cfn-nag 0.7.15 → 0.8.2

data/lib/cfn-nag/util/enforce_reference_parameter.rb

@@ -29,5 +29,5 @@ end
 # is not present; otherwise returns true
 def no_echo_and_no_default_parameter_check(cfn_model, key_to_check)
   parameter = cfn_model.parameters[key_to_check['Ref']]
-  truthy?(parameter.noEcho) && parameter.default.nil? ? false : true
+  !(truthy?(parameter.noEcho) && parameter.default.nil?)
 end

data/lib/cfn-nag/version.rb

@@ -0,0 +1,6 @@
+# frozen_string_literal: true
+
+module CfnNagVersion
+  # This is managed at release time via scripts/publish.sh
+  VERSION = '0.8.2'
+end

data/lib/cfn-nag/violation.rb

@@ -6,18 +6,22 @@ require_relative 'rule_definition'
 class Violation < RuleDefinition
   attr_reader :logical_resource_ids, :line_numbers
 
+  # rubocop:disable Metrics/ParameterLists
   def initialize(id:,
+                 name:,
                  type:,
                  message:,
                  logical_resource_ids: [],
                  line_numbers: [])
     super id: id,
+          name: name,
           type: type,
           message: message
 
     @logical_resource_ids = logical_resource_ids
     @line_numbers = line_numbers
   end
+  # rubocop:enable Metrics/ParameterLists
 
   def to_s
     "#{super} #{@logical_resource_ids}"
@@ -57,6 +61,13 @@ class Violation < RuleDefinition
       end
     end
 
+    def fatal_violation(message)
+      Violation.new(id: 'FATAL',
+                    name: 'system',
+                    type: Violation::FAILING_VIOLATION,
+                    message: message)
+    end
+
     private
 
     def empty?(array)

data/lib/cfn-nag/violation_filtering.rb

@@ -1,7 +1,7 @@
 # frozen_string_literal: true
 
 require 'cfn-nag/profile_loader'
-require 'cfn-nag/blacklist_loader'
+require 'cfn-nag/deny_list_loader'
 
 module ViolationFiltering
   def filter_violations_by_profile(profile_definition:, rule_definitions:, violations:)
@@ -20,19 +20,19 @@ module ViolationFiltering
     end
   end
 
-  def filter_violations_by_blacklist(blacklist_definition:, rule_definitions:, violations:)
-    blacklist = nil
-    unless blacklist_definition.nil?
+  def filter_violations_by_deny_list(deny_list_definition:, rule_definitions:, violations:)
+    deny_list = nil
+    unless deny_list_definition.nil?
       begin
-        blacklist = BlackListLoader.new(rule_definitions)
-                                   .load(blacklist_definition: blacklist_definition)
-      rescue StandardError => blacklist_load_error
-        raise "Blacklist loading error: #{blacklist_load_error}"
+        deny_list = DenyListLoader.new(rule_definitions)
+                                  .load(deny_list_definition: deny_list_definition)
+      rescue StandardError => deny_list_load_error
+        raise "Deny list loading error: #{deny_list_load_error}"
       end
     end
 
     violations.reject do |violation|
-      !blacklist.nil? && blacklist.contains_rule?(violation.id)
+      !deny_list.nil? && deny_list.contains_rule?(violation.id)
     end
   end
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: cfn-nag
 version: !ruby/object:Gem::Version
-  version: 0.7.15
+  version: 0.8.2
 platform: ruby
 authors:
 - Eric Kascic
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2021-08-23 00:00:00.000000000 Z
+date: 2021-10-25 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rake
@@ -72,14 +72,14 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.6.3
+        version: 0.6.4
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.6.3
+        version: 0.6.4
 - !ruby/object:Gem::Dependency
   name: logging
   requirement: !ruby/object:Gem::Requirement
@@ -180,7 +180,6 @@ files:
 - bin/spcm_scan
 - lib/cfn-nag.rb
 - lib/cfn-nag/base_rule.rb
-- lib/cfn-nag/blacklist_loader.rb
 - lib/cfn-nag/cfn_nag.rb
 - lib/cfn-nag/cfn_nag_config.rb
 - lib/cfn-nag/cfn_nag_executor.rb
@@ -359,6 +358,7 @@ files:
 - lib/cfn-nag/custom_rules/password_base_rule.rb
 - lib/cfn-nag/custom_rules/resource_base_rule.rb
 - lib/cfn-nag/custom_rules/sub_property_with_list_password_base_rule.rb
+- lib/cfn-nag/deny_list_loader.rb
 - lib/cfn-nag/iam_complexity_metric/condition_metric.rb
 - lib/cfn-nag/iam_complexity_metric/html_results_renderer.rb
 - lib/cfn-nag/iam_complexity_metric/policy_document_metric.rb
@@ -371,6 +371,7 @@ files:
 - lib/cfn-nag/result_view/colored_stdout_results.rb
 - lib/cfn-nag/result_view/json_results.rb
 - lib/cfn-nag/result_view/rules_view.rb
+- lib/cfn-nag/result_view/sarif_results.rb
 - lib/cfn-nag/result_view/simple_stdout_results.rb
 - lib/cfn-nag/result_view/stdout_results.rb
 - lib/cfn-nag/rule_definition.rb
@@ -388,6 +389,7 @@ files:
 - lib/cfn-nag/util/enforce_string_or_dynamic_reference.rb
 - lib/cfn-nag/util/truthy.rb
 - lib/cfn-nag/util/wildcard_patterns.rb
+- lib/cfn-nag/version.rb
 - lib/cfn-nag/violation.rb
 - lib/cfn-nag/violation_filtering.rb
 homepage: https://github.com/stelligent/cfn_nag

data/lib/cfn-nag/blacklist_loader.rb

@@ -1,43 +0,0 @@
-# frozen_string_literal: true
-
-require 'yaml'
-
-class BlackListLoader
-  def initialize(rules_registry)
-    @rules_registry = rules_registry
-  end
-
-  def load(blacklist_definition:)
-    raise 'Empty profile' if blacklist_definition.strip == ''
-
-    blacklist_ruleset = RuleIdSet.new
-
-    blacklist_hash = load_blacklist_yaml(blacklist_definition)
-    raise 'Blacklist is malformed' unless blacklist_hash.is_a? Hash
-
-    rules_to_suppress = blacklist_hash.fetch('RulesToSuppress', {})
-    raise 'Missing RulesToSuppress key in black list' if rules_to_suppress.empty?
-
-    rule_ids_to_suppress = rules_to_suppress.map { |rule| rule['id'] }
-    rule_ids_to_suppress.each do |rule_id|
-      check_valid_rule_id rule_id
-      blacklist_ruleset.add_rule rule_id
-    end
-
-    blacklist_ruleset
-  end
-
-  private
-
-  def load_blacklist_yaml(blacklist_definition)
-    YAML.safe_load(blacklist_definition)
-  rescue StandardError => yaml_parse_error
-    raise "YAML parse of blacklist failed: #{yaml_parse_error}"
-  end
-
-  def check_valid_rule_id(rule_id)
-    return true unless @rules_registry.by_id(rule_id).nil?
-
-    raise "#{rule_id} is not a legal rule identifier from: #{@rules_registry.ids}"
-  end
-end