cfn-nag 0.0.40 → 0.0.41

Sign up to get free protection for your applications and to get access to all the features.
Files changed (3) hide show
  1. checksums.yaml +4 -4
  2. data/lib/json_rules/cidr_rules.rb +3 -12
  3. metadata +1 -1
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: 8854703d7177b20f5163fd7b157a33475963da37
4
- data.tar.gz: c70c1fe0a9c9a050c3c1b1a520cf208c1e1940d3
3
+ metadata.gz: 264757a35c270841c6196e82f2a371cca3875257
4
+ data.tar.gz: 8a59009ea37f75cfb7f5e2ba4049e568abb3a9fe
5
5
  SHA512:
6
- metadata.gz: db86b801b0a02a04ff91e67d853717dce477266ab3539f95d913dd2fab4ed8f1277fc6fd25d5db0b0ee3b289879476620826c4550014832ada98b3801922b954
7
- data.tar.gz: 52d69d86e2689446e35ba886eec393cd21aa5c5e0289da6f2d0aaeafdef2c4c3d55ac28615157508e237f32d1b71817feecef906543ba99a2d33bd671e448998
6
+ metadata.gz: 17bb07800c03b9e80159ff128f8169a84cbfc237b43c52c04008b69c9a1e77d8988b21d477f50dee433cc21589224190b2e893833ec16a83eba013ea1cbc5b2b
7
+ data.tar.gz: 694cf7348c73c688d052a3003a24a033990a4efe164d44a2b6e11b50e0db1d2ba1622ac8e3882142cb6786a99ec4e1310bf6de6586674bb41e4111e33837e664
data/lib/json_rules/cidr_rules.rb CHANGED
@@ -32,7 +32,7 @@ warning id: 'W7',
32
32
 
33
33
  # BEWARE with escapes \d -> \\\d because of how the escapes get munged from ruby through to shell
34
34
  warning id: 'W8',
35
- jq: '[.Resources|with_entries(.value.LogicalResourceId = .key)[] | select(.Type == "AWS::EC2::SecurityGroupIngress" and .Properties.CidrIp|type == "string")|select(.Properties.CidrIp | test("^\\\d{1,3}\\\.\\\d{1,3}\\\.\\\d{1,3}\\\.\\\d{1,3}/(?!32)$") )]|map(.LogicalResourceId)',
35
+ jq: '[.Resources|with_entries(.value.LogicalResourceId = .key)[] | select(.Type == "AWS::EC2::SecurityGroupIngress") | if(.Properties.CidrIp|type == "string") then select(.Properties.CidrIp|endswith("/32")|not) else (select(.Properties.CidrIp[]|endswith("/32")|not)) end ]|map(.LogicalResourceId)',
36
36
  message: 'Security Group Standalone Ingress cidr found that is not /32'
37
37
 
38
38
  non_32_cidr_jq_expression = <<END
@@ -41,21 +41,12 @@ non_32_cidr_jq_expression = <<END
41
41
  select(.Type == "AWS::EC2::SecurityGroup") |
42
42
  if (.Properties.SecurityGroupIngress|type == "object")
43
43
  then (
44
- select(.Properties.SecurityGroupIngress.CidrIp|type == "string")|
45
- select(.Properties.SecurityGroupIngress.CidrIp|test("^\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3}/(?!32)$"))
44
+ select(.Properties.SecurityGroupIngress.CidrIp|endswith("/32")|not)
46
45
  )
47
46
  else (
48
47
  if (.Properties.SecurityGroupIngress|type == "array")
49
48
  then (
50
- select(.Properties.SecurityGroupIngress[].CidrIp|type == "string")|
51
- select(.Properties.SecurityGroupIngress[].CidrIp |
52
- (
53
- if (.|type=="string")
54
- then test("^\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3}/(?!32)$")
55
- else empty
56
- end
57
- )
58
- )
49
+ select(.Properties.SecurityGroupIngress[]|select(.CidrIp|endswith("/32")|not))
59
50
  )
60
51
  else empty
61
52
  end
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: cfn-nag
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.0.40
4
+ version: 0.0.41
5
5
  platform: ruby
6
6
  authors:
7
7
  - someguy