cfn-nag 0.4.40 → 0.4.41

Sign up to get free protection for your applications and to get access to all the features.
Files changed (4) hide show
  1. checksums.yaml +4 -4
  2. data/lib/cfn-nag/custom_rules/SecurityGroupEgressAllProtocolsRule.rb +10 -2
  3. data/lib/cfn-nag/custom_rules/SecurityGroupIngressAllProtocolsRule.rb +10 -2
  4. metadata +1 -1
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 84fab67d616f1d8e20a7bed01e110d16ee2a7e3be28659566975b43d1fa62f49
4
- data.tar.gz: 6005bc66745ff5b054b8d621aab4117ece00d3e326602dd887b454299fd6bd6a
3
+ metadata.gz: 5717509a5713623b4f9f0e8842ea6f9763f3c16282d883438b79f7792c5ca7f1
4
+ data.tar.gz: ebeea57d8a3fc5a59fd461b65d16ef11af5f14da66a3f854de7cc9ac6c2d50a9
5
5
  SHA512:
6
- metadata.gz: c4399c6417ace2f9a9949dd1dcec508abdbc3d0f36e8124f9579edf648a34ce71f34ab0c6db9b5329fc01b9f8888dc1c5f59591a6f02e418e0a6bb9a2894e539
7
- data.tar.gz: 74d61738a619b4ddf160bb29b5004478b2b2609595720a79d86fe89e79d79578655553263b7588f0d56e2c5a2c18b6c1e3ad55191168b0537fc558ce78052ce4
6
+ metadata.gz: 8412f74d9508acfa2cf7134e27d885fb0953bda6727299c200df28f9ca4bb3d0535e9a9484f736823581aa93ea0668a3cf5abe814063de040042e7064d263725
7
+ data.tar.gz: 7fbf0e3d0f31ef8753804d208efc816209b47afb65368959f1303e06030332e340853459e786d74863c4e2bf30cb1be24622047b5982da01574f5d143ca4b358
data/lib/cfn-nag/custom_rules/SecurityGroupEgressAllProtocolsRule.rb CHANGED
@@ -22,14 +22,22 @@ class SecurityGroupEgressAllProtocolsRule < BaseRule
22
22
  def audit_impl(cfn_model)
23
23
  violating_security_groups = cfn_model.security_groups.select do |security_group|
24
24
  violating_egresses = security_group.egresses.select do |egress|
25
- egress.ipProtocol.to_i == -1
25
+ if egress.ipProtocol.is_a?(Integer) || egress.ipProtocol.is_a?(String)
26
+ egress.ipProtocol.to_i == -1
27
+ else
28
+ false
29
+ end
26
30
  end
27
31
 
28
32
  !violating_egresses.empty?
29
33
  end
30
34
 
31
35
  violating_egresses = cfn_model.standalone_egress.select do |standalone_egress|
32
- standalone_egress.ipProtocol.to_i == -1
36
+ if standalone_egress.ipProtocol.is_a?(Integer) || standalone_egress.ipProtocol.is_a?(String)
37
+ standalone_egress.ipProtocol.to_i == -1
38
+ else
39
+ false
40
+ end
33
41
  end
34
42
 
35
43
  violating_security_groups.map(&:logical_resource_id) + violating_egresses.map(&:logical_resource_id)
data/lib/cfn-nag/custom_rules/SecurityGroupIngressAllProtocolsRule.rb CHANGED
@@ -22,14 +22,22 @@ class SecurityGroupIngressAllProtocolsRule < BaseRule
22
22
  def audit_impl(cfn_model)
23
23
  violating_security_groups = cfn_model.security_groups.select do |security_group|
24
24
  violating_ingresses = security_group.ingresses.select do |ingress|
25
- ingress.ipProtocol.to_i == -1
25
+ if ingress.ipProtocol.is_a?(Integer) || ingress.ipProtocol.is_a?(String)
26
+ ingress.ipProtocol.to_i == -1
27
+ else
28
+ false
29
+ end
26
30
  end
27
31
 
28
32
  !violating_ingresses.empty?
29
33
  end
30
34
 
31
35
  violating_ingresses = cfn_model.standalone_ingress.select do |standalone_ingress|
32
- standalone_ingress.ipProtocol.to_i == -1
36
+ if standalone_ingress.ipProtocol.is_a?(Integer) || standalone_ingress.ipProtocol.is_a?(String)
37
+ standalone_ingress.ipProtocol.to_i == -1
38
+ else
39
+ false
40
+ end
33
41
  end
34
42
 
35
43
  violating_security_groups.map(&:logical_resource_id) + violating_ingresses.map(&:logical_resource_id)
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: cfn-nag
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.4.40
4
+ version: 0.4.41
5
5
  platform: ruby
6
6
  authors:
7
7
  - Eric Kascic