Guides

CODEGURU-SECURITY

docs.aws.amazon.com
AWS documentation

BatchGetFindings

valid {
    input.Body.findingIdentifiers[_].scanName == STRING
    input.Body.findingIdentifiers[_].findingId == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

CreateScan

enum_AnalysisType := [ "Security", "All" ]
enum_ScanType := [ "Standard", "Express" ]

valid {
    input.Body.clientToken == STRING
    input.Body.resourceId.codeArtifactId == STRING
    input.Body.scanName == STRING
    input.Body.scanType == enum_ScanType[_]
    input.Body.analysisType == enum_AnalysisType[_]
    input.Body.tags.STRING == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

CreateUploadUrl

valid {
    input.Body.scanName == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

GetAccountConfiguration

valid {
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

GetFindings

enum_Status := [ "Closed", "Open", "All" ]

valid {
    input.ReqMap.scanName == STRING
    input.Qs.nextToken == STRING
    input.Qs.maxResults == INTEGER
    input.Qs.status == enum_Status[_]
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

GetMetricsSummary

valid {
    input.Qs.date == TIMESTAMP
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

GetScan

valid {
    input.ReqMap.scanName == STRING
    input.Qs.runId == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

ListFindingsMetrics

valid {
    input.Qs.nextToken == STRING
    input.Qs.maxResults == INTEGER
    input.Qs.startDate == TIMESTAMP
    input.Qs.endDate == TIMESTAMP
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

ListScans

valid {
    input.Qs.nextToken == STRING
    input.Qs.maxResults == INTEGER
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

ListTagsForResource

valid {
    input.ReqMap.resourceArn == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

TagResource

valid {
    input.Body.tags.STRING == STRING
    input.ReqMap.resourceArn == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

UntagResource

valid {
    input.ReqMap.resourceArn == STRING
    input.Qs.tagKeys[_] == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

UpdateAccountConfiguration

valid {
    input.Body.encryptionConfig.kmsKeyArn == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}