RubyGems - cfn-nag - Versions diffs - 0.3.42 → 0.3.43 - Mend

cfn-nag 0.3.42 → 0.3.43

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (48) hide show

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 5e08294c96cc7f50e91056c95a4526f65f0411374c39cdaea005151d79edc827
-  data.tar.gz: d9131731e68fa304ac58ef12bb7c8503bc7286709095c47341ae67d65caf30de
+  metadata.gz: 431c10516146893563f42ae5a75a3fdb9019b03ae6feb03dcd16e5cb804a4b99
+  data.tar.gz: c0f24c8a080c368ea450344b3f981797d72b3c696ab8b1fd66c99060dfb822ef
 SHA512:
-  metadata.gz: 30fe4795e72a5c982e0a9aebd6ff2277d1fe4614f9b31d62dfaa3ef20d241a72162162238582ef40cb72a6a9b69b69e589b437ee88ec940b51edbf4fc077760c
-  data.tar.gz: 4d763411132face705b1a3a872319d56e671f5ca79a6661f4b86c5e0277bae656292c294ae3bf1a25afbf1670b7aa5e65183294628f020c0f97409581818b142
+  metadata.gz: 615aa2c6fae2c0b3b1b951812fb68953cf2c7700926314c5f8babc03286b0bf1d8b7e209cf925b481f475b19ba30f46a4ef2d4315762de7bab091f2fbf3d486f
+  data.tar.gz: 41002ed03b0a00deb1a1d40bceb8fa02ce5d25fd723d9c90c356a64060ccdb4a02583c74681afbe3c580363ca311b3de37d0b94c9f03cd11520cd4696c5011d7

data/lib/cfn-nag/cfn_nag.rb CHANGED Viewed

@@ -114,7 +114,7 @@ class CfnNag
     end
     violations.reject do |violation|
-      not profile.nil? and not profile.execute_rule?(violation.id)
+      !profile.nil? && !profile.execute_rule?(violation.id)
     end
   end

data/lib/cfn-nag/custom_rule_loader.rb CHANGED Viewed

@@ -81,8 +81,6 @@ class CustomRuleLoader
        resource.metadata['cfn_nag']['rules_to_suppress']
       resource.metadata['cfn_nag']['rules_to_suppress']
-    else
-      nil
     end
   end

data/lib/cfn-nag/custom_rules/EbsVolumeHasSseRule.rb CHANGED Viewed

@@ -17,7 +17,7 @@ class EbsVolumeHasSseRule < BaseRule
   def audit_impl(cfn_model)
     violating_volumes = \
       cfn_model.resources_by_type('AWS::EC2::Volume').select do |volume|
-        volume.encrypted.nil? || volume.encrypted.to_s.downcase == 'false'
+        volume.encrypted.nil? || volume.encrypted.to_s.casecmp('false').zero?
       end
     violating_volumes.map(&:logical_resource_id)

data/lib/cfn-nag/custom_rules/IamManagedPolicyNotActionRule.rb CHANGED Viewed

@@ -17,8 +17,8 @@ class IamManagedPolicyNotActionRule < BaseRule
   def audit_impl(cfn_model)
     violating_policies = \
       cfn_model.resources_by_type('AWS::IAM::ManagedPolicy')
-               .select do |policy|
-        !policy.policy_document.allows_not_action.empty?
+               .reject do |policy|
+        policy.policy_document.allows_not_action.empty?
       end
     violating_policies.map(&:logical_resource_id)

data/lib/cfn-nag/custom_rules/IamManagedPolicyNotResourceRule.rb CHANGED Viewed

@@ -17,8 +17,8 @@ class IamManagedPolicyNotResourceRule < BaseRule
   def audit_impl(cfn_model)
     violating_policies = \
       cfn_model.resources_by_type('AWS::IAM::ManagedPolicy')
-               .select do |policy|
-        !policy.policy_document.allows_not_resource.empty?
+               .reject do |policy|
+        policy.policy_document.allows_not_resource.empty?
       end
     violating_policies.map(&:logical_resource_id)

data/lib/cfn-nag/custom_rules/IamManagedPolicyWildcardActionRule.rb CHANGED Viewed

@@ -17,8 +17,8 @@ class IamManagedPolicyWildcardActionRule < BaseRule
   def audit_impl(cfn_model)
     violating_policies = \
       cfn_model.resources_by_type('AWS::IAM::ManagedPolicy')
-               .select do |policy|
-        !policy.policy_document.wildcard_allowed_actions.empty?
+               .reject do |policy|
+        policy.policy_document.wildcard_allowed_actions.empty?
       end
     violating_policies.map(&:logical_resource_id)

data/lib/cfn-nag/custom_rules/IamManagedPolicyWildcardResourceRule.rb CHANGED Viewed

@@ -17,8 +17,8 @@ class IamManagedPolicyWildcardResourceRule < BaseRule
   def audit_impl(cfn_model)
     violating_policies = \
       cfn_model.resources_by_type('AWS::IAM::ManagedPolicy')
-               .select do |policy|
-        !policy.policy_document.wildcard_allowed_resources.empty?
+               .reject do |policy|
+        policy.policy_document.wildcard_allowed_resources.empty?
       end
     violating_policies.map(&:logical_resource_id)

data/lib/cfn-nag/custom_rules/IamPolicyNotActionRule.rb CHANGED Viewed

@@ -17,8 +17,8 @@ class IamPolicyNotActionRule < BaseRule
   def audit_impl(cfn_model)
     violating_policies = \
       cfn_model.resources_by_type('AWS::IAM::Policy')
-               .select do |policy|
-        !policy.policy_document.allows_not_action.empty?
+               .reject do |policy|
+        policy.policy_document.allows_not_action.empty?
       end
     violating_policies.map(&:logical_resource_id)

data/lib/cfn-nag/custom_rules/IamPolicyNotResourceRule.rb CHANGED Viewed

@@ -17,8 +17,8 @@ class IamPolicyNotResourceRule < BaseRule
   def audit_impl(cfn_model)
     violating_policies = \
       cfn_model.resources_by_type('AWS::IAM::Policy')
-               .select do |policy|
-        !policy.policy_document.allows_not_resource.empty?
+               .reject do |policy|
+        policy.policy_document.allows_not_resource.empty?
       end
     violating_policies.map(&:logical_resource_id)

data/lib/cfn-nag/custom_rules/IamPolicyWildcardActionRule.rb CHANGED Viewed

@@ -15,8 +15,8 @@ class IamPolicyWildcardActionRule < BaseRule
   end
   def audit_impl(cfn_model)
-    violating_policies = cfn_model.resources_by_type('AWS::IAM::Policy').select do |policy|
-      !policy.policy_document.wildcard_allowed_actions.empty?
+    violating_policies = cfn_model.resources_by_type('AWS::IAM::Policy').reject do |policy|
+      policy.policy_document.wildcard_allowed_actions.empty?
     end
     violating_policies.map(&:logical_resource_id)

data/lib/cfn-nag/custom_rules/IamPolicyWildcardResourceRule.rb CHANGED Viewed

@@ -15,8 +15,8 @@ class IamPolicyWildcardResourceRule < BaseRule
   end
   def audit_impl(cfn_model)
-    violating_policies = cfn_model.resources_by_type('AWS::IAM::Policy').select do |policy|
-      !policy.policy_document.wildcard_allowed_resources.empty?
+    violating_policies = cfn_model.resources_by_type('AWS::IAM::Policy').reject do |policy|
+      policy.policy_document.wildcard_allowed_resources.empty?
     end
     violating_policies.map(&:logical_resource_id)

data/lib/cfn-nag/custom_rules/IamRoleNotActionOnPermissionsPolicyRule.rb CHANGED Viewed

@@ -15,11 +15,11 @@ class IamRoleNotActionOnPermissionsPolicyRule < BaseRule
   end
   def audit_impl(cfn_model)
-    violating_roles = cfn_model.resources_by_type('AWS::IAM::Role').select do |role|
-      violating_policies = role.policy_objects.select do |policy|
-        !policy.policy_document.allows_not_action.empty?
+    violating_roles = cfn_model.resources_by_type('AWS::IAM::Role').reject do |role|
+      violating_policies = role.policy_objects.reject do |policy|
+        policy.policy_document.allows_not_action.empty?
       end
-      !violating_policies.empty?
+      violating_policies.empty?
     end
     violating_roles.map(&:logical_resource_id)

data/lib/cfn-nag/custom_rules/IamRoleNotActionOnTrustPolicyRule.rb CHANGED Viewed

@@ -15,8 +15,8 @@ class IamRoleNotActionOnTrustPolicyRule < BaseRule
   end
   def audit_impl(cfn_model)
-    violating_roles = cfn_model.resources_by_type('AWS::IAM::Role').select do |role|
-      !role.assume_role_policy_document.allows_not_action.empty?
+    violating_roles = cfn_model.resources_by_type('AWS::IAM::Role').reject do |role|
+      role.assume_role_policy_document.allows_not_action.empty?
     end
     violating_roles.map(&:logical_resource_id)

data/lib/cfn-nag/custom_rules/IamRoleNotPrincipalOnTrustPolicyRule.rb CHANGED Viewed

@@ -15,8 +15,8 @@ class IamRoleNotPrincipalOnTrustPolicyRule < BaseRule
   end
   def audit_impl(cfn_model)
-    violating_roles = cfn_model.resources_by_type('AWS::IAM::Role').select do |role|
-      !role.assume_role_policy_document.allows_not_principal.empty?
+    violating_roles = cfn_model.resources_by_type('AWS::IAM::Role').reject do |role|
+      role.assume_role_policy_document.allows_not_principal.empty?
     end
     violating_roles.map(&:logical_resource_id)

data/lib/cfn-nag/custom_rules/IamRoleNotResourceOnPermissionsPolicyRule.rb CHANGED Viewed

@@ -15,11 +15,11 @@ class IamRoleNotResourceOnPermissionsPolicyRule < BaseRule
   end
   def audit_impl(cfn_model)
-    violating_roles = cfn_model.resources_by_type('AWS::IAM::Role').select do |role|
-      violating_policies = role.policy_objects.select do |policy|
-        !policy.policy_document.allows_not_resource.empty?
+    violating_roles = cfn_model.resources_by_type('AWS::IAM::Role').reject do |role|
+      violating_policies = role.policy_objects.reject do |policy|
+        policy.policy_document.allows_not_resource.empty?
       end
-      !violating_policies.empty?
+      violating_policies.empty?
     end
     violating_roles.map(&:logical_resource_id)

data/lib/cfn-nag/custom_rules/IamRoleWildcardActionOnPermissionsPolicyRule.rb CHANGED Viewed

@@ -15,11 +15,11 @@ class IamRoleWildcardActionOnPermissionsPolicyRule < BaseRule
   end
   def audit_impl(cfn_model)
-    violating_roles = cfn_model.resources_by_type('AWS::IAM::Role').select do |role|
-      violating_policies = role.policy_objects.select do |policy|
-        !policy.policy_document.wildcard_allowed_actions.empty?
+    violating_roles = cfn_model.resources_by_type('AWS::IAM::Role').reject do |role|
+      violating_policies = role.policy_objects.reject do |policy|
+        policy.policy_document.wildcard_allowed_actions.empty?
       end
-      !violating_policies.empty?
+      violating_policies.empty?
     end
     violating_roles.map(&:logical_resource_id)

data/lib/cfn-nag/custom_rules/IamRoleWildcardActionOnTrustPolicyRule.rb CHANGED Viewed

@@ -15,8 +15,8 @@ class IamRoleWildcardActionOnTrustPolicyRule < BaseRule
   end
   def audit_impl(cfn_model)
-    violating_roles = cfn_model.resources_by_type('AWS::IAM::Role').select do |role|
-      !role.assume_role_policy_document.wildcard_allowed_actions.empty?
+    violating_roles = cfn_model.resources_by_type('AWS::IAM::Role').reject do |role|
+      role.assume_role_policy_document.wildcard_allowed_actions.empty?
     end
     violating_roles.map(&:logical_resource_id)

data/lib/cfn-nag/custom_rules/IamRoleWildcardResourceOnPermissionsPolicyRule.rb CHANGED Viewed

@@ -15,11 +15,11 @@ class IamRoleWildcardResourceOnPermissionsPolicyRule < BaseRule
   end
   def audit_impl(cfn_model)
-    violating_roles = cfn_model.resources_by_type('AWS::IAM::Role').select do |role|
-      violating_policies = role.policy_objects.select do |policy|
-        !policy.policy_document.wildcard_allowed_resources.empty?
+    violating_roles = cfn_model.resources_by_type('AWS::IAM::Role').reject do |role|
+      violating_policies = role.policy_objects.reject do |policy|
+        policy.policy_document.wildcard_allowed_resources.empty?
       end
-      !violating_policies.empty?
+      violating_policies.empty?
     end
     violating_roles.map(&:logical_resource_id)

data/lib/cfn-nag/custom_rules/LambdaPermissionInvokeFunctionActionRule.rb CHANGED Viewed

@@ -15,8 +15,8 @@ class LambdaPermissionInvokeFunctionActionRule < BaseRule
   end
   def audit_impl(cfn_model)
-    violating_lambdas = cfn_model.resources_by_type('AWS::Lambda::Permission').select do |lambda_permission|
-      lambda_permission.action != 'lambda:InvokeFunction'
+    violating_lambdas = cfn_model.resources_by_type('AWS::Lambda::Permission').reject do |lambda_permission|
+      lambda_permission.action == 'lambda:InvokeFunction'
     end
     violating_lambdas.map(&:logical_resource_id)

data/lib/cfn-nag/custom_rules/ManagedPolicyOnUserRule.rb CHANGED Viewed

@@ -15,8 +15,8 @@ class ManagedPolicyOnUserRule < BaseRule
   end
   def audit_impl(cfn_model)
-    violating_policies = cfn_model.resources_by_type('AWS::IAM::ManagedPolicy').select do |policy|
-      policy.users.size > 0
+    violating_policies = cfn_model.resources_by_type('AWS::IAM::ManagedPolicy').reject do |policy|
+      policy.users.empty?
     end
     violating_policies.map(&:logical_resource_id)

data/lib/cfn-nag/custom_rules/PolicyOnUserRule.rb CHANGED Viewed

@@ -15,8 +15,8 @@ class PolicyOnUserRule < BaseRule
   end
   def audit_impl(cfn_model)
-    violating_policies = cfn_model.resources_by_type('AWS::IAM::Policy').select do |policy|
-      policy.users.size > 0
+    violating_policies = cfn_model.resources_by_type('AWS::IAM::Policy').reject do |policy|
+      policy.users.empty?
     end
     violating_policies.map(&:logical_resource_id)

data/lib/cfn-nag/custom_rules/RDSInstanceMasterUserPasswordRule.rb CHANGED Viewed

@@ -32,11 +32,7 @@ class RDSInstanceMasterUserPasswordRule < BaseRule
   private
   def to_boolean(string)
-    if string.to_s.downcase == 'true'
-      true
-    else
-      false
-    end
+    string.to_s.casecmp('true').zero?
   end
   def references_no_echo_parameter_without_default?(cfn_model, master_user_password)

data/lib/cfn-nag/custom_rules/RDSInstancePubliclyAccessibleRule.rb CHANGED Viewed

@@ -16,7 +16,7 @@ class RDSInstancePubliclyAccessibleRule < BaseRule
   def audit_impl(cfn_model)
     violating_rdsinstances = cfn_model.resources_by_type('AWS::RDS::DBInstance').select do |instance|
-      instance.publiclyAccessible.nil? || instance.publiclyAccessible.to_s.downcase == 'true'
+      instance.publiclyAccessible.nil? || instance.publiclyAccessible.to_s.casecmp('true').zero?
     end
     violating_rdsinstances.map(&:logical_resource_id)

data/lib/cfn-nag/custom_rules/S3BucketPolicyNotActionRule.rb CHANGED Viewed

@@ -15,8 +15,8 @@ class S3BucketPolicyNotActionRule < BaseRule
   end
   def audit_impl(cfn_model)
-    violating_policies = cfn_model.resources_by_type('AWS::S3::BucketPolicy').select do |policy|
-      !policy.policy_document.allows_not_action.empty?
+    violating_policies = cfn_model.resources_by_type('AWS::S3::BucketPolicy').reject do |policy|
+      policy.policy_document.allows_not_action.empty?
     end
     violating_policies.map(&:logical_resource_id)

data/lib/cfn-nag/custom_rules/S3BucketPolicyNotPrincipalRule.rb CHANGED Viewed

@@ -15,8 +15,8 @@ class S3BucketPolicyNotPrincipalRule < BaseRule
   end
   def audit_impl(cfn_model)
-    violating_policies = cfn_model.resources_by_type('AWS::S3::BucketPolicy').select do |policy|
-      !policy.policy_document.allows_not_principal.empty?
+    violating_policies = cfn_model.resources_by_type('AWS::S3::BucketPolicy').reject do |policy|
+      policy.policy_document.allows_not_principal.empty?
     end
     violating_policies.map(&:logical_resource_id)

data/lib/cfn-nag/custom_rules/S3BucketPolicyWildcardActionRule.rb CHANGED Viewed

@@ -18,7 +18,7 @@ class S3BucketPolicyWildcardActionRule < BaseRule
     logical_resource_ids = []
     cfn_model.resources_by_type('AWS::S3::BucketPolicy').each do |bucket_policy|
-      if !bucket_policy.policy_document.wildcard_allowed_actions.empty?
+      unless bucket_policy.policy_document.wildcard_allowed_actions.empty?
         logical_resource_ids << bucket_policy.logical_resource_id
       end
     end

data/lib/cfn-nag/custom_rules/S3BucketPolicyWildcardPrincipalRule.rb CHANGED Viewed

@@ -18,7 +18,7 @@ class S3BucketPolicyWildcardPrincipalRule < BaseRule
     logical_resource_ids = []
     cfn_model.resources_by_type('AWS::S3::BucketPolicy').each do |topic_policy|
-      if !topic_policy.policy_document.wildcard_allowed_principals.empty?
+      unless topic_policy.policy_document.wildcard_allowed_principals.empty?
         logical_resource_ids << topic_policy.logical_resource_id
       end
     end

data/lib/cfn-nag/custom_rules/S3BucketPublicReadAclRule.rb CHANGED Viewed

@@ -18,9 +18,7 @@ class S3BucketPublicReadAclRule < BaseRule
     logical_resource_ids = []
     cfn_model.resources_by_type('AWS::S3::Bucket').each do |bucket|
-      if bucket.accessControl == 'PublicRead'
-        logical_resource_ids << bucket.logical_resource_id
-      end
+      logical_resource_ids << bucket.logical_resource_id if bucket.accessControl == 'PublicRead'
     end
     logical_resource_ids

data/lib/cfn-nag/custom_rules/S3BucketPublicReadWriteAclRule.rb CHANGED Viewed

@@ -18,9 +18,7 @@ class S3BucketPublicReadWriteAclRule < BaseRule
     logical_resource_ids = []
     cfn_model.resources_by_type('AWS::S3::Bucket').each do |bucket|
-      if bucket.accessControl == 'PublicReadWrite'
-        logical_resource_ids << bucket.logical_resource_id
-      end
+      logical_resource_ids << bucket.logical_resource_id if bucket.accessControl == 'PublicReadWrite'
     end
     logical_resource_ids

data/lib/cfn-nag/custom_rules/SecurityGroupEgressOpenToWorldRule.rb CHANGED Viewed

@@ -26,9 +26,7 @@ class SecurityGroupEgressOpenToWorldRule < BaseRule
         ip4_open?(egress) || ip6_open?(egress)
       end
-      unless violating_egresses.empty?
-        logical_resource_ids << security_group.logical_resource_id
-      end
+      logical_resource_ids << security_group.logical_resource_id unless violating_egresses.empty?
     end
     violating_egresses = cfn_model.standalone_egress.select do |standalone_egress|

data/lib/cfn-nag/custom_rules/SecurityGroupEgressPortRangeRule.rb CHANGED Viewed

@@ -19,17 +19,15 @@ class SecurityGroupEgressPortRangeRule < BaseRule
   def audit_impl(cfn_model)
     logical_resource_ids = []
     cfn_model.security_groups.each do |security_group|
-      violating_egresses = security_group.egresses.select do |egress|
-        egress.fromPort != egress.toPort
+      violating_egresses = security_group.egresses.reject do |egress|
+        egress.fromPort == egress.toPort
       end
-      unless violating_egresses.empty?
-        logical_resource_ids << security_group.logical_resource_id
-      end
+      logical_resource_ids << security_group.logical_resource_id unless violating_egresses.empty?
     end
-    violating_egresses = cfn_model.standalone_egress.select do |standalone_egress|
-      standalone_egress.fromPort != standalone_egress.toPort
+    violating_egresses = cfn_model.standalone_egress.reject do |standalone_egress|
+      standalone_egress.fromPort == standalone_egress.toPort
     end
     logical_resource_ids + violating_egresses.map(&:logical_resource_id)

data/lib/cfn-nag/custom_rules/SecurityGroupIngressCidrNon32Rule.rb CHANGED Viewed

@@ -26,9 +26,7 @@ class SecurityGroupIngressCidrNon32Rule < BaseRule
         ip4_cidr_range?(ingress) || ip6_cidr_range?(ingress)
       end
-      unless violating_ingresses.empty?
-        logical_resource_ids << security_group.logical_resource_id
-      end
+      logical_resource_ids << security_group.logical_resource_id unless violating_ingresses.empty?
     end
     violating_ingresses = cfn_model.standalone_ingress.select do |standalone_ingress|

data/lib/cfn-nag/custom_rules/SecurityGroupIngressOpenToWorldRule.rb CHANGED Viewed

@@ -28,9 +28,7 @@ class SecurityGroupIngressOpenToWorldRule < BaseRule
         ip4_open?(ingress) || ip6_open?(ingress)
       end
-      unless violating_ingresses.empty?
-        logical_resource_ids << security_group.logical_resource_id
-      end
+      logical_resource_ids << security_group.logical_resource_id unless violating_ingresses.empty?
     end
     violating_ingresses = cfn_model.standalone_ingress.select do |standalone_ingress|

data/lib/cfn-nag/custom_rules/SecurityGroupIngressPortRangeRule.rb CHANGED Viewed

@@ -19,17 +19,15 @@ class SecurityGroupIngressPortRangeRule < BaseRule
   def audit_impl(cfn_model)
     logical_resource_ids = []
     cfn_model.security_groups.each do |security_group|
-      violating_ingresses = security_group.ingresses.select do |ingress|
-        ingress.fromPort != ingress.toPort
+      violating_ingresses = security_group.ingresses.reject do |ingress|
+        ingress.fromPort == ingress.toPort
       end
-      unless violating_ingresses.empty?
-        logical_resource_ids << security_group.logical_resource_id
-      end
+      logical_resource_ids << security_group.logical_resource_id unless violating_ingresses.empty?
     end
-    violating_ingresses = cfn_model.standalone_ingress.select do |standalone_ingress|
-      standalone_ingress.fromPort != standalone_ingress.toPort
+    violating_ingresses = cfn_model.standalone_ingress.reject do |standalone_ingress|
+      standalone_ingress.fromPort == standalone_ingress.toPort
     end
     logical_resource_ids + violating_ingresses.map(&:logical_resource_id)

data/lib/cfn-nag/custom_rules/SecurityGroupMissingEgressRule.rb CHANGED Viewed

@@ -17,9 +17,7 @@ class SecurityGroupMissingEgressRule < BaseRule
   def audit_impl(cfn_model)
     logical_resource_ids = []
     cfn_model.security_groups.each do |security_group|
-      if security_group.egresses.empty?
-        logical_resource_ids << security_group.logical_resource_id
-      end
+      logical_resource_ids << security_group.logical_resource_id if security_group.egresses.empty?
     end
     logical_resource_ids

data/lib/cfn-nag/custom_rules/SnsTopicPolicyNotActionRule.rb CHANGED Viewed

@@ -15,8 +15,8 @@ class SnsTopicPolicyNotActionRule < BaseRule
   end
   def audit_impl(cfn_model)
-    violating_policies = cfn_model.resources_by_type('AWS::SNS::TopicPolicy').select do |policy|
-      !policy.policy_document.allows_not_action.empty?
+    violating_policies = cfn_model.resources_by_type('AWS::SNS::TopicPolicy').reject do |policy|
+      policy.policy_document.allows_not_action.empty?
     end
     violating_policies.map(&:logical_resource_id)

data/lib/cfn-nag/custom_rules/SnsTopicPolicyNotPrincipalRule.rb CHANGED Viewed

@@ -15,8 +15,8 @@ class SnsTopicPolicyNotPrincipalRule < BaseRule
   end
   def audit_impl(cfn_model)
-    violating_policies = cfn_model.resources_by_type('AWS::SNS::TopicPolicy').select do |policy|
-      !policy.policy_document.allows_not_principal.empty?
+    violating_policies = cfn_model.resources_by_type('AWS::SNS::TopicPolicy').reject do |policy|
+      policy.policy_document.allows_not_principal.empty?
     end
     violating_policies.map(&:logical_resource_id)

data/lib/cfn-nag/custom_rules/SnsTopicPolicyWildcardPrincipalRule.rb CHANGED Viewed

@@ -18,7 +18,7 @@ class SnsTopicPolicyWildcardPrincipalRule < BaseRule
     logical_resource_ids = []
     cfn_model.resources_by_type('AWS::SNS::TopicPolicy').each do |topic_policy|
-      if !topic_policy.policy_document.wildcard_allowed_principals.empty?
+      unless topic_policy.policy_document.wildcard_allowed_principals.empty?
         logical_resource_ids << topic_policy.logical_resource_id
       end
     end

data/lib/cfn-nag/custom_rules/SqsQueuePolicyNotActionRule.rb CHANGED Viewed

@@ -15,8 +15,8 @@ class SqsQueuePolicyNotActionRule < BaseRule
   end
   def audit_impl(cfn_model)
-    violating_policies = cfn_model.resources_by_type('AWS::SQS::QueuePolicy').select do |policy|
-      !policy.policy_document.allows_not_action.empty?
+    violating_policies = cfn_model.resources_by_type('AWS::SQS::QueuePolicy').reject do |policy|
+      policy.policy_document.allows_not_action.empty?
     end
     violating_policies.map(&:logical_resource_id)

data/lib/cfn-nag/custom_rules/SqsQueuePolicyNotPrincipalRule.rb CHANGED Viewed

@@ -15,8 +15,8 @@ class SqsQueuePolicyNotPrincipalRule < BaseRule
   end
   def audit_impl(cfn_model)
-    violating_policies = cfn_model.resources_by_type('AWS::SQS::QueuePolicy').select do |policy|
-      !policy.policy_document.allows_not_principal.empty?
+    violating_policies = cfn_model.resources_by_type('AWS::SQS::QueuePolicy').reject do |policy|
+      policy.policy_document.allows_not_principal.empty?
     end
     violating_policies.map(&:logical_resource_id)

data/lib/cfn-nag/custom_rules/SqsQueuePolicyWildcardActionRule.rb CHANGED Viewed

@@ -18,7 +18,7 @@ class SqsQueuePolicyWildcardActionRule < BaseRule
     logical_resource_ids = []
     cfn_model.resources_by_type('AWS::SQS::QueuePolicy').each do |queue_policy|
-      if !queue_policy.policy_document.wildcard_allowed_actions.empty?
+      unless queue_policy.policy_document.wildcard_allowed_actions.empty?
         logical_resource_ids << queue_policy.logical_resource_id
       end
     end

data/lib/cfn-nag/custom_rules/SqsQueuePolicyWildcardPrincipalRule.rb CHANGED Viewed

@@ -18,7 +18,7 @@ class SqsQueuePolicyWildcardPrincipalRule < BaseRule
     logical_resource_ids = []
     cfn_model.resources_by_type('AWS::SQS::QueuePolicy').each do |topic_policy|
-      if !topic_policy.policy_document.wildcard_allowed_principals.empty?
+      unless topic_policy.policy_document.wildcard_allowed_principals.empty?
         logical_resource_ids << topic_policy.logical_resource_id
       end
     end

data/lib/cfn-nag/custom_rules/UserHasInlinePolicyRule.rb CHANGED Viewed

@@ -15,8 +15,8 @@ class UserHasInlinePolicyRule < BaseRule
   end
   def audit_impl(cfn_model)
-    violating_users = cfn_model.iam_users.select do |iam_user|
-      iam_user.policy_objects.size > 0
+    violating_users = cfn_model.iam_users.reject do |iam_user|
+      iam_user.policy_objects.empty?
     end
     violating_users.map(&:logical_resource_id)

data/lib/cfn-nag/custom_rules/UserMissingGroupRule.rb CHANGED Viewed

@@ -17,9 +17,7 @@ class UserMissingGroupRule < BaseRule
   def audit_impl(cfn_model)
     logical_resource_ids = []
     cfn_model.iam_users.each do |iam_user|
-      if iam_user.group_names.empty?
-        logical_resource_ids << iam_user.logical_resource_id
-      end
+      logical_resource_ids << iam_user.logical_resource_id if iam_user.group_names.empty?
     end
     logical_resource_ids

data/lib/cfn-nag/custom_rules/base.rb CHANGED Viewed

@@ -15,13 +15,11 @@ class BaseRule
   def audit(cfn_model)
     logical_resource_ids = audit_impl(cfn_model)
-    if !logical_resource_ids.empty?
+    unless logical_resource_ids.empty?
       Violation.new(id: rule_id,
                     type: rule_type,
                     message: rule_text,
                     logical_resource_ids: logical_resource_ids)
-    else
-      nil
     end
   end
 end

data/lib/cfn-nag/ip_addr.rb CHANGED Viewed

@@ -39,11 +39,9 @@ module IpAddr
   #
   def normalize_cidr_ip6(ingress)
     if ingress.cidrIpv6.is_a?(Symbol)
-      ":#{ingress.cidrIpv6.to_s}"
+      ":#{ingress.cidrIpv6}"
     elsif ingress.cidrIpv6.is_a?(String)
       ingress.cidrIpv6
-    else
-      nil
     end
   end
 end

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: cfn-nag
 version: !ruby/object:Gem::Version
-  version: 0.3.42
+  version: 0.3.43
 platform: ruby
 authors:
 - Eric Kascic
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2018-03-28 00:00:00.000000000 Z
+date: 2018-03-30 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rspec