cfn-nag 0.3.21 → 0.3.22
Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 268084f6ab092c47a31679530e79f8f45edcf18f
|
4
|
+
data.tar.gz: 38d0c66ec02ff5c990a5dddeda13ab7a87af9bb0
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: f24b0b3a8bd1b8b0f6116ddf5cdb1764ec5655f81111ff76858bd0fe2512e32f68221ab651f6e4082d0daf15940f297bac8f47f1f615cdd6719175d55e8543e5
|
7
|
+
data.tar.gz: 71716b9f5be85c99a8c24e50006ccc115e278da43c246709258ce646bfc06eb616ae64e17e9a6d59aa8ff7aed322b782501084e73dce6773881bb597a1a0cc8f
|
@@ -0,0 +1,25 @@
|
|
1
|
+
require 'cfn-nag/violation'
|
2
|
+
require_relative 'base'
|
3
|
+
|
4
|
+
class RDSInstancePubliclyAccessibleRule < BaseRule
|
5
|
+
|
6
|
+
def rule_text
|
7
|
+
'RDS instance should not be publicly accessible'
|
8
|
+
end
|
9
|
+
|
10
|
+
def rule_type
|
11
|
+
Violation::FAILING_VIOLATION
|
12
|
+
end
|
13
|
+
|
14
|
+
def rule_id
|
15
|
+
'F22'
|
16
|
+
end
|
17
|
+
|
18
|
+
def audit_impl(cfn_model)
|
19
|
+
violating_rdsinstances = cfn_model.resources_by_type('AWS::RDS::DBInstance').select do |instance|
|
20
|
+
instance.publiclyAccessible.nil? || instance.publiclyAccessible.to_s.downcase == 'true'
|
21
|
+
end
|
22
|
+
|
23
|
+
violating_rdsinstances.map { |instance| instance.logical_resource_id }
|
24
|
+
end
|
25
|
+
end
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: cfn-nag
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.3.
|
4
|
+
version: 0.3.22
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Eric Kascic
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2018-03-
|
11
|
+
date: 2018-03-15 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: logging
|
@@ -118,6 +118,7 @@ files:
|
|
118
118
|
- lib/cfn-nag/custom_rules/LambdaPermissionWildcardPrincipalRule.rb
|
119
119
|
- lib/cfn-nag/custom_rules/ManagedPolicyOnUserRule.rb
|
120
120
|
- lib/cfn-nag/custom_rules/PolicyOnUserRule.rb
|
121
|
+
- lib/cfn-nag/custom_rules/RDSInstancePubliclyAccessibleRule.rb
|
121
122
|
- lib/cfn-nag/custom_rules/S3BucketPolicyNotActionRule.rb
|
122
123
|
- lib/cfn-nag/custom_rules/S3BucketPolicyNotPrincipalRule.rb
|
123
124
|
- lib/cfn-nag/custom_rules/S3BucketPolicyWildcardActionRule.rb
|