ishangsf/rspec
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
rspec/rules/S6413/terraform/rule.adoc
github-actions[bot] ceeab5a306
Create rule S6413: Defining a short log retention duration is security-sensitive (#758) 
* Create rule S6413

* Add first draft

* Extend highlighting

* Rewrite recommended

* Rewrite recommended

* Update rules/S6413/recommended.adoc

Co-authored-by: Loris S. <91723853+loris-s-sonarsource@users.noreply.github.com>

* Add missing dot

* Add additional description

Co-authored-by: hendrik-buchwald-sonarsource <hendrik-buchwald-sonarsource@users.noreply.github.com>
Co-authored-by: Hendrik Buchwald <hendrik.buchwald@sonarsource.com>
Co-authored-by: hendrik-buchwald-sonarsource <64110887+hendrik-buchwald-sonarsource@users.noreply.github.com>
Co-authored-by: Loris S. <91723853+loris-s-sonarsource@users.noreply.github.com>
Co-authored-by: Pierre-Loup <pierre-loup.tristant@sonarsource.com>
Co-authored-by: Nils Werner <64034005+nils-werner-sonarsource@users.noreply.github.com>
2022-03-23 15:46:34 +01:00

71 lines
1.4 KiB
Plaintext
Raw Blame History

include::../description.adoc[]
include::../ask-yourself.adoc[]
include::../recommended.adoc[]
== Sensitive Code Example
For https://docs.microsoft.com/en-us/azure/firewall-manager/policy-overview[Azure Firewall Policy]:
[source,terraform]
----
resource "azurerm_firewall_policy" "example" {
insights {
enabled = true
retention_in_days = 7 # Sensitive
}
}
----
For https://cloud.google.com/logging/docs/routing/overview#buckets[Google Cloud Logging buckets]:
[source,terraform]
----
resource "google_logging_project_bucket_config" "example" {
project = var.project
location = "global"
retention_days = 7 # Sensitive
bucket_id = "_Default"
}
----
== Compliant Solution
For https://docs.microsoft.com/en-us/azure/firewall-manager/policy-overview[Azure Firewall Policy]:
[source,terraform]
----
resource "azurerm_firewall_policy" "example" {
insights {
enabled = true
retention_in_days = 30
}
}
----
For https://cloud.google.com/logging/docs/routing/overview#buckets[Google Cloud Logging buckets]:
[source,terraform]
----
resource "google_logging_project_bucket_config" "example" {
project = var.project
location = "global"
retention_days = 30
bucket_id = "_Default"
}
----
ifdef::env-github,rspecator-view[]
'''
== Implementation Specification
(visible only on this page)
include::../message.adoc[]
include::../highlighting.adoc[]
endif::env-github,rspecator-view[]
Reference in New Issue View Git Blame Copy Permalink