• Home
• org.sonarsource.javascript
• javascript-checks
• 10.11.0.25043
• source code
• S6327.html

×

Project download

Many resources are needed to download a project. Please understand that we have to compensate our server costs. Thank you in advance.
Project price only 1 $

You can buy this project and download/modify it how often you want.

org.sonar.l10n.javascript.rules.javascript.S6327.html Maven / Gradle / Ivy

Amazon Simple Notification Service (SNS) is a managed messaging service for application-to-application (A2A) and application-to-person (A2P)
communication. SNS topics allows publisher systems to fanout messages to a large number of subscriber systems. Amazon SNS allows to encrypt messages
when they are received. In the case that adversaries gain physical access to the storage medium or otherwise leak a message they are not able to
access the data.
Ask Yourself Whether

  
 The topic contains sensitive data that could cause harm when leaked. 
  
 There are compliance requirements for the service to store data encrypted. 

There is a risk if you answered yes to any of those questions.
Recommended Secure Coding Practices
It’s recommended to encrypt SNS topics that contain sensitive information. Encryption and decryption are handled transparently by SNS, so no
further modifications to the application are necessary.
Sensitive Code Example
For aws_cdk.aws_sns.Topic
import { Topic } from 'aws-cdk-lib/aws-sns';

new Topic(this, 'exampleTopic'); // Sensitive

For aws_cdk.aws_sns.CfnTopic
import { Topic, CfnTopic } from 'aws-cdk-lib/aws-sns';

new CfnTopic(this, 'exampleCfnTopic'); // Sensitive

Compliant Solution
For aws_cdk.aws_sns.Topic
import { Topic } from 'aws-cdk-lib/aws-sns';

const encryptionKey = new Key(this, 'exampleKey', {
    enableKeyRotation: true,
});

new Topic(this, 'exampleTopic', {
    masterKey: encryptionKey
});

For aws_cdk.aws_sns.CfnTopic
import { CfnTopic } from 'aws-cdk-lib/aws-sns';

const encryptionKey = new Key(this, 'exampleKey', {
    enableKeyRotation: true,
});

cfnTopic = new CfnTopic(this, 'exampleCfnTopic', {
    kmsMasterKeyId: encryptionKey.keyId
});

See

  
 OWASP Top 10 2021 Category A2 - Cryptographic Failures 
  
 OWASP Top 10 2021 Category A4 - Insecure Design 
  
 OWASP Top 10 2021 Category A5 - Security Misconfiguration 
  
 AWS Documentation - Encryption at rest 
  
 Encrypting messages published to
  Amazon SNS with AWS KMS 
  
 OWASP Top 10 2017 Category A3 - Sensitive Data
  Exposure 
  
 OWASP Top 10 2017 Category A6 - Security
  Misconfiguration 
  
 MITRE, CWE-311 - Missing Encryption of Sensitive Data