API Gateway With Invalid Compression
- Query id: d6653eee-2d4d-4e6a-976f-6794a497999a
- Query name: API Gateway With Invalid Compression
- Platform: CloudFormation
- Severity: Medium
- Category: Encryption
- URL: Github
Description¶
API Gateway should have valid compression, which means attribute 'MinimumCompressionSize' should be set and its value should be greater than -1 and smaller than 10485760.
Documentation
Code samples¶
Code samples with security vulnerabilities¶
Positive test num. 1 - yaml file
AWSTemplateFormatVersion: "2010-09-09"
Resources:
RestApi3:
Type: AWS::ApiGateway::RestApi
Properties:
Body:
swagger: 2.0
info:
version: 0.0.1
title: test
basePath: /pete
schemes:
- https
definitions:
Empty:
type: object
MinimumCompressionSize: -1
Name: myApi
Parameters:
endpointConfigurationTypes: REGIONAL
Positive test num. 2 - yaml file
AWSTemplateFormatVersion: "2010-09-09"
Resources:
RestApi4:
Type: AWS::ApiGateway::RestApi
Properties:
Body:
swagger: 2.0
info:
version: 0.0.1
title: test
basePath: /pete
schemes:
- https
definitions:
Empty:
type: object
MinimumCompressionSize: 10485760
Name: myApi
Parameters:
endpointConfigurationTypes: REGIONAL
Positive test num. 3 - yaml file
AWSTemplateFormatVersion: "2010-09-09"
Resources:
RestApi5:
Type: AWS::ApiGateway::RestApi
Properties:
Body:
swagger: 2.0
info:
version: 0.0.1
title: test
basePath: /pete
schemes:
- https
definitions:
Empty:
type: object
Name: myApi
Parameters:
endpointConfigurationTypes: REGIONAL
Positive test num. 4 - json file
{
"Resources": {
"RestApi6": {
"Type": "AWS::ApiGateway::RestApi",
"Properties": {
"Body": {
"swagger": 2,
"info": {
"version": "0.0.1",
"title": "test"
},
"basePath": "/pete",
"schemes": [
"https"
],
"definitions": {
"Empty": {
"type": "object"
}
}
},
"MinimumCompressionSize": -1,
"Name": "myApi",
"Parameters": {
"endpointConfigurationTypes": "REGIONAL"
}
}
}
}
}
Positive test num. 5 - json file
{
"Resources": {
"RestApi7": {
"Type": "AWS::ApiGateway::RestApi",
"Properties": {
"Body": {
"swagger": 2,
"info": {
"version": "0.0.1",
"title": "test"
},
"basePath": "/pete",
"schemes": [
"https"
],
"definitions": {
"Empty": {
"type": "object"
}
}
},
"MinimumCompressionSize": 10485760,
"Name": "myApi",
"Parameters": {
"endpointConfigurationTypes": "REGIONAL"
}
}
}
}
}
Positive test num. 6 - json file
{
"Resources": {
"RestApi8": {
"Type": "AWS::ApiGateway::RestApi",
"Properties": {
"Body": {
"swagger": 2,
"info": {
"version": "0.0.1",
"title": "test"
},
"basePath": "/pete",
"schemes": [
"https"
],
"definitions": {
"Empty": {
"type": "object"
}
}
},
"Name": "myApi",
"Parameters": {
"endpointConfigurationTypes": "REGIONAL"
}
}
}
}
}
Code samples without security vulnerabilities¶
Negative test num. 1 - yaml file
AWSTemplateFormatVersion: "2010-09-09"
Resources:
RestApi:
Type: AWS::ApiGateway::RestApi
Properties:
Body:
swagger: 2.0
info:
version: 0.0.1
title: test
basePath: /pete
schemes:
- https
definitions:
Empty:
type: object
MinimumCompressionSize: 0
Name: myApi
Parameters:
endpointConfigurationTypes: REGIONAL
Negative test num. 2 - json file
{
"Resources": {
"RestApi2": {
"Type": "AWS::ApiGateway::RestApi",
"Properties": {
"Body": {
"swagger": 2,
"info": {
"version": "0.0.1",
"title": "test"
},
"basePath": "/pete",
"schemes": [
"https"
],
"definitions": {
"Empty": {
"type": "object"
}
}
},
"MinimumCompressionSize": 0,
"Name": "myApi",
"Parameters": {
"endpointConfigurationTypes": "REGIONAL"
}
}
}
}
}