ishangsf/rspec
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
rspec/rules/S6330/python/rule.adoc
Fred Tingaud 16f6c0aecf
Inline adoc when include has no additional value (#1940) 
Inline adoc files when they are included exactly once.

Also fix language tags because this inlining gives us better information
on what language the code is written in.
2023-05-25 14:18:12 +02:00

104 lines
2.4 KiB
Plaintext
Raw Blame History

include::../description.adoc[]
include::../ask-yourself.adoc[]
include::../recommended.adoc[]
== Sensitive Code Example
For https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_sqs.Queue.html[aws_cdk.aws_sqs.Queue]:
[source,python]
----
from aws_cdk import (
aws_sqs as sqs
)
class QueueStack(Stack):
def __init__(self, scope: Construct, construct_id: str, **kwargs) -> None:
super().__init__(scope, construct_id, **kwargs)
sqs.Queue( # Sensitive, unencrypted by default
self,
"example"
)
----
For https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_sqs.CfnQueue.html[aws_cdk.aws_sqs.CfnQueue]:
[source,python]
----
from aws_cdk import (
aws_sqs as sqs
)
class CfnQueueStack(Stack):
def __init__(self, scope: Construct, construct_id: str, **kwargs) -> None:
super().__init__(scope, construct_id, **kwargs)
sqs.CfnQueue( # Sensitive, unencrypted by default
self,
"example"
)
----
== Compliant Solution
For https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_sqs.Queue.html[aws_cdk.aws_sqs.Queue]:
[source,python]
----
from aws_cdk import (
aws_sqs as sqs
)
class QueueStack(Stack):
def __init__(self, scope: Construct, construct_id: str, **kwargs) -> None:
super().__init__(scope, construct_id, **kwargs)
sqs.Queue(
self,
"example",
encryption=sqs.QueueEncryption.KMS_MANAGED
)
----
For https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_sqs.CfnQueue.html[aws_cdk.aws_sqs.CfnQueue]:
[source,python]
----
from aws_cdk import (
aws_sqs as sqs
)
class CfnQueueStack(Stack):
def __init__(self, scope: Construct, construct_id: str, **kwargs) -> None:
super().__init__(scope, construct_id, **kwargs)
my_key = kms.Key(self, "key")
sqs.CfnQueue(
self,
"example",
kms_master_key_id=my_key.key_id
)
----
include::../see.adoc[]
ifdef::env-github,rspecator-view[]
'''
== Implementation Specification
(visible only on this page)
=== Message
For CfnQueue:
* Omitting "kms_master_key_id" disables SQS queues encryption. Make sure it is safe here.
For Queue:
* Omitting "encryption" disables SQS queues encryption. Make sure it is safe here.
* Setting "encryption" to "QueueEncryption.UNENCRYPTED" disables SQS queues encryption. Make sure it is safe here.
endif::env-github,rspecator-view[]
Reference in New Issue View Git Blame Copy Permalink