github.com/khulnasoft-lab/defsec@v1.0.5-0.20230827010352-5e9f46893d95/rules/cloud/policies/aws/apigateway/enable_cache.go

github.com/khulnasoft-lab/defsec@v1.0.5-0.20230827010352-5e9f46893d95/rules/cloud/policies/aws/apigateway/enable_cache.go (about)

     1  package apigateway
     2  
     3  import (
     4  	"github.com/khulnasoft-lab/defsec/internal/rules"
     5  	"github.com/khulnasoft-lab/defsec/pkg/providers"
     6  	"github.com/khulnasoft-lab/defsec/pkg/scan"
     7  	"github.com/khulnasoft-lab/defsec/pkg/severity"
     8  	"github.com/khulnasoft-lab/defsec/pkg/state"
     9  )
    10  
    11  var CheckEnableCache = rules.Register(
    12  	scan.Rule{
    13  		AVDID:       "AVD-AWS-0190",
    14  		Provider:    providers.AWSProvider,
    15  		Service:     "api-gateway",
    16  		ShortCode:   "enable-cache",
    17  		Summary:     "Ensure that response caching is enabled for your Amazon API Gateway REST APIs.",
    18  		Impact:      "Reduce the number of calls made to your API endpoint and also improve the latency of requests to your API with response caching.",
    19  		Resolution:  "Enable cache",
    20  		Explanation: "A REST API in API Gateway is a collection of resources and methods that are integrated with backend HTTP endpoints, Lambda functions, or other AWS services. You can enable API caching in Amazon API Gateway to cache your endpoint responses. With caching, you can reduce the number of calls made to your endpoint and also improve the latency of requests to your API.",
    21  		Links:       []string{"https://docs.aws.amazon.com/apigateway/latest/developerguide/api-gateway-caching.html"},
    22  		Terraform: &scan.EngineMetadata{
    23  			GoodExamples:        terraformEnableCacheGoodExamples,
    24  			BadExamples:         terraformEnableCacheBadExamples,
    25  			Links:               terraformEnableCacheLinks,
    26  			RemediationMarkdown: terraformEnableCacheRemediationMarkdown,
    27  		},
    28  		Severity: severity.Low,
    29  	},
    30  	func(s *state.State) (results scan.Results) {
    31  		for _, api := range s.AWS.APIGateway.V1.APIs {
    32  			if api.Metadata.IsUnmanaged() {
    33  				continue
    34  			}
    35  			for _, stage := range api.Stages {
    36  				if stage.Metadata.IsUnmanaged() {
    37  					continue
    38  				}
    39  				for _, settings := range stage.RESTMethodSettings {
    40  					if settings.Metadata.IsUnmanaged() {
    41  						continue
    42  					}
    43  					if settings.CacheEnabled.IsFalse() {
    44  						results.Add(
    45  							"Cache data is not enabled.",
    46  							settings.CacheEnabled,
    47  						)
    48  					} else {
    49  						results.AddPassed(&settings)
    50  					}
    51  
    52  				}
    53  			}
    54  		}
    55  		return
    56  	},
    57  )