fix(checks): align AVD-AWS-0107 and AVD-AWS-0105 checks with CIS Benchmarks

[nikpivkin]

This PR includes alignment of AVD-AWS-0107 and AVD-AWS-0105 checks with AWS CIS benchmarks v1.2 and v1.4.

AVD-AWS-0107

Before: The check is triggered if a CIDR defines more than one public IP

Now: The check is triggered if the rule contains a CIDR that defines all available IP addresses, and uses TCP or UDP protocols for SSH or RDP ports.
Severity changed from CRITICAL to HIGH.

Ref:

• https://docs.aws.amazon.com/securityhub/latest/userguide/ec2-controls.html#ec2-13
• https://docs.aws.amazon.com/securityhub/latest/userguide/ec2-controls.html#ec2-14

AVD-AWS-0105

Before: The check is triggered if a CIDR defines more than one public IP

Now: The check is triggered if the rule contains a CIDR that defines all available IP addresses and uses the TCP protocol for SSH or RDP ports. Severity changed from CRITICAL to MEDIUM and check added to aws-cis-1.4 compliance.

Ref:

• https://docs.aws.amazon.com/securityhub/latest/userguide/ec2-controls.html#ec2-21

Fixes:

• bug(misconf): AVD-AWS-0107 gets triggered for aws_security_group_rule when using a /23 netblock trivy#7267

Related PRs:

• chore(deps): bump Trivy #256

[simar7]

@nikpivkin lgtm, should we merge it?

[nikpivkin]

@simar7 Can you take a look #256 ?

[simar7]

@simar7 Can you take a look #256 ?

merged