bug(cloudformation): false positive for "ECS Cluster Not Encrypted At Rest" when using task definition ref

[Cerisabeth]

Expected Behavior

The ref-template.json (modified from test/negative2.json) to return negative for the ECS Cluster Not Encrypted At Rest query.

Actual Behavior

Query returns a positive for ECS Cluster Not Encrypted At Rest, even with the correct EFS volume configuration, due to this section of the above code:

          "TaskDefinition": {
            "Ref": "taskdefinition"
          },

It return negative when using the following syntax to reference the task definition:

          "TaskDefinition": "taskdefinition",

We are using AWS CDK to generate our template and it always generates a Ref block to refer to a resource.

Steps to Reproduce the Problem

1. Scan ref-template.json for query ECS Cluster Not Encrypted At Rest query (id: 6c131358-c54d-419b-9dd6-1f7dd41d180c)

docker run -t -v $PWD/test:/path checkmarx/kics:latest scan -p /path/ref-template.json -o "/path/" --log-level "DEBUG" -i "6c131358-c54d-419b-9dd6-1f7dd41d180c" -v

debug-log.txt

Specifications

• Version: v2.1.1
• Platform: CloudFormation
• Subsystem:

[cx-monica-casanova]

Hi @Cerisabeth Thanks for your input!

We asked our internal AppSec team to provide you feedback on this. We will keep you updated. (APPSEC-2916)

[cx-andre-pereira]

Hi @Cerisabeth

Just wanted to update you on this matter, the fact is that on the current KICS version 2.1.11 this issue is no longer reproducible; it has been resolved by cx-romeu-silva´s fix. Your description of the problem was spot on and helped us to implement the fix necessary. If you encounter any further issues or find that this solution did not resolve your problem, feel free to re-open this issue or create a new one if necessary.

Thank you for your contribution!