🐛 fix inverted risk factor evaluation (#1208)

Signed-off-by: Dominik Richter <[email protected]>
mondoohq · Mar 29, 2024 · 83417d3 · 83417d3
1 parent 5df10e5
commit 83417d3
Show file tree

Hide file tree

Showing 2 changed files with 4 additions and 3 deletions.
diff --git a/examples/risk.mql.yaml b/examples/risk.mql.yaml
@@ -27,7 +27,7 @@ policies:
 
           - uid: sshd-02
             title: Prevent weaker CBC ciphers from being used
-            mql: sshd.config.ciphers.all( /cbc/ )
+            mql: sshd.config.ciphers.none( /128/ )
             impact: 80
 
             # Here we use a referenced query. You can put multiple policies
@@ -41,9 +41,10 @@ policies:
       - uid: sshd-service
         title: SSHd Service running
         docs:
-          active: The SSH service is running and can expose security issues in SSH or the asset to outside attackers.
+          active: The SSH service is running and can expose security issues to outside attackers.
           inactive: The SSH service is not running, which reduces the attack surface on the asset.
         magnitude: 0.7
+        is_absolute: true
         software:
           - name: openssh-server
           - type: alpm

diff --git a/policy/executor/internal/collector.go b/policy/executor/internal/collector.go
@@ -105,7 +105,7 @@ func (c *BufferedCollector) consumeRisk(score *policy.Score, risks map[string]bo
 	}
 
 	for _, riskMRN := range riskMRNs {
-		isDetected := score.Value != 100
+		isDetected := score.Value == 100
 		risks[riskMRN] = risks[riskMRN] || isDetected
 	}
 	return true