From 1effbc38a9bebe09760781ee040a077e578c9e99 Mon Sep 17 00:00:00 2001
From: Omri SirComp <omribz156@gmail.com>
Date: Wed, 20 May 2026 13:17:47 +0300
Subject: [PATCH] fix(query): avoid S3 notification standalone target FPs

---
 .../query.rego                                | 22 -------------------
 .../test/{positive10.tf => negative7.tf}      |  2 +-
 .../test/{positive11.tf => negative8.tf}      |  2 +-
 .../test/{positive12.tf => negative9.tf}      |  2 +-
 .../test/positive_expected_result.json        | 18 ---------------
 5 files changed, 3 insertions(+), 43 deletions(-)
 rename assets/queries/terraform/aws/s3_bucket_notifications_disabled/test/{positive10.tf => negative7.tf} (98%)
 rename assets/queries/terraform/aws/s3_bucket_notifications_disabled/test/{positive11.tf => negative8.tf} (98%)
 rename assets/queries/terraform/aws/s3_bucket_notifications_disabled/test/{positive12.tf => negative9.tf} (99%)

diff --git a/assets/queries/terraform/aws/s3_bucket_notifications_disabled/query.rego b/assets/queries/terraform/aws/s3_bucket_notifications_disabled/query.rego
index f8296859f61..4324dea33cd 100644
--- a/assets/queries/terraform/aws/s3_bucket_notifications_disabled/query.rego
+++ b/assets/queries/terraform/aws/s3_bucket_notifications_disabled/query.rego
@@ -3,28 +3,6 @@ package Cx
 import data.generic.common as common_lib
 import data.generic.terraform as tf_lib
 
-CxPolicy[result] {
-    # Cases of "SNS Topic" or "SQS Queue" or "Lambda Function" with aws_s3_bucket_notification undefined
-    s3 := input.document[i].resource[type][name]
-    types := ["aws_sns_topic","aws_sqs_queue","aws_lambda_function"]
-    type == types[_]
-
-    not common_lib.valid_key(input.document[i].resource, "aws_s3_bucket_notification")  
-
-    result := {
-        "documentId": input.document[i].id,
-        "resourceType": type,
-		"resourceName": tf_lib.get_specific_resource_name(s3, "aws_s3_bucket_notification", type),
-        "searchKey": sprintf("%s[%s]",[type,name]),
-        "issueType": "MissingAttribute",
-        "keyExpectedValue": "'aws_s3_bucket_notification' should be defined and not null",
-        "keyActualValue": "'aws_s3_bucket_notification' is undefined or null",
-        "searchLine": common_lib.build_search_line(["resource", type, name], []),
-    }
-}
-
-
-
 CxPolicy[result] {
     # Cases of "SNS Topic" or "SQS Queue" or "Lambda Function" not referenced in aws_s3_bucket_notification
     s3 := input.document[i].resource[type][name]
diff --git a/assets/queries/terraform/aws/s3_bucket_notifications_disabled/test/positive10.tf b/assets/queries/terraform/aws/s3_bucket_notifications_disabled/test/negative7.tf
similarity index 98%
rename from assets/queries/terraform/aws/s3_bucket_notifications_disabled/test/positive10.tf
rename to assets/queries/terraform/aws/s3_bucket_notifications_disabled/test/negative7.tf
index 5435a39d522..68f69a39f98 100644
--- a/assets/queries/terraform/aws/s3_bucket_notifications_disabled/test/positive10.tf
+++ b/assets/queries/terraform/aws/s3_bucket_notifications_disabled/test/negative7.tf
@@ -1,4 +1,4 @@
 resource "aws_sns_topic" "topic1" {
   name   = "s3-event-notification-topic"
   policy = data.aws_iam_policy_document.topic.json
-}
\ No newline at end of file
+}
diff --git a/assets/queries/terraform/aws/s3_bucket_notifications_disabled/test/positive11.tf b/assets/queries/terraform/aws/s3_bucket_notifications_disabled/test/negative8.tf
similarity index 98%
rename from assets/queries/terraform/aws/s3_bucket_notifications_disabled/test/positive11.tf
rename to assets/queries/terraform/aws/s3_bucket_notifications_disabled/test/negative8.tf
index 479d8aa2248..a92f8356b4c 100644
--- a/assets/queries/terraform/aws/s3_bucket_notifications_disabled/test/positive11.tf
+++ b/assets/queries/terraform/aws/s3_bucket_notifications_disabled/test/negative8.tf
@@ -1,4 +1,4 @@
 resource "aws_sqs_queue" "queue" {
   name   = "s3-event-notification-queue"
   policy = data.aws_iam_policy_document.queue.json
-}
\ No newline at end of file
+}
diff --git a/assets/queries/terraform/aws/s3_bucket_notifications_disabled/test/positive12.tf b/assets/queries/terraform/aws/s3_bucket_notifications_disabled/test/negative9.tf
similarity index 99%
rename from assets/queries/terraform/aws/s3_bucket_notifications_disabled/test/positive12.tf
rename to assets/queries/terraform/aws/s3_bucket_notifications_disabled/test/negative9.tf
index 36494bd5619..fa172b85eb6 100644
--- a/assets/queries/terraform/aws/s3_bucket_notifications_disabled/test/positive12.tf
+++ b/assets/queries/terraform/aws/s3_bucket_notifications_disabled/test/negative9.tf
@@ -4,4 +4,4 @@ resource "aws_lambda_function" "func" {
   role          = aws_iam_role.iam_for_lambda.arn
   handler       = "exports.example"
   runtime       = "nodejs20.x"
-}
\ No newline at end of file
+}
diff --git a/assets/queries/terraform/aws/s3_bucket_notifications_disabled/test/positive_expected_result.json b/assets/queries/terraform/aws/s3_bucket_notifications_disabled/test/positive_expected_result.json
index d2ca784af21..c679b1a790c 100644
--- a/assets/queries/terraform/aws/s3_bucket_notifications_disabled/test/positive_expected_result.json
+++ b/assets/queries/terraform/aws/s3_bucket_notifications_disabled/test/positive_expected_result.json
@@ -52,23 +52,5 @@
     "severity": "LOW",
     "line": 6,
     "fileName": "positive9.tf"
-  },
-  {
-    "queryName": "S3 bucket notifications disabled",
-    "severity": "LOW",
-    "line": 1,
-    "fileName": "positive10.tf"
-  },
-  {
-    "queryName": "S3 bucket notifications disabled",
-    "severity": "LOW",
-    "line": 1,
-    "fileName": "positive11.tf"
-  },
-  {
-    "queryName": "S3 bucket notifications disabled",
-    "severity": "LOW",
-    "line": 1,
-    "fileName": "positive12.tf"
   }
 ]