docs(queries): update queries catalog (#7317)

Co-authored-by: ArturRibeiro-CX <[email protected]>

docs/queries/all-queries.md

@@ -167,10 +167,10 @@ This page contains all queries.
 |Cosmos DB Account Without Tags<br/><sup><sub>23a4dc83-4959-4d99-8056-8e051a82bc1e</sub></sup>|Ansible|<span style="color:#edd57e">Low</span>|Build Process|<a href="../ansible-queries/azure/23a4dc83-4959-4d99-8056-8e051a82bc1e" onclick="newWindowOpenerSafe(event, '../ansible-queries/azure/23a4dc83-4959-4d99-8056-8e051a82bc1e')">Query details</a><br><a href="https://docs.ansible.com/ansible/latest/collections/azure/azcollection/azure_rm_cosmosdbaccount_module.html">Documentation</a><br/>|
 |AKS Network Policy Misconfigured<br/><sup><sub>8c3bedf1-c570-4c3b-b414-d068cd39a00c</sub></sup>|Ansible|<span style="color:#edd57e">Low</span>|Insecure Configurations|<a href="../ansible-queries/azure/8c3bedf1-c570-4c3b-b414-d068cd39a00c" onclick="newWindowOpenerSafe(event, '../ansible-queries/azure/8c3bedf1-c570-4c3b-b414-d068cd39a00c')">Query details</a><br><a href="https://docs.ansible.com/ansible/latest/collections/azure/azcollection/azure_rm_aks_module.html#parameter-network_profile/network_policy">Documentation</a><br/>|
 |Small Activity Log Retention Period<br/><sup><sub>37fafbea-dedb-4e0d-852e-d16ee0589326</sub></sup>|Ansible|<span style="color:#edd57e">Low</span>|Observability|<a href="../ansible-queries/azure/37fafbea-dedb-4e0d-852e-d16ee0589326" onclick="newWindowOpenerSafe(event, '../ansible-queries/azure/37fafbea-dedb-4e0d-852e-d16ee0589326')">Query details</a><br><a href="https://docs.ansible.com/ansible/latest/collections/azure/azcollection/azure_rm_monitorlogprofile_module.html">Documentation</a><br/>|
-|Allow Unsafe Lookups Enabled<br/><sup><sub>86b97bb4-85c9-462d-8635-cbc057c5c8c5</sub></sup>|Ansible|<span style="color:#bb2124">High</span>|Insecure Configurations|<a href="../ansible-queries/86b97bb4-85c9-462d-8635-cbc057c5c8c5" onclick="newWindowOpenerSafe(event, '../ansible-queries/86b97bb4-85c9-462d-8635-cbc057c5c8c5')">Query details</a><br><a href="https://docs.ansible.com/ansible/latest/reference_appendices/config.html#default-allow-unsafe-lookups">Documentation</a><br/>|
-|Privilege Escalation Using Become Plugin<br/><sup><sub>404908b6-4954-4611-98f0-e8ceacdabcb1</sub></sup>|Ansible|<span style="color:#ff7213">Medium</span>|Access Control|<a href="../ansible-queries/404908b6-4954-4611-98f0-e8ceacdabcb1" onclick="newWindowOpenerSafe(event, '../ansible-queries/404908b6-4954-4611-98f0-e8ceacdabcb1')">Query details</a><br><a href="https://docs.ansible.com/ansible/latest/plugins/become.html">Documentation</a><br/>|
-|Communication over HTTP<br/><sup><sub>d7dc9350-74bc-485b-8c85-fed22d276c43</sub></sup>|Ansible|<span style="color:#ff7213">Medium</span>|Insecure Configurations|<a href="../ansible-queries/d7dc9350-74bc-485b-8c85-fed22d276c43" onclick="newWindowOpenerSafe(event, '../ansible-queries/d7dc9350-74bc-485b-8c85-fed22d276c43')">Query details</a><br><a href="https://docs.ansible.com/ansible/latest/plugins/httpapi.html">Documentation</a><br/>|
-|Logging of Sensitive Data<br/><sup><sub>c6473dae-8477-4119-88b7-b909b435ce7b</sub></sup>|Ansible|<span style="color:#edd57e">Low</span>|Best Practices|<a href="../ansible-queries/c6473dae-8477-4119-88b7-b909b435ce7b" onclick="newWindowOpenerSafe(event, '../ansible-queries/c6473dae-8477-4119-88b7-b909b435ce7b')">Query details</a><br><a href="https://docs.ansible.com/ansible/latest/reference_appendices/logging.html#protecting-sensitive-data-with-no-log">Documentation</a><br/>|
+|Allow Unsafe Lookups Enabled In Defaults<br/><sup><sub>86b97bb4-85c9-462d-8635-cbc057c5c8c5</sub></sup>|Ansible|<span style="color:#bb2124">High</span>|Insecure Configurations|<a href="../ansible-queries/86b97bb4-85c9-462d-8635-cbc057c5c8c5" onclick="newWindowOpenerSafe(event, '../ansible-queries/86b97bb4-85c9-462d-8635-cbc057c5c8c5')">Query details</a><br><a href="https://docs.ansible.com/ansible/latest/reference_appendices/config.html#default-allow-unsafe-lookups">Documentation</a><br/>|
+|Privilege Escalation Using Become Plugin In Defaults<br/><sup><sub>404908b6-4954-4611-98f0-e8ceacdabcb1</sub></sup>|Ansible|<span style="color:#ff7213">Medium</span>|Access Control|<a href="../ansible-queries/404908b6-4954-4611-98f0-e8ceacdabcb1" onclick="newWindowOpenerSafe(event, '../ansible-queries/404908b6-4954-4611-98f0-e8ceacdabcb1')">Query details</a><br><a href="https://docs.ansible.com/ansible/latest/plugins/become.html">Documentation</a><br/>|
+|Communication Over HTTP In Defaults<br/><sup><sub>d7dc9350-74bc-485b-8c85-fed22d276c43</sub></sup>|Ansible|<span style="color:#ff7213">Medium</span>|Insecure Configurations|<a href="../ansible-queries/d7dc9350-74bc-485b-8c85-fed22d276c43" onclick="newWindowOpenerSafe(event, '../ansible-queries/d7dc9350-74bc-485b-8c85-fed22d276c43')">Query details</a><br><a href="https://docs.ansible.com/ansible/latest/plugins/httpapi.html">Documentation</a><br/>|
+|Logging of Sensitive Data In Defaults<br/><sup><sub>c6473dae-8477-4119-88b7-b909b435ce7b</sub></sup>|Ansible|<span style="color:#edd57e">Low</span>|Best Practices|<a href="../ansible-queries/c6473dae-8477-4119-88b7-b909b435ce7b" onclick="newWindowOpenerSafe(event, '../ansible-queries/c6473dae-8477-4119-88b7-b909b435ce7b')">Query details</a><br><a href="https://docs.ansible.com/ansible/latest/reference_appendices/logging.html#protecting-sensitive-data-with-no-log">Documentation</a><br/>|
 |Cloud Storage Anonymous or Publicly Accessible<br/><sup><sub>086031e1-9d4a-4249-acb3-5bfe4c363db2</sub></sup>|Ansible|<span style="color:#ff0000">Critical</span>|Access Control|<a href="../ansible-queries/gcp/086031e1-9d4a-4249-acb3-5bfe4c363db2" onclick="newWindowOpenerSafe(event, '../ansible-queries/gcp/086031e1-9d4a-4249-acb3-5bfe4c363db2')">Query details</a><br><a href="https://docs.ansible.com/ansible/latest/collections/google/cloud/gcp_storage_bucket_module.html">Documentation</a><br/>|
 |SQL DB Instance Publicly Accessible<br/><sup><sub>7d7054c0-3a52-4e9b-b9ff-cbfe16a2378b</sub></sup>|Ansible|<span style="color:#ff0000">Critical</span>|Insecure Configurations|<a href="../ansible-queries/gcp/7d7054c0-3a52-4e9b-b9ff-cbfe16a2378b" onclick="newWindowOpenerSafe(event, '../ansible-queries/gcp/7d7054c0-3a52-4e9b-b9ff-cbfe16a2378b')">Query details</a><br><a href="https://docs.ansible.com/ansible/latest/collections/google/cloud/gcp_sql_instance_module.html">Documentation</a><br/>|
 |BigQuery Dataset Is Public<br/><sup><sub>2263b286-2fe9-4747-a0ae-8b4768a2bbd2</sub></sup>|Ansible|<span style="color:#bb2124">High</span>|Access Control|<a href="../ansible-queries/gcp/2263b286-2fe9-4747-a0ae-8b4768a2bbd2" onclick="newWindowOpenerSafe(event, '../ansible-queries/gcp/2263b286-2fe9-4747-a0ae-8b4768a2bbd2')">Query details</a><br><a href="https://docs.ansible.com/ansible/latest/collections/google/cloud/gcp_bigquery_dataset_module.html#parameter-access/special_group">Documentation</a><br/>|

docs/queries/ansible-queries.md

@@ -188,10 +188,10 @@ Below are listed queries related to Ansible CONFIG:
 
 |            Query             |Severity|Category|More info|
 |------------------------------|--------|--------|-----------|
-|Allow Unsafe Lookups Enabled<br/><sup><sub>86b97bb4-85c9-462d-8635-cbc057c5c8c5</sub></sup>|<span style="color:#bb2124">High</span>|Insecure Configurations|<a href="../ansible-queries/86b97bb4-85c9-462d-8635-cbc057c5c8c5" onclick="newWindowOpenerSafe(event, '../ansible-queries/86b97bb4-85c9-462d-8635-cbc057c5c8c5')">Query details</a><br><a href="https://docs.ansible.com/ansible/latest/reference_appendices/config.html#default-allow-unsafe-lookups">Documentation</a><br/>|
-|Privilege Escalation Using Become Plugin<br/><sup><sub>404908b6-4954-4611-98f0-e8ceacdabcb1</sub></sup>|<span style="color:#ff7213">Medium</span>|Access Control|<a href="../ansible-queries/404908b6-4954-4611-98f0-e8ceacdabcb1" onclick="newWindowOpenerSafe(event, '../ansible-queries/404908b6-4954-4611-98f0-e8ceacdabcb1')">Query details</a><br><a href="https://docs.ansible.com/ansible/latest/plugins/become.html">Documentation</a><br/>|
-|Communication over HTTP<br/><sup><sub>d7dc9350-74bc-485b-8c85-fed22d276c43</sub></sup>|<span style="color:#ff7213">Medium</span>|Insecure Configurations|<a href="../ansible-queries/d7dc9350-74bc-485b-8c85-fed22d276c43" onclick="newWindowOpenerSafe(event, '../ansible-queries/d7dc9350-74bc-485b-8c85-fed22d276c43')">Query details</a><br><a href="https://docs.ansible.com/ansible/latest/plugins/httpapi.html">Documentation</a><br/>|
-|Logging of Sensitive Data<br/><sup><sub>c6473dae-8477-4119-88b7-b909b435ce7b</sub></sup>|<span style="color:#edd57e">Low</span>|Best Practices|<a href="../ansible-queries/c6473dae-8477-4119-88b7-b909b435ce7b" onclick="newWindowOpenerSafe(event, '../ansible-queries/c6473dae-8477-4119-88b7-b909b435ce7b')">Query details</a><br><a href="https://docs.ansible.com/ansible/latest/reference_appendices/logging.html#protecting-sensitive-data-with-no-log">Documentation</a><br/>|
+|Allow Unsafe Lookups Enabled In Defaults<br/><sup><sub>86b97bb4-85c9-462d-8635-cbc057c5c8c5</sub></sup>|<span style="color:#bb2124">High</span>|Insecure Configurations|<a href="../ansible-queries/86b97bb4-85c9-462d-8635-cbc057c5c8c5" onclick="newWindowOpenerSafe(event, '../ansible-queries/86b97bb4-85c9-462d-8635-cbc057c5c8c5')">Query details</a><br><a href="https://docs.ansible.com/ansible/latest/reference_appendices/config.html#default-allow-unsafe-lookups">Documentation</a><br/>|
+|Privilege Escalation Using Become Plugin In Defaults<br/><sup><sub>404908b6-4954-4611-98f0-e8ceacdabcb1</sub></sup>|<span style="color:#ff7213">Medium</span>|Access Control|<a href="../ansible-queries/404908b6-4954-4611-98f0-e8ceacdabcb1" onclick="newWindowOpenerSafe(event, '../ansible-queries/404908b6-4954-4611-98f0-e8ceacdabcb1')">Query details</a><br><a href="https://docs.ansible.com/ansible/latest/plugins/become.html">Documentation</a><br/>|
+|Communication Over HTTP In Defaults<br/><sup><sub>d7dc9350-74bc-485b-8c85-fed22d276c43</sub></sup>|<span style="color:#ff7213">Medium</span>|Insecure Configurations|<a href="../ansible-queries/d7dc9350-74bc-485b-8c85-fed22d276c43" onclick="newWindowOpenerSafe(event, '../ansible-queries/d7dc9350-74bc-485b-8c85-fed22d276c43')">Query details</a><br><a href="https://docs.ansible.com/ansible/latest/plugins/httpapi.html">Documentation</a><br/>|
+|Logging of Sensitive Data In Defaults<br/><sup><sub>c6473dae-8477-4119-88b7-b909b435ce7b</sub></sup>|<span style="color:#edd57e">Low</span>|Best Practices|<a href="../ansible-queries/c6473dae-8477-4119-88b7-b909b435ce7b" onclick="newWindowOpenerSafe(event, '../ansible-queries/c6473dae-8477-4119-88b7-b909b435ce7b')">Query details</a><br><a href="https://docs.ansible.com/ansible/latest/reference_appendices/logging.html#protecting-sensitive-data-with-no-log">Documentation</a><br/>|
 
 ### GCP
 Below are listed queries related to Ansible GCP:

docs/queries/ansible-queries/404908b6-4954-4611-98f0-e8ceacdabcb1.md

@@ -1,5 +1,5 @@
 ---
-title: Privilege Escalation Using Become Plugin
+title: Privilege Escalation Using Become Plugin In Defaults
 hide:
   toc: true
   navigation: true
@@ -16,12 +16,12 @@ hide:
 </style>
 
 -   **Query id:** 404908b6-4954-4611-98f0-e8ceacdabcb1
--   **Query name:** Privilege Escalation Using Become Plugin
+-   **Query name:** Privilege Escalation Using Become Plugin In Defaults
 -   **Platform:** Ansible
 -   **Severity:** <span style="color:#ff7213">Medium</span>
 -   **Category:** Access Control
 -   **CWE:** <a href="https://cwe.mitre.org/data/definitions/286.html" onclick="newWindowOpenerSafe(event, 'https://cwe.mitre.org/data/definitions/286.html')">286</a>
--   **URL:** [Github](https://github.com/Checkmarx/kics/tree/master/assets/queries/ansible/config/privilege_escalation_using_become_plugin)
+-   **URL:** [Github](https://github.com/Checkmarx/kics/tree/master/assets/queries/ansible/config/privilege_escalation_using_become_plugin_in_defaults)
 
 ### Description
 In order to perform an action as a different user with the become_user, 'become' must be defined and set to 'true'<br>

docs/queries/ansible-queries/86b97bb4-85c9-462d-8635-cbc057c5c8c5.md

@@ -1,5 +1,5 @@
 ---
-title: Allow Unsafe Lookups Enabled
+title: Allow Unsafe Lookups Enabled In Defaults
 hide:
   toc: true
   navigation: true
@@ -16,12 +16,12 @@ hide:
 </style>
 
 -   **Query id:** 86b97bb4-85c9-462d-8635-cbc057c5c8c5
--   **Query name:** Allow Unsafe Lookups Enabled
+-   **Query name:** Allow Unsafe Lookups Enabled In Defaults
 -   **Platform:** Ansible
 -   **Severity:** <span style="color:#bb2124">High</span>
 -   **Category:** Insecure Configurations
 -   **CWE:** <a href="https://cwe.mitre.org/data/definitions/200.html" onclick="newWindowOpenerSafe(event, 'https://cwe.mitre.org/data/definitions/200.html')">200</a>
--   **URL:** [Github](https://github.com/Checkmarx/kics/tree/master/assets/queries/ansible/config/allow_unsafe_lookups_enabled)
+-   **URL:** [Github](https://github.com/Checkmarx/kics/tree/master/assets/queries/ansible/config/allow_unsafe_lookups_enabled_in_defaults)
 
 ### Description
 When enabled, this option allows lookup plugins to return data that is not marked 'unsafe'.<br>

docs/queries/ansible-queries/c6473dae-8477-4119-88b7-b909b435ce7b.md

@@ -1,5 +1,5 @@
 ---
-title: Logging of Sensitive Data
+title: Logging of Sensitive Data In Defaults
 hide:
   toc: true
   navigation: true
@@ -16,12 +16,12 @@ hide:
 </style>
 
 -   **Query id:** c6473dae-8477-4119-88b7-b909b435ce7b
--   **Query name:** Logging of Sensitive Data
+-   **Query name:** Logging of Sensitive Data In Defaults
 -   **Platform:** Ansible
 -   **Severity:** <span style="color:#edd57e">Low</span>
 -   **Category:** Best Practices
 -   **CWE:** <a href="https://cwe.mitre.org/data/definitions/532.html" onclick="newWindowOpenerSafe(event, 'https://cwe.mitre.org/data/definitions/532.html')">532</a>
--   **URL:** [Github](https://github.com/Checkmarx/kics/tree/master/assets/queries/ansible/config/logging_of_sensitive_data)
+-   **URL:** [Github](https://github.com/Checkmarx/kics/tree/master/assets/queries/ansible/config/logging_of_sensitive_data_in_defaults)
 
 ### Description
 To keep sensitive values out of logs, tasks that expose them need to be marked defining 'no_log' and setting to True<br>

docs/queries/ansible-queries/d7dc9350-74bc-485b-8c85-fed22d276c43.md

@@ -1,5 +1,5 @@
 ---
-title: Communication over HTTP
+title: Communication Over HTTP In Defaults
 hide:
   toc: true
   navigation: true
@@ -16,12 +16,12 @@ hide:
 </style>
 
 -   **Query id:** d7dc9350-74bc-485b-8c85-fed22d276c43
--   **Query name:** Communication over HTTP
+-   **Query name:** Communication Over HTTP In Defaults
 -   **Platform:** Ansible
 -   **Severity:** <span style="color:#ff7213">Medium</span>
 -   **Category:** Insecure Configurations
 -   **CWE:** <a href="https://cwe.mitre.org/data/definitions/319.html" onclick="newWindowOpenerSafe(event, 'https://cwe.mitre.org/data/definitions/319.html')">319</a>
--   **URL:** [Github](https://github.com/Checkmarx/kics/tree/master/assets/queries/ansible/config/communication_over_http)
+-   **URL:** [Github](https://github.com/Checkmarx/kics/tree/master/assets/queries/ansible/config/communication_over_http_in_defaults)
 
 ### Description
 Using HTTP URLs (without encryption) could lead to security vulnerabilities and risks<br>

docs/queries/terraform-queries/azure/b7b9d1c7-2d3b-49b4-b867-ebbe68d0b643.md

@@ -43,6 +43,21 @@ resource "azurerm_app_service" "positive1" {
   }
 }
 
+```
+```tf title="Positive test num. 2 - tf file" hl_lines="10"
+resource "azurerm_app_service" "positive2" {
+  name                = "example-app-service"
+  location            = azurerm_resource_group.example.location
+  resource_group_name = azurerm_resource_group.example.name
+  app_service_plan_id = azurerm_app_service_plan.example.id
+
+  site_config {
+    dotnet_framework_version = "v4.0"
+    scm_type                 = "LocalGit"
+    min_tls_version = 1.2
+  }
+}
+
 ```
 
 
@@ -57,7 +72,7 @@ resource "azurerm_app_service" "negative1" {
   site_config {
     dotnet_framework_version = "v4.0"
     scm_type                 = "LocalGit"
-    min_tls_version = 1.2
+    min_tls_version = 1.3
   }
 }