cfn-nag 0.4.22 → 0.4.23
Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: a5572ec3d44e64f632333208c4033c6886dedc9d863bd42a4fe6f3375cc0f9af
|
4
|
+
data.tar.gz: 9bf4ee8a6658b21a1081b207305ad8b62ae7a1fd2d030d72a12521b31a20c20d
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: f1de134ef12c55bf97777244950df3e2b268619e6fb3df596f970bb8591111db26a16b7a697d0cab48f660448cf40f3936c5a19cef2ab360bd8badb861953216
|
7
|
+
data.tar.gz: 400363143dae1804502ab59a826cfa394527833b435a8a0ca1087b3f778ab7591e1a261761139791a66d1d0e3c2afa9a68423af6dbc809da6d73afd023552c98
|
@@ -0,0 +1,35 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
require 'cfn-nag/violation'
|
4
|
+
require 'cfn-nag/util/enforce_reference_parameter'
|
5
|
+
require 'cfn-nag/util/enforce_string_or_dynamic_reference'
|
6
|
+
require_relative 'base'
|
7
|
+
|
8
|
+
# Rule class to fail on DirectoryService::MicrosoftAD password in template
|
9
|
+
class DirectoryServiceMicrosoftADPasswordRule < BaseRule
|
10
|
+
def rule_text
|
11
|
+
'Directory Service Microsoft AD must not be a plaintext string or a ' \
|
12
|
+
'Ref to a NoEcho Parameter with a Default value.'
|
13
|
+
end
|
14
|
+
|
15
|
+
def rule_type
|
16
|
+
Violation::FAILING_VIOLATION
|
17
|
+
end
|
18
|
+
|
19
|
+
def rule_id
|
20
|
+
'F36'
|
21
|
+
end
|
22
|
+
|
23
|
+
def audit_impl(cfn_model)
|
24
|
+
violating_ad = cfn_model.resources_by_type('AWS::DirectoryService::MicrosoftAD')
|
25
|
+
.select do |ad|
|
26
|
+
if ad.password.nil?
|
27
|
+
false
|
28
|
+
else
|
29
|
+
insecure_parameter?(cfn_model, ad.password) ||
|
30
|
+
insecure_string_or_dynamic_reference?(cfn_model, ad.password)
|
31
|
+
end
|
32
|
+
end
|
33
|
+
violating_ad.map(&:logical_resource_id)
|
34
|
+
end
|
35
|
+
end
|
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: cfn-nag
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.4.
|
4
|
+
version: 0.4.23
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Eric Kascic
|
@@ -175,6 +175,7 @@ files:
|
|
175
175
|
- lib/cfn-nag/custom_rules/CloudFrontDistributionAccessLoggingRule.rb
|
176
176
|
- lib/cfn-nag/custom_rules/CodeBuildEncryptionKeyRule.rb
|
177
177
|
- lib/cfn-nag/custom_rules/DMSEndpointPasswordRule.rb
|
178
|
+
- lib/cfn-nag/custom_rules/DirectoryServiceMicrosoftADPasswordRule.rb
|
178
179
|
- lib/cfn-nag/custom_rules/DirectoryServiceSimpleADPasswordRule.rb
|
179
180
|
- lib/cfn-nag/custom_rules/EC2SubnetMapPublicIpOnLaunchRule.rb
|
180
181
|
- lib/cfn-nag/custom_rules/EFSFileSystemEncryptedRule.rb
|