Insecure permissions or program errors can unintentionally expose files and directories to the wrong people. For instance, private files may be accessible to unauthorized users, It's like a mix-up in who should access what, leading to resources in the wrong hands.
1import aws_cdk as cdk
2from aws_cdk.aws_ec2 import CfnSecurityGroupIngress
3
4
5class SelectivePorts(cdk.Stack):
6
7 def exposure_of_sensitive_information_noncompliant(self):
8 # Noncompliant: 0.0.0.0/0 range is used
9 CfnSecurityGroupIngress(cdk.Stack, 'rIngress',
10 ip_protocol='tcp',
11 cidr_ip='0.0.0.0/0')
1import aws_cdk as cdk
2from aws_cdk.aws_ec2 import CfnSecurityGroupIngress
3
4
5class SelectivePorts(cdk.Stack):
6
7 def exposure_of_sensitive_information_compliant(self):
8 # Compliant: 0.0.0.0/0 range is not used
9 CfnSecurityGroupIngress(cdk.Stack, 'rIngress',
10 ip_protocol='tcp',
11 cidr_ip='1.2.3.4/32')