RubyGems - cfn-nag - Versions diffs - 0.0.40 → 0.0.41 - Mend

cfn-nag 0.0.40 → 0.0.41

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (3) hide show

checksums.yaml +4 -4
data/lib/json_rules/cidr_rules.rb +3 -12
metadata +1 -1

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 8854703d7177b20f5163fd7b157a33475963da37
-  data.tar.gz: c70c1fe0a9c9a050c3c1b1a520cf208c1e1940d3
+  metadata.gz: 264757a35c270841c6196e82f2a371cca3875257
+  data.tar.gz: 8a59009ea37f75cfb7f5e2ba4049e568abb3a9fe
 SHA512:
-  metadata.gz: db86b801b0a02a04ff91e67d853717dce477266ab3539f95d913dd2fab4ed8f1277fc6fd25d5db0b0ee3b289879476620826c4550014832ada98b3801922b954
-  data.tar.gz: 52d69d86e2689446e35ba886eec393cd21aa5c5e0289da6f2d0aaeafdef2c4c3d55ac28615157508e237f32d1b71817feecef906543ba99a2d33bd671e448998
+  metadata.gz: 17bb07800c03b9e80159ff128f8169a84cbfc237b43c52c04008b69c9a1e77d8988b21d477f50dee433cc21589224190b2e893833ec16a83eba013ea1cbc5b2b
+  data.tar.gz: 694cf7348c73c688d052a3003a24a033990a4efe164d44a2b6e11b50e0db1d2ba1622ac8e3882142cb6786a99ec4e1310bf6de6586674bb41e4111e33837e664

data/lib/json_rules/cidr_rules.rb CHANGED Viewed

@@ -32,7 +32,7 @@ warning id: 'W7',
 # BEWARE with escapes \d -> \\\d because of how the escapes get munged from ruby through to shell
 warning id: 'W8',
-        jq: '[.Resources|with_entries(.value.LogicalResourceId = .key)[] | select(.Type == "AWS::EC2::SecurityGroupIngress" and .Properties.CidrIp|type == "string")|select(.Properties.CidrIp | test("^\\\d{1,3}\\\.\\\d{1,3}\\\.\\\d{1,3}\\\.\\\d{1,3}/(?!32)$") )]|map(.LogicalResourceId)',
+        jq: '[.Resources|with_entries(.value.LogicalResourceId = .key)[] | select(.Type == "AWS::EC2::SecurityGroupIngress") | if(.Properties.CidrIp|type == "string") then select(.Properties.CidrIp|endswith("/32")|not) else (select(.Properties.CidrIp[]|endswith("/32")|not)) end ]|map(.LogicalResourceId)',
         message: 'Security Group Standalone Ingress cidr found that is not /32'
 non_32_cidr_jq_expression = <<END
@@ -41,21 +41,12 @@ non_32_cidr_jq_expression = <<END
  select(.Type == "AWS::EC2::SecurityGroup") |
  if (.Properties.SecurityGroupIngress|type == "object")
  then (
-       select(.Properties.SecurityGroupIngress.CidrIp|type == "string")|
-       select(.Properties.SecurityGroupIngress.CidrIp|test("^\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3}/(?!32)$"))
+        select(.Properties.SecurityGroupIngress.CidrIp|endswith("/32")|not)
       )
  else (
         if (.Properties.SecurityGroupIngress|type == "array")
         then (
-               select(.Properties.SecurityGroupIngress[].CidrIp|type == "string")|
-               select(.Properties.SecurityGroupIngress[].CidrIp |
-                      (
-                        if (.|type=="string")
-                        then test("^\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3}/(?!32)$")
-                        else empty
-                        end
-                      )
-                     )
+               select(.Properties.SecurityGroupIngress[]|select(.CidrIp|endswith("/32")|not))
              )
         else empty
         end

metadata CHANGED Viewed

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: cfn-nag
 version: !ruby/object:Gem::Version
-  version: 0.0.40
+  version: 0.0.41
 platform: ruby
 authors:
 - someguy