RubyGems - cfn-nag - Versions diffs - 0.4.57 → 0.4.58 - Mend

cfn-nag 0.4.57 → 0.4.58

Files changed (3) hide show

checksums.yaml +4 -4
data/lib/cfn-nag/custom_rules/sub_property_with_list_password_base_rule.rb +12 -11
metadata +3 -3

checksums.yaml CHANGED

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 2a06771a3c2a3b470511fdafeab7098b548ac881c40b42c69181368e3ca0cfc4
-  data.tar.gz: '08245688e85cc789a680c6ea66864cabc5223190ba62dc39515a7c1c97f8a6c1'
+  metadata.gz: a9a17d342897195816d3ea2a6e2f4f450063e33adf770222c574027321462224
+  data.tar.gz: 6db70ef159bcf58c9931df62611642e214da28ab8f083e45b125c94319a4279e
 SHA512:
-  metadata.gz: d9bfc24185bc78cd27b30eb489fe61b0159903e2220a664d257836219106b0504a7bcaef6f0afcf4b0d9cc7a0d8b5d88090cda3e71443496d04dbce6b579f1f5
-  data.tar.gz: 50c0cd1f3417474f61a1513da8153a5c88699afc1aa02250236451bf379cf817a2e51fa492ee986d82dce94c2a74e2e196747768e2d6e898ea5b5f4811a599db
+  metadata.gz: 19091eedd5243b521b1a4bc939eba0648a33c91fe4e61d958d8dfa4cd629dd992b2a29d7548e01de84f5f82615bd818026adf0c28be48a5578a865b1023026a1
+  data.tar.gz: fb9f86df334d0ba05dcd5d9a0bef3c94ff6919fdc7a8e98af51b91504a8df19c38db2abf4518fd99b190570c1391be49e1e3c4069036c2f9f14a2eefd3e74544

data/lib/cfn-nag/custom_rules/sub_property_with_list_password_base_rule.rb CHANGED

@@ -20,7 +20,7 @@ class SubPropertyWithListPasswordBaseRule < BaseRule
     resources = cfn_model.resources_by_type(resource_type)
     violating_resources = resources.select do |resource|
-      verify_insecure_string_and_parameter_with_list(
+      resource_with_insecure_subproperty_within_list_property?(
         cfn_model, resource, password_property, sub_property_name
       )
     end
@@ -30,19 +30,20 @@ class SubPropertyWithListPasswordBaseRule < BaseRule
   private
-  def verify_insecure_string_and_parameter_with_list(
+  ##
+  # This method name is a mouthful.  Consider a cfn resource with a property that is a list
+  # like OpsworkStack::RdsDbInstances.  The elements of that list include a password property.
+  # This predicate goes looking for unsafe password values "down" in the elements of the list
+  #
+  def resource_with_insecure_subproperty_within_list_property?(
     cfn_model, resource, password_property, sub_property_name
   )
-    sub_property_checks_result = ''
+    property_list = resource.send(password_property)
+    return false unless property_list
-    resource.send(password_property).select do |sub_property|
-      sub_property_checks_result = insecure_parameter?(
-        cfn_model, sub_property[sub_property_name]
-      ) || insecure_string_or_dynamic_reference?(
-        cfn_model, sub_property[sub_property_name]
-      )
+    property_list.find do |property_element|
+      sub_value = property_element[sub_property_name]
+      insecure_parameter?(cfn_model, sub_value) || insecure_string_or_dynamic_reference?(cfn_model, sub_value)
     end
-    sub_property_checks_result
   end
 end

metadata CHANGED

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: cfn-nag
 version: !ruby/object:Gem::Version
-  version: 0.4.57
+  version: 0.4.58
 platform: ruby
 authors:
 - Eric Kascic
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2019-12-13 00:00:00.000000000 Z
+date: 2020-01-06 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rake
@@ -299,7 +299,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
 requirements: []
 rubyforge_project:
-rubygems_version: 2.7.6
+rubygems_version: 2.7.6.2
 signing_key:
 specification_version: 4
 summary: cfn-nag