---
policy: /ce/ca/aws/rds/instance-default-port
logic: /ce/ca/aws/rds/instance-default-port/prod.logic.yaml
executionTime: 2026-02-10T22:33:10.655314089Z
generationMs: 50
executionMs: 766
rows:
  - id: test1
    match: true
    status:
      expected: DISAPPEARED
      actual: DISAPPEARED
    conditionIndex:
      expected: 99
      actual: 99
    conditionText:
      expected: isDisappeared(CA10__disappearanceTime__c)
      actual: isDisappeared(CA10__disappearanceTime__c)
    runtimeError: {}
  - id: test2
    match: true
    status:
      expected: INCOMPLIANT
      actual: INCOMPLIANT
    conditionIndex:
      expected: 199
      actual: 199
    conditionText:
      expected: extract('CA10__endpointPort__c') == '3306' && (extract('CA10__engine__c')
        == 'aurora' || extract('CA10__engine__c') == 'aurora-mysql' || extract('CA10__engine__c')
        == 'mariadb' || extract('CA10__engine__c') == 'mysql')
      actual: extract('CA10__endpointPort__c') == '3306' && (extract('CA10__engine__c')
        == 'aurora' || extract('CA10__engine__c') == 'aurora-mysql' || extract('CA10__engine__c')
        == 'mariadb' || extract('CA10__engine__c') == 'mysql')
    runtimeError: {}
  - id: test3
    match: true
    status:
      expected: INCOMPLIANT
      actual: INCOMPLIANT
    conditionIndex:
      expected: 299
      actual: 299
    conditionText:
      expected: extract('CA10__endpointPort__c') == '1521' && extract('CA10__engine__c').startsWith('oracle-')
      actual: extract('CA10__endpointPort__c') == '1521' && extract('CA10__engine__c').startsWith('oracle-')
    runtimeError: {}
  - id: test4
    match: true
    status:
      expected: INCOMPLIANT
      actual: INCOMPLIANT
    conditionIndex:
      expected: 399
      actual: 399
    conditionText:
      expected: extract('CA10__endpointPort__c') == '5432' && (extract('CA10__engine__c')
        == 'aurora-postgresql' || extract('CA10__engine__c') == 'postgres')
      actual: extract('CA10__endpointPort__c') == '5432' && (extract('CA10__engine__c')
        == 'aurora-postgresql' || extract('CA10__engine__c') == 'postgres')
    runtimeError: {}
  - id: test5
    match: true
    status:
      expected: INCOMPLIANT
      actual: INCOMPLIANT
    conditionIndex:
      expected: 499
      actual: 499
    conditionText:
      expected: extract('CA10__endpointPort__c') == '1433' && extract('CA10__engine__c').startsWith('sqlserver-')
      actual: extract('CA10__endpointPort__c') == '1433' && extract('CA10__engine__c').startsWith('sqlserver-')
    runtimeError: {}
  - id: test6
    match: true
    status:
      expected: INCOMPLIANT
      actual: INCOMPLIANT
    conditionIndex:
      expected: 599
      actual: 599
    conditionText:
      expected: extract('CA10__endpointPort__c') == '27017' && extract('CA10__engine__c')
        == 'docdb'
      actual: extract('CA10__endpointPort__c') == '27017' && extract('CA10__engine__c')
        == 'docdb'
    runtimeError: {}
  - id: test7
    match: true
    status:
      expected: INAPPLICABLE
      actual: INAPPLICABLE
    conditionIndex:
      expected: 699
      actual: 699
    conditionText:
      expected: extract('CA10__engine__c') != 'aurora' && extract('CA10__engine__c')
        != 'aurora-mysql' && extract('CA10__engine__c') != 'mariadb' && extract('CA10__engine__c')
        != 'mysql' && extract('CA10__engine__c') != 'docdb' && extract('CA10__engine__c')
        != 'aurora-postgresql' && extract('CA10__engine__c') != 'postgres' && not(extract('CA10__engine__c').startsWith('oracle-'))
        && not(extract('CA10__engine__c').startsWith('sqlserver-'))
      actual: extract('CA10__engine__c') != 'aurora' && extract('CA10__engine__c')
        != 'aurora-mysql' && extract('CA10__engine__c') != 'mariadb' && extract('CA10__engine__c')
        != 'mysql' && extract('CA10__engine__c') != 'docdb' && extract('CA10__engine__c')
        != 'aurora-postgresql' && extract('CA10__engine__c') != 'postgres' && not(extract('CA10__engine__c').startsWith('oracle-'))
        && not(extract('CA10__engine__c').startsWith('sqlserver-'))
    runtimeError: {}
  - id: test8
    match: true
    status:
      expected: COMPLIANT
      actual: COMPLIANT
    conditionIndex:
      expected: 700
      actual: 700
    conditionText:
      expected: otherwise
      actual: otherwise
    runtimeError: {}
usedFiles:
  - path: /ce/ca/aws/rds/instance-default-port/policy.yaml
    md5Hash: 420BC7497C968AB38CA127F96FF36741
    content: |
      ---
      names:
        full: AWS RDS Instance uses default endpoint port
        contextual: Instance uses default endpoint port
      description: "Ensure that your Amazon RDS databases instances are not using their\
        \ default endpoint ports (i.e. MySQL/Aurora port 3306, SQL Server port 1433, PostgreSQL\
        \ port 5432, etc) in order to promote port obfuscation as an additional layer of\
        \ defense against non-targeted attacks."
      type: COMPLIANCE_POLICY
      categories:
        - SECURITY
      frameworkMappings:
        - "/frameworks/cloudaware/resource-security/threat-protection"
        - "/frameworks/aws-fsbp-v1.0.0/rds/23"
      similarPolicies:
        internal:
          - dec-x-fd0bfd1b
  - path: /ce/ca/aws/rds/instance-default-port/prod.logic.yaml
    md5Hash: FB51ACEE3F170BF164A6455CCC03D493
    content: "---\ninputType: \"CA10__CaAwsDbInstance__c\"\nimportExtracts:\n  - file:\
      \ \"/types/CA10__CaAwsDbInstance__c/object.extracts.yaml\"\ntestData:\n  - file:\
      \ \"test-data.json\"\nconditions:\n  - status: \"INCOMPLIANT\"\n    currentStateMessage:\
      \ \"Default port 3306 is used for a MySQL-compatible database.\"\n    remediationMessage:\
      \ \"Change the port from 3306 to a non-default value.\"\n    check:\n      AND:\n\
      \        args:\n          - IS_EQUAL:\n              left:\n               \
      \ EXTRACT: \"CA10__endpointPort__c\"\n              right: \n              \
      \  TEXT: \"3306\"\n          - OR:\n              args:\n                - IS_EQUAL:\n\
      \                    left: \n                      EXTRACT: \"CA10__engine__c\"\
      \n                    right:\n                      TEXT: \"aurora\"\n     \
      \           - IS_EQUAL:\n                    left: \n                      EXTRACT:\
      \ \"CA10__engine__c\"\n                    right:\n                      TEXT:\
      \ \"aurora-mysql\"\n                - IS_EQUAL:\n                    left: \n\
      \                      EXTRACT: \"CA10__engine__c\"\n                    right:\n\
      \                      TEXT: \"mariadb\"\n                - IS_EQUAL:\n    \
      \                left: \n                      EXTRACT: \"CA10__engine__c\"\n\
      \                    right:\n                      TEXT: \"mysql\"\n  - status:\
      \ INCOMPLIANT\n    currentStateMessage: \"Default port 1521 is used for an Oracle\
      \ database.\"\n    remediationMessage: \"Change the port from 1521 to a non-default\
      \ value.\"\n    check:\n      AND:\n        args:\n          - IS_EQUAL:\n \
      \             left:\n                EXTRACT: \"CA10__endpointPort__c\"\n  \
      \            right: \n                TEXT: \"1521\"\n          - STARTS_WITH:\n\
      \              search:\n                TEXT: \"oracle-\"\n              arg:\n\
      \                EXTRACT: \"CA10__engine__c\"\n  - status: \"INCOMPLIANT\"\n\
      \    currentStateMessage: \"Default port 5432 is used for a PostgreSQL-compatible\
      \ database.\"\n    remediationMessage: \"Change the port from 5432 to a non-default\
      \ value.\"\n    check:\n      AND:\n        args:\n          - IS_EQUAL:\n \
      \             left:\n                EXTRACT: \"CA10__endpointPort__c\"\n  \
      \            right: \n                TEXT: \"5432\"\n          - OR:\n    \
      \          args:\n                - IS_EQUAL:\n                    left: \n\
      \                      EXTRACT: \"CA10__engine__c\"\n                    right:\n\
      \                      TEXT: \"aurora-postgresql\"\n                - IS_EQUAL:\n\
      \                    left: \n                      EXTRACT: \"CA10__engine__c\"\
      \n                    right:\n                      TEXT: \"postgres\"\n  -\
      \ status: \"INCOMPLIANT\"\n    currentStateMessage: \"Default port 1433 is used\
      \ for an MSSQL database.\"\n    remediationMessage: \"Change the port from 1433\
      \ to a non-default value.\"\n    check:\n      AND:\n        args:\n       \
      \   - IS_EQUAL:\n              left:\n                EXTRACT: \"CA10__endpointPort__c\"\
      \n              right: \n                TEXT: \"1433\"\n          - STARTS_WITH:\n\
      \              search:\n                TEXT: \"sqlserver-\"\n             \
      \ arg:\n                EXTRACT: \"CA10__engine__c\"\n  - status: \"INCOMPLIANT\"\
      \n    currentStateMessage: \"Default port 27017 is used for DocumentDB.\"\n\
      \    remediationMessage: \"Change the port from 27017 to a non-default value.\"\
      \n    check:\n      AND:\n        args:\n          - IS_EQUAL:\n           \
      \   left:\n                EXTRACT: \"CA10__endpointPort__c\"\n            \
      \  right: \n                TEXT: \"27017\"\n          - IS_EQUAL:\n       \
      \       left: \n                EXTRACT: \"CA10__engine__c\"\n             \
      \ right:\n                TEXT: \"docdb\"\n  - status: \"INAPPLICABLE\"\n  \
      \  currentStateMessage: \"This database engine is not checked by the policy.\"\
      \n    check:\n      AND:\n        args:\n          - NOT_EQUAL:\n          \
      \    left: \n                EXTRACT: \"CA10__engine__c\"\n              right:\n\
      \                TEXT: \"aurora\"\n          - NOT_EQUAL:\n              left:\
      \ \n                EXTRACT: \"CA10__engine__c\"\n              right:\n   \
      \             TEXT: \"aurora-mysql\"\n          - NOT_EQUAL:\n             \
      \ left: \n                EXTRACT: \"CA10__engine__c\"\n              right:\n\
      \                TEXT: \"mariadb\"\n          - NOT_EQUAL:\n              left:\
      \ \n                EXTRACT: \"CA10__engine__c\"\n              right:\n   \
      \             TEXT: \"mysql\"\n          - NOT_EQUAL:\n              left: \n\
      \                EXTRACT: \"CA10__engine__c\"\n              right:\n      \
      \          TEXT: \"docdb\"\n          - NOT_EQUAL:\n              left: \n \
      \               EXTRACT: \"CA10__engine__c\"\n              right:\n       \
      \         TEXT: \"aurora-postgresql\"\n          - NOT_EQUAL:\n            \
      \  left: \n                EXTRACT: \"CA10__engine__c\"\n              right:\n\
      \                TEXT: \"postgres\"\n          - NOT:\n              arg:\n\
      \                STARTS_WITH:\n                  search:\n                 \
      \   TEXT: \"oracle-\"\n                  arg:\n                    EXTRACT:\
      \ \"CA10__engine__c\"\n          - NOT:\n              arg:\n              \
      \  STARTS_WITH:\n                  search:\n                    TEXT: \"sqlserver-\"\
      \n                  arg:\n                    EXTRACT: \"CA10__engine__c\"\n\
      otherwise:\n  status: \"COMPLIANT\"\n  currentStateMessage: \"The database uses\
      \ a non-default port for its engine.\"\n"
  - path: /ce/ca/aws/rds/instance-default-port/test-data.json
    md5Hash: E2B0EE8EB649E7A1F693CBBFC3A8A202
    content: |-
      [
          {
              "expectedResult": {
                  "status": "DISAPPEARED",
                  "conditionIndex": "99",
                  "conditionText": "isDisappeared(CA10__disappearanceTime__c)",
                  "runtimeError": null
              },
              "context": {
                  "snapshotTime": "2024-07-31T10:27:44Z"
              },
              "Id": "test1",
              "CA10__disappearanceTime__c": "2024-07-08T03:28:06Z",
              "CA10__endpointPort__c": "3306",
              "CA10__engine__c": "mysql"
          },
          {
              "expectedResult": {
                  "status": "INCOMPLIANT",
                  "conditionIndex": "199",
                  "conditionText": "extract('CA10__endpointPort__c') == '3306' && (extract('CA10__engine__c') == 'aurora' || extract('CA10__engine__c') == 'aurora-mysql' || extract('CA10__engine__c') == 'mariadb' || extract('CA10__engine__c') == 'mysql')",
                  "runtimeError": null
              },
              "context": {
                  "snapshotTime": "2024-07-31T10:27:44Z"
              },
              "Id": "test2",
              "CA10__disappearanceTime__c": null,
              "CA10__endpointPort__c": "3306",
              "CA10__engine__c": "mysql"
          },
          {
              "expectedResult": {
                  "status": "INCOMPLIANT",
                  "conditionIndex": "299",
                  "conditionText": "extract('CA10__endpointPort__c') == '1521' && extract('CA10__engine__c').startsWith('oracle-')",
                  "runtimeError": null
              },
              "context": {
                  "snapshotTime": "2024-07-31T10:27:44Z"
              },
              "Id": "test3",
              "CA10__disappearanceTime__c": null,
              "CA10__endpointPort__c": "1521",
              "CA10__engine__c": "oracle-se2"
          },
          {
              "expectedResult": {
                  "status": "INCOMPLIANT",
                  "conditionIndex": "399",
                  "conditionText": "extract('CA10__endpointPort__c') == '5432' && (extract('CA10__engine__c') == 'aurora-postgresql' || extract('CA10__engine__c') == 'postgres')",
                  "runtimeError": null
              },
              "context": {
                  "snapshotTime": "2024-07-31T10:27:44Z"
              },
              "Id": "test4",
              "CA10__disappearanceTime__c": null,
              "CA10__endpointPort__c": "5432",
              "CA10__engine__c": "postgres"
          },
          {
              "expectedResult": {
                  "status": "INCOMPLIANT",
                  "conditionIndex": "499",
                  "conditionText": "extract('CA10__endpointPort__c') == '1433' && extract('CA10__engine__c').startsWith('sqlserver-')",
                  "runtimeError": null
              },
              "context": {
                  "snapshotTime": "2024-07-31T10:27:44Z"
              },
              "Id": "test5",
              "CA10__disappearanceTime__c": null,
              "CA10__endpointPort__c": "1433",
              "CA10__engine__c": "sqlserver-se"
          },
          {
              "expectedResult": {
                  "status": "INCOMPLIANT",
                  "conditionIndex": "599",
                  "conditionText": "extract('CA10__endpointPort__c') == '27017' && extract('CA10__engine__c') == 'docdb'",
                  "runtimeError": null
              },
              "context": {
                  "snapshotTime": "2024-07-31T10:27:44Z"
              },
              "Id": "test6",
              "CA10__disappearanceTime__c": null,
              "CA10__endpointPort__c": "27017",
              "CA10__engine__c": "docdb"
          },
          {
              "expectedResult": {
                  "status": "INAPPLICABLE",
                  "conditionIndex": "699",
                  "conditionText": "extract('CA10__engine__c') != 'aurora' && extract('CA10__engine__c') != 'aurora-mysql' && extract('CA10__engine__c') != 'mariadb' && extract('CA10__engine__c') != 'mysql' && extract('CA10__engine__c') != 'docdb' && extract('CA10__engine__c') != 'aurora-postgresql' && extract('CA10__engine__c') != 'postgres' && not(extract('CA10__engine__c').startsWith('oracle-')) && not(extract('CA10__engine__c').startsWith('sqlserver-'))",
                  "runtimeError": null
              },
              "context": {
                  "snapshotTime": "2024-07-31T10:27:44Z"
              },
              "Id": "test7",
              "CA10__disappearanceTime__c": null,
              "CA10__endpointPort__c": "27017",
              "CA10__engine__c": "newEngine"
          },
          {
              "expectedResult": {
                  "status": "COMPLIANT",
                  "conditionIndex": "700",
                  "conditionText": "otherwise",
                  "runtimeError": null
              },
              "context": {
                  "snapshotTime": "2024-07-31T10:27:44Z"
              },
              "Id": "test8",
              "CA10__disappearanceTime__c": null,
              "CA10__endpointPort__c": "1000",
              "CA10__engine__c": "mysql"
          }
      ]
  - path: /types/CA10__CaAwsDbInstance__c/object.extracts.yaml
    md5Hash: E3FA5A211AA9AD2418645BB09047D3D3
    content: "---\nextracts:\n# Not Nullable. Can't have no access, retrieved via\
      \ rds:DescribeDBInstances\n  - name: CA10__engine__c\n    value:\n      FIELD:\n\
      \        path: CA10__engine__c\n        undeterminedIf:\n          isEmpty:\
      \ \"Corrupted data. DB Instance Engine cannot be empty.\"\n# Not Nullable. Can't\
      \ have no access, retrieved via rds:DescribeDBInstances\n  - name: CA10__endpointPort__c\n\
      \    value:\n      FIELD:\n        path: CA10__endpointPort__c\n        undeterminedIf:\n\
      \          isEmpty: \"Corrupted data. DB Endpoint Port cannot be empty.\"\n\
      # Checkbox. Can't have no access, retrieved via rds:DescribeDBInstances\n  -\
      \ name: CA10__publiclyAccessible__c\n    value:\n      FIELD:\n        path:\
      \ CA10__publiclyAccessible__c\n# Checkbox. Can't have no access, retrieved via\
      \ rds:DescribeDBInstances\n  - name: CA10__storageEncrypted__c\n    value: \n\
      \      FIELD:\n        path: CA10__storageEncrypted__c\n# Checkbox. Can't have\
      \ no access, retrieved via rds:DescribeDBInstances\n  - name: CA10__autoMinorVersionUpgrade__c\n\
      \    value: \n      FIELD:\n        path: CA10__autoMinorVersionUpgrade__c\n\
      # Checkbox. Can't have no access, retrieved via rds:DescribeDBInstances\n  -\
      \ name: CA10__multiAz__c\n    value: \n      FIELD:\n        path: CA10__multiAz__c\n\
      # Nullable. Values: available, backing-up, creating ...\n  - name: \"CA10__status__c\"\
      \n    value:\n      FIELD:\n        path: \"CA10__status__c\"\n# Nullable.\n\
      \  - name: \"CA10__createTime__c\"\n    value:\n      FIELD:\n        path:\
      \ \"CA10__createTime__c\"\n# Nullable.\n  - name: \"CA10__averageCpuOneMonth__c\"\
      \n    value:\n      FIELD:\n        path: \"CA10__averageCpuOneMonth__c\"\n\
      # Nullable.\n  - name: \"CA10__regionName__c\"\n    value:\n      FIELD:\n \
      \       path: \"CA10__regionName__c\"\n# Nullable.\n  - name: \"CA10__diskReadIopsAvg30d__c\"\
      \n    value:\n      FIELD:\n        path: \"CA10__diskReadIopsAvg30d__c\"\n\
      # Nullable.\n  - name: \"CA10__diskWriteIopsAvg30d__c\"\n    value:\n      FIELD:\n\
      \        path: \"CA10__diskWriteIopsAvg30d__c\"\n# Nullable.\n  - name: \"CA10__databaseConnectionsAvg30d__c\"\
      \n    value:\n      FIELD:\n        path: \"CA10__databaseConnectionsAvg30d__c\"\
      \n# Not nullable. Can't have no access, retrieved via rds:DescribeDBInstances\n\
      \  - name: \"CA10__backupRetentionPeriod__c\"\n    value:\n      FIELD:\n  \
      \      path: \"CA10__backupRetentionPeriod__c\"\n# Text.\n  - name: CA10__masterUsername__c\n\
      \    value:\n      FIELD:\n        path: CA10__masterUsername__c\n# Checkbox.\n\
      \  - name: CA10__iamDatabaseAuthenticationEnabled__c\n    value:\n      FIELD:\n\
      \        path: CA10__iamDatabaseAuthenticationEnabled__c\n# Text.\n  - name:\
      \ CA10__enabledCloudWatchLogsExports__c\n    value:\n      FIELD:\n        path:\
      \ CA10__enabledCloudWatchLogsExports__c\n# Checkbox.\n  - name: CA10__deletionProtection__c\n\
      \    value:\n      FIELD:\n        path: CA10__deletionProtection__c\n# Nullable.\
      \ Can't have no access, retrieved via rds:DescribeDBInstances\n  - name: CA10__clusterArn__c\n\
      \    value:\n      FIELD:\n        path: CA10__clusterArn__c\n# Not nullable.\
      \ Can't have no access, retrieved via rds:DescribeDBInstances\n  - name: \"\
      CA10__monitoringInterval__c\"\n    value:\n      FIELD:\n        path: \"CA10__monitoringInterval__c\"\
      \n# Checkbox.\n  - name: CA10__copyTagsToSnapshot__c\n    value:\n      FIELD:\n\
      \        path: CA10__copyTagsToSnapshot__c\n"
script: |-
  CREATE TEMP FUNCTION mock_ExpectedResult()
  RETURNS ARRAY<STRUCT<
          Id STRING,
          expectedResult STRUCT<status STRING, conditionIndex DECIMAL, conditionText STRING, runtimeError STRING>
      >>
  DETERMINISTIC
  LANGUAGE js
  AS r"""
    return [ {
    "Id" : "test1",
    "expectedResult" : {
      "status" : "DISAPPEARED",
      "conditionIndex" : "99",
      "conditionText" : "isDisappeared(CA10__disappearanceTime__c)",
      "runtimeError" : null
    }
  }, {
    "Id" : "test2",
    "expectedResult" : {
      "status" : "INCOMPLIANT",
      "conditionIndex" : "199",
      "conditionText" : "extract('CA10__endpointPort__c') == '3306' && (extract('CA10__engine__c') == 'aurora' || extract('CA10__engine__c') == 'aurora-mysql' || extract('CA10__engine__c') == 'mariadb' || extract('CA10__engine__c') == 'mysql')",
      "runtimeError" : null
    }
  }, {
    "Id" : "test3",
    "expectedResult" : {
      "status" : "INCOMPLIANT",
      "conditionIndex" : "299",
      "conditionText" : "extract('CA10__endpointPort__c') == '1521' && extract('CA10__engine__c').startsWith('oracle-')",
      "runtimeError" : null
    }
  }, {
    "Id" : "test4",
    "expectedResult" : {
      "status" : "INCOMPLIANT",
      "conditionIndex" : "399",
      "conditionText" : "extract('CA10__endpointPort__c') == '5432' && (extract('CA10__engine__c') == 'aurora-postgresql' || extract('CA10__engine__c') == 'postgres')",
      "runtimeError" : null
    }
  }, {
    "Id" : "test5",
    "expectedResult" : {
      "status" : "INCOMPLIANT",
      "conditionIndex" : "499",
      "conditionText" : "extract('CA10__endpointPort__c') == '1433' && extract('CA10__engine__c').startsWith('sqlserver-')",
      "runtimeError" : null
    }
  }, {
    "Id" : "test6",
    "expectedResult" : {
      "status" : "INCOMPLIANT",
      "conditionIndex" : "599",
      "conditionText" : "extract('CA10__endpointPort__c') == '27017' && extract('CA10__engine__c') == 'docdb'",
      "runtimeError" : null
    }
  }, {
    "Id" : "test7",
    "expectedResult" : {
      "status" : "INAPPLICABLE",
      "conditionIndex" : "699",
      "conditionText" : "extract('CA10__engine__c') != 'aurora' && extract('CA10__engine__c') != 'aurora-mysql' && extract('CA10__engine__c') != 'mariadb' && extract('CA10__engine__c') != 'mysql' && extract('CA10__engine__c') != 'docdb' && extract('CA10__engine__c') != 'aurora-postgresql' && extract('CA10__engine__c') != 'postgres' && not(extract('CA10__engine__c').startsWith('oracle-')) && not(extract('CA10__engine__c').startsWith('sqlserver-'))",
      "runtimeError" : null
    }
  }, {
    "Id" : "test8",
    "expectedResult" : {
      "status" : "COMPLIANT",
      "conditionIndex" : "700",
      "conditionText" : "otherwise",
      "runtimeError" : null
    }
  } ];
  """;

  CREATE TEMP FUNCTION mock_CA10__CaAwsDbInstance__c()
  RETURNS ARRAY<STRUCT<
      CA10__disappearanceTime__c TIMESTAMP,
      CA10__endpointPort__c STRING,
      CA10__engine__c STRING,
      Id STRING,
      context STRUCT<
          snapshotTime TIMESTAMP
      >
  >>
  DETERMINISTIC
  LANGUAGE js
  AS r"""
    return [ {
    "context" : {
      "snapshotTime" : new Date("2024-07-31T10:27:44Z")
    },
    "CA10__disappearanceTime__c" : new Date("2024-07-08T03:28:06Z"),
    "CA10__endpointPort__c" : "3306",
    "CA10__engine__c" : "mysql",
    "Id" : "test1"
  }, {
    "context" : {
      "snapshotTime" : new Date("2024-07-31T10:27:44Z")
    },
    "CA10__endpointPort__c" : "3306",
    "CA10__engine__c" : "mysql",
    "Id" : "test2"
  }, {
    "context" : {
      "snapshotTime" : new Date("2024-07-31T10:27:44Z")
    },
    "CA10__endpointPort__c" : "1521",
    "CA10__engine__c" : "oracle-se2",
    "Id" : "test3"
  }, {
    "context" : {
      "snapshotTime" : new Date("2024-07-31T10:27:44Z")
    },
    "CA10__endpointPort__c" : "5432",
    "CA10__engine__c" : "postgres",
    "Id" : "test4"
  }, {
    "context" : {
      "snapshotTime" : new Date("2024-07-31T10:27:44Z")
    },
    "CA10__endpointPort__c" : "1433",
    "CA10__engine__c" : "sqlserver-se",
    "Id" : "test5"
  }, {
    "context" : {
      "snapshotTime" : new Date("2024-07-31T10:27:44Z")
    },
    "CA10__endpointPort__c" : "27017",
    "CA10__engine__c" : "docdb",
    "Id" : "test6"
  }, {
    "context" : {
      "snapshotTime" : new Date("2024-07-31T10:27:44Z")
    },
    "CA10__endpointPort__c" : "27017",
    "CA10__engine__c" : "newEngine",
    "Id" : "test7"
  }, {
    "context" : {
      "snapshotTime" : new Date("2024-07-31T10:27:44Z")
    },
    "CA10__endpointPort__c" : "1000",
    "CA10__engine__c" : "mysql",
    "Id" : "test8"
  } ];
  """;

  CREATE TEMP FUNCTION process_CA10__CaAwsDbInstance__c(
      obj STRUCT<
          CA10__disappearanceTime__c TIMESTAMP,
          CA10__endpointPort__c STRING,
          CA10__engine__c STRING,
          Id STRING
      >,
      snapshotTime TIMESTAMP
  )
  RETURNS STRUCT<status STRING, conditionIndex DECIMAL, conditionText STRING, currentStateMessage STRING, currentStateReferences STRING, remediation STRING, runtimeError STRING>
  DETERMINISTIC
  LANGUAGE js
  AS r"""
  var TextLib = new function () {
      this.normalize = function(arg) {
          return arg == null ? '' : arg.replace(/\s+/g, ' ').trim().toLowerCase();
      };
      this.isEmpty = function(arg) {
          return this.normalize(arg) == '';
      };
      this.isNotEmpty = function(arg) {
          return this.normalize(arg) != '';
      };
      this.equal = function(left, right) {
          return this.normalize(left) == this.normalize(right);
      };
      this.notEqual = function(left, right) {
          return this.normalize(left) != this.normalize(right);
      };
      this.startsWith = function(arg, substring) {
          return this.normalize(arg).startsWith(this.normalize(substring));
      };
      this.endsWith = function(arg, substring) {
          return this.normalize(arg).endsWith(this.normalize(substring));
      };
      this.contains = function(arg, substring) {
          return this.normalize(arg).includes(this.normalize(substring));
      };
      this.containsAll = function(arg, substrings) {
          if (substrings == null || substrings.length === 0) return false;
          let normalizedArg = this.normalize(arg);
          return substrings.every(sub => normalizedArg.includes(this.normalize(sub)));
      };
      this.containsAny = function(arg, substrings) {
          if (substrings == null || substrings.length === 0) return false;
          let normalizedArg = this.normalize(arg);
          return substrings.some(sub => normalizedArg.includes(this.normalize(sub)));
      };
  }();
      var references1 = [];
      // condition[0], conditionIndex:[0..99]
      references1.push('Deleted From AWS [CA10__disappearanceTime__c]: ' + obj.CA10__disappearanceTime__c);
      if (obj.CA10__disappearanceTime__c != null) {
          return {status: 'DISAPPEARED', conditionIndex: 99, conditionText: "isDisappeared(CA10__disappearanceTime__c)", currentStateMessage: "Object is deleted in the source", currentStateReferences: references1.join('\n'), remediation: null, runtimeError: null};
      }
      // condition[1], conditionIndex:[100..199]
      function fieldChecked4() {
          if (TextLib.isEmpty(obj.CA10__endpointPort__c)) {
              throw new Error("UNDETERMINED condition:101", {cause: {status: 'UNDETERMINED', conditionIndex: 101, conditionText: "CA10__endpointPort__c.isEmpty()", currentStateMessage: "Corrupted data. DB Endpoint Port cannot be empty.", currentStateReferences: references1.join('\n'), remediation: null, runtimeError: null}});
          }
          return obj.CA10__endpointPort__c;
      }
      function extract3() { if (!this.out) { this.out = fieldChecked4(); } return this.out; };
      function fieldChecked7() {
          if (TextLib.isEmpty(obj.CA10__engine__c)) {
              throw new Error("UNDETERMINED condition:102", {cause: {status: 'UNDETERMINED', conditionIndex: 102, conditionText: "CA10__engine__c.isEmpty()", currentStateMessage: "Corrupted data. DB Instance Engine cannot be empty.", currentStateReferences: references1.join('\n'), remediation: null, runtimeError: null}});
          }
          return obj.CA10__engine__c;
      }
      function extract6() { if (!this.out) { this.out = fieldChecked7(); } return this.out; };
      references1.push('Endpoint Port [obj.CA10__endpointPort__c]: ' + obj.CA10__endpointPort__c);
      references1.push('Engine [obj.CA10__engine__c]: ' + obj.CA10__engine__c);
      try {
          if (TextLib.equal(extract3.call(extract3), '3306') && (TextLib.equal(extract6.call(extract6), 'aurora') || TextLib.equal(extract6.call(extract6), 'aurora-mysql') || TextLib.equal(extract6.call(extract6), 'mariadb') || TextLib.equal(extract6.call(extract6), 'mysql'))) {
              return {status: 'INCOMPLIANT', conditionIndex: 199, conditionText: "extract('CA10__endpointPort__c') == '3306' && (extract('CA10__engine__c') == 'aurora' || extract('CA10__engine__c') == 'aurora-mysql' || extract('CA10__engine__c') == 'mariadb' || extract('CA10__engine__c') == 'mysql')", currentStateMessage: "Default port 3306 is used for a MySQL-compatible database.", currentStateReferences: references1.join('\n'), remediation: "Change the port from 3306 to a non-default value.", runtimeError: null};
          }
      } catch (err) {
          if (err.cause && err.cause.status) { return err.cause; } else { throw err; }
      }
      // condition[2], conditionIndex:[200..299]
      function fieldChecked13() {
          if (TextLib.isEmpty(obj.CA10__endpointPort__c)) {
              throw new Error("UNDETERMINED condition:201", {cause: {status: 'UNDETERMINED', conditionIndex: 201, conditionText: "CA10__endpointPort__c.isEmpty()", currentStateMessage: "Corrupted data. DB Endpoint Port cannot be empty.", currentStateReferences: references1.join('\n'), remediation: null, runtimeError: null}});
          }
          return obj.CA10__endpointPort__c;
      }
      function extract12() { if (!this.out) { this.out = fieldChecked13(); } return this.out; };
      function fieldChecked16() {
          if (TextLib.isEmpty(obj.CA10__engine__c)) {
              throw new Error("UNDETERMINED condition:202", {cause: {status: 'UNDETERMINED', conditionIndex: 202, conditionText: "CA10__engine__c.isEmpty()", currentStateMessage: "Corrupted data. DB Instance Engine cannot be empty.", currentStateReferences: references1.join('\n'), remediation: null, runtimeError: null}});
          }
          return obj.CA10__engine__c;
      }
      function extract15() { if (!this.out) { this.out = fieldChecked16(); } return this.out; };
      try {
          if (TextLib.equal(extract12.call(extract12), '1521') && TextLib.startsWith(extract15.call(extract15), 'oracle-')) {
              return {status: 'INCOMPLIANT', conditionIndex: 299, conditionText: "extract('CA10__endpointPort__c') == '1521' && extract('CA10__engine__c').startsWith('oracle-')", currentStateMessage: "Default port 1521 is used for an Oracle database.", currentStateReferences: references1.join('\n'), remediation: "Change the port from 1521 to a non-default value.", runtimeError: null};
          }
      } catch (err) {
          if (err.cause && err.cause.status) { return err.cause; } else { throw err; }
      }
      // condition[3], conditionIndex:[300..399]
      function fieldChecked19() {
          if (TextLib.isEmpty(obj.CA10__endpointPort__c)) {
              throw new Error("UNDETERMINED condition:301", {cause: {status: 'UNDETERMINED', conditionIndex: 301, conditionText: "CA10__endpointPort__c.isEmpty()", currentStateMessage: "Corrupted data. DB Endpoint Port cannot be empty.", currentStateReferences: references1.join('\n'), remediation: null, runtimeError: null}});
          }
          return obj.CA10__endpointPort__c;
      }
      function extract18() { if (!this.out) { this.out = fieldChecked19(); } return this.out; };
      function fieldChecked22() {
          if (TextLib.isEmpty(obj.CA10__engine__c)) {
              throw new Error("UNDETERMINED condition:302", {cause: {status: 'UNDETERMINED', conditionIndex: 302, conditionText: "CA10__engine__c.isEmpty()", currentStateMessage: "Corrupted data. DB Instance Engine cannot be empty.", currentStateReferences: references1.join('\n'), remediation: null, runtimeError: null}});
          }
          return obj.CA10__engine__c;
      }
      function extract21() { if (!this.out) { this.out = fieldChecked22(); } return this.out; };
      try {
          if (TextLib.equal(extract18.call(extract18), '5432') && (TextLib.equal(extract21.call(extract21), 'aurora-postgresql') || TextLib.equal(extract21.call(extract21), 'postgres'))) {
              return {status: 'INCOMPLIANT', conditionIndex: 399, conditionText: "extract('CA10__endpointPort__c') == '5432' && (extract('CA10__engine__c') == 'aurora-postgresql' || extract('CA10__engine__c') == 'postgres')", currentStateMessage: "Default port 5432 is used for a PostgreSQL-compatible database.", currentStateReferences: references1.join('\n'), remediation: "Change the port from 5432 to a non-default value.", runtimeError: null};
          }
      } catch (err) {
          if (err.cause && err.cause.status) { return err.cause; } else { throw err; }
      }
      // condition[4], conditionIndex:[400..499]
      function fieldChecked26() {
          if (TextLib.isEmpty(obj.CA10__endpointPort__c)) {
              throw new Error("UNDETERMINED condition:401", {cause: {status: 'UNDETERMINED', conditionIndex: 401, conditionText: "CA10__endpointPort__c.isEmpty()", currentStateMessage: "Corrupted data. DB Endpoint Port cannot be empty.", currentStateReferences: references1.join('\n'), remediation: null, runtimeError: null}});
          }
          return obj.CA10__endpointPort__c;
      }
      function extract25() { if (!this.out) { this.out = fieldChecked26(); } return this.out; };
      function fieldChecked29() {
          if (TextLib.isEmpty(obj.CA10__engine__c)) {
              throw new Error("UNDETERMINED condition:402", {cause: {status: 'UNDETERMINED', conditionIndex: 402, conditionText: "CA10__engine__c.isEmpty()", currentStateMessage: "Corrupted data. DB Instance Engine cannot be empty.", currentStateReferences: references1.join('\n'), remediation: null, runtimeError: null}});
          }
          return obj.CA10__engine__c;
      }
      function extract28() { if (!this.out) { this.out = fieldChecked29(); } return this.out; };
      try {
          if (TextLib.equal(extract25.call(extract25), '1433') && TextLib.startsWith(extract28.call(extract28), 'sqlserver-')) {
              return {status: 'INCOMPLIANT', conditionIndex: 499, conditionText: "extract('CA10__endpointPort__c') == '1433' && extract('CA10__engine__c').startsWith('sqlserver-')", currentStateMessage: "Default port 1433 is used for an MSSQL database.", currentStateReferences: references1.join('\n'), remediation: "Change the port from 1433 to a non-default value.", runtimeError: null};
          }
      } catch (err) {
          if (err.cause && err.cause.status) { return err.cause; } else { throw err; }
      }
      // condition[5], conditionIndex:[500..599]
      function fieldChecked32() {
          if (TextLib.isEmpty(obj.CA10__endpointPort__c)) {
              throw new Error("UNDETERMINED condition:501", {cause: {status: 'UNDETERMINED', conditionIndex: 501, conditionText: "CA10__endpointPort__c.isEmpty()", currentStateMessage: "Corrupted data. DB Endpoint Port cannot be empty.", currentStateReferences: references1.join('\n'), remediation: null, runtimeError: null}});
          }
          return obj.CA10__endpointPort__c;
      }
      function extract31() { if (!this.out) { this.out = fieldChecked32(); } return this.out; };
      function fieldChecked35() {
          if (TextLib.isEmpty(obj.CA10__engine__c)) {
              throw new Error("UNDETERMINED condition:502", {cause: {status: 'UNDETERMINED', conditionIndex: 502, conditionText: "CA10__engine__c.isEmpty()", currentStateMessage: "Corrupted data. DB Instance Engine cannot be empty.", currentStateReferences: references1.join('\n'), remediation: null, runtimeError: null}});
          }
          return obj.CA10__engine__c;
      }
      function extract34() { if (!this.out) { this.out = fieldChecked35(); } return this.out; };
      try {
          if (TextLib.equal(extract31.call(extract31), '27017') && TextLib.equal(extract34.call(extract34), 'docdb')) {
              return {status: 'INCOMPLIANT', conditionIndex: 599, conditionText: "extract('CA10__endpointPort__c') == '27017' && extract('CA10__engine__c') == 'docdb'", currentStateMessage: "Default port 27017 is used for DocumentDB.", currentStateReferences: references1.join('\n'), remediation: "Change the port from 27017 to a non-default value.", runtimeError: null};
          }
      } catch (err) {
          if (err.cause && err.cause.status) { return err.cause; } else { throw err; }
      }
      // condition[6], conditionIndex:[600..699]
      function fieldChecked38() {
          if (TextLib.isEmpty(obj.CA10__engine__c)) {
              throw new Error("UNDETERMINED condition:601", {cause: {status: 'UNDETERMINED', conditionIndex: 601, conditionText: "CA10__engine__c.isEmpty()", currentStateMessage: "Corrupted data. DB Instance Engine cannot be empty.", currentStateReferences: references1.join('\n'), remediation: null, runtimeError: null}});
          }
          return obj.CA10__engine__c;
      }
      function extract37() { if (!this.out) { this.out = fieldChecked38(); } return this.out; };
      try {
          if (TextLib.notEqual(extract37.call(extract37), 'aurora') && TextLib.notEqual(extract37.call(extract37), 'aurora-mysql') && TextLib.notEqual(extract37.call(extract37), 'mariadb') && TextLib.notEqual(extract37.call(extract37), 'mysql') && TextLib.notEqual(extract37.call(extract37), 'docdb') && TextLib.notEqual(extract37.call(extract37), 'aurora-postgresql') && TextLib.notEqual(extract37.call(extract37), 'postgres') && !TextLib.startsWith(extract37.call(extract37), 'oracle-') && !TextLib.startsWith(extract37.call(extract37), 'sqlserver-')) {
              return {status: 'INAPPLICABLE', conditionIndex: 699, conditionText: "extract('CA10__engine__c') != 'aurora' && extract('CA10__engine__c') != 'aurora-mysql' && extract('CA10__engine__c') != 'mariadb' && extract('CA10__engine__c') != 'mysql' && extract('CA10__engine__c') != 'docdb' && extract('CA10__engine__c') != 'aurora-postgresql' && extract('CA10__engine__c') != 'postgres' && not(extract('CA10__engine__c').startsWith('oracle-')) && not(extract('CA10__engine__c').startsWith('sqlserver-'))", currentStateMessage: "This database engine is not checked by the policy.", currentStateReferences: references1.join('\n'), remediation: null, runtimeError: null};
          }
      } catch (err) {
          if (err.cause && err.cause.status) { return err.cause; } else { throw err; }
      }
      return {status: 'COMPLIANT', conditionIndex: 700, conditionText: "otherwise", currentStateMessage: "The database uses a non-default port for its engine.", currentStateReferences: references1.join('\n'), remediation: null, runtimeError: null};
  """;


  SELECT
    expectedResult.Id as Id,
    IF (
      IFNULL(expectedResult.expectedResult.status, '') = IFNULL(sObject.result.status, '')
      AND IFNULL(expectedResult.expectedResult.conditionIndex, -1) = IFNULL(sObject.result.conditionIndex, -1)
      AND IFNULL(expectedResult.expectedResult.conditionText, '') = IFNULL(sObject.result.conditionText, '')
      AND IFNULL(expectedResult.expectedResult.runtimeError, '') = IFNULL(sObject.result.runtimeError, ''),
      "MATCH",
      "FAIL"
    ) as match,
    expectedResult.expectedResult.status as expectedStatus, sObject.result.status as actualStatus,
    expectedResult.expectedResult.conditionIndex as expectedConditionIndex, sObject.result.conditionIndex as actualConditionIndex,
    expectedResult.expectedResult.conditionText as expectedConditionText, sObject.result.conditionText as actualConditionText,
    expectedResult.expectedResult.runtimeError as expectedRuntimeError, sObject.result.runtimeError as actualRuntimeError
  FROM UNNEST(mock_ExpectedResult()) expectedResult
  LEFT JOIN (
      SELECT
          sObject.CA10__disappearanceTime__c AS CA10__disappearanceTime__c,
          sObject.CA10__endpointPort__c AS CA10__endpointPort__c,
          sObject.CA10__engine__c AS CA10__engine__c,
          sObject.Id AS Id,
          process_CA10__CaAwsDbInstance__c(
              STRUCT(
                  sObject.CA10__disappearanceTime__c AS CA10__disappearanceTime__c,
                  sObject.CA10__endpointPort__c AS CA10__endpointPort__c,
                  sObject.CA10__engine__c AS CA10__engine__c,
                  sObject.Id AS Id
              ),
              sObject.context.snapshotTime
          ) as result
      FROM UNNEST(mock_CA10__CaAwsDbInstance__c()) AS sObject
  ) sObject ON sObject.Id = expectedResult.Id;