fix incorrect 138 rule

Azure · Mar 6, 2025 · 8a7f270 · 8a7f270
1 parent 2cf8a22
commit 8a7f270
Show file tree

Hide file tree

Showing 3 changed files with 4 additions and 4 deletions.
diff --git a/policy/checkov/ACRAdminAccountDisabled.azapi.rego b/policy/checkov/ACRAdminAccountDisabled.azapi.rego
@@ -15,5 +15,5 @@ deny_CKV_AZURE_137 contains reason if {
     data.utils.is_azure_type(resource.values, "Microsoft.ContainerRegistry/registries")
     not valid_azapi_container_registry_admin_account_disabled(resource)
 
-    reason := sprintf("checkov/CKV_AZURE_137: Ensure ACR admin account is disabled %s", ["https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/azure/ACRAdminAccountDisabled.py"])
+    reason := sprintf("checkov/CKV_AZURE_137: Ensure ACR admin account is disabled %s: https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/azure/ACRAdminAccountDisabled.py", [resource.address])
 }
diff --git a/policy/checkov/ACRAdminAccountDisabled.rego b/policy/checkov/ACRAdminAccountDisabled.rego
@@ -14,5 +14,5 @@ deny_CKV_AZURE_137 contains reason if {
     resource := data.utils.resource(input, "azurerm_container_registry")[_]
     not valid_azurerm_container_registry_admin_account_disabled(resource)
 
-    reason := sprintf("checkov/CKV_AZURE_137: Ensure ACR admin account is disabled %s", ["https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/azure/ACRAdminAccountDisabled.py"])
+    reason := sprintf("checkov/CKV_AZURE_137: Ensure ACR admin account is disabled %s, https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/azure/ACRAdminAccountDisabled.py", [resource.address])
 }
diff --git a/policy/checkov/ACRAnonymousPullDisabled.azapi.rego b/policy/checkov/ACRAnonymousPullDisabled.azapi.rego
@@ -9,11 +9,11 @@ valid_azapi_container_registry_anonymous_pull_disabled(resource) if {
 }
 
 valid_azapi_container_registry_anonymous_pull_disabled(resource) if {
-    not resource.body.properties.anonymousPullEnabled == resource.body.properties.anonymousPullEnabled
+    not resource.values.body.properties.anonymousPullEnabled == resource.body.properties.anonymousPullEnabled
 }
 
 valid_azapi_container_registry_anonymous_pull_disabled(resource) if {
-    resource.body.properties.anonymousPullEnabled == false
+    resource.values.body.properties.anonymousPullEnabled == false
 }
 
 deny_CKV_AZURE_138 contains reason if {