dpantke
dpantke
I noticed that in your examples, for AWS resources ( which you are using internally I'd imagine ), you have a common definition file for types that can be included...
Looking at this finding: https://github.com/nccgroup/ScoutSuite/blob/4300fc0440db766fafb0db81de7c954534b0349c/ScoutSuite/providers/aws/rules/findings/cloudfront-distribution-cleartext-origin.json#L14 You actually can't set any setting other than "http-only" when S3 is used as the origin and have it work. One may counter that this...
## 1. Title AWS::EC2::VPCCidrBlock - add CIDRv4 and CIDRv6 attributes ## 2. Scope of request Need to be able to query the IPv4 and IPv6 CIDR ranges from a AWS::EC2::VPCCidrBlock....