cfn-nag 0.4.50 → 0.4.51
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
    
        checksums.yaml
    CHANGED
    
    | @@ -1,7 +1,7 @@ | |
| 1 1 | 
             
            ---
         | 
| 2 2 | 
             
            SHA256:
         | 
| 3 | 
            -
              metadata.gz:  | 
| 4 | 
            -
              data.tar.gz:  | 
| 3 | 
            +
              metadata.gz: 78b33a6161c54bf1e7745c16c0b5b1cd494ad838db994437c80ec63493906700
         | 
| 4 | 
            +
              data.tar.gz: cfbd391c61bd3dc697222ce2ba19dc0a8cc4da368cd9187c974c7f310abf476b
         | 
| 5 5 | 
             
            SHA512:
         | 
| 6 | 
            -
              metadata.gz:  | 
| 7 | 
            -
              data.tar.gz:  | 
| 6 | 
            +
              metadata.gz: d9754d47d8334b0ca1bcf0e4f8d2550d215a7868a40061ee8098d1d23201421c7d8ae1ec62325fb5f823b51dfa8b01ab26191dd154c6189fbea9974677109584
         | 
| 7 | 
            +
              data.tar.gz: 0e7e64c9303f5400243b516dc47c6b34b141ffe6ecb47c1c40566da288c7650786c88bb942b4b5948c83824e71665d2add8b0d7d96025efc71a4968b83d757b5
         | 
| @@ -0,0 +1,43 @@ | |
| 1 | 
            +
            # frozen_string_literal: true
         | 
| 2 | 
            +
             | 
| 3 | 
            +
            require 'cfn-nag/violation'
         | 
| 4 | 
            +
            require_relative 'base'
         | 
| 5 | 
            +
             | 
| 6 | 
            +
            class ElasticLoadBalancerV2AccessLoggingRule < BaseRule
         | 
| 7 | 
            +
              def rule_text
         | 
| 8 | 
            +
                'Elastic Load Balancer V2 should have access logging enabled'
         | 
| 9 | 
            +
              end
         | 
| 10 | 
            +
             | 
| 11 | 
            +
              def rule_type
         | 
| 12 | 
            +
                Violation::WARNING
         | 
| 13 | 
            +
              end
         | 
| 14 | 
            +
             | 
| 15 | 
            +
              def rule_id
         | 
| 16 | 
            +
                'W52'
         | 
| 17 | 
            +
              end
         | 
| 18 | 
            +
             | 
| 19 | 
            +
              def audit_impl(cfn_model)
         | 
| 20 | 
            +
                violating_elbs = cfn_model.resources_by_type('AWS::ElasticLoadBalancingV2::LoadBalancer')
         | 
| 21 | 
            +
                                          .select do |elb|
         | 
| 22 | 
            +
                  elb.loadBalancerAttributes.nil? || missing_access_logs?(elb) || access_logging_is_false?(elb)
         | 
| 23 | 
            +
                end
         | 
| 24 | 
            +
             | 
| 25 | 
            +
                violating_elbs.map(&:logical_resource_id)
         | 
| 26 | 
            +
              end
         | 
| 27 | 
            +
             | 
| 28 | 
            +
              private
         | 
| 29 | 
            +
             | 
| 30 | 
            +
              def access_logging_is_false?(load_balancer)
         | 
| 31 | 
            +
                false_access_log_attribute = load_balancer.loadBalancerAttributes.find do |load_balancer_attribute|
         | 
| 32 | 
            +
                  load_balancer_attribute['Key'] ==  'access_logs.s3.enabled' && load_balancer_attribute['Value'].casecmp?('false')
         | 
| 33 | 
            +
                end
         | 
| 34 | 
            +
                false_access_log_attribute
         | 
| 35 | 
            +
              end
         | 
| 36 | 
            +
             | 
| 37 | 
            +
              def missing_access_logs?(load_balancer)
         | 
| 38 | 
            +
                access_log_attribute = load_balancer.loadBalancerAttributes.find do |load_balancer_attribute|
         | 
| 39 | 
            +
                  load_balancer_attribute['Key'] ==  'access_logs.s3.enabled'
         | 
| 40 | 
            +
                end
         | 
| 41 | 
            +
                access_log_attribute.nil?
         | 
| 42 | 
            +
              end
         | 
| 43 | 
            +
            end
         | 
    
        metadata
    CHANGED
    
    | @@ -1,14 +1,14 @@ | |
| 1 1 | 
             
            --- !ruby/object:Gem::Specification
         | 
| 2 2 | 
             
            name: cfn-nag
         | 
| 3 3 | 
             
            version: !ruby/object:Gem::Version
         | 
| 4 | 
            -
              version: 0.4. | 
| 4 | 
            +
              version: 0.4.51
         | 
| 5 5 | 
             
            platform: ruby
         | 
| 6 6 | 
             
            authors:
         | 
| 7 7 | 
             
            - Eric Kascic
         | 
| 8 8 | 
             
            autorequire: 
         | 
| 9 9 | 
             
            bindir: bin
         | 
| 10 10 | 
             
            cert_chain: []
         | 
| 11 | 
            -
            date: 2019- | 
| 11 | 
            +
            date: 2019-12-07 00:00:00.000000000 Z
         | 
| 12 12 | 
             
            dependencies:
         | 
| 13 13 | 
             
            - !ruby/object:Gem::Dependency
         | 
| 14 14 | 
             
              name: rake
         | 
| @@ -174,6 +174,7 @@ files: | |
| 174 174 | 
             
            - lib/cfn-nag/custom_rules/ElastiCacheReplicationGroupAtRestEncryptionRule.rb
         | 
| 175 175 | 
             
            - lib/cfn-nag/custom_rules/ElastiCacheReplicationGroupTransitEncryptionRule.rb
         | 
| 176 176 | 
             
            - lib/cfn-nag/custom_rules/ElasticLoadBalancerAccessLoggingRule.rb
         | 
| 177 | 
            +
            - lib/cfn-nag/custom_rules/ElasticLoadBalancerV2AccessLoggingRule.rb
         | 
| 177 178 | 
             
            - lib/cfn-nag/custom_rules/IamManagedPolicyNotActionRule.rb
         | 
| 178 179 | 
             
            - lib/cfn-nag/custom_rules/IamManagedPolicyNotResourceRule.rb
         | 
| 179 180 | 
             
            - lib/cfn-nag/custom_rules/IamManagedPolicyPassRoleWildcardResourceRule.rb
         |