-
Notifications
You must be signed in to change notification settings - Fork 1.1k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge branch 'main' into v_net_single_dns_server
- Loading branch information
Showing
368 changed files
with
21,064 additions
and
10,182 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
10 changes: 10 additions & 0 deletions
10
cdk_integration_tests/src/typescript/RDSMultiAZEnabled/fail.ts
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,10 @@ | ||
// SOURCE | ||
import { DatabaseInstance } from '@aws-cdk/aws-rds'; | ||
|
||
// SINK | ||
// SINK: Vulnerability found due to missing Multi-AZ setting | ||
new DatabaseInstance(stack, 'MyDatabaseInstance', { | ||
instanceType: ec2.InstanceType.of(ec2.InstanceClass.BURSTABLE2, ec2.InstanceSize.MICRO), | ||
vpc | ||
// missing Multi-AZ setting | ||
}); |
10 changes: 10 additions & 0 deletions
10
cdk_integration_tests/src/typescript/RDSMultiAZEnabled/pass.ts
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,10 @@ | ||
// SOURCE | ||
import { DatabaseInstance } from '@aws-cdk/aws-rds'; | ||
|
||
// SINK | ||
// SINK: Vulnerability found due to missing Multi-AZ setting | ||
new DatabaseInstance(stack, 'MyDatabaseInstance', { | ||
instanceType: ec2.InstanceType.of(ec2.InstanceClass.BURSTABLE2, ec2.InstanceSize.MICRO), | ||
vpc, | ||
multiAZ: true | ||
}); |
10 changes: 10 additions & 0 deletions
10
cdk_integration_tests/src/typescript/RDSPubliclyAccessible/fail.ts
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,10 @@ | ||
// SOURCE | ||
import { DatabaseInstance } from '@aws-cdk/aws-rds'; | ||
|
||
// SINK | ||
// SINK: Vulnerability found due to publicly accessible setting | ||
new DatabaseInstance(stack, 'MyDatabaseInstance', { | ||
instanceType: ec2.InstanceType.of(ec2.InstanceClass.BURSTABLE2, ec2.InstanceSize.MICRO), | ||
vpc | ||
// publicly accessible setting missing | ||
}); |
8 changes: 8 additions & 0 deletions
8
cdk_integration_tests/src/typescript/RDSPubliclyAccessible/pass.ts
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,8 @@ | ||
// SOURCE | ||
import { DatabaseInstance } from '@aws-cdk/aws-rds'; | ||
|
||
// SINK | ||
new DatabaseInstance(stack, 'MyDatabaseInstance', { | ||
instanceType: ec2.InstanceType.of(ec2.InstanceClass.BURSTABLE2, ec2.InstanceSize.MICRO), | ||
vpc, publicly_accessible: true | ||
}); |
19 changes: 19 additions & 0 deletions
19
cdk_integration_tests/src/typescript/RedShiftSSL/fail__2__.ts
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,19 @@ | ||
// FINDING | ||
import { CfnClusterParameterGroup } from '@aws-cdk/aws-redshift'; | ||
|
||
// SINK | ||
// SINK: Vulnerability found due to Redshift not using SSL | ||
new CfnClusterParameterGroup(stack, 'MyClusterParameterGroup', { | ||
description: 'Parameter group for my Redshift cluster', | ||
family: 'redshift-1.0', | ||
parameters: { | ||
require_ssl: 'false', // This should be 'true' to enforce SSL | ||
}, | ||
}); | ||
new CfnClusterParameterGroup(stack, 'MyClusterParameterGroup', { | ||
description: 'Parameter group for my Redshift cluster', | ||
family: 'redshift-1.0', | ||
parameters: { | ||
random_param: 100 | ||
}, | ||
}); |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,9 @@ | ||
import { CfnClusterParameterGroup } from '@aws-cdk/aws-redshift'; | ||
|
||
new CfnClusterParameterGroup(stack, 'MyClusterParameterGroup', { | ||
description: 'Parameter group for my Redshift cluster', | ||
family: 'redshift-1.0', | ||
parameters: { | ||
require_ssl: 'true', // This should be 'true' to enforce SSL | ||
}, | ||
}); |
12 changes: 12 additions & 0 deletions
12
cdk_integration_tests/src/typescript/RedshiftClusterEncryption/fail.ts
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,12 @@ | ||
// SOURCE | ||
import { Cluster } from '@aws-cdk/aws-redshift'; | ||
|
||
// SINK | ||
// SINK: Vulnerability found due to missing encryption at rest | ||
new Cluster(stack, 'MyRedshiftCluster', { | ||
masterUser: { | ||
masterUsername: 'admin', | ||
masterPassword: 'password', | ||
}, | ||
vpc, encrypted: false | ||
}); |
19 changes: 19 additions & 0 deletions
19
cdk_integration_tests/src/typescript/RedshiftClusterEncryption/pass.ts
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,19 @@ | ||
// SOURCE | ||
import { Cluster } from '@aws-cdk/aws-redshift'; | ||
|
||
// SINK | ||
// SINK: Vulnerability found due to missing encryption at rest | ||
new Cluster(stack, 'MyRedshiftCluster', { | ||
masterUser: { | ||
masterUsername: 'admin', | ||
masterPassword: 'password', | ||
}, | ||
vpc, encrypted: true | ||
}); | ||
new Cluster(stack, 'MyRedshiftCluster', { | ||
masterUser: { | ||
masterUsername: 'admin', | ||
masterPassword: 'password', | ||
}, | ||
vpc | ||
}); |
13 changes: 13 additions & 0 deletions
13
cdk_integration_tests/src/typescript/RedshiftClusterLogging/fail.ts
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,13 @@ | ||
// SOURCE | ||
import { Cluster } from '@aws-cdk/aws-redshift'; | ||
|
||
// SINK | ||
// SINK: Vulnerability found due to missing logging enabled | ||
new Cluster(stack, 'MyRedshiftCluster', { | ||
masterUser: { | ||
masterUsername: 'admin', | ||
masterPassword: 'password', | ||
}, | ||
vpc | ||
// logging enabled missing | ||
}); |
15 changes: 15 additions & 0 deletions
15
cdk_integration_tests/src/typescript/RedshiftClusterLogging/pass.ts
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,15 @@ | ||
// SOURCE | ||
import { Cluster } from '@aws-cdk/aws-redshift'; | ||
|
||
// SINK | ||
// SINK: Vulnerability found due to missing logging enabled | ||
let bucketName; | ||
let stack; | ||
new Cluster(stack, 'MyRedshiftCluster', { | ||
masterUser: { | ||
masterUsername: 'admin', | ||
masterPassword: 'password', | ||
}, | ||
logging_properties: Cluster.LoggingPropertiesProperty = {bucketName: 'name'} | ||
// logging enabled missing | ||
}); |
13 changes: 13 additions & 0 deletions
13
cdk_integration_tests/src/typescript/RedshiftClusterPubliclyAccessible/fail.ts
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,13 @@ | ||
// SOURCE | ||
import { Cluster } from '@aws-cdk/aws-redshift'; | ||
|
||
// SINK | ||
// SINK: Vulnerability found due to publicly accessible cluster | ||
new Cluster(stack, 'MyRedshiftCluster', { | ||
masterUser: { | ||
masterUsername: 'admin', | ||
masterPassword: 'password', | ||
}, | ||
vpc, | ||
publiclyAccessible: true, // publicly accessible cluster | ||
}); |
20 changes: 20 additions & 0 deletions
20
cdk_integration_tests/src/typescript/RedshiftClusterPubliclyAccessible/pass.ts
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,20 @@ | ||
// SOURCE | ||
import { Cluster } from '@aws-cdk/aws-redshift'; | ||
|
||
// SINK | ||
// SINK: Vulnerability found due to publicly accessible cluster | ||
new Cluster(stack, 'MyRedshiftCluster', { | ||
masterUser: { | ||
masterUsername: 'admin', | ||
masterPassword: 'password', | ||
}, | ||
vpc, | ||
publiclyAccessible: false, | ||
}); | ||
new Cluster(stack, 'MyRedshiftCluster', { | ||
masterUser: { | ||
masterUsername: 'admin', | ||
masterPassword: 'password', | ||
}, | ||
vpc | ||
}); |
12 changes: 12 additions & 0 deletions
12
cdk_integration_tests/src/typescript/RedshiftInEc2ClassicMode/fail.ts
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,12 @@ | ||
// SOURCE | ||
import { Cluster } from '@aws-cdk/aws-redshift'; | ||
|
||
// SINK | ||
// SINK: Vulnerability found due to Redshift cluster deployed outside of a VPC | ||
new Cluster(stack, 'MyRedshiftCluster', { | ||
masterUser: { | ||
masterUsername: 'admin', | ||
masterPassword: 'password', | ||
}, | ||
vpc: vpc | ||
}); |
12 changes: 12 additions & 0 deletions
12
cdk_integration_tests/src/typescript/RedshiftInEc2ClassicMode/pass.ts
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,12 @@ | ||
// SOURCE | ||
import { Cluster } from '@aws-cdk/aws-redshift'; | ||
|
||
// SINK | ||
new Cluster(stack, 'MyRedshiftCluster', { | ||
masterUser: { | ||
masterUsername: 'admin', | ||
masterPassword: 'password', | ||
}, | ||
vpc: vpc, | ||
clusterSubnetGroupName: 'name' | ||
}); |
11 changes: 11 additions & 0 deletions
11
cdk_integration_tests/src/typescript/S3BlockPublicACLs/fail__2__.ts
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,11 @@ | ||
// FINDING | ||
import { Bucket } from '@aws-cdk/aws-s3'; | ||
|
||
// SINK | ||
// SINK: Vulnerability found due to S3 bucket missing block public ACLs | ||
new Bucket(stack, 'MyBucket', { | ||
blockPublicAcls: false, // This should be 'true' to block public ACLs | ||
}); | ||
new Bucket(stack, 'MyBucket', { | ||
random_param: 'true' | ||
}); |
8 changes: 8 additions & 0 deletions
8
cdk_integration_tests/src/typescript/S3BlockPublicACLs/pass.ts
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,8 @@ | ||
// FINDING | ||
import { Bucket } from '@aws-cdk/aws-s3'; | ||
|
||
// SINK | ||
// SINK: Vulnerability found due to S3 bucket missing block public ACLs | ||
new Bucket(stack, 'MyBucket', { | ||
blockPublicAcls: true, // This should be 'true' to block public ACLs | ||
}); |
8 changes: 8 additions & 0 deletions
8
cdk_integration_tests/src/typescript/S3BlockPublicPolicy/fail.ts
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,8 @@ | ||
// FINDING | ||
import { Bucket } from '@aws-cdk/aws-s3'; | ||
|
||
// SINK | ||
// SINK: Vulnerability found due to S3 bucket missing block public policy | ||
new Bucket(stack, 'MyBucket', { | ||
publicReadAccess: true, // This should be 'false' to block public policy | ||
}); |
Oops, something went wrong.