From 7df201d0eeb0f6273f2e773e31a582decf316b6f Mon Sep 17 00:00:00 2001 From: "prisma-cloud-devsecops[bot]" <89982750+prisma-cloud-devsecops[bot]@users.noreply.github.com> Date: Mon, 11 Apr 2022 13:18:30 +0000 Subject: [PATCH] Prisma Cloud has found BC_VUL_2 and 12 other error(s) --- main.tf | 73 ++++++++++++++++++++++++++++++++++++++++++++++- package-lock.json | 16 ++--------- package.json | 2 +- 3 files changed, 76 insertions(+), 15 deletions(-) diff --git a/main.tf b/main.tf index fc172210..23bec308 100644 --- a/main.tf +++ b/main.tf @@ -5,7 +5,7 @@ resource "aws_s3_bucket" "data" { # bucket does not have versioning bucket = "${local.resource_prefix.value}-data" region = "us-west-2" - acl = "public-read" + acl = "private" force_destroy = true tags = { Name = "${local.resource_prefix.value}-data" @@ -13,6 +13,29 @@ resource "aws_s3_bucket" "data" { } } + +resource "aws_s3_bucket_versioning" "data" { + bucket = aws_s3_bucket.data.id + + versioning_configuration { + status = "Enabled" + } +} + + + +resource "aws_s3_bucket" "data_log_bucket" { + bucket = "data-log-bucket" +} + +resource "aws_s3_bucket_logging" "data" { + bucket = aws_s3_bucket.data.id + + target_bucket = aws_s3_bucket.data_log_bucket.id + target_prefix = "log/" +} + + resource "aws_s3_bucket_object" "data_object" { bucket = aws_s3_bucket.data.id region = "us-west-2" @@ -39,6 +62,29 @@ resource "aws_s3_bucket" "financials" { } + +resource "aws_s3_bucket_versioning" "financials" { + bucket = aws_s3_bucket.financials.id + + versioning_configuration { + status = "Enabled" + } +} + + + +resource "aws_s3_bucket" "financials_log_bucket" { + bucket = "financials-log-bucket" +} + +resource "aws_s3_bucket_logging" "financials" { + bucket = aws_s3_bucket.financials.id + + target_bucket = aws_s3_bucket.financials_log_bucket.id + target_prefix = "log/" +} + + resource "aws_s3_bucket" "operations" { # bucket is not encrypted # bucket does not have access logs @@ -56,6 +102,19 @@ resource "aws_s3_bucket" "operations" { } + +resource "aws_s3_bucket" "operations_log_bucket" { + bucket = "operations-log-bucket" +} + +resource "aws_s3_bucket_logging" "operations" { + bucket = aws_s3_bucket.operations.id + + target_bucket = aws_s3_bucket.operations_log_bucket.id + target_prefix = "log/" +} + + resource "aws_s3_bucket" "data_science" { # bucket is not encrypted bucket = "${local.resource_prefix.value}-data-science" @@ -92,3 +151,15 @@ resource "aws_s3_bucket" "logs" { Environment = local.resource_prefix.value } } + + +resource "aws_s3_bucket" "logs_log_bucket" { + bucket = "logs-log-bucket" +} + +resource "aws_s3_bucket_logging" "logs" { + bucket = aws_s3_bucket.logs.id + + target_bucket = aws_s3_bucket.logs_log_bucket.id + target_prefix = "log/" +} \ No newline at end of file diff --git a/package-lock.json b/package-lock.json index ed94c241..2018c1d8 100644 --- a/package-lock.json +++ b/package-lock.json @@ -3070,16 +3070,6 @@ "tiny-lr": "^1.1.1" } }, - "grunt-env": { - "version": "1.0.1", - "resolved": "https://registry.npmjs.org/grunt-env/-/grunt-env-1.0.1.tgz", - "integrity": "sha512-Hw4iIJ58yYA8kJaP4UUyfw807DUI1FRnow9hhRMnq366bwCnxiBWOgfZsYilcs3Jh1qsGC/i3+G+7/W18hA1TA==", - "dev": true, - "requires": { - "ini": "^1.3.5", - "lodash": "^4.17.14" - } - }, "grunt-if": { "version": "https://github.com/binarymist/grunt-if/tarball/master", "integrity": "sha512-QU7Qk9VnMLRUQ6kUwgyVsAsN47CDEGwBZduc7IB22vts4odcOLyapGbitBtDjWoBvbpkFYXH416KzBVLFwyc1w==", @@ -4702,9 +4692,9 @@ } }, "marked": { - "version": "0.3.9", - "resolved": "https://registry.npmjs.org/marked/-/marked-0.3.9.tgz", - "integrity": "sha512-nW5u0dxpXxHfkHzzrveY45gCbi+R4PaO4WRZYqZNl+vB0hVGeqlFn0aOg1c8AKL63TrNFn9Bm2UP4AdiZ9TPLw==" + "version": "4.0.10", + "resolved": "https://registry.npmjs.org/marked/-/marked-4.0.10.tgz", + "integrity": "sha512-+QvuFj0nGgO970fySghXGmuw+Fd0gD2x3+MqCWLIPf5oxdv1Ka6b2q+z9RP01P/IaKPMEramy+7cNy/Lw8c3hw==" }, "media-typer": { "version": "0.3.0", diff --git a/package.json b/package.json index c5b8642e..ec0ca742 100644 --- a/package.json +++ b/package.json @@ -14,7 +14,7 @@ "express-session": "^1.13.0", "forever": "^2.0.0", "helmet": "^2.0.0", - "marked": "0.3.9", + "marked": "^4.0.10", "mongodb": "^2.1.18", "needle": "2.2.4", "node-esapi": "0.0.1",