rspec/rules/S6303/terraform/rule.adoc

include::../description.adoc[]

include::../ask-yourself.adoc[]

include::../recommended.adoc[]

== Sensitive Code Example

For https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/db_instance[aws_db_instance]
and https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/rds_cluster[aws_rds_cluster]:

----
resource "aws_db_instance" "example" {
  storage_encrypted = false # Sensitive, disabled by default
}

resource "aws_rds_cluster" "example" {
  storage_encrypted = false # Sensitive, disabled by default
}
----

== Compliant Solution

For https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/db_instance[aws_db_instance]
and https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/rds_cluster[aws_rds_cluster]:

[source,terraform]
----
resource "aws_db_instance" "example" {
  storage_encrypted = true
}

resource "aws_rds_cluster" "example" {
  storage_encrypted = true
}
----

include::../see.adoc[]

ifdef::env-github,rspecator-view[]

'''
== Implementation Specification
(visible only on this page)

=== Message

* Make sure that using unencrypted databases is safe here.
* Omitting "storage_encrypted" disables databases encryption. Make sure it is safe here.


endif::env-github,rspecator-view[]
Create rule S6303: Using unencrypted RDS databases is security-sensitive (#163) 2021-09-06 15:34:51 +02:00			`include::../description.adoc[]`

			`include::../ask-yourself.adoc[]`

			`include::../recommended.adoc[]`

			`== Sensitive Code Example`

Modify rule S6303: Text improvement suggestion (APPSEC-178) (#1374) 2022-11-14 10:51:48 +01:00			`For https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/db_instance[aws_db_instance]`
			`and https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/rds_cluster[aws_rds_cluster]:`
Create rule S6303: Using unencrypted RDS databases is security-sensitive (#163) 2021-09-06 15:34:51 +02:00
			`----`
Modify rule S6303: Text improvement suggestion (APPSEC-178) (#1374) 2022-11-14 10:51:48 +01:00			`resource "aws_db_instance" "example" {`
Modify rule S6303: Fix invalid code samples (#2585) 2023-07-20 16:36:25 +02:00			`storage_encrypted = false # Sensitive, disabled by default`
Create rule S6303: Using unencrypted RDS databases is security-sensitive (#163) 2021-09-06 15:34:51 +02:00			`}`
Modify rule S6303: Text improvement suggestion (APPSEC-178) (#1374) 2022-11-14 10:51:48 +01:00
			`resource "aws_rds_cluster" "example" {`
			`storage_encrypted = false # Sensitive, disabled by default`
			`}`
Create rule S6303: Using unencrypted RDS databases is security-sensitive (#163) 2021-09-06 15:34:51 +02:00			`----`

			`== Compliant Solution`

Modify rule S6303: Text improvement suggestion (APPSEC-178) (#1374) 2022-11-14 10:51:48 +01:00			`For https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/db_instance[aws_db_instance]`
			`and https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/rds_cluster[aws_rds_cluster]:`
Create rule S6303: Using unencrypted RDS databases is security-sensitive (#163) 2021-09-06 15:34:51 +02:00
RULEAPI-661: Add syntax coloring 2022-02-04 17:28:24 +01:00			`[source,terraform]`
Create rule S6303: Using unencrypted RDS databases is security-sensitive (#163) 2021-09-06 15:34:51 +02:00			`----`
Modify rule S6303: Text improvement suggestion (APPSEC-178) (#1374) 2022-11-14 10:51:48 +01:00			`resource "aws_db_instance" "example" {`
Create rule S6303: Using unencrypted RDS databases is security-sensitive (#163) 2021-09-06 15:34:51 +02:00			`storage_encrypted = true`
			`}`
Modify rule S6303: Text improvement suggestion (APPSEC-178) (#1374) 2022-11-14 10:51:48 +01:00
			`resource "aws_rds_cluster" "example" {`
Modify rule S6303: Fix invalid code samples (#2585) 2023-07-20 16:36:25 +02:00			`storage_encrypted = true`
Modify rule S6303: Text improvement suggestion (APPSEC-178) (#1374) 2022-11-14 10:51:48 +01:00			`}`
Create rule S6303: Using unencrypted RDS databases is security-sensitive (#163) 2021-09-06 15:34:51 +02:00			`----`

			`include::../see.adoc[]`
Modify rule S6303: Update issue message (#886) Co-authored-by: Nils Werner <64034005+nils-werner-sonarsource@users.noreply.github.com> 2022-03-16 13:32:37 +01:00
			`ifdef::env-github,rspecator-view[]`

			`'''`
			`== Implementation Specification`
			`(visible only on this page)`

Inline adoc when include has no additional value (#1940) Inline adoc files when they are included exactly once. Also fix language tags because this inlining gives us better information on what language the code is written in. 2023-05-25 14:18:12 +02:00			`=== Message`

			`* Make sure that using unencrypted databases is safe here.`
			`* Omitting "storage_encrypted" disables databases encryption. Make sure it is safe here.`

Modify rule S6303: Update issue message (#886) Co-authored-by: Nils Werner <64034005+nils-werner-sonarsource@users.noreply.github.com> 2022-03-16 13:32:37 +01:00
Modify rule S6303: Text improvement suggestion (APPSEC-178) (#1374) 2022-11-14 10:51:48 +01:00			`endif::env-github,rspecator-view[]`