GitHub Repository Set To Public
- Query id: 5906092d-5f74-490d-9a03-78febe0f65e1
- Query name: GitHub Repository Set To Public
- Platform: CloudFormation
- Severity: Medium
- Category: Insecure Configurations
- URL: Github
Description¶
Repositories must be set to private, which means the attribute 'visibility' must be set to 'private' and/or the attribute 'private' must be set to true (the attribute 'visibility' overrides 'private')
Documentation
Code samples¶
Code samples with security vulnerabilities¶
Positive test num. 1 - yaml file
AWSTemplateFormatVersion: "2010-09-09"
Resources:
MyRepo3:
Type: AWS::CodeStar::GitHubRepository
Properties:
Code:
S3:
Bucket: "my-bucket"
Key: "sourcecode.zip"
ObjectVersion: "1"
EnableIssues: true
IsPrivate: false
RepositoryAccessToken: '{{resolve:secretsmanager:your-secret-manager-name:SecretString:your-secret-manager-key}}'
RepositoryDescription: a description
RepositoryName: my-github-repo
RepositoryOwner: my-github-account
Positive test num. 2 - yaml file
AWSTemplateFormatVersion: "2010-09-09"
Resources:
MyRepo4:
Type: AWS::CodeStar::GitHubRepository
Properties:
Code:
S3:
Bucket: "my-bucket"
Key: "sourcecode.zip"
ObjectVersion: "1"
EnableIssues: true
RepositoryAccessToken: '{{resolve:secretsmanager:your-secret-manager-name:SecretString:your-secret-manager-key}}'
RepositoryDescription: a description
RepositoryName: my-github-repo
RepositoryOwner: my-github-account
Positive test num. 3 - json file
{
"Resources": {
"MyRepo5": {
"Type": "AWS::CodeStar::GitHubRepository",
"Properties": {
"Code": {
"S3": {
"Bucket": "my-bucket",
"Key": "sourcecode.zip",
"ObjectVersion": "1"
}
},
"EnableIssues": true,
"RepositoryAccessToken": "{{resolve:secretsmanager:your-secret-manager-name:SecretString:your-secret-manager-key}}",
"RepositoryDescription": "a description",
"RepositoryName": "my-github-repo",
"RepositoryOwner": "my-github-account"
}
}
}
}
Positive test num. 4 - json file
{
"Resources": {
"MyRepo6": {
"Type": "AWS::CodeStar::GitHubRepository",
"Properties": {
"Code": {
"S3": {
"Bucket": "my-bucket",
"Key": "sourcecode.zip",
"ObjectVersion": "1"
}
},
"EnableIssues": true,
"IsPrivate": false,
"RepositoryAccessToken": "{{resolve:secretsmanager:your-secret-manager-name:SecretString:your-secret-manager-key}}",
"RepositoryDescription": "a description",
"RepositoryName": "my-github-repo",
"RepositoryOwner": "my-github-account"
}
}
}
}
Code samples without security vulnerabilities¶
Negative test num. 1 - yaml file
AWSTemplateFormatVersion: "2010-09-09"
Resources:
MyRepo1:
Type: AWS::CodeStar::GitHubRepository
Properties:
Code:
S3:
Bucket: "my-bucket"
Key: "sourcecode.zip"
ObjectVersion: "1"
EnableIssues: true
IsPrivate: true
RepositoryAccessToken: '{{resolve:secretsmanager:your-secret-manager-name:SecretString:your-secret-manager-key}}'
RepositoryDescription: a description
RepositoryName: my-github-repo
RepositoryOwner: my-github-account
Negative test num. 2 - json file
{
"Resources": {
"MyRepo2": {
"Type": "AWS::CodeStar::GitHubRepository",
"Properties": {
"Code": {
"S3": {
"Bucket": "my-bucket",
"Key": "sourcecode.zip",
"ObjectVersion": "1"
}
},
"EnableIssues": true,
"IsPrivate": true,
"RepositoryAccessToken": "{{resolve:secretsmanager:your-secret-manager-name:SecretString:your-secret-manager-key}}",
"RepositoryDescription": "a description",
"RepositoryName": "my-github-repo",
"RepositoryOwner": "my-github-account"
}
}
}
}