cfn-nag 0.3.21 → 0.3.22

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (3) hide show
  1. checksums.yaml +4 -4
  2. data/lib/cfn-nag/custom_rules/RDSInstancePubliclyAccessibleRule.rb +25 -0
  3. metadata +3 -2
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: dab55137292df3b6df4aa559a45dc21f7b97c712
4
- data.tar.gz: 07f511a914eac437a1da3a3d4784d2b8c699d260
3
+ metadata.gz: 268084f6ab092c47a31679530e79f8f45edcf18f
4
+ data.tar.gz: 38d0c66ec02ff5c990a5dddeda13ab7a87af9bb0
5
5
  SHA512:
6
- metadata.gz: e61a51f6ccf1eb8d5f0c7b0c2389ed87c0f03c6c5aaa5e2faa58276fb331a63489ba9b70b40f35440a090d596692c135f09bbfe5874269d03f64dbc2e97d0bba
7
- data.tar.gz: eb3dd79fff7481342bc1f04d39808b2be139f7b0ab93eaeab90da5a8f40071dc527168adeaff0850eaefac0bd6fe470be3db7e16393bb3133207abe5047f14f9
6
+ metadata.gz: f24b0b3a8bd1b8b0f6116ddf5cdb1764ec5655f81111ff76858bd0fe2512e32f68221ab651f6e4082d0daf15940f297bac8f47f1f615cdd6719175d55e8543e5
7
+ data.tar.gz: 71716b9f5be85c99a8c24e50006ccc115e278da43c246709258ce646bfc06eb616ae64e17e9a6d59aa8ff7aed322b782501084e73dce6773881bb597a1a0cc8f
data/lib/cfn-nag/custom_rules/RDSInstancePubliclyAccessibleRule.rb ADDED
@@ -0,0 +1,25 @@
1
+ require 'cfn-nag/violation'
2
+ require_relative 'base'
3
+
4
+ class RDSInstancePubliclyAccessibleRule < BaseRule
5
+
6
+ def rule_text
7
+ 'RDS instance should not be publicly accessible'
8
+ end
9
+
10
+ def rule_type
11
+ Violation::FAILING_VIOLATION
12
+ end
13
+
14
+ def rule_id
15
+ 'F22'
16
+ end
17
+
18
+ def audit_impl(cfn_model)
19
+ violating_rdsinstances = cfn_model.resources_by_type('AWS::RDS::DBInstance').select do |instance|
20
+ instance.publiclyAccessible.nil? || instance.publiclyAccessible.to_s.downcase == 'true'
21
+ end
22
+
23
+ violating_rdsinstances.map { |instance| instance.logical_resource_id }
24
+ end
25
+ end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: cfn-nag
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.3.21
4
+ version: 0.3.22
5
5
  platform: ruby
6
6
  authors:
7
7
  - Eric Kascic
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2018-03-14 00:00:00.000000000 Z
11
+ date: 2018-03-15 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: logging
@@ -118,6 +118,7 @@ files:
118
118
  - lib/cfn-nag/custom_rules/LambdaPermissionWildcardPrincipalRule.rb
119
119
  - lib/cfn-nag/custom_rules/ManagedPolicyOnUserRule.rb
120
120
  - lib/cfn-nag/custom_rules/PolicyOnUserRule.rb
121
+ - lib/cfn-nag/custom_rules/RDSInstancePubliclyAccessibleRule.rb
121
122
  - lib/cfn-nag/custom_rules/S3BucketPolicyNotActionRule.rb
122
123
  - lib/cfn-nag/custom_rules/S3BucketPolicyNotPrincipalRule.rb
123
124
  - lib/cfn-nag/custom_rules/S3BucketPolicyWildcardActionRule.rb