API Gateway With Invalid Compression

  • Query id: d6653eee-2d4d-4e6a-976f-6794a497999a
  • Query name: API Gateway With Invalid Compression
  • Platform: CloudFormation
  • Severity: Medium
  • Category: Encryption
  • URL: Github

Description

API Gateway should have valid compression, which means attribute 'MinimumCompressionSize' should be set and its value should be greater than -1 and smaller than 10485760.
Documentation

Code samples

Code samples with security vulnerabilities

Postitive test num. 1 - yaml file
AWSTemplateFormatVersion: "2010-09-09"
Resources:
  RestApi3:
    Type: AWS::ApiGateway::RestApi
    Properties:
      Body:
        swagger: 2.0
        info:
            version: 0.0.1
            title: test
        basePath: /pete
        schemes:
            - https
        definitions:
            Empty:
                type: object
      MinimumCompressionSize: -1
      Name: myApi
      Parameters:
          endpointConfigurationTypes: REGIONAL
Postitive test num. 2 - yaml file
AWSTemplateFormatVersion: "2010-09-09"
Resources:
  RestApi4:
    Type: AWS::ApiGateway::RestApi
    Properties:
      Body:
        swagger: 2.0
        info:
            version: 0.0.1
            title: test
        basePath: /pete
        schemes:
            - https
        definitions:
            Empty:
                type: object
      MinimumCompressionSize: 10485760
      Name: myApi
      Parameters:
          endpointConfigurationTypes: REGIONAL
Postitive test num. 3 - yaml file
AWSTemplateFormatVersion: "2010-09-09"
Resources:
  RestApi5:
    Type: AWS::ApiGateway::RestApi
    Properties:
      Body:
        swagger: 2.0
        info:
            version: 0.0.1
            title: test
        basePath: /pete
        schemes:
            - https
        definitions:
            Empty:
                type: object
      Name: myApi
      Parameters:
          endpointConfigurationTypes: REGIONAL

Postitive test num. 4 - json file
{
  "Resources": {
    "RestApi6": {
      "Type": "AWS::ApiGateway::RestApi",
      "Properties": {
        "Body": {
          "swagger": 2,
          "info": {
            "version": "0.0.1",
            "title": "test"
          },
          "basePath": "/pete",
          "schemes": [
            "https"
          ],
          "definitions": {
            "Empty": {
              "type": "object"
            }
          }
        },
        "MinimumCompressionSize": -1,
        "Name": "myApi",
        "Parameters": {
          "endpointConfigurationTypes": "REGIONAL"
        }
      }
    }
  }
}
Postitive test num. 5 - json file
{
  "Resources": {
    "RestApi7": {
      "Type": "AWS::ApiGateway::RestApi",
      "Properties": {
        "Body": {
          "swagger": 2,
          "info": {
            "version": "0.0.1",
            "title": "test"
          },
          "basePath": "/pete",
          "schemes": [
            "https"
          ],
          "definitions": {
            "Empty": {
              "type": "object"
            }
          }
        },
        "MinimumCompressionSize": 10485760,
        "Name": "myApi",
        "Parameters": {
          "endpointConfigurationTypes": "REGIONAL"
        }
      }
    }
  }
}
Postitive test num. 6 - json file
{
  "Resources": {
    "RestApi8": {
      "Type": "AWS::ApiGateway::RestApi",
      "Properties": {
        "Body": {
          "swagger": 2,
          "info": {
            "version": "0.0.1",
            "title": "test"
          },
          "basePath": "/pete",
          "schemes": [
            "https"
          ],
          "definitions": {
            "Empty": {
              "type": "object"
            }
          }
        },
        "Name": "myApi",
        "Parameters": {
          "endpointConfigurationTypes": "REGIONAL"
        }
      }
    }
  }
}

Code samples without security vulnerabilities

Negative test num. 1 - yaml file
AWSTemplateFormatVersion: "2010-09-09"
Resources:
  RestApi:
    Type: AWS::ApiGateway::RestApi
    Properties:
      Body:
        swagger: 2.0
        info:
            version: 0.0.1
            title: test
        basePath: /pete
        schemes:
            - https
        definitions:
            Empty:
                type: object
      MinimumCompressionSize: 0
      Name: myApi
      Parameters:
          endpointConfigurationTypes: REGIONAL
Negative test num. 2 - json file
{
  "Resources": {
    "RestApi2": {
      "Type": "AWS::ApiGateway::RestApi",
      "Properties": {
        "Body": {
          "swagger": 2,
          "info": {
            "version": "0.0.1",
            "title": "test"
          },
          "basePath": "/pete",
          "schemes": [
            "https"
          ],
          "definitions": {
            "Empty": {
              "type": "object"
            }
          }
        },
        "MinimumCompressionSize": 0,
        "Name": "myApi",
        "Parameters": {
          "endpointConfigurationTypes": "REGIONAL"
        }
      }
    }
  }
}