cfn-nag 0.4.22 → 0.4.23

Sign up to get free protection for your applications and to get access to all the features.
Files changed (3) hide show
  1. checksums.yaml +4 -4
  2. data/lib/cfn-nag/custom_rules/DirectoryServiceMicrosoftADPasswordRule.rb +35 -0
  3. metadata +2 -1
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: '038caece854c50f7ebec0952dbc3cc0f5e1c927cda89dd2bdef8215b99227472'
4
- data.tar.gz: 350cfc8557373e05b8fa8b8e6e7ba44eb47108ae6754ad140718fb660892479c
3
+ metadata.gz: a5572ec3d44e64f632333208c4033c6886dedc9d863bd42a4fe6f3375cc0f9af
4
+ data.tar.gz: 9bf4ee8a6658b21a1081b207305ad8b62ae7a1fd2d030d72a12521b31a20c20d
5
5
  SHA512:
6
- metadata.gz: d85175a322115a26297b5f6e4e0e9ed4fe83ec80ba1abafadc85d2b02679d1b215691b722228b540b964b7df9aa2c47caac3b146673b9c216a53f982dccc7902
7
- data.tar.gz: ff1d1f38cc89924fa0b9471c0bf070be4bc664c53ede824ea52f191b2bea3fe2a9956101478c9a9fd3544894266b7f7090531d21fe1ea9465f05b2b00b15aa48
6
+ metadata.gz: f1de134ef12c55bf97777244950df3e2b268619e6fb3df596f970bb8591111db26a16b7a697d0cab48f660448cf40f3936c5a19cef2ab360bd8badb861953216
7
+ data.tar.gz: 400363143dae1804502ab59a826cfa394527833b435a8a0ca1087b3f778ab7591e1a261761139791a66d1d0e3c2afa9a68423af6dbc809da6d73afd023552c98
data/lib/cfn-nag/custom_rules/DirectoryServiceMicrosoftADPasswordRule.rb ADDED
@@ -0,0 +1,35 @@
1
+ # frozen_string_literal: true
2
+
3
+ require 'cfn-nag/violation'
4
+ require 'cfn-nag/util/enforce_reference_parameter'
5
+ require 'cfn-nag/util/enforce_string_or_dynamic_reference'
6
+ require_relative 'base'
7
+
8
+ # Rule class to fail on DirectoryService::MicrosoftAD password in template
9
+ class DirectoryServiceMicrosoftADPasswordRule < BaseRule
10
+ def rule_text
11
+ 'Directory Service Microsoft AD must not be a plaintext string or a ' \
12
+ 'Ref to a NoEcho Parameter with a Default value.'
13
+ end
14
+
15
+ def rule_type
16
+ Violation::FAILING_VIOLATION
17
+ end
18
+
19
+ def rule_id
20
+ 'F36'
21
+ end
22
+
23
+ def audit_impl(cfn_model)
24
+ violating_ad = cfn_model.resources_by_type('AWS::DirectoryService::MicrosoftAD')
25
+ .select do |ad|
26
+ if ad.password.nil?
27
+ false
28
+ else
29
+ insecure_parameter?(cfn_model, ad.password) ||
30
+ insecure_string_or_dynamic_reference?(cfn_model, ad.password)
31
+ end
32
+ end
33
+ violating_ad.map(&:logical_resource_id)
34
+ end
35
+ end
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: cfn-nag
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.4.22
4
+ version: 0.4.23
5
5
  platform: ruby
6
6
  authors:
7
7
  - Eric Kascic
@@ -175,6 +175,7 @@ files:
175
175
  - lib/cfn-nag/custom_rules/CloudFrontDistributionAccessLoggingRule.rb
176
176
  - lib/cfn-nag/custom_rules/CodeBuildEncryptionKeyRule.rb
177
177
  - lib/cfn-nag/custom_rules/DMSEndpointPasswordRule.rb
178
+ - lib/cfn-nag/custom_rules/DirectoryServiceMicrosoftADPasswordRule.rb
178
179
  - lib/cfn-nag/custom_rules/DirectoryServiceSimpleADPasswordRule.rb
179
180
  - lib/cfn-nag/custom_rules/EC2SubnetMapPublicIpOnLaunchRule.rb
180
181
  - lib/cfn-nag/custom_rules/EFSFileSystemEncryptedRule.rb