github.com/khulnasoft-lab/defsec@v1.0.5-0.20230827010352-5e9f46893d95/rules/cloud/policies/aws/sam/no_function_policy_wildcards.cf.go (about) 1 package sam 2 3 var cloudFormationNoFunctionPolicyWildcardsGoodExamples = []string{ 4 `--- 5 AWSTemplateFormatVersion: 2010-09-09 6 Description: Good Example of SAM Function 7 Resources: 8 GoodFunction: 9 Type: AWS::Serverless::Function 10 Properties: 11 PackageType: Image 12 ImageUri: account-id.dkr.ecr.region.amazonaws.com/ecr-repo-name:image-name 13 ImageConfig: 14 Command: 15 - "app.lambda_handler" 16 EntryPoint: 17 - "entrypoint1" 18 WorkingDirectory: "workDir" 19 Policies: 20 - AWSLambdaExecute 21 - Version: '2012-10-17' 22 Statement: 23 - Effect: Allow 24 Action: 25 - s3:GetObject 26 - s3:GetObjectACL 27 Resource: 'arn:aws:s3:::my-bucket/*' 28 `, 29 } 30 31 var cloudFormationNoFunctionPolicyWildcardsBadExamples = []string{ 32 `--- 33 AWSTemplateFormatVersion: 2010-09-09 34 Description: Bad Example of SAM Function 35 Resources: 36 BadFunction: 37 Type: AWS::Serverless::Function 38 Properties: 39 PackageType: Image 40 ImageUri: account-id.dkr.ecr.region.amazonaws.com/ecr-repo-name:image-name 41 ImageConfig: 42 Command: 43 - "app.lambda_handler" 44 EntryPoint: 45 - "entrypoint1" 46 WorkingDirectory: "workDir" 47 Policies: 48 - AWSLambdaExecute 49 - Version: '2012-10-17' 50 Statement: 51 - Effect: Allow 52 Action: 53 - s3:* 54 Resource: 'arn:aws:s3:::my-bucket/*' 55 `, 56 } 57 58 var cloudFormationNoFunctionPolicyWildcardsLinks = []string{} 59 60 var cloudFormationNoFunctionPolicyWildcardsRemediationMarkdown = ``