cfn-nag 0.4.55 → 0.4.56
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/lib/cfn-nag/custom_rules/AmplifyAppAccessTokenRule.rb +27 -0
- data/lib/cfn-nag/custom_rules/AmplifyAppOauthTokenRule.rb +27 -0
- data/lib/cfn-nag/custom_rules/AmplifyBranchBasicAuthConfigPasswordRule.rb +31 -0
- data/lib/cfn-nag/custom_rules/AppStreamDirectoryConfigServiceAccountCredentialsAccountPasswordRule.rb +32 -0
- data/lib/cfn-nag/custom_rules/DMSEndpointMongoDbSettingsPasswordRule.rb +31 -0
- data/lib/cfn-nag/result_view/rules_view.rb +4 -4
- metadata +7 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 4ad40bd1c3c5d3a93f7f64ce1fceec0c7a2a78646cdcfa71afbc204ccee7632e
|
|
4
|
+
data.tar.gz: 0d150bfbcc7494f068f05adfd4bd2044633e3dd87727dba6c84e5006439fce59
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 9791e0a44eda5c2ed9ee822f76ea85336dfa81e46e569fc7b6415512dda633e111df907eb07889683358f55c8d9f1affcb455291d45ccbdc00e72af4fbb3f9b7
|
|
7
|
+
data.tar.gz: 2ad60258fc5a0629dd61ca42ad91d1481064d3a2c07684f5f8326d391de54191e0378473c3a02ff0ff6e4cf94cf3bbc80f41c15b4f2f86e957540fefab989363
|
|
@@ -0,0 +1,27 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
3
|
+
require 'cfn-nag/violation'
|
|
4
|
+
require_relative 'password_base_rule'
|
|
5
|
+
|
|
6
|
+
class AmplifyAppAccessTokenRule < PasswordBaseRule
|
|
7
|
+
def rule_text
|
|
8
|
+
'Amplify App AccessToken must not be a plaintext string ' \
|
|
9
|
+
'or a Ref to a NoEcho Parameter with a Default value.'
|
|
10
|
+
end
|
|
11
|
+
|
|
12
|
+
def rule_type
|
|
13
|
+
Violation::FAILING_VIOLATION
|
|
14
|
+
end
|
|
15
|
+
|
|
16
|
+
def rule_id
|
|
17
|
+
'F41'
|
|
18
|
+
end
|
|
19
|
+
|
|
20
|
+
def resource_type
|
|
21
|
+
'AWS::Amplify::App'
|
|
22
|
+
end
|
|
23
|
+
|
|
24
|
+
def password_property
|
|
25
|
+
:accessToken
|
|
26
|
+
end
|
|
27
|
+
end
|
|
@@ -0,0 +1,27 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
3
|
+
require 'cfn-nag/violation'
|
|
4
|
+
require_relative 'password_base_rule'
|
|
5
|
+
|
|
6
|
+
class AmplifyAppOauthTokenRule < PasswordBaseRule
|
|
7
|
+
def rule_text
|
|
8
|
+
'Amplify App OauthToken must not be a plaintext string ' \
|
|
9
|
+
'or a Ref to a NoEcho Parameter with a Default value.'
|
|
10
|
+
end
|
|
11
|
+
|
|
12
|
+
def rule_type
|
|
13
|
+
Violation::FAILING_VIOLATION
|
|
14
|
+
end
|
|
15
|
+
|
|
16
|
+
def rule_id
|
|
17
|
+
'F58'
|
|
18
|
+
end
|
|
19
|
+
|
|
20
|
+
def resource_type
|
|
21
|
+
'AWS::Amplify::App'
|
|
22
|
+
end
|
|
23
|
+
|
|
24
|
+
def password_property
|
|
25
|
+
:oauthToken
|
|
26
|
+
end
|
|
27
|
+
end
|
|
@@ -0,0 +1,31 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
3
|
+
require 'cfn-nag/violation'
|
|
4
|
+
require_relative 'password_base_rule'
|
|
5
|
+
|
|
6
|
+
class AmplifyBranchBasicAuthConfigPasswordRule < PasswordBaseRule
|
|
7
|
+
def rule_text
|
|
8
|
+
'Amplify Branch BasicAuthConfig Password must not be a plaintext ' \
|
|
9
|
+
'string or a Ref to a NoEcho Parameter with a Default value.' \
|
|
10
|
+
end
|
|
11
|
+
|
|
12
|
+
def rule_type
|
|
13
|
+
Violation::FAILING_VIOLATION
|
|
14
|
+
end
|
|
15
|
+
|
|
16
|
+
def rule_id
|
|
17
|
+
'F60'
|
|
18
|
+
end
|
|
19
|
+
|
|
20
|
+
def resource_type
|
|
21
|
+
'AWS::Amplify::Branch'
|
|
22
|
+
end
|
|
23
|
+
|
|
24
|
+
def password_property
|
|
25
|
+
:basicAuthConfig
|
|
26
|
+
end
|
|
27
|
+
|
|
28
|
+
def sub_property_name
|
|
29
|
+
'Password'
|
|
30
|
+
end
|
|
31
|
+
end
|
|
@@ -0,0 +1,32 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
3
|
+
require 'cfn-nag/violation'
|
|
4
|
+
require_relative 'password_base_rule'
|
|
5
|
+
|
|
6
|
+
class AppStreamDirectoryConfigServiceAccountCredentialsAccountPasswordRule < PasswordBaseRule
|
|
7
|
+
def rule_text
|
|
8
|
+
'AppStream DirectoryConfig ServiceAccountCredentials AccountPassword ' \
|
|
9
|
+
'must not be a plaintext string or a Ref to a NoEcho Parameter ' \
|
|
10
|
+
'with a Default value.'
|
|
11
|
+
end
|
|
12
|
+
|
|
13
|
+
def rule_type
|
|
14
|
+
Violation::FAILING_VIOLATION
|
|
15
|
+
end
|
|
16
|
+
|
|
17
|
+
def rule_id
|
|
18
|
+
'F53'
|
|
19
|
+
end
|
|
20
|
+
|
|
21
|
+
def resource_type
|
|
22
|
+
'AWS::AppStream::DirectoryConfig'
|
|
23
|
+
end
|
|
24
|
+
|
|
25
|
+
def password_property
|
|
26
|
+
:serviceAccountCredentials
|
|
27
|
+
end
|
|
28
|
+
|
|
29
|
+
def sub_property_name
|
|
30
|
+
'AccountPassword'
|
|
31
|
+
end
|
|
32
|
+
end
|
|
@@ -0,0 +1,31 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
3
|
+
require 'cfn-nag/violation'
|
|
4
|
+
require_relative 'password_base_rule'
|
|
5
|
+
|
|
6
|
+
class DMSEndpointMongoDbSettingsPasswordRule < PasswordBaseRule
|
|
7
|
+
def rule_text
|
|
8
|
+
'DMS Endpoint MongoDbSettings Password must not be a plaintext string ' \
|
|
9
|
+
'or a Ref to a NoEcho Parameter with a Default value.'
|
|
10
|
+
end
|
|
11
|
+
|
|
12
|
+
def rule_type
|
|
13
|
+
Violation::FAILING_VIOLATION
|
|
14
|
+
end
|
|
15
|
+
|
|
16
|
+
def rule_id
|
|
17
|
+
'F55'
|
|
18
|
+
end
|
|
19
|
+
|
|
20
|
+
def resource_type
|
|
21
|
+
'AWS::DMS::Endpoint'
|
|
22
|
+
end
|
|
23
|
+
|
|
24
|
+
def password_property
|
|
25
|
+
:mongoDbSettings
|
|
26
|
+
end
|
|
27
|
+
|
|
28
|
+
def sub_property_name
|
|
29
|
+
'Password'
|
|
30
|
+
end
|
|
31
|
+
end
|
|
@@ -42,10 +42,10 @@ class RulesView
|
|
|
42
42
|
|
|
43
43
|
def emit_duplicates(duplicates)
|
|
44
44
|
duplicates.each do |info|
|
|
45
|
-
puts '------------------'
|
|
46
|
-
puts "Rule ID conflict detected for #{info[:id]}."
|
|
47
|
-
puts "New rule: #{info[:new_message]}"
|
|
48
|
-
puts "Registered rule: #{info[:registered_message]}"
|
|
45
|
+
puts '------------------'
|
|
46
|
+
puts "Rule ID conflict detected for #{info[:id]}."
|
|
47
|
+
puts "New rule: #{info[:new_message]}"
|
|
48
|
+
puts "Registered rule: #{info[:registered_message]}"
|
|
49
49
|
end
|
|
50
50
|
end
|
|
51
51
|
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: cfn-nag
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.4.
|
|
4
|
+
version: 0.4.56
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Eric Kascic
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2019-12-
|
|
11
|
+
date: 2019-12-11 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: rake
|
|
@@ -157,13 +157,18 @@ files:
|
|
|
157
157
|
- lib/cfn-nag/cli_options.rb
|
|
158
158
|
- lib/cfn-nag/custom_rule_loader.rb
|
|
159
159
|
- lib/cfn-nag/custom_rules/AmazonMQBrokerUserPasswordRule.rb
|
|
160
|
+
- lib/cfn-nag/custom_rules/AmplifyAppAccessTokenRule.rb
|
|
160
161
|
- lib/cfn-nag/custom_rules/AmplifyAppBasicAuthConfigPasswordRule.rb
|
|
162
|
+
- lib/cfn-nag/custom_rules/AmplifyAppOauthTokenRule.rb
|
|
163
|
+
- lib/cfn-nag/custom_rules/AmplifyBranchBasicAuthConfigPasswordRule.rb
|
|
161
164
|
- lib/cfn-nag/custom_rules/ApiGatewayAccessLoggingRule.rb
|
|
162
165
|
- lib/cfn-nag/custom_rules/ApiGatewayV2AccessLoggingRule.rb
|
|
166
|
+
- lib/cfn-nag/custom_rules/AppStreamDirectoryConfigServiceAccountCredentialsAccountPasswordRule.rb
|
|
163
167
|
- lib/cfn-nag/custom_rules/BatchJobDefinitionContainerPropertiesPrivilegedRule.rb
|
|
164
168
|
- lib/cfn-nag/custom_rules/CloudFormationAuthenticationRule.rb
|
|
165
169
|
- lib/cfn-nag/custom_rules/CloudFrontDistributionAccessLoggingRule.rb
|
|
166
170
|
- lib/cfn-nag/custom_rules/CodeBuildEncryptionKeyRule.rb
|
|
171
|
+
- lib/cfn-nag/custom_rules/DMSEndpointMongoDbSettingsPasswordRule.rb
|
|
167
172
|
- lib/cfn-nag/custom_rules/DMSEndpointPasswordRule.rb
|
|
168
173
|
- lib/cfn-nag/custom_rules/DirectoryServiceMicrosoftADPasswordRule.rb
|
|
169
174
|
- lib/cfn-nag/custom_rules/DirectoryServiceSimpleADPasswordRule.rb
|