From 62b532a2fc2204432192875ad3623da5665b4963 Mon Sep 17 00:00:00 2001 From: niharika2k00 Date: Tue, 30 Aug 2022 15:15:00 +0530 Subject: [PATCH 1/3] Update foundational_security_lambda_2 control to use latest runtimes Closes #495 --- query/lambda/lambda_function_use_latest_runtime.sql | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/query/lambda/lambda_function_use_latest_runtime.sql b/query/lambda/lambda_function_use_latest_runtime.sql index 1bed0af5..1e1b6e53 100644 --- a/query/lambda/lambda_function_use_latest_runtime.sql +++ b/query/lambda/lambda_function_use_latest_runtime.sql @@ -3,12 +3,12 @@ select arn as resource, case when package_type <> 'Zip' then 'skip' - when runtime in ('nodejs14.x', 'nodejs12.x', 'nodejs10.x', 'python3.8', 'python3.7', 'python3.6', 'ruby2.5', 'ruby2.7', 'java11', 'java8', 'go1.x', 'dotnetcore2.1', 'dotnetcore3.1') then 'ok' + when runtime in ('nodejs16.x', 'nodejs14.x', 'nodejs12.x', 'nodejs10.x', 'python3.9', 'python3.8', 'python3.7', 'python3.6', 'ruby2.5', 'ruby2.7', 'java11', 'java8', 'java8.al2', 'go1.x', 'dotnetcore2.1', 'dotnetcore3.1', 'dotnet6') then 'ok' else 'alarm' end as status, case when package_type <> 'Zip' then title || ' package type is ' || package_type || '.' - when runtime in ('nodejs14.x', 'nodejs12.x', 'nodejs10.x', 'python3.8', 'python3.7', 'python3.6', 'ruby2.5', 'ruby2.7', 'java11', 'java8', 'go1.x', 'dotnetcore2.1', 'dotnetcore3.1') then title || ' uses latest runtime - ' || runtime || '.' + when runtime in ('nodejs16.x', 'nodejs14.x', 'nodejs12.x', 'nodejs10.x', 'python3.9', 'python3.8', 'python3.7', 'python3.6', 'ruby2.5', 'ruby2.7', 'java11', 'java8', 'java8.al2', 'go1.x', 'dotnetcore2.1', 'dotnetcore3.1', 'dotnet6') then title || ' uses latest runtime - ' || runtime || '.' else title || ' uses ' || runtime || ' which is not the latest version.' end as reason, -- Additional Dimensions From a8586f9b212287bef605d1e2e02e2b59d5eb508e Mon Sep 17 00:00:00 2001 From: niharika2k00 Date: Tue, 30 Aug 2022 15:24:17 +0530 Subject: [PATCH 2/3] Update foundational_security_lambda_2 control to use latest runtimes Closes #495 --- query/lambda/lambda_function_use_latest_runtime.sql | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/query/lambda/lambda_function_use_latest_runtime.sql b/query/lambda/lambda_function_use_latest_runtime.sql index 1e1b6e53..cc7316a7 100644 --- a/query/lambda/lambda_function_use_latest_runtime.sql +++ b/query/lambda/lambda_function_use_latest_runtime.sql @@ -1,9 +1,10 @@ + select -- Required Columns arn as resource, case when package_type <> 'Zip' then 'skip' - when runtime in ('nodejs16.x', 'nodejs14.x', 'nodejs12.x', 'nodejs10.x', 'python3.9', 'python3.8', 'python3.7', 'python3.6', 'ruby2.5', 'ruby2.7', 'java11', 'java8', 'java8.al2', 'go1.x', 'dotnetcore2.1', 'dotnetcore3.1', 'dotnet6') then 'ok' + when runtime in ('nodejs16.x', 'nodejs14.x', 'nodejs12.x', 'nodejs10.x', 'python3.9', 'python3.8', 'python3.7', 'python3.6', 'ruby2.5', 'ruby2.7', 'java11', 'java8', 'java8.al2', 'go1.x', 'dotnetcore2.1', 'dotnetcore3.1', 'dotnet6') then 'ok' else 'alarm' end as status, case From 162b3d2d80ca7bb1651caaf5a28f82d009b49c9a Mon Sep 17 00:00:00 2001 From: niharika2k00 Date: Tue, 30 Aug 2022 15:40:38 +0530 Subject: [PATCH 3/3] Update format and add more runtime validation --- query/lambda/lambda_function_use_latest_runtime.sql | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/query/lambda/lambda_function_use_latest_runtime.sql b/query/lambda/lambda_function_use_latest_runtime.sql index cc7316a7..1e1b6e53 100644 --- a/query/lambda/lambda_function_use_latest_runtime.sql +++ b/query/lambda/lambda_function_use_latest_runtime.sql @@ -1,10 +1,9 @@ - select -- Required Columns arn as resource, case when package_type <> 'Zip' then 'skip' - when runtime in ('nodejs16.x', 'nodejs14.x', 'nodejs12.x', 'nodejs10.x', 'python3.9', 'python3.8', 'python3.7', 'python3.6', 'ruby2.5', 'ruby2.7', 'java11', 'java8', 'java8.al2', 'go1.x', 'dotnetcore2.1', 'dotnetcore3.1', 'dotnet6') then 'ok' + when runtime in ('nodejs16.x', 'nodejs14.x', 'nodejs12.x', 'nodejs10.x', 'python3.9', 'python3.8', 'python3.7', 'python3.6', 'ruby2.5', 'ruby2.7', 'java11', 'java8', 'java8.al2', 'go1.x', 'dotnetcore2.1', 'dotnetcore3.1', 'dotnet6') then 'ok' else 'alarm' end as status, case