RubyGems - cfn-nag - Versions diffs - 0.4.79 → 0.4.80 - Mend

cfn-nag 0.4.79 → 0.4.80

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (3) hide show

checksums.yaml +4 -4
data/lib/cfn-nag/util/enforce_reference_parameter.rb +15 -10
metadata +2 -2

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: f6ce91dc546c1c6b4eee07dfbb7b29fe306fca7d07eaf056e2028af895ad5130
-  data.tar.gz: fe1c152bb81e939260c65b44b8118e9fa23509f830a7749bcbe0d2ff44fdc1c7
+  metadata.gz: c207ccdbcdce9c1c9c0c4ca14ae83f783397d114d8c51da41a57d17fa7e00ba2
+  data.tar.gz: 1094e9286116570bdcd596d28b14c0cfe851f68c1b96bcf417c63f627fc06623
 SHA512:
-  metadata.gz: 43d86d94b8e40bc223bf5a6acb5cab51d1e56bfef612bba5b2635f8ad227f268d3fe936b3cffc1811c55aac18aee7120938c09dd3da6e8d2fec8072dcf22bb8c
-  data.tar.gz: e2da470b82cc564283b4421e0eaf736c5cbe944edff77e862586f3ca81ed5b1c8fcd2aafcc65758f2d2ba0f4b565f424c6a8ecac1f1a2f70b50952fde4d92c93
+  metadata.gz: 14796136589e441cddd576239c4fb673e287d2d30ee121e814d02e6230611d01988d1e0e6816f3054c18ee5be012c7b8352c640767b6bd8b6d06f48034bc5777
+  data.tar.gz: a2fcd2ef673a51cd5a8debcadd2f58981950bb8d3fc77acbe22b106f03e010bb236538c47e7bf47fb9f963fd67ee6ebadf6151acbec471c3c8bf9e46d5cc9b7a

data/lib/cfn-nag/util/enforce_reference_parameter.rb CHANGED Viewed

@@ -2,8 +2,8 @@
 require 'cfn-nag/util/truthy.rb'
-# Returns false if the provided key_to_check is a no-echo parameter
-# without a default value; true otherwise.
+# Returns false if the provided key_to_check is a no-echo parameter without a
+# default value, or pseudo parameter reference to 'AWS::NoValue'; true otherwise.
 # Only applicable for a hash
 def insecure_parameter?(cfn_model, key_to_check)
   # We only want to perform the check against a hash
@@ -13,16 +13,21 @@ def insecure_parameter?(cfn_model, key_to_check)
   # verify that Ref is being used properly
   return false unless key_to_check.key? 'Ref'
-  # Check if the key parameter is Ref and if that corresponding reference is
-  # setup securely by stating NoEcho=true & Default is not present
-  if cfn_model.parameters.key? key_to_check['Ref']
-    parameter = cfn_model.parameters[key_to_check['Ref']]
-    if truthy?(parameter.noEcho) && parameter.default.nil?
-      return false
-    end
-  end
+  # Check if the property is a pseudo parameter reference to 'AWS::NoValue'
+  return false if key_to_check['Ref'] == 'AWS::NoValue'
+  # Run 'no_echo_and_no_default_parameter_check' if the key parameter is Ref
+  return no_echo_and_no_default_parameter_check(cfn_model, key_to_check) if
+    cfn_model.parameters.key? key_to_check['Ref']
   # Return true if key_to_check is a hash and/or a key Ref that does not have
   # the NoEcho parameter set to true and a Default parameter that is not nil
   true
 end
+# Returns false if the parameter is setup securely by stating NoEcho=true & Default
+# is not present; otherwise returns true
+def no_echo_and_no_default_parameter_check(cfn_model, key_to_check)
+  parameter = cfn_model.parameters[key_to_check['Ref']]
+  truthy?(parameter.noEcho) && parameter.default.nil? ? false : true
+end

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: cfn-nag
 version: !ruby/object:Gem::Version
-  version: 0.4.79
+  version: 0.4.80
 platform: ruby
 authors:
 - Eric Kascic
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2020-01-24 00:00:00.000000000 Z
+date: 2020-01-29 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rake