From 28a8ae757275a73f404ee49cd77e19192a035a4e Mon Sep 17 00:00:00 2001
From: Nimrod Kor <nimrodkor@gmail.com>
Date: Tue, 18 Feb 2020 10:26:44 +0200
Subject: [PATCH] Check extra748 should fail in case of all ports (0-65535)
 open

---
 checks/check_extra748 | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/checks/check_extra748 b/checks/check_extra748
index dff4bf9f..50056980 100644
--- a/checks/check_extra748
+++ b/checks/check_extra748
@@ -18,7 +18,7 @@ CHECK_ALTERNATE_check748="extra748"
 
 extra748(){
   for regx in $REGIONS; do
-    SG_LIST=$($AWSCLI ec2 describe-security-groups --query 'SecurityGroups[?length(IpPermissions[?((FromPort==null && ToPort==null) || (FromPort==null && ToPort==null)) && (contains(IpRanges[].CidrIp, `0.0.0.0/0`) || contains(Ipv6Ranges[].CidrIpv6, `::/0`))]) > `0`].{GroupId:GroupId}' $PROFILE_OPT --region $regx --output text)
+    SG_LIST=$($AWSCLI ec2 describe-security-groups --query 'SecurityGroups[?length(IpPermissions[?((FromPort==null && ToPort==null) || (FromPort==`0` && ToPort==`65535`)) && (contains(IpRanges[].CidrIp, `0.0.0.0/0`) || contains(Ipv6Ranges[].CidrIpv6, `::/0`))]) > `0`].{GroupId:GroupId}' $PROFILE_OPT --region $regx --output text)
     if [[ $SG_LIST ]];then
       for SG in $SG_LIST;do
         textFail "$regx: Found Security Group: $SG open to 0.0.0.0/0" "$regx"