cfn-nag 0.4.34 → 0.4.35
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/bin/cfn_nag_rules +6 -1
- data/lib/cfn-nag/result_view/rules_view.rb +46 -20
- data/lib/cfn-nag/rule_dumper.rb +4 -2
- metadata +2 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 1cd3cda83224573532bebacc848e7faeae97f5b3a0a187dd3797239619303d38
|
|
4
|
+
data.tar.gz: '08d538e752ee13690d7deb5b5b3e8a6d8fb781b3d9e5f8df956e7123f9739cea'
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 78154bc0b1f476d8331c8f1c0796d523b2315e208e89d409b2424639fbd567c1e2748125c1a1dfac41a8218d70a3d19036eb8b63a517e561a31f170b485c8757
|
|
7
|
+
data.tar.gz: 41069d603ec8833debf6bb5f79a73a7f86addf24837a79134b24e00978a536bbc7bb4d781b5848a5e24225232dc95635ece872f830f526ec1364b5826c7ff5ac
|
data/bin/cfn_nag_rules
CHANGED
|
@@ -14,6 +14,10 @@ opts = Trollop.options do
|
|
|
14
14
|
opt :profile_path, 'Path to a profile file', type: :io,
|
|
15
15
|
required: false,
|
|
16
16
|
default: nil
|
|
17
|
+
opt :output_format,
|
|
18
|
+
'Format of results: [csv, json, txt]',
|
|
19
|
+
type: :string,
|
|
20
|
+
default: 'txt'
|
|
17
21
|
end
|
|
18
22
|
|
|
19
23
|
profile_definition = nil
|
|
@@ -22,6 +26,7 @@ unless opts[:profile_path].nil?
|
|
|
22
26
|
end
|
|
23
27
|
|
|
24
28
|
rule_dumper = CfnNagRuleDumper.new(profile_definition: profile_definition,
|
|
25
|
-
rule_directory: opts[:rule_directory]
|
|
29
|
+
rule_directory: opts[:rule_directory],
|
|
30
|
+
output_format: opts[:output_format])
|
|
26
31
|
|
|
27
32
|
rule_dumper.dump_rules
|
|
@@ -1,13 +1,21 @@
|
|
|
1
1
|
# frozen_string_literal: true
|
|
2
2
|
|
|
3
|
+
require 'json'
|
|
4
|
+
|
|
3
5
|
# View rules warnings/failings
|
|
4
6
|
class RulesView
|
|
5
|
-
def emit(rule_registry, profile)
|
|
6
|
-
|
|
7
|
-
|
|
8
|
-
|
|
9
|
-
|
|
10
|
-
|
|
7
|
+
def emit(rule_registry, profile, output_format: 'txt')
|
|
8
|
+
warnings = select_rules(rule_registry.warnings, profile)
|
|
9
|
+
failings = select_rules(rule_registry.failings, profile)
|
|
10
|
+
rules = failings + warnings
|
|
11
|
+
case output_format
|
|
12
|
+
when 'csv'
|
|
13
|
+
emit_csv(rules)
|
|
14
|
+
when 'json'
|
|
15
|
+
puts rules_to_json(rules)
|
|
16
|
+
when 'txt'
|
|
17
|
+
emit_txt(warnings, failings)
|
|
18
|
+
end
|
|
11
19
|
|
|
12
20
|
if rule_registry.duplicate_ids?
|
|
13
21
|
emit_duplicates(rule_registry.duplicate_ids)
|
|
@@ -17,6 +25,21 @@ class RulesView
|
|
|
17
25
|
|
|
18
26
|
private
|
|
19
27
|
|
|
28
|
+
def emit_txt(warnings, failings)
|
|
29
|
+
output_pattern = '%<id>s %<message>s'
|
|
30
|
+
puts 'WARNING VIOLATIONS:'
|
|
31
|
+
emit_rules(warnings, output_pattern)
|
|
32
|
+
puts
|
|
33
|
+
puts 'FAILING VIOLATIONS:'
|
|
34
|
+
emit_rules(failings, output_pattern)
|
|
35
|
+
end
|
|
36
|
+
|
|
37
|
+
def emit_csv(rules)
|
|
38
|
+
output_pattern = '%<type>s,%<id>s,"%<message>s"'
|
|
39
|
+
puts 'Type,ID,Message'
|
|
40
|
+
emit_rules(rules, output_pattern)
|
|
41
|
+
end
|
|
42
|
+
|
|
20
43
|
def emit_duplicates(duplicates)
|
|
21
44
|
duplicates.each do |info|
|
|
22
45
|
puts '------------------'.red
|
|
@@ -26,24 +49,27 @@ class RulesView
|
|
|
26
49
|
end
|
|
27
50
|
end
|
|
28
51
|
|
|
29
|
-
def
|
|
30
|
-
|
|
31
|
-
|
|
32
|
-
|
|
33
|
-
|
|
34
|
-
|
|
35
|
-
|
|
52
|
+
def select_rules(rules, profile)
|
|
53
|
+
selected = if profile.nil?
|
|
54
|
+
rules
|
|
55
|
+
else
|
|
56
|
+
rules.select { |rule| profile.contains_rule?(rule.id) }
|
|
57
|
+
end
|
|
58
|
+
selected.sort { |left, right| sort_id(left, right) }
|
|
59
|
+
end
|
|
60
|
+
|
|
61
|
+
def emit_rules(rules, output_pattern)
|
|
62
|
+
rules.each do |rule|
|
|
63
|
+
puts format(output_pattern, id: rule.id, message: rule.message, type: rule.type)
|
|
36
64
|
end
|
|
37
65
|
end
|
|
38
66
|
|
|
39
|
-
def
|
|
40
|
-
|
|
41
|
-
|
|
42
|
-
|
|
43
|
-
elsif profile.contains_rule?(failing.id)
|
|
44
|
-
puts "#{failing.id} #{failing.message}"
|
|
45
|
-
end
|
|
67
|
+
def rules_to_json(rules)
|
|
68
|
+
rule_array = []
|
|
69
|
+
rules.each do |rule|
|
|
70
|
+
rule_array << rule.to_h
|
|
46
71
|
end
|
|
72
|
+
puts JSON.pretty_generate(rule_array)
|
|
47
73
|
end
|
|
48
74
|
|
|
49
75
|
def sort_id(left, right)
|
data/lib/cfn-nag/rule_dumper.rb
CHANGED
|
@@ -6,9 +6,11 @@ require_relative 'result_view/rules_view'
|
|
|
6
6
|
|
|
7
7
|
class CfnNagRuleDumper
|
|
8
8
|
def initialize(profile_definition: nil,
|
|
9
|
-
rule_directory: nil
|
|
9
|
+
rule_directory: nil,
|
|
10
|
+
output_format: nil)
|
|
10
11
|
@rule_directory = rule_directory
|
|
11
12
|
@profile_definition = profile_definition
|
|
13
|
+
@output_format = output_format
|
|
12
14
|
end
|
|
13
15
|
|
|
14
16
|
def dump_rules
|
|
@@ -21,6 +23,6 @@ class CfnNagRuleDumper
|
|
|
21
23
|
.load(profile_definition: @profile_definition)
|
|
22
24
|
end
|
|
23
25
|
|
|
24
|
-
RulesView.new.emit(rule_registry, profile)
|
|
26
|
+
RulesView.new.emit(rule_registry, profile, output_format: @output_format)
|
|
25
27
|
end
|
|
26
28
|
end
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: cfn-nag
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.4.
|
|
4
|
+
version: 0.4.35
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Eric Kascic
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2019-07-
|
|
11
|
+
date: 2019-07-30 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: rake
|