refactor: update title and message

Signed-off-by: Nikita Pivkin <[email protected]>

checks/cloud/aws/ec2/no_public_egress_sgr.rego

@@ -1,5 +1,5 @@
 # METADATA
-# title: A security group rule should not allow egress to any IP address.
+# title: A security group rule should not allow unrestricted egress to any IP address.
 # description: |
 #   Opening up ports to connect out to the public internet is generally to be avoided. You should restrict access to IP addresses or ranges that are explicitly required where possible.
 # scope: package
@@ -42,7 +42,7 @@ deny contains res if {
 	some block in rule.cidrs
 	net.cidr_allows_all_ips(block.value)
 	res := result.new(
-		"Security group rule allows egress to any IP address.",
+		"Security group rule allows unrestricted egress to any IP address.",
 		block,
 	)
 }

checks/cloud/aws/ec2/no_public_ingress_acl.rego

@@ -1,5 +1,5 @@
 # METADATA
-# title: Network ACLs should not allow ingress to SSH or RDP from any IP address.
+# title: Network ACLs should not allow unrestricted ingress to SSH or RDP from any IP address.
 # description: |
 #   The Network Access Control List (NACL) function provide stateless filtering of ingress and
 #   egress network traffic to AWS resources. It is recommended that no NACL allows
@@ -56,7 +56,7 @@ deny contains res if {
 	some block in rule.cidrs
 	net.cidr_allows_all_ips(block.value)
 	res := result.new(
-		"Network ACL rule allows ingress from any IP address.",
+		"Network ACL rule allows unrestricted ingress from any IP address.",
 		block,
 	)
 }

checks/cloud/aws/ec2/no_public_ingress_sgr.rego

@@ -1,5 +1,5 @@
 # METADATA
-# title: Security groups should not allow ingress to SSH or RDP from any IP address.
+# title: Security groups should not allow unrestricted ingress to SSH or RDP from any IP address.
 # description: |
 #   Security groups provide stateful filtering of ingress and egress network traffic to AWS
 #   resources. It is recommended that no security group allows unrestricted ingress access to
@@ -53,7 +53,7 @@ deny contains res if {
 	some block in rule.cidrs
 	net.cidr_allows_all_ips(block.value)
 	res := result.new(
-		"Security group rule allows ingress from any IP address.",
+		"Security group rule allows unrestricted ingress from any IP address.",
 		block,
 	)
 }

checks/cloud/azure/network/disable_rdp_from_internet.rego

@@ -1,5 +1,5 @@
 # METADATA
-# title: A security group should not allow ingress to the RDP port from any IP address.
+# title: A security group should not allow unrestricted ingress to the RDP port from any IP address.
 # description: |
 #   RDP access can be configured on either the network security group or in the network security group rule.
 #   RDP access should not be permitted from the internet (*, 0.0.0.0, /0, internet, any). Consider using the Azure Bastion Service.
@@ -45,7 +45,7 @@ deny contains res if {
 	some ip in rule.sourceaddresses
 	net.cidr_allows_all_ips(ip.value)
 	res := result.new(
-		"Security group rule allows ingress to RDP port from any IP address.",
+		"Security group rule allows unrestricted ingress to RDP port from any IP address.",
 		ip,
 	)
 }

checks/cloud/azure/network/no_public_egress.rego

@@ -1,5 +1,5 @@
 # METADATA
-# title: A security rule should not allow egress to any IP address.
+# title: A security rule should not allow unrestricted egress to any IP address.
 # description: |
 #   Opening up ports to connect out to the public internet is generally to be avoided. You should restrict access to IP addresses or ranges that are explicitly required where possible.
 # scope: package
@@ -39,5 +39,5 @@ deny contains res if {
 	rule.allow.value
 	some addr in rule.destinationaddresses
 	net.cidr_allows_all_ips(addr.value)
-	res := result.new("Security group rule allows egress to any IP address.", addr)
+	res := result.new("Security group rule allows unrestricted egress to any IP address.", addr)
 }

checks/cloud/azure/network/no_public_ingress.rego

@@ -1,5 +1,5 @@
 # METADATA
-# title: A security group rule should not allow ingress from any IP address.
+# title: A security group rule should not allow unrestricted ingress from any IP address.
 # description: |
 #   Opening up ports to allow connections from the public internet is generally to be avoided. You should restrict access to IP addresses or ranges that are explicitly required where possible.
 # scope: package
@@ -39,5 +39,5 @@ deny contains res if {
 	rule.allow.value
 	some addr in rule.sourceaddresses
 	net.cidr_allows_all_ips(addr.value)
-	res := result.new("Security group rule allows ingress from any IP address.", addr)
+	res := result.new("Security group rule allows unrestricted ingress from any IP address.", addr)
 }

checks/cloud/azure/network/ssh_blocked_from_internet.rego

@@ -1,5 +1,5 @@
 # METADATA
-# title: Security group should not allow ingress to SSH port from any IP address.
+# title: Security group should not allow unrestricted ingress to SSH port from any IP address.
 # description: |
 #   SSH access can be configured on either the network security group or in the network security group rule.
 #   SSH access should not be permitted from the internet (*, 0.0.0.0, /0, internet, any)
@@ -43,7 +43,7 @@ deny contains res if {
 	some ip in rule.sourceaddresses
 	net.cidr_allows_all_ips(ip.value)
 	res := result.new(
-		"Security group rule allows ingress to SSH port from any IP address.",
+		"Security group rule allows unrestricted ingress to SSH port from any IP address.",
 		ip,
 	)
 }

checks/cloud/digitalocean/compute/no_public_egress.rego

@@ -1,5 +1,5 @@
 # METADATA
-# title: A firewall rule should not allow egress to any IP address.
+# title: A firewall rule should not allow unrestricted egress to any IP address.
 # description: |
 #   Opening up ports to connect out to the public internet is generally to be avoided. You should restrict access to IP addresses or ranges that are explicitly required where possible.
 # scope: package

checks/cloud/digitalocean/compute/no_public_ingress.rego

@@ -1,5 +1,5 @@
 # METADATA
-# title: A firewall rule should not allow ingress from any IP address.
+# title: A firewall rule should not allow unrestricted ingress from any IP address.
 # description: |
 #   Opening up ports to allow connections from the public internet is generally to be avoided. You should restrict access to IP addresses or ranges that are explicitly required where possible.
 # scope: package
@@ -36,7 +36,7 @@ deny contains res if {
 	some address in input.digitalocean.compute.firewalls[_].inboundrules[_].sourceaddresses
 	net.cidr_allows_all_ips(address.value)
 	res := result.new(
-		"Firewall rule allows ingress from any IP address.",
+		"Firewall rule allows unrestricted ingress from any IP address.",
 		address,
 	)
 }

checks/cloud/google/compute/no_public_egress.rego

@@ -1,5 +1,5 @@
 # METADATA
-# title: A firewall rule should not allow egress to any IP address.
+# title: A firewall rule should not allow unrestricted egress to any IP address.
 # description: |
 #   Opening up ports to connect out to the public internet is generally to be avoided. You should restrict access to IP addresses or ranges that are explicitly required where possible.
 # scope: package
@@ -40,7 +40,7 @@ deny contains res if {
 	some destination in rule.destinationranges
 	net.cidr_allows_all_ips(destination.value)
 	res := result.new(
-		"Firewall rule allows egress traffic to any IP address.",
+		"Firewall rule allows unrestricted egress to any IP address.",
 		destination,
 	)
 }

checks/cloud/google/compute/no_public_ingress.rego

@@ -1,5 +1,5 @@
 # METADATA
-# title: A firewall rule should not allow ingress from any IP address.
+# title: A firewall rule should not allow unrestricted ingress from any IP address.
 # description: |
 #   Opening up ports to allow connections from the public internet is generally to be avoided. You should restrict access to IP addresses or ranges that are explicitly required where possible.
 # scope: package
@@ -45,7 +45,7 @@ deny contains res if {
 	some source in rule.sourceranges
 	net.cidr_allows_all_ips(source.value)
 	res := result.new(
-		"Firewall rule allows ingress from any IP address.",
+		"Firewall rule allows unrestricted ingress from any IP address.",
 		source,
 	)
 }

checks/cloud/nifcloud/computing/no_public_ingress_sgr.rego

@@ -1,5 +1,5 @@
 # METADATA
-# title: A security group rule should not allow ingress from any IP address.
+# title: A security group rule should not allow unrestricted ingress from any IP address.
 # description: |
 #   Opening up ports to allow connections from the public internet is generally to be avoided. You should restrict access to IP addresses or ranges that are explicitly required where possible.
 #
@@ -41,7 +41,7 @@ deny contains res if {
 	some rule in sg.ingressrules
 	net.cidr_allows_all_ips(rule.cidr.value)
 	res := result.new(
-		"Security group rule allows ingress from any IP address.",
+		"Security group rule allows unrestricted ingress from any IP address.",
 		rule.cidr,
 	)
 }

checks/cloud/nifcloud/nas/no_public_ingress_nas_sgr.rego

@@ -1,5 +1,5 @@
 # METADATA
-# title: A security group rule should not allow ingress from any IP address.
+# title: A security group rule should not allow unrestricted ingress from any IP address.
 # description: |
 #   Opening up ports to allow connections from the public internet is generally to be avoided. You should restrict access to IP addresses or ranges that are explicitly required where possible.
 # scope: package
@@ -38,5 +38,5 @@ deny contains res if {
 	some sg in input.nifcloud.nas.nassecuritygroups
 	some c in sg.cidrs
 	net.cidr_allows_all_ips(c.value)
-	res := result.new("Security group rule allows ingress from any IP address.", c)
+	res := result.new("Security group rule allows unrestricted ingress from any IP address.", c)
 }

checks/cloud/nifcloud/rdb/no_public_ingress_db_sgr.rego

@@ -1,5 +1,5 @@
 # METADATA
-# title: A security group rule should not allow ingress traffic from any IP address.
+# title: A security group rule should not allow unrestricted ingress traffic from any IP address.
 # description: |
 #   Opening up ports to allow connections from the public internet is generally to be avoided. You should restrict access to IP addresses or ranges that are explicitly required where possible.
 # scope: package
@@ -38,5 +38,5 @@ deny contains res if {
 	some sg in input.nifcloud.rdb.dbsecuritygroups
 	some c in sg.cidrs
 	net.cidr_allows_all_ips(c.value)
-	res := result.new("Security group rule allows ingress traffic from any IP address.", c)
+	res := result.new("Security group rule allows unrestricted ingress from any IP address.", c)
 }

checks/kubernetes/network/no_public_egress.rego

@@ -1,5 +1,5 @@
 # METADATA
-# title: A network policy should not allow egress to any IP address.
+# title: A network policy should not allow unrestricted egress to any IP address.
 # description: You should not expose infrastructure to the public internet except where explicitly required
 # scope: package
 # schemas:
@@ -34,7 +34,7 @@ deny contains res if {
 	some dest in policy.spec.egress.destinationcidrs
 	net.cidr_allows_all_ips(dest.value)
 	res := result.new(
-		"Network policy allows egress to any IP address.",
+		"Network policy allows unrestricted egress to any IP address.",
 		dest,
 	)
 }

checks/kubernetes/network/no_public_ingress.rego

@@ -1,5 +1,5 @@
 # METADATA
-# title: A network policy should not allow ingress from any IP address.
+# title: A network policy should not allow unrestricted ingress from any IP address.
 # description: |
 #   Opening up ports to allow connections from the public internet is generally to be avoided. You should restrict access to IP addresses or ranges that are explicitly required where possible.
 # scope: package
@@ -35,7 +35,7 @@ deny contains res if {
 	some source in policy.spec.ingress.sourcecidrs
 	net.cidr_allows_all_ips(source.value)
 	res := result.new(
-		"Network policy allows ingress from any IP address.",
+		"Network policy allows unrestricted ingress from any IP address.",
 		source,
 	)
 }