Serverless API Without Content Encoding

  • Query id: d5d1fe08-89db-440c-8725-b93223387309
  • Query name: Serverless API Without Content Encoding
  • Platform: ServerlessFW
  • Severity: Low
  • Category: Encryption
  • CWE: 311
  • URL: Github

Description

Serverless should have API Gateway with Content Encoding enabled through the attribute 'minimumCompressionSize'. This value should be greater than -1 and smaller than 10485760
Documentation

Code samples

Code samples with security vulnerabilities

Positive test num. 1 - yml file
service: my-service
frameworkVersion: '2'
provider:
  name: aws
  apiGateway:
Positive test num. 2 - yml file
service: my-service
frameworkVersion: '2'
provider:
  name: aws
  apiGateway:
    minimumCompressionSize: 10485760

Code samples without security vulnerabilities

Negative test num. 1 - yml file
service: my-service
frameworkVersion: '2'
provider:
  name: aws
  apiGateway:
    minimumCompressionSize: 1024