cfn-nag 0.4.55 → 0.4.56

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (8) hide show
  1. checksums.yaml +4 -4
  2. data/lib/cfn-nag/custom_rules/AmplifyAppAccessTokenRule.rb +27 -0
  3. data/lib/cfn-nag/custom_rules/AmplifyAppOauthTokenRule.rb +27 -0
  4. data/lib/cfn-nag/custom_rules/AmplifyBranchBasicAuthConfigPasswordRule.rb +31 -0
  5. data/lib/cfn-nag/custom_rules/AppStreamDirectoryConfigServiceAccountCredentialsAccountPasswordRule.rb +32 -0
  6. data/lib/cfn-nag/custom_rules/DMSEndpointMongoDbSettingsPasswordRule.rb +31 -0
  7. data/lib/cfn-nag/result_view/rules_view.rb +4 -4
  8. metadata +7 -2
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 2682c698c9f4b4cc462275cb36c2789f62305084d85175f5f3a2be1d1bc28095
4
- data.tar.gz: f0718d888c66edb0d5efa8da809e0379be6c3b9f079299bee93bd73fc396b5d5
3
+ metadata.gz: 4ad40bd1c3c5d3a93f7f64ce1fceec0c7a2a78646cdcfa71afbc204ccee7632e
4
+ data.tar.gz: 0d150bfbcc7494f068f05adfd4bd2044633e3dd87727dba6c84e5006439fce59
5
5
  SHA512:
6
- metadata.gz: 0042f93b7b41c7f3203b532d7bb4342adf8f5c61e0a0aecc962ecb7b2f2bda87cffaed100a6be8464399a9bd3355029f80178319653dfd7e05339e97d3eb149d
7
- data.tar.gz: 1ea773c620e0d22ff2e1225022304879b13615c72aabbfbd813630d15b64a3f8c3e31f889fae37dc315fdf2b3990289b843033552c34c7d1dd46bce06834ede8
6
+ metadata.gz: 9791e0a44eda5c2ed9ee822f76ea85336dfa81e46e569fc7b6415512dda633e111df907eb07889683358f55c8d9f1affcb455291d45ccbdc00e72af4fbb3f9b7
7
+ data.tar.gz: 2ad60258fc5a0629dd61ca42ad91d1481064d3a2c07684f5f8326d391de54191e0378473c3a02ff0ff6e4cf94cf3bbc80f41c15b4f2f86e957540fefab989363
data/lib/cfn-nag/custom_rules/AmplifyAppAccessTokenRule.rb ADDED
@@ -0,0 +1,27 @@
1
+ # frozen_string_literal: true
2
+
3
+ require 'cfn-nag/violation'
4
+ require_relative 'password_base_rule'
5
+
6
+ class AmplifyAppAccessTokenRule < PasswordBaseRule
7
+ def rule_text
8
+ 'Amplify App AccessToken must not be a plaintext string ' \
9
+ 'or a Ref to a NoEcho Parameter with a Default value.'
10
+ end
11
+
12
+ def rule_type
13
+ Violation::FAILING_VIOLATION
14
+ end
15
+
16
+ def rule_id
17
+ 'F41'
18
+ end
19
+
20
+ def resource_type
21
+ 'AWS::Amplify::App'
22
+ end
23
+
24
+ def password_property
25
+ :accessToken
26
+ end
27
+ end
data/lib/cfn-nag/custom_rules/AmplifyAppOauthTokenRule.rb ADDED
@@ -0,0 +1,27 @@
1
+ # frozen_string_literal: true
2
+
3
+ require 'cfn-nag/violation'
4
+ require_relative 'password_base_rule'
5
+
6
+ class AmplifyAppOauthTokenRule < PasswordBaseRule
7
+ def rule_text
8
+ 'Amplify App OauthToken must not be a plaintext string ' \
9
+ 'or a Ref to a NoEcho Parameter with a Default value.'
10
+ end
11
+
12
+ def rule_type
13
+ Violation::FAILING_VIOLATION
14
+ end
15
+
16
+ def rule_id
17
+ 'F58'
18
+ end
19
+
20
+ def resource_type
21
+ 'AWS::Amplify::App'
22
+ end
23
+
24
+ def password_property
25
+ :oauthToken
26
+ end
27
+ end
data/lib/cfn-nag/custom_rules/AmplifyBranchBasicAuthConfigPasswordRule.rb ADDED
@@ -0,0 +1,31 @@
1
+ # frozen_string_literal: true
2
+
3
+ require 'cfn-nag/violation'
4
+ require_relative 'password_base_rule'
5
+
6
+ class AmplifyBranchBasicAuthConfigPasswordRule < PasswordBaseRule
7
+ def rule_text
8
+ 'Amplify Branch BasicAuthConfig Password must not be a plaintext ' \
9
+ 'string or a Ref to a NoEcho Parameter with a Default value.' \
10
+ end
11
+
12
+ def rule_type
13
+ Violation::FAILING_VIOLATION
14
+ end
15
+
16
+ def rule_id
17
+ 'F60'
18
+ end
19
+
20
+ def resource_type
21
+ 'AWS::Amplify::Branch'
22
+ end
23
+
24
+ def password_property
25
+ :basicAuthConfig
26
+ end
27
+
28
+ def sub_property_name
29
+ 'Password'
30
+ end
31
+ end
data/lib/cfn-nag/custom_rules/AppStreamDirectoryConfigServiceAccountCredentialsAccountPasswordRule.rb ADDED
@@ -0,0 +1,32 @@
1
+ # frozen_string_literal: true
2
+
3
+ require 'cfn-nag/violation'
4
+ require_relative 'password_base_rule'
5
+
6
+ class AppStreamDirectoryConfigServiceAccountCredentialsAccountPasswordRule < PasswordBaseRule
7
+ def rule_text
8
+ 'AppStream DirectoryConfig ServiceAccountCredentials AccountPassword ' \
9
+ 'must not be a plaintext string or a Ref to a NoEcho Parameter ' \
10
+ 'with a Default value.'
11
+ end
12
+
13
+ def rule_type
14
+ Violation::FAILING_VIOLATION
15
+ end
16
+
17
+ def rule_id
18
+ 'F53'
19
+ end
20
+
21
+ def resource_type
22
+ 'AWS::AppStream::DirectoryConfig'
23
+ end
24
+
25
+ def password_property
26
+ :serviceAccountCredentials
27
+ end
28
+
29
+ def sub_property_name
30
+ 'AccountPassword'
31
+ end
32
+ end
data/lib/cfn-nag/custom_rules/DMSEndpointMongoDbSettingsPasswordRule.rb ADDED
@@ -0,0 +1,31 @@
1
+ # frozen_string_literal: true
2
+
3
+ require 'cfn-nag/violation'
4
+ require_relative 'password_base_rule'
5
+
6
+ class DMSEndpointMongoDbSettingsPasswordRule < PasswordBaseRule
7
+ def rule_text
8
+ 'DMS Endpoint MongoDbSettings Password must not be a plaintext string ' \
9
+ 'or a Ref to a NoEcho Parameter with a Default value.'
10
+ end
11
+
12
+ def rule_type
13
+ Violation::FAILING_VIOLATION
14
+ end
15
+
16
+ def rule_id
17
+ 'F55'
18
+ end
19
+
20
+ def resource_type
21
+ 'AWS::DMS::Endpoint'
22
+ end
23
+
24
+ def password_property
25
+ :mongoDbSettings
26
+ end
27
+
28
+ def sub_property_name
29
+ 'Password'
30
+ end
31
+ end
data/lib/cfn-nag/result_view/rules_view.rb CHANGED
@@ -42,10 +42,10 @@ class RulesView
42
42
 
43
43
  def emit_duplicates(duplicates)
44
44
  duplicates.each do |info|
45
- puts '------------------'.red
46
- puts "Rule ID conflict detected for #{info[:id]}.".red
47
- puts "New rule: #{info[:new_message]}".red
48
- puts "Registered rule: #{info[:registered_message]}".red
45
+ puts '------------------'
46
+ puts "Rule ID conflict detected for #{info[:id]}."
47
+ puts "New rule: #{info[:new_message]}"
48
+ puts "Registered rule: #{info[:registered_message]}"
49
49
  end
50
50
  end
51
51
 
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: cfn-nag
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.4.55
4
+ version: 0.4.56
5
5
  platform: ruby
6
6
  authors:
7
7
  - Eric Kascic
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2019-12-10 00:00:00.000000000 Z
11
+ date: 2019-12-11 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: rake
@@ -157,13 +157,18 @@ files:
157
157
  - lib/cfn-nag/cli_options.rb
158
158
  - lib/cfn-nag/custom_rule_loader.rb
159
159
  - lib/cfn-nag/custom_rules/AmazonMQBrokerUserPasswordRule.rb
160
+ - lib/cfn-nag/custom_rules/AmplifyAppAccessTokenRule.rb
160
161
  - lib/cfn-nag/custom_rules/AmplifyAppBasicAuthConfigPasswordRule.rb
162
+ - lib/cfn-nag/custom_rules/AmplifyAppOauthTokenRule.rb
163
+ - lib/cfn-nag/custom_rules/AmplifyBranchBasicAuthConfigPasswordRule.rb
161
164
  - lib/cfn-nag/custom_rules/ApiGatewayAccessLoggingRule.rb
162
165
  - lib/cfn-nag/custom_rules/ApiGatewayV2AccessLoggingRule.rb
166
+ - lib/cfn-nag/custom_rules/AppStreamDirectoryConfigServiceAccountCredentialsAccountPasswordRule.rb
163
167
  - lib/cfn-nag/custom_rules/BatchJobDefinitionContainerPropertiesPrivilegedRule.rb
164
168
  - lib/cfn-nag/custom_rules/CloudFormationAuthenticationRule.rb
165
169
  - lib/cfn-nag/custom_rules/CloudFrontDistributionAccessLoggingRule.rb
166
170
  - lib/cfn-nag/custom_rules/CodeBuildEncryptionKeyRule.rb
171
+ - lib/cfn-nag/custom_rules/DMSEndpointMongoDbSettingsPasswordRule.rb
167
172
  - lib/cfn-nag/custom_rules/DMSEndpointPasswordRule.rb
168
173
  - lib/cfn-nag/custom_rules/DirectoryServiceMicrosoftADPasswordRule.rb
169
174
  - lib/cfn-nag/custom_rules/DirectoryServiceSimpleADPasswordRule.rb