[go: up one dir, main page]
Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[BUG] (pdk-nag) AthenaWorkgroupEncryptedQueryResults and CodeBuildProjectPrivilegedModeDisabled no longer exist in cdk-nag #883

Open
valebedu opened this issue Nov 14, 2024 · 0 comments
Open

[BUG] (pdk-nag) AthenaWorkgroupEncryptedQueryResults and CodeBuildProjectPrivilegedModeDisabled no longer exist in cdk-nag #883

valebedu opened this issue Nov 14, 2024 · 0 comments
Labels
bug Something isn't working needs-triage

Comments

@valebedu
Copy link
Contributor
valebedu commented Nov 14, 2024
edited
Loading

Describe the bug

In cdk-nag v2.33.0 AthenaWorkgroupEncryptedQueryResults and CodeBuildProjectPrivilegedModeDisabled were removed

So using latest version of pdk and cdk-nag and by running following command:

pdk && pdk upgrade && pdk upgrade-deps

I got this error:

...
👾 default | ts-node --project tsconfig.dev.json .projenrc.ts
/.../node_modules/.pnpm/@aws+pdk@0.25.7_@aws-cdk+aws-cognito-identitypool-alpha@2.167.0-alpha.0_aws-cdk-lib@2.167.0_c_k2jrqqhs4n5ovprdipk3teqyhe/node_modules/@aws/pdk/pdk-nag/packs/aws-prototyping-rules.ts:42
    rule: rules.athena.AthenaWorkgroupEncryptedQueryResults,
                       ^
TypeError: Cannot read properties of undefined (reading 'AthenaWorkgroupEncryptedQueryResults')
...

Expected Behavior

Current Behavior

Reproduction Steps

Just make a new project with pdk-nag and cdk-nag and have an entrypoint like following:

main.ts

import { PDKNag } from '@aws/pdk/pdk-nag'
import { AwsSolutionsChecks } from 'cdk-nag'

;(async () => {
  const app = PDKNag.app({
    failOnError: true,
    failOnWarning: true,
    nagPacks: [new AwsSolutionsChecks({ verbose: true, reports: true })],
  })

  ...

  app.synth()
})().catch((error) => {
  console.error(error)
  process.exit(1)
})

Possible Solution

Remove

  {
    info: "The Athena workgroup does not encrypt query results.",
    explanation:
      "Encrypting query results stored in S3 helps secure data to meet compliance requirements for data-at-rest encryption.",
    level: NagMessageLevel.WARN,
    rule: rules.athena.AthenaWorkgroupEncryptedQueryResults,
  },
  {
    info: "The CodeBuild project has privileged mode enabled.",
    explanation:
      "Privileged grants elevated rights to the system, which introduces additional risk. Privileged mode should only be set to true only if the build project is used to build Docker images. Otherwise, a build that attempts to interact with the Docker daemon fails.",
    level: NagMessageLevel.WARN,
    rule: rules.codebuild.CodeBuildProjectPrivilegedModeDisabled,
  },
  • similar traces in test files

Additional Information/Context

No response

PDK version used

v0.25.7

What languages are you seeing this issue on?

Typescript

Environment details (OS name and version, etc.)

macOS 15.0.1, apple m1 pro, node 20.18.0, pnpm 8.15.9
@valebedu valebedu added bug Something isn't working needs-triage labels Nov 14, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working needs-triage
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@valebedu