feat(terraform): add CKV_AWS_364 to ensure that AWS Lambda Permission…

…s are not global when granting permission to an AWS Service. (#4375)

* Added lambda permission check against services defined in principal

* Added LambaServicePermission tests

* fixed imports and style-guide compatibility

* Updated to fix tests and add ID

* Added terraform test to get a CKV id for my Cloudformation test

* Fixed styling errors

* Flipped CFN logic to match terraform logic

* Updated to add newline at end of file to pass flake8 check

* Updated to harden service principal checks

* Added additional tests examples to demonstrate alternative service principals

* Fixed the syntax to pass

* bump CKV check version to 287

* Updated CKV to 293

* Fixed className and added missing comma from test set

* Update checkov/cloudformation/checks/resource/aws/LambdaServicePermission.py

Co-authored-by: Anton Grübel <[email protected]>

* Update checkov/terraform/checks/resource/aws/LambdaServicePermission.py

Keeping descriptions identical

Co-authored-by: Anton Grübel <[email protected]>

* Update checkov/terraform/checks/resource/aws/LambdaServicePermission.py

Co-authored-by: Anton Grübel <[email protected]>

* Update checkov/terraform/checks/resource/aws/LambdaServicePermission.py

Co-authored-by: Anton Grübel <[email protected]>

* Update checkov/terraform/checks/resource/aws/LambdaServicePermission.py

Co-authored-by: Anton Grübel <[email protected]>

* Update checkov/cloudformation/checks/resource/aws/LambdaServicePermission.py

Co-authored-by: Anton Grübel <[email protected]>

* Update checkov/cloudformation/checks/resource/aws/LambdaServicePermission.py

Co-authored-by: Anton Grübel <[email protected]>

* Update checkov/terraform/checks/resource/aws/LambdaServicePermission.py

Co-authored-by: Anton Grübel <[email protected]>

* Updated rule id

* Applying self.get_evaluated_keys to terraform

* Updated tests to align terraform and cloudformation.  Moved two examples to unknown, rather than pass/fail

* Updated cfn to ensure passed cfn-lint PR checks

* Updated terraform checkid

* Fixed potentially calling split on non-string

* adjust logic to fix test

---------

Co-authored-by: Anton Grübel <[email protected]>

checkov/version.py

@@ -1 +1 @@
-version = '2.5.6'
+version = '2.5.7'

kubernetes/requirements.txt

@@ -1 +1 @@
-checkov==2.5.6
+checkov==2.5.7