rspec/rules/S6330/python/rule.adoc

include::../description.adoc[]

include::../ask-yourself.adoc[]

include::../recommended.adoc[]

== Sensitive Code Example

For https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_sqs.Queue.html[aws_cdk.aws_sqs.Queue]:

[source,python]
----
from aws_cdk import (
    aws_sqs as sqs
)

class QueueStack(Stack):
    def __init__(self, scope: Construct, construct_id: str, **kwargs) -> None:
        super().__init__(scope, construct_id, **kwargs)
        sqs.Queue( # Sensitive, unencrypted by default
            self,
            "example"
        )
----

For https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_sqs.CfnQueue.html[aws_cdk.aws_sqs.CfnQueue]:

[source,python]
----
from aws_cdk import (
    aws_sqs as sqs
)

class CfnQueueStack(Stack):
    def __init__(self, scope: Construct, construct_id: str, **kwargs) -> None:
        super().__init__(scope, construct_id, **kwargs)
        sqs.CfnQueue( # Sensitive, unencrypted by default
            self,
            "example"
        )
----

== Compliant Solution

For https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_sqs.Queue.html[aws_cdk.aws_sqs.Queue]:

[source,python]
----
from aws_cdk import (
    aws_sqs as sqs
)

class QueueStack(Stack):
    def __init__(self, scope: Construct, construct_id: str, **kwargs) -> None:
        super().__init__(scope, construct_id, **kwargs)
        sqs.Queue(
            self,
            "example",
            encryption=sqs.QueueEncryption.KMS_MANAGED
        )
----

For https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_sqs.CfnQueue.html[aws_cdk.aws_sqs.CfnQueue]:

[source,python]
----
from aws_cdk import (
    aws_sqs as sqs
)

class CfnQueueStack(Stack):
    def __init__(self, scope: Construct, construct_id: str, **kwargs) -> None:
        super().__init__(scope, construct_id, **kwargs)
        my_key = kms.Key(self, "key")
        sqs.CfnQueue(
            self,
            "example",
            kms_master_key_id=my_key.key_id
        )
----

include::../see.adoc[]

ifdef::env-github,rspecator-view[]

'''

== Implementation Specification
(visible only on this page)

include::message.adoc[]

endif::env-github,rspecator-view[]
Create rule S6330: Using unencrypted SQS queues is security-sensitive (#1214) 2022-09-07 11:52:42 +02:00			`include::../description.adoc[]`

			`include::../ask-yourself.adoc[]`

			`include::../recommended.adoc[]`

			`== Sensitive Code Example`

			`For https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_sqs.Queue.html[aws_cdk.aws_sqs.Queue]:`

			`[source,python]`
			`----`
			`from aws_cdk import (`
			`aws_sqs as sqs`
			`)`

			`class QueueStack(Stack):`
			`def __init__(self, scope: Construct, construct_id: str, **kwargs) -> None:`
			`super().__init__(scope, construct_id, **kwargs)`
			`sqs.Queue( # Sensitive, unencrypted by default`
			`self,`
			`"example"`
			`)`
			`----`

			`For https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_sqs.CfnQueue.html[aws_cdk.aws_sqs.CfnQueue]:`

			`[source,python]`
			`----`
			`from aws_cdk import (`
			`aws_sqs as sqs`
			`)`

			`class CfnQueueStack(Stack):`
			`def __init__(self, scope: Construct, construct_id: str, **kwargs) -> None:`
			`super().__init__(scope, construct_id, **kwargs)`
			`sqs.CfnQueue( # Sensitive, unencrypted by default`
			`self,`
			`"example"`
			`)`
			`----`

			`== Compliant Solution`

			`For https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_sqs.Queue.html[aws_cdk.aws_sqs.Queue]:`

			`[source,python]`
			`----`
			`from aws_cdk import (`
			`aws_sqs as sqs`
			`)`

			`class QueueStack(Stack):`
			`def __init__(self, scope: Construct, construct_id: str, **kwargs) -> None:`
			`super().__init__(scope, construct_id, **kwargs)`
			`sqs.Queue(`
			`self,`
			`"example",`
			`encryption=sqs.QueueEncryption.KMS_MANAGED`
			`)`
			`----`

			`For https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_sqs.CfnQueue.html[aws_cdk.aws_sqs.CfnQueue]:`

			`[source,python]`
			`----`
			`from aws_cdk import (`
			`aws_sqs as sqs`
			`)`

			`class CfnQueueStack(Stack):`
			`def __init__(self, scope: Construct, construct_id: str, **kwargs) -> None:`
			`super().__init__(scope, construct_id, **kwargs)`
			`my_key = kms.Key(self, "key")`
			`sqs.CfnQueue(`
			`self,`
			`"example",`
			`kms_master_key_id=my_key.key_id`
			`)`
			`----`

			`include::../see.adoc[]`

			`ifdef::env-github,rspecator-view[]`

			`'''`

			`== Implementation Specification`
			`(visible only on this page)`

			`include::message.adoc[]`

			`endif::env-github,rspecator-view[]`