cfn-nag 0.3.47 → 0.3.48

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 2a3968e39a23b1883d8c2590edebe08d790ab91ee4451e243b16fd58fa61551d
-  data.tar.gz: 4bb49a448faa8f9ea906b40205ccc2ee03cad1224f1197f063b62ea917ed9de0
+  metadata.gz: a36a2b3db7cfcfa143efef68d06297e953545b5dc184e1931c6d791825dfa553
+  data.tar.gz: fbeb74d06cc60788558b9585e47d76de919cabbfd2b58189a02dbda82e02c7be
 SHA512:
-  metadata.gz: 84090bf33419c02e1925ecc41699ff7857d22c8a4020c535d7b35079e260f1fed7b11d66b071722b8229a8d6301637ebb5ac627ecdcfe6fb0e246274557a3325
-  data.tar.gz: b6683c9b8277d3f3ad244d3fa8d023125dbcab93a8d48fdbf22e06c743923c7f3544134b03dc29e968874ad1cc6a18c0dfc3c361877e978eebd64cb8dbceaf2e
+  metadata.gz: ac98de6eba016edc6e914ae4228a017a3a15918685fca1d2722543f8b48589551866ad715a054e6bb0a0275ccfd3bd8ca6f359eb639252ba824e1b1e3c13f0a2
+  data.tar.gz: f2dc1f3fe356b609ab6b5f6bd96c9f7899425cb593f07d2c8549f5f72d5774b0ea49f5b936b90def3e52feb1a2e6aedeae6d1071857316f761ca7c6e25ea8dc4

data/lib/cfn-nag/custom_rules/IamManagedPolicyNotActionRule.rb

@@ -17,8 +17,8 @@ class IamManagedPolicyNotActionRule < BaseRule
   def audit_impl(cfn_model)
     violating_policies = \
       cfn_model.resources_by_type('AWS::IAM::ManagedPolicy')
-               .reject do |policy|
-        policy.policy_document.allows_not_action.empty?
+               .select do |policy|
+        !policy.policy_document.allows_not_action.empty?
       end
 
     violating_policies.map(&:logical_resource_id)

data/lib/cfn-nag/custom_rules/IamManagedPolicyNotResourceRule.rb

@@ -17,8 +17,8 @@ class IamManagedPolicyNotResourceRule < BaseRule
   def audit_impl(cfn_model)
     violating_policies = \
       cfn_model.resources_by_type('AWS::IAM::ManagedPolicy')
-               .reject do |policy|
-        policy.policy_document.allows_not_resource.empty?
+               .select do |policy|
+        !policy.policy_document.allows_not_resource.empty?
       end
 
     violating_policies.map(&:logical_resource_id)

data/lib/cfn-nag/custom_rules/IamManagedPolicyWildcardActionRule.rb

@@ -17,8 +17,8 @@ class IamManagedPolicyWildcardActionRule < BaseRule
   def audit_impl(cfn_model)
     violating_policies = \
       cfn_model.resources_by_type('AWS::IAM::ManagedPolicy')
-               .reject do |policy|
-        policy.policy_document.wildcard_allowed_actions.empty?
+               .select do |policy|
+        !policy.policy_document.wildcard_allowed_actions.empty?
       end
 
     violating_policies.map(&:logical_resource_id)

data/lib/cfn-nag/custom_rules/IamManagedPolicyWildcardResourceRule.rb

@@ -17,8 +17,8 @@ class IamManagedPolicyWildcardResourceRule < BaseRule
   def audit_impl(cfn_model)
     violating_policies = \
       cfn_model.resources_by_type('AWS::IAM::ManagedPolicy')
-               .reject do |policy|
-        policy.policy_document.wildcard_allowed_resources.empty?
+               .select do |policy|
+        !policy.policy_document.wildcard_allowed_resources.empty?
       end
 
     violating_policies.map(&:logical_resource_id)

data/lib/cfn-nag/custom_rules/IamPolicyNotActionRule.rb

@@ -17,8 +17,8 @@ class IamPolicyNotActionRule < BaseRule
   def audit_impl(cfn_model)
     violating_policies = \
       cfn_model.resources_by_type('AWS::IAM::Policy')
-               .reject do |policy|
-        policy.policy_document.allows_not_action.empty?
+               .select do |policy|
+        !policy.policy_document.allows_not_action.empty?
       end
 
     violating_policies.map(&:logical_resource_id)

data/lib/cfn-nag/custom_rules/IamPolicyNotResourceRule.rb

@@ -17,8 +17,8 @@ class IamPolicyNotResourceRule < BaseRule
   def audit_impl(cfn_model)
     violating_policies = \
       cfn_model.resources_by_type('AWS::IAM::Policy')
-               .reject do |policy|
-        policy.policy_document.allows_not_resource.empty?
+               .select do |policy|
+        !policy.policy_document.allows_not_resource.empty?
       end
 
     violating_policies.map(&:logical_resource_id)

data/lib/cfn-nag/custom_rules/IamPolicyWildcardActionRule.rb

@@ -15,8 +15,8 @@ class IamPolicyWildcardActionRule < BaseRule
   end
 
   def audit_impl(cfn_model)
-    violating_policies = cfn_model.resources_by_type('AWS::IAM::Policy').reject do |policy|
-      policy.policy_document.wildcard_allowed_actions.empty?
+    violating_policies = cfn_model.resources_by_type('AWS::IAM::Policy').select do |policy|
+      !policy.policy_document.wildcard_allowed_actions.empty?
     end
 
     violating_policies.map(&:logical_resource_id)

data/lib/cfn-nag/custom_rules/IamPolicyWildcardResourceRule.rb

@@ -15,8 +15,8 @@ class IamPolicyWildcardResourceRule < BaseRule
   end
 
   def audit_impl(cfn_model)
-    violating_policies = cfn_model.resources_by_type('AWS::IAM::Policy').reject do |policy|
-      policy.policy_document.wildcard_allowed_resources.empty?
+    violating_policies = cfn_model.resources_by_type('AWS::IAM::Policy').select do |policy|
+      !policy.policy_document.wildcard_allowed_resources.empty?
     end
 
     violating_policies.map(&:logical_resource_id)

data/lib/cfn-nag/custom_rules/IamRoleNotActionOnPermissionsPolicyRule.rb

@@ -15,11 +15,11 @@ class IamRoleNotActionOnPermissionsPolicyRule < BaseRule
   end
 
   def audit_impl(cfn_model)
-    violating_roles = cfn_model.resources_by_type('AWS::IAM::Role').reject do |role|
-      violating_policies = role.policy_objects.reject do |policy|
-        policy.policy_document.allows_not_action.empty?
+    violating_roles = cfn_model.resources_by_type('AWS::IAM::Role').select do |role|
+      violating_policies = role.policy_objects.select do |policy|
+        !policy.policy_document.allows_not_action.empty?
       end
-      violating_policies.empty?
+      !violating_policies.empty?
     end
 
     violating_roles.map(&:logical_resource_id)

data/lib/cfn-nag/custom_rules/IamRoleNotActionOnTrustPolicyRule.rb

@@ -15,8 +15,8 @@ class IamRoleNotActionOnTrustPolicyRule < BaseRule
   end
 
   def audit_impl(cfn_model)
-    violating_roles = cfn_model.resources_by_type('AWS::IAM::Role').reject do |role|
-      role.assume_role_policy_document.allows_not_action.empty?
+    violating_roles = cfn_model.resources_by_type('AWS::IAM::Role').select do |role|
+      !role.assume_role_policy_document.allows_not_action.empty?
     end
 
     violating_roles.map(&:logical_resource_id)

data/lib/cfn-nag/custom_rules/IamRoleNotPrincipalOnTrustPolicyRule.rb

@@ -15,8 +15,8 @@ class IamRoleNotPrincipalOnTrustPolicyRule < BaseRule
   end
 
   def audit_impl(cfn_model)
-    violating_roles = cfn_model.resources_by_type('AWS::IAM::Role').reject do |role|
-      role.assume_role_policy_document.allows_not_principal.empty?
+    violating_roles = cfn_model.resources_by_type('AWS::IAM::Role').select do |role|
+      !role.assume_role_policy_document.allows_not_principal.empty?
     end
 
     violating_roles.map(&:logical_resource_id)

data/lib/cfn-nag/custom_rules/IamRoleNotResourceOnPermissionsPolicyRule.rb

@@ -15,11 +15,11 @@ class IamRoleNotResourceOnPermissionsPolicyRule < BaseRule
   end
 
   def audit_impl(cfn_model)
-    violating_roles = cfn_model.resources_by_type('AWS::IAM::Role').reject do |role|
-      violating_policies = role.policy_objects.reject do |policy|
-        policy.policy_document.allows_not_resource.empty?
+    violating_roles = cfn_model.resources_by_type('AWS::IAM::Role').select do |role|
+      violating_policies = role.policy_objects.select do |policy|
+        !policy.policy_document.allows_not_resource.empty?
       end
-      violating_policies.empty?
+      !violating_policies.empty?
     end
 
     violating_roles.map(&:logical_resource_id)

data/lib/cfn-nag/custom_rules/IamRoleWildcardActionOnPermissionsPolicyRule.rb

@@ -15,11 +15,11 @@ class IamRoleWildcardActionOnPermissionsPolicyRule < BaseRule
   end
 
   def audit_impl(cfn_model)
-    violating_roles = cfn_model.resources_by_type('AWS::IAM::Role').reject do |role|
-      violating_policies = role.policy_objects.reject do |policy|
-        policy.policy_document.wildcard_allowed_actions.empty?
+    violating_roles = cfn_model.resources_by_type('AWS::IAM::Role').select do |role|
+      violating_policies = role.policy_objects.select do |policy|
+        !policy.policy_document.wildcard_allowed_actions.empty?
       end
-      violating_policies.empty?
+      !violating_policies.empty?
     end
 
     violating_roles.map(&:logical_resource_id)

data/lib/cfn-nag/custom_rules/IamRoleWildcardActionOnTrustPolicyRule.rb

@@ -15,8 +15,8 @@ class IamRoleWildcardActionOnTrustPolicyRule < BaseRule
   end
 
   def audit_impl(cfn_model)
-    violating_roles = cfn_model.resources_by_type('AWS::IAM::Role').reject do |role|
-      role.assume_role_policy_document.wildcard_allowed_actions.empty?
+    violating_roles = cfn_model.resources_by_type('AWS::IAM::Role').select do |role|
+      !role.assume_role_policy_document.wildcard_allowed_actions.empty?
     end
 
     violating_roles.map(&:logical_resource_id)

data/lib/cfn-nag/custom_rules/IamRoleWildcardResourceOnPermissionsPolicyRule.rb

@@ -15,11 +15,11 @@ class IamRoleWildcardResourceOnPermissionsPolicyRule < BaseRule
   end
 
   def audit_impl(cfn_model)
-    violating_roles = cfn_model.resources_by_type('AWS::IAM::Role').reject do |role|
-      violating_policies = role.policy_objects.reject do |policy|
-        policy.policy_document.wildcard_allowed_resources.empty?
+    violating_roles = cfn_model.resources_by_type('AWS::IAM::Role').select do |role|
+      violating_policies = role.policy_objects.select do |policy|
+        !policy.policy_document.wildcard_allowed_resources.empty?
       end
-      violating_policies.empty?
+      !violating_policies.empty?
     end
 
     violating_roles.map(&:logical_resource_id)

data/lib/cfn-nag/custom_rules/LambdaPermissionInvokeFunctionActionRule.rb

@@ -15,8 +15,8 @@ class LambdaPermissionInvokeFunctionActionRule < BaseRule
   end
 
   def audit_impl(cfn_model)
-    violating_lambdas = cfn_model.resources_by_type('AWS::Lambda::Permission').reject do |lambda_permission|
-      lambda_permission.action == 'lambda:InvokeFunction'
+    violating_lambdas = cfn_model.resources_by_type('AWS::Lambda::Permission').select do |lambda_permission|
+      lambda_permission.action != 'lambda:InvokeFunction'
     end
 
     violating_lambdas.map(&:logical_resource_id)

data/lib/cfn-nag/custom_rules/S3BucketPolicyNotActionRule.rb

@@ -15,8 +15,8 @@ class S3BucketPolicyNotActionRule < BaseRule
   end
 
   def audit_impl(cfn_model)
-    violating_policies = cfn_model.resources_by_type('AWS::S3::BucketPolicy').reject do |policy|
-      policy.policy_document.allows_not_action.empty?
+    violating_policies = cfn_model.resources_by_type('AWS::S3::BucketPolicy').select do |policy|
+      !policy.policy_document.allows_not_action.empty?
     end
 
     violating_policies.map(&:logical_resource_id)

data/lib/cfn-nag/custom_rules/S3BucketPolicyNotPrincipalRule.rb

@@ -15,8 +15,8 @@ class S3BucketPolicyNotPrincipalRule < BaseRule
   end
 
   def audit_impl(cfn_model)
-    violating_policies = cfn_model.resources_by_type('AWS::S3::BucketPolicy').reject do |policy|
-      policy.policy_document.allows_not_principal.empty?
+    violating_policies = cfn_model.resources_by_type('AWS::S3::BucketPolicy').select do |policy|
+      !policy.policy_document.allows_not_principal.empty?
     end
 
     violating_policies.map(&:logical_resource_id)

data/lib/cfn-nag/custom_rules/SecurityGroupEgressPortRangeRule.rb

@@ -19,15 +19,15 @@ class SecurityGroupEgressPortRangeRule < BaseRule
   def audit_impl(cfn_model)
     logical_resource_ids = []
     cfn_model.security_groups.each do |security_group|
-      violating_egresses = security_group.egresses.reject do |egress|
-        egress.fromPort == egress.toPort
+      violating_egresses = security_group.egresses.select do |egress|
+        egress.fromPort != egress.toPort
       end
 
       logical_resource_ids << security_group.logical_resource_id unless violating_egresses.empty?
     end
 
-    violating_egresses = cfn_model.standalone_egress.reject do |standalone_egress|
-      standalone_egress.fromPort == standalone_egress.toPort
+    violating_egresses = cfn_model.standalone_egress.select do |standalone_egress|
+      standalone_egress.fromPort != standalone_egress.toPort
     end
 
     logical_resource_ids + violating_egresses.map(&:logical_resource_id)

data/lib/cfn-nag/custom_rules/SecurityGroupIngressPortRangeRule.rb

@@ -19,15 +19,15 @@ class SecurityGroupIngressPortRangeRule < BaseRule
   def audit_impl(cfn_model)
     logical_resource_ids = []
     cfn_model.security_groups.each do |security_group|
-      violating_ingresses = security_group.ingresses.reject do |ingress|
-        ingress.fromPort == ingress.toPort
+      violating_ingresses = security_group.ingresses.select do |ingress|
+        ingress.fromPort != ingress.toPort
       end
 
       logical_resource_ids << security_group.logical_resource_id unless violating_ingresses.empty?
     end
 
-    violating_ingresses = cfn_model.standalone_ingress.reject do |standalone_ingress|
-      standalone_ingress.fromPort == standalone_ingress.toPort
+    violating_ingresses = cfn_model.standalone_ingress.select do |standalone_ingress|
+      standalone_ingress.fromPort != standalone_ingress.toPort
     end
 
     logical_resource_ids + violating_ingresses.map(&:logical_resource_id)

data/lib/cfn-nag/custom_rules/SnsTopicPolicyNotActionRule.rb

@@ -15,8 +15,8 @@ class SnsTopicPolicyNotActionRule < BaseRule
   end
 
   def audit_impl(cfn_model)
-    violating_policies = cfn_model.resources_by_type('AWS::SNS::TopicPolicy').reject do |policy|
-      policy.policy_document.allows_not_action.empty?
+    violating_policies = cfn_model.resources_by_type('AWS::SNS::TopicPolicy').select do |policy|
+      !policy.policy_document.allows_not_action.empty?
     end
 
     violating_policies.map(&:logical_resource_id)

data/lib/cfn-nag/custom_rules/SnsTopicPolicyNotPrincipalRule.rb

@@ -15,8 +15,8 @@ class SnsTopicPolicyNotPrincipalRule < BaseRule
   end
 
   def audit_impl(cfn_model)
-    violating_policies = cfn_model.resources_by_type('AWS::SNS::TopicPolicy').reject do |policy|
-      policy.policy_document.allows_not_principal.empty?
+    violating_policies = cfn_model.resources_by_type('AWS::SNS::TopicPolicy').select do |policy|
+      !policy.policy_document.allows_not_principal.empty?
     end
 
     violating_policies.map(&:logical_resource_id)

data/lib/cfn-nag/custom_rules/SqsQueuePolicyNotActionRule.rb

@@ -15,8 +15,8 @@ class SqsQueuePolicyNotActionRule < BaseRule
   end
 
   def audit_impl(cfn_model)
-    violating_policies = cfn_model.resources_by_type('AWS::SQS::QueuePolicy').reject do |policy|
-      policy.policy_document.allows_not_action.empty?
+    violating_policies = cfn_model.resources_by_type('AWS::SQS::QueuePolicy').select do |policy|
+      !policy.policy_document.allows_not_action.empty?
     end
 
     violating_policies.map(&:logical_resource_id)

data/lib/cfn-nag/custom_rules/SqsQueuePolicyNotPrincipalRule.rb

@@ -15,8 +15,8 @@ class SqsQueuePolicyNotPrincipalRule < BaseRule
   end
 
   def audit_impl(cfn_model)
-    violating_policies = cfn_model.resources_by_type('AWS::SQS::QueuePolicy').reject do |policy|
-      policy.policy_document.allows_not_principal.empty?
+    violating_policies = cfn_model.resources_by_type('AWS::SQS::QueuePolicy').select do |policy|
+      !policy.policy_document.allows_not_principal.empty?
     end
 
     violating_policies.map(&:logical_resource_id)

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: cfn-nag
 version: !ruby/object:Gem::Version
-  version: 0.3.47
+  version: 0.3.48
 platform: ruby
 authors:
 - Eric Kascic
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2018-03-30 00:00:00.000000000 Z
+date: 2018-04-27 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rspec