github.com/khulnasoft-lab/defsec@v1.0.5-0.20230827010352-5e9f46893d95/rules/cloud/policies/aws/codebuild/enable_encryption.go

github.com/khulnasoft-lab/defsec@v1.0.5-0.20230827010352-5e9f46893d95/rules/cloud/policies/aws/codebuild/enable_encryption.go (about)

     1  package codebuild
     2  
     3  import (
     4  	"github.com/khulnasoft-lab/defsec/internal/rules"
     5  	"github.com/khulnasoft-lab/defsec/pkg/providers"
     6  	"github.com/khulnasoft-lab/defsec/pkg/scan"
     7  	"github.com/khulnasoft-lab/defsec/pkg/severity"
     8  	"github.com/khulnasoft-lab/defsec/pkg/state"
     9  )
    10  
    11  var CheckEnableEncryption = rules.Register(
    12  	scan.Rule{
    13  		AVDID:       "AVD-AWS-0018",
    14  		Provider:    providers.AWSProvider,
    15  		Service:     "codebuild",
    16  		ShortCode:   "enable-encryption",
    17  		Summary:     "CodeBuild Project artifacts encryption should not be disabled",
    18  		Impact:      "CodeBuild project artifacts are unencrypted",
    19  		Resolution:  "Enable encryption for CodeBuild project artifacts",
    20  		Explanation: `All artifacts produced by your CodeBuild project pipeline should always be encrypted`,
    21  		Links: []string{
    22  			"https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-codebuild-project-artifacts.html",
    23  			"https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-codebuild-project.html",
    24  		},
    25  		Terraform: &scan.EngineMetadata{
    26  			GoodExamples:        terraformEnableEncryptionGoodExamples,
    27  			BadExamples:         terraformEnableEncryptionBadExamples,
    28  			Links:               terraformEnableEncryptionLinks,
    29  			RemediationMarkdown: terraformEnableEncryptionRemediationMarkdown,
    30  		},
    31  		CloudFormation: &scan.EngineMetadata{
    32  			GoodExamples:        cloudFormationEnableEncryptionGoodExamples,
    33  			BadExamples:         cloudFormationEnableEncryptionBadExamples,
    34  			Links:               cloudFormationEnableEncryptionLinks,
    35  			RemediationMarkdown: cloudFormationEnableEncryptionRemediationMarkdown,
    36  		},
    37  		Severity: severity.High,
    38  	},
    39  	func(s *state.State) (results scan.Results) {
    40  		for _, project := range s.AWS.CodeBuild.Projects {
    41  			if project.ArtifactSettings.EncryptionEnabled.IsFalse() {
    42  				results.Add(
    43  					"Encryption is not enabled for project artifacts.",
    44  					project.ArtifactSettings.EncryptionEnabled,
    45  				)
    46  			} else {
    47  				results.AddPassed(&project)
    48  			}
    49  
    50  			for _, setting := range project.SecondaryArtifactSettings {
    51  				if setting.EncryptionEnabled.IsFalse() {
    52  					results.Add(
    53  						"Encryption is not enabled for secondary project artifacts.",
    54  						setting.EncryptionEnabled,
    55  					)
    56  				} else {
    57  					results.AddPassed(&setting)
    58  				}
    59  			}
    60  
    61  		}
    62  		return
    63  	},
    64  )