#ts

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

returntocorp

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

returntocorp

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

returntocorp

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

returntocorp

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

returntocorp

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

returntocorp

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

returntocorp

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

returntocorp

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

returntocorp

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

returntocorp

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

returntocorp

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

returntocorp

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

returntocorp

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

returntocorp

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

returntocorp

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

returntocorp

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

returntocorp

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

returntocorp

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

returntocorp

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

returntocorp

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

returntocorp

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

returntocorp

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

returntocorp

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

trailofbits

The Apollo GraphQL server lacks the 'csrfPrevention' option. This option is 'false' by the default in v3 of the Apollo GraphQL v3, which can enable CSRF attacks.

trailofbits

The Apollo GraphQL server sets the 'csrfPrevention' option to false. This can enable CSRF attacks.

returntocorp

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

trailofbits

The Apollo GraphQL uses the 'schemaDirectives' option. This works in ApolloServer v2, but does nothing in version >=3. Depending on what the directives are used for, this can expose authenticated endpoints, disable rate limiting, and more. See the references on how to create custom directives in v3 and v4.

trailofbits

The Apollo GraphQL server is using the graphql-upload library. This library allows file uploads using POSTs with content-type: multipart/form-data, which can enable to CSRF attacks. Ensure that you are enabling CSRF protection if you really need to use graphql-upload .

trailofbits

The Apollo GraphQL server is setup with a CORS policy that does not deny all origins. Carefully review the origins to see if any of them are incorrectly setup (third-party websites, bad regexes, functions that reflect every origin, etc.).

trailofbits

The Apollo GraphQL server lacks a CORS policy. By default, the server uses the Access-Control-Allow-Origin HTTP header with the wildcard value (*).

trailofbits

The Apollo GraphQL server is setup with a CORS policy that reflects any origin, or with a regex that has known flaws.

trailofbits

The Apollo GraphQL server lacks a CORS policy. By default, the batteries-included apollo-server package serves the Access-Control-Allow-Origin HTTP header with the wildcard value (*).

trailofbits

The Apollo GraphQL server is setup with a CORS policy that reflects any origin, or with a regex that has known flaws.

returntocorp

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

returntocorp

Bucket $X is not set to enforce encryption-in-transit, if not explictly setting this on the bucket policy - the property "enforceSSL" should be set to true

returntocorp

Queue $X is missing encryption at rest. Add "encryption: $Y.QueueEncryption.KMS" or "encryption: $Y.QueueEncryption.KMS_MANAGED" to the queue props to enable encryption at rest for the queue.

returntocorp

Using the GrantPublicAccess method on bucket contruct $X will make the objects in the bucket world accessible. Verify if this is intentional.

returntocorp

CodeBuild Project $X is set to have a public URL. This will make the build results, logs, artifacts publically accessible, including builds prior to the project being public. Ensure this is acceptable for the project.

returntocorp

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

returntocorp

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

returntocorp

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

returntocorp

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

returntocorp

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

returntocorp

Unescaped '.' character in CORS domain regex $CORS: $PATTERN