CodeAnt-AI
diff --git a/‎cdk_integration_tests/src/typescript/RedShiftSSL/fail__2__.ts
Lines changed: 39 additions & 18 deletions b/‎cdk_integration_tests/src/typescript/RedShiftSSL/fail__2__.ts
Lines changed: 39 additions & 18 deletions
diff --git a/‎cdk_integration_tests/src/typescript/RedShiftSSL/pass.ts
Lines changed: 24 additions & 8 deletions b/‎cdk_integration_tests/src/typescript/RedShiftSSL/pass.ts
Lines changed: 24 additions & 8 deletions
diff --git a/‎cdk_integration_tests/src/typescript/RedshiftClusterEncryption/fail.ts
Lines changed: 0 additions & 12 deletions b/‎cdk_integration_tests/src/typescript/RedshiftClusterEncryption/fail.ts
Lines changed: 0 additions & 12 deletions
diff --git a/‎cdk_integration_tests/src/typescript/RedshiftClusterEncryption/fail__2__.ts
Lines changed: 51 additions & 0 deletions b/‎cdk_integration_tests/src/typescript/RedshiftClusterEncryption/fail__2__.ts
Lines changed: 51 additions & 0 deletions
diff --git a/‎cdk_integration_tests/src/typescript/RedshiftClusterEncryption/pass.ts
Lines changed: 47 additions & 13 deletions b/‎cdk_integration_tests/src/typescript/RedshiftClusterEncryption/pass.ts
Lines changed: 47 additions & 13 deletions
diff --git a/‎cdk_integration_tests/src/typescript/S3BlockPublicACLs/fail.ts
Lines changed: 16 additions & 0 deletions b/‎cdk_integration_tests/src/typescript/S3BlockPublicACLs/fail.ts
Lines changed: 16 additions & 0 deletions
diff --git a/‎cdk_integration_tests/src/typescript/S3BlockPublicACLs/fail__2__.ts
Lines changed: 0 additions & 11 deletions b/‎cdk_integration_tests/src/typescript/S3BlockPublicACLs/fail__2__.ts
Lines changed: 0 additions & 11 deletions
diff --git a/‎cdk_integration_tests/src/typescript/S3BlockPublicACLs/fail__3__.ts
Lines changed: 46 additions & 0 deletions b/‎cdk_integration_tests/src/typescript/S3BlockPublicACLs/fail__3__.ts
Lines changed: 46 additions & 0 deletions
diff --git a/‎cdk_integration_tests/src/typescript/S3BlockPublicACLs/pass.ts
Lines changed: 21 additions & 6 deletions b/‎cdk_integration_tests/src/typescript/S3BlockPublicACLs/pass.ts
Lines changed: 21 additions & 6 deletions
diff --git a/‎cdk_integration_tests/src/typescript/S3BlockPublicACLs/pass2.ts
Lines changed: 24 additions & 0 deletions b/‎cdk_integration_tests/src/typescript/S3BlockPublicACLs/pass2.ts
Lines changed: 24 additions & 0 deletions
@@ -1,19 +1,40 @@
-// FINDING
-import { CfnClusterParameterGroup } from '@aws-cdk/aws-redshift';
+import * as cdk from 'aws-cdk-lib';
+import * as redshift from 'aws-cdk-lib/aws-redshift';
 
-// SINK
-// SINK: Vulnerability found due to Redshift not using SSL
-new CfnClusterParameterGroup(stack, 'MyClusterParameterGroup', {
-    description: 'Parameter group for my Redshift cluster',
-    family: 'redshift-1.0',
-    parameters: {
-        require_ssl: 'false', // This should be 'true' to enforce SSL
-    },
-});
-new CfnClusterParameterGroup(stack, 'MyClusterParameterGroup', {
-    description: 'Parameter group for my Redshift cluster',
-    family: 'redshift-1.0',
-    parameters: {
-        random_param: 100
-    },
-});
+class MyRedshiftClusterParameterGroupStack extends cdk.Stack {
+    constructor(scope: cdk.Construct, id: string, props?: cdk.StackProps) {
+        super(scope, id, props);
+
+        // Define Redshift Cluster Parameter Group with require_ssl parameter
+        new redshift.CfnClusterParameterGroup(this, 'MyRedshiftClusterParameterGroup', {
+            description: 'My Redshift Parameter Group',
+            parameterGroupFamily: 'redshift-1.0',
+            parameters: [
+                {
+                    parameterName: 'require_ssl',
+                    parameterValue: 'false',
+                },
+                // Add other parameters if needed
+            ],
+        });
+    }
+}
+
+const app = new cdk.App();
+new MyRedshiftClusterParameterGroupStack(app, 'MyRedshiftClusterParameterGroupStack');
+app.synth();
+
+class MyRedshiftClusterParameterGroupStack2 extends cdk.Stack {
+    constructor(scope: cdk.Construct, id: string, props?: cdk.StackProps) {
+        super(scope, id, props);
+
+        // Define Redshift Cluster Parameter Group with abc parameter
+        new redshift.CfnClusterParameterGroup(this, 'MyRedshiftClusterParameterGroup2', {
+            description: 'My Redshift Parameter Group 2',
+            parameterGroupFamily: 'redshift-1.0',
+        });
+    }
+}
+
+new MyRedshiftClusterParameterGroupStack2(app, 'MyRedshiftClusterParameterGroupStack2');
+app.synth();
@@ -1,9 +1,25 @@
-import { CfnClusterParameterGroup } from '@aws-cdk/aws-redshift';
+import * as cdk from 'aws-cdk-lib';
+import * as redshift from 'aws-cdk-lib/aws-redshift';
 
-new CfnClusterParameterGroup(stack, 'MyClusterParameterGroup', {
-    description: 'Parameter group for my Redshift cluster',
-    family: 'redshift-1.0',
-    parameters: {
-        require_ssl: 'true', // This should be 'true' to enforce SSL
-    },
-});
+class MyRedshiftClusterParameterGroupStack extends cdk.Stack {
+    constructor(scope: cdk.Construct, id: string, props?: cdk.StackProps) {
+        super(scope, id, props);
+
+        // Define Redshift Cluster Parameter Group with require_ssl parameter
+        new redshift.CfnClusterParameterGroup(this, 'MyRedshiftClusterParameterGroup', {
+            description: 'My Redshift Parameter Group',
+            parameterGroupFamily: 'redshift-1.0',
+            parameters: [
+                {
+                    parameterName: 'require_ssl',
+                    parameterValue: 'true',
+                },
+                // Add other parameters if needed
+            ],
+        });
+    }
+}
+
+const app = new cdk.App();
+new MyRedshiftClusterParameterGroupStack(app, 'MyRedshiftClusterParameterGroupStack');
+app.synth();
@@ -0,0 +1,51 @@
+import * as redshift from '@aws-cdk/aws-redshift-alpha';
+import * as kms from 'aws-cdk-lib/aws-kms';
+import * as ec2 from 'aws-cdk-lib/aws-ec2';
+import { Stack, App } from 'aws-cdk-lib';
+
+const app = new App();
+const stack = new Stack(app, 'RedshiftStack');
+
+// Create a VPC
+const vpc = new ec2.Vpc(stack, 'Vpc', {
+    maxAzs: 2
+});
+
+// Create a KMS key for encryption
+const kmsKey = new kms.Key(stack, 'KmsKey');
+
+const cluster = new redshift.Cluster(stack, 'MyCluster', {
+    masterUser: {
+        masterUsername: 'admin',
+    },
+    vpc,
+});
+
+import * as redshift from 'aws-cdk-lib/aws_redshift';
+import * as kms from 'aws-cdk-lib/aws-kms';
+import * as ec2 from 'aws-cdk-lib/aws-ec2';
+import { Stack, App } from 'aws-cdk-lib';
+
+const app = new App();
+const stack = new Stack(app, 'RedshiftStack');
+
+// Create a VPC
+const vpc = new ec2.Vpc(stack, 'Vpc', {
+    maxAzs: 2
+});
+
+// Create a KMS key for encryption
+const kmsKey = new kms.Key(stack, 'KmsKey');
+
+const cfnCluster = new redshift.CfnCluster(stack, 'MyCfnCluster', {
+    clusterType: 'multi-node',
+    dbName: 'mydatabase',
+    masterUsername: 'admin',
+    masterUserPassword: 'password',
+    nodeType: 'ds2.xlarge',
+    numberOfNodes: 3,
+    kmsKeyId: kmsKey.keyArn, // Use the specific KMS key
+    vpcSecurityGroupIds: [ /* security group IDs */ ],
+    clusterSubnetGroupName: vpc.selectSubnets({ subnetType: ec2.SubnetType.PRIVATE_WITH_EGRESS }).subnetIds[0],
+});
+
@@ -1,19 +1,53 @@
-// SOURCE
-import { Cluster } from '@aws-cdk/aws-redshift';
+import * as redshift from '@aws-cdk/aws-redshift-alpha';
+import * as kms from 'aws-cdk-lib/aws-kms';
+import * as ec2 from 'aws-cdk-lib/aws-ec2';
+import { Stack, App } from 'aws-cdk-lib';
 
-// SINK
-// SINK: Vulnerability found due to missing encryption at rest
-new Cluster(stack, 'MyRedshiftCluster', {
-    masterUser: {
-        masterUsername: 'admin',
-        masterPassword: 'password',
-    },
-    vpc, encrypted: true
+const app = new App();
+const stack = new Stack(app, 'RedshiftStack');
+
+// Create a VPC
+const vpc = new ec2.Vpc(stack, 'Vpc', {
+    maxAzs: 2
 });
-new Cluster(stack, 'MyRedshiftCluster', {
+
+// Create a KMS key for encryption
+const kmsKey = new kms.Key(stack, 'KmsKey');
+
+const cluster = new redshift.Cluster(stack, 'MyCluster', {
     masterUser: {
         masterUsername: 'admin',
-        masterPassword: 'password',
     },
-    vpc
+    vpc,
+    encryption: true,
+});
+
+import * as redshift from 'aws-cdk-lib/aws_redshift';
+import * as kms from 'aws-cdk-lib/aws-kms';
+import * as ec2 from 'aws-cdk-lib/aws-ec2';
+import { Stack, App } from 'aws-cdk-lib';
+
+const app = new App();
+const stack = new Stack(app, 'RedshiftStack');
+
+// Create a VPC
+const vpc = new ec2.Vpc(stack, 'Vpc', {
+    maxAzs: 2
 });
+
+// Create a KMS key for encryption
+const kmsKey = new kms.Key(stack, 'KmsKey');
+
+const cfnCluster = new redshift.CfnCluster(stack, 'MyCfnCluster', {
+    clusterType: 'multi-node',
+    dbName: 'mydatabase',
+    masterUsername: 'admin',
+    masterUserPassword: 'password',
+    nodeType: 'ds2.xlarge',
+    numberOfNodes: 3,
+    encryption: true,
+    kmsKeyId: kmsKey.keyArn, // Use the specific KMS key
+    vpcSecurityGroupIds: [ /* security group IDs */ ],
+    clusterSubnetGroupName: vpc.selectSubnets({ subnetType: ec2.SubnetType.PRIVATE_WITH_EGRESS }).subnetIds[0],
+});
+
@@ -0,0 +1,16 @@
+import * as cdk from 'aws-cdk-lib';
+import { Stack, App } from 'aws-cdk-lib';
+import * as s3 from 'aws-cdk-lib/aws-s3';
+
+const app = new App();
+const stack = new Stack(app, 'S3BucketStack');
+
+// Create an S3 bucket with blockPublicAcls enabled
+const bucket = new s3.Bucket(stack, 'MyBucket', {
+    blockPublicAccess: s3.BlockPublicAccess.IGNORE_ACLS,
+    versioned: true,
+    removalPolicy: cdk.RemovalPolicy.DESTROY,
+    autoDeleteObjects: true,
+});
+
+app.synth();
@@ -0,0 +1,46 @@
+import * as cdk from 'aws-cdk-lib';
+import { Stack, App } from 'aws-cdk-lib';
+import { Bucket, BlockPublicAccess } from 'aws-cdk-lib/aws-s3';
+
+const app = new App();
+const stack = new Stack(app, 'S3BucketStack');
+
+// Create an S3 bucket with blockPublicAcls enabled
+const bucket = new Bucket(stack, 'MyBucket', {
+    blockPublicAccess: BlockPublicAccess.IGNORE_ACLS,
+    versioned: true,
+    removalPolicy: cdk.RemovalPolicy.DESTROY,
+    autoDeleteObjects: true,
+});
+
+const bucket2 = new Bucket(stack, 'MyBucket', {
+    versioned: true,
+    removalPolicy: cdk.RemovalPolicy.DESTROY,
+    autoDeleteObjects: true,
+});
+
+app.synth();
+
+import * as cdk from 'aws-cdk-lib';
+import { Stack, App } from 'aws-cdk-lib';
+import * as s3 from 'aws-cdk-lib/aws-s3';
+
+const app = new App();
+const stack = new Stack(app, 'S3BucketStack');
+
+// Create an S3 bucket with blockPublicAcls enabled
+const bucket = new s3.CfnBucket(stack, 'MyBucket', {
+    bucketName: 'my-bucket-name', // Optional: Specify a bucket name
+    versioningConfiguration: {
+        status: 'Enabled',
+    },
+    publicAccessBlockConfiguration: {
+        blockPublicAcls: false, // Only block public ACLs
+        ignorePublicAcls: true,
+    },
+});
+
+bucket.applyRemovalPolicy(cdk.RemovalPolicy.DESTROY);
+
+app.synth();
+
@@ -1,8 +1,23 @@
-// FINDING
-import { Bucket } from '@aws-cdk/aws-s3';
+import * as cdk from 'aws-cdk-lib';
+import { Stack, App } from 'aws-cdk-lib';
+import * as s3 from 'aws-cdk-lib/aws-s3';
 
-// SINK
-// SINK: Vulnerability found due to S3 bucket missing block public ACLs
-new Bucket(stack, 'MyBucket', {
-    blockPublicAcls: true, // This should be 'true' to block public ACLs
+const app = new App();
+const stack = new Stack(app, 'S3BucketStack');
+
+// Create an S3 bucket with blockPublicAcls enabled
+const bucket = new s3.Bucket(stack, 'MyBucket', {
+  blockPublicAccess: s3.BlockPublicAccess.BLOCK_ACLS, // Only block public ACLs
+  versioned: true,
+  removalPolicy: cdk.RemovalPolicy.DESTROY, // NOT recommended for production code
+  autoDeleteObjects: true, // NOT recommended for production code
+});
+
+const bucket2 = new s3.Bucket(stack, 'MyBucket', {
+  blockPublicAccess: s3.BlockPublicAccess.BLOCK_ALL, // Only block public ACLs
+  versioned: true,
+  removalPolicy: cdk.RemovalPolicy.DESTROY, // NOT recommended for production code
+  autoDeleteObjects: true, // NOT recommended for production code
 });
+
+app.synth();
@@ -0,0 +1,24 @@
+import * as cdk from 'aws-cdk-lib';
+import { Stack, App } from 'aws-cdk-lib';
+import { Bucket, BlockPublicAccess } from 'aws-cdk-lib/aws-s3';
+
+const app = new App();
+const stack = new Stack(app, 'S3BucketStack');
+
+// Create an S3 bucket with blockPublicAcls enabled
+const bucket = new Bucket(stack, 'MyBucket', {
+  blockPublicAccess: BlockPublicAccess.BLOCK_ACLS, // Only block public ACLs
+  versioned: true,
+  removalPolicy: cdk.RemovalPolicy.DESTROY, // NOT recommended for production code
+  autoDeleteObjects: true, // NOT recommended for production code
+});
+
+const bucket2 = new Bucket(stack, 'MyBucket', {
+  blockPublicAccess: BlockPublicAccess.BLOCK_ALL, // Only block public ACLs
+  versioned: true,
+  removalPolicy: cdk.RemovalPolicy.DESTROY, // NOT recommended for production code
+  autoDeleteObjects: true, // NOT recommended for production code
+});
+
+app.synth();
+