github.com/khulnasoft-lab/defsec@v1.0.5-0.20230827010352-5e9f46893d95/rules/cloud/policies/aws/s3/enable_versioning.go

github.com/khulnasoft-lab/defsec@v1.0.5-0.20230827010352-5e9f46893d95/rules/cloud/policies/aws/s3/enable_versioning.go (about)

     1  package s3
     2  
     3  import (
     4  	"github.com/khulnasoft-lab/defsec/internal/rules"
     5  	"github.com/khulnasoft-lab/defsec/pkg/providers"
     6  	"github.com/khulnasoft-lab/defsec/pkg/scan"
     7  	"github.com/khulnasoft-lab/defsec/pkg/severity"
     8  	"github.com/khulnasoft-lab/defsec/pkg/state"
     9  )
    10  
    11  var CheckVersioningIsEnabled = rules.Register(
    12  	scan.Rule{
    13  		AVDID:      "AVD-AWS-0090",
    14  		Provider:   providers.AWSProvider,
    15  		Service:    "s3",
    16  		ShortCode:  "enable-versioning",
    17  		Summary:    "S3 Data should be versioned",
    18  		Impact:     "Deleted or modified data would not be recoverable",
    19  		Resolution: "Enable versioning to protect against accidental/malicious removal or modification",
    20  		Explanation: `
    21  Versioning in Amazon S3 is a means of keeping multiple variants of an object in the same bucket. 
    22  You can use the S3 Versioning feature to preserve, retrieve, and restore every version of every object stored in your buckets. 
    23  With versioning you can recover more easily from both unintended user actions and application failures.
    24  `,
    25  		Links: []string{
    26  			"https://docs.aws.amazon.com/AmazonS3/latest/userguide/Versioning.html",
    27  		},
    28  		Terraform: &scan.EngineMetadata{
    29  			GoodExamples:        terraformEnableVersioningGoodExamples,
    30  			BadExamples:         terraformEnableVersioningBadExamples,
    31  			Links:               terraformEnableVersioningLinks,
    32  			RemediationMarkdown: terraformEnableVersioningRemediationMarkdown,
    33  		},
    34  		CloudFormation: &scan.EngineMetadata{
    35  			GoodExamples:        cloudFormationEnableVersioningGoodExamples,
    36  			BadExamples:         cloudFormationEnableVersioningBadExamples,
    37  			Links:               cloudFormationEnableVersioningLinks,
    38  			RemediationMarkdown: cloudFormationEnableVersioningRemediationMarkdown,
    39  		},
    40  		Severity: severity.Medium,
    41  	},
    42  	func(s *state.State) (results scan.Results) {
    43  		for _, bucket := range s.AWS.S3.Buckets {
    44  			if !bucket.Versioning.Enabled.IsTrue() {
    45  				results.Add(
    46  					"Bucket does not have versioning enabled",
    47  					bucket.Versioning.Enabled,
    48  				)
    49  			} else {
    50  				results.AddPassed(&bucket)
    51  			}
    52  		}
    53  		return results
    54  	},
    55  )