policy lint not checking policy UID #1737
Description
Describe the bug
This policy passes linting, but cannot be uploaded because the uid contains capital letters
To Reproduce
# Read more about the policy structure at https://mondoo.com/docs
policies:
- uid: Sharepoint-CVE-2025-53770-policy
name: Sharepoint CVE-2025-53770 Policy
version: 1.0.0
tags:
mondoo.com/category: Ad-Hoc Checks
mondoo.com/platform: Windows Server 2019
authors:
- name: Adam Benesh
email: [email protected]
docs:
desc: |-
## Overview
This policy is to check if any Sharepoint Server is vulnerable to CVE-2025-53770, a critical vulnerability that allows remote code execution (RCE) in SharePoint Server 2019 and 2016. The vulnerability arises from improper validation of user input in the SharePoint Server search functionality, which can be exploited by an attacker to execute arbitrary code on the server.
groups:
- filters:
- mql: asset.family.contains("windows")
checks:
- uid: sharepoint-CVE-2025-53770
queries:
- uid: sharepoint-CVE-2025-53770
title: Ensure Sharepoint 2019 Version at least 16.0.10417.20037
mql: packages.where(name=="Microsoft SharePoint Server 2019" && version < "16.0.10417.20037").length == 0
docs:
desc: |
Query checks for the Sharepoint Server Version and verifies it is at least `16.0.10417.20037`. This version includes security updates that mitigate the risk of CVE-2025-53770.
refs:
- url: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-53770
title: Microsoft Security Response Center - CVE-2025-53770