cfn-nag 0.3.14 → 0.3.15
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/bin/cfn_nag +3 -1
- data/bin/cfn_nag_scan +3 -1
- data/lib/cfn-nag/cfn_nag.rb +4 -2
- data/lib/cfn-nag/custom_rule_loader.rb +16 -6
- metadata +1 -1
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: ff5457edeb9be4b34c5180117924589b2735c4c9
|
|
4
|
+
data.tar.gz: 8445eedb9d9a56e0f4596fefb6a582928016b027
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 9f843e4b00ddbd7f6cbb4c22bc7fe321fd65bbbdd3369ff95d8335cdf390de37796e9e0801cdc043700f981463544433aa751930e0f5c40992f4c45163f66b08
|
|
7
|
+
data.tar.gz: d3fc3a1b15b71885c379292d2d2a386d75cf6ddbc0fbffce98fda1f0a9fa7e8238cbe6ed81ea8bb20bebb394d5a003d99a466e5440d926f97a5c520235d29ca6
|
data/bin/cfn_nag
CHANGED
|
@@ -14,6 +14,7 @@ opts = Trollop::options do
|
|
|
14
14
|
opt :print_suppression, 'Emit suppressions to stderr', type: :boolean, required: false, default: false
|
|
15
15
|
opt :rule_directory, 'Extra rule directory', type: :io, required: false, default: nil
|
|
16
16
|
opt :profile_path, 'Path to a profile file', type: :io, required: false, default: nil
|
|
17
|
+
opt :isolate_custom_rule_exceptions, 'Isolate custom rule exceptions - just emit the exception without stack trace and keep chugging', type: :boolean, required: false, default: false
|
|
17
18
|
end
|
|
18
19
|
|
|
19
20
|
CfnNag::configure_logging(opts)
|
|
@@ -26,7 +27,8 @@ end
|
|
|
26
27
|
cfn_nag = CfnNag.new(profile_definition: profile_definition,
|
|
27
28
|
rule_directory: opts[:rule_directory],
|
|
28
29
|
allow_suppression: opts[:allow_suppression],
|
|
29
|
-
print_suppression: opts[:print_suppression]
|
|
30
|
+
print_suppression: opts[:print_suppression],
|
|
31
|
+
isolate_custom_rule_exceptions: opts[:isolate_custom_rule_exceptions])
|
|
30
32
|
|
|
31
33
|
# trollop appears to pop args off of ARGV
|
|
32
34
|
# ARGF concatenates which we don't want
|
data/bin/cfn_nag_scan
CHANGED
|
@@ -15,6 +15,7 @@ opts = Trollop::options do
|
|
|
15
15
|
opt :profile_path, 'Path to a profile file', type: :io, required: false, default: nil
|
|
16
16
|
opt :allow_suppression, 'Allow using Metadata to suppress violations', type: :boolean, required: false, default: true
|
|
17
17
|
opt :print_suppression, 'Emit suppressions to stderr', type: :boolean, required: false, default: false
|
|
18
|
+
opt :isolate_custom_rule_exceptions, 'Isolate custom rule exceptions - just emit the exception without stack trace and keep chugging', type: :boolean, required: false, default: false
|
|
18
19
|
end
|
|
19
20
|
|
|
20
21
|
Trollop::die(:output_format,
|
|
@@ -30,7 +31,8 @@ end
|
|
|
30
31
|
cfn_nag = CfnNag.new(profile_definition: profile_definition,
|
|
31
32
|
rule_directory: opts[:rule_directory],
|
|
32
33
|
allow_suppression: opts[:allow_suppression],
|
|
33
|
-
print_suppression: opts[:print_suppression]
|
|
34
|
+
print_suppression: opts[:print_suppression],
|
|
35
|
+
isolate_custom_rule_exceptions: opts[:isolate_custom_rule_exceptions])
|
|
34
36
|
|
|
35
37
|
exit cfn_nag.audit_aggregate_across_files_and_render_results(input_path: opts[:input_path],
|
|
36
38
|
output_format: opts[:output_format])
|
data/lib/cfn-nag/cfn_nag.rb
CHANGED
|
@@ -11,11 +11,13 @@ class CfnNag
|
|
|
11
11
|
def initialize(profile_definition: nil,
|
|
12
12
|
rule_directory: nil,
|
|
13
13
|
allow_suppression: true,
|
|
14
|
-
print_suppression: false
|
|
14
|
+
print_suppression: false,
|
|
15
|
+
isolate_custom_rule_exceptions: false)
|
|
15
16
|
@rule_directory = rule_directory
|
|
16
17
|
@custom_rule_loader = CustomRuleLoader.new(rule_directory: rule_directory,
|
|
17
18
|
allow_suppression: allow_suppression,
|
|
18
|
-
print_suppression: print_suppression
|
|
19
|
+
print_suppression: print_suppression,
|
|
20
|
+
isolate_custom_rule_exceptions: isolate_custom_rule_exceptions)
|
|
19
21
|
@profile_definition = profile_definition
|
|
20
22
|
end
|
|
21
23
|
|
|
@@ -11,10 +11,12 @@ require 'cfn-nag/jmes_path_discovery'
|
|
|
11
11
|
class CustomRuleLoader
|
|
12
12
|
def initialize(rule_directory: nil,
|
|
13
13
|
allow_suppression: true,
|
|
14
|
-
print_suppression: false
|
|
14
|
+
print_suppression: false,
|
|
15
|
+
isolate_custom_rule_exceptions: false)
|
|
15
16
|
@rule_directory = rule_directory
|
|
16
17
|
@allow_suppression = allow_suppression
|
|
17
18
|
@print_suppression = print_suppression
|
|
19
|
+
@isolate_custom_rule_exceptions = isolate_custom_rule_exceptions
|
|
18
20
|
validate_extra_rule_directory rule_directory
|
|
19
21
|
end
|
|
20
22
|
|
|
@@ -47,11 +49,19 @@ class CustomRuleLoader
|
|
|
47
49
|
validate_cfn_nag_metadata(cfn_model)
|
|
48
50
|
|
|
49
51
|
discover_rule_classes(@rule_directory).each do |rule_class|
|
|
50
|
-
|
|
51
|
-
|
|
52
|
-
|
|
53
|
-
|
|
54
|
-
|
|
52
|
+
begin
|
|
53
|
+
filtered_cfn_model = cfn_model_with_suppressed_resources_removed cfn_model: cfn_model,
|
|
54
|
+
rule_id: rule_class.new.rule_id,
|
|
55
|
+
allow_suppression: @allow_suppression
|
|
56
|
+
audit_result = rule_class.new.audit(filtered_cfn_model)
|
|
57
|
+
violations << audit_result unless audit_result.nil?
|
|
58
|
+
rescue Exception => exception
|
|
59
|
+
if @isolate_custom_rule_exceptions
|
|
60
|
+
STDERR.puts exception
|
|
61
|
+
else
|
|
62
|
+
raise exception
|
|
63
|
+
end
|
|
64
|
+
end
|
|
55
65
|
end
|
|
56
66
|
|
|
57
67
|
discover_jmespath_filenames(@rule_directory).each do |jmespath_file|
|