From f93b0ed5d0680987e01200b009f1d0d0c1b1c42c Mon Sep 17 00:00:00 2001 From: GitHub Actions Build Date: Mon, 18 Oct 2021 14:38:26 +0100 Subject: [PATCH] update the examples --- .../cfsec/rules/aws/athena/enable_at_rest_encryption_rule.go | 2 ++ .../app/cfsec/rules/aws/athena/no_encryption_override_rule.go | 2 ++ .../rules/aws/autoscaling/enable_at_rest_encryption_rule.go | 2 ++ internal/app/cfsec/rules/aws/autoscaling/no_public_ip_rule.go | 2 ++ internal/app/cfsec/rules/aws/cloudfront/enable_logging_rule.go | 2 ++ internal/app/cfsec/rules/aws/cloudfront/enable_waf_rule.go | 2 ++ internal/app/cfsec/rules/aws/cloudfront/enforce_https_rule.go | 2 ++ .../cfsec/rules/aws/cloudfront/use_secure_tls_policy_rule.go | 2 ++ .../app/cfsec/rules/aws/cloudtrail/enable_all_regions_rule.go | 2 ++ .../rules/aws/cloudtrail/enable_at_rest_encryption_rule.go | 2 ++ .../cfsec/rules/aws/cloudtrail/enable_log_validation_rule.go | 2 ++ .../cfsec/rules/aws/cloudwatch/log_group_customer_key_rule.go | 2 ++ .../rules/aws/codebuild/enable_artifact_encryption_rule.go | 3 +++ .../app/cfsec/rules/aws/config/aggregate_all_regions_rule.go | 3 +++ .../app/cfsec/rules/aws/documentdb/enable_log_export_rule.go | 1 + .../rules/aws/documentdb/enable_storage_encryption_rule.go | 1 + .../cfsec/rules/aws/documentdb/encryption_customer_key_rule.go | 1 + .../cfsec/rules/aws/dynamodb/enable_at_rest_encryption_rule.go | 2 ++ .../app/cfsec/rules/aws/ebs/enable_volume_encryption_rule.go | 2 ++ .../app/cfsec/rules/aws/ebs/encryption_customer_key_rule.go | 2 ++ .../app/cfsec/rules/aws/ec2/no_secrets_in_user_data_rule.go | 2 ++ internal/app/cfsec/rules/aws/ecr/enable_image_scanning_rule.go | 2 ++ .../cfsec/rules/aws/ecr/enforce_immutable_repository_rule.go | 2 ++ internal/app/cfsec/rules/aws/ecr/no_public_access_rule.go | 2 ++ .../app/cfsec/rules/aws/ecr/repository_customer_key_rule.go | 2 ++ .../app/cfsec/rules/aws/ecs/enable_container_insight_rule.go | 2 ++ .../cfsec/rules/aws/ecs/enable_in_transit_encryption_rule.go | 2 ++ internal/app/cfsec/rules/aws/ecs/no_plaintext_secrets_rule.go | 2 ++ .../app/cfsec/rules/aws/efs/enable_at_rest_encryption_rule.go | 2 ++ internal/app/cfsec/rules/aws/eks/encrypt_secrets_rule.go | 2 ++ .../aws/elasticache/add_description_for_security_group_rule.go | 2 ++ .../rules/aws/elasticache/enable_backup_retention_rule.go | 2 ++ .../rules/aws/elasticache/enable_in_transit_encryption_rule.go | 3 +++ .../rules/aws/elasticsearch/enable_domain_encryption_rule.go | 2 ++ .../rules/aws/elasticsearch/enable_domain_logging_rule.go | 2 ++ .../aws/elasticsearch/enable_in_transit_encryption_rule.go | 2 ++ .../app/cfsec/rules/aws/elasticsearch/enforce_https_rule.go | 2 ++ .../rules/aws/elasticsearch/use_secure_tls_policy_rule.go | 2 ++ internal/app/cfsec/rules/aws/elb/alb_not_public_rule.go | 2 ++ internal/app/cfsec/rules/aws/elb/drop_invalid_headers_rule.go | 2 ++ internal/app/cfsec/rules/aws/elb/http_not_used_rule.go | 2 ++ internal/app/cfsec/rules/aws/elb/use_secure_tls_policy_rule.go | 2 ++ .../rules/aws/kinesis/enable_in_transit_encryption_rule.go | 2 ++ internal/app/cfsec/rules/aws/lambda/enable_tracing_rule.go | 2 ++ .../app/cfsec/rules/aws/lambda/restrict_source_arn_rule.go | 2 ++ internal/app/cfsec/rules/aws/s3/block_public_acls_rule.go | 2 ++ internal/app/cfsec/rules/aws/s3/block_public_policy_rule.go | 2 ++ internal/app/cfsec/rules/aws/s3/enable_encryption_rule.go | 1 + internal/app/cfsec/rules/aws/s3/enable_logging_rule.go | 2 ++ internal/app/cfsec/rules/aws/s3/enable_versioning_rule.go | 2 ++ internal/app/cfsec/rules/aws/s3/ignore_public_acls_rule.go | 2 ++ internal/app/cfsec/rules/aws/s3/no_pubic_acls_rule.go | 2 ++ .../app/cfsec/rules/aws/s3/require_public_access_block_rule.go | 2 ++ .../app/cfsec/rules/aws/s3/restrict_public_buckets_rule.go | 2 ++ .../cfsec/rules/aws/workspaces/enable_disk_encryption_rule.go | 2 ++ 55 files changed, 109 insertions(+) diff --git a/internal/app/cfsec/rules/aws/athena/enable_at_rest_encryption_rule.go b/internal/app/cfsec/rules/aws/athena/enable_at_rest_encryption_rule.go index a2ba01c1..9a8eeb7b 100644 --- a/internal/app/cfsec/rules/aws/athena/enable_at_rest_encryption_rule.go +++ b/internal/app/cfsec/rules/aws/athena/enable_at_rest_encryption_rule.go @@ -11,6 +11,7 @@ func init() { BadExample: []string{ `--- +AWSTemplateFormatVersion: 2010-09-09 Resources: BadExample: Properties: @@ -23,6 +24,7 @@ Resources: GoodExample: []string{ `--- +AWSTemplateFormatVersion: 2010-09-09 Resources: GoodExample: Properties: diff --git a/internal/app/cfsec/rules/aws/athena/no_encryption_override_rule.go b/internal/app/cfsec/rules/aws/athena/no_encryption_override_rule.go index 1a1a8329..943281d5 100644 --- a/internal/app/cfsec/rules/aws/athena/no_encryption_override_rule.go +++ b/internal/app/cfsec/rules/aws/athena/no_encryption_override_rule.go @@ -11,6 +11,7 @@ func init() { BadExample: []string{ `--- +AWSTemplateFormatVersion: 2010-09-09 Resources: BadExample: Properties: @@ -26,6 +27,7 @@ Resources: GoodExample: []string{ `--- +AWSTemplateFormatVersion: 2010-09-09 Resources: GoodExample: Properties: diff --git a/internal/app/cfsec/rules/aws/autoscaling/enable_at_rest_encryption_rule.go b/internal/app/cfsec/rules/aws/autoscaling/enable_at_rest_encryption_rule.go index 4ed8dc8d..e2e4e9f4 100644 --- a/internal/app/cfsec/rules/aws/autoscaling/enable_at_rest_encryption_rule.go +++ b/internal/app/cfsec/rules/aws/autoscaling/enable_at_rest_encryption_rule.go @@ -11,6 +11,7 @@ func init() { BadExample: []string{ `--- +AWSTemplateFormatVersion: 2010-09-09 Resources: BadExample: Properties: @@ -29,6 +30,7 @@ Resources: GoodExample: []string{ `--- +AWSTemplateFormatVersion: 2010-09-09 Resources: GoodExample: Properties: diff --git a/internal/app/cfsec/rules/aws/autoscaling/no_public_ip_rule.go b/internal/app/cfsec/rules/aws/autoscaling/no_public_ip_rule.go index e4e17047..bfbe8f8b 100644 --- a/internal/app/cfsec/rules/aws/autoscaling/no_public_ip_rule.go +++ b/internal/app/cfsec/rules/aws/autoscaling/no_public_ip_rule.go @@ -11,6 +11,7 @@ func init() { BadExample: []string{ `--- +AWSTemplateFormatVersion: 2010-09-09 Resources: BadExample: Properties: @@ -23,6 +24,7 @@ Resources: GoodExample: []string{ `--- +AWSTemplateFormatVersion: 2010-09-09 Resources: GoodExample: Properties: diff --git a/internal/app/cfsec/rules/aws/cloudfront/enable_logging_rule.go b/internal/app/cfsec/rules/aws/cloudfront/enable_logging_rule.go index f5857af8..e39a65de 100644 --- a/internal/app/cfsec/rules/aws/cloudfront/enable_logging_rule.go +++ b/internal/app/cfsec/rules/aws/cloudfront/enable_logging_rule.go @@ -11,6 +11,7 @@ func init() { BadExample: []string{ `--- +AWSTemplateFormatVersion: 2010-09-09 Resources: BadExample: Properties: @@ -28,6 +29,7 @@ Resources: GoodExample: []string{ `--- +AWSTemplateFormatVersion: 2010-09-09 Resources: GoodExample: Properties: diff --git a/internal/app/cfsec/rules/aws/cloudfront/enable_waf_rule.go b/internal/app/cfsec/rules/aws/cloudfront/enable_waf_rule.go index 52c3851f..83761593 100644 --- a/internal/app/cfsec/rules/aws/cloudfront/enable_waf_rule.go +++ b/internal/app/cfsec/rules/aws/cloudfront/enable_waf_rule.go @@ -11,6 +11,7 @@ func init() { BadExample: []string{ `--- +AWSTemplateFormatVersion: 2010-09-09 Resources: BadExample: Properties: @@ -30,6 +31,7 @@ Resources: GoodExample: []string{ `--- +AWSTemplateFormatVersion: 2010-09-09 Resources: GoodExample: Properties: diff --git a/internal/app/cfsec/rules/aws/cloudfront/enforce_https_rule.go b/internal/app/cfsec/rules/aws/cloudfront/enforce_https_rule.go index 3f78b9cf..920f0ca6 100644 --- a/internal/app/cfsec/rules/aws/cloudfront/enforce_https_rule.go +++ b/internal/app/cfsec/rules/aws/cloudfront/enforce_https_rule.go @@ -11,6 +11,7 @@ func init() { BadExample: []string{ `--- +AWSTemplateFormatVersion: 2010-09-09 Resources: BadExample: Properties: @@ -31,6 +32,7 @@ Resources: GoodExample: []string{ `--- +AWSTemplateFormatVersion: 2010-09-09 Resources: GoodExample: Properties: diff --git a/internal/app/cfsec/rules/aws/cloudfront/use_secure_tls_policy_rule.go b/internal/app/cfsec/rules/aws/cloudfront/use_secure_tls_policy_rule.go index b20ec68d..6b680b80 100644 --- a/internal/app/cfsec/rules/aws/cloudfront/use_secure_tls_policy_rule.go +++ b/internal/app/cfsec/rules/aws/cloudfront/use_secure_tls_policy_rule.go @@ -11,6 +11,7 @@ func init() { BadExample: []string{ `--- +AWSTemplateFormatVersion: 2010-09-09 Resources: BadExample: Properties: @@ -32,6 +33,7 @@ Resources: GoodExample: []string{ `--- +AWSTemplateFormatVersion: 2010-09-09 Resources: GoodExample: Properties: diff --git a/internal/app/cfsec/rules/aws/cloudtrail/enable_all_regions_rule.go b/internal/app/cfsec/rules/aws/cloudtrail/enable_all_regions_rule.go index c933dbfc..4182d08f 100644 --- a/internal/app/cfsec/rules/aws/cloudtrail/enable_all_regions_rule.go +++ b/internal/app/cfsec/rules/aws/cloudtrail/enable_all_regions_rule.go @@ -11,6 +11,7 @@ func init() { scanner.RegisterCheckRule(rules.Rule{ BadExample: []string{ `--- +AWSTemplateFormatVersion: 2010-09-09 Resources: BadExample: Type: AWS::CloudTrail::Trail @@ -23,6 +24,7 @@ Resources: `, }, GoodExample: []string{`--- +AWSTemplateFormatVersion: 2010-09-09 Resources: BadExample: Type: AWS::CloudTrail::Trail diff --git a/internal/app/cfsec/rules/aws/cloudtrail/enable_at_rest_encryption_rule.go b/internal/app/cfsec/rules/aws/cloudtrail/enable_at_rest_encryption_rule.go index 4dc77127..84632906 100644 --- a/internal/app/cfsec/rules/aws/cloudtrail/enable_at_rest_encryption_rule.go +++ b/internal/app/cfsec/rules/aws/cloudtrail/enable_at_rest_encryption_rule.go @@ -11,6 +11,7 @@ func init() { scanner.RegisterCheckRule(rules.Rule{ BadExample: []string{ `--- +AWSTemplateFormatVersion: 2010-09-09 Resources: BadExample: Type: AWS::CloudTrail::Trail @@ -23,6 +24,7 @@ Resources: `, }, GoodExample: []string{`--- +AWSTemplateFormatVersion: 2010-09-09 Resources: BadExample: Type: AWS::CloudTrail::Trail diff --git a/internal/app/cfsec/rules/aws/cloudtrail/enable_log_validation_rule.go b/internal/app/cfsec/rules/aws/cloudtrail/enable_log_validation_rule.go index 88d9ee21..20e5b4eb 100644 --- a/internal/app/cfsec/rules/aws/cloudtrail/enable_log_validation_rule.go +++ b/internal/app/cfsec/rules/aws/cloudtrail/enable_log_validation_rule.go @@ -11,6 +11,7 @@ func init() { scanner.RegisterCheckRule(rules.Rule{ BadExample: []string{ `--- +AWSTemplateFormatVersion: 2010-09-09 Resources: BadExample: Type: AWS::CloudTrail::Trail @@ -23,6 +24,7 @@ Resources: `, }, GoodExample: []string{`--- +AWSTemplateFormatVersion: 2010-09-09 Resources: BadExample: Type: AWS::CloudTrail::Trail diff --git a/internal/app/cfsec/rules/aws/cloudwatch/log_group_customer_key_rule.go b/internal/app/cfsec/rules/aws/cloudwatch/log_group_customer_key_rule.go index 15a15826..e597fa57 100644 --- a/internal/app/cfsec/rules/aws/cloudwatch/log_group_customer_key_rule.go +++ b/internal/app/cfsec/rules/aws/cloudwatch/log_group_customer_key_rule.go @@ -11,6 +11,7 @@ func init() { scanner.RegisterCheckRule(rules.Rule{ BadExample: []string{`--- +AWSTemplateFormatVersion: 2010-09-09 Resources: BadExample: Type: AWS::Logs::LogGroup @@ -20,6 +21,7 @@ Resources: RetentionInDays: 30 `}, GoodExample: []string{`--- +AWSTemplateFormatVersion: 2010-09-09 Resources: GoodExample: Type: AWS::Logs::LogGroup diff --git a/internal/app/cfsec/rules/aws/codebuild/enable_artifact_encryption_rule.go b/internal/app/cfsec/rules/aws/codebuild/enable_artifact_encryption_rule.go index 3491577e..0a326ecb 100644 --- a/internal/app/cfsec/rules/aws/codebuild/enable_artifact_encryption_rule.go +++ b/internal/app/cfsec/rules/aws/codebuild/enable_artifact_encryption_rule.go @@ -10,6 +10,7 @@ func init() { scanner.RegisterCheckRule(rules.Rule{ BadExample: []string{`--- +AWSTemplateFormatVersion: 2010-09-09 Resources: GoodProject: Type: AWS::CodeBuild::Project @@ -36,6 +37,7 @@ Resources: Type: "String" `, `--- +AWSTemplateFormatVersion: 2010-09-09 Resources: GoodProject: Type: AWS::CodeBuild::Project @@ -63,6 +65,7 @@ Resources: `}, GoodExample: []string{`--- +AWSTemplateFormatVersion: 2010-09-09 Resources: GoodProject: Type: AWS::CodeBuild::Project diff --git a/internal/app/cfsec/rules/aws/config/aggregate_all_regions_rule.go b/internal/app/cfsec/rules/aws/config/aggregate_all_regions_rule.go index 0a9b193e..02157223 100644 --- a/internal/app/cfsec/rules/aws/config/aggregate_all_regions_rule.go +++ b/internal/app/cfsec/rules/aws/config/aggregate_all_regions_rule.go @@ -10,6 +10,7 @@ func init() { scanner.RegisterCheckRule(rules.Rule{ BadExample: []string{`--- +AWSTemplateFormatVersion: 2010-09-09 Resources: BadExample: Type: AWS::Config::ConfigurationAggregator @@ -17,6 +18,7 @@ Resources: ConfigurationAggregatorName: "BadAccountLevelAggregation" `}, GoodExample: []string{`--- +AWSTemplateFormatVersion: 2010-09-09 Resources: GoodExample: Type: AWS::Config::ConfigurationAggregator @@ -26,6 +28,7 @@ Resources: ConfigurationAggregatorName: "GoodAccountLevelAggregation" `, `--- +AWSTemplateFormatVersion: 2010-09-09 Resources: GoodExample: Type: AWS::Config::ConfigurationAggregator diff --git a/internal/app/cfsec/rules/aws/documentdb/enable_log_export_rule.go b/internal/app/cfsec/rules/aws/documentdb/enable_log_export_rule.go index d8477fe0..ab9d900b 100644 --- a/internal/app/cfsec/rules/aws/documentdb/enable_log_export_rule.go +++ b/internal/app/cfsec/rules/aws/documentdb/enable_log_export_rule.go @@ -28,6 +28,7 @@ func init() { PreferredMaintenanceWindow: 'sat:06:54-sat:07:24' `}, GoodExample: []string{`--- +AWSTemplateFormatVersion: 2010-09-09 Resources: GoodExample: Type: "AWS::DocDB::DBCluster" diff --git a/internal/app/cfsec/rules/aws/documentdb/enable_storage_encryption_rule.go b/internal/app/cfsec/rules/aws/documentdb/enable_storage_encryption_rule.go index ecd316b3..cbb112e5 100644 --- a/internal/app/cfsec/rules/aws/documentdb/enable_storage_encryption_rule.go +++ b/internal/app/cfsec/rules/aws/documentdb/enable_storage_encryption_rule.go @@ -28,6 +28,7 @@ func init() { PreferredMaintenanceWindow: 'sat:06:54-sat:07:24' `}, GoodExample: []string{`--- +AWSTemplateFormatVersion: 2010-09-09 Resources: GoodExample: Type: "AWS::DocDB::DBCluster" diff --git a/internal/app/cfsec/rules/aws/documentdb/encryption_customer_key_rule.go b/internal/app/cfsec/rules/aws/documentdb/encryption_customer_key_rule.go index f765de18..43108ea2 100644 --- a/internal/app/cfsec/rules/aws/documentdb/encryption_customer_key_rule.go +++ b/internal/app/cfsec/rules/aws/documentdb/encryption_customer_key_rule.go @@ -28,6 +28,7 @@ func init() { PreferredMaintenanceWindow: 'sat:06:54-sat:07:24' `}, GoodExample: []string{`--- +AWSTemplateFormatVersion: 2010-09-09 Resources: GoodExample: Type: "AWS::DocDB::DBCluster" diff --git a/internal/app/cfsec/rules/aws/dynamodb/enable_at_rest_encryption_rule.go b/internal/app/cfsec/rules/aws/dynamodb/enable_at_rest_encryption_rule.go index ea10b4ac..cd960cf9 100644 --- a/internal/app/cfsec/rules/aws/dynamodb/enable_at_rest_encryption_rule.go +++ b/internal/app/cfsec/rules/aws/dynamodb/enable_at_rest_encryption_rule.go @@ -11,6 +11,7 @@ func init() { scanner.RegisterCheckRule(rules.Rule{ BadExample: []string{`--- +AWSTemplateFormatVersion: 2010-09-09 Resources: daxCluster: Type: AWS::DAX::Cluster @@ -23,6 +24,7 @@ Resources: SubnetGroupName: !Ref subnetGroupClu `}, GoodExample: []string{`--- +AWSTemplateFormatVersion: 2010-09-09 Resources: daxCluster: Type: AWS::DAX::Cluster diff --git a/internal/app/cfsec/rules/aws/ebs/enable_volume_encryption_rule.go b/internal/app/cfsec/rules/aws/ebs/enable_volume_encryption_rule.go index cf926ec1..89c59df2 100644 --- a/internal/app/cfsec/rules/aws/ebs/enable_volume_encryption_rule.go +++ b/internal/app/cfsec/rules/aws/ebs/enable_volume_encryption_rule.go @@ -11,6 +11,7 @@ func init() { scanner.RegisterCheckRule(rules.Rule{ BadExample: []string{`--- +AWSTemplateFormatVersion: 2010-09-09 Resources: BadExample: Type: AWS::EC2::Volume @@ -20,6 +21,7 @@ Resources: DeletionPolicy: Snapshot `}, GoodExample: []string{`--- +AWSTemplateFormatVersion: 2010-09-09 Resources: GoodExample: Type: AWS::EC2::Volume diff --git a/internal/app/cfsec/rules/aws/ebs/encryption_customer_key_rule.go b/internal/app/cfsec/rules/aws/ebs/encryption_customer_key_rule.go index 42541fdf..ff2567ad 100644 --- a/internal/app/cfsec/rules/aws/ebs/encryption_customer_key_rule.go +++ b/internal/app/cfsec/rules/aws/ebs/encryption_customer_key_rule.go @@ -10,6 +10,7 @@ func init() { scanner.RegisterCheckRule(rules.Rule{ BadExample: []string{`--- +AWSTemplateFormatVersion: 2010-09-09 Resources: BadExample: Type: AWS::EC2::Volume @@ -19,6 +20,7 @@ Resources: DeletionPolicy: Snapshot `}, GoodExample: []string{`--- +AWSTemplateFormatVersion: 2010-09-09 Resources: GoodExample: Type: AWS::EC2::Volume diff --git a/internal/app/cfsec/rules/aws/ec2/no_secrets_in_user_data_rule.go b/internal/app/cfsec/rules/aws/ec2/no_secrets_in_user_data_rule.go index af58bd3c..36cf26b8 100644 --- a/internal/app/cfsec/rules/aws/ec2/no_secrets_in_user_data_rule.go +++ b/internal/app/cfsec/rules/aws/ec2/no_secrets_in_user_data_rule.go @@ -10,6 +10,7 @@ func init() { scanner.RegisterCheckRule(rules.Rule{ BadExample: []string{`--- +AWSTemplateFormatVersion: 2010-09-09 Resources: BadExample: Type: AWS::EC2::Instance @@ -28,6 +29,7 @@ Resources: `}, GoodExample: []string{`--- +AWSTemplateFormatVersion: 2010-09-09 Resources: GoodExample: Type: AWS::EC2::Instance diff --git a/internal/app/cfsec/rules/aws/ecr/enable_image_scanning_rule.go b/internal/app/cfsec/rules/aws/ecr/enable_image_scanning_rule.go index 0b0113f0..f96b083c 100644 --- a/internal/app/cfsec/rules/aws/ecr/enable_image_scanning_rule.go +++ b/internal/app/cfsec/rules/aws/ecr/enable_image_scanning_rule.go @@ -11,6 +11,7 @@ func init() { scanner.RegisterCheckRule(rules.Rule{ BadExample: []string{`--- +AWSTemplateFormatVersion: 2010-09-09 Resources: BadExample: Type: AWS::ECR::Repository @@ -20,6 +21,7 @@ Resources: ScanOnPush: false `}, GoodExample: []string{`--- +AWSTemplateFormatVersion: 2010-09-09 Resources: GoodExample: Type: AWS::ECR::Repository diff --git a/internal/app/cfsec/rules/aws/ecr/enforce_immutable_repository_rule.go b/internal/app/cfsec/rules/aws/ecr/enforce_immutable_repository_rule.go index 3ed68679..a9c38658 100644 --- a/internal/app/cfsec/rules/aws/ecr/enforce_immutable_repository_rule.go +++ b/internal/app/cfsec/rules/aws/ecr/enforce_immutable_repository_rule.go @@ -11,6 +11,7 @@ func init() { scanner.RegisterCheckRule(rules.Rule{ BadExample: []string{`--- +AWSTemplateFormatVersion: 2010-09-09 Resources: BadExample: Type: AWS::ECR::Repository @@ -20,6 +21,7 @@ Resources: ScanOnPush: false `}, GoodExample: []string{`--- +AWSTemplateFormatVersion: 2010-09-09 Resources: GoodExample: Type: AWS::ECR::Repository diff --git a/internal/app/cfsec/rules/aws/ecr/no_public_access_rule.go b/internal/app/cfsec/rules/aws/ecr/no_public_access_rule.go index 5a3afc15..a8b74299 100644 --- a/internal/app/cfsec/rules/aws/ecr/no_public_access_rule.go +++ b/internal/app/cfsec/rules/aws/ecr/no_public_access_rule.go @@ -11,6 +11,7 @@ func init() { scanner.RegisterCheckRule(rules.Rule{ BadExample: []string{`--- +AWSTemplateFormatVersion: 2010-09-09 Resources: BadExample: Type: AWS::ECR::Repository @@ -37,6 +38,7 @@ Resources: - "ecr:CompleteLayerUpload" `}, GoodExample: []string{`--- +AWSTemplateFormatVersion: 2010-09-09 Resources: GoodExample: Type: AWS::ECR::Repository diff --git a/internal/app/cfsec/rules/aws/ecr/repository_customer_key_rule.go b/internal/app/cfsec/rules/aws/ecr/repository_customer_key_rule.go index 12914b13..af02b6fd 100644 --- a/internal/app/cfsec/rules/aws/ecr/repository_customer_key_rule.go +++ b/internal/app/cfsec/rules/aws/ecr/repository_customer_key_rule.go @@ -11,6 +11,7 @@ func init() { scanner.RegisterCheckRule(rules.Rule{ BadExample: []string{`--- +AWSTemplateFormatVersion: 2010-09-09 Resources: BadExample: Type: AWS::ECR::Repository @@ -20,6 +21,7 @@ Resources: ScanOnPush: false `}, GoodExample: []string{`--- +AWSTemplateFormatVersion: 2010-09-09 Resources: GoodExample: Type: AWS::ECR::Repository diff --git a/internal/app/cfsec/rules/aws/ecs/enable_container_insight_rule.go b/internal/app/cfsec/rules/aws/ecs/enable_container_insight_rule.go index 508bcd75..933ab3bb 100644 --- a/internal/app/cfsec/rules/aws/ecs/enable_container_insight_rule.go +++ b/internal/app/cfsec/rules/aws/ecs/enable_container_insight_rule.go @@ -10,6 +10,7 @@ func init() { scanner.RegisterCheckRule(rules.Rule{ BadExample: []string{`--- +AWSTemplateFormatVersion: 2010-09-09 Resources: BadExample: Type: 'AWS::ECS::Cluster' @@ -17,6 +18,7 @@ Resources: ClusterName: MyCluster `}, GoodExample: []string{`--- +AWSTemplateFormatVersion: 2010-09-09 Resources: GoodExample: Type: 'AWS::ECS::Cluster' diff --git a/internal/app/cfsec/rules/aws/ecs/enable_in_transit_encryption_rule.go b/internal/app/cfsec/rules/aws/ecs/enable_in_transit_encryption_rule.go index 16d16528..8dd8d9a2 100644 --- a/internal/app/cfsec/rules/aws/ecs/enable_in_transit_encryption_rule.go +++ b/internal/app/cfsec/rules/aws/ecs/enable_in_transit_encryption_rule.go @@ -10,6 +10,7 @@ func init() { scanner.RegisterCheckRule(rules.Rule{ BadExample: []string{`--- +AWSTemplateFormatVersion: 2010-09-09 Resources: BadExample: Type: 'AWS::ECS::Cluster' @@ -46,6 +47,7 @@ Resources: FilesystemId: "fs1" TransitEncryption: DISABLED`}, GoodExample: []string{`--- +AWSTemplateFormatVersion: 2010-09-09 Resources: GoodExample: Type: 'AWS::ECS::Cluster' diff --git a/internal/app/cfsec/rules/aws/ecs/no_plaintext_secrets_rule.go b/internal/app/cfsec/rules/aws/ecs/no_plaintext_secrets_rule.go index d684a5fd..9bca0239 100644 --- a/internal/app/cfsec/rules/aws/ecs/no_plaintext_secrets_rule.go +++ b/internal/app/cfsec/rules/aws/ecs/no_plaintext_secrets_rule.go @@ -10,6 +10,7 @@ func init() { scanner.RegisterCheckRule(rules.Rule{ BadExample: []string{`--- +AWSTemplateFormatVersion: 2010-09-09 Resources: BadExample: Type: 'AWS::ECS::Cluster' @@ -50,6 +51,7 @@ Resources: TransitEncryption: DISABLED `}, GoodExample: []string{`--- +AWSTemplateFormatVersion: 2010-09-09 Resources: GoodExample: Type: 'AWS::ECS::Cluster' diff --git a/internal/app/cfsec/rules/aws/efs/enable_at_rest_encryption_rule.go b/internal/app/cfsec/rules/aws/efs/enable_at_rest_encryption_rule.go index dd3948e9..bae7bfbc 100644 --- a/internal/app/cfsec/rules/aws/efs/enable_at_rest_encryption_rule.go +++ b/internal/app/cfsec/rules/aws/efs/enable_at_rest_encryption_rule.go @@ -11,6 +11,7 @@ func init() { scanner.RegisterCheckRule(rules.Rule{ BadExample: []string{`--- +AWSTemplateFormatVersion: 2010-09-09 Resources: BadExample: Type: AWS::EFS::FileSystem @@ -24,6 +25,7 @@ Resources: ThroughputMode: bursting `}, GoodExample: []string{`--- +AWSTemplateFormatVersion: 2010-09-09 Resources: GoodExample: Type: AWS::EFS::FileSystem diff --git a/internal/app/cfsec/rules/aws/eks/encrypt_secrets_rule.go b/internal/app/cfsec/rules/aws/eks/encrypt_secrets_rule.go index 4ae5b83a..9e3b2aef 100644 --- a/internal/app/cfsec/rules/aws/eks/encrypt_secrets_rule.go +++ b/internal/app/cfsec/rules/aws/eks/encrypt_secrets_rule.go @@ -11,6 +11,7 @@ func init() { scanner.RegisterCheckRule(rules.Rule{ BadExample: []string{`--- +AWSTemplateFormatVersion: 2010-09-09 Resources: BadExample: Type: 'AWS::EKS::Cluster' @@ -27,6 +28,7 @@ Resources: - subnet-e7e761ac `}, GoodExample: []string{`--- +AWSTemplateFormatVersion: 2010-09-09 Resources: GoodExample: Type: 'AWS::EKS::Cluster' diff --git a/internal/app/cfsec/rules/aws/elasticache/add_description_for_security_group_rule.go b/internal/app/cfsec/rules/aws/elasticache/add_description_for_security_group_rule.go index 303cd409..282e05e8 100644 --- a/internal/app/cfsec/rules/aws/elasticache/add_description_for_security_group_rule.go +++ b/internal/app/cfsec/rules/aws/elasticache/add_description_for_security_group_rule.go @@ -10,6 +10,7 @@ func init() { scanner.RegisterCheckRule(rules.Rule{ BadExample: []string{`--- +AWSTemplateFormatVersion: 2010-09-09 Resources: BadExampleCacheGroup: Type: AWS::ElastiCache::SecurityGroup @@ -28,6 +29,7 @@ Resources: EC2SecurityGroupName: BadExampleEc2SecurityGroup `}, GoodExample: []string{`--- +AWSTemplateFormatVersion: 2010-09-09 Resources: GoodExampleCacheGroup: Type: AWS::ElastiCache::SecurityGroup diff --git a/internal/app/cfsec/rules/aws/elasticache/enable_backup_retention_rule.go b/internal/app/cfsec/rules/aws/elasticache/enable_backup_retention_rule.go index 654474bc..8f4e5367 100644 --- a/internal/app/cfsec/rules/aws/elasticache/enable_backup_retention_rule.go +++ b/internal/app/cfsec/rules/aws/elasticache/enable_backup_retention_rule.go @@ -10,6 +10,7 @@ func init() { scanner.RegisterCheckRule(rules.Rule{ BadExample: []string{`--- +AWSTemplateFormatVersion: 2010-09-09 Resources: BadExample: Type: AWS::ElastiCache::CacheCluster @@ -24,6 +25,7 @@ Resources: - us-west-2b `}, GoodExample: []string{`--- +AWSTemplateFormatVersion: 2010-09-09 Resources: GoodExample: Type: AWS::ElastiCache::CacheCluster diff --git a/internal/app/cfsec/rules/aws/elasticache/enable_in_transit_encryption_rule.go b/internal/app/cfsec/rules/aws/elasticache/enable_in_transit_encryption_rule.go index 76a6caf2..cf04e331 100644 --- a/internal/app/cfsec/rules/aws/elasticache/enable_in_transit_encryption_rule.go +++ b/internal/app/cfsec/rules/aws/elasticache/enable_in_transit_encryption_rule.go @@ -10,6 +10,7 @@ func init() { scanner.RegisterCheckRule(rules.Rule{ BadExample: []string{`--- +AWSTemplateFormatVersion: 2010-09-09 Resources: BadExample: Type: 'AWS::ElastiCache::ReplicationGroup' @@ -30,6 +31,7 @@ Resources: SnapshotWindow: '10:00-12:00' `}, GoodExample: []string{`--- +AWSTemplateFormatVersion: 2010-09-09 Resources: GoodExample: Type: 'AWS::ElastiCache::ReplicationGroup' @@ -55,6 +57,7 @@ Resources: } var b = `--- +AWSTemplateFormatVersion: 2010-09-09 Resources: BadExample: Type: 'AWS::ElastiCache::ReplicationGroup' diff --git a/internal/app/cfsec/rules/aws/elasticsearch/enable_domain_encryption_rule.go b/internal/app/cfsec/rules/aws/elasticsearch/enable_domain_encryption_rule.go index 15a5c628..a8f102b0 100644 --- a/internal/app/cfsec/rules/aws/elasticsearch/enable_domain_encryption_rule.go +++ b/internal/app/cfsec/rules/aws/elasticsearch/enable_domain_encryption_rule.go @@ -11,6 +11,7 @@ func init() { scanner.RegisterCheckRule(rules.Rule{ BadExample: []string{ `--- +AWSTemplateFormatVersion: 2010-09-09 Resources: BadExample: Type: AWS::Elasticsearch::Domain @@ -33,6 +34,7 @@ Resources: }, GoodExample: []string{ `--- +AWSTemplateFormatVersion: 2010-09-09 Resources: GoodExample: Type: AWS::Elasticsearch::Domain diff --git a/internal/app/cfsec/rules/aws/elasticsearch/enable_domain_logging_rule.go b/internal/app/cfsec/rules/aws/elasticsearch/enable_domain_logging_rule.go index d1b5c7b1..f347c7f4 100644 --- a/internal/app/cfsec/rules/aws/elasticsearch/enable_domain_logging_rule.go +++ b/internal/app/cfsec/rules/aws/elasticsearch/enable_domain_logging_rule.go @@ -11,6 +11,7 @@ func init() { scanner.RegisterCheckRule(rules.Rule{ BadExample: []string{ `--- +AWSTemplateFormatVersion: 2010-09-09 Resources: BadExample: Type: AWS::Elasticsearch::Domain @@ -33,6 +34,7 @@ Resources: }, GoodExample: []string{ `--- +AWSTemplateFormatVersion: 2010-09-09 Resources: GoodExample: Type: AWS::Elasticsearch::Domain diff --git a/internal/app/cfsec/rules/aws/elasticsearch/enable_in_transit_encryption_rule.go b/internal/app/cfsec/rules/aws/elasticsearch/enable_in_transit_encryption_rule.go index e95c4fa6..bada8c03 100644 --- a/internal/app/cfsec/rules/aws/elasticsearch/enable_in_transit_encryption_rule.go +++ b/internal/app/cfsec/rules/aws/elasticsearch/enable_in_transit_encryption_rule.go @@ -11,6 +11,7 @@ func init() { scanner.RegisterCheckRule(rules.Rule{ BadExample: []string{ `--- +AWSTemplateFormatVersion: 2010-09-09 Resources: BadExample: Type: AWS::Elasticsearch::Domain @@ -33,6 +34,7 @@ Resources: }, GoodExample: []string{ `--- +AWSTemplateFormatVersion: 2010-09-09 Resources: GoodExample: Type: AWS::Elasticsearch::Domain diff --git a/internal/app/cfsec/rules/aws/elasticsearch/enforce_https_rule.go b/internal/app/cfsec/rules/aws/elasticsearch/enforce_https_rule.go index 807be245..48ae068c 100644 --- a/internal/app/cfsec/rules/aws/elasticsearch/enforce_https_rule.go +++ b/internal/app/cfsec/rules/aws/elasticsearch/enforce_https_rule.go @@ -11,6 +11,7 @@ func init() { scanner.RegisterCheckRule(rules.Rule{ BadExample: []string{ `--- +AWSTemplateFormatVersion: 2010-09-09 Resources: BadExample: Type: AWS::Elasticsearch::Domain @@ -33,6 +34,7 @@ Resources: }, GoodExample: []string{ `--- +AWSTemplateFormatVersion: 2010-09-09 Resources: GoodExample: Type: AWS::Elasticsearch::Domain diff --git a/internal/app/cfsec/rules/aws/elasticsearch/use_secure_tls_policy_rule.go b/internal/app/cfsec/rules/aws/elasticsearch/use_secure_tls_policy_rule.go index 59533b3d..fca5e7b5 100644 --- a/internal/app/cfsec/rules/aws/elasticsearch/use_secure_tls_policy_rule.go +++ b/internal/app/cfsec/rules/aws/elasticsearch/use_secure_tls_policy_rule.go @@ -11,6 +11,7 @@ func init() { scanner.RegisterCheckRule(rules.Rule{ BadExample: []string{ `--- +AWSTemplateFormatVersion: 2010-09-09 Resources: BadExample: Type: AWS::Elasticsearch::Domain @@ -33,6 +34,7 @@ Resources: }, GoodExample: []string{ `--- +AWSTemplateFormatVersion: 2010-09-09 Resources: GoodExample: Type: AWS::Elasticsearch::Domain diff --git a/internal/app/cfsec/rules/aws/elb/alb_not_public_rule.go b/internal/app/cfsec/rules/aws/elb/alb_not_public_rule.go index 0b17db16..b51cb6cd 100644 --- a/internal/app/cfsec/rules/aws/elb/alb_not_public_rule.go +++ b/internal/app/cfsec/rules/aws/elb/alb_not_public_rule.go @@ -10,6 +10,7 @@ func init() { scanner.RegisterCheckRule(rules.Rule{ BadExample: []string{`--- +AWSTemplateFormatVersion: 2010-09-09 Resources: BadExample: Type: AWS::ElasticLoadBalancingV2::LoadBalancer @@ -21,6 +22,7 @@ Resources: Type: application `}, GoodExample: []string{`--- +AWSTemplateFormatVersion: 2010-09-09 Resources: GoodExample: Type: AWS::ElasticLoadBalancingV2::LoadBalancer diff --git a/internal/app/cfsec/rules/aws/elb/drop_invalid_headers_rule.go b/internal/app/cfsec/rules/aws/elb/drop_invalid_headers_rule.go index f44e5e7b..9cb72ce4 100644 --- a/internal/app/cfsec/rules/aws/elb/drop_invalid_headers_rule.go +++ b/internal/app/cfsec/rules/aws/elb/drop_invalid_headers_rule.go @@ -10,6 +10,7 @@ func init() { scanner.RegisterCheckRule(rules.Rule{ BadExample: []string{`--- +AWSTemplateFormatVersion: 2010-09-09 Resources: BadExample: Type: AWS::ElasticLoadBalancingV2::LoadBalancer @@ -21,6 +22,7 @@ Resources: Type: application `}, GoodExample: []string{`--- +AWSTemplateFormatVersion: 2010-09-09 Resources: GoodExample: Type: AWS::ElasticLoadBalancingV2::LoadBalancer diff --git a/internal/app/cfsec/rules/aws/elb/http_not_used_rule.go b/internal/app/cfsec/rules/aws/elb/http_not_used_rule.go index d3e7b58f..8eb1f020 100644 --- a/internal/app/cfsec/rules/aws/elb/http_not_used_rule.go +++ b/internal/app/cfsec/rules/aws/elb/http_not_used_rule.go @@ -10,6 +10,7 @@ func init() { scanner.RegisterCheckRule(rules.Rule{ BadExample: []string{`--- +AWSTemplateFormatVersion: 2010-09-09 Resources: BadExample: Type: AWS::ElasticLoadBalancingV2::LoadBalancer @@ -37,6 +38,7 @@ Resources: SslPolicy: ELBSecurityPolicy-FS-1-2-Res-2020-10 `}, GoodExample: []string{`--- +AWSTemplateFormatVersion: 2010-09-09 Resources: GoodExample: Type: AWS::ElasticLoadBalancingV2::LoadBalancer diff --git a/internal/app/cfsec/rules/aws/elb/use_secure_tls_policy_rule.go b/internal/app/cfsec/rules/aws/elb/use_secure_tls_policy_rule.go index f95f66dc..69d06a44 100644 --- a/internal/app/cfsec/rules/aws/elb/use_secure_tls_policy_rule.go +++ b/internal/app/cfsec/rules/aws/elb/use_secure_tls_policy_rule.go @@ -10,6 +10,7 @@ func init() { scanner.RegisterCheckRule(rules.Rule{ BadExample: []string{`--- +AWSTemplateFormatVersion: 2010-09-09 Resources: BadExample: Type: AWS::ElasticLoadBalancingV2::LoadBalancer @@ -40,6 +41,7 @@ Resources: Protocol: "HTTP" `}, GoodExample: []string{`--- +AWSTemplateFormatVersion: 2010-09-09 Resources: BadExample: Type: AWS::ElasticLoadBalancingV2::LoadBalancer diff --git a/internal/app/cfsec/rules/aws/kinesis/enable_in_transit_encryption_rule.go b/internal/app/cfsec/rules/aws/kinesis/enable_in_transit_encryption_rule.go index d6629a7e..75281636 100644 --- a/internal/app/cfsec/rules/aws/kinesis/enable_in_transit_encryption_rule.go +++ b/internal/app/cfsec/rules/aws/kinesis/enable_in_transit_encryption_rule.go @@ -11,6 +11,7 @@ func init() { BadExample: []string{ `--- +AWSTemplateFormatVersion: 2010-09-09 Resources: BadExample: Type: AWS::Kinesis::Stream @@ -28,6 +29,7 @@ Resources: GoodExample: []string{ `--- +AWSTemplateFormatVersion: 2010-09-09 Resources: GoodExample: Type: AWS::Kinesis::Stream diff --git a/internal/app/cfsec/rules/aws/lambda/enable_tracing_rule.go b/internal/app/cfsec/rules/aws/lambda/enable_tracing_rule.go index c0c4f4a6..4d546fcd 100644 --- a/internal/app/cfsec/rules/aws/lambda/enable_tracing_rule.go +++ b/internal/app/cfsec/rules/aws/lambda/enable_tracing_rule.go @@ -10,6 +10,7 @@ func init() { scanner.RegisterCheckRule(rules.Rule{ BadExample: []string{`--- +AWSTemplateFormatVersion: 2010-09-09 Resources: BadExample: Type: AWS::Lambda::Function @@ -28,6 +29,7 @@ Resources: - subnet-071f712345678e7c8 - subnet-07fd123456788a036`}, GoodExample: []string{`--- +AWSTemplateFormatVersion: 2010-09-09 Resources: Function: Type: AWS::Lambda::Function diff --git a/internal/app/cfsec/rules/aws/lambda/restrict_source_arn_rule.go b/internal/app/cfsec/rules/aws/lambda/restrict_source_arn_rule.go index 92a66551..75d846a8 100644 --- a/internal/app/cfsec/rules/aws/lambda/restrict_source_arn_rule.go +++ b/internal/app/cfsec/rules/aws/lambda/restrict_source_arn_rule.go @@ -10,6 +10,7 @@ func init() { scanner.RegisterCheckRule(rules.Rule{ BadExample: []string{`--- +AWSTemplateFormatVersion: 2010-09-09 Resources: BadExample: Type: AWS::Lambda::Function @@ -38,6 +39,7 @@ Resources: `}, GoodExample: []string{`--- +AWSTemplateFormatVersion: 2010-09-09 Resources: GoodExample: Type: AWS::Lambda::Function diff --git a/internal/app/cfsec/rules/aws/s3/block_public_acls_rule.go b/internal/app/cfsec/rules/aws/s3/block_public_acls_rule.go index 3e6dc692..85fa249b 100644 --- a/internal/app/cfsec/rules/aws/s3/block_public_acls_rule.go +++ b/internal/app/cfsec/rules/aws/s3/block_public_acls_rule.go @@ -11,6 +11,7 @@ func init() { BadExample: []string{ `--- +AWSTemplateFormatVersion: 2010-09-09 Resources: BadExample: Properties: @@ -21,6 +22,7 @@ Resources: GoodExample: []string{ `--- +AWSTemplateFormatVersion: 2010-09-09 Resources: GoodExample: Properties: diff --git a/internal/app/cfsec/rules/aws/s3/block_public_policy_rule.go b/internal/app/cfsec/rules/aws/s3/block_public_policy_rule.go index 64e12f18..beb502f9 100644 --- a/internal/app/cfsec/rules/aws/s3/block_public_policy_rule.go +++ b/internal/app/cfsec/rules/aws/s3/block_public_policy_rule.go @@ -11,6 +11,7 @@ func init() { BadExample: []string{ `--- +AWSTemplateFormatVersion: 2010-09-09 Resources: BadExample: Properties: @@ -21,6 +22,7 @@ Resources: GoodExample: []string{ `--- +AWSTemplateFormatVersion: 2010-09-09 Resources: GoodExample: Properties: diff --git a/internal/app/cfsec/rules/aws/s3/enable_encryption_rule.go b/internal/app/cfsec/rules/aws/s3/enable_encryption_rule.go index 7634868c..0adf9be5 100644 --- a/internal/app/cfsec/rules/aws/s3/enable_encryption_rule.go +++ b/internal/app/cfsec/rules/aws/s3/enable_encryption_rule.go @@ -11,6 +11,7 @@ func init() { BadExample: []string{ `--- +AWSTemplateFormatVersion: 2010-09-09 Resources: BadExample: Properties: diff --git a/internal/app/cfsec/rules/aws/s3/enable_logging_rule.go b/internal/app/cfsec/rules/aws/s3/enable_logging_rule.go index e018365c..df6ff5d0 100644 --- a/internal/app/cfsec/rules/aws/s3/enable_logging_rule.go +++ b/internal/app/cfsec/rules/aws/s3/enable_logging_rule.go @@ -11,6 +11,7 @@ func init() { BadExample: []string{ `--- +AWSTemplateFormatVersion: 2010-09-09 Resources: DisabledEncryptionBucket: Properties: @@ -20,6 +21,7 @@ Resources: GoodExample: []string{ `--- +AWSTemplateFormatVersion: 2010-09-09 Resources: GoodExample: Properties: diff --git a/internal/app/cfsec/rules/aws/s3/enable_versioning_rule.go b/internal/app/cfsec/rules/aws/s3/enable_versioning_rule.go index 8a13a748..2a54446c 100644 --- a/internal/app/cfsec/rules/aws/s3/enable_versioning_rule.go +++ b/internal/app/cfsec/rules/aws/s3/enable_versioning_rule.go @@ -11,6 +11,7 @@ func init() { BadExample: []string{ `--- +AWSTemplateFormatVersion: 2010-09-09 Resources: BadExample: Type: AWS::S3::Bucket @@ -19,6 +20,7 @@ Resources: GoodExample: []string{ `--- +AWSTemplateFormatVersion: 2010-09-09 Resources: GoodExample: Properties: diff --git a/internal/app/cfsec/rules/aws/s3/ignore_public_acls_rule.go b/internal/app/cfsec/rules/aws/s3/ignore_public_acls_rule.go index 63e5e85c..b42a8205 100644 --- a/internal/app/cfsec/rules/aws/s3/ignore_public_acls_rule.go +++ b/internal/app/cfsec/rules/aws/s3/ignore_public_acls_rule.go @@ -11,6 +11,7 @@ func init() { BadExample: []string{ `--- +AWSTemplateFormatVersion: 2010-09-09 Resources: BadExample: Properties: @@ -21,6 +22,7 @@ Resources: GoodExample: []string{ `--- +AWSTemplateFormatVersion: 2010-09-09 Resources: GoodExample: Properties: diff --git a/internal/app/cfsec/rules/aws/s3/no_pubic_acls_rule.go b/internal/app/cfsec/rules/aws/s3/no_pubic_acls_rule.go index 5540e78c..61d2da5c 100644 --- a/internal/app/cfsec/rules/aws/s3/no_pubic_acls_rule.go +++ b/internal/app/cfsec/rules/aws/s3/no_pubic_acls_rule.go @@ -11,6 +11,7 @@ func init() { BadExample: []string{ `--- +AWSTemplateFormatVersion: 2010-09-09 Resources: BadExample: Properties: @@ -21,6 +22,7 @@ Resources: GoodExample: []string{ `--- +AWSTemplateFormatVersion: 2010-09-09 Resources: GoodExample: Properties: diff --git a/internal/app/cfsec/rules/aws/s3/require_public_access_block_rule.go b/internal/app/cfsec/rules/aws/s3/require_public_access_block_rule.go index 6929bf77..49db1ea1 100644 --- a/internal/app/cfsec/rules/aws/s3/require_public_access_block_rule.go +++ b/internal/app/cfsec/rules/aws/s3/require_public_access_block_rule.go @@ -11,6 +11,7 @@ func init() { BadExample: []string{ `--- +AWSTemplateFormatVersion: 2010-09-09 Resources: BadExample: Properties: @@ -21,6 +22,7 @@ Resources: GoodExample: []string{ `--- +AWSTemplateFormatVersion: 2010-09-09 Resources: GoodExample: Properties: diff --git a/internal/app/cfsec/rules/aws/s3/restrict_public_buckets_rule.go b/internal/app/cfsec/rules/aws/s3/restrict_public_buckets_rule.go index d2a3f12f..e8543cd9 100644 --- a/internal/app/cfsec/rules/aws/s3/restrict_public_buckets_rule.go +++ b/internal/app/cfsec/rules/aws/s3/restrict_public_buckets_rule.go @@ -11,6 +11,7 @@ func init() { BadExample: []string{ `--- +AWSTemplateFormatVersion: 2010-09-09 Resources: BadExample: Properties: @@ -21,6 +22,7 @@ Resources: GoodExample: []string{ `--- +AWSTemplateFormatVersion: 2010-09-09 Resources: GoodExample: Properties: diff --git a/internal/app/cfsec/rules/aws/workspaces/enable_disk_encryption_rule.go b/internal/app/cfsec/rules/aws/workspaces/enable_disk_encryption_rule.go index 89da07a6..9f7a5393 100644 --- a/internal/app/cfsec/rules/aws/workspaces/enable_disk_encryption_rule.go +++ b/internal/app/cfsec/rules/aws/workspaces/enable_disk_encryption_rule.go @@ -10,6 +10,7 @@ func init() { scanner.RegisterCheckRule(rules.Rule{ BadExample: []string{`--- +AWSTemplateFormatVersion: 2010-09-09 Resources: BadExample: Type: AWS::WorkSpaces::Workspace @@ -30,6 +31,7 @@ Resources: } }`}, GoodExample: []string{`--- +AWSTemplateFormatVersion: 2010-09-09 Resources: GoodExample: Type: AWS::WorkSpaces::Workspace