• Home
• org.sonarsource.javascript
• javascript-checks
• 10.16.0.27621
• source code
• S6252.html

×

Project download

Many resources are needed to download a project. Please understand that we have to compensate our server costs. Thank you in advance.
Project price only 1 $

You can buy this project and download/modify it how often you want.

org.sonar.l10n.javascript.rules.javascript.S6252.html Maven / Gradle / Ivy

S3 buckets can be versioned. When the S3 bucket is unversioned it means that a new version of an object overwrites an existing one in the S3
bucket.
It can lead to unintentional or intentional information loss.
Ask Yourself Whether

  
 The bucket stores information that require high availability. 

There is a risk if you answered yes to any of those questions.
Recommended Secure Coding Practices
It’s recommended to enable S3 versioning and thus to have the possibility to retrieve and restore different versions of an object.
Sensitive Code Example
const s3 = require('aws-cdk-lib/aws-s3');

new s3.Bucket(this, 'id', {
    bucketName: 'bucket',
    versioned: false // Sensitive
});

The default value of versioned is false so the absence of this parameter is also sensitive.
Compliant Solution
const s3 = require('aws-cdk-lib/aws-s3');

new s3.Bucket(this, 'id', {
    bucketName: 'bucket',
    versioned: true
});

See

  
 AWS documentation - Using versioning in S3 buckets 
  
 AWS CDK version 2 - Using versioning in S3
  buckets