cfn-nag 0.0.14 → 0.0.15
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/lib/json_rules/lambda_rules.rb +7 -0
- metadata +2 -1
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 321aab48e50c578d52366929c70c050feb20b027
|
4
|
+
data.tar.gz: 100ef582f666736c16cfdc52a44db75ba23f7438
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 4ff24d952355ccdcfa55b488777f3f0e19ae9efdb37091b2df85538bfdb2d626456fd3012c8ccf4425d916e3b877f43fd81cfc3770cb00f99664a9d8f1075b04
|
7
|
+
data.tar.gz: 8c1e4d0849c2a07560b3005bc869d24e10a481181c47fb7b8d69ccc4ee30aed498431d0507cf53f7b1ca168d3284111aad310cabe1833a98dfc53d21091ab12b
|
@@ -0,0 +1,7 @@
|
|
1
|
+
warning jq: '[.Resources|with_entries(.value.LogicalResourceId = .key)[] | select(.Type == "AWS::Lambda::Permission")|'\
|
2
|
+
'select(.Properties.Action != "lambda:InvokeFunction")]|map(.LogicalResourceId) ',
|
3
|
+
message: 'Lambda permission beside InvokeFunction might not be what you want? Not sure!?'
|
4
|
+
|
5
|
+
violation jq: '[.Resources|with_entries(.value.LogicalResourceId = .key)[] | select(.Type == "AWS::Lambda::Permission")|'\
|
6
|
+
'select(.Properties.Principal == "*")]|map(.LogicalResourceId) ',
|
7
|
+
message: 'Lambda permission principal should not be wildcard'
|
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: cfn-nag
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.0.
|
4
|
+
version: 0.0.15
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- someguy
|
@@ -56,6 +56,7 @@ files:
|
|
56
56
|
- lib/json_rules/ebs_rules.rb
|
57
57
|
- lib/json_rules/iam_policy_rules.rb
|
58
58
|
- lib/json_rules/iam_user_rules.rb
|
59
|
+
- lib/json_rules/lambda_rules.rb
|
59
60
|
- lib/json_rules/loadbalancer_rules.rb
|
60
61
|
- lib/json_rules/port_rules.rb
|
61
62
|
- lib/json_rules/s3_bucket_rules.rb
|