cfn-nag 0.3.90 → 0.3.91

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (3) hide show
  1. checksums.yaml +4 -4
  2. data/lib/cfn-nag/custom_rules/RDSDBClusterMasterUserPasswordRule.rb +34 -0
  3. metadata +2 -1
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: cc4b8b708a805dad2562ec6ae5bbd1cb9c437759ef061ff1030bcb1763b80b66
4
- data.tar.gz: 763c796f00b3f1fae3934aa4da9954b2de1e055a4c710568f96f9e9a26dcb944
3
+ metadata.gz: 3f40f65975a2ed5d50a3a72b174f8562f764326a97eb112ec0f524fb4b6e7863
4
+ data.tar.gz: 993119f1fd34789fe178ec442c069d3579de9cb04dcf1a633dade96c2b2119d2
5
5
  SHA512:
6
- metadata.gz: 1a8a8da8c18b2ab0e35e3eba6ffd4de7c4b2fb7ea824184092766c51cff017afaf7f559676f5235b103f35c235190b477e9cb02ac9a6819ed3b963cb67ab51eb
7
- data.tar.gz: 5dc009b73752c4b9d65b9d8308e11cf66566e4a269601015ac50ce642611be55e6dd3ec7740f68728a0e5411a8c368ec2399813cd8721a82fe81250a3089265f
6
+ metadata.gz: b337de0686cde4f4360a5d287c39e9842beee6698091494ac4986af042f1277ad21555addd9d3b9639b5d60f08e5b197dbb3545989cc0e188b545cab22cecde5
7
+ data.tar.gz: e0b942081494bedd9a77760aa7db6595a81e85c9bf4356331df0c269d2c19ebb32a1201cc96825b0f63e36f8df6a7eed6d061742c756dbbae7daad6b58c125e0
data/lib/cfn-nag/custom_rules/RDSDBClusterMasterUserPasswordRule.rb ADDED
@@ -0,0 +1,34 @@
1
+ # frozen_string_literal: true
2
+
3
+ require 'cfn-nag/violation'
4
+ require 'cfn-nag/util/enforce_noecho_parameter.rb'
5
+ require_relative 'base'
6
+
7
+ class RDSDBClusterMasterUserPasswordRule < BaseRule
8
+ def rule_text
9
+ 'RDS DB Cluster master user password must be Ref to NoEcho Parameter. ' \
10
+ 'Default credentials are not recommended'
11
+ end
12
+
13
+ def rule_type
14
+ Violation::FAILING_VIOLATION
15
+ end
16
+
17
+ def rule_id
18
+ 'F32'
19
+ end
20
+
21
+ def audit_impl(cfn_model)
22
+ rds_dbclusters = cfn_model.resources_by_type('AWS::RDS::DBCluster')
23
+ violating_rdsclusters = rds_dbclusters.select do |cluster|
24
+ if cluster.masterUserPassword.nil?
25
+ false
26
+ else
27
+ !no_echo_parameter_without_default?(cfn_model,
28
+ cluster.masterUserPassword)
29
+ end
30
+ end
31
+
32
+ violating_rdsclusters.map(&:logical_resource_id)
33
+ end
34
+ end
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: cfn-nag
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.3.90
4
+ version: 0.3.91
5
5
  platform: ruby
6
6
  authors:
7
7
  - Eric Kascic
@@ -170,6 +170,7 @@ files:
170
170
  - lib/cfn-nag/custom_rules/ManagedPolicyOnUserRule.rb
171
171
  - lib/cfn-nag/custom_rules/NeptuneDBClusterStorageEncryptedRule.rb
172
172
  - lib/cfn-nag/custom_rules/PolicyOnUserRule.rb
173
+ - lib/cfn-nag/custom_rules/RDSDBClusterMasterUserPasswordRule.rb
173
174
  - lib/cfn-nag/custom_rules/RDSDBClusterStorageEncryptedRule.rb
174
175
  - lib/cfn-nag/custom_rules/RDSDBInstanceStorageEncryptedRule.rb
175
176
  - lib/cfn-nag/custom_rules/RDSInstanceMasterUserPasswordRule.rb