cfn-nag 0.4.57 → 0.4.58
Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: a9a17d342897195816d3ea2a6e2f4f450063e33adf770222c574027321462224
|
4
|
+
data.tar.gz: 6db70ef159bcf58c9931df62611642e214da28ab8f083e45b125c94319a4279e
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 19091eedd5243b521b1a4bc939eba0648a33c91fe4e61d958d8dfa4cd629dd992b2a29d7548e01de84f5f82615bd818026adf0c28be48a5578a865b1023026a1
|
7
|
+
data.tar.gz: fb9f86df334d0ba05dcd5d9a0bef3c94ff6919fdc7a8e98af51b91504a8df19c38db2abf4518fd99b190570c1391be49e1e3c4069036c2f9f14a2eefd3e74544
|
@@ -20,7 +20,7 @@ class SubPropertyWithListPasswordBaseRule < BaseRule
|
|
20
20
|
resources = cfn_model.resources_by_type(resource_type)
|
21
21
|
|
22
22
|
violating_resources = resources.select do |resource|
|
23
|
-
|
23
|
+
resource_with_insecure_subproperty_within_list_property?(
|
24
24
|
cfn_model, resource, password_property, sub_property_name
|
25
25
|
)
|
26
26
|
end
|
@@ -30,19 +30,20 @@ class SubPropertyWithListPasswordBaseRule < BaseRule
|
|
30
30
|
|
31
31
|
private
|
32
32
|
|
33
|
-
|
33
|
+
##
|
34
|
+
# This method name is a mouthful. Consider a cfn resource with a property that is a list
|
35
|
+
# like OpsworkStack::RdsDbInstances. The elements of that list include a password property.
|
36
|
+
# This predicate goes looking for unsafe password values "down" in the elements of the list
|
37
|
+
#
|
38
|
+
def resource_with_insecure_subproperty_within_list_property?(
|
34
39
|
cfn_model, resource, password_property, sub_property_name
|
35
40
|
)
|
36
|
-
|
41
|
+
property_list = resource.send(password_property)
|
42
|
+
return false unless property_list
|
37
43
|
|
38
|
-
|
39
|
-
|
40
|
-
|
41
|
-
) || insecure_string_or_dynamic_reference?(
|
42
|
-
cfn_model, sub_property[sub_property_name]
|
43
|
-
)
|
44
|
+
property_list.find do |property_element|
|
45
|
+
sub_value = property_element[sub_property_name]
|
46
|
+
insecure_parameter?(cfn_model, sub_value) || insecure_string_or_dynamic_reference?(cfn_model, sub_value)
|
44
47
|
end
|
45
|
-
|
46
|
-
sub_property_checks_result
|
47
48
|
end
|
48
49
|
end
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: cfn-nag
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.4.
|
4
|
+
version: 0.4.58
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Eric Kascic
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date:
|
11
|
+
date: 2020-01-06 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: rake
|
@@ -299,7 +299,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
299
299
|
version: '0'
|
300
300
|
requirements: []
|
301
301
|
rubyforge_project:
|
302
|
-
rubygems_version: 2.7.6
|
302
|
+
rubygems_version: 2.7.6.2
|
303
303
|
signing_key:
|
304
304
|
specification_version: 4
|
305
305
|
summary: cfn-nag
|