should not allow any principal to access",
   "descriptionUrl": "https://docs.ansible.com/ansible/latest/collections/community/aws/sns_topic_module.html",
   "platform": "Ansible",
   "descriptionID": "956322cf",
   "cloudProvider": "aws",
   "cwe": "284"
-}
+}

assets/queries/ansible/aws/sns_topic_is_publicly_accessible/test/positive_expected_result.json

@@ -1,13 +1,13 @@
 [
 	{
 		"queryName": "SNS Topic is Publicly Accessible",
-		"severity": "HIGH",
+		"severity": "CRITICAL",
 		"line": 23,
 		"fileName": "positive.yaml"
 	},
 	{
 		"queryName": "SNS Topic is Publicly Accessible",
-		"severity": "HIGH",
+		"severity": "CRITICAL",
 		"line": 50,
 		"fileName": "positive.yaml"
 	}

assets/queries/ansible/aws/stack_notifications_disabled/test/positive_expected_result.json

@@ -4,4 +4,4 @@
     "severity": "LOW",
     "line": 2
   }
-]
+]

assets/queries/cicd/github/run_block_injection/metadata.json

@@ -1,7 +1,7 @@
 {
   "id": "20f14e1a-a899-4e79-9f09-b6a84cd4649b",
   "queryName": "Run Block Injection",
-  "severity": "MEDIUM",
+  "severity": "HIGH",
   "category": "Insecure Configurations",
   "descriptionText": "GitHub Actions workflows can be triggered by a variety of events. Every workflow trigger is provided with a GitHub context that contains information about the triggering event, such as which user triggered it, the branch name, and other event context details. Some of this event data, like the base repository name, hash value of a changeset, or pull request number, is unlikely to be controlled or used for injection by the user that triggered the event.",
   "descriptionUrl": "https://securitylab.github.com/research/github-actions-untrusted-input/",
@@ -10,4 +10,4 @@
   "cloudProvider": "common",
   "cwe": "94",
   "oldSeverity": "HIGH"
-}
+}

assets/queries/cicd/github/run_block_injection/test/positive_expected_result.json

@@ -1,50 +1,50 @@
 [
   {
     "queryName": "Run Block Injection",
-    "severity": "MEDIUM",
+    "severity": "HIGH",
     "line": 10,
     "fileName": "positive1.yaml"
   },
   {
     "queryName": "Run Block Injection",
-    "severity": "MEDIUM",
+    "severity": "HIGH",
     "line": 10,
     "fileName": "positive1.yaml"
   },
   {
     "queryName": "Run Block Injection",
-    "severity": "MEDIUM",
+    "severity": "HIGH",
     "line": 13,
     "fileName": "positive2.yaml"
   },
   {
     "queryName": "Run Block Injection",
-    "severity": "MEDIUM",
+    "severity": "HIGH",
     "line": 13,
     "fileName": "positive3.yaml"
   },
   {
     "queryName": "Run Block Injection",
-    "severity": "MEDIUM",
+    "severity": "HIGH",
     "line": 13,
     "fileName": "positive4.yaml"
   },
   {
     "queryName": "Run Block Injection",
-    "severity": "MEDIUM",
+    "severity": "HIGH",
     "line": 13,
     "fileName": "positive5.yaml"
   },
   {
     "queryName": "Run Block Injection",
-    "severity": "MEDIUM",
+    "severity": "HIGH",
     "line": 13,
     "fileName": "positive6.yaml"
   },
   {
     "queryName": "Run Block Injection",
-    "severity": "MEDIUM",
+    "severity": "HIGH",
     "line": 13,
     "fileName": "positive7.yaml"
   }
-]
+]

assets/queries/cloudFormation/aws/dynamodb_table_point_in_time_recovery_disabled/metadata.json

@@ -1,7 +1,7 @@
 {
   "id": "0f04217d-488f-4e7a-bec8-f16159686cd6",
   "queryName": "DynamoDB Table Point In Time Recovery Disabled",
-  "severity": "MEDIUM",
+  "severity": "INFO",
   "category": "Best Practices",
   "descriptionText": "It's considered a best practice to have point in time recovery enabled for DynamoDB Table",
   "descriptionUrl": "https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-dynamodb-table-pointintimerecoveryspecification.html",

assets/queries/cloudFormation/aws/dynamodb_table_point_in_time_recovery_disabled/test/positive_expected_result.json

@@ -1,43 +1,43 @@
 [
   {
     "queryName": "DynamoDB Table Point In Time Recovery Disabled",
-    "severity": "MEDIUM",
+    "severity": "INFO",
     "line": 6,
     "filename": "positive1.yaml"
   },
   {
     "queryName": "DynamoDB Table Point In Time Recovery Disabled",
-    "severity": "MEDIUM",
+    "severity": "INFO",
     "line": 4,
     "filename": "positive2.yaml"
   },
   {
     "queryName": "DynamoDB Table Point In Time Recovery Disabled",
-    "severity": "MEDIUM",
+    "severity": "INFO",
     "line": 8,
     "filename": "positive3.json"
   },
   {
     "queryName": "DynamoDB Table Point In Time Recovery Disabled",
-    "severity": "MEDIUM",
+    "severity": "INFO",
     "line": 5,
     "filename": "positive4.json"
   },
   {
     "queryName": "DynamoDB Table Point In Time Recovery Disabled",
-    "severity": "MEDIUM",
+    "severity": "INFO",
     "line": 5,
     "filename": "positive5.yaml"
   },
   {
     "queryName": "DynamoDB Table Point In Time Recovery Disabled",
-    "severity": "MEDIUM",
+    "severity": "INFO",
     "line": 7,
     "filename": "positive6.json"
   },
   {
     "queryName": "DynamoDB Table Point In Time Recovery Disabled",
-    "severity": "MEDIUM",
+    "severity": "INFO",
     "line": 6,
     "filename": "positive7.yaml"
   }

assets/queries/cloudFormation/aws/redshift_publicly_accessible/metadata.json

@@ -1,7 +1,7 @@
 {
   "id": "bdf8dcb4-75df-4370-92c4-606e4ae6c4d3",
   "queryName": "Redshift Publicly Accessible",
-  "severity": "MEDIUM",
+  "severity": "HIGH",
   "category": "Insecure Configurations",
   "descriptionText": "AWS Redshift Clusters must not be publicly accessible, which means the attribute 'PubliclyAccessible' must be set to false",
   "descriptionUrl": "https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-redshift-cluster.html",
@@ -10,4 +10,4 @@
   "cloudProvider": "aws",
   "cwe": "284",
   "oldSeverity": "HIGH"
-}
+}

assets/queries/cloudFormation/aws/redshift_publicly_accessible/test/positive_expected_result.json

@@ -1,38 +1,38 @@
 [
   {
     "queryName": "Redshift Publicly Accessible",
-    "severity": "MEDIUM",
+    "severity": "HIGH",
     "line": 4,
     "fileName": "positive1.yaml"
   },
   {
     "queryName": "Redshift Publicly Accessible",
-    "severity": "MEDIUM",
+    "severity": "HIGH",
     "line": 17,
     "fileName": "positive1.yaml"
   },
   {
     "queryName": "Redshift Publicly Accessible",
-    "severity": "MEDIUM",
+    "severity": "HIGH",
     "line": 5,
     "fileName": "positive2.json"
   },
   {
     "queryName": "Redshift Publicly Accessible",
-    "severity": "MEDIUM",
+    "severity": "HIGH",
     "line": 30,
     "fileName": "positive2.json"
   },
   {
     "queryName": "Redshift Publicly Accessible",
-    "severity": "MEDIUM",
+    "severity": "HIGH",
     "line": 4,
     "fileName": "positive3.yaml"
   },
   {
     "queryName": "Redshift Publicly Accessible",
-    "severity": "MEDIUM",
+    "severity": "HIGH",
     "line": 17,
     "fileName": "positive3.yaml"
   }
-]
+]

assets/queries/crossplane/aws/rds_db_instance_publicly_accessible/metadata.json

@@ -1,7 +1,7 @@
 {
   "id": "d9dc6429-5140-498a-8f55-a10daac5f000",
   "queryName": "RDS DB Instance Publicly Accessible",
-  "severity": "MEDIUM",
+  "severity": "CRITICAL",
   "category": "Insecure Configurations",
   "descriptionText": "RDS must not be defined with public interface, which means the attribute 'PubliclyAccessible' must be set to false and neither dbSubnetGroupName' subnets being part of a VPC that has an Internet gateway attached to it",
   "descriptionUrl": "https://doc.crds.dev/github.com/crossplane/provider-aws/database.aws.crossplane.io/RDSInstance/[email protected]",
@@ -10,4 +10,4 @@
   "cloudProvider": "aws",
   "cwe": "284",
   "oldSeverity": "HIGH"
-}
+}

assets/queries/crossplane/aws/rds_db_instance_publicly_accessible/test/positive_expected_result.json

@@ -1,14 +1,14 @@
 [
   {
     "queryName": "RDS DB Instance Publicly Accessible",
-    "severity": "MEDIUM",
+    "severity": "CRITICAL",
     "line": 7,
     "fileName": "positive1.yaml"
   },
   {
     "queryName": "RDS DB Instance Publicly Accessible",
-    "severity": "MEDIUM",
+    "severity": "CRITICAL",
     "line": 11,
     "fileName": "positive2.yaml"
   }
-]
+]

assets/queries/pulumi/aws/rds_db_instance_publicly_accessible/metadata.json

@@ -1,7 +1,7 @@
 {
   "id": "647de8aa-5a42-41b5-9faf-22136f117380",
   "queryName": "RDS DB Instance Publicly Accessible",
-  "severity": "MEDIUM",
+  "severity": "CRITICAL",
   "category": "Insecure Configurations",
   "descriptionText": "RDS must not be defined with public interface, which means the attribute 'PubliclyAccessible' must be set to false.",
   "descriptionUrl": "https://www.pulumi.com/registry/packages/aws/api-docs/rds/instance/#publiclyaccessible_yaml",
@@ -10,4 +10,4 @@
   "cloudProvider": "aws",
   "cwe": "284",
   "oldSeverity": "HIGH"
-}
+}

assets/queries/pulumi/aws/rds_db_instance_publicly_accessible/test/positive_expected_result.json

@@ -1,8 +1,8 @@
 [
   {
     "queryName": "RDS DB Instance Publicly Accessible",
-    "severity": "MEDIUM",
+    "severity": "CRITICAL",
     "line": 17,
     "fileName": "positive1.yaml"
   }
-]
+]

assets/queries/terraform/alicloud/rds_instance_publicly_accessible/metadata.json

@@ -1,7 +1,7 @@
 {
   "id": "1b4565c0-4877-49ac-ab03-adebbccd42ae",
   "queryName": "RDS DB Instance Publicly Accessible",
-  "severity": "MEDIUM",
+  "severity": "CRITICAL",
   "category": "Insecure Configurations",
   "descriptionText": "'0.0.0.0' or '0.0.0.0/0' should not be in 'security_ips' list",
   "descriptionUrl": "https://registry.terraform.io/providers/aliyun/alicloud/latest/docs/resources/db_instance#security_ips",
@@ -10,4 +10,4 @@
   "cloudProvider": "alicloud",
   "cwe": "668",
   "oldSeverity": "HIGH"
-}
+}

assets/queries/terraform/alicloud/rds_instance_publicly_accessible/test/positive_expected_result.json

@@ -1,14 +1,14 @@
 [
   {
     "queryName": "RDS DB Instance Publicly Accessible",
-    "severity": "MEDIUM",
+    "severity": "CRITICAL",
     "line": 7,
     "fileName": "positive1.tf"
   },
   {
     "queryName": "RDS DB Instance Publicly Accessible",
-    "severity": "MEDIUM",
+    "severity": "CRITICAL",
     "line": 7,
     "fileName": "positive2.tf"
   }
-]
+]

assets/queries/terraform/aws/stack_notifications_disabled/metadata.json

@@ -1,12 +1,12 @@
 {
   "id": "b72d0026-f649-4c91-a9ea-15d8f681ac09",
   "queryName": "Stack Notifications Disabled",
-  "severity": "MEDIUM",
+  "severity": "LOW",
   "category": "Observability",
   "descriptionText": "AWS CloudFormation should have stack notifications enabled to be notified when an event occurs",
   "descriptionUrl": "https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudformation_stack",
   "platform": "Terraform",
   "descriptionID": "f9826281",
   "cloudProvider": "aws",
   "cwe": "778"
-}
+}

assets/queries/terraform/aws/stack_notifications_disabled/test/positive_expected_result.json

@@ -1,7 +1,7 @@
 [
   {
     "queryName": "Stack Notifications Disabled",
-    "severity": "MEDIUM",
+    "severity": "LOW",
     "line": 1
   }
 ]