All Downloads are FREE. Search and download functionalities are using the official Maven repository.

org.sonar.l10n.py.rules.python.S6330.html Maven / Gradle / Ivy

There is a newer version: 4.23.0.17664
Show newest version

Amazon Simple Queue Service (SQS) is a managed message queuing service for application-to-application (A2A) communication. Amazon SQS can store messages encrypted as soon as they are received. In the case that adversaries gain physical access to the storage medium or otherwise leak a message from the file system, for example through a vulnerability in the service, they are not able to access the data.

Ask Yourself Whether

  • The queue contains sensitive data that could cause harm when leaked.
  • There are compliance requirements for the service to store data encrypted.

There is a risk if you answered yes to any of those questions.

Recommended Secure Coding Practices

It’s recommended to encrypt SQS queues that contain sensitive information. Encryption and decryption are handled transparently by SQS, so no further modifications to the application are necessary.

Sensitive Code Example

For aws_cdk.aws_sqs.CfnQueue:

from aws_cdk import (
    aws_sqs as sqs
)

class CfnQueueStack(Stack):
    def __init__(self, scope: Construct, construct_id: str, **kwargs) -> None:
        super().__init__(scope, construct_id, **kwargs)
        sqs.CfnQueue(
            self,
            "example",
            sqs_managed_sse_enabled=False # Sensitive, unencrypted
        )

Compliant Solution

For aws_cdk.aws_sqs.CfnQueue:

from aws_cdk import (
    aws_sqs as sqs
)

class CfnQueueStack(Stack):
    def __init__(self, scope: Construct, construct_id: str, **kwargs) -> None:
        super().__init__(scope, construct_id, **kwargs)
        sqs.CfnQueue(
            self,
            "example",
            sqs_managed_sse_enabled=True
        )

See





© 2015 - 2024 Weber Informatics LLC | Privacy Policy