User Data Shell Script Is Encoded
- Query id: 1e2341ba-a5cf-4f0a-a5f6-47e90c68ea89
- Query name: User Data Shell Script Is Encoded
- Platform: Ansible
- Severity: High
- Category: Encryption
- URL: Github
Description¶
User Data Shell Script must be encoded
Documentation
Code samples¶
Code samples with security vulnerabilities¶
Positive test num. 1 - yaml file
---
- name: note that encrypted volumes are only supported in >= Ansible 2.4
community.aws.ec2_lc:
name: special
image_id: ami-XXX
key_name: default
security_groups: ['group', 'group2']
instance_type: t1.micro
user_data: IyEvYmluL3NoCmVjaG8gIkhlbGxvIHdvcmxkIg==
volumes:
- device_name: /dev/sda1
volume_size: 100
volume_type: io1
iops: 3000
delete_on_termination: true
encrypted: true
- device_name: /dev/sdb
ephemeral: ephemeral0
Code samples without security vulnerabilities¶
Negative test num. 1 - yaml file
- name: note that encrypted volumes are only supported in >= Ansible 2.4
community.aws.ec2_lc:
name: special
image_id: ami-XXX
key_name: default
security_groups: [group, group2]
instance_type: t1.micro
user_data: ZWNobyAiSGVsbG8gd29ybGQi
volumes:
- device_name: /dev/sda1
volume_size: 100
volume_type: io1
iops: 3000
delete_on_termination: true
encrypted: true
- device_name: /dev/sdb
ephemeral: ephemeral0
- name: note that encrypted volumes are only supported in >= Ansible 2.4.2
community.aws.ec2_lc:
name: special2
image_id: ami-XXX
key_name: default
security_groups: [group, group2]
instance_type: t1.micro
user_data:
volumes:
- device_name: /dev/sda1
volume_size: 100
volume_type: io1
iops: 3000
delete_on_termination: true
encrypted: true
- device_name: /dev/sdb
ephemeral: ephemeral0