π§ AWS ELB Load Balancer is not configured with defensive or strictest desync mitigation mode - prod.logic.yamlπ’
- Contextual name: π§ prod.logic.yamlπ’
- ID:
/ce/ca/aws/elb/load-balancer-desync-mitigation-mode/prod.logic.yaml - Tags:
- π’ Logic test success
- π’ Logic with extracts
- π’ Logic with test data
Usesβ
Test Results π’β
Generated at: 2025-12-27T12:01:58.349126958Z Open
| Result | Id | Condition Index | Condition Text | Runtime Error |
|---|---|---|---|---|
| π’ | test1 | βοΈ 99 | βοΈ isDisappeared(CA10__disappearanceTime__c) | βοΈ null |
| π’ | test2 | βοΈ 299 | βοΈ extract('CA10__type__c') != 'application' && extract('CA10__type__c') != 'classic' | βοΈ null |
| π’ | test3 | βοΈ 799 | βοΈ extract('caSetFrom_additionalAttributes__c').contains('routing.http.desync_mitigation_mode: defensive') | βοΈ null |
| π’ | test4 | βοΈ 899 | βοΈ extract('caSetFrom_additionalAttributes__c').contains('elb.http.desyncmitigationmode: defensive') | βοΈ null |
| π’ | test5 | βοΈ 499 | βοΈ extract('caSetFrom_additionalAttributes__c').contains('elb.http.desyncmitigationmode: monitor') | βοΈ null |
Generation Bundleβ
| File | MD5 | |
|---|---|---|
| Open | /ce/ca/aws/elb/load-balancer-desync-mitigation-mode/policy.yaml | 7CCAAE9A2C2DDFDD7890FFA812380333 |
| Open | /ce/ca/aws/elb/load-balancer-desync-mitigation-mode/prod.logic.yaml | D1C227A2D0F1E8DF43793F8466625D90 |
| Open | /ce/ca/aws/elb/load-balancer-desync-mitigation-mode/test-data.json | D0E0C7C47A9279F08960F5614E6031E9 |
| Open | /types/CA10__CaAwsLoadBalancer__c/object.extracts.yaml | 08ABDD2ADB04C6F391A6E9FE1F0ACBBE |
Available Commandsβ
repo-manager policies generate FULL /ce/ca/aws/elb/load-balancer-desync-mitigation-mode/prod.logic.yaml
repo-manager policies generate DEBUG /ce/ca/aws/elb/load-balancer-desync-mitigation-mode/prod.logic.yaml
repo-manager policies generate CAPTURE_TEST_DATA /ce/ca/aws/elb/load-balancer-desync-mitigation-mode/prod.logic.yaml
repo-manager policies generate TESTS /ce/ca/aws/elb/load-balancer-desync-mitigation-mode/prod.logic.yaml
# Execute tests
repo-manager policies test /ce/ca/aws/elb/load-balancer-desync-mitigation-mode/prod.logic.yaml
Contentβ
---
inputType: "CA10__CaAwsLoadBalancer__c"
importExtracts:
- file: "/types/CA10__CaAwsLoadBalancer__c/object.extracts.yaml"
recordTypes:
- "caAwsLoadBalancerApplication"
- "caAwsLoadBalancerClassic"
testData:
- file: "test-data.json"
conditions:
- status: "INAPPLICABLE"
currentStateMessage: "Desync mitigation mode only applies to Application and Classic Load Balancers."
check:
AND:
args:
- NOT_EQUAL:
left:
EXTRACT: "CA10__type__c"
right:
TEXT: "application"
- NOT_EQUAL:
left:
EXTRACT: "CA10__type__c"
right:
TEXT: "classic"
- status: "INCOMPLIANT"
currentStateMessage: "The Application Load Balancer is configured with the insecure 'monitor' desync mitigation mode."
remediationMessage: "Change the 'routing.http.desync_mitigation_mode' attribute to 'defensive' or 'strictest'."
check:
CONTAINS:
arg:
EXTRACT: "caSetFrom_additionalAttributes__c"
search:
TEXT: "routing.http.desync_mitigation_mode: monitor"
- status: "INCOMPLIANT"
currentStateMessage: "The Classic Load Balancer is configured with the insecure 'monitor' desync mitigation mode."
remediationMessage: "Change the 'routing.http.desync_mitigation_mode' attribute to 'defensive' or 'strictest'."
check:
CONTAINS:
arg:
EXTRACT: "caSetFrom_additionalAttributes__c"
search:
TEXT: "elb.http.desyncmitigationmode: monitor"
- status: "COMPLIANT"
currentStateMessage: "The Application Load Balancer is configured with 'strictest' desync mitigation mode."
check:
CONTAINS:
arg:
EXTRACT: "caSetFrom_additionalAttributes__c"
search:
TEXT: "routing.http.desync_mitigation_mode: strictest"
- status: "COMPLIANT"
currentStateMessage: "The Classic Load Balancer is configured with 'strictest' desync mitigation mode."
check:
CONTAINS:
arg:
EXTRACT: "caSetFrom_additionalAttributes__c"
search:
TEXT: "elb.http.desyncmitigationmode: strictest"
- status: "COMPLIANT"
currentStateMessage: "The Application Load Balancer is configured with 'defensive' desync mitigation mode."
check:
CONTAINS:
arg:
EXTRACT: "caSetFrom_additionalAttributes__c"
search:
TEXT: "routing.http.desync_mitigation_mode: defensive"
- status: "COMPLIANT"
currentStateMessage: "The Classic Load Balancer is configured with 'defensive' desync mitigation mode."
check:
CONTAINS:
arg:
EXTRACT: "caSetFrom_additionalAttributes__c"
search:
TEXT: "elb.http.desyncmitigationmode: defensive"
otherwise:
status: "UNDETERMINED"
currentStateMessage: "Unexpected values in the fields."