cfn-nag 0.0.12 → 0.0.13

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 292f48533183f6f2b074d57757ec5771db23a597
-  data.tar.gz: c253df7e9188ef34a47f832b2b055eaf41649e55
+  metadata.gz: d9bf832e2b7260d822017d691d09a73d1616b5db
+  data.tar.gz: 5ddfd3d4e72f266f789eb3e2960642e9792c48b4
 SHA512:
-  metadata.gz: 840362bbf552584f4f080a572e15d73bdfb4013008c6eb5ae56008f96c78a28db6d30790e56a7484bbcd4d2e5c015594aa03d8f53ad77a39e0bdee9f53ca1203
-  data.tar.gz: a661ea828ffcb4ead2f2827d0b9c56cac24b08f0c025ef753a5b245f98e84a9ccdf62972b0b51b2b44fd84ce9307b16ddbffd6f0cb4c801877be1b0342b5b655
+  metadata.gz: ebfa6c62f60f64f3cc6e68074ba1bdd5fd3bd09d44f3fa7e40be24ab1085223b8333306ba260f791106cea0a3ac2fd84333b84bee13ab0d10ae48fa7fb9eeabd
+  data.tar.gz: 4a57324c81147a9e06d77bb114034e69c6e666998527054f60bca781c6b7953669786df7ed28014230dbdd92e26f2d8592d1472bd5f4f6cf104a499b615ee701

data/lib/json_rules/s3_bucket_rules.rb

@@ -0,0 +1,7 @@
+warning jq: '[.Resources|with_entries(.value.LogicalResourceId = .key)[] | select(.Type == "AWS::S3::Bucket")|'\
+              'select(.Properties.AccessControl? == "PublicRead")]|map(.LogicalResourceId) ',
+        message: 'S3 Bucket likely should not have a public read acl'
+
+violation jq: '[.Resources|with_entries(.value.LogicalResourceId = .key)[] | select(.Type == "AWS::S3::Bucket")|'\
+              'select(.Properties.AccessControl? == "PublicReadWrite")]|map(.LogicalResourceId) ',
+          message: 'S3 Bucket should not have a public read-write acl'

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: cfn-nag
 version: !ruby/object:Gem::Version
-  version: 0.0.12
+  version: 0.0.13
 platform: ruby
 authors:
 - someguy
@@ -57,6 +57,7 @@ files:
 - lib/json_rules/iam_user_rules.rb
 - lib/json_rules/loadbalancer_rules.rb
 - lib/json_rules/port_rules.rb
+- lib/json_rules/s3_bucket_rules.rb
 - lib/model/cfn_model.rb
 - lib/model/iam_user_parser.rb
 - lib/model/security_group_parser.rb