cfn-nag 0.0.12 → 0.0.13
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/lib/json_rules/s3_bucket_rules.rb +7 -0
- metadata +2 -1
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: d9bf832e2b7260d822017d691d09a73d1616b5db
|
4
|
+
data.tar.gz: 5ddfd3d4e72f266f789eb3e2960642e9792c48b4
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: ebfa6c62f60f64f3cc6e68074ba1bdd5fd3bd09d44f3fa7e40be24ab1085223b8333306ba260f791106cea0a3ac2fd84333b84bee13ab0d10ae48fa7fb9eeabd
|
7
|
+
data.tar.gz: 4a57324c81147a9e06d77bb114034e69c6e666998527054f60bca781c6b7953669786df7ed28014230dbdd92e26f2d8592d1472bd5f4f6cf104a499b615ee701
|
@@ -0,0 +1,7 @@
|
|
1
|
+
warning jq: '[.Resources|with_entries(.value.LogicalResourceId = .key)[] | select(.Type == "AWS::S3::Bucket")|'\
|
2
|
+
'select(.Properties.AccessControl? == "PublicRead")]|map(.LogicalResourceId) ',
|
3
|
+
message: 'S3 Bucket likely should not have a public read acl'
|
4
|
+
|
5
|
+
violation jq: '[.Resources|with_entries(.value.LogicalResourceId = .key)[] | select(.Type == "AWS::S3::Bucket")|'\
|
6
|
+
'select(.Properties.AccessControl? == "PublicReadWrite")]|map(.LogicalResourceId) ',
|
7
|
+
message: 'S3 Bucket should not have a public read-write acl'
|
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: cfn-nag
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.0.
|
4
|
+
version: 0.0.13
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- someguy
|
@@ -57,6 +57,7 @@ files:
|
|
57
57
|
- lib/json_rules/iam_user_rules.rb
|
58
58
|
- lib/json_rules/loadbalancer_rules.rb
|
59
59
|
- lib/json_rules/port_rules.rb
|
60
|
+
- lib/json_rules/s3_bucket_rules.rb
|
60
61
|
- lib/model/cfn_model.rb
|
61
62
|
- lib/model/iam_user_parser.rb
|
62
63
|
- lib/model/security_group_parser.rb
|