github.com/khulnasoft-lab/defsec@v1.0.5-0.20230827010352-5e9f46893d95/rules/cloud/policies/aws/sam/enable_function_tracing.go (about) 1 package sam 2 3 import ( 4 "github.com/khulnasoft-lab/defsec/internal/rules" 5 "github.com/khulnasoft-lab/defsec/pkg/providers" 6 "github.com/khulnasoft-lab/defsec/pkg/providers/aws/sam" 7 "github.com/khulnasoft-lab/defsec/pkg/scan" 8 "github.com/khulnasoft-lab/defsec/pkg/severity" 9 "github.com/khulnasoft-lab/defsec/pkg/state" 10 ) 11 12 var CheckEnableFunctionTracing = rules.Register( 13 scan.Rule{ 14 AVDID: "AVD-AWS-0125", 15 Provider: providers.AWSProvider, 16 Service: "sam", 17 ShortCode: "enable-function-tracing", 18 Summary: "SAM Function must have X-Ray tracing enabled", 19 Impact: "Without full tracing enabled it is difficult to trace the flow of logs", 20 Resolution: "Enable tracing", 21 Explanation: `X-Ray tracing enables end-to-end debugging and analysis of the function.`, 22 Links: []string{ 23 "https://docs.aws.amazon.com/serverless-application-model/latest/developerguide/sam-resource-function.html#sam-function-tracing", 24 }, 25 CloudFormation: &scan.EngineMetadata{ 26 GoodExamples: cloudFormationEnableFunctionTracingGoodExamples, 27 BadExamples: cloudFormationEnableFunctionTracingBadExamples, 28 Links: cloudFormationEnableFunctionTracingLinks, 29 RemediationMarkdown: cloudFormationEnableFunctionTracingRemediationMarkdown, 30 }, 31 Severity: severity.Low, 32 }, 33 func(s *state.State) (results scan.Results) { 34 for _, function := range s.AWS.SAM.Functions { 35 if function.Metadata.IsUnmanaged() { 36 continue 37 } 38 39 if function.Tracing.NotEqualTo(sam.TracingModeActive) { 40 results.Add( 41 "X-Ray tracing is not enabled,", 42 function.Tracing, 43 ) 44 } else { 45 results.AddPassed(&function) 46 } 47 } 48 return 49 }, 50 )