cfn-nag 0.4.79 → 0.4.80
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/lib/cfn-nag/util/enforce_reference_parameter.rb +15 -10
- metadata +2 -2
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: c207ccdbcdce9c1c9c0c4ca14ae83f783397d114d8c51da41a57d17fa7e00ba2
|
4
|
+
data.tar.gz: 1094e9286116570bdcd596d28b14c0cfe851f68c1b96bcf417c63f627fc06623
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 14796136589e441cddd576239c4fb673e287d2d30ee121e814d02e6230611d01988d1e0e6816f3054c18ee5be012c7b8352c640767b6bd8b6d06f48034bc5777
|
7
|
+
data.tar.gz: a2fcd2ef673a51cd5a8debcadd2f58981950bb8d3fc77acbe22b106f03e010bb236538c47e7bf47fb9f963fd67ee6ebadf6151acbec471c3c8bf9e46d5cc9b7a
|
@@ -2,8 +2,8 @@
|
|
2
2
|
|
3
3
|
require 'cfn-nag/util/truthy.rb'
|
4
4
|
|
5
|
-
# Returns false if the provided key_to_check is a no-echo parameter
|
6
|
-
#
|
5
|
+
# Returns false if the provided key_to_check is a no-echo parameter without a
|
6
|
+
# default value, or pseudo parameter reference to 'AWS::NoValue'; true otherwise.
|
7
7
|
# Only applicable for a hash
|
8
8
|
def insecure_parameter?(cfn_model, key_to_check)
|
9
9
|
# We only want to perform the check against a hash
|
@@ -13,16 +13,21 @@ def insecure_parameter?(cfn_model, key_to_check)
|
|
13
13
|
# verify that Ref is being used properly
|
14
14
|
return false unless key_to_check.key? 'Ref'
|
15
15
|
|
16
|
-
# Check if the
|
17
|
-
|
18
|
-
|
19
|
-
|
20
|
-
|
21
|
-
|
22
|
-
end
|
23
|
-
end
|
16
|
+
# Check if the property is a pseudo parameter reference to 'AWS::NoValue'
|
17
|
+
return false if key_to_check['Ref'] == 'AWS::NoValue'
|
18
|
+
|
19
|
+
# Run 'no_echo_and_no_default_parameter_check' if the key parameter is Ref
|
20
|
+
return no_echo_and_no_default_parameter_check(cfn_model, key_to_check) if
|
21
|
+
cfn_model.parameters.key? key_to_check['Ref']
|
24
22
|
|
25
23
|
# Return true if key_to_check is a hash and/or a key Ref that does not have
|
26
24
|
# the NoEcho parameter set to true and a Default parameter that is not nil
|
27
25
|
true
|
28
26
|
end
|
27
|
+
|
28
|
+
# Returns false if the parameter is setup securely by stating NoEcho=true & Default
|
29
|
+
# is not present; otherwise returns true
|
30
|
+
def no_echo_and_no_default_parameter_check(cfn_model, key_to_check)
|
31
|
+
parameter = cfn_model.parameters[key_to_check['Ref']]
|
32
|
+
truthy?(parameter.noEcho) && parameter.default.nil? ? false : true
|
33
|
+
end
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: cfn-nag
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.4.
|
4
|
+
version: 0.4.80
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Eric Kascic
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2020-01-
|
11
|
+
date: 2020-01-29 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: rake
|