cfn-nag 0.3.90 → 0.3.91

Sign up to get free protection for your applications and to get access to all the features.
Files changed (3) hide show
  1. checksums.yaml +4 -4
  2. data/lib/cfn-nag/custom_rules/RDSDBClusterMasterUserPasswordRule.rb +34 -0
  3. metadata +2 -1
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: cc4b8b708a805dad2562ec6ae5bbd1cb9c437759ef061ff1030bcb1763b80b66
4
- data.tar.gz: 763c796f00b3f1fae3934aa4da9954b2de1e055a4c710568f96f9e9a26dcb944
3
+ metadata.gz: 3f40f65975a2ed5d50a3a72b174f8562f764326a97eb112ec0f524fb4b6e7863
4
+ data.tar.gz: 993119f1fd34789fe178ec442c069d3579de9cb04dcf1a633dade96c2b2119d2
5
5
  SHA512:
6
- metadata.gz: 1a8a8da8c18b2ab0e35e3eba6ffd4de7c4b2fb7ea824184092766c51cff017afaf7f559676f5235b103f35c235190b477e9cb02ac9a6819ed3b963cb67ab51eb
7
- data.tar.gz: 5dc009b73752c4b9d65b9d8308e11cf66566e4a269601015ac50ce642611be55e6dd3ec7740f68728a0e5411a8c368ec2399813cd8721a82fe81250a3089265f
6
+ metadata.gz: b337de0686cde4f4360a5d287c39e9842beee6698091494ac4986af042f1277ad21555addd9d3b9639b5d60f08e5b197dbb3545989cc0e188b545cab22cecde5
7
+ data.tar.gz: e0b942081494bedd9a77760aa7db6595a81e85c9bf4356331df0c269d2c19ebb32a1201cc96825b0f63e36f8df6a7eed6d061742c756dbbae7daad6b58c125e0
data/lib/cfn-nag/custom_rules/RDSDBClusterMasterUserPasswordRule.rb ADDED
@@ -0,0 +1,34 @@
1
+ # frozen_string_literal: true
2
+
3
+ require 'cfn-nag/violation'
4
+ require 'cfn-nag/util/enforce_noecho_parameter.rb'
5
+ require_relative 'base'
6
+
7
+ class RDSDBClusterMasterUserPasswordRule < BaseRule
8
+ def rule_text
9
+ 'RDS DB Cluster master user password must be Ref to NoEcho Parameter. ' \
10
+ 'Default credentials are not recommended'
11
+ end
12
+
13
+ def rule_type
14
+ Violation::FAILING_VIOLATION
15
+ end
16
+
17
+ def rule_id
18
+ 'F32'
19
+ end
20
+
21
+ def audit_impl(cfn_model)
22
+ rds_dbclusters = cfn_model.resources_by_type('AWS::RDS::DBCluster')
23
+ violating_rdsclusters = rds_dbclusters.select do |cluster|
24
+ if cluster.masterUserPassword.nil?
25
+ false
26
+ else
27
+ !no_echo_parameter_without_default?(cfn_model,
28
+ cluster.masterUserPassword)
29
+ end
30
+ end
31
+
32
+ violating_rdsclusters.map(&:logical_resource_id)
33
+ end
34
+ end
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: cfn-nag
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.3.90
4
+ version: 0.3.91
5
5
  platform: ruby
6
6
  authors:
7
7
  - Eric Kascic
@@ -170,6 +170,7 @@ files:
170
170
  - lib/cfn-nag/custom_rules/ManagedPolicyOnUserRule.rb
171
171
  - lib/cfn-nag/custom_rules/NeptuneDBClusterStorageEncryptedRule.rb
172
172
  - lib/cfn-nag/custom_rules/PolicyOnUserRule.rb
173
+ - lib/cfn-nag/custom_rules/RDSDBClusterMasterUserPasswordRule.rb
173
174
  - lib/cfn-nag/custom_rules/RDSDBClusterStorageEncryptedRule.rb
174
175
  - lib/cfn-nag/custom_rules/RDSDBInstanceStorageEncryptedRule.rb
175
176
  - lib/cfn-nag/custom_rules/RDSInstanceMasterUserPasswordRule.rb