cfn-nag 0.4.66 → 0.4.67

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 2280d359a4b2a0f832e6498d88c965df78818c88e1b47d042cbeb7d7a3bea1bf
-  data.tar.gz: '058c1469988d6f58e01bc21f5b7bec200cb3ab17807e99317feb47f29d512e04'
+  metadata.gz: 8769d9bcf12f321f03800febc20089cdcac586a599e6dcc40a180ec2a7f99e66
+  data.tar.gz: d3fb30333bb5715f0160418b4061c64eceaf98e57ba9600e609efd2baf9f6840
 SHA512:
-  metadata.gz: 44b69f5f053bdff5988d742f8cdeeef3c66ab7dc1cd083fadeba8dc29f385b8e07dab0a83a425fa20c4a223838684831f90918e3dbbf2cf53649fece0b6c6f10
-  data.tar.gz: c101be4f7f77573d86485b3015a95ce30f53b7d46981aae2713d461a8ea9461dda1d29ef1270790aa830c5e2e0af2ab24c2844436029c3b473dfba72baad7671
+  metadata.gz: 28ce25e4be510a3416e9722c423b6c6432d4fbc7b08bd81a77c16f450448f5bce00ba1a32fdd99ab174ec9f1031b9b46025effcabc533148d9658fac32a3b28d
+  data.tar.gz: c2c27a01e098799c83fad0b7ac2100e7bbdcd9b345a86957f95caf17ae65ac91c04ef1e577aa282a6ab7eb80fc24abfbfabfe02e5aa6ca8e72d83e01dd52f978

data/lib/cfn-nag/custom_rules/OpsWorksAppAppSourcePasswordRule.rb

@@ -0,0 +1,31 @@
+# frozen_string_literal: true
+
+require 'cfn-nag/violation'
+require_relative 'password_base_rule'
+
+class OpsWorksAppAppSourcePasswordRule < PasswordBaseRule
+  def rule_text
+    'OpsWorks App AppSource Password must not be a plaintext ' \
+    'string or a Ref to a NoEcho Parameter with a Default value.' \
+  end
+
+  def rule_type
+    Violation::FAILING_VIOLATION
+  end
+
+  def rule_id
+    'F67'
+  end
+
+  def resource_type
+    'AWS::OpsWorks::App'
+  end
+
+  def password_property
+    :appSource
+  end
+
+  def sub_property_name
+    'Password'
+  end
+end

data/lib/cfn-nag/custom_rules/OpsWorksAppSslConfigurationPrivateKeyRule.rb

@@ -0,0 +1,31 @@
+# frozen_string_literal: true
+
+require 'cfn-nag/violation'
+require_relative 'password_base_rule'
+
+class OpsWorksAppSslConfigurationPrivateKeyRule < PasswordBaseRule
+  def rule_text
+    'OpsWorks App SslConfiguration PrivateKey must not be a plaintext ' \
+    'string or a Ref to a NoEcho Parameter with a Default value.' \
+  end
+
+  def rule_type
+    Violation::FAILING_VIOLATION
+  end
+
+  def rule_id
+    'F61'
+  end
+
+  def resource_type
+    'AWS::OpsWorks::App'
+  end
+
+  def password_property
+    :sslConfiguration
+  end
+
+  def sub_property_name
+    'PrivateKey'
+  end
+end

data/lib/cfn-nag/custom_rules/OpsWorksStackCustomCookbooksSourcePasswordRule.rb

@@ -0,0 +1,31 @@
+# frozen_string_literal: true
+
+require 'cfn-nag/violation'
+require_relative 'password_base_rule'
+
+class OpsWorksStackCustomCookbooksSourcePasswordRule < PasswordBaseRule
+  def rule_text
+    'OpsWorks Stack CustomCookbooksSource Password must not be a plaintext ' \
+    'string or a Ref to a NoEcho Parameter with a Default value.' \
+  end
+
+  def rule_type
+    Violation::FAILING_VIOLATION
+  end
+
+  def rule_id
+    'F62'
+  end
+
+  def resource_type
+    'AWS::OpsWorks::Stack'
+  end
+
+  def password_property
+    :customCookbooksSource
+  end
+
+  def sub_property_name
+    'Password'
+  end
+end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: cfn-nag
 version: !ruby/object:Gem::Version
-  version: 0.4.66
+  version: 0.4.67
 platform: ruby
 authors:
 - Eric Kascic
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2020-01-14 00:00:00.000000000 Z
+date: 2020-01-16 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rake
@@ -216,6 +216,9 @@ files:
 - lib/cfn-nag/custom_rules/ManagedPolicyOnUserRule.rb
 - lib/cfn-nag/custom_rules/MissingBucketPolicyRule.rb
 - lib/cfn-nag/custom_rules/NeptuneDBClusterStorageEncryptedRule.rb
+- lib/cfn-nag/custom_rules/OpsWorksAppAppSourcePasswordRule.rb
+- lib/cfn-nag/custom_rules/OpsWorksAppSslConfigurationPrivateKeyRule.rb
+- lib/cfn-nag/custom_rules/OpsWorksStackCustomCookbooksSourcePasswordRule.rb
 - lib/cfn-nag/custom_rules/OpsWorksStackRdsDbInstancesDbPasswordRule.rb
 - lib/cfn-nag/custom_rules/PolicyOnUserRule.rb
 - lib/cfn-nag/custom_rules/RDSDBClusterMasterUserPasswordRule.rb