cfn-nag 0.4.65 → 0.4.66
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/lib/cfn-nag/cfn_nag.rb +10 -4
- data/lib/cfn-nag/cfn_nag_executor.rb +8 -1
- data/lib/cfn-nag/cli_options.rb +10 -0
- metadata +3 -3
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 2280d359a4b2a0f832e6498d88c965df78818c88e1b47d042cbeb7d7a3bea1bf
|
|
4
|
+
data.tar.gz: '058c1469988d6f58e01bc21f5b7bec200cb3ab17807e99317feb47f29d512e04'
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 44b69f5f053bdff5988d742f8cdeeef3c66ab7dc1cd083fadeba8dc29f385b8e07dab0a83a425fa20c4a223838684831f90918e3dbbf2cf53649fece0b6c6f10
|
|
7
|
+
data.tar.gz: c101be4f7f77573d86485b3015a95ce30f53b7d46981aae2713d461a8ea9461dda1d29ef1270790aa830c5e2e0af2ab24c2844436029c3b473dfba72baad7671
|
data/lib/cfn-nag/cfn_nag.rb
CHANGED
|
@@ -28,10 +28,12 @@ class CfnNag
|
|
|
28
28
|
def audit_aggregate_across_files_and_render_results(input_path:,
|
|
29
29
|
output_format: 'txt',
|
|
30
30
|
parameter_values_path: nil,
|
|
31
|
+
condition_values_path: nil,
|
|
31
32
|
template_pattern: DEFAULT_TEMPLATE_PATTERN)
|
|
32
33
|
|
|
33
34
|
aggregate_results = audit_aggregate_across_files input_path: input_path,
|
|
34
35
|
parameter_values_path: parameter_values_path,
|
|
36
|
+
condition_values_path: condition_values_path,
|
|
35
37
|
template_pattern: template_pattern
|
|
36
38
|
|
|
37
39
|
render_results(aggregate_results: aggregate_results,
|
|
@@ -51,8 +53,11 @@ class CfnNag
|
|
|
51
53
|
#
|
|
52
54
|
def audit_aggregate_across_files(input_path:,
|
|
53
55
|
parameter_values_path: nil,
|
|
56
|
+
condition_values_path: nil,
|
|
54
57
|
template_pattern: DEFAULT_TEMPLATE_PATTERN)
|
|
55
58
|
parameter_values_string = parameter_values_path.nil? ? nil : IO.read(parameter_values_path)
|
|
59
|
+
condition_values_string = condition_values_path.nil? ? nil : IO.read(condition_values_path)
|
|
60
|
+
|
|
56
61
|
templates = TemplateDiscovery.new.discover_templates(input_json_path: input_path,
|
|
57
62
|
template_pattern: template_pattern)
|
|
58
63
|
aggregate_results = []
|
|
@@ -60,7 +65,8 @@ class CfnNag
|
|
|
60
65
|
aggregate_results << {
|
|
61
66
|
filename: template,
|
|
62
67
|
file_results: audit(cloudformation_string: IO.read(template),
|
|
63
|
-
parameter_values_string: parameter_values_string
|
|
68
|
+
parameter_values_string: parameter_values_string,
|
|
69
|
+
condition_values_string: condition_values_string)
|
|
64
70
|
}
|
|
65
71
|
end
|
|
66
72
|
aggregate_results
|
|
@@ -74,13 +80,13 @@ class CfnNag
|
|
|
74
80
|
#
|
|
75
81
|
# Return a hash with failure count
|
|
76
82
|
#
|
|
77
|
-
def audit(cloudformation_string:, parameter_values_string: nil)
|
|
83
|
+
def audit(cloudformation_string:, parameter_values_string: nil, condition_values_string: nil)
|
|
78
84
|
violations = []
|
|
79
|
-
|
|
80
85
|
begin
|
|
81
86
|
cfn_model = CfnParser.new.parse cloudformation_string,
|
|
82
87
|
parameter_values_string,
|
|
83
|
-
true
|
|
88
|
+
true,
|
|
89
|
+
condition_values_string
|
|
84
90
|
violations += @config.custom_rule_loader.execute_custom_rules(cfn_model)
|
|
85
91
|
|
|
86
92
|
violations = filter_violations_by_blacklist_and_profile(violations)
|
|
@@ -9,6 +9,7 @@ class CfnNagExecutor
|
|
|
9
9
|
@profile_definition = nil
|
|
10
10
|
@blacklist_definition = nil
|
|
11
11
|
@parameter_values_string = nil
|
|
12
|
+
@condition_values_string = nil
|
|
12
13
|
end
|
|
13
14
|
|
|
14
15
|
def scan(options_type:)
|
|
@@ -48,13 +49,15 @@ class CfnNagExecutor
|
|
|
48
49
|
input_path: opts[:input_path],
|
|
49
50
|
output_format: opts[:output_format],
|
|
50
51
|
parameter_values_path: opts[:parameter_values_path],
|
|
52
|
+
condition_values_path: opts[:condition_values_path],
|
|
51
53
|
template_pattern: opts[:template_pattern]
|
|
52
54
|
)
|
|
53
55
|
end
|
|
54
56
|
|
|
55
57
|
def scan_file(cfn_nag, fail_on_warnings)
|
|
56
58
|
audit_result = cfn_nag.audit(cloudformation_string: argf_read,
|
|
57
|
-
parameter_values_string: @parameter_values_string
|
|
59
|
+
parameter_values_string: @parameter_values_string,
|
|
60
|
+
condition_values_string: @condition_values_string)
|
|
58
61
|
|
|
59
62
|
@total_failure_count += if fail_on_warnings
|
|
60
63
|
audit_result[:violations].length
|
|
@@ -87,6 +90,10 @@ class CfnNagExecutor
|
|
|
87
90
|
unless opts[:parameter_values_path].nil?
|
|
88
91
|
@parameter_values_string = IO.read(opts[:parameter_values_path])
|
|
89
92
|
end
|
|
93
|
+
|
|
94
|
+
unless opts[:condition_values_path].nil?
|
|
95
|
+
@condition_values_string = IO.read(opts[:condition_values_path])
|
|
96
|
+
end
|
|
90
97
|
end
|
|
91
98
|
|
|
92
99
|
def cfn_nag_config(opts)
|
data/lib/cfn-nag/cli_options.rb
CHANGED
|
@@ -68,6 +68,11 @@ class Options
|
|
|
68
68
|
type: :string,
|
|
69
69
|
required: false,
|
|
70
70
|
default: nil
|
|
71
|
+
opt :condition_values_path,
|
|
72
|
+
'Path to a JSON file to pull Condition values from',
|
|
73
|
+
type: :string,
|
|
74
|
+
required: false,
|
|
75
|
+
default: nil
|
|
71
76
|
opt :isolate_custom_rule_exceptions,
|
|
72
77
|
custom_rule_exceptions_message,
|
|
73
78
|
type: :boolean,
|
|
@@ -132,6 +137,11 @@ class Options
|
|
|
132
137
|
type: :string,
|
|
133
138
|
required: false,
|
|
134
139
|
default: nil
|
|
140
|
+
opt :condition_values_path,
|
|
141
|
+
'Path to a JSON file to pull Condition values from',
|
|
142
|
+
type: :string,
|
|
143
|
+
required: false,
|
|
144
|
+
default: nil
|
|
135
145
|
opt :allow_suppression,
|
|
136
146
|
'Allow using Metadata to suppress violations',
|
|
137
147
|
type: :boolean,
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: cfn-nag
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.4.
|
|
4
|
+
version: 0.4.66
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Eric Kascic
|
|
@@ -72,14 +72,14 @@ dependencies:
|
|
|
72
72
|
requirements:
|
|
73
73
|
- - '='
|
|
74
74
|
- !ruby/object:Gem::Version
|
|
75
|
-
version: 0.4.
|
|
75
|
+
version: 0.4.14
|
|
76
76
|
type: :runtime
|
|
77
77
|
prerelease: false
|
|
78
78
|
version_requirements: !ruby/object:Gem::Requirement
|
|
79
79
|
requirements:
|
|
80
80
|
- - '='
|
|
81
81
|
- !ruby/object:Gem::Version
|
|
82
|
-
version: 0.4.
|
|
82
|
+
version: 0.4.14
|
|
83
83
|
- !ruby/object:Gem::Dependency
|
|
84
84
|
name: jmespath
|
|
85
85
|
requirement: !ruby/object:Gem::Requirement
|