cfn-nag 0.3.69 → 0.3.70

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: f2471f38f4fade1aa0683c1f26d888f98dfecc520dfd440302e44abdbe4f91b7
4
- data.tar.gz: 83cbc36c169ca23c5e33793ef4a30239fffad5f10bcdc37caac8bac13500f43d
3
+ metadata.gz: 87b103419c81f7993bac0aaea152c9d4f5fb90df1a266d219b768e31e93c962f
4
+ data.tar.gz: ad57b13ca5e9d12ae76e9ab0ab2190b30f3edf82f12ad4cb4fde137fda9fa7ce
5
5
  SHA512:
6
- metadata.gz: f6f7265da9cbf280f7a453b4253ffe81b794188a2f5290dd2840a2d44f9a98b21d1c40c3454ba577c84ba4ed4789c959329a47c529e57b9c47777d1f8bd4c66a
7
- data.tar.gz: 82b6265c74af0cb1f97306d930b3f1b4ed6a6bc326f4f66e076a834cc05ce6a843d8da0530a64c4071d03c70ad03994a517200eb0c04a8aad36341cbad82c354
6
+ metadata.gz: 9c944634f99d05d4233c336052d88305be821d95c03e488d3ee5620191e18a66833bfdac7a6c2e5bbe64c83a79bee4e5cf878be060c08de9533adbe67d57a64f
7
+ data.tar.gz: 15ca6d74a6c3aa6813d8a31c2e4e6bd1f4535e91abf23525a3d4f96a738ed4c655635516e181be08447e3624cbc7e25a2fe8c50e2080d79874f1f76441a84a7d
@@ -85,7 +85,7 @@ class CfnNag
85
85
  rescue Psych::SyntaxError, ParserError => parser_error
86
86
  violations << fatal_violation(parser_error.to_s)
87
87
  rescue JSON::ParserError => json_parameters_error
88
- error = "JSON Parameter values parse error: #{json_parameters_error.to_s}"
88
+ error = "JSON Parameter values parse error: #{json_parameters_error}"
89
89
  violations << fatal_violation(error)
90
90
  end
91
91
 
@@ -85,9 +85,9 @@ class CustomRuleLoader
85
85
  )
86
86
  audit_result = rule_class.new.audit(filtered_cfn_model)
87
87
  violations << audit_result unless audit_result.nil?
88
- rescue Exception => exception
89
- raise exception unless @isolate_custom_rule_exceptions
90
- STDERR.puts exception
88
+ rescue ScriptError, StandardError => rule_error
89
+ raise rule_error unless @isolate_custom_rule_exceptions
90
+ STDERR.puts rule_error
91
91
  end
92
92
  end
93
93
  end
@@ -17,21 +17,22 @@ class CloudFormationAuthenticationRule < BaseRule
17
17
  end
18
18
 
19
19
  def audit_impl(cfn_model)
20
- logical_resource_ids = []
21
- cfn_model.raw_model['Resources'].each do |resource_name, resource|
22
- unless resource['Metadata'].nil?
23
- unless resource['Metadata']['AWS::CloudFormation::Authentication'].nil?
24
-
25
- resource['Metadata']['AWS::CloudFormation::Authentication'].each do |auth_name, auth|
26
- if potentially_sensitive_credentials? auth
27
- logical_resource_ids << resource_name
28
- end
29
- end
30
-
31
- end
32
- end
20
+ violating_resources = cfn_model.raw_model['Resources'].select do |_resource_name, resource|
21
+ resource_has_authentication?(resource) && resource_has_sensitive_credentials?(resource)
33
22
  end
34
- logical_resource_ids
23
+ violating_resources.keys
24
+ end
25
+
26
+ private
27
+
28
+ def resource_has_sensitive_credentials?(resource)
29
+ resource['Metadata']['AWS::CloudFormation::Authentication'].find do |_auth_name, auth|
30
+ potentially_sensitive_credentials? auth
31
+ end
32
+ end
33
+
34
+ def resource_has_authentication?(resource)
35
+ resource['Metadata'] && resource['Metadata']['AWS::CloudFormation::Authentication']
35
36
  end
36
37
 
37
38
  def potentially_sensitive_credentials?(auth)
@@ -5,13 +5,13 @@ class JmesPathDiscovery
5
5
  @rule_registry = rule_registry
6
6
  end
7
7
 
8
- def warning(id:, jmespath:, message:)
8
+ def warning(id:, message:)
9
9
  @rule_registry.definition(id: id,
10
10
  type: Violation::WARNING,
11
11
  message: message)
12
12
  end
13
13
 
14
- def failure(id:, jmespath:, message:)
14
+ def failure(id:, message:)
15
15
  @rule_registry.definition(id: id,
16
16
  type: Violation::FAILING_VIOLATION,
17
17
  message: message)
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: cfn-nag
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.3.69
4
+ version: 0.3.70
5
5
  platform: ruby
6
6
  authors:
7
7
  - Eric Kascic