Checks/Aws/Test-CloudformationStackOutputsFindSecrets.ps1
|
function Test-CloudformationStackOutputsFindSecrets { <# .SYNOPSIS CloudFormation stack outputs do not contain secrets .DESCRIPTION **CloudFormation stack Outputs** are analyzed for hardcoded secrets-passwords, API keys, tokens-using pattern-based detection across output values. A finding indicates potential secret strings present within `Outputs` of the template or stack. .PARAMETER Check CIEMCheck object containing check metadata. #> [CmdletBinding()] [OutputType([PSCustomObject[]])] param( [Parameter(Mandatory)] [CIEMCheck]$Check ) $ErrorActionPreference = 'Stop' # TODO: Implement check logic based on Prowler check: cloudformation_stack_outputs_find_secrets [CIEMScanResult]::Create($Check, 'MANUAL', 'This check requires manual implementation. See Prowler check cloudformation_stack_outputs_find_secrets for reference.', 'N/A', 'cloudformation Resources') } |