cfn-nag 0.4.40 → 0.4.41
Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 5717509a5713623b4f9f0e8842ea6f9763f3c16282d883438b79f7792c5ca7f1
|
4
|
+
data.tar.gz: ebeea57d8a3fc5a59fd461b65d16ef11af5f14da66a3f854de7cc9ac6c2d50a9
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 8412f74d9508acfa2cf7134e27d885fb0953bda6727299c200df28f9ca4bb3d0535e9a9484f736823581aa93ea0668a3cf5abe814063de040042e7064d263725
|
7
|
+
data.tar.gz: 7fbf0e3d0f31ef8753804d208efc816209b47afb65368959f1303e06030332e340853459e786d74863c4e2bf30cb1be24622047b5982da01574f5d143ca4b358
|
@@ -22,14 +22,22 @@ class SecurityGroupEgressAllProtocolsRule < BaseRule
|
|
22
22
|
def audit_impl(cfn_model)
|
23
23
|
violating_security_groups = cfn_model.security_groups.select do |security_group|
|
24
24
|
violating_egresses = security_group.egresses.select do |egress|
|
25
|
-
egress.ipProtocol.
|
25
|
+
if egress.ipProtocol.is_a?(Integer) || egress.ipProtocol.is_a?(String)
|
26
|
+
egress.ipProtocol.to_i == -1
|
27
|
+
else
|
28
|
+
false
|
29
|
+
end
|
26
30
|
end
|
27
31
|
|
28
32
|
!violating_egresses.empty?
|
29
33
|
end
|
30
34
|
|
31
35
|
violating_egresses = cfn_model.standalone_egress.select do |standalone_egress|
|
32
|
-
standalone_egress.ipProtocol.
|
36
|
+
if standalone_egress.ipProtocol.is_a?(Integer) || standalone_egress.ipProtocol.is_a?(String)
|
37
|
+
standalone_egress.ipProtocol.to_i == -1
|
38
|
+
else
|
39
|
+
false
|
40
|
+
end
|
33
41
|
end
|
34
42
|
|
35
43
|
violating_security_groups.map(&:logical_resource_id) + violating_egresses.map(&:logical_resource_id)
|
@@ -22,14 +22,22 @@ class SecurityGroupIngressAllProtocolsRule < BaseRule
|
|
22
22
|
def audit_impl(cfn_model)
|
23
23
|
violating_security_groups = cfn_model.security_groups.select do |security_group|
|
24
24
|
violating_ingresses = security_group.ingresses.select do |ingress|
|
25
|
-
ingress.ipProtocol.
|
25
|
+
if ingress.ipProtocol.is_a?(Integer) || ingress.ipProtocol.is_a?(String)
|
26
|
+
ingress.ipProtocol.to_i == -1
|
27
|
+
else
|
28
|
+
false
|
29
|
+
end
|
26
30
|
end
|
27
31
|
|
28
32
|
!violating_ingresses.empty?
|
29
33
|
end
|
30
34
|
|
31
35
|
violating_ingresses = cfn_model.standalone_ingress.select do |standalone_ingress|
|
32
|
-
standalone_ingress.ipProtocol.
|
36
|
+
if standalone_ingress.ipProtocol.is_a?(Integer) || standalone_ingress.ipProtocol.is_a?(String)
|
37
|
+
standalone_ingress.ipProtocol.to_i == -1
|
38
|
+
else
|
39
|
+
false
|
40
|
+
end
|
33
41
|
end
|
34
42
|
|
35
43
|
violating_security_groups.map(&:logical_resource_id) + violating_ingresses.map(&:logical_resource_id)
|