Skip to content
This repository has been archived by the owner on Jun 1, 2022. It is now read-only.

Commit

Permalink
update the examples
Browse files Browse the repository at this point in the history
  • Loading branch information
GitHub Actions Build committed Oct 18, 2021
1 parent 64afd6f commit f93b0ed
Show file tree
Hide file tree
Showing 55 changed files with 109 additions and 0 deletions.
2 changes: 2 additions & 0 deletions internal/app/cfsec/rules/aws/athena/enable_at_rest_encryption_rule.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -11,6 +11,7 @@ func init() {

BadExample: []string{
`---
AWSTemplateFormatVersion: 2010-09-09
Resources:
BadExample:
Properties:
Expand All @@ -23,6 +24,7 @@ Resources:

GoodExample: []string{
`---
AWSTemplateFormatVersion: 2010-09-09
Resources:
GoodExample:
Properties:
Expand Down
2 changes: 2 additions & 0 deletions internal/app/cfsec/rules/aws/athena/no_encryption_override_rule.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -11,6 +11,7 @@ func init() {

BadExample: []string{
`---
AWSTemplateFormatVersion: 2010-09-09
Resources:
BadExample:
Properties:
Expand All @@ -26,6 +27,7 @@ Resources:

GoodExample: []string{
`---
AWSTemplateFormatVersion: 2010-09-09
Resources:
GoodExample:
Properties:
Expand Down
2 changes: 2 additions & 0 deletions internal/app/cfsec/rules/aws/autoscaling/enable_at_rest_encryption_rule.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -11,6 +11,7 @@ func init() {

BadExample: []string{
`---
AWSTemplateFormatVersion: 2010-09-09
Resources:
BadExample:
Properties:
Expand All @@ -29,6 +30,7 @@ Resources:

GoodExample: []string{
`---
AWSTemplateFormatVersion: 2010-09-09
Resources:
GoodExample:
Properties:
Expand Down
2 changes: 2 additions & 0 deletions internal/app/cfsec/rules/aws/autoscaling/no_public_ip_rule.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -11,6 +11,7 @@ func init() {

BadExample: []string{
`---
AWSTemplateFormatVersion: 2010-09-09
Resources:
BadExample:
Properties:
Expand All @@ -23,6 +24,7 @@ Resources:

GoodExample: []string{
`---
AWSTemplateFormatVersion: 2010-09-09
Resources:
GoodExample:
Properties:
Expand Down
2 changes: 2 additions & 0 deletions internal/app/cfsec/rules/aws/cloudfront/enable_logging_rule.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -11,6 +11,7 @@ func init() {

BadExample: []string{
`---
AWSTemplateFormatVersion: 2010-09-09
Resources:
BadExample:
Properties:
Expand All @@ -28,6 +29,7 @@ Resources:

GoodExample: []string{
`---
AWSTemplateFormatVersion: 2010-09-09
Resources:
GoodExample:
Properties:
Expand Down
2 changes: 2 additions & 0 deletions internal/app/cfsec/rules/aws/cloudfront/enable_waf_rule.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -11,6 +11,7 @@ func init() {

BadExample: []string{
`---
AWSTemplateFormatVersion: 2010-09-09
Resources:
BadExample:
Properties:
Expand All @@ -30,6 +31,7 @@ Resources:

GoodExample: []string{
`---
AWSTemplateFormatVersion: 2010-09-09
Resources:
GoodExample:
Properties:
Expand Down
2 changes: 2 additions & 0 deletions internal/app/cfsec/rules/aws/cloudfront/enforce_https_rule.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -11,6 +11,7 @@ func init() {

BadExample: []string{
`---
AWSTemplateFormatVersion: 2010-09-09
Resources:
BadExample:
Properties:
Expand All @@ -31,6 +32,7 @@ Resources:

GoodExample: []string{
`---
AWSTemplateFormatVersion: 2010-09-09
Resources:
GoodExample:
Properties:
Expand Down
2 changes: 2 additions & 0 deletions internal/app/cfsec/rules/aws/cloudfront/use_secure_tls_policy_rule.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -11,6 +11,7 @@ func init() {

BadExample: []string{
`---
AWSTemplateFormatVersion: 2010-09-09
Resources:
BadExample:
Properties:
Expand All @@ -32,6 +33,7 @@ Resources:

GoodExample: []string{
`---
AWSTemplateFormatVersion: 2010-09-09
Resources:
GoodExample:
Properties:
Expand Down
2 changes: 2 additions & 0 deletions internal/app/cfsec/rules/aws/cloudtrail/enable_all_regions_rule.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -11,6 +11,7 @@ func init() {
scanner.RegisterCheckRule(rules.Rule{
BadExample: []string{
`---
AWSTemplateFormatVersion: 2010-09-09
Resources:
BadExample:
Type: AWS::CloudTrail::Trail
Expand All @@ -23,6 +24,7 @@ Resources:
`,
},
GoodExample: []string{`---
AWSTemplateFormatVersion: 2010-09-09
Resources:
BadExample:
Type: AWS::CloudTrail::Trail
Expand Down
2 changes: 2 additions & 0 deletions internal/app/cfsec/rules/aws/cloudtrail/enable_at_rest_encryption_rule.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -11,6 +11,7 @@ func init() {
scanner.RegisterCheckRule(rules.Rule{
BadExample: []string{
`---
AWSTemplateFormatVersion: 2010-09-09
Resources:
BadExample:
Type: AWS::CloudTrail::Trail
Expand All @@ -23,6 +24,7 @@ Resources:
`,
},
GoodExample: []string{`---
AWSTemplateFormatVersion: 2010-09-09
Resources:
BadExample:
Type: AWS::CloudTrail::Trail
Expand Down
2 changes: 2 additions & 0 deletions internal/app/cfsec/rules/aws/cloudtrail/enable_log_validation_rule.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -11,6 +11,7 @@ func init() {
scanner.RegisterCheckRule(rules.Rule{
BadExample: []string{
`---
AWSTemplateFormatVersion: 2010-09-09
Resources:
BadExample:
Type: AWS::CloudTrail::Trail
Expand All @@ -23,6 +24,7 @@ Resources:
`,
},
GoodExample: []string{`---
AWSTemplateFormatVersion: 2010-09-09
Resources:
BadExample:
Type: AWS::CloudTrail::Trail
Expand Down
2 changes: 2 additions & 0 deletions internal/app/cfsec/rules/aws/cloudwatch/log_group_customer_key_rule.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -11,6 +11,7 @@ func init() {
scanner.RegisterCheckRule(rules.Rule{

BadExample: []string{`---
AWSTemplateFormatVersion: 2010-09-09
Resources:
BadExample:
Type: AWS::Logs::LogGroup
Expand All @@ -20,6 +21,7 @@ Resources:
RetentionInDays: 30
`},
GoodExample: []string{`---
AWSTemplateFormatVersion: 2010-09-09
Resources:
GoodExample:
Type: AWS::Logs::LogGroup
Expand Down
3 changes: 3 additions & 0 deletions internal/app/cfsec/rules/aws/codebuild/enable_artifact_encryption_rule.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -10,6 +10,7 @@ func init() {

scanner.RegisterCheckRule(rules.Rule{
BadExample: []string{`---
AWSTemplateFormatVersion: 2010-09-09
Resources:
GoodProject:
Type: AWS::CodeBuild::Project
Expand All @@ -36,6 +37,7 @@ Resources:
Type: "String"
`,
`---
AWSTemplateFormatVersion: 2010-09-09
Resources:
GoodProject:
Type: AWS::CodeBuild::Project
Expand Down Expand Up @@ -63,6 +65,7 @@ Resources:
`},

GoodExample: []string{`---
AWSTemplateFormatVersion: 2010-09-09
Resources:
GoodProject:
Type: AWS::CodeBuild::Project
Expand Down
3 changes: 3 additions & 0 deletions internal/app/cfsec/rules/aws/config/aggregate_all_regions_rule.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -10,13 +10,15 @@ func init() {

scanner.RegisterCheckRule(rules.Rule{
BadExample: []string{`---
AWSTemplateFormatVersion: 2010-09-09
Resources:
BadExample:
Type: AWS::Config::ConfigurationAggregator
Properties:
ConfigurationAggregatorName: "BadAccountLevelAggregation"
`},
GoodExample: []string{`---
AWSTemplateFormatVersion: 2010-09-09
Resources:
GoodExample:
Type: AWS::Config::ConfigurationAggregator
Expand All @@ -26,6 +28,7 @@ Resources:
ConfigurationAggregatorName: "GoodAccountLevelAggregation"
`,
`---
AWSTemplateFormatVersion: 2010-09-09
Resources:
GoodExample:
Type: AWS::Config::ConfigurationAggregator
Expand Down
1 change: 1 addition & 0 deletions internal/app/cfsec/rules/aws/documentdb/enable_log_export_rule.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -28,6 +28,7 @@ func init() {
PreferredMaintenanceWindow: 'sat:06:54-sat:07:24'
`},
GoodExample: []string{`---
AWSTemplateFormatVersion: 2010-09-09
Resources:
GoodExample:
Type: "AWS::DocDB::DBCluster"
Expand Down
1 change: 1 addition & 0 deletions internal/app/cfsec/rules/aws/documentdb/enable_storage_encryption_rule.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -28,6 +28,7 @@ func init() {
PreferredMaintenanceWindow: 'sat:06:54-sat:07:24'
`},
GoodExample: []string{`---
AWSTemplateFormatVersion: 2010-09-09
Resources:
GoodExample:
Type: "AWS::DocDB::DBCluster"
Expand Down
1 change: 1 addition & 0 deletions internal/app/cfsec/rules/aws/documentdb/encryption_customer_key_rule.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -28,6 +28,7 @@ func init() {
PreferredMaintenanceWindow: 'sat:06:54-sat:07:24'
`},
GoodExample: []string{`---
AWSTemplateFormatVersion: 2010-09-09
Resources:
GoodExample:
Type: "AWS::DocDB::DBCluster"
Expand Down
2 changes: 2 additions & 0 deletions internal/app/cfsec/rules/aws/dynamodb/enable_at_rest_encryption_rule.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -11,6 +11,7 @@ func init() {
scanner.RegisterCheckRule(rules.Rule{

BadExample: []string{`---
AWSTemplateFormatVersion: 2010-09-09
Resources:
daxCluster:
Type: AWS::DAX::Cluster
Expand All @@ -23,6 +24,7 @@ Resources:
SubnetGroupName: !Ref subnetGroupClu
`},
GoodExample: []string{`---
AWSTemplateFormatVersion: 2010-09-09
Resources:
daxCluster:
Type: AWS::DAX::Cluster
Expand Down
2 changes: 2 additions & 0 deletions internal/app/cfsec/rules/aws/ebs/enable_volume_encryption_rule.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -11,6 +11,7 @@ func init() {
scanner.RegisterCheckRule(rules.Rule{

BadExample: []string{`---
AWSTemplateFormatVersion: 2010-09-09
Resources:
BadExample:
Type: AWS::EC2::Volume
Expand All @@ -20,6 +21,7 @@ Resources:
DeletionPolicy: Snapshot
`},
GoodExample: []string{`---
AWSTemplateFormatVersion: 2010-09-09
Resources:
GoodExample:
Type: AWS::EC2::Volume
Expand Down
2 changes: 2 additions & 0 deletions internal/app/cfsec/rules/aws/ebs/encryption_customer_key_rule.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -10,6 +10,7 @@ func init() {

scanner.RegisterCheckRule(rules.Rule{
BadExample: []string{`---
AWSTemplateFormatVersion: 2010-09-09
Resources:
BadExample:
Type: AWS::EC2::Volume
Expand All @@ -19,6 +20,7 @@ Resources:
DeletionPolicy: Snapshot
`},
GoodExample: []string{`---
AWSTemplateFormatVersion: 2010-09-09
Resources:
GoodExample:
Type: AWS::EC2::Volume
Expand Down
2 changes: 2 additions & 0 deletions internal/app/cfsec/rules/aws/ec2/no_secrets_in_user_data_rule.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -10,6 +10,7 @@ func init() {

scanner.RegisterCheckRule(rules.Rule{
BadExample: []string{`---
AWSTemplateFormatVersion: 2010-09-09
Resources:
BadExample:
Type: AWS::EC2::Instance
Expand All @@ -28,6 +29,7 @@ Resources:
`},
GoodExample: []string{`---
AWSTemplateFormatVersion: 2010-09-09
Resources:
GoodExample:
Type: AWS::EC2::Instance
Expand Down
2 changes: 2 additions & 0 deletions internal/app/cfsec/rules/aws/ecr/enable_image_scanning_rule.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -11,6 +11,7 @@ func init() {
scanner.RegisterCheckRule(rules.Rule{

BadExample: []string{`---
AWSTemplateFormatVersion: 2010-09-09
Resources:
BadExample:
Type: AWS::ECR::Repository
Expand All @@ -20,6 +21,7 @@ Resources:
ScanOnPush: false
`},
GoodExample: []string{`---
AWSTemplateFormatVersion: 2010-09-09
Resources:
GoodExample:
Type: AWS::ECR::Repository
Expand Down
2 changes: 2 additions & 0 deletions internal/app/cfsec/rules/aws/ecr/enforce_immutable_repository_rule.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -11,6 +11,7 @@ func init() {
scanner.RegisterCheckRule(rules.Rule{

BadExample: []string{`---
AWSTemplateFormatVersion: 2010-09-09
Resources:
BadExample:
Type: AWS::ECR::Repository
Expand All @@ -20,6 +21,7 @@ Resources:
ScanOnPush: false
`},
GoodExample: []string{`---
AWSTemplateFormatVersion: 2010-09-09
Resources:
GoodExample:
Type: AWS::ECR::Repository
Expand Down
2 changes: 2 additions & 0 deletions internal/app/cfsec/rules/aws/ecr/no_public_access_rule.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -11,6 +11,7 @@ func init() {
scanner.RegisterCheckRule(rules.Rule{

BadExample: []string{`---
AWSTemplateFormatVersion: 2010-09-09
Resources:
BadExample:
Type: AWS::ECR::Repository
Expand All @@ -37,6 +38,7 @@ Resources:
- "ecr:CompleteLayerUpload"
`},
GoodExample: []string{`---
AWSTemplateFormatVersion: 2010-09-09
Resources:
GoodExample:
Type: AWS::ECR::Repository
Expand Down
2 changes: 2 additions & 0 deletions internal/app/cfsec/rules/aws/ecr/repository_customer_key_rule.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -11,6 +11,7 @@ func init() {
scanner.RegisterCheckRule(rules.Rule{

BadExample: []string{`---
AWSTemplateFormatVersion: 2010-09-09
Resources:
BadExample:
Type: AWS::ECR::Repository
Expand All @@ -20,6 +21,7 @@ Resources:
ScanOnPush: false
`},
GoodExample: []string{`---
AWSTemplateFormatVersion: 2010-09-09
Resources:
GoodExample:
Type: AWS::ECR::Repository
Expand Down
Loading

0 comments on commit f93b0ed

Please sign in to comment.