cfn-nag 0.1.8 → 0.3.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (36) hide show
  1. checksums.yaml +4 -4
  2. data/lib/cfn-nag/custom_rules/IamManagedPolicyNotActionRule.rb +1 -1
  3. data/lib/cfn-nag/custom_rules/IamManagedPolicyNotResourceRule.rb +1 -1
  4. data/lib/cfn-nag/custom_rules/IamManagedPolicyWildcardActionRule.rb +1 -1
  5. data/lib/cfn-nag/custom_rules/IamManagedPolicyWildcardResourceRule.rb +1 -1
  6. data/lib/cfn-nag/custom_rules/IamPolicyNotActionRule.rb +1 -1
  7. data/lib/cfn-nag/custom_rules/IamPolicyNotResourceRule.rb +1 -1
  8. data/lib/cfn-nag/custom_rules/IamPolicyWildcardActionRule.rb +1 -1
  9. data/lib/cfn-nag/custom_rules/IamPolicyWildcardResourceRule.rb +1 -1
  10. data/lib/cfn-nag/custom_rules/IamRoleNotActionOnPermissionsPolicyRule.rb +2 -2
  11. data/lib/cfn-nag/custom_rules/IamRoleNotActionOnTrustPolicyRule.rb +1 -1
  12. data/lib/cfn-nag/custom_rules/IamRoleNotPrincipalOnTrustPolicyRule.rb +1 -1
  13. data/lib/cfn-nag/custom_rules/IamRoleNotResourceOnPermissionsPolicyRule.rb +2 -2
  14. data/lib/cfn-nag/custom_rules/IamRoleWildcardActionOnPermissionsPolicyRule.rb +2 -2
  15. data/lib/cfn-nag/custom_rules/IamRoleWildcardActionOnTrustPolicyRule.rb +1 -1
  16. data/lib/cfn-nag/custom_rules/IamRoleWildcardResourceOnPermissionsPolicyRule.rb +2 -2
  17. data/lib/cfn-nag/custom_rules/S3BucketPolicyNotActionRule.rb +1 -1
  18. data/lib/cfn-nag/custom_rules/S3BucketPolicyNotPrincipalRule.rb +1 -1
  19. data/lib/cfn-nag/custom_rules/S3BucketPolicyWildcardActionRule.rb +1 -1
  20. data/lib/cfn-nag/custom_rules/S3BucketPolicyWildcardPrincipalRule.rb +1 -1
  21. data/lib/cfn-nag/custom_rules/SecurityGroupEgressOpenToWorldRule.rb +1 -1
  22. data/lib/cfn-nag/custom_rules/SecurityGroupEgressPortRangeRule.rb +1 -1
  23. data/lib/cfn-nag/custom_rules/SecurityGroupIngressCidrNon32Rule.rb +1 -1
  24. data/lib/cfn-nag/custom_rules/SecurityGroupIngressOpenToWorldRule.rb +1 -1
  25. data/lib/cfn-nag/custom_rules/SecurityGroupIngressPortRangeRule.rb +1 -1
  26. data/lib/cfn-nag/custom_rules/SecurityGroupMissingEgressRule.rb +1 -1
  27. data/lib/cfn-nag/custom_rules/SnsTopicPolicyNotActionRule.rb +1 -1
  28. data/lib/cfn-nag/custom_rules/SnsTopicPolicyNotPrincipalRule.rb +1 -1
  29. data/lib/cfn-nag/custom_rules/SnsTopicPolicyWildcardPrincipalRule.rb +1 -1
  30. data/lib/cfn-nag/custom_rules/SqsQueuePolicyNotActionRule.rb +1 -1
  31. data/lib/cfn-nag/custom_rules/SqsQueuePolicyNotPrincipalRule.rb +1 -1
  32. data/lib/cfn-nag/custom_rules/SqsQueuePolicyWildcardActionRule.rb +1 -1
  33. data/lib/cfn-nag/custom_rules/SqsQueuePolicyWildcardPrincipalRule.rb +1 -1
  34. data/lib/cfn-nag/custom_rules/UserHasInlinePolicyRule.rb +1 -1
  35. data/lib/cfn-nag/custom_rules/UserMissingGroupRule.rb +1 -1
  36. metadata +4 -4
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: bd5906c9788032280ede5ed4140f22b9654044a2
4
- data.tar.gz: 1afc86b72e29a99ec4a91566b00ff2ee5b973078
3
+ metadata.gz: 9afa055a091cce26ce861f4788565f5e4be10fee
4
+ data.tar.gz: 0bd54fe8e8c9c4fc7d53e2aa755051c11becd143
5
5
  SHA512:
6
- metadata.gz: e4bbe81af76602d8c5bdb0705bf5fd92b898bf5a11d630a644d97f557ba5cf772272649483aaadbc58f9e4872bee768a6e919b38f2c0681f0f9e0dd4e7cd5eba
7
- data.tar.gz: c5b85b35db56051f6196ab02a60c665592768ae2e15f5ef3d49440c6a1bf0232789b603f58b048394d9d73ce3c01d659c01c2853b55de0b9329a8112bbcfd980
6
+ metadata.gz: ac0a50f49100462562dc74c792bd4c367018c931a8d01ad7e534d910b21116cc2b93abb4c2f64d164f9c432e81fc6a07bc4b9457f6238fb23257806998c6e2f4
7
+ data.tar.gz: cf262ff579adfc1072673cf8c9ef34cb7785035c2c460120a7b211f8e37574981d895c88920f4f4c7ead50eb5c0b5a7fc7fd7bae52ac75b40a2bb761ab7f5efd
data/lib/cfn-nag/custom_rules/IamManagedPolicyNotActionRule.rb CHANGED
@@ -17,7 +17,7 @@ class IamManagedPolicyNotActionRule < BaseRule
17
17
 
18
18
  def audit_impl(cfn_model)
19
19
  violating_policies = cfn_model.resources_by_type('AWS::IAM::ManagedPolicy').select do |policy|
20
- !policy.policyDocument.allows_not_action.empty?
20
+ !policy.policy_document.allows_not_action.empty?
21
21
  end
22
22
 
23
23
  violating_policies.map { |policy| policy.logical_resource_id }
data/lib/cfn-nag/custom_rules/IamManagedPolicyNotResourceRule.rb CHANGED
@@ -17,7 +17,7 @@ class IamManagedPolicyNotResourceRule < BaseRule
17
17
 
18
18
  def audit_impl(cfn_model)
19
19
  violating_policies = cfn_model.resources_by_type('AWS::IAM::ManagedPolicy').select do |policy|
20
- !policy.policyDocument.allows_not_resource.empty?
20
+ !policy.policy_document.allows_not_resource.empty?
21
21
  end
22
22
 
23
23
  violating_policies.map { |policy| policy.logical_resource_id }
data/lib/cfn-nag/custom_rules/IamManagedPolicyWildcardActionRule.rb CHANGED
@@ -17,7 +17,7 @@ class IamManagedPolicyWildcardActionRule < BaseRule
17
17
 
18
18
  def audit_impl(cfn_model)
19
19
  violating_policies = cfn_model.resources_by_type('AWS::IAM::ManagedPolicy').select do |policy|
20
- !policy.policyDocument.wildcard_allowed_actions.empty?
20
+ !policy.policy_document.wildcard_allowed_actions.empty?
21
21
  end
22
22
 
23
23
  violating_policies.map { |policy| policy.logical_resource_id }
data/lib/cfn-nag/custom_rules/IamManagedPolicyWildcardResourceRule.rb CHANGED
@@ -17,7 +17,7 @@ class IamManagedPolicyWildcardResourceRule < BaseRule
17
17
 
18
18
  def audit_impl(cfn_model)
19
19
  violating_policies = cfn_model.resources_by_type('AWS::IAM::ManagedPolicy').select do |policy|
20
- !policy.policyDocument.wildcard_allowed_resources.empty?
20
+ !policy.policy_document.wildcard_allowed_resources.empty?
21
21
  end
22
22
 
23
23
  violating_policies.map { |policy| policy.logical_resource_id }
data/lib/cfn-nag/custom_rules/IamPolicyNotActionRule.rb CHANGED
@@ -17,7 +17,7 @@ class IamPolicyNotActionRule < BaseRule
17
17
 
18
18
  def audit_impl(cfn_model)
19
19
  violating_policies = cfn_model.resources_by_type('AWS::IAM::Policy').select do |policy|
20
- !policy.policyDocument.allows_not_action.empty?
20
+ !policy.policy_document.allows_not_action.empty?
21
21
  end
22
22
 
23
23
  violating_policies.map { |policy| policy.logical_resource_id }
data/lib/cfn-nag/custom_rules/IamPolicyNotResourceRule.rb CHANGED
@@ -17,7 +17,7 @@ class IamPolicyNotResourceRule < BaseRule
17
17
 
18
18
  def audit_impl(cfn_model)
19
19
  violating_policies = cfn_model.resources_by_type('AWS::IAM::Policy').select do |policy|
20
- !policy.policyDocument.allows_not_resource.empty?
20
+ !policy.policy_document.allows_not_resource.empty?
21
21
  end
22
22
 
23
23
  violating_policies.map { |policy| policy.logical_resource_id }
data/lib/cfn-nag/custom_rules/IamPolicyWildcardActionRule.rb CHANGED
@@ -17,7 +17,7 @@ class IamPolicyWildcardActionRule < BaseRule
17
17
 
18
18
  def audit_impl(cfn_model)
19
19
  violating_policies = cfn_model.resources_by_type('AWS::IAM::Policy').select do |policy|
20
- !policy.policyDocument.wildcard_allowed_actions.empty?
20
+ !policy.policy_document.wildcard_allowed_actions.empty?
21
21
  end
22
22
 
23
23
  violating_policies.map { |policy| policy.logical_resource_id }
data/lib/cfn-nag/custom_rules/IamPolicyWildcardResourceRule.rb CHANGED
@@ -17,7 +17,7 @@ class IamPolicyWildcardResourceRule < BaseRule
17
17
 
18
18
  def audit_impl(cfn_model)
19
19
  violating_policies = cfn_model.resources_by_type('AWS::IAM::Policy').select do |policy|
20
- !policy.policyDocument.wildcard_allowed_resources.empty?
20
+ !policy.policy_document.wildcard_allowed_resources.empty?
21
21
  end
22
22
 
23
23
  violating_policies.map { |policy| policy.logical_resource_id }
data/lib/cfn-nag/custom_rules/IamRoleNotActionOnPermissionsPolicyRule.rb CHANGED
@@ -17,8 +17,8 @@ class IamRoleNotActionOnPermissionsPolicyRule < BaseRule
17
17
 
18
18
  def audit_impl(cfn_model)
19
19
  violating_roles = cfn_model.resources_by_type('AWS::IAM::Role').select do |role|
20
- violating_policies = role.policies.select do |policy|
21
- !policy.policyDocument.allows_not_action.empty?
20
+ violating_policies = role.policy_objects.select do |policy|
21
+ !policy.policy_document.allows_not_action.empty?
22
22
  end
23
23
  !violating_policies.empty?
24
24
  end
data/lib/cfn-nag/custom_rules/IamRoleNotActionOnTrustPolicyRule.rb CHANGED
@@ -17,7 +17,7 @@ class IamRoleNotActionOnTrustPolicyRule < BaseRule
17
17
 
18
18
  def audit_impl(cfn_model)
19
19
  violating_roles = cfn_model.resources_by_type('AWS::IAM::Role').select do |role|
20
- !role.assumeRolePolicyDocument.allows_not_action.empty?
20
+ !role.assume_role_policy_document.allows_not_action.empty?
21
21
  end
22
22
 
23
23
  violating_roles.map { |role| role.logical_resource_id }
data/lib/cfn-nag/custom_rules/IamRoleNotPrincipalOnTrustPolicyRule.rb CHANGED
@@ -17,7 +17,7 @@ class IamRoleNotPrincipalOnTrustPolicyRule < BaseRule
17
17
 
18
18
  def audit_impl(cfn_model)
19
19
  violating_roles = cfn_model.resources_by_type('AWS::IAM::Role').select do |role|
20
- !role.assumeRolePolicyDocument.allows_not_principal.empty?
20
+ !role.assume_role_policy_document.allows_not_principal.empty?
21
21
  end
22
22
 
23
23
  violating_roles.map { |role| role.logical_resource_id }
data/lib/cfn-nag/custom_rules/IamRoleNotResourceOnPermissionsPolicyRule.rb CHANGED
@@ -17,8 +17,8 @@ class IamRoleNotResourceOnPermissionsPolicyRule < BaseRule
17
17
 
18
18
  def audit_impl(cfn_model)
19
19
  violating_roles = cfn_model.resources_by_type('AWS::IAM::Role').select do |role|
20
- violating_policies = role.policies.select do |policy|
21
- !policy.policyDocument.allows_not_resource.empty?
20
+ violating_policies = role.policy_objects.select do |policy|
21
+ !policy.policy_document.allows_not_resource.empty?
22
22
  end
23
23
  !violating_policies.empty?
24
24
  end
data/lib/cfn-nag/custom_rules/IamRoleWildcardActionOnPermissionsPolicyRule.rb CHANGED
@@ -17,8 +17,8 @@ class IamRoleWildcardActionOnPermissionsPolicyRule < BaseRule
17
17
 
18
18
  def audit_impl(cfn_model)
19
19
  violating_roles = cfn_model.resources_by_type('AWS::IAM::Role').select do |role|
20
- violating_policies = role.policies.select do |policy|
21
- !policy.policyDocument.wildcard_allowed_actions.empty?
20
+ violating_policies = role.policy_objects.select do |policy|
21
+ !policy.policy_document.wildcard_allowed_actions.empty?
22
22
  end
23
23
  !violating_policies.empty?
24
24
  end
data/lib/cfn-nag/custom_rules/IamRoleWildcardActionOnTrustPolicyRule.rb CHANGED
@@ -17,7 +17,7 @@ class IamRoleWildcardActionOnTrustPolicyRule < BaseRule
17
17
 
18
18
  def audit_impl(cfn_model)
19
19
  violating_roles = cfn_model.resources_by_type('AWS::IAM::Role').select do |role|
20
- !role.assumeRolePolicyDocument.wildcard_allowed_actions.empty?
20
+ !role.assume_role_policy_document.wildcard_allowed_actions.empty?
21
21
  end
22
22
 
23
23
  violating_roles.map { |role| role.logical_resource_id}
data/lib/cfn-nag/custom_rules/IamRoleWildcardResourceOnPermissionsPolicyRule.rb CHANGED
@@ -17,8 +17,8 @@ class IamRoleWildcardResourceOnPermissionsPolicyRule < BaseRule
17
17
 
18
18
  def audit_impl(cfn_model)
19
19
  violating_roles = cfn_model.resources_by_type('AWS::IAM::Role').select do |role|
20
- violating_policies = role.policies.select do |policy|
21
- !policy.policyDocument.wildcard_allowed_resources.empty?
20
+ violating_policies = role.policy_objects.select do |policy|
21
+ !policy.policy_document.wildcard_allowed_resources.empty?
22
22
  end
23
23
  !violating_policies.empty?
24
24
  end
data/lib/cfn-nag/custom_rules/S3BucketPolicyNotActionRule.rb CHANGED
@@ -17,7 +17,7 @@ class S3BucketPolicyNotActionRule < BaseRule
17
17
 
18
18
  def audit_impl(cfn_model)
19
19
  violating_policies = cfn_model.resources_by_type('AWS::S3::BucketPolicy').select do |policy|
20
- !policy.policyDocument.allows_not_action.empty?
20
+ !policy.policy_document.allows_not_action.empty?
21
21
  end
22
22
 
23
23
  violating_policies.map { |policy| policy.logical_resource_id }
data/lib/cfn-nag/custom_rules/S3BucketPolicyNotPrincipalRule.rb CHANGED
@@ -17,7 +17,7 @@ class S3BucketPolicyNotPrincipalRule < BaseRule
17
17
 
18
18
  def audit_impl(cfn_model)
19
19
  violating_policies = cfn_model.resources_by_type('AWS::S3::BucketPolicy').select do |policy|
20
- !policy.policyDocument.allows_not_principal.empty?
20
+ !policy.policy_document.allows_not_principal.empty?
21
21
  end
22
22
 
23
23
  violating_policies.map { |policy| policy.logical_resource_id }
data/lib/cfn-nag/custom_rules/S3BucketPolicyWildcardActionRule.rb CHANGED
@@ -20,7 +20,7 @@ class S3BucketPolicyWildcardActionRule < BaseRule
20
20
 
21
21
  cfn_model.resources_by_type('AWS::S3::BucketPolicy').each do |bucket_policy|
22
22
 
23
- if !bucket_policy.policyDocument.wildcard_allowed_actions.empty?
23
+ if !bucket_policy.policy_document.wildcard_allowed_actions.empty?
24
24
  logical_resource_ids << bucket_policy.logical_resource_id
25
25
  end
26
26
  end
data/lib/cfn-nag/custom_rules/S3BucketPolicyWildcardPrincipalRule.rb CHANGED
@@ -19,7 +19,7 @@ class S3BucketPolicyWildcardPrincipalRule < BaseRule
19
19
  logical_resource_ids = []
20
20
 
21
21
  cfn_model.resources_by_type('AWS::S3::BucketPolicy').each do |topic_policy|
22
- if !topic_policy.policyDocument.wildcard_allowed_principals.empty?
22
+ if !topic_policy.policy_document.wildcard_allowed_principals.empty?
23
23
  logical_resource_ids << topic_policy.logical_resource_id
24
24
  end
25
25
  end
data/lib/cfn-nag/custom_rules/SecurityGroupEgressOpenToWorldRule.rb CHANGED
@@ -22,7 +22,7 @@ class SecurityGroupEgressOpenToWorldRule < BaseRule
22
22
  def audit_impl(cfn_model)
23
23
  logical_resource_ids = []
24
24
  cfn_model.security_groups.each do |security_group|
25
- violating_egresses = security_group.securityGroupEgress.select do |egress|
25
+ violating_egresses = security_group.egresses.select do |egress|
26
26
  ip4_open?(egress) || ip6_open?(egress)
27
27
  end
28
28
 
data/lib/cfn-nag/custom_rules/SecurityGroupEgressPortRangeRule.rb CHANGED
@@ -20,7 +20,7 @@ class SecurityGroupEgressPortRangeRule < BaseRule
20
20
  def audit_impl(cfn_model)
21
21
  logical_resource_ids = []
22
22
  cfn_model.security_groups.each do |security_group|
23
- violating_egresses = security_group.securityGroupEgress.select do |egress|
23
+ violating_egresses = security_group.egresses.select do |egress|
24
24
  egress.fromPort != egress.toPort
25
25
  end
26
26
 
data/lib/cfn-nag/custom_rules/SecurityGroupIngressCidrNon32Rule.rb CHANGED
@@ -22,7 +22,7 @@ class SecurityGroupIngressCidrNon32Rule < BaseRule
22
22
  def audit_impl(cfn_model)
23
23
  logical_resource_ids = []
24
24
  cfn_model.security_groups.each do |security_group|
25
- violating_ingresses = security_group.securityGroupIngress.select do |ingress|
25
+ violating_ingresses = security_group.ingresses.select do |ingress|
26
26
  ip4_cidr_range?(ingress) || ip6_cidr_range?(ingress)
27
27
  end
28
28
 
data/lib/cfn-nag/custom_rules/SecurityGroupIngressOpenToWorldRule.rb CHANGED
@@ -22,7 +22,7 @@ class SecurityGroupIngressOpenToWorldRule < BaseRule
22
22
  def audit_impl(cfn_model)
23
23
  logical_resource_ids = []
24
24
  cfn_model.security_groups.each do |security_group|
25
- violating_ingresses = security_group.securityGroupIngress.select do |ingress|
25
+ violating_ingresses = security_group.ingresses.select do |ingress|
26
26
  ip4_open?(ingress) || ip6_open?(ingress)
27
27
  end
28
28
 
data/lib/cfn-nag/custom_rules/SecurityGroupIngressPortRangeRule.rb CHANGED
@@ -20,7 +20,7 @@ class SecurityGroupIngressPortRangeRule < BaseRule
20
20
  def audit_impl(cfn_model)
21
21
  logical_resource_ids = []
22
22
  cfn_model.security_groups.each do |security_group|
23
- violating_ingresses = security_group.securityGroupIngress.select do |ingress|
23
+ violating_ingresses = security_group.ingresses.select do |ingress|
24
24
  ingress.fromPort != ingress.toPort
25
25
  end
26
26
 
data/lib/cfn-nag/custom_rules/SecurityGroupMissingEgressRule.rb CHANGED
@@ -18,7 +18,7 @@ class SecurityGroupMissingEgressRule < BaseRule
18
18
  def audit_impl(cfn_model)
19
19
  logical_resource_ids = []
20
20
  cfn_model.security_groups.each do |security_group|
21
- if security_group.securityGroupEgress.empty?
21
+ if security_group.egresses.empty?
22
22
  logical_resource_ids << security_group.logical_resource_id
23
23
  end
24
24
  end
data/lib/cfn-nag/custom_rules/SnsTopicPolicyNotActionRule.rb CHANGED
@@ -17,7 +17,7 @@ class SnsTopicPolicyNotActionRule < BaseRule
17
17
 
18
18
  def audit_impl(cfn_model)
19
19
  violating_policies = cfn_model.resources_by_type('AWS::SNS::TopicPolicy').select do |policy|
20
- !policy.policyDocument.allows_not_action.empty?
20
+ !policy.policy_document.allows_not_action.empty?
21
21
  end
22
22
 
23
23
  violating_policies.map { |policy| policy.logical_resource_id }
data/lib/cfn-nag/custom_rules/SnsTopicPolicyNotPrincipalRule.rb CHANGED
@@ -17,7 +17,7 @@ class SnsTopicPolicyNotPrincipalRule < BaseRule
17
17
 
18
18
  def audit_impl(cfn_model)
19
19
  violating_policies = cfn_model.resources_by_type('AWS::SNS::TopicPolicy').select do |policy|
20
- !policy.policyDocument.allows_not_principal.empty?
20
+ !policy.policy_document.allows_not_principal.empty?
21
21
  end
22
22
 
23
23
  violating_policies.map { |policy| policy.logical_resource_id }
data/lib/cfn-nag/custom_rules/SnsTopicPolicyWildcardPrincipalRule.rb CHANGED
@@ -19,7 +19,7 @@ class SnsTopicPolicyWildcardPrincipalRule < BaseRule
19
19
  logical_resource_ids = []
20
20
 
21
21
  cfn_model.resources_by_type('AWS::SNS::TopicPolicy').each do |topic_policy|
22
- if !topic_policy.policyDocument.wildcard_allowed_principals.empty?
22
+ if !topic_policy.policy_document.wildcard_allowed_principals.empty?
23
23
  logical_resource_ids << topic_policy.logical_resource_id
24
24
  end
25
25
  end
data/lib/cfn-nag/custom_rules/SqsQueuePolicyNotActionRule.rb CHANGED
@@ -17,7 +17,7 @@ class SqsQueuePolicyNotActionRule < BaseRule
17
17
 
18
18
  def audit_impl(cfn_model)
19
19
  violating_policies = cfn_model.resources_by_type('AWS::SQS::QueuePolicy').select do |policy|
20
- !policy.policyDocument.allows_not_action.empty?
20
+ !policy.policy_document.allows_not_action.empty?
21
21
  end
22
22
 
23
23
  violating_policies.map { |policy| policy.logical_resource_id }
data/lib/cfn-nag/custom_rules/SqsQueuePolicyNotPrincipalRule.rb CHANGED
@@ -17,7 +17,7 @@ class SqsQueuePolicyNotPrincipalRule < BaseRule
17
17
 
18
18
  def audit_impl(cfn_model)
19
19
  violating_policies = cfn_model.resources_by_type('AWS::SQS::QueuePolicy').select do |policy|
20
- !policy.policyDocument.allows_not_principal.empty?
20
+ !policy.policy_document.allows_not_principal.empty?
21
21
  end
22
22
 
23
23
  violating_policies.map { |policy| policy.logical_resource_id }
data/lib/cfn-nag/custom_rules/SqsQueuePolicyWildcardActionRule.rb CHANGED
@@ -20,7 +20,7 @@ class SqsQueuePolicyWildcardActionRule < BaseRule
20
20
 
21
21
  cfn_model.resources_by_type('AWS::SQS::QueuePolicy').each do |queue_policy|
22
22
 
23
- if !queue_policy.policyDocument.wildcard_allowed_actions.empty?
23
+ if !queue_policy.policy_document.wildcard_allowed_actions.empty?
24
24
  logical_resource_ids << queue_policy.logical_resource_id
25
25
  end
26
26
  end
data/lib/cfn-nag/custom_rules/SqsQueuePolicyWildcardPrincipalRule.rb CHANGED
@@ -19,7 +19,7 @@ class SqsQueuePolicyWildcardPrincipalRule < BaseRule
19
19
  logical_resource_ids = []
20
20
 
21
21
  cfn_model.resources_by_type('AWS::SQS::QueuePolicy').each do |topic_policy|
22
- if !topic_policy.policyDocument.wildcard_allowed_principals.empty?
22
+ if !topic_policy.policy_document.wildcard_allowed_principals.empty?
23
23
  logical_resource_ids << topic_policy.logical_resource_id
24
24
  end
25
25
  end
data/lib/cfn-nag/custom_rules/UserHasInlinePolicyRule.rb CHANGED
@@ -17,7 +17,7 @@ class UserHasInlinePolicyRule < BaseRule
17
17
 
18
18
  def audit_impl(cfn_model)
19
19
  violating_users = cfn_model.iam_users.select do |iam_user|
20
- iam_user.policies.size > 0
20
+ iam_user.policy_objects.size > 0
21
21
  end
22
22
 
23
23
  violating_users.map { |violating_user| violating_user.logical_resource_id }
data/lib/cfn-nag/custom_rules/UserMissingGroupRule.rb CHANGED
@@ -18,7 +18,7 @@ class UserMissingGroupRule < BaseRule
18
18
  def audit_impl(cfn_model)
19
19
  logical_resource_ids = []
20
20
  cfn_model.iam_users.each do |iam_user|
21
- if iam_user.groups.empty?
21
+ if iam_user.group_names.empty?
22
22
  logical_resource_ids << iam_user.logical_resource_id
23
23
  end
24
24
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: cfn-nag
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.1.8
4
+ version: 0.3.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Eric Kascic
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2017-07-19 00:00:00.000000000 Z
11
+ date: 2017-08-15 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: logging
@@ -44,14 +44,14 @@ dependencies:
44
44
  requirements:
45
45
  - - '='
46
46
  - !ruby/object:Gem::Version
47
- version: 0.0.8
47
+ version: 0.1.2
48
48
  type: :runtime
49
49
  prerelease: false
50
50
  version_requirements: !ruby/object:Gem::Requirement
51
51
  requirements:
52
52
  - - '='
53
53
  - !ruby/object:Gem::Version
54
- version: 0.0.8
54
+ version: 0.1.2
55
55
  - !ruby/object:Gem::Dependency
56
56
  name: jmespath
57
57
  requirement: !ruby/object:Gem::Requirement