cfn-nag 0.3.51 → 0.3.52

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (3) hide show
  1. checksums.yaml +4 -4
  2. data/lib/cfn-nag/custom_rules/CloudFormationAuthenticationRule.rb +14 -4
  3. metadata +1 -1
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 9e764bdbe8170764ddbcc2c6ed6030e2626300ef312af2284f6ba52d32158a75
4
- data.tar.gz: b90488a204b909cf5decba7db589c0dc570231354a686f3713e33b056484fdb7
3
+ metadata.gz: dbe97b8bdff1c7ee84e33f5fbcd87412fe418d9b5299c4222065c35f8c85f2ba
4
+ data.tar.gz: 53465649bd54c9890a6ff35210e8b482f7c24c126d885d81865397367bede71a
5
5
  SHA512:
6
- metadata.gz: 242bdde3f47c84cb12246b0c54305df8751ad927bd90a75bebf46fdf1e4ec3e6d93405906d234c2ad1f44b137fd7257a7b22969a867078a1120370d03d9818df
7
- data.tar.gz: 0f87bcb3a3c6e404b972c2219b4ca93118ce30a9f2e06f792aed6c75d07b36071e3649df5b58968f54f61286606975bfeae89a87d45785abafbb8d934658fdd6
6
+ metadata.gz: 9c7bf0417eae3f341f99c1e497c96a59334cca32199220c0450f75a6f081f986db2c46683cab46f8b1c15a175c6f86766de92042bc0aac620cdea96cf06a265f
7
+ data.tar.gz: 110ca000377113199a0af17598a3bf8bfb891833f4e8658d27f872b5ae963de35fca8ab9c59a3d437a4d3220258dabf957db6e767c311fdc7c05bf90a0a206ab
data/lib/cfn-nag/custom_rules/CloudFormationAuthenticationRule.rb CHANGED
@@ -1,7 +1,6 @@
1
1
  require 'cfn-nag/violation'
2
2
  require_relative 'base'
3
3
 
4
- # Rule to ensure credentials are not specified in template
5
4
  class CloudFormationAuthenticationRule < BaseRule
6
5
  def rule_text
7
6
  'Specifying credentials in the template itself is probably not the safest thing'
@@ -19,10 +18,21 @@ class CloudFormationAuthenticationRule < BaseRule
19
18
  logical_resource_ids = []
20
19
  cfn_model.raw_model['Resources'].each do |resource_name, resource|
21
20
  unless resource['Metadata'].nil?
22
- next if resource['Metadata']['AWS::CloudFormation::Authentication'].nil?
23
- logical_resource_ids << resource_name
21
+ unless resource['Metadata']['AWS::CloudFormation::Authentication'].nil?
22
+
23
+ resource['Metadata']['AWS::CloudFormation::Authentication'].each do |auth_name, auth|
24
+ if potentially_sensitive_credentials? auth
25
+ logical_resource_ids << resource_name
26
+ end
27
+ end
28
+
29
+ end
24
30
  end
25
31
  end
26
32
  logical_resource_ids
27
33
  end
28
- end
34
+
35
+ def potentially_sensitive_credentials?(auth)
36
+ auth['accessKeyId'] || auth['password'] || auth['secretKey']
37
+ end
38
+ end
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: cfn-nag
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.3.51
4
+ version: 0.3.52
5
5
  platform: ruby
6
6
  authors:
7
7
  - Eric Kascic