cfn-nag 0.3.70 → 0.3.71

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 87b103419c81f7993bac0aaea152c9d4f5fb90df1a266d219b768e31e93c962f
-  data.tar.gz: ad57b13ca5e9d12ae76e9ab0ab2190b30f3edf82f12ad4cb4fde137fda9fa7ce
+  metadata.gz: cb1fd786f8282f23fa1a950c373183ee4d790ae388187c6d9dc074c2cacf6d84
+  data.tar.gz: 625fffbc01a10bbc25e069108076c00fa3c3da2c801a413cf4ef9b6cea5d2bae
 SHA512:
-  metadata.gz: 9c944634f99d05d4233c336052d88305be821d95c03e488d3ee5620191e18a66833bfdac7a6c2e5bbe64c83a79bee4e5cf878be060c08de9533adbe67d57a64f
-  data.tar.gz: 15ca6d74a6c3aa6813d8a31c2e4e6bd1f4535e91abf23525a3d4f96a738ed4c655635516e181be08447e3624cbc7e25a2fe8c50e2080d79874f1f76441a84a7d
+  metadata.gz: f79be81a03d0e344df96b1c200b27458da31e83728716742a84011498360a819d9249001a8a516d71315559472d483cbd841c549526fdb08064bbb97b8cec869
+  data.tar.gz: 6a6082ebc4f4d8a39f06e05b14bc0c819c39853af46aef2d2566758f64296a519d99416140874055301215cc857ffc85894d3c2e5dffe5f570ca169d7917d86b

data/bin/cfn_nag

@@ -7,6 +7,7 @@ require 'logging'
 require 'json'
 require 'rubygems/specification'
 
+# rubocop:disable Metrics/BlockLength
 opts = Trollop.options do
   options_message = '[options] <cloudformation template path ...>|' \
                     '<cloudformation template in STDIN>'
@@ -52,6 +53,7 @@ opts = Trollop.options do
       required: false,
       default: false
 end
+# rubocop:enable Metrics/BlockLength
 
 CfnNag.configure_logging(opts)
 

data/bin/cfn_nag_scan

@@ -7,6 +7,7 @@ require 'logging'
 require 'json'
 require 'rubygems/specification'
 
+# rubocop:disable Metrics/BlockLength
 opts = Trollop.options do
   version Gem::Specification.find_by_name('cfn-nag').version
 
@@ -71,6 +72,7 @@ opts = Trollop.options do
       required: false,
       default: '..*\.json|..*\.yaml|..*\.yml|..*\.template'
 end
+# rubocop:enable Metrics/BlockLength
 
 unless %w[txt json].include?(opts[:output_format])
   Trollop.die(:output_format,

data/lib/cfn-nag/cfn_nag.rb

@@ -82,8 +82,8 @@ class CfnNag
                                       parameter_values_string
       violations += @custom_rule_loader.execute_custom_rules(cfn_model)
       violations = filter_violations_by_profile violations
-    rescue Psych::SyntaxError, ParserError => parser_error
-      violations << fatal_violation(parser_error.to_s)
+    rescue Psych::SyntaxError, ParserError => exception
+      violations << fatal_violation(exception.to_s)
     rescue JSON::ParserError => json_parameters_error
       error = "JSON Parameter values parse error: #{json_parameters_error}"
       violations << fatal_violation(error)

data/lib/cfn-nag/custom_rule_loader.rb

@@ -10,6 +10,7 @@ require 'cfn-nag/jmes_path_discovery'
 # This object can discover the internal and custom user-provided rules and
 # apply these rules to a CfnModel object
 #
+# rubocop:disable Metrics/ClassLength
 class CustomRuleLoader
   def initialize(rule_directory: nil,
                  allow_suppression: true,
@@ -22,6 +23,7 @@ class CustomRuleLoader
     validate_extra_rule_directory rule_directory
   end
 
+  # rubocop:disable Security/Eval
   def rule_definitions
     rule_registry = RuleRegistry.new
 
@@ -39,6 +41,7 @@ class CustomRuleLoader
 
     rule_registry
   end
+  # rubocop:enable Security/Eval
 
   def execute_custom_rules(cfn_model)
     if Logging.logger['log'].debug?
@@ -65,6 +68,7 @@ class CustomRuleLoader
       message: rule.rule_text }
   end
 
+  # rubocop:disable Security/Eval
   def filter_jmespath_filenames(cfn_model, violations)
     discover_jmespath_filenames(@rule_directory).each do |jmespath_file|
       evaluator = JmesPathEvaluator.new cfn_model
@@ -74,7 +78,9 @@ class CustomRuleLoader
       violations += evaluator.violations
     end
   end
+  # rubocop:enable Security/Eval
 
+  # rubocop:disable Style/RedundantBegin
   def filter_rule_classes(cfn_model, violations)
     discover_rule_classes(@rule_directory).each do |rule_class|
       begin
@@ -87,10 +93,12 @@ class CustomRuleLoader
         violations << audit_result unless audit_result.nil?
       rescue ScriptError, StandardError => rule_error
         raise rule_error unless @isolate_custom_rule_exceptions
+
         STDERR.puts rule_error
       end
     end
   end
+  # rubocop:enable Style/RedundantBegin
 
   def rules_to_suppress(resource)
     if resource.metadata &&
@@ -106,6 +114,7 @@ class CustomRuleLoader
     cfn_model.resources.each do |logical_resource_id, resource|
       resource_rules_to_suppress = rules_to_suppress resource
       next if resource_rules_to_suppress.nil?
+
       mangled_rules = resource_rules_to_suppress.select do |rule_to_suppress|
         rule_to_suppress['id'].nil?
       end
@@ -132,6 +141,7 @@ class CustomRuleLoader
   def suppress_resource?(rules_to_suppress, rule_id, logical_resource_id)
     found_suppression_rule = rules_to_suppress.find do |rule_to_suppress|
       next if rule_to_suppress['id'].nil?
+
       rule_to_suppress['id'] == rule_id
     end
     if found_suppression_rule && @print_suppression
@@ -162,6 +172,7 @@ class CustomRuleLoader
 
   def validate_extra_rule_directory(rule_directory)
     return true if rule_directory.nil? || File.directory?(rule_directory)
+
     raise "Not a real directory #{rule_directory}"
   end
 
@@ -203,3 +214,4 @@ class CustomRuleLoader
     rule_filenames
   end
 end
+# rubocop:enable Metrics/ClassLength

data/lib/cfn-nag/custom_rules/base.rb

@@ -18,6 +18,7 @@ class BaseRule
   def audit(cfn_model)
     logical_resource_ids = audit_impl(cfn_model)
     return if logical_resource_ids.empty?
+
     Violation.new(id: rule_id,
                   type: rule_type,
                   message: rule_text,

data/lib/cfn-nag/profile_loader.rb

@@ -19,6 +19,7 @@ class ProfileLoader
 
     profile_definition.each_line do |line|
       next unless (rule_id = rule_line_match(line))
+
       check_valid_rule_id rule_id
       new_profile.add_rule rule_id
     end
@@ -33,6 +34,7 @@ class ProfileLoader
     rule_id = rule_id.chomp
     matches = /^([a-zA-Z]*?[0-9]+)\s*(.*)/.match(rule_id)
     return false if matches.nil?
+
     matches.captures.first
   end
 
@@ -45,6 +47,7 @@ class ProfileLoader
   # else raise an error
   def check_valid_rule_id(rule_id)
     return true unless @rules_registry.by_id(rule_id).nil?
+
     raise "#{rule_id} is not a legal rule identifier from: #{rules_ids}"
   end
 end

data/lib/cfn-nag/rule_definition.rb

@@ -30,7 +30,7 @@ class RuleDefinition
     }
   end
 
-  def ==(other_violation)
-    other_violation.class == self.class && other_violation.to_h == to_h
+  def ==(other)
+    other.class == self.class && other.to_h == to_h
   end
 end

data/lib/cfn-nag/template_discovery.rb

@@ -10,6 +10,7 @@ class TemplateDiscovery
                                          template_pattern: template_pattern)
     end
     return [render_path(input_json_path)] if ::File.file? input_json_path
+
     raise "#{input_json_path} is not a proper path"
   end
 
@@ -17,6 +18,7 @@ class TemplateDiscovery
 
   def render_path(path)
     return path.path if path.is_a? File
+
     path
   end
 
@@ -25,7 +27,7 @@ class TemplateDiscovery
 
     templates = []
     Dir[File.join(directory, '**/**')].each do |file_name|
-      if file_name.match(template_pattern)
+      if file_name.match?(template_pattern)
         templates << file_name
       end
     end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: cfn-nag
 version: !ruby/object:Gem::Version
-  version: 0.3.70
+  version: 0.3.71
 platform: ruby
 authors:
 - Eric Kascic