Encryption that is dependent on conditional logic, such as an if...then
clause, might cause unencrypted sensitive data to be stored. If data is encrypted along some branch of a conditional statement, then encrypt data along all branches.
1public void s3PutObjectNoncompliant(AmazonS3 s3Client, String bucketName, String partFileKey, String kmsKeyId,
2 File partFile, String bucketOwner) {
3 PutObjectRequest putObjectRequest = new PutObjectRequest(bucketName, partFileKey, partFile).withExpectedBucketOwner(bucketOwner);
4 // Noncompliant: encryption is not performed in all paths.
5 if (kmsKeyId != null) {
6 putObjectRequest.setSSEAwsKeyManagementParams(new SSEAwsKeyManagementParams(kmsKeyId));
7 }
8 s3Client.putObject(putObjectRequest);
9}
1public void s3PutObjectCompliant(AmazonS3 s3Client, String bucketName, String partFileKey, String kmsKeyId,
2 File partFile, String bucketOwner) {
3 PutObjectRequest putObjectRequest = new PutObjectRequest(bucketName, partFileKey, partFile).withExpectedBucketOwner(bucketOwner);
4 // Compliant: encryption is performed in all paths.
5 if (kmsKeyId != null) {
6 putObjectRequest.setSSEAwsKeyManagementParams(new SSEAwsKeyManagementParams(kmsKeyId));
7 }
8 else {
9 putObjectRequest.setSSEAwsKeyManagementParams(new SSEAwsKeyManagementParams());
10 }
11 s3Client.putObject(putObjectRequest);
12}