cfn-nag 0.6.1 → 0.6.6

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: a9ce6cd0d3c752291550da0672213d71d1fcd41e8198425c213230303ea8cfb6
4
- data.tar.gz: aa57ef3c7b3c2817fc67d5fcf87984ba1d7f90faccc89087842710a5f7f07226
3
+ metadata.gz: e529710ae1e5a122268d2a85e271e70ba5983833af5d3f14ac56a2178f6d62cb
4
+ data.tar.gz: 9fcf608bcb2208cea25fcbef7b92de0c9ba8df2a57588c3e230f129d3e2e0f27
5
5
  SHA512:
6
- metadata.gz: cfa8286dc2e0ed4fbbfa37826557054839abc26080bb15b389c201e6309f2ab22343cc0b1e8380beaf03f6f1732d4eb6adf93a623e788e512ca15b184024bf2a
7
- data.tar.gz: 4e756cec00c0e82a08d14f726e212bdcf6b45ae7e37bb3c3160165163367ca7cfcd601e1c95b554f69efe68a398c90848fec198a144dd073f7899e91f2495967
6
+ metadata.gz: 037bf3ac61698c91b18fff5f53444f734190f862b4b9db7d1e390c66463ded7e6554a7a38d74876f1b442e5fd06cb1d8f30377bc97b60749d7bcf8a98a93c747
7
+ data.tar.gz: 3af9293f005c8c6f147e9c8a85aa256f0d8193b77ebbfcef7b416a8b52f0459f88f60f35e5f17d38b6d722da43ca9f1b3762d7de36d162602fe6782f8abedf2e
@@ -102,9 +102,14 @@ class CfnNag
102
102
  violations << fatal_violation(error)
103
103
  end
104
104
 
105
+ violations = prune_fatal_violations(violations) if @config.ignore_fatal
105
106
  audit_result(violations)
106
107
  end
107
108
 
109
+ def prune_fatal_violations(violations)
110
+ violations.reject { |violation| violation.type == Violation::FAILING_VIOLATION }
111
+ end
112
+
108
113
  def render_results(aggregate_results:,
109
114
  output_format:)
110
115
  results_renderer(output_format).new.render(aggregate_results)
@@ -9,6 +9,7 @@ class CfnNagConfig
9
9
  print_suppression: false,
10
10
  isolate_custom_rule_exceptions: false,
11
11
  fail_on_warnings: false,
12
+ ignore_fatal: false,
12
13
  rule_repository_definitions: [],
13
14
  rule_arguments: {})
14
15
  @rule_directory = rule_directory
@@ -24,6 +25,7 @@ class CfnNagConfig
24
25
  @fail_on_warnings = fail_on_warnings
25
26
  @rule_repositories = rule_repositories
26
27
  @rule_arguments = rule_arguments
28
+ @ignore_fatal = ignore_fatal
27
29
  end
28
30
  # rubocop:enable Metrics/ParameterLists
29
31
 
@@ -34,4 +36,5 @@ class CfnNagConfig
34
36
  attr_reader :blacklist_definition
35
37
  attr_reader :fail_on_warnings
36
38
  attr_reader :rule_repositories
39
+ attr_reader :ignore_fatal
37
40
  end
@@ -129,6 +129,7 @@ class CfnNagExecutor
129
129
  isolate_custom_rule_exceptions: opts[:isolate_custom_rule_exceptions],
130
130
  fail_on_warnings: opts[:fail_on_warnings],
131
131
  rule_repository_definitions: @rule_repository_definitions,
132
+ ignore_fatal: opts[:ignore_fatal],
132
133
  rule_arguments: merge_rule_arguments(opts)
133
134
  )
134
135
  end
@@ -100,6 +100,11 @@ class Options
100
100
  type: :string,
101
101
  required: false,
102
102
  default: nil
103
+ opt :ignore_fatal,
104
+ 'Ignore files with fatal violations. Useful for ignoring non-Cloudformation yaml/yml/json in a path',
105
+ type: :boolean,
106
+ required: false,
107
+ default: false
103
108
  end
104
109
  end
105
110
 
@@ -193,6 +198,12 @@ class Options
193
198
  type: :string,
194
199
  required: false,
195
200
  default: nil
201
+ opt :ignore_fatal,
202
+ 'Ignore files with fatal violations. Useful for ignoring non-Cloudformation yaml/yml/json in a path',
203
+ short: 'g',
204
+ type: :boolean,
205
+ required: false,
206
+ default: false
196
207
  end
197
208
  end
198
209
  # rubocop:enable Metrics/BlockLength
@@ -18,7 +18,7 @@ class ApiGatewayV2AccessLoggingRule < BaseRule
18
18
 
19
19
  def audit_impl(cfn_model)
20
20
  violating_deployments = cfn_model.resources_by_type('AWS::ApiGatewayV2::Stage').select do |deployment|
21
- deployment.accessLogSetting.nil?
21
+ deployment.accessLogSettings.nil?
22
22
  end
23
23
 
24
24
  violating_deployments.map(&:logical_resource_id)
@@ -26,7 +26,10 @@ class SPCMRule < BaseRule
26
26
  policy_documents = SPCM.new.metric_impl(cfn_model)
27
27
  rescue StandardError => catch_all_exception
28
28
  puts "Experimental SPCM rule is failing. Please report #{catch_all_exception} with the violating template"
29
- policy_documents = {}
29
+ policy_documents = {
30
+ 'AWS::IAM::Policy' => {},
31
+ 'AWS::IAM::Role' => {}
32
+ }
30
33
  end
31
34
 
32
35
  threshold = spcm_threshold.nil? ? DEFAULT_THRESHOLD : spcm_threshold.to_i
@@ -6,7 +6,6 @@ require 'set'
6
6
  class ConditionMetric
7
7
  include Weights
8
8
 
9
- # rubocop:disable Metrics/AbcSize
10
9
  def metric(statement)
11
10
  return 0 if statement.condition.nil?
12
11
 
@@ -18,7 +17,6 @@ class ConditionMetric
18
17
  aggregate += values_with_policy_tags(statement.condition)
19
18
  aggregate
20
19
  end
21
- # rubocop:enable Metrics/AbcSize
22
20
 
23
21
  private
24
22
 
@@ -6,7 +6,6 @@ require 'cfn-nag/violation'
6
6
  class ColoredStdoutResults < StdoutResults
7
7
  private
8
8
 
9
- # rubocop:disable Metrics/AbcSize
10
9
  def message(message_type:,
11
10
  color:,
12
11
  message:,
@@ -24,7 +23,6 @@ class ColoredStdoutResults < StdoutResults
24
23
  puts colorize(color, '|') unless line_numbers.empty? && logical_resource_ids.nil?
25
24
  puts colorize(color, "| #{message}")
26
25
  end
27
- # rubocop:enable Metrics/AbcSize
28
26
 
29
27
  def color_code(color_symbol)
30
28
  case color_symbol
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: cfn-nag
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.6.1
4
+ version: 0.6.6
5
5
  platform: ruby
6
6
  authors:
7
7
  - Eric Kascic
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2020-05-15 00:00:00.000000000 Z
11
+ date: 2020-06-10 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: rake
@@ -72,14 +72,14 @@ dependencies:
72
72
  requirements:
73
73
  - - '='
74
74
  - !ruby/object:Gem::Version
75
- version: 0.5.0
75
+ version: 0.5.1
76
76
  type: :runtime
77
77
  prerelease: false
78
78
  version_requirements: !ruby/object:Gem::Requirement
79
79
  requirements:
80
80
  - - '='
81
81
  - !ruby/object:Gem::Version
82
- version: 0.5.0
82
+ version: 0.5.1
83
83
  - !ruby/object:Gem::Dependency
84
84
  name: logging
85
85
  requirement: !ruby/object:Gem::Requirement
@@ -381,7 +381,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
381
381
  - !ruby/object:Gem::Version
382
382
  version: '0'
383
383
  requirements: []
384
- rubygems_version: 3.1.2
384
+ rubygems_version: 3.1.4
385
385
  signing_key:
386
386
  specification_version: 4
387
387
  summary: cfn-nag