RubyGems - cfn-nag - Versions diffs - 0.4.47 → 0.4.48 - Mend

cfn-nag 0.4.47 → 0.4.48

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (8) hide show

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 68286cdf5f83a567d29d8ffe133ea4c7504ea26abd8afdcdab61143d4cda64ac
-  data.tar.gz: 5f1072360dbb4e49f100ba96238dcc227d7d2a6d5a0788c1157b9baa96ef2b4a
+  metadata.gz: 9b8c05850ca1c4622ee72dfe950ea4d0b3a6b80ef3db915c0ec6dec0f7b239aa
+  data.tar.gz: f69c4f271e4372f00ea392c7c76ac47ef28d7e6ee0f6b759d116db192c5e74f5
 SHA512:
-  metadata.gz: ce9407702965aeb519915b80eb9437e890909adfb7667886d8f9415c38f9600ce4672f696bd0edf71118b0824e30356dd6a3749d6ef91207d5019b01d35b1187
-  data.tar.gz: 8d2614530978baa25661959b014ad797a8119bf955026462f186f14753bfc5194869052ef7b838f8987c2501bef192f331e2596f65b1ebf68cd479b280137b2c
+  metadata.gz: 6afa307b35c4a449b4cc2279360dcbde14acbc664ab577403054676689e94a33eb4e1c9d33fc6469d73f4032d60f29b9e298218675e468ee14a747ed4e4c2785
+  data.tar.gz: 36ab1e480b2d0d133cf5e27147ca1c41b3f177fca160030912ef714bcbe193067cc29fd1c114ca726237f5eaf34ae0b9233af2f694f65e9aba4cb308e3648b33

data/lib/cfn-nag/custom_rules/AmazonMQBrokerUserPasswordRule.rb CHANGED Viewed

@@ -6,9 +6,8 @@ require 'cfn-nag/util/enforce_string_or_dynamic_reference'
 require_relative 'base'
 class AmazonMQBrokerUserPasswordRule < BaseRule
   def rule_text
-    'Amazon MQ Broker resource Users property should exist and its Password property value ' +
+    'Amazon MQ Broker resource Users property should exist and its Password property value ' \
     'should not show password in plain text, resolve an unsecure ssm string, or have a default value for parameter.'
   end
@@ -31,7 +30,7 @@ class AmazonMQBrokerUserPasswordRule < BaseRule
   private
   def user_has_insecure_password?(cfn_model, user)
-    if user.has_key? 'Password'
+    if user.key? 'Password'
       if insecure_parameter?(cfn_model, user['Password'])
         true
       elsif insecure_string_or_dynamic_reference?(cfn_model, user['Password'])
@@ -40,7 +39,7 @@ class AmazonMQBrokerUserPasswordRule < BaseRule
         true
       end
     else
-      true
+      true
     end
   end
@@ -53,5 +52,5 @@ class AmazonMQBrokerUserPasswordRule < BaseRule
     else
       true
     end
-  end
+  end
 end

data/lib/cfn-nag/custom_rules/ApiGatewayV2AccessLoggingRule.rb ADDED Viewed

@@ -0,0 +1,26 @@
+# frozen_string_literal: true
+require 'cfn-nag/violation'
+require_relative 'base'
+class ApiGatewayV2AccessLoggingRule < BaseRule
+  def rule_text
+    'ApiGateway V2 should have access logging configured'
+  end
+  def rule_type
+    Violation::WARNING
+  end
+  def rule_id
+    'W46'
+  end
+  def audit_impl(cfn_model)
+    violating_deployments = cfn_model.resources_by_type('AWS::ApiGatewayV2::Stage').select do |deployment|
+      deployment.accessLogSetting.nil?
+    end
+    violating_deployments.map(&:logical_resource_id)
+  end
+end

data/lib/cfn-nag/custom_rules/IamUserLoginProfilePasswordResetRule.rb CHANGED Viewed

@@ -28,7 +28,7 @@ class IamUserLoginProfilePasswordResetRule < BaseRule
   private
   def iam_user_password_reset_required_key?(login_profile)
-    if login_profile.has_key? 'PasswordResetRequired'
+    if login_profile.key? 'PasswordResetRequired'
       if login_profile['PasswordResetRequired'].nil?
         true
       elsif not_truthy?(login_profile['PasswordResetRequired'])
@@ -45,5 +45,5 @@ class IamUserLoginProfilePasswordResetRule < BaseRule
     else
       false
     end
-  end
+  end
 end

data/lib/cfn-nag/custom_rules/IamUserLoginProfilePasswordRule.rb CHANGED Viewed

@@ -7,7 +7,7 @@ require_relative 'base'
 class IamUserLoginProfilePasswordRule < BaseRule
   def rule_text
-    'If the IAM user LoginProile property exists, then its Password value should not ' +
+    'If the IAM user LoginProile property exists, then its Password value should not ' \
     'show password in plain text, resolve an unsecure ssm string, or have a default value for parameter.'
   end
@@ -28,9 +28,9 @@ class IamUserLoginProfilePasswordRule < BaseRule
   end
   private
   def iam_user_has_insecure_password?(cfn_model, login_profile)
-    if login_profile.has_key? 'Password'
+    if login_profile.key? 'Password'
       if insecure_parameter?(cfn_model, login_profile['Password'])
         true
       elsif insecure_string_or_dynamic_reference?(cfn_model, login_profile['Password'])
@@ -39,7 +39,7 @@ class IamUserLoginProfilePasswordRule < BaseRule
         true
       end
     else
-      true
+      true
     end
   end
@@ -49,5 +49,5 @@ class IamUserLoginProfilePasswordRule < BaseRule
     else
       false
     end
-  end
+  end
 end

data/lib/cfn-nag/custom_rules/MissingBucketPolicyRule.rb CHANGED Viewed

@@ -28,7 +28,7 @@ class MissingBucketPolicyRule < BaseRule
   def policy_for_bucket(cfn_model, bucket)
     cfn_model.resources_by_type('AWS::S3::BucketPolicy').find do |bucket_policy|
-      if bucket_policy.bucket.is_a?(Hash) && bucket_policy.bucket.has_key?('Ref')
+      if bucket_policy.bucket.is_a?(Hash) && bucket_policy.bucket.key?('Ref')
         bucket_policy.bucket['Ref'] == bucket.logical_resource_id
       else
         bucket.bucketName == bucket_policy.bucket

data/lib/cfn-nag/custom_rules/OpsWorksStackRdsDbInstancePasswordRule.rb CHANGED Viewed

@@ -6,9 +6,8 @@ require 'cfn-nag/util/enforce_string_or_dynamic_reference'
 require_relative 'base'
 class OpsWorksStackRdsDbInstancePasswordRule < BaseRule
   def rule_text
-    'OpsWorks Stack RDS DBInstance Password property should not show password ' +
+    'OpsWorks Stack RDS DBInstance Password property should not show password ' \
     'in plain text, resolve an unsecure ssm string, or have a default value for parameter.'
   end
@@ -28,10 +27,10 @@ class OpsWorksStackRdsDbInstancePasswordRule < BaseRule
     violating_opsworks_stacks.map(&:logical_resource_id)
   end
-  private
+  private
   def db_instance_has_insecure_password?(cfn_model, dbinstance)
-    if dbinstance.has_key? 'DbPassword'
+    if dbinstance.key? 'DbPassword'
       if insecure_parameter?(cfn_model, dbinstance['DbPassword'])
         true
       elsif insecure_string_or_dynamic_reference?(cfn_model, dbinstance['DbPassword'])
@@ -40,7 +39,7 @@ class OpsWorksStackRdsDbInstancePasswordRule < BaseRule
         true
       end
     else
-      true
+      true
     end
   end
@@ -53,5 +52,5 @@ class OpsWorksStackRdsDbInstancePasswordRule < BaseRule
     else
       false
     end
-  end
-end
+  end
+end

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: cfn-nag
 version: !ruby/object:Gem::Version
-  version: 0.4.47
+  version: 0.4.48
 platform: ruby
 authors:
 - Eric Kascic
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2019-11-20 00:00:00.000000000 Z
+date: 2019-11-29 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rake
@@ -159,6 +159,7 @@ files:
 - lib/cfn-nag/custom_rules/AmazonMQBrokerUserPasswordRule.rb
 - lib/cfn-nag/custom_rules/AmplifyAppBasicAuthConfigPasswordRule.rb
 - lib/cfn-nag/custom_rules/ApiGatewayAccessLoggingRule.rb
+- lib/cfn-nag/custom_rules/ApiGatewayV2AccessLoggingRule.rb
 - lib/cfn-nag/custom_rules/BatchJobDefinitionContainerPropertiesPrivilegedRule.rb
 - lib/cfn-nag/custom_rules/CloudFormationAuthenticationRule.rb
 - lib/cfn-nag/custom_rules/CloudFrontDistributionAccessLoggingRule.rb