cfn-nag 0.3.64 → 0.3.65
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/lib/cfn-nag/cfn_nag.rb +27 -20
- data/lib/cfn-nag/custom_rule_loader.rb +8 -3
- metadata +2 -2
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 783d680607fef0a7471c74e353264ebbc7758a8cf7ffcf61392b41c06739d09b
|
4
|
+
data.tar.gz: 38505a5993a099e5140a0e5ad35122c5ecea8f8f14c04afbcf045ae180bf6c27
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 00c6718490e3ade00a21a2f42e8fc4be2373a1dc60b68308f96563ce2eb356d44b9e697733a9cb37bbab9603f0e4bc84ef1e1306a3ce6bf83a6b476a35cfec54
|
7
|
+
data.tar.gz: c96b56fc4fbe93b9d04e51eb58da0442d8e41c2d143eb80a8a10704872db64d0d7b167ed212910e85cc4020bfa6cbf418480c6e6c0f982b2bfe3997547f3f062
|
data/lib/cfn-nag/cfn_nag.rb
CHANGED
@@ -64,6 +64,19 @@ class CfnNag
|
|
64
64
|
aggregate_results
|
65
65
|
end
|
66
66
|
|
67
|
+
def audit_result(violations)
|
68
|
+
{
|
69
|
+
failure_count: Violation.count_failures(violations),
|
70
|
+
violations: violations
|
71
|
+
}
|
72
|
+
end
|
73
|
+
|
74
|
+
def fatal_violation(message)
|
75
|
+
Violation.new(id: 'FATAL',
|
76
|
+
type: Violation::FAILING_VIOLATION,
|
77
|
+
message: message)
|
78
|
+
end
|
79
|
+
|
67
80
|
##
|
68
81
|
# Given cloudformation json/yml, run all the rules against it
|
69
82
|
#
|
@@ -74,26 +87,20 @@ class CfnNag
|
|
74
87
|
#
|
75
88
|
def audit(cloudformation_string:, parameter_values_string: nil)
|
76
89
|
violations = []
|
77
|
-
|
78
|
-
|
79
|
-
|
80
|
-
|
81
|
-
|
82
|
-
violations
|
83
|
-
|
84
|
-
|
85
|
-
|
86
|
-
|
87
|
-
|
88
|
-
|
89
|
-
|
90
|
-
violations
|
91
|
-
type: Violation::FAILING_VIOLATION,
|
92
|
-
message: "JSON Parameter values parse error: #{json_parameters_error.to_s}")
|
93
|
-
{
|
94
|
-
failure_count: Violation.count_failures(violations),
|
95
|
-
violations: violations
|
96
|
-
}
|
90
|
+
|
91
|
+
begin
|
92
|
+
cfn_model = CfnParser.new.parse cloudformation_string,
|
93
|
+
parameter_values_string
|
94
|
+
violations += @custom_rule_loader.execute_custom_rules(cfn_model)
|
95
|
+
violations = filter_violations_by_profile violations
|
96
|
+
rescue Psych::SyntaxError, ParserError => parser_error
|
97
|
+
violations << fatal_violation(parser_error.to_s)
|
98
|
+
rescue JSON::ParserError => json_parameters_error
|
99
|
+
error = "JSON Parameter values parse error: #{json_parameters_error.to_s}"
|
100
|
+
violations << fatal_violation(error)
|
101
|
+
end
|
102
|
+
|
103
|
+
audit_result(violations)
|
97
104
|
end
|
98
105
|
|
99
106
|
def self.configure_logging(opts)
|
@@ -97,9 +97,7 @@ class CustomRuleLoader
|
|
97
97
|
end
|
98
98
|
end
|
99
99
|
|
100
|
-
|
101
|
-
# STDERR emit can be moved to unless block
|
102
|
-
def validate_cfn_nag_metadata(cfn_model)
|
100
|
+
def collect_mangled_metadata(cfn_model)
|
103
101
|
mangled_metadatas = []
|
104
102
|
cfn_model.resources.each do |logical_resource_id, resource|
|
105
103
|
resource_rules_to_suppress = rules_to_suppress resource
|
@@ -111,6 +109,13 @@ class CustomRuleLoader
|
|
111
109
|
mangled_metadatas << [logical_resource_id, mangled_rules]
|
112
110
|
end
|
113
111
|
end
|
112
|
+
mangled_metadatas
|
113
|
+
end
|
114
|
+
|
115
|
+
# XXX given mangled_metadatas is never used or returned,
|
116
|
+
# STDERR emit can be moved to unless block
|
117
|
+
def validate_cfn_nag_metadata(cfn_model)
|
118
|
+
mangled_metadatas = collect_mangled_metadata(cfn_model)
|
114
119
|
mangled_metadatas.each do |mangled_metadata|
|
115
120
|
logical_resource_id = mangled_metadata.first
|
116
121
|
mangled_rules = mangled_metadata[1]
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: cfn-nag
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.3.
|
4
|
+
version: 0.3.65
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Eric Kascic
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2019-04-
|
11
|
+
date: 2019-04-12 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: rspec
|