github.com/khulnasoft-lab/defsec@v1.0.5-0.20230827010352-5e9f46893d95/rules/cloud/policies/aws/sam/enable_table_encryption.go (about) 1 package sam 2 3 import ( 4 "github.com/khulnasoft-lab/defsec/internal/rules" 5 "github.com/khulnasoft-lab/defsec/pkg/providers" 6 "github.com/khulnasoft-lab/defsec/pkg/scan" 7 "github.com/khulnasoft-lab/defsec/pkg/severity" 8 "github.com/khulnasoft-lab/defsec/pkg/state" 9 ) 10 11 var CheckEnableTableEncryption = rules.Register( 12 scan.Rule{ 13 AVDID: "AVD-AWS-0121", 14 Provider: providers.AWSProvider, 15 Service: "sam", 16 ShortCode: "enable-table-encryption", 17 Summary: "SAM Simple table must have server side encryption enabled.", 18 Impact: "Data stored in the table that is unencrypted may be vulnerable to compromise", 19 Resolution: "Enable server side encryption", 20 Explanation: `Encryption should be enabled at all available levels to ensure that data is protected if compromised.`, 21 Links: []string{ 22 "https://docs.aws.amazon.com/serverless-application-model/latest/developerguide/sam-resource-simpletable.html#sam-simpletable-ssespecification", 23 }, 24 CloudFormation: &scan.EngineMetadata{ 25 GoodExamples: cloudFormationEnableTableEncryptionGoodExamples, 26 BadExamples: cloudFormationEnableTableEncryptionBadExamples, 27 Links: cloudFormationEnableTableEncryptionLinks, 28 RemediationMarkdown: cloudFormationEnableTableEncryptionRemediationMarkdown, 29 }, 30 Severity: severity.High, 31 }, 32 func(s *state.State) (results scan.Results) { 33 for _, table := range s.AWS.SAM.SimpleTables { 34 if table.SSESpecification.Enabled.IsFalse() { 35 results.Add( 36 "Domain name is configured with an outdated TLS policy.", 37 table.SSESpecification.Enabled, 38 ) 39 } else { 40 results.AddPassed(&table) 41 } 42 } 43 return 44 }, 45 )