Serverless API Without Content Encoding

Query id: d5d1fe08-89db-440c-8725-b93223387309
Query name: Serverless API Without Content Encoding
Platform: ServerlessFW
Severity: Low
Category: Encryption
CWE: 311
URL: Github

Description¶

Serverless should have API Gateway with Content Encoding enabled through the attribute 'minimumCompressionSize'. This value should be greater than -1 and smaller than 10485760
Documentation

Code samples¶

Code samples with security vulnerabilities¶

Positive test num. 1 - yml file

service: my-service
frameworkVersion: '2'
provider:
  name: aws
  apiGateway:

Positive test num. 2 - yml file

service: my-service
frameworkVersion: '2'
provider:
  name: aws
  apiGateway:
    minimumCompressionSize: 10485760

Code samples without security vulnerabilities¶

Negative test num. 1 - yml file

service: my-service
frameworkVersion: '2'
provider:
  name: aws
  apiGateway:
    minimumCompressionSize: 1024