chore(metadata): Remove CheckName and CheckAlias field (#1299)

lib/check/check.py

@@ -192,9 +192,9 @@ def set_output_options(
 
 def run_check(check, audit_info, output_options):
     print(
-        f"\nCheck Name: {check.checkName} - {Fore.MAGENTA}{check.serviceName}{Fore.YELLOW} [{check.severity}]{Style.RESET_ALL}"
+        f"\nCheck ID: {check.checkID} - {Fore.MAGENTA}{check.serviceName}{Fore.YELLOW} [{check.severity}]{Style.RESET_ALL}"
     )
-    logger.debug(f"Executing check: {check.checkName}")
+    logger.debug(f"Executing check: {check.checkID}")
     findings = check.execute()
 
     report(findings, output_options, audit_info)

lib/check/fixtures/metadata.json

@@ -3,9 +3,7 @@
     "cat1",
     "cat2"
   ],
-  "CheckAlias": "extra764",
   "CheckID": "iam_disable_30_days_credentials",
-  "CheckName": "iam_disable_30_days_credentials",
   "CheckTitle": "Ensure credentials unused for 30 days or greater are disabled",
   "CheckType": "Software and Configuration Checks",
   "Compliance": [

lib/check/models.py

@@ -54,7 +54,7 @@ class Remediation(BaseModel):
 class Check_Metadata_Model(BaseModel):
     Provider: str
     CheckID: str
-    CheckName: str
+    # CheckName: str
     CheckTitle: str
     # CheckAlias: str
     CheckType: str
@@ -84,7 +84,7 @@ class Check(ABC):
         # Assign metadata values
         self.__Provider__ = self.__check_metadata__.Provider
         self.__CheckID__ = self.__check_metadata__.CheckID
-        self.__CheckName__ = self.__check_metadata__.CheckName
+        # self.__CheckName__ = self.__check_metadata__.CheckName
         self.__CheckTitle__ = self.__check_metadata__.CheckTitle
         # self.__CheckAlias__ = self.__check_metadata__.CheckAlias
         self.__CheckType__ = self.__check_metadata__.CheckType
@@ -112,9 +112,9 @@ class Check(ABC):
     def checkID(self):
         return self.__CheckID__
 
-    @property
+    # @property
-    def checkName(self):
+    # def checkName(self):
-        return self.__CheckName__
+    #     return self.__CheckName__
 
     @property
     def checkTitle(self):

providers/aws/services/ec2/ec2_ebs_public_snapshot/ec2_ebs_public_snapshot.metadata.json

@@ -1,8 +1,6 @@
 {
   "Categories": [],
-  "CheckAlias": "extra72",
   "CheckID": "ec2_ebs_public_snapshot",
-  "CheckName": "ec2_ebs_public_snapshot",
   "CheckTitle": "Ensure there are no EBS Snapshots set as Public.",
   "CheckType": "Data Protection",
   "Compliance": [],

providers/aws/services/ec2/ec2_ebs_snapshots_encrypted/ec2_ebs_snapshots_encrypted.metadata.json

@@ -1,8 +1,6 @@
 {
   "Categories": [],
-  "CheckAlias": "extra740",
   "CheckID": "ec2_ebs_snapshots_encrypted",
-  "CheckName": "ec2_ebs_snapshots_encrypted",
   "CheckTitle": "Check if EBS snapshots are encrypted.",
   "CheckType": "Data Protection",
   "Compliance": [],

providers/aws/services/ec2/ec2_instance_public_ip/ec2_instance_public_ip.metadata.json

@@ -1,8 +1,6 @@
 {
   "Categories": [],
-  "CheckAlias": "extra710",
   "CheckID": "ec2_instance_public_ip",
-  "CheckName": "ec2_instance_public_ip",
   "CheckTitle": "Check for EC2 Instances with Public IP.",
   "CheckType": "Infrastructure Security",
   "Compliance": [],

providers/aws/services/ec2/ec2_networkacl_allow_ingress_tcp_port_22/ec2_networkacl_allow_ingress_tcp_port_22.metadata.json

@@ -1,8 +1,6 @@
 {
   "Categories": [],
-  "CheckAlias": "check45",
   "CheckID": "ec2_networkacl_allow_ingress_tcp_port_22",
-  "CheckName": "ec2_networkacl_allow_ingress_tcp_port_22",
   "CheckTitle": "Ensure no Network ACLs allow ingress from 0.0.0.0/0 to SSH port 22",
   "CheckType": "Infrastructure Security",
   "Compliance": [

providers/aws/services/ec2/ec2_networkacl_allow_ingress_tcp_port_3389/ec2_networkacl_allow_ingress_tcp_port_3389.metadata.json

@@ -1,8 +1,6 @@
 {
   "Categories": [],
-  "CheckAlias": "check45",
   "CheckID": "ec2_networkacl_allow_ingress_tcp_port_3389",
-  "CheckName": "ec2_networkacl_allow_ingress_tcp_port_3389",
   "CheckTitle": "Ensure no Network ACLs allow ingress from 0.0.0.0/0 to Microsoft RDP port 3389",
   "CheckType": "Infrastructure Security",
   "Compliance": [

providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_any_port/ec2_securitygroup_allow_ingress_from_internet_to_any_port.metadata.json

@@ -1,8 +1,6 @@
 {
   "Categories": [],
-  "CheckAlias": "extra748",
   "CheckID": "ec2_securitygroup_allow_ingress_from_internet_to_any_port",
-  "CheckName": "ec2_securitygroup_allow_ingress_from_internet_to_any_port",
   "CheckTitle": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port.",
   "CheckType": "Infrastructure Security",
   "Compliance": [],

providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_22/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_22.metadata.json

@@ -1,8 +1,6 @@
 {
   "Categories": [],
-  "CheckAlias": "extra750",
   "CheckID": "ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_22",
-  "CheckName": "ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_22",
   "CheckTitle": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22.",
   "CheckType": "Infrastructure Security",
   "Compliance": [

providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_3389/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_3389.metadata.json

@@ -1,8 +1,6 @@
 {
   "Categories": [],
-  "CheckAlias": "extra750",
   "CheckID": "ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_3389",
-  "CheckName": "ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_3389",
   "CheckTitle": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389.",
   "CheckType": "Infrastructure Security",
   "Compliance": [

providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_mysql_3306/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_mysql_3306.metadata.json

@@ -1,8 +1,6 @@
 {
   "Categories": [],
-  "CheckAlias": "extra750",
   "CheckID": "ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_mysql_3306",
-  "CheckName": "ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_mysql_3306",
   "CheckTitle": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306.",
   "CheckType": "Infrastructure Security",
   "Compliance": [],

providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_oracle_1521_2483/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_oracle_1521_2483.metadata.json

@@ -1,8 +1,6 @@
 {
   "Categories": [],
-  "CheckAlias": "extra749",
   "CheckID": "ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_oracle_1521_2483",
-  "CheckName": "ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_oracle_1521_2483",
   "CheckTitle": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483.",
   "CheckType": "Infrastructure Security",
   "Compliance": [],

providers/aws/services/iam/iam_administrator_access_with_mfa/iam_administrator_access_with_mfa.metadata.json

@@ -1,8 +1,6 @@
 {
   "Categories": [],
-  "CheckAlias": "extra71",
   "CheckID": "iam_administrator_access_with_mfa",
-  "CheckName": "iam_administrator_access_with_mfa",
   "CheckTitle": "Ensure users of groups with AdministratorAccess policy have MFA tokens enabled",
   "CheckType": "Infrastructure Security",
   "Compliance": [],

providers/aws/services/iam/iam_avoid_root_usage/iam_avoid_root_usage.metadata.json

@@ -1,8 +1,6 @@
 {
   "Categories": [],
-  "CheckAlias": "check11",
   "CheckID": "iam_avoid_root_usage",
-  "CheckName": "iam_avoid_root_usage",
   "CheckTitle": "Avoid the use of the root accounts",
   "CheckType": "Software and Configuration Checks/Industry and Regulatory Standards/CIS AWS Foundations Benchmark",
   "Compliance": [

providers/aws/services/iam/iam_disable_30_days_credentials/iam_disable_30_days_credentials.metadata.json

@@ -1,8 +1,6 @@
 {
   "Categories": [],
-  "CheckAlias": "extra774",
   "CheckID": "iam_disable_30_days_credentials",
-  "CheckName": "iam_disable_30_days_credentials",
   "CheckTitle": "Ensure credentials unused for 30 days or greater are disabled",
   "CheckType": "Software and Configuration Checks",
   "Compliance": [],

providers/aws/services/iam/iam_disable_90_days_credentials/iam_disable_90_days_credentials.metadata.json

@@ -1,8 +1,6 @@
 {
   "Categories": [],
-  "CheckAlias": "check13",
   "CheckID": "iam_disable_90_days_credentials",
-  "CheckName": "iam_disable_90_days_credentials",
   "CheckTitle": "Ensure credentials unused for 90 days or greater are disabled",
   "CheckType": "Software and Configuration Checks",
   "Compliance": [

providers/aws/services/iam/iam_no_root_access_key/iam_no_root_access_key.metadata.json

@@ -1,8 +1,6 @@
 {
   "Categories": [],
-  "CheckAlias": "check112",
   "CheckID": "iam_no_root_access_key",
-  "CheckName": "iam_no_root_access_key",
   "CheckTitle": "Ensure no root account access key exists",
   "CheckType": "Software and Configuration Checks/Industry and Regulatory Standards/CIS AWS Foundations Benchmark",
   "Compliance": [

providers/aws/services/iam/iam_root_hardware_mfa_enabled/iam_root_hardware_mfa_enabled.metadata.json

@@ -1,8 +1,6 @@
 {
   "Categories": [],
-  "CheckAlias": "check114",
   "CheckID": "iam_root_hardware_mfa_enabled",
-  "CheckName": "iam_root_hardware_mfa_enabled",
   "CheckTitle": "Ensure hardware MFA is enabled for the root account",
   "CheckType": "Software and Configuration Checks/Industry and Regulatory Standards/CIS AWS Foundations Benchmark",
   "Compliance": [

providers/aws/services/iam/iam_root_mfa_enabled/iam_root_mfa_enabled.metadata.json

@@ -1,8 +1,6 @@
 {
   "Categories": [],
-  "CheckAlias": "check113",
   "CheckID": "iam_root_mfa_enabled",
-  "CheckName": "iam_root_mfa_enabled",
   "CheckTitle": "Ensure MFA is enabled for the root account",
   "CheckType": "Software and Configuration Checks/Industry and Regulatory Standards/CIS AWS Foundations Benchmark",
   "Compliance": [

providers/aws/services/iam/iam_rotate_access_key_90_days/iam_rotate_access_key_90_days.metadata.json

@@ -1,8 +1,6 @@
 {
   "Categories": [],
-  "CheckAlias": "check14",
   "CheckID": "iam_rotate_access_key_90_days",
-  "CheckName": "iam_rotate_access_key_90_days",
   "CheckTitle": "Ensure access keys are rotated every 90 days or less",
   "CheckType": "Software and Configuration Checks/Industry and Regulatory Standards/CIS AWS Foundations Benchmark",
   "Compliance": [

providers/aws/services/iam/iam_user_hardware_mfa_enabled/iam_user_hardware_mfa_enabled.metadata.json

@@ -1,8 +1,6 @@
 {
   "Categories": [],
-  "CheckAlias": "extra7125",
   "CheckID": "iam_user_hardware_mfa_enabled",
-  "CheckName": "iam_user_hardware_mfa_enabled",
   "CheckTitle": "Check if IAM users have Hardware MFA enabled.",
   "CheckType": "Software and Configuration Checks/Industry and Regulatory Standards/CIS AWS Foundations Benchmark",
   "Compliance": [],

providers/aws/services/iam/iam_user_mfa_enabled_console_access/iam_user_mfa_enabled_console_access.metadata.json

@@ -1,8 +1,6 @@
 {
   "Categories": [],
-  "CheckAlias": "check12",
   "CheckID": "iam_user_mfa_enabled_console_access",
-  "CheckName": "iam_user_mfa_enabled_console_access",
   "CheckTitle": "Ensure multi-factor authentication (MFA) is enabled for all IAM users that have a console password.",
   "CheckType": "Software and Configuration Checks/Industry and Regulatory Standards/CIS AWS Foundations Benchmark",
   "Compliance": [],

providers/aws/services/iam/iam_user_two_active_access_key/iam_user_two_active_access_key.metadata.json

@@ -1,8 +1,6 @@
 {
   "Categories": [],
-  "CheckAlias": "extra7123",
   "CheckID": "iam_user_two_active_access_key",
-  "CheckName": "iam_user_two_active_access_key",
   "CheckTitle": "Check if IAM users have two active access keys",
   "CheckType": "Software and Configuration Checks/Industry and Regulatory Standards/CIS AWS Foundations Benchmark",
   "Compliance": [],

providers/aws/services/s3/s3_bucket_object_versioning/s3_bucket_object_versioning.metadata.json

@@ -1,8 +1,6 @@
 {
   "Categories": [],
-  "CheckAlias": "extra763",
   "CheckID": "s3_bucket_object_versioning",
-  "CheckName": "s3_bucket_object_versioning",
   "CheckTitle": "Check if S3 buckets have object versioning enabled",
   "CheckType": "Data Protection",
   "Compliance": [],

providers/aws/services/s3/s3_bucket_server_access_logging_enabled/s3_bucket_server_access_logging_enabled.metadata.json

@@ -1,8 +1,6 @@
 {
   "Categories": [],
-  "CheckAlias": "extra718",
   "CheckID": "s3_bucket_server_access_logging_enabled",
-  "CheckName": "s3_bucket_server_access_logging_enabled",
   "CheckTitle": "Check if S3 buckets have server access logging enabled",
   "CheckType": "Logging and Monitoring",
   "Compliance": [],