cfn-nag 0.6.3 → 0.6.8

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: a047f25fcc08c4ddfa4b199b36e48332c8ea6bbd10ed613513532274ea4f9738
4
- data.tar.gz: 41fa094e3c0d2d532c34323ec132dba428e9c4002253a6d5c44595eff095358a
3
+ metadata.gz: 0ca27b8a27f49e0ab77d230cf271ba2d3e1174fd91fc089e510b920a3a718a3d
4
+ data.tar.gz: 76c9c290e547543be8bf4251dcf8f28c6ae9b83802d8d15372ea8bec5c5d2a4a
5
5
  SHA512:
6
- metadata.gz: 0f8e7154c41e611348f2d749a7bcb54d265b9a0f2c07b66e746282a26913e125b6204e61eb1e6e469db339e643fd3ae4550cb67a53b0944961fb3ec5b2fbd549
7
- data.tar.gz: b8d9680b8b57594013136ef30f3bff151b12b84884fcdb8017462236cd0b3d739f45045927c579510c10473dd930debb3a7579d1e8d918c3fd146bbfd6757635
6
+ metadata.gz: e2e2f2dfcdbccf5e92c5dca4ae55d0aaf9d1dd5be9ff82a2f11492130dee6ec612af999c8bca1383f777a1a205d4211f7434ee9d392bbe1612904bd51852509b
7
+ data.tar.gz: 030f69e2d5e60547b234c6b984e0274e47df0fc9dfaa9fe432f0a90039bfbc483a5fea3cc57dd6762cb5de9d9c570d6651809a892b740fd97d0cc73ce7b93efb
@@ -102,9 +102,14 @@ class CfnNag
102
102
  violations << fatal_violation(error)
103
103
  end
104
104
 
105
+ violations = prune_fatal_violations(violations) if @config.ignore_fatal
105
106
  audit_result(violations)
106
107
  end
107
108
 
109
+ def prune_fatal_violations(violations)
110
+ violations.reject { |violation| violation.type == Violation::FAILING_VIOLATION }
111
+ end
112
+
108
113
  def render_results(aggregate_results:,
109
114
  output_format:)
110
115
  results_renderer(output_format).new.render(aggregate_results)
@@ -9,6 +9,7 @@ class CfnNagConfig
9
9
  print_suppression: false,
10
10
  isolate_custom_rule_exceptions: false,
11
11
  fail_on_warnings: false,
12
+ ignore_fatal: false,
12
13
  rule_repository_definitions: [],
13
14
  rule_arguments: {})
14
15
  @rule_directory = rule_directory
@@ -24,6 +25,7 @@ class CfnNagConfig
24
25
  @fail_on_warnings = fail_on_warnings
25
26
  @rule_repositories = rule_repositories
26
27
  @rule_arguments = rule_arguments
28
+ @ignore_fatal = ignore_fatal
27
29
  end
28
30
  # rubocop:enable Metrics/ParameterLists
29
31
 
@@ -34,4 +36,5 @@ class CfnNagConfig
34
36
  attr_reader :blacklist_definition
35
37
  attr_reader :fail_on_warnings
36
38
  attr_reader :rule_repositories
39
+ attr_reader :ignore_fatal
37
40
  end
@@ -129,6 +129,7 @@ class CfnNagExecutor
129
129
  isolate_custom_rule_exceptions: opts[:isolate_custom_rule_exceptions],
130
130
  fail_on_warnings: opts[:fail_on_warnings],
131
131
  rule_repository_definitions: @rule_repository_definitions,
132
+ ignore_fatal: opts[:ignore_fatal],
132
133
  rule_arguments: merge_rule_arguments(opts)
133
134
  )
134
135
  end
@@ -100,6 +100,11 @@ class Options
100
100
  type: :string,
101
101
  required: false,
102
102
  default: nil
103
+ opt :ignore_fatal,
104
+ 'Ignore files with fatal violations. Useful for ignoring non-Cloudformation yaml/yml/json in a path',
105
+ type: :boolean,
106
+ required: false,
107
+ default: false
103
108
  end
104
109
  end
105
110
 
@@ -193,6 +198,12 @@ class Options
193
198
  type: :string,
194
199
  required: false,
195
200
  default: nil
201
+ opt :ignore_fatal,
202
+ 'Ignore files with fatal violations. Useful for ignoring non-Cloudformation yaml/yml/json in a path',
203
+ short: 'g',
204
+ type: :boolean,
205
+ required: false,
206
+ default: false
196
207
  end
197
208
  end
198
209
  # rubocop:enable Metrics/BlockLength
@@ -18,7 +18,7 @@ class ApiGatewayV2AccessLoggingRule < BaseRule
18
18
 
19
19
  def audit_impl(cfn_model)
20
20
  violating_deployments = cfn_model.resources_by_type('AWS::ApiGatewayV2::Stage').select do |deployment|
21
- deployment.accessLogSetting.nil?
21
+ deployment.accessLogSettings.nil?
22
22
  end
23
23
 
24
24
  violating_deployments.map(&:logical_resource_id)
@@ -26,7 +26,10 @@ class SPCMRule < BaseRule
26
26
  policy_documents = SPCM.new.metric_impl(cfn_model)
27
27
  rescue StandardError => catch_all_exception
28
28
  puts "Experimental SPCM rule is failing. Please report #{catch_all_exception} with the violating template"
29
- policy_documents = {}
29
+ policy_documents = {
30
+ 'AWS::IAM::Policy' => {},
31
+ 'AWS::IAM::Role' => {}
32
+ }
30
33
  end
31
34
 
32
35
  threshold = spcm_threshold.nil? ? DEFAULT_THRESHOLD : spcm_threshold.to_i
@@ -6,7 +6,6 @@ require 'set'
6
6
  class ConditionMetric
7
7
  include Weights
8
8
 
9
- # rubocop:disable Metrics/AbcSize
10
9
  def metric(statement)
11
10
  return 0 if statement.condition.nil?
12
11
 
@@ -18,7 +17,6 @@ class ConditionMetric
18
17
  aggregate += values_with_policy_tags(statement.condition)
19
18
  aggregate
20
19
  end
21
- # rubocop:enable Metrics/AbcSize
22
20
 
23
21
  private
24
22
 
@@ -6,7 +6,6 @@ require 'cfn-nag/violation'
6
6
  class ColoredStdoutResults < StdoutResults
7
7
  private
8
8
 
9
- # rubocop:disable Metrics/AbcSize
10
9
  def message(message_type:,
11
10
  color:,
12
11
  message:,
@@ -24,7 +23,6 @@ class ColoredStdoutResults < StdoutResults
24
23
  puts colorize(color, '|') unless line_numbers.empty? && logical_resource_ids.nil?
25
24
  puts colorize(color, "| #{message}")
26
25
  end
27
- # rubocop:enable Metrics/AbcSize
28
26
 
29
27
  def color_code(color_symbol)
30
28
  case color_symbol
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: cfn-nag
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.6.3
4
+ version: 0.6.8
5
5
  platform: ruby
6
6
  authors:
7
7
  - Eric Kascic
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2020-06-02 00:00:00.000000000 Z
11
+ date: 2020-10-01 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: rake
@@ -128,14 +128,14 @@ dependencies:
128
128
  requirements:
129
129
  - - "~>"
130
130
  - !ruby/object:Gem::Version
131
- version: 1.60.1
131
+ version: '1.76'
132
132
  type: :runtime
133
133
  prerelease: false
134
134
  version_requirements: !ruby/object:Gem::Requirement
135
135
  requirements:
136
136
  - - "~>"
137
137
  - !ruby/object:Gem::Version
138
- version: 1.60.1
138
+ version: '1.76'
139
139
  - !ruby/object:Gem::Dependency
140
140
  name: lightly
141
141
  requirement: !ruby/object:Gem::Requirement
@@ -381,7 +381,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
381
381
  - !ruby/object:Gem::Version
382
382
  version: '0'
383
383
  requirements: []
384
- rubygems_version: 3.1.3
384
+ rubygems_version: 3.1.4
385
385
  signing_key:
386
386
  specification_version: 4
387
387
  summary: cfn-nag