Strange behaviors with wildcards in Mutelists #7544
-
|
Consider the following Mutelist for AWS: Mutelist:
Accounts:
"*":
Checks:
"cloudtrail_*":
Regions: ["*"]
Resources: ["*"]As far as I understand, it should mute all checks whose name starts with "cloudtrail_". (The wording is a bit ambiguous here – the docs call it However, with this Mutelist, the check "iam_inline_policy_no_full_access_to_cloudtrail" does show up as muted. It clearly does not match the pattern. Its title contains the string "cloudtrail:*", which looks similar, but doesn't really match either. Now, look at this Mutelist: Mutelist:
Accounts:
"*":
Checks:
"guardduty_*_enabled":
Regions: ["*"]
Resources: ["*"]
From my understanding, it should mute (among others) the "guardduty_is_enabled" check. But in this case, the check does not get muted. Are these behaviors desired behavior or bugs? What am I missing? |
Beta Was this translation helpful? Give feedback.
Replies: 3 comments
-
|
Hi @F30, We'll review this and get back to you as soon as possible with a response. |
Beta Was this translation helpful? Give feedback.
-
|
Hi @F30 , you are right, it should work as you are mentioning. We will take a look and come with a fix soon. Thanks for the heads up. |
Beta Was this translation helpful? Give feedback.
-
|
Hi @F30, the PR #7685 solves this issue so I am going to close this discussion. Thank you again for letting us know this bug. |
Beta Was this translation helpful? Give feedback.
Hi @F30 , you are right, it should work as you are mentioning. We will take a look and come with a fix soon. Thanks for the heads up.