EFS Not Encrypted
- Query id: 72840c35-3876-48be-900d-f21b2f0c2ea1
- Query name: EFS Not Encrypted
- Platform: Crossplane
- Severity: High
- Category: Encryption
- CWE: 311
- URL: Github
Description¶
Elastic File System (EFS) must be encrypted
Documentation
Code samples¶
Code samples with security vulnerabilities¶
Positive test num. 1 - yaml file
apiVersion: efs.aws.crossplane.io/v1alpha1
kind: FileSystem
metadata:
name: example3
spec:
forProvider:
region: us-east-1
encrypted: false
providerConfigRef:
name: example
---
apiVersion: apiextensions.crossplane.io/v1
kind: Composition
metadata:
name: cluster-aws
labels:
provider: aws
cluster: eks
spec:
compositeTypeRef:
apiVersion: mydev.org/v1alpha1
kind: CompositeCluster
writeConnectionSecretsToNamespace: crossplane-system
patchSets:
- name: metadata
patches:
- fromFieldPath: metadata.labels
resources:
- name: sample-ec2
base:
apiVersion: efs.aws.crossplane.io/v1alpha1
kind: FileSystem
metadata:
name: example4
spec:
forProvider:
region: us-east-1
encrypted: false
providerConfigRef:
name: example
Positive test num. 2 - yaml file
apiVersion: efs.aws.crossplane.io/v1alpha1
kind: FileSystem
metadata:
name: example5
spec:
forProvider:
region: us-east-1
providerConfigRef:
name: example
---
apiVersion: apiextensions.crossplane.io/v1
kind: Composition
metadata:
name: cluster-aws
labels:
provider: aws
cluster: eks
spec:
compositeTypeRef:
apiVersion: mydev.org/v1alpha1
kind: CompositeCluster
writeConnectionSecretsToNamespace: crossplane-system
patchSets:
- name: metadata
patches:
- fromFieldPath: metadata.labels
resources:
- name: sample-ec2
base:
apiVersion: efs.aws.crossplane.io/v1alpha1
kind: FileSystem
metadata:
name: example6
spec:
forProvider:
region: us-east-1
providerConfigRef:
name: example
Code samples without security vulnerabilities¶
Negative test num. 1 - yaml file
apiVersion: efs.aws.crossplane.io/v1alpha1
kind: FileSystem
metadata:
name: example
spec:
forProvider:
region: us-east-1
encrypted: true
providerConfigRef:
name: example
---
apiVersion: apiextensions.crossplane.io/v1
kind: Composition
metadata:
name: cluster-aws
labels:
provider: aws
cluster: eks
spec:
compositeTypeRef:
apiVersion: mydev.org/v1alpha1
kind: CompositeCluster
writeConnectionSecretsToNamespace: crossplane-system
patchSets:
- name: metadata
patches:
- fromFieldPath: metadata.labels
resources:
- name: sample-ec2
base:
apiVersion: efs.aws.crossplane.io/v1alpha1
kind: FileSystem
metadata:
name: example2
spec:
forProvider:
region: us-east-1
encrypted: true
providerConfigRef:
name: example