cfn-nag 0.3.74 → 0.3.75

Sign up to get free protection for your applications and to get access to all the features.
Files changed (3) hide show
  1. checksums.yaml +4 -4
  2. data/lib/cfn-nag/custom_rules/NeptuneDBClusterStorageEncryptedRule.rb +29 -0
  3. metadata +2 -1
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: df7c2cd400873808f2c86c468bf2b8fe254b4f818629ca85cae8d4249e61e91b
4
- data.tar.gz: b07f2ab8db5b52656283fb72ed7660abb8d9461323230fca262434e0d9e1f8b6
3
+ metadata.gz: a997e0cc21319cddd3fabe1e7c24a628dd9bfc2337684045e9c965ff117415f1
4
+ data.tar.gz: 13affc144a0fe1d2540f53c16eb9c1faf255527a5f066eb868aa843bf2465184
5
5
  SHA512:
6
- metadata.gz: ad73aa5062aee010cf3a3ebdee335ec54e7e13f1dd366f003d7c9b613c0c91868f65508c8e6e68d883fa2dba5954c08576c1365840612b99214dda3f81655940
7
- data.tar.gz: 5c72467fe9904e35a3871186b1217890c8662010795d47d950e2980674ce53e7967f4d94b63b515067df7bba7e3f7b4c7b18f909a8ef9afa6ecc99f94423ddf0
6
+ metadata.gz: 24ddafc6dbbf7042b7f3c1e996c0f15e1c17d4ee9cd0a6de50d58e5fa59d6f1b5a313147740e2fb70a055690d40a133f4eb049d158222b3b0d36c114a5c5e8c6
7
+ data.tar.gz: b915a8b628a535107ee052b3c0bb13b95a7822c06631487874d8a71fa7ad69c04751d9df0e6fd98b06dae1b89db032f2a868337102a48464b65e5d47c9a9e147
data/lib/cfn-nag/custom_rules/NeptuneDBClusterStorageEncryptedRule.rb ADDED
@@ -0,0 +1,29 @@
1
+ # frozen_string_literal: true
2
+
3
+ require 'cfn-nag/violation'
4
+ require_relative 'base'
5
+
6
+ class NeptuneDBClusterStorageEncryptedRule < BaseRule
7
+ def rule_text
8
+ 'Neptune database cluster storage should have encryption enabled'
9
+ end
10
+
11
+ def rule_type
12
+ Violation::FAILING_VIOLATION
13
+ end
14
+
15
+ def rule_id
16
+ 'F30'
17
+ end
18
+
19
+ def audit_impl(cfn_model)
20
+ resources = cfn_model.resources_by_type('AWS::Neptune::DBCluster')
21
+
22
+ violating_storage = resources.select do |filesystem|
23
+ filesystem.storageEncrypted.nil? ||
24
+ filesystem.storageEncrypted.to_s.casecmp('false').zero?
25
+ end
26
+
27
+ violating_storage.map(&:logical_resource_id)
28
+ end
29
+ end
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: cfn-nag
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.3.74
4
+ version: 0.3.75
5
5
  platform: ruby
6
6
  authors:
7
7
  - Eric Kascic
@@ -164,6 +164,7 @@ files:
164
164
  - lib/cfn-nag/custom_rules/LambdaPermissionInvokeFunctionActionRule.rb
165
165
  - lib/cfn-nag/custom_rules/LambdaPermissionWildcardPrincipalRule.rb
166
166
  - lib/cfn-nag/custom_rules/ManagedPolicyOnUserRule.rb
167
+ - lib/cfn-nag/custom_rules/NeptuneDBClusterStorageEncryptedRule.rb
167
168
  - lib/cfn-nag/custom_rules/PolicyOnUserRule.rb
168
169
  - lib/cfn-nag/custom_rules/RDSDBClusterStorageEncryptedRule.rb
169
170
  - lib/cfn-nag/custom_rules/RDSDBInstanceStorageEncryptedRule.rb