cfn-nag 0.3.21 → 0.3.22

Sign up to get free protection for your applications and to get access to all the features.
Files changed (3) hide show
  1. checksums.yaml +4 -4
  2. data/lib/cfn-nag/custom_rules/RDSInstancePubliclyAccessibleRule.rb +25 -0
  3. metadata +3 -2
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: dab55137292df3b6df4aa559a45dc21f7b97c712
4
- data.tar.gz: 07f511a914eac437a1da3a3d4784d2b8c699d260
3
+ metadata.gz: 268084f6ab092c47a31679530e79f8f45edcf18f
4
+ data.tar.gz: 38d0c66ec02ff5c990a5dddeda13ab7a87af9bb0
5
5
  SHA512:
6
- metadata.gz: e61a51f6ccf1eb8d5f0c7b0c2389ed87c0f03c6c5aaa5e2faa58276fb331a63489ba9b70b40f35440a090d596692c135f09bbfe5874269d03f64dbc2e97d0bba
7
- data.tar.gz: eb3dd79fff7481342bc1f04d39808b2be139f7b0ab93eaeab90da5a8f40071dc527168adeaff0850eaefac0bd6fe470be3db7e16393bb3133207abe5047f14f9
6
+ metadata.gz: f24b0b3a8bd1b8b0f6116ddf5cdb1764ec5655f81111ff76858bd0fe2512e32f68221ab651f6e4082d0daf15940f297bac8f47f1f615cdd6719175d55e8543e5
7
+ data.tar.gz: 71716b9f5be85c99a8c24e50006ccc115e278da43c246709258ce646bfc06eb616ae64e17e9a6d59aa8ff7aed322b782501084e73dce6773881bb597a1a0cc8f
data/lib/cfn-nag/custom_rules/RDSInstancePubliclyAccessibleRule.rb ADDED
@@ -0,0 +1,25 @@
1
+ require 'cfn-nag/violation'
2
+ require_relative 'base'
3
+
4
+ class RDSInstancePubliclyAccessibleRule < BaseRule
5
+
6
+ def rule_text
7
+ 'RDS instance should not be publicly accessible'
8
+ end
9
+
10
+ def rule_type
11
+ Violation::FAILING_VIOLATION
12
+ end
13
+
14
+ def rule_id
15
+ 'F22'
16
+ end
17
+
18
+ def audit_impl(cfn_model)
19
+ violating_rdsinstances = cfn_model.resources_by_type('AWS::RDS::DBInstance').select do |instance|
20
+ instance.publiclyAccessible.nil? || instance.publiclyAccessible.to_s.downcase == 'true'
21
+ end
22
+
23
+ violating_rdsinstances.map { |instance| instance.logical_resource_id }
24
+ end
25
+ end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: cfn-nag
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.3.21
4
+ version: 0.3.22
5
5
  platform: ruby
6
6
  authors:
7
7
  - Eric Kascic
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2018-03-14 00:00:00.000000000 Z
11
+ date: 2018-03-15 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: logging
@@ -118,6 +118,7 @@ files:
118
118
  - lib/cfn-nag/custom_rules/LambdaPermissionWildcardPrincipalRule.rb
119
119
  - lib/cfn-nag/custom_rules/ManagedPolicyOnUserRule.rb
120
120
  - lib/cfn-nag/custom_rules/PolicyOnUserRule.rb
121
+ - lib/cfn-nag/custom_rules/RDSInstancePubliclyAccessibleRule.rb
121
122
  - lib/cfn-nag/custom_rules/S3BucketPolicyNotActionRule.rb
122
123
  - lib/cfn-nag/custom_rules/S3BucketPolicyNotPrincipalRule.rb
123
124
  - lib/cfn-nag/custom_rules/S3BucketPolicyWildcardActionRule.rb