RubyGems - cfn-nag - Versions diffs - 0.7.2 → 0.7.3 - Mend

cfn-nag 0.7.2 → 0.7.3

Files changed (3) hide show

checksums.yaml +4 -4
data/lib/cfn-nag/custom_rules/ApiGatewayCacheEncryptedRule.rb +34 -0
metadata +8 -8

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: f180cde695c0a172b8ef42bdd38f58cc403adf10847a22f57af36dd0fb8ab743
-  data.tar.gz: 48b315081d53ca804e8d6f2ba5d245dd117beb07a057c368ab7edeeadd5140ff
+  metadata.gz: d145d8825a2b75a15637c38316311f3a81e34d4c0e4a0da762bb8736d8f92bbd
+  data.tar.gz: 0f86a5e05e4661ee957576eb00c82835917bd9d05ed130ecac583aa8591e98c2
 SHA512:
-  metadata.gz: efc72eac3b1fbd17e420e19b7e1d61a55136083c00516490bdeee626cb39bf4e6a64cb75a1ac5b5ccc3321ba58774fe639855d919bcd439e0c88633d2728b12f
-  data.tar.gz: bef1eeac336bc1c3a0c1c566a744f6eb7fdbe8dd9e15aeccd819caed044b7c37d66bbc4102e70522b79e71cd0fd1b6709bfa5362ff2c7e8c902ca2b79db49dcb
+  metadata.gz: 1db97cdbc8e20ad8b4600668f13a80271aaa315cdff7c72881467e951f815e32e6929bd00edc4f28fd3b7b96fcd3163889d62a0f35bcc1f39d94d80733331fb9
+  data.tar.gz: 6640df3fcaf9f3745252975c1a62e3bfb499f7fdbb8d3f7c8e3c4f035a02ea70a1e0152686b6ec3555dda7fed3c8779b11068ef55bbef40eabfc059171ad93c5

data/lib/cfn-nag/custom_rules/ApiGatewayCacheEncryptedRule.rb ADDED Viewed

@@ -0,0 +1,34 @@
+# frozen_string_literal: true
+require 'cfn-nag/violation'
+require_relative 'base'
+class ApiGatewayCacheEncryptedRule < BaseRule
+  def rule_text
+    'ApiGateway Deployment should have cache data encryption enabled when caching is enabled' \
+    ' in StageDescription properties'
+  end
+  def rule_type
+    Violation::WARNING
+  end
+  def rule_id
+    'W87'
+  end
+  def audit_impl(cfn_model)
+    violating_deployments = cfn_model.resources_by_type('AWS::ApiGateway::Deployment').select do |deployment|
+      violating_deployment?(deployment)
+    end
+    violating_deployments.map(&:logical_resource_id)
+  end
+  private
+  def violating_deployment?(deployment)
+    !deployment.stageDescription.nil? && truthy?(deployment.stageDescription['CachingEnabled']) \
+    && !truthy?(deployment.stageDescription['CacheDataEncrypted'])
+  end
+end

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: cfn-nag
 version: !ruby/object:Gem::Version
-  version: 0.7.2
+  version: 0.7.3
 platform: ruby
 authors:
 - Eric Kascic
-autorequire:
+autorequire:
 bindir: bin
 cert_chain: []
-date: 2021-02-15 00:00:00.000000000 Z
+date: 2021-03-26 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rake
@@ -165,7 +165,7 @@ dependencies:
       - !ruby/object:Gem::Version
         version: '0'
 description: Auditing tool for CloudFormation templates
-email:
+email:
 executables:
 - cfn_nag
 - cfn_nag_rules
@@ -197,6 +197,7 @@ files:
 - lib/cfn-nag/custom_rules/AmplifyAppOauthTokenRule.rb
 - lib/cfn-nag/custom_rules/AmplifyBranchBasicAuthConfigPasswordRule.rb
 - lib/cfn-nag/custom_rules/ApiGatewayAccessLoggingRule.rb
+- lib/cfn-nag/custom_rules/ApiGatewayCacheEncryptedRule.rb
 - lib/cfn-nag/custom_rules/ApiGatewayDeploymentUsagePlanRule.rb
 - lib/cfn-nag/custom_rules/ApiGatewayMethodAuthorizationTypeRule.rb
 - lib/cfn-nag/custom_rules/ApiGatewaySecurityPolicyRule.rb
@@ -389,7 +390,7 @@ homepage: https://github.com/stelligent/cfn_nag
 licenses:
 - MIT
 metadata: {}
-post_install_message:
+post_install_message:
 rdoc_options: []
 require_paths:
 - lib
@@ -405,9 +406,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubyforge_project:
-rubygems_version: 2.7.6
-signing_key:
+rubygems_version: 3.1.2
+signing_key:
 specification_version: 4
 summary: cfn-nag
 test_files: []