cfn-nag 0.4.47 → 0.4.48

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 68286cdf5f83a567d29d8ffe133ea4c7504ea26abd8afdcdab61143d4cda64ac
-  data.tar.gz: 5f1072360dbb4e49f100ba96238dcc227d7d2a6d5a0788c1157b9baa96ef2b4a
+  metadata.gz: 9b8c05850ca1c4622ee72dfe950ea4d0b3a6b80ef3db915c0ec6dec0f7b239aa
+  data.tar.gz: f69c4f271e4372f00ea392c7c76ac47ef28d7e6ee0f6b759d116db192c5e74f5
 SHA512:
-  metadata.gz: ce9407702965aeb519915b80eb9437e890909adfb7667886d8f9415c38f9600ce4672f696bd0edf71118b0824e30356dd6a3749d6ef91207d5019b01d35b1187
-  data.tar.gz: 8d2614530978baa25661959b014ad797a8119bf955026462f186f14753bfc5194869052ef7b838f8987c2501bef192f331e2596f65b1ebf68cd479b280137b2c
+  metadata.gz: 6afa307b35c4a449b4cc2279360dcbde14acbc664ab577403054676689e94a33eb4e1c9d33fc6469d73f4032d60f29b9e298218675e468ee14a747ed4e4c2785
+  data.tar.gz: 36ab1e480b2d0d133cf5e27147ca1c41b3f177fca160030912ef714bcbe193067cc29fd1c114ca726237f5eaf34ae0b9233af2f694f65e9aba4cb308e3648b33

data/lib/cfn-nag/custom_rules/AmazonMQBrokerUserPasswordRule.rb

@@ -6,9 +6,8 @@ require 'cfn-nag/util/enforce_string_or_dynamic_reference'
 require_relative 'base'
 
 class AmazonMQBrokerUserPasswordRule < BaseRule
-
   def rule_text
-    'Amazon MQ Broker resource Users property should exist and its Password property value ' +
+    'Amazon MQ Broker resource Users property should exist and its Password property value ' \
     'should not show password in plain text, resolve an unsecure ssm string, or have a default value for parameter.'
   end
 
@@ -31,7 +30,7 @@ class AmazonMQBrokerUserPasswordRule < BaseRule
   private
 
   def user_has_insecure_password?(cfn_model, user)
-    if user.has_key? 'Password'
+    if user.key? 'Password'
       if insecure_parameter?(cfn_model, user['Password'])
         true
       elsif insecure_string_or_dynamic_reference?(cfn_model, user['Password'])
@@ -40,7 +39,7 @@ class AmazonMQBrokerUserPasswordRule < BaseRule
         true
       end
     else
-      true    
+      true
     end
   end
 
@@ -53,5 +52,5 @@ class AmazonMQBrokerUserPasswordRule < BaseRule
     else
       true
     end
-  end 
+  end
 end

data/lib/cfn-nag/custom_rules/ApiGatewayV2AccessLoggingRule.rb

@@ -0,0 +1,26 @@
+# frozen_string_literal: true
+
+require 'cfn-nag/violation'
+require_relative 'base'
+
+class ApiGatewayV2AccessLoggingRule < BaseRule
+  def rule_text
+    'ApiGateway V2 should have access logging configured'
+  end
+
+  def rule_type
+    Violation::WARNING
+  end
+
+  def rule_id
+    'W46'
+  end
+
+  def audit_impl(cfn_model)
+    violating_deployments = cfn_model.resources_by_type('AWS::ApiGatewayV2::Stage').select do |deployment|
+      deployment.accessLogSetting.nil?
+    end
+
+    violating_deployments.map(&:logical_resource_id)
+  end
+end

data/lib/cfn-nag/custom_rules/IamUserLoginProfilePasswordResetRule.rb

@@ -28,7 +28,7 @@ class IamUserLoginProfilePasswordResetRule < BaseRule
   private
 
   def iam_user_password_reset_required_key?(login_profile)
-    if login_profile.has_key? 'PasswordResetRequired'
+    if login_profile.key? 'PasswordResetRequired'
       if login_profile['PasswordResetRequired'].nil?
         true
       elsif not_truthy?(login_profile['PasswordResetRequired'])
@@ -45,5 +45,5 @@ class IamUserLoginProfilePasswordResetRule < BaseRule
     else
       false
     end
-  end     
+  end
 end

data/lib/cfn-nag/custom_rules/IamUserLoginProfilePasswordRule.rb

@@ -7,7 +7,7 @@ require_relative 'base'
 
 class IamUserLoginProfilePasswordRule < BaseRule
   def rule_text
-    'If the IAM user LoginProile property exists, then its Password value should not ' +
+    'If the IAM user LoginProile property exists, then its Password value should not ' \
     'show password in plain text, resolve an unsecure ssm string, or have a default value for parameter.'
   end
 
@@ -28,9 +28,9 @@ class IamUserLoginProfilePasswordRule < BaseRule
   end
 
   private
-  
+
   def iam_user_has_insecure_password?(cfn_model, login_profile)
-    if login_profile.has_key? 'Password'
+    if login_profile.key? 'Password'
       if insecure_parameter?(cfn_model, login_profile['Password'])
         true
       elsif insecure_string_or_dynamic_reference?(cfn_model, login_profile['Password'])
@@ -39,7 +39,7 @@ class IamUserLoginProfilePasswordRule < BaseRule
         true
       end
     else
-      true    
+      true
     end
   end
 
@@ -49,5 +49,5 @@ class IamUserLoginProfilePasswordRule < BaseRule
     else
       false
     end
-  end 
+  end
 end

data/lib/cfn-nag/custom_rules/MissingBucketPolicyRule.rb

@@ -28,7 +28,7 @@ class MissingBucketPolicyRule < BaseRule
 
   def policy_for_bucket(cfn_model, bucket)
     cfn_model.resources_by_type('AWS::S3::BucketPolicy').find do |bucket_policy|
-      if bucket_policy.bucket.is_a?(Hash) && bucket_policy.bucket.has_key?('Ref')
+      if bucket_policy.bucket.is_a?(Hash) && bucket_policy.bucket.key?('Ref')
         bucket_policy.bucket['Ref'] == bucket.logical_resource_id
       else
         bucket.bucketName == bucket_policy.bucket

data/lib/cfn-nag/custom_rules/OpsWorksStackRdsDbInstancePasswordRule.rb

@@ -6,9 +6,8 @@ require 'cfn-nag/util/enforce_string_or_dynamic_reference'
 require_relative 'base'
 
 class OpsWorksStackRdsDbInstancePasswordRule < BaseRule
-
   def rule_text
-    'OpsWorks Stack RDS DBInstance Password property should not show password ' +
+    'OpsWorks Stack RDS DBInstance Password property should not show password ' \
     'in plain text, resolve an unsecure ssm string, or have a default value for parameter.'
   end
 
@@ -28,10 +27,10 @@ class OpsWorksStackRdsDbInstancePasswordRule < BaseRule
     violating_opsworks_stacks.map(&:logical_resource_id)
   end
 
-  private 
+  private
 
   def db_instance_has_insecure_password?(cfn_model, dbinstance)
-    if dbinstance.has_key? 'DbPassword'
+    if dbinstance.key? 'DbPassword'
       if insecure_parameter?(cfn_model, dbinstance['DbPassword'])
         true
       elsif insecure_string_or_dynamic_reference?(cfn_model, dbinstance['DbPassword'])
@@ -40,7 +39,7 @@ class OpsWorksStackRdsDbInstancePasswordRule < BaseRule
         true
       end
     else
-      true    
+      true
     end
   end
 
@@ -53,5 +52,5 @@ class OpsWorksStackRdsDbInstancePasswordRule < BaseRule
     else
       false
     end
-  end 
-end 
+  end
+end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: cfn-nag
 version: !ruby/object:Gem::Version
-  version: 0.4.47
+  version: 0.4.48
 platform: ruby
 authors:
 - Eric Kascic
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2019-11-20 00:00:00.000000000 Z
+date: 2019-11-29 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rake
@@ -159,6 +159,7 @@ files:
 - lib/cfn-nag/custom_rules/AmazonMQBrokerUserPasswordRule.rb
 - lib/cfn-nag/custom_rules/AmplifyAppBasicAuthConfigPasswordRule.rb
 - lib/cfn-nag/custom_rules/ApiGatewayAccessLoggingRule.rb
+- lib/cfn-nag/custom_rules/ApiGatewayV2AccessLoggingRule.rb
 - lib/cfn-nag/custom_rules/BatchJobDefinitionContainerPropertiesPrivilegedRule.rb
 - lib/cfn-nag/custom_rules/CloudFormationAuthenticationRule.rb
 - lib/cfn-nag/custom_rules/CloudFrontDistributionAccessLoggingRule.rb