User Data Shell Script Is Encoded
- Query id: 48c3bc58-6959-4f27-b647-4fedeace23be
- Query name: User Data Shell Script Is Encoded
- Platform: CloudFormation
- Severity: High
- Category: Encryption
- URL: Github
Description¶
User Data Shell Script must be encoded
Documentation
Code samples¶
Code samples with security vulnerabilities¶
Positive test num. 1 - yaml file
Resources:
myLaunchConfig:
Type: AWS::AutoScaling::LaunchConfiguration
Properties:
ImageId: !Ref LatestAmiId
SecurityGroups:
- Ref: "myEC2SecurityGroup"
InstanceType:
Ref: "InstanceType"
BlockDeviceMappings:
- DeviceName: /dev/sda1
Ebs:
VolumeSize: 30
VolumeType: "gp2"
- DeviceName: /dev/sdm
Ebs:
VolumeSize: 100
DeleteOnTermination: "false"
UserData: IyEvYmluL3NoCmVjaG8gIkhlbGxvIHdvcmxkIg==
Positive test num. 2 - json file
{
"Resources": {
"myLaunchConfig": {
"Type": "AWS::AutoScaling::LaunchConfiguration",
"Properties": {
"ImageId": {
"Ref": "LatestAmiId"
},
"SecurityGroups": [
{
"Ref": "myEC2SecurityGroup"
}
],
"InstanceType": {
"Ref": "InstanceType"
},
"BlockDeviceMappings": [
{
"DeviceName": "/dev/sda1",
"Ebs": {
"VolumeSize": "30",
"VolumeType": "gp2"
}
},
{
"DeviceName": "/dev/sdm",
"Ebs": {
"VolumeSize": "100",
"DeleteOnTermination": "false"
}
}
],
"UserData": "IyEvYmluL3NoCmVjaG8gIkhlbGxvIHdvcmxkIg=="
}
}
}
}
Code samples without security vulnerabilities¶
Negative test num. 1 - yaml file
Resources:
myLaunchConfig:
Type: AWS::AutoScaling::LaunchConfiguration
Properties:
ImageId: !Ref LatestAmiId
SecurityGroups:
- Ref: "myEC2SecurityGroup"
InstanceType:
Ref: "InstanceType"
BlockDeviceMappings:
- DeviceName: /dev/sda1
Ebs:
VolumeSize: 30
VolumeType: "gp2"
- DeviceName: /dev/sdm
Ebs:
VolumeSize: 100
DeleteOnTermination: "false"
Negative test num. 2 - json file
{
"Resources": {
"myLaunchConfig": {
"Type": "AWS::AutoScaling::LaunchConfiguration",
"Properties": {
"ImageId": {
"Ref": "LatestAmiId"
},
"SecurityGroups": [
{
"Ref": "myEC2SecurityGroup"
}
],
"InstanceType": {
"Ref": "InstanceType"
},
"BlockDeviceMappings": [
{
"DeviceName": "/dev/sda1",
"Ebs": {
"VolumeSize": "30",
"VolumeType": "gp2"
}
},
{
"DeviceName": "/dev/sdm",
"Ebs": {
"VolumeSize": "100",
"DeleteOnTermination": "false"
}
}
]
}
}
}
}