|
2 | 2 |
|
3 | 3 | # Success |
4 | 4 | customKey = my_key.key_id |
| 5 | +enabled_sqs = True |
5 | 6 | sqs.CfnQueue(self, "encrypted-selfmanaged", kms_master_key_id=my_key.key_id) |
6 | 7 | sqs.CfnQueue(self, "encrypted-selfmanaged", kms_master_key_id=customKey) |
| 8 | +sqs.CfnQueue(self, "encrypted", sqs_managed_sse_enabled=True) |
| 9 | +sqs.CfnQueue(self, "encrypted", sqs_managed_sse_enabled=enabled_sqs) |
7 | 10 |
|
| 11 | +sqs.CfnQueue(self, "unencrypted") # Compliant ref: SONARPY-1416 |
| 12 | + |
| 13 | +noneKey = None |
| 14 | +sqs.CfnQueue(self, "encrypted-selfmanaged", kms_master_key_id=None) # Compliant ref: SONARPY-1416 |
| 15 | +sqs.CfnQueue(self, "encrypted-selfmanaged", kms_master_key_id=noneKey) # Compliant ref: SONARPY-1416 |
| 16 | + |
8 | 17 | encryptionParam = sqs.QueueEncryption.KMS |
9 | 18 | sqs.Queue(self, "encrypted-managed", encryption=sqs.QueueEncryption.KMS_MANAGED) |
10 | 19 | sqs.Queue(self, "encrypted-managed", encryption=sqs.QueueEncryption.KMS) |
11 | 20 | sqs.Queue(self, "encrypted-managed", encryption=encryptionParam) |
12 | 21 |
|
13 | | -# Failing cases |
14 | | -noneKey = None |
15 | | -sqs.CfnQueue(self, "unencrypted") # NonCompliant{{Omitting "kms_master_key_id" disables SQS queues encryption. Make sure it is safe here.}} |
16 | | -sqs.CfnQueue(self, "encrypted-selfmanaged", kms_master_key_id=None) # NonCompliant{{Setting "kms_master_key_id" to "None" disables SQS queues encryption. Make sure it is safe here.}} |
17 | | -sqs.CfnQueue(self, "encrypted-selfmanaged", kms_master_key_id=noneKey) # NonCompliant{{Setting "kms_master_key_id" to "None" disables SQS queues encryption. Make sure it is safe here.}} |
18 | | - |
19 | 22 | encryptionNone = None |
20 | | -sqs.Queue(self, "unencrypted-explicit") # NonCompliant {{Omitting "encryption" disables SQS queues encryption. Make sure it is safe here.}} |
21 | | -sqs.Queue(self, "unencrypted-explicit", encryption=sqs.QueueEncryption.UNENCRYPTED) # NonCompliant {{Setting "encryption" to "QueueEncryption.UNENCRYPTED" disables SQS queues encryption. Make sure it is safe here.}} |
22 | | -sqs.Queue(self, "unencrypted-explicit", encryption=None) # NonCompliant {{Setting "encryption" to "None" disables SQS queues encryption. Make sure it is safe here.}} |
23 | | -sqs.Queue(self, "unencrypted-explicit", encryption=encryptionNone) # NonCompliant {{Setting "encryption" to "None" disables SQS queues encryption. Make sure it is safe here.}} |
| 23 | +sqs.Queue(self, "unencrypted-explicit") # Compliant ref: SONARPY-1416 |
| 24 | +sqs.Queue(self, "unencrypted-explicit", encryption=sqs.QueueEncryption.UNENCRYPTED) # Compliant ref: SONARPY-1416 |
| 25 | +sqs.Queue(self, "unencrypted-explicit", encryption=None) # Compliant ref: SONARPY-1416 |
| 26 | +sqs.Queue(self, "unencrypted-explicit", encryption=encryptionNone) # Compliant ref: SONARPY-1416 |
| 27 | + |
| 28 | +# Failing cases |
| 29 | +not_enabled_sqs = False |
| 30 | +sqs.CfnQueue(self, "unencrypted", sqs_managed_sse_enabled=False) # NonCompliant{{Setting "sqs_managed_sse_enabled" to "false" disables SQS queues encryption. Make sure it is safe here.}} |
| 31 | +sqs.CfnQueue(self, "unencrypted", sqs_managed_sse_enabled=not_enabled_sqs) # NonCompliant{{Setting "sqs_managed_sse_enabled" to "false" disables SQS queues encryption. Make sure it is safe here.}} |
0 commit comments