cfn-nag 0.4.65 → 0.4.66
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/lib/cfn-nag/cfn_nag.rb +10 -4
- data/lib/cfn-nag/cfn_nag_executor.rb +8 -1
- data/lib/cfn-nag/cli_options.rb +10 -0
- metadata +3 -3
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 2280d359a4b2a0f832e6498d88c965df78818c88e1b47d042cbeb7d7a3bea1bf
|
|
4
|
+
data.tar.gz: '058c1469988d6f58e01bc21f5b7bec200cb3ab17807e99317feb47f29d512e04'
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 44b69f5f053bdff5988d742f8cdeeef3c66ab7dc1cd083fadeba8dc29f385b8e07dab0a83a425fa20c4a223838684831f90918e3dbbf2cf53649fece0b6c6f10
|
|
7
|
+
data.tar.gz: c101be4f7f77573d86485b3015a95ce30f53b7d46981aae2713d461a8ea9461dda1d29ef1270790aa830c5e2e0af2ab24c2844436029c3b473dfba72baad7671
|
data/lib/cfn-nag/cfn_nag.rb
CHANGED
|
@@ -28,10 +28,12 @@ class CfnNag
|
|
|
28
28
|
def audit_aggregate_across_files_and_render_results(input_path:,
|
|
29
29
|
output_format: 'txt',
|
|
30
30
|
parameter_values_path: nil,
|
|
31
|
+
condition_values_path: nil,
|
|
31
32
|
template_pattern: DEFAULT_TEMPLATE_PATTERN)
|
|
32
33
|
|
|
33
34
|
aggregate_results = audit_aggregate_across_files input_path: input_path,
|
|
34
35
|
parameter_values_path: parameter_values_path,
|
|
36
|
+
condition_values_path: condition_values_path,
|
|
35
37
|
template_pattern: template_pattern
|
|
36
38
|
|
|
37
39
|
render_results(aggregate_results: aggregate_results,
|
|
@@ -51,8 +53,11 @@ class CfnNag
|
|
|
51
53
|
#
|
|
52
54
|
def audit_aggregate_across_files(input_path:,
|
|
53
55
|
parameter_values_path: nil,
|
|
56
|
+
condition_values_path: nil,
|
|
54
57
|
template_pattern: DEFAULT_TEMPLATE_PATTERN)
|
|
55
58
|
parameter_values_string = parameter_values_path.nil? ? nil : IO.read(parameter_values_path)
|
|
59
|
+
condition_values_string = condition_values_path.nil? ? nil : IO.read(condition_values_path)
|
|
60
|
+
|
|
56
61
|
templates = TemplateDiscovery.new.discover_templates(input_json_path: input_path,
|
|
57
62
|
template_pattern: template_pattern)
|
|
58
63
|
aggregate_results = []
|
|
@@ -60,7 +65,8 @@ class CfnNag
|
|
|
60
65
|
aggregate_results << {
|
|
61
66
|
filename: template,
|
|
62
67
|
file_results: audit(cloudformation_string: IO.read(template),
|
|
63
|
-
parameter_values_string: parameter_values_string
|
|
68
|
+
parameter_values_string: parameter_values_string,
|
|
69
|
+
condition_values_string: condition_values_string)
|
|
64
70
|
}
|
|
65
71
|
end
|
|
66
72
|
aggregate_results
|
|
@@ -74,13 +80,13 @@ class CfnNag
|
|
|
74
80
|
#
|
|
75
81
|
# Return a hash with failure count
|
|
76
82
|
#
|
|
77
|
-
def audit(cloudformation_string:, parameter_values_string: nil)
|
|
83
|
+
def audit(cloudformation_string:, parameter_values_string: nil, condition_values_string: nil)
|
|
78
84
|
violations = []
|
|
79
|
-
|
|
80
85
|
begin
|
|
81
86
|
cfn_model = CfnParser.new.parse cloudformation_string,
|
|
82
87
|
parameter_values_string,
|
|
83
|
-
true
|
|
88
|
+
true,
|
|
89
|
+
condition_values_string
|
|
84
90
|
violations += @config.custom_rule_loader.execute_custom_rules(cfn_model)
|
|
85
91
|
|
|
86
92
|
violations = filter_violations_by_blacklist_and_profile(violations)
|
|
@@ -9,6 +9,7 @@ class CfnNagExecutor
|
|
|
9
9
|
@profile_definition = nil
|
|
10
10
|
@blacklist_definition = nil
|
|
11
11
|
@parameter_values_string = nil
|
|
12
|
+
@condition_values_string = nil
|
|
12
13
|
end
|
|
13
14
|
|
|
14
15
|
def scan(options_type:)
|
|
@@ -48,13 +49,15 @@ class CfnNagExecutor
|
|
|
48
49
|
input_path: opts[:input_path],
|
|
49
50
|
output_format: opts[:output_format],
|
|
50
51
|
parameter_values_path: opts[:parameter_values_path],
|
|
52
|
+
condition_values_path: opts[:condition_values_path],
|
|
51
53
|
template_pattern: opts[:template_pattern]
|
|
52
54
|
)
|
|
53
55
|
end
|
|
54
56
|
|
|
55
57
|
def scan_file(cfn_nag, fail_on_warnings)
|
|
56
58
|
audit_result = cfn_nag.audit(cloudformation_string: argf_read,
|
|
57
|
-
parameter_values_string: @parameter_values_string
|
|
59
|
+
parameter_values_string: @parameter_values_string,
|
|
60
|
+
condition_values_string: @condition_values_string)
|
|
58
61
|
|
|
59
62
|
@total_failure_count += if fail_on_warnings
|
|
60
63
|
audit_result[:violations].length
|
|
@@ -87,6 +90,10 @@ class CfnNagExecutor
|
|
|
87
90
|
unless opts[:parameter_values_path].nil?
|
|
88
91
|
@parameter_values_string = IO.read(opts[:parameter_values_path])
|
|
89
92
|
end
|
|
93
|
+
|
|
94
|
+
unless opts[:condition_values_path].nil?
|
|
95
|
+
@condition_values_string = IO.read(opts[:condition_values_path])
|
|
96
|
+
end
|
|
90
97
|
end
|
|
91
98
|
|
|
92
99
|
def cfn_nag_config(opts)
|
data/lib/cfn-nag/cli_options.rb
CHANGED
|
@@ -68,6 +68,11 @@ class Options
|
|
|
68
68
|
type: :string,
|
|
69
69
|
required: false,
|
|
70
70
|
default: nil
|
|
71
|
+
opt :condition_values_path,
|
|
72
|
+
'Path to a JSON file to pull Condition values from',
|
|
73
|
+
type: :string,
|
|
74
|
+
required: false,
|
|
75
|
+
default: nil
|
|
71
76
|
opt :isolate_custom_rule_exceptions,
|
|
72
77
|
custom_rule_exceptions_message,
|
|
73
78
|
type: :boolean,
|
|
@@ -132,6 +137,11 @@ class Options
|
|
|
132
137
|
type: :string,
|
|
133
138
|
required: false,
|
|
134
139
|
default: nil
|
|
140
|
+
opt :condition_values_path,
|
|
141
|
+
'Path to a JSON file to pull Condition values from',
|
|
142
|
+
type: :string,
|
|
143
|
+
required: false,
|
|
144
|
+
default: nil
|
|
135
145
|
opt :allow_suppression,
|
|
136
146
|
'Allow using Metadata to suppress violations',
|
|
137
147
|
type: :boolean,
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: cfn-nag
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.4.
|
|
4
|
+
version: 0.4.66
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Eric Kascic
|
|
@@ -72,14 +72,14 @@ dependencies:
|
|
|
72
72
|
requirements:
|
|
73
73
|
- - '='
|
|
74
74
|
- !ruby/object:Gem::Version
|
|
75
|
-
version: 0.4.
|
|
75
|
+
version: 0.4.14
|
|
76
76
|
type: :runtime
|
|
77
77
|
prerelease: false
|
|
78
78
|
version_requirements: !ruby/object:Gem::Requirement
|
|
79
79
|
requirements:
|
|
80
80
|
- - '='
|
|
81
81
|
- !ruby/object:Gem::Version
|
|
82
|
-
version: 0.4.
|
|
82
|
+
version: 0.4.14
|
|
83
83
|
- !ruby/object:Gem::Dependency
|
|
84
84
|
name: jmespath
|
|
85
85
|
requirement: !ruby/object:Gem::Requirement
|