ishangsf/rspec
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
rspec/rules/S6249/javascript/rule.adoc

46 lines
888 B
Plaintext
Raw Normal View History

Create rule S6249: Authorizing HTTP communications with S3 buckets is security-sensitive (APPSEC-40) (#1095)
2022-08-08 10:49:02 +02:00
include::../description.adoc[]
include::../ask-yourself.adoc[]
include::recommended.adoc[]
== Sensitive Code Example
S3 bucket objects access through TLS is not enforced by default:
[source,javascript]
----
const s3 = require('aws-cdk-lib/aws-s3');
const bucket = new s3.Bucket(this, 'example'); // Sensitive
----
== Compliant Solution
[source,javascript]
----
const s3 = require('aws-cdk-lib/aws-s3');
const bucket = new s3.Bucket(this, 'example', {
bucketName: 'example',
versioned: true,
publicReadAccess: false,
enforceSSL: true
});
----
include::../see.adoc[]
* https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_s3.Bucket.html[AWS CDK version 2] - Bucket
ifdef::env-github,rspecator-view[]
'''
== Implementation Specification
(visible only on this page)
include::message.adoc[]
include::highlighting.adoc[]
endif::env-github,rspecator-view[]
Reference in New Issue Copy Permalink