Serverless Function Without X-Ray Tracing

• Query id: 0d7ef70f-e176-44e6-bdba-add3e429788d
• Query name: Serverless Function Without X-Ray Tracing
• Platform: ServerlessFW
• Severity: Low
• Category: Observability
• CWE: 778
• URL: Github

Description

Serverless Function should have Tracing enabled. For this, property 'tracing' should have the value 'Active'
Documentation

Code samples

Code samples with security vulnerabilities

Positive test num. 1 - yml file

service: service
frameworkVersion: '2' 
provider:
  name: aws
  runtime: nodejs12.x

functions:
  hello:
    handler: handler.hello
    onError: arn:aws:sns:us-east-1:XXXXXX:test
    tags:
      foo: bar
    role: arn:aws:iam::XXXXXX:role/role
    tracing: PassThrough

Positive test num. 2 - yml file

service: service
frameworkVersion: '2' 
provider:
  name: aws
  runtime: nodejs12.x

functions:
  hello:
    handler: handler.hello
    onError: arn:aws:sns:us-east-1:XXXXXX:test
    tags:
      foo: bar
    role: arn:aws:iam::XXXXXX:role/role

Code samples without security vulnerabilities

Negative test num. 1 - yml file

service: service
frameworkVersion: '2' 
provider:
  name: aws
  runtime: nodejs12.x

functions:
  hello:
    handler: handler.hello
    onError: arn:aws:sns:us-east-1:XXXXXX:test
    tags:
      foo: bar
    role: arn:aws:iam::XXXXXX:role/role
    tracing: Active