cfn-nag 0.0.40 → 0.0.41
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/lib/json_rules/cidr_rules.rb +3 -12
- metadata +1 -1
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 264757a35c270841c6196e82f2a371cca3875257
|
4
|
+
data.tar.gz: 8a59009ea37f75cfb7f5e2ba4049e568abb3a9fe
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 17bb07800c03b9e80159ff128f8169a84cbfc237b43c52c04008b69c9a1e77d8988b21d477f50dee433cc21589224190b2e893833ec16a83eba013ea1cbc5b2b
|
7
|
+
data.tar.gz: 694cf7348c73c688d052a3003a24a033990a4efe164d44a2b6e11b50e0db1d2ba1622ac8e3882142cb6786a99ec4e1310bf6de6586674bb41e4111e33837e664
|
@@ -32,7 +32,7 @@ warning id: 'W7',
|
|
32
32
|
|
33
33
|
# BEWARE with escapes \d -> \\\d because of how the escapes get munged from ruby through to shell
|
34
34
|
warning id: 'W8',
|
35
|
-
jq: '[.Resources|with_entries(.value.LogicalResourceId = .key)[] | select(.Type == "AWS::EC2::SecurityGroupIngress"
|
35
|
+
jq: '[.Resources|with_entries(.value.LogicalResourceId = .key)[] | select(.Type == "AWS::EC2::SecurityGroupIngress") | if(.Properties.CidrIp|type == "string") then select(.Properties.CidrIp|endswith("/32")|not) else (select(.Properties.CidrIp[]|endswith("/32")|not)) end ]|map(.LogicalResourceId)',
|
36
36
|
message: 'Security Group Standalone Ingress cidr found that is not /32'
|
37
37
|
|
38
38
|
non_32_cidr_jq_expression = <<END
|
@@ -41,21 +41,12 @@ non_32_cidr_jq_expression = <<END
|
|
41
41
|
select(.Type == "AWS::EC2::SecurityGroup") |
|
42
42
|
if (.Properties.SecurityGroupIngress|type == "object")
|
43
43
|
then (
|
44
|
-
|
45
|
-
select(.Properties.SecurityGroupIngress.CidrIp|test("^\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3}/(?!32)$"))
|
44
|
+
select(.Properties.SecurityGroupIngress.CidrIp|endswith("/32")|not)
|
46
45
|
)
|
47
46
|
else (
|
48
47
|
if (.Properties.SecurityGroupIngress|type == "array")
|
49
48
|
then (
|
50
|
-
select(.Properties.SecurityGroupIngress[].CidrIp|
|
51
|
-
select(.Properties.SecurityGroupIngress[].CidrIp |
|
52
|
-
(
|
53
|
-
if (.|type=="string")
|
54
|
-
then test("^\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3}/(?!32)$")
|
55
|
-
else empty
|
56
|
-
end
|
57
|
-
)
|
58
|
-
)
|
49
|
+
select(.Properties.SecurityGroupIngress[]|select(.CidrIp|endswith("/32")|not))
|
59
50
|
)
|
60
51
|
else empty
|
61
52
|
end
|