Skip to content

Commit

Permalink
refactoring
Browse files Browse the repository at this point in the history
  • Loading branch information
Yevhen Zavhorodnii committed May 29, 2024
1 parent 63a125a commit f519297
Showing 1 changed file with 11 additions and 6 deletions.
17 changes: 11 additions & 6 deletions pkg/security/risks/builtin/dos_risky_access_across_trust_boundary_rule.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -68,13 +68,18 @@ func (r *DosRiskyAccessAcrossTrustBoundaryRule) GenerateRisks(input *types.Model
}

func (r *DosRiskyAccessAcrossTrustBoundaryRule) checkRisk(input *types.Model, technicalAsset *types.TechnicalAsset, incomingAccess *types.CommunicationLink, linkId string, hopBetween string, risks []*types.Risk) []*types.Risk {
if incomingAccess.IsAcrossTrustBoundaryNetworkOnly(input) &&
!incomingAccess.Protocol.IsProcessLocal() && incomingAccess.Usage != types.DevOps {
highRisk := technicalAsset.Availability == types.MissionCritical &&
!incomingAccess.VPN && !incomingAccess.IpFiltered && !technicalAsset.Redundant
risks = append(risks, r.createRisk(technicalAsset, incomingAccess, linkId, hopBetween,
input.TechnicalAssets[incomingAccess.SourceId], highRisk))
if !incomingAccess.IsAcrossTrustBoundaryNetworkOnly(input) {
return risks
}
if incomingAccess.Usage == types.DevOps {
return risks
}
if incomingAccess.Protocol.IsProcessLocal() {
return risks
}

highRisk := technicalAsset.Availability == types.MissionCritical && !incomingAccess.VPN && !incomingAccess.IpFiltered && !technicalAsset.Redundant
risks = append(risks, r.createRisk(technicalAsset, incomingAccess, linkId, hopBetween, input.TechnicalAssets[incomingAccess.SourceId], highRisk))
return risks
}

Expand Down

0 comments on commit f519297

Please sign in to comment.