GitHub Repository Set To Public

Query id: 5906092d-5f74-490d-9a03-78febe0f65e1
Query name: GitHub Repository Set To Public
Platform: CloudFormation
Severity: Medium
Category: Insecure Configurations
URL: Github

Description¶

Repositories must be set to private, which means the attribute 'visibility' must be set to 'private' and/or the attribute 'private' must be set to true (the attribute 'visibility' overrides 'private')
Documentation

Code samples¶

Code samples with security vulnerabilities¶

Positive test num. 1 - yaml file

< Re

Positive test num. 2 - yaml file

< Re

Positive test num. 3 - json file

/span>

AWSTemplateFormatVersion: "2010-09-09" sources: MyRepo3: Type: AWS::CodeStar::GitHubRepository Properties: Code: S3: Bucket: "my-bucket" Key: "sourcecode.zip" ObjectVersion: "1" EnableIssues: true class="w">      IsPrivate: false RepositoryAccessToken: '{{resolve:secretsmanager:your-secret-manager-name:SecretString:your-secret-manager-key}}' RepositoryDescription: a description RepositoryName: my-github-repo RepositoryOwner: my-github-account /span>AWSTemplateFormatVersion: "2010-09-09" sources: MyRepo4: Type: AWS::CodeStar::GitHubRepository class="w">    Properties: Code: S3: Bucket: "my-bucket" Key: "sourcecode.zip" ObjectVersion: "1" EnableIssues: true RepositoryAccessToken: '{{resolve:secretsmanager:your-secret-manager-name:SecretString:your-secret-manager-key}}' RepositoryDescription: a description RepositoryName: my-github-repo RepositoryOwner: my-github-account /span>{ "Resources": { "MyRepo5": { "Type": "AWS::CodeStar::GitHubRepository", class="w">      "Properties": { "Code": { "S3": { "Bucket": "my-bucket", "Key": "sourcecode.zip", "ObjectVersion": "1" } }, "EnableIssues": true, "RepositoryAccessToken": "{{resolve:secretsmanager:your-secret-manager-name:SecretString:your-secret-manager-key}}", "RepositoryDescription": "a description", "RepositoryName": "my-github-repo", "RepositoryOwner": "my-github-account" } } } }
Positive test num. 4 - json file

{
  "Resources": {
    "MyRepo6": {
      "Type": "AWS::CodeStar::GitHubRepository",
      "Properties": {
        "Code": {
          "S3": {
            "Bucket": "my-bucket",
            "Key": "sourcecode.zip",
            "ObjectVersion": "1"
          }
        },
        "EnableIssues": true,
        "IsPrivate": false,
        "RepositoryAccessToken": "{{resolve:secretsmanager:your-secret-manager-name:SecretString:your-secret-manager-key}}",
        "RepositoryDescription": "a description",
        "RepositoryName": "my-github-repo",
        "RepositoryOwner": "my-github-account"
      }
    }
  }
}



Code samples without security vulnerabilities¶
Negative test num. 1 - yaml fileAWSTemplateFormatVersion: "2010-09-09"
Resources:
  MyRepo1:
    Type: AWS::CodeStar::GitHubRepository
    Properties:
      Code:
        S3:
          Bucket: "my-bucket"
          Key: "sourcecode.zip"
          ObjectVersion: "1"
      EnableIssues: true
      IsPrivate: true
      RepositoryAccessToken: '{{resolve:secretsmanager:your-secret-manager-name:SecretString:your-secret-manager-key}}'
      RepositoryDescription: a description
      RepositoryName: my-github-repo
      RepositoryOwner: my-github-account

Negative test num. 2 - json file{
  "Resources": {
    "MyRepo2": {
      "Type": "AWS::CodeStar::GitHubRepository",
      "Properties": {
        "Code": {
          "S3": {
            "Bucket": "my-bucket",
            "Key": "sourcecode.zip",
            "ObjectVersion": "1"
          }
        },
        "EnableIssues": true,
        "IsPrivate": true,
        "RepositoryAccessToken": "{{resolve:secretsmanager:your-secret-manager-name:SecretString:your-secret-manager-key}}",
        "RepositoryDescription": "a description",
        "RepositoryName": "my-github-repo",
        "RepositoryOwner": "my-github-account"
      }
    }
  }
}