github.com/khulnasoft-lab/defsec@v1.0.5-0.20230827010352-5e9f46893d95/rules/cloud/policies/azure/datalake/enable_at_rest_encryption.go (about) 1 package datalake 2 3 import ( 4 "github.com/khulnasoft-lab/defsec/internal/rules" 5 "github.com/khulnasoft-lab/defsec/pkg/providers" 6 "github.com/khulnasoft-lab/defsec/pkg/scan" 7 "github.com/khulnasoft-lab/defsec/pkg/severity" 8 "github.com/khulnasoft-lab/defsec/pkg/state" 9 ) 10 11 var CheckEnableAtRestEncryption = rules.Register( 12 scan.Rule{ 13 AVDID: "AVD-AZU-0036", 14 Provider: providers.AzureProvider, 15 Service: "datalake", 16 ShortCode: "enable-at-rest-encryption", 17 Summary: "Unencrypted data lake storage.", 18 Impact: "Data could be read if compromised", 19 Resolution: "Enable encryption of data lake storage", 20 Explanation: `Datalake storage encryption defaults to Enabled, it shouldn't be overridden to Disabled.`, 21 Links: []string{ 22 "https://docs.microsoft.com/en-us/azure/data-lake-store/data-lake-store-security-overview", 23 }, 24 Terraform: &scan.EngineMetadata{ 25 GoodExamples: terraformEnableAtRestEncryptionGoodExamples, 26 BadExamples: terraformEnableAtRestEncryptionBadExamples, 27 Links: terraformEnableAtRestEncryptionLinks, 28 RemediationMarkdown: terraformEnableAtRestEncryptionRemediationMarkdown, 29 }, 30 Severity: severity.High, 31 }, 32 func(s *state.State) (results scan.Results) { 33 for _, store := range s.Azure.DataLake.Stores { 34 if store.EnableEncryption.IsFalse() { 35 results.Add( 36 "Data lake store is not encrypted.", 37 store.EnableEncryption, 38 ) 39 } else { 40 results.AddPassed(&store) 41 } 42 } 43 return 44 }, 45 )