cfn-nag 0.4.79 → 0.4.80

Sign up to get free protection for your applications and to get access to all the features.
Files changed (3) hide show
  1. checksums.yaml +4 -4
  2. data/lib/cfn-nag/util/enforce_reference_parameter.rb +15 -10
  3. metadata +2 -2
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: f6ce91dc546c1c6b4eee07dfbb7b29fe306fca7d07eaf056e2028af895ad5130
4
- data.tar.gz: fe1c152bb81e939260c65b44b8118e9fa23509f830a7749bcbe0d2ff44fdc1c7
3
+ metadata.gz: c207ccdbcdce9c1c9c0c4ca14ae83f783397d114d8c51da41a57d17fa7e00ba2
4
+ data.tar.gz: 1094e9286116570bdcd596d28b14c0cfe851f68c1b96bcf417c63f627fc06623
5
5
  SHA512:
6
- metadata.gz: 43d86d94b8e40bc223bf5a6acb5cab51d1e56bfef612bba5b2635f8ad227f268d3fe936b3cffc1811c55aac18aee7120938c09dd3da6e8d2fec8072dcf22bb8c
7
- data.tar.gz: e2da470b82cc564283b4421e0eaf736c5cbe944edff77e862586f3ca81ed5b1c8fcd2aafcc65758f2d2ba0f4b565f424c6a8ecac1f1a2f70b50952fde4d92c93
6
+ metadata.gz: 14796136589e441cddd576239c4fb673e287d2d30ee121e814d02e6230611d01988d1e0e6816f3054c18ee5be012c7b8352c640767b6bd8b6d06f48034bc5777
7
+ data.tar.gz: a2fcd2ef673a51cd5a8debcadd2f58981950bb8d3fc77acbe22b106f03e010bb236538c47e7bf47fb9f963fd67ee6ebadf6151acbec471c3c8bf9e46d5cc9b7a
data/lib/cfn-nag/util/enforce_reference_parameter.rb CHANGED
@@ -2,8 +2,8 @@
2
2
 
3
3
  require 'cfn-nag/util/truthy.rb'
4
4
 
5
- # Returns false if the provided key_to_check is a no-echo parameter
6
- # without a default value; true otherwise.
5
+ # Returns false if the provided key_to_check is a no-echo parameter without a
6
+ # default value, or pseudo parameter reference to 'AWS::NoValue'; true otherwise.
7
7
  # Only applicable for a hash
8
8
  def insecure_parameter?(cfn_model, key_to_check)
9
9
  # We only want to perform the check against a hash
@@ -13,16 +13,21 @@ def insecure_parameter?(cfn_model, key_to_check)
13
13
  # verify that Ref is being used properly
14
14
  return false unless key_to_check.key? 'Ref'
15
15
 
16
- # Check if the key parameter is Ref and if that corresponding reference is
17
- # setup securely by stating NoEcho=true & Default is not present
18
- if cfn_model.parameters.key? key_to_check['Ref']
19
- parameter = cfn_model.parameters[key_to_check['Ref']]
20
- if truthy?(parameter.noEcho) && parameter.default.nil?
21
- return false
22
- end
23
- end
16
+ # Check if the property is a pseudo parameter reference to 'AWS::NoValue'
17
+ return false if key_to_check['Ref'] == 'AWS::NoValue'
18
+
19
+ # Run 'no_echo_and_no_default_parameter_check' if the key parameter is Ref
20
+ return no_echo_and_no_default_parameter_check(cfn_model, key_to_check) if
21
+ cfn_model.parameters.key? key_to_check['Ref']
24
22
 
25
23
  # Return true if key_to_check is a hash and/or a key Ref that does not have
26
24
  # the NoEcho parameter set to true and a Default parameter that is not nil
27
25
  true
28
26
  end
27
+
28
+ # Returns false if the parameter is setup securely by stating NoEcho=true & Default
29
+ # is not present; otherwise returns true
30
+ def no_echo_and_no_default_parameter_check(cfn_model, key_to_check)
31
+ parameter = cfn_model.parameters[key_to_check['Ref']]
32
+ truthy?(parameter.noEcho) && parameter.default.nil? ? false : true
33
+ end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: cfn-nag
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.4.79
4
+ version: 0.4.80
5
5
  platform: ruby
6
6
  authors:
7
7
  - Eric Kascic
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2020-01-24 00:00:00.000000000 Z
11
+ date: 2020-01-29 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: rake