Serverless API Without Content Encoding
- Query id: d5d1fe08-89db-440c-8725-b93223387309
- Query name: Serverless API Without Content Encoding
- Platform: ServerlessFW
- Severity: Low
- Category: Encryption
- CWE: 311
- URL: Github
Description¶
Serverless should have API Gateway with Content Encoding enabled through the attribute 'minimumCompressionSize'. This value should be greater than -1 and smaller than 10485760
Documentation
Code samples¶
Code samples with security vulnerabilities¶
Positive test num. 1 - yml file
service: my-service
frameworkVersion: '2'
provider:
name: aws
apiGateway:
Positive test num. 2 - yml file
service: my-service
frameworkVersion: '2'
provider:
name: aws
apiGateway:
minimumCompressionSize: 10485760