cfn-nag 0.8.8 → 0.8.9

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 735dbd2dbf597b2da5cc262af063155a84c0189262214bd64bc5584b9ad3b2e2
4
- data.tar.gz: 106a0f471c6db4c1c8d5958d3d720694aae6d56f09135f6c81112e5b55240ce9
3
+ metadata.gz: f4a16eb5cda1347c3d70d1dba6c5408df9cc1eb6fd59ddf9ceab8bc35e4c2a1f
4
+ data.tar.gz: acf74edd1722eb6703cb9b3984c0c6656f154564fdb8e4ad758ce00c60a0d52c
5
5
  SHA512:
6
- metadata.gz: 55338fd7776fec785e0ddf95c7df5f151f7c08b66f0a16dbe666e628e8d96186a2bcd5ffb321325a1b4376248f0b3ef662c313e7ecc84690f6c493406aec5e6e
7
- data.tar.gz: ed07441a28f36e3ec63bcb5774bcc3b6991b731de5bba511e95f59d86a51a5796797111ed4acc0511f9d769ab6894aa1037061797072fcbb63ffd1f9c512e7cb
6
+ metadata.gz: ce414a1ff11e5a981b410d6dd0f37ae8e677a333aafe66de03fd50cac3fb7d9edc46a229708950cfd03965d1b972f449308c7d241f6869d59159c889b4fc2ca2
7
+ data.tar.gz: 7ddefcb9485dd9283fca42013fdcf0975358ebb7026acdc6038e38d7438489b8a9367b866bbe7d79e2572907e02b90af212a89ca64a9eb23f7d7d4a6e568af00
@@ -23,7 +23,7 @@ class IamRolePassRoleWildcardResourceRule < BaseRule
23
23
  violating_roles = cfn_model.resources_by_type('AWS::IAM::Role').select do |role|
24
24
  violating_policies = role.policy_objects.select do |policy|
25
25
  violating_statements = policy.policy_document.statements.select do |statement|
26
- passrole_action?(statement) && wildcard_resource?(statement)
26
+ statement.effect == 'Allow' && passrole_action?(statement) && wildcard_resource?(statement)
27
27
  end
28
28
  !violating_statements.empty?
29
29
  end
@@ -16,7 +16,7 @@ class PassRoleBaseRule < BaseRule
16
16
 
17
17
  violating_policies = policies.select do |policy|
18
18
  violating_statements = policy.policy_document.statements.select do |statement|
19
- passrole_action?(statement) && wildcard_resource?(statement)
19
+ statement.effect == 'Allow' && passrole_action?(statement) && wildcard_resource?(statement)
20
20
  end
21
21
  !violating_statements.empty?
22
22
  end
@@ -2,5 +2,5 @@
2
2
 
3
3
  module CfnNagVersion
4
4
  # This is managed at release time via scripts/publish.sh
5
- VERSION = '0.8.8'
5
+ VERSION = '0.8.9'
6
6
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: cfn-nag
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.8.8
4
+ version: 0.8.9
5
5
  platform: ruby
6
6
  authors:
7
7
  - Eric Kascic
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2021-11-04 00:00:00.000000000 Z
11
+ date: 2022-01-03 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: rake