cfn-nag 0.3.52 → 0.3.53
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/bin/cfn_nag_scan +9 -4
- data/lib/cfn-nag/cfn_nag.rb +11 -6
- data/lib/cfn-nag/template_discovery.rb +9 -5
- metadata +2 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 8eb6e2e2d4e1d36f7d8195e2bc7040bc431f8c0c6ebd8733aad45ada0b9e69d5
|
|
4
|
+
data.tar.gz: db0a2a5764a82493fdf37742c97f48d56e86751b376dfb31cda96a440f5a5ad6
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 0ac0f7fc98a5d972e1ae03996a2d721f095e6fac495c7c7228f7951e7674303c89ebdcb7f069ddf472a441a81c5c69288e67518a45bde1fe0e7a41d21045aa63
|
|
7
|
+
data.tar.gz: 4de40b96402bb854da7ce40a4423c3285903c552404611dac8a02f4f51da598c064cc4034d3f4486ff259a5c7a94b4b3e19685b697a5540881c7e66178abcd2f
|
data/bin/cfn_nag_scan
CHANGED
|
@@ -9,7 +9,7 @@ opts = Trollop.options do
|
|
|
9
9
|
version Gem::Specification.find_by_name('cfn-nag').version
|
|
10
10
|
|
|
11
11
|
opt :input_path,
|
|
12
|
-
'CloudFormation template to nag on or directory of templates
|
|
12
|
+
'CloudFormation template to nag on or directory of templates. Default is all *.json, *.yaml, *.yml and *.template recursively, but can be constrained by --template-pattern',
|
|
13
13
|
type: :io,
|
|
14
14
|
required: true
|
|
15
15
|
opt :output_format,
|
|
@@ -51,6 +51,11 @@ opts = Trollop.options do
|
|
|
51
51
|
type: :boolean,
|
|
52
52
|
required: false,
|
|
53
53
|
default: false
|
|
54
|
+
opt :template_pattern,
|
|
55
|
+
'Within the --input-path, match files to scan against this regular expression',
|
|
56
|
+
type: :string,
|
|
57
|
+
required: false,
|
|
58
|
+
default: '..*\.json|..*\.yaml|..*\.yml|..*\.template'
|
|
54
59
|
end
|
|
55
60
|
|
|
56
61
|
unless %w[txt json].include?(opts[:output_format])
|
|
@@ -69,10 +74,10 @@ cfn_nag = CfnNag.new(profile_definition: profile_definition,
|
|
|
69
74
|
rule_directory: opts[:rule_directory],
|
|
70
75
|
allow_suppression: opts[:allow_suppression],
|
|
71
76
|
print_suppression: opts[:print_suppression],
|
|
72
|
-
isolate_custom_rule_exceptions:
|
|
73
|
-
opts[:isolate_custom_rule_exceptions])
|
|
77
|
+
isolate_custom_rule_exceptions: opts[:isolate_custom_rule_exceptions])
|
|
74
78
|
|
|
75
79
|
exit cfn_nag.audit_aggregate_across_files_and_render_results(
|
|
76
80
|
input_path: opts[:input_path], output_format: opts[:output_format],
|
|
77
|
-
parameter_values_path: opts[:parameter_values_path]
|
|
81
|
+
parameter_values_path: opts[:parameter_values_path],
|
|
82
|
+
template_pattern: opts[:template_pattern]
|
|
78
83
|
)
|
data/lib/cfn-nag/cfn_nag.rb
CHANGED
|
@@ -28,11 +28,13 @@ class CfnNag
|
|
|
28
28
|
#
|
|
29
29
|
# Return an aggregate failure count (for exit code usage)
|
|
30
30
|
#
|
|
31
|
-
def audit_aggregate_across_files_and_render_results(
|
|
32
|
-
|
|
33
|
-
|
|
31
|
+
def audit_aggregate_across_files_and_render_results(input_path:,
|
|
32
|
+
output_format: 'txt',
|
|
33
|
+
parameter_values_path: nil,
|
|
34
|
+
template_pattern: '..*\.json|..*\.yaml|..*\.yml|..*\.template')
|
|
34
35
|
aggregate_results = audit_aggregate_across_files input_path: input_path,
|
|
35
|
-
parameter_values_path: parameter_values_path
|
|
36
|
+
parameter_values_path: parameter_values_path,
|
|
37
|
+
template_pattern: template_pattern
|
|
36
38
|
|
|
37
39
|
render_results(aggregate_results: aggregate_results,
|
|
38
40
|
output_format: output_format)
|
|
@@ -47,9 +49,12 @@ class CfnNag
|
|
|
47
49
|
##
|
|
48
50
|
# Given a file or directory path, return aggregate results
|
|
49
51
|
#
|
|
50
|
-
def audit_aggregate_across_files(input_path:,
|
|
52
|
+
def audit_aggregate_across_files(input_path:,
|
|
53
|
+
parameter_values_path: nil,
|
|
54
|
+
template_pattern: '..*\.json|..*\.yaml|..*\.yml|..*\.template')
|
|
51
55
|
parameter_values_string = parameter_values_path.nil? ? nil : IO.read(parameter_values_path)
|
|
52
|
-
templates = TemplateDiscovery.new.discover_templates(input_path
|
|
56
|
+
templates = TemplateDiscovery.new.discover_templates(input_json_path: input_path,
|
|
57
|
+
template_pattern: template_pattern)
|
|
53
58
|
aggregate_results = []
|
|
54
59
|
templates.each do |template|
|
|
55
60
|
aggregate_results << {
|
|
@@ -1,9 +1,11 @@
|
|
|
1
1
|
# Container for discovering templates
|
|
2
2
|
class TemplateDiscovery
|
|
3
3
|
# input_json_path can be a directory, filename, or File
|
|
4
|
-
def discover_templates(input_json_path
|
|
4
|
+
def discover_templates(input_json_path:,
|
|
5
|
+
template_pattern: '..*\.json|..*\.yaml|..*\.yml|..*\.template')
|
|
5
6
|
if ::File.directory? input_json_path
|
|
6
|
-
return find_templates_in_directory(directory: input_json_path
|
|
7
|
+
return find_templates_in_directory(directory: input_json_path,
|
|
8
|
+
template_pattern: template_pattern)
|
|
7
9
|
end
|
|
8
10
|
return [render_path(input_json_path)] if ::File.file? input_json_path
|
|
9
11
|
raise "#{input_json_path} is not a proper path"
|
|
@@ -17,11 +19,13 @@ class TemplateDiscovery
|
|
|
17
19
|
end
|
|
18
20
|
|
|
19
21
|
def find_templates_in_directory(directory:,
|
|
20
|
-
|
|
22
|
+
template_pattern:)
|
|
21
23
|
|
|
22
24
|
templates = []
|
|
23
|
-
|
|
24
|
-
|
|
25
|
+
Dir[File.join(directory, '**/**')].each do |file_name|
|
|
26
|
+
if file_name.match(template_pattern)
|
|
27
|
+
templates << file_name
|
|
28
|
+
end
|
|
25
29
|
end
|
|
26
30
|
templates
|
|
27
31
|
end
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: cfn-nag
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.3.
|
|
4
|
+
version: 0.3.53
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Eric Kascic
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2018-04-
|
|
11
|
+
date: 2018-04-28 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: rspec
|