cfn-nag 0.3.14 → 0.3.15
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/bin/cfn_nag +3 -1
- data/bin/cfn_nag_scan +3 -1
- data/lib/cfn-nag/cfn_nag.rb +4 -2
- data/lib/cfn-nag/custom_rule_loader.rb +16 -6
- metadata +1 -1
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: ff5457edeb9be4b34c5180117924589b2735c4c9
|
|
4
|
+
data.tar.gz: 8445eedb9d9a56e0f4596fefb6a582928016b027
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 9f843e4b00ddbd7f6cbb4c22bc7fe321fd65bbbdd3369ff95d8335cdf390de37796e9e0801cdc043700f981463544433aa751930e0f5c40992f4c45163f66b08
|
|
7
|
+
data.tar.gz: d3fc3a1b15b71885c379292d2d2a386d75cf6ddbc0fbffce98fda1f0a9fa7e8238cbe6ed81ea8bb20bebb394d5a003d99a466e5440d926f97a5c520235d29ca6
|
data/bin/cfn_nag
CHANGED
|
@@ -14,6 +14,7 @@ opts = Trollop::options do
|
|
|
14
14
|
opt :print_suppression, 'Emit suppressions to stderr', type: :boolean, required: false, default: false
|
|
15
15
|
opt :rule_directory, 'Extra rule directory', type: :io, required: false, default: nil
|
|
16
16
|
opt :profile_path, 'Path to a profile file', type: :io, required: false, default: nil
|
|
17
|
+
opt :isolate_custom_rule_exceptions, 'Isolate custom rule exceptions - just emit the exception without stack trace and keep chugging', type: :boolean, required: false, default: false
|
|
17
18
|
end
|
|
18
19
|
|
|
19
20
|
CfnNag::configure_logging(opts)
|
|
@@ -26,7 +27,8 @@ end
|
|
|
26
27
|
cfn_nag = CfnNag.new(profile_definition: profile_definition,
|
|
27
28
|
rule_directory: opts[:rule_directory],
|
|
28
29
|
allow_suppression: opts[:allow_suppression],
|
|
29
|
-
print_suppression: opts[:print_suppression]
|
|
30
|
+
print_suppression: opts[:print_suppression],
|
|
31
|
+
isolate_custom_rule_exceptions: opts[:isolate_custom_rule_exceptions])
|
|
30
32
|
|
|
31
33
|
# trollop appears to pop args off of ARGV
|
|
32
34
|
# ARGF concatenates which we don't want
|
data/bin/cfn_nag_scan
CHANGED
|
@@ -15,6 +15,7 @@ opts = Trollop::options do
|
|
|
15
15
|
opt :profile_path, 'Path to a profile file', type: :io, required: false, default: nil
|
|
16
16
|
opt :allow_suppression, 'Allow using Metadata to suppress violations', type: :boolean, required: false, default: true
|
|
17
17
|
opt :print_suppression, 'Emit suppressions to stderr', type: :boolean, required: false, default: false
|
|
18
|
+
opt :isolate_custom_rule_exceptions, 'Isolate custom rule exceptions - just emit the exception without stack trace and keep chugging', type: :boolean, required: false, default: false
|
|
18
19
|
end
|
|
19
20
|
|
|
20
21
|
Trollop::die(:output_format,
|
|
@@ -30,7 +31,8 @@ end
|
|
|
30
31
|
cfn_nag = CfnNag.new(profile_definition: profile_definition,
|
|
31
32
|
rule_directory: opts[:rule_directory],
|
|
32
33
|
allow_suppression: opts[:allow_suppression],
|
|
33
|
-
print_suppression: opts[:print_suppression]
|
|
34
|
+
print_suppression: opts[:print_suppression],
|
|
35
|
+
isolate_custom_rule_exceptions: opts[:isolate_custom_rule_exceptions])
|
|
34
36
|
|
|
35
37
|
exit cfn_nag.audit_aggregate_across_files_and_render_results(input_path: opts[:input_path],
|
|
36
38
|
output_format: opts[:output_format])
|
data/lib/cfn-nag/cfn_nag.rb
CHANGED
|
@@ -11,11 +11,13 @@ class CfnNag
|
|
|
11
11
|
def initialize(profile_definition: nil,
|
|
12
12
|
rule_directory: nil,
|
|
13
13
|
allow_suppression: true,
|
|
14
|
-
print_suppression: false
|
|
14
|
+
print_suppression: false,
|
|
15
|
+
isolate_custom_rule_exceptions: false)
|
|
15
16
|
@rule_directory = rule_directory
|
|
16
17
|
@custom_rule_loader = CustomRuleLoader.new(rule_directory: rule_directory,
|
|
17
18
|
allow_suppression: allow_suppression,
|
|
18
|
-
print_suppression: print_suppression
|
|
19
|
+
print_suppression: print_suppression,
|
|
20
|
+
isolate_custom_rule_exceptions: isolate_custom_rule_exceptions)
|
|
19
21
|
@profile_definition = profile_definition
|
|
20
22
|
end
|
|
21
23
|
|
|
@@ -11,10 +11,12 @@ require 'cfn-nag/jmes_path_discovery'
|
|
|
11
11
|
class CustomRuleLoader
|
|
12
12
|
def initialize(rule_directory: nil,
|
|
13
13
|
allow_suppression: true,
|
|
14
|
-
print_suppression: false
|
|
14
|
+
print_suppression: false,
|
|
15
|
+
isolate_custom_rule_exceptions: false)
|
|
15
16
|
@rule_directory = rule_directory
|
|
16
17
|
@allow_suppression = allow_suppression
|
|
17
18
|
@print_suppression = print_suppression
|
|
19
|
+
@isolate_custom_rule_exceptions = isolate_custom_rule_exceptions
|
|
18
20
|
validate_extra_rule_directory rule_directory
|
|
19
21
|
end
|
|
20
22
|
|
|
@@ -47,11 +49,19 @@ class CustomRuleLoader
|
|
|
47
49
|
validate_cfn_nag_metadata(cfn_model)
|
|
48
50
|
|
|
49
51
|
discover_rule_classes(@rule_directory).each do |rule_class|
|
|
50
|
-
|
|
51
|
-
|
|
52
|
-
|
|
53
|
-
|
|
54
|
-
|
|
52
|
+
begin
|
|
53
|
+
filtered_cfn_model = cfn_model_with_suppressed_resources_removed cfn_model: cfn_model,
|
|
54
|
+
rule_id: rule_class.new.rule_id,
|
|
55
|
+
allow_suppression: @allow_suppression
|
|
56
|
+
audit_result = rule_class.new.audit(filtered_cfn_model)
|
|
57
|
+
violations << audit_result unless audit_result.nil?
|
|
58
|
+
rescue Exception => exception
|
|
59
|
+
if @isolate_custom_rule_exceptions
|
|
60
|
+
STDERR.puts exception
|
|
61
|
+
else
|
|
62
|
+
raise exception
|
|
63
|
+
end
|
|
64
|
+
end
|
|
55
65
|
end
|
|
56
66
|
|
|
57
67
|
discover_jmespath_filenames(@rule_directory).each do |jmespath_file|
|