API Gateway With Invalid Compression
- Query id: ed35928e-195c-4405-a252-98ccb664ab7b
- Query name: API Gateway With Invalid Compression
- Platform: Terraform
- Severity: Medium
- Category: Encryption
- URL: Github
Description¶
API Gateway should have valid compression, which means attribute 'minimum_compression_size' should be set and its value should be greater than -1 and smaller than 10485760.
Documentation
Code samples¶
Code samples with security vulnerabilities¶
Postitive test num. 1 - tf file
resource "aws_api_gateway_rest_api" "positive1" {
name = "regional-example"
endpoint_configuration {
types = ["REGIONAL"]
}
}
resource "aws_api_gateway_rest_api" "positive2" {
name = "regional-example"
endpoint_configuration {
types = ["REGIONAL"]
}
minimum_compression_size = -1
}
resource "aws_api_gateway_rest_api" "positive3" {
name = "regional-example"
endpoint_configuration {
types = ["REGIONAL"]
}
minimum_compression_size = 10485760
}