cfn-nag 0.3.52 → 0.3.53
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/bin/cfn_nag_scan +9 -4
- data/lib/cfn-nag/cfn_nag.rb +11 -6
- data/lib/cfn-nag/template_discovery.rb +9 -5
- metadata +2 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 8eb6e2e2d4e1d36f7d8195e2bc7040bc431f8c0c6ebd8733aad45ada0b9e69d5
|
|
4
|
+
data.tar.gz: db0a2a5764a82493fdf37742c97f48d56e86751b376dfb31cda96a440f5a5ad6
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 0ac0f7fc98a5d972e1ae03996a2d721f095e6fac495c7c7228f7951e7674303c89ebdcb7f069ddf472a441a81c5c69288e67518a45bde1fe0e7a41d21045aa63
|
|
7
|
+
data.tar.gz: 4de40b96402bb854da7ce40a4423c3285903c552404611dac8a02f4f51da598c064cc4034d3f4486ff259a5c7a94b4b3e19685b697a5540881c7e66178abcd2f
|
data/bin/cfn_nag_scan
CHANGED
|
@@ -9,7 +9,7 @@ opts = Trollop.options do
|
|
|
9
9
|
version Gem::Specification.find_by_name('cfn-nag').version
|
|
10
10
|
|
|
11
11
|
opt :input_path,
|
|
12
|
-
'CloudFormation template to nag on or directory of templates
|
|
12
|
+
'CloudFormation template to nag on or directory of templates. Default is all *.json, *.yaml, *.yml and *.template recursively, but can be constrained by --template-pattern',
|
|
13
13
|
type: :io,
|
|
14
14
|
required: true
|
|
15
15
|
opt :output_format,
|
|
@@ -51,6 +51,11 @@ opts = Trollop.options do
|
|
|
51
51
|
type: :boolean,
|
|
52
52
|
required: false,
|
|
53
53
|
default: false
|
|
54
|
+
opt :template_pattern,
|
|
55
|
+
'Within the --input-path, match files to scan against this regular expression',
|
|
56
|
+
type: :string,
|
|
57
|
+
required: false,
|
|
58
|
+
default: '..*\.json|..*\.yaml|..*\.yml|..*\.template'
|
|
54
59
|
end
|
|
55
60
|
|
|
56
61
|
unless %w[txt json].include?(opts[:output_format])
|
|
@@ -69,10 +74,10 @@ cfn_nag = CfnNag.new(profile_definition: profile_definition,
|
|
|
69
74
|
rule_directory: opts[:rule_directory],
|
|
70
75
|
allow_suppression: opts[:allow_suppression],
|
|
71
76
|
print_suppression: opts[:print_suppression],
|
|
72
|
-
isolate_custom_rule_exceptions:
|
|
73
|
-
opts[:isolate_custom_rule_exceptions])
|
|
77
|
+
isolate_custom_rule_exceptions: opts[:isolate_custom_rule_exceptions])
|
|
74
78
|
|
|
75
79
|
exit cfn_nag.audit_aggregate_across_files_and_render_results(
|
|
76
80
|
input_path: opts[:input_path], output_format: opts[:output_format],
|
|
77
|
-
parameter_values_path: opts[:parameter_values_path]
|
|
81
|
+
parameter_values_path: opts[:parameter_values_path],
|
|
82
|
+
template_pattern: opts[:template_pattern]
|
|
78
83
|
)
|
data/lib/cfn-nag/cfn_nag.rb
CHANGED
|
@@ -28,11 +28,13 @@ class CfnNag
|
|
|
28
28
|
#
|
|
29
29
|
# Return an aggregate failure count (for exit code usage)
|
|
30
30
|
#
|
|
31
|
-
def audit_aggregate_across_files_and_render_results(
|
|
32
|
-
|
|
33
|
-
|
|
31
|
+
def audit_aggregate_across_files_and_render_results(input_path:,
|
|
32
|
+
output_format: 'txt',
|
|
33
|
+
parameter_values_path: nil,
|
|
34
|
+
template_pattern: '..*\.json|..*\.yaml|..*\.yml|..*\.template')
|
|
34
35
|
aggregate_results = audit_aggregate_across_files input_path: input_path,
|
|
35
|
-
parameter_values_path: parameter_values_path
|
|
36
|
+
parameter_values_path: parameter_values_path,
|
|
37
|
+
template_pattern: template_pattern
|
|
36
38
|
|
|
37
39
|
render_results(aggregate_results: aggregate_results,
|
|
38
40
|
output_format: output_format)
|
|
@@ -47,9 +49,12 @@ class CfnNag
|
|
|
47
49
|
##
|
|
48
50
|
# Given a file or directory path, return aggregate results
|
|
49
51
|
#
|
|
50
|
-
def audit_aggregate_across_files(input_path:,
|
|
52
|
+
def audit_aggregate_across_files(input_path:,
|
|
53
|
+
parameter_values_path: nil,
|
|
54
|
+
template_pattern: '..*\.json|..*\.yaml|..*\.yml|..*\.template')
|
|
51
55
|
parameter_values_string = parameter_values_path.nil? ? nil : IO.read(parameter_values_path)
|
|
52
|
-
templates = TemplateDiscovery.new.discover_templates(input_path
|
|
56
|
+
templates = TemplateDiscovery.new.discover_templates(input_json_path: input_path,
|
|
57
|
+
template_pattern: template_pattern)
|
|
53
58
|
aggregate_results = []
|
|
54
59
|
templates.each do |template|
|
|
55
60
|
aggregate_results << {
|
|
@@ -1,9 +1,11 @@
|
|
|
1
1
|
# Container for discovering templates
|
|
2
2
|
class TemplateDiscovery
|
|
3
3
|
# input_json_path can be a directory, filename, or File
|
|
4
|
-
def discover_templates(input_json_path
|
|
4
|
+
def discover_templates(input_json_path:,
|
|
5
|
+
template_pattern: '..*\.json|..*\.yaml|..*\.yml|..*\.template')
|
|
5
6
|
if ::File.directory? input_json_path
|
|
6
|
-
return find_templates_in_directory(directory: input_json_path
|
|
7
|
+
return find_templates_in_directory(directory: input_json_path,
|
|
8
|
+
template_pattern: template_pattern)
|
|
7
9
|
end
|
|
8
10
|
return [render_path(input_json_path)] if ::File.file? input_json_path
|
|
9
11
|
raise "#{input_json_path} is not a proper path"
|
|
@@ -17,11 +19,13 @@ class TemplateDiscovery
|
|
|
17
19
|
end
|
|
18
20
|
|
|
19
21
|
def find_templates_in_directory(directory:,
|
|
20
|
-
|
|
22
|
+
template_pattern:)
|
|
21
23
|
|
|
22
24
|
templates = []
|
|
23
|
-
|
|
24
|
-
|
|
25
|
+
Dir[File.join(directory, '**/**')].each do |file_name|
|
|
26
|
+
if file_name.match(template_pattern)
|
|
27
|
+
templates << file_name
|
|
28
|
+
end
|
|
25
29
|
end
|
|
26
30
|
templates
|
|
27
31
|
end
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: cfn-nag
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.3.
|
|
4
|
+
version: 0.3.53
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Eric Kascic
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2018-04-
|
|
11
|
+
date: 2018-04-28 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: rspec
|