cfn-nag 0.4.39 → 0.4.40
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 84fab67d616f1d8e20a7bed01e110d16ee2a7e3be28659566975b43d1fa62f49
|
|
4
|
+
data.tar.gz: 6005bc66745ff5b054b8d621aab4117ece00d3e326602dd887b454299fd6bd6a
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: c4399c6417ace2f9a9949dd1dcec508abdbc3d0f36e8124f9579edf648a34ce71f34ab0c6db9b5329fc01b9f8888dc1c5f59591a6f02e418e0a6bb9a2894e539
|
|
7
|
+
data.tar.gz: 74d61738a619b4ddf160bb29b5004478b2b2609595720a79d86fe89e79d79578655553263b7588f0d56e2c5a2c18b6c1e3ad55191168b0537fc558ce78052ce4
|
|
@@ -0,0 +1,26 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
3
|
+
require 'cfn-nag/violation'
|
|
4
|
+
require_relative 'base'
|
|
5
|
+
|
|
6
|
+
class IamRoleAdministratorAccessPolicyRule < BaseRule
|
|
7
|
+
def rule_text
|
|
8
|
+
'IAM role should not have AdministratorAccess policy'
|
|
9
|
+
end
|
|
10
|
+
|
|
11
|
+
def rule_type
|
|
12
|
+
Violation::WARNING
|
|
13
|
+
end
|
|
14
|
+
|
|
15
|
+
def rule_id
|
|
16
|
+
'W43'
|
|
17
|
+
end
|
|
18
|
+
|
|
19
|
+
def audit_impl(cfn_model)
|
|
20
|
+
violating_roles = cfn_model.resources_by_type('AWS::IAM::Role').select do |role|
|
|
21
|
+
role.managedPolicyArns.find { |policy| policy.include? 'arn:aws:iam::aws:policy/AdministratorAccess' }
|
|
22
|
+
end
|
|
23
|
+
|
|
24
|
+
violating_roles.map(&:logical_resource_id)
|
|
25
|
+
end
|
|
26
|
+
end
|
data/lib/cfn-nag/ip_addr.rb
CHANGED
|
@@ -15,8 +15,7 @@ module IpAddr
|
|
|
15
15
|
|
|
16
16
|
# only care about literals. if a Hash/Ref not going to chase it down
|
|
17
17
|
# given likely a Parameter with external val
|
|
18
|
-
|
|
19
|
-
NetAddr::CIDRv6.create('::/0'))
|
|
18
|
+
NetAddr::IPv6Net.parse(normalized_cidr_ip6).cmp(NetAddr::IPv6Net.parse('::/0')).zero?
|
|
20
19
|
end
|
|
21
20
|
|
|
22
21
|
def ip4_cidr_range?(ingress)
|
|
@@ -29,7 +28,7 @@ module IpAddr
|
|
|
29
28
|
|
|
30
29
|
# only care about literals. if a Hash/Ref not going to chase it down
|
|
31
30
|
# given likely a Parameter with external val
|
|
32
|
-
!NetAddr::
|
|
31
|
+
!NetAddr::IPv6Net.parse(normalized_cidr_ip6).to_s.end_with?('/128')
|
|
33
32
|
end
|
|
34
33
|
|
|
35
34
|
##
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: cfn-nag
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.4.
|
|
4
|
+
version: 0.4.40
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Eric Kascic
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2019-
|
|
11
|
+
date: 2019-10-26 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: rake
|
|
@@ -128,14 +128,14 @@ dependencies:
|
|
|
128
128
|
requirements:
|
|
129
129
|
- - "~>"
|
|
130
130
|
- !ruby/object:Gem::Version
|
|
131
|
-
version:
|
|
131
|
+
version: 2.0.4
|
|
132
132
|
type: :runtime
|
|
133
133
|
prerelease: false
|
|
134
134
|
version_requirements: !ruby/object:Gem::Requirement
|
|
135
135
|
requirements:
|
|
136
136
|
- - "~>"
|
|
137
137
|
- !ruby/object:Gem::Version
|
|
138
|
-
version:
|
|
138
|
+
version: 2.0.4
|
|
139
139
|
- !ruby/object:Gem::Dependency
|
|
140
140
|
name: trollop
|
|
141
141
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -195,6 +195,7 @@ files:
|
|
|
195
195
|
- lib/cfn-nag/custom_rules/IamPolicyPassRoleWildcardResourceRule.rb
|
|
196
196
|
- lib/cfn-nag/custom_rules/IamPolicyWildcardActionRule.rb
|
|
197
197
|
- lib/cfn-nag/custom_rules/IamPolicyWildcardResourceRule.rb
|
|
198
|
+
- lib/cfn-nag/custom_rules/IamRoleAdministratorAccessPolicyRule.rb
|
|
198
199
|
- lib/cfn-nag/custom_rules/IamRoleNotActionOnPermissionsPolicyRule.rb
|
|
199
200
|
- lib/cfn-nag/custom_rules/IamRoleNotActionOnTrustPolicyRule.rb
|
|
200
201
|
- lib/cfn-nag/custom_rules/IamRoleNotPrincipalOnTrustPolicyRule.rb
|