ishangsf/rspec
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
rspec/rules/S6332/javascript/rule.adoc

80 lines
1.9 KiB
Plaintext
Raw Normal View History

Create rule S6332(TS): Using unencrypted EFS file systems is security-sensitive (APPSEC-163) (#1289) * Add javascript to rule S6332 * Modify rule S6332: Add JS/TS as covered language * Highlighting specification adjust * Apply suggestions from code review Co-authored-by: Loris S. <91723853+loris-s-sonarsource@users.noreply.github.com> Co-authored-by: pedro-oliveira-sonarsource <pedro-oliveira-sonarsource@users.noreply.github.com> Co-authored-by: pedro-oliveira-sonarsource <pedro.oliveira@sonarsource.com> Co-authored-by: pedro-oliveira-sonarsource <104737234+pedro-oliveira-sonarsource@users.noreply.github.com> Co-authored-by: Loris S. <91723853+loris-s-sonarsource@users.noreply.github.com>
2022-10-19 11:44:13 +02:00
include::../description.adoc[]
include::../ask-yourself.adoc[]
include::../recommended.adoc[]
== Sensitive Code Example
For https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_efs.FileSystem.html[`aws_cdk.aws_efs.FileSystem`]
[source,javascript]
----
import { FileSystem } from 'aws-cdk-lib/aws-efs';
new FileSystem(this, 'unencrypted-explicit', {
vpc: new Vpc(this, 'VPC'),
encrypted: false // Sensitive
});
----
For https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_efs.CfnFileSystem.html[`aws_cdk.aws_efs.CfnFileSystem`]
[source,javascript]
----
import { CfnFileSystem } from 'aws-cdk-lib/aws-efs';
new CfnFileSystem(this, 'unencrypted-implicit-cfn', {
}); // Sensitive as encryption is disabled by default
----
== Compliant Solution
For https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_efs.FileSystem.html[`aws_cdk.aws_efs.FileSystem`]
[source,javascript]
----
import { FileSystem } from 'aws-cdk-lib/aws-efs';
new FileSystem(this, 'encrypted-explicit', {
vpc: new Vpc(this, 'VPC'),
encrypted: true
});
----
For https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_efs.CfnFileSystem.html[`aws_cdk.aws_efs.CfnFileSystem`]
[source,javascript]
----
import { CfnFileSystem } from 'aws-cdk-lib/aws-efs';
new CfnFileSystem(this, 'encrypted-explicit-cfn', {
encrypted: true
});
----
include::../see.adoc[]
ifdef::env-github,rspecator-view[]
'''
== Implementation Specification
(visible only on this page)
=== Message
For FileSystem:
* Make sure that using unencrypted file systems is safe here.
For CfnFileSystem:
* Make sure that using unencrypted file systems is safe here.
* Omitting "encrypted" disables EFS encryption. Make sure it is safe here.
=== Highlighting
* Highlight the `props` object if it does not contain the property `encrypted` (only for CfnFileSystem).
* Highlight the `encrypted` property if it is not set to `true`.
endif::env-github,rspecator-view[]
Reference in New Issue Copy Permalink