cfn-nag 0.5.18 → 0.5.19

Sign up to get free protection for your applications and to get access to all the features.
Files changed (3) hide show
  1. checksums.yaml +4 -4
  2. data/lib/cfn-nag/custom_rules/ApiGatewayMethodAuthorizationTypeRule.rb +13 -4
  3. metadata +1 -1
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: cb0ad431b8af7111a55475d3084e174c25ed8ba42cdee595aa5a995673441b6a
4
- data.tar.gz: b085fa53679a22e149f246cac29398307ab80f5acd64b70bf5c3bf6864a65286
3
+ metadata.gz: 124a02da9e87b460c06b6fb0d46c8c1d51b82769e7a03ba7b45096fadb3c1a8e
4
+ data.tar.gz: d5c12e18ce9a591eb953ddeca851171d68b2cabd182e1b49f9d01adeceb70760
5
5
  SHA512:
6
- metadata.gz: 1a092890f6b3a9346f7f99e3fff4a9f5cdaa93b3899df22a6bdba434b7a8f1a2f740329d867a8daad6ebfe087b6cd6cb46d91999b29c246732f296de85a653ac
7
- data.tar.gz: f66bb3f5351886c88b05dd891797c070a1459551d7c9041f5502170140cfca847eef0a499f1a81b0d1c3360fe92aac49eea6cdcafe55fa8337ae29307963a896
6
+ metadata.gz: '00941f2e6f2c8edfe28d67a1d08173eac807ed3c8543f546d617f6e26fe8831681a563abd1251e73646ea85514775e744394b01046aaf4f93834098fae521872'
7
+ data.tar.gz: cb71b5c028ba4bf3cae1f3604f92e8528f754a46deff78ae6c50464c6a06ddb471caaeef132a88b7ff11c07ff6d6dd18fc5c48de496b6ad65eb711b7243414d9
data/lib/cfn-nag/custom_rules/ApiGatewayMethodAuthorizationTypeRule.rb CHANGED
@@ -5,7 +5,8 @@ require_relative 'base'
5
5
 
6
6
  class ApiGatewayMethodAuthorizationTypeRule < BaseRule
7
7
  def rule_text
8
- "AWS::ApiGateway::Method should not have AuthorizationType set to 'NONE'. "
8
+ "AWS::ApiGateway::Method should not have AuthorizationType set to 'NONE' unless it is of " \
9
+ 'HttpMethod: OPTIONS.'
9
10
  end
10
11
 
11
12
  def rule_type
@@ -17,10 +18,18 @@ class ApiGatewayMethodAuthorizationTypeRule < BaseRule
17
18
  end
18
19
 
19
20
  def audit_impl(cfn_model)
20
- violating_deployments = cfn_model.resources_by_type('AWS::ApiGateway::Method').select do |method|
21
- method.authorizationType.nil? || method.authorizationType.to_s.casecmp('none').zero?
21
+ violating_methods = cfn_model.resources_by_type('AWS::ApiGateway::Method').select do |method|
22
+ violating_method?(method)
22
23
  end
23
24
 
24
- violating_deployments.map(&:logical_resource_id)
25
+ violating_methods.map(&:logical_resource_id)
26
+ end
27
+
28
+ private
29
+
30
+ def violating_method?(method)
31
+ unless method.httpMethod.to_s.casecmp('options').zero?
32
+ method.authorizationType.nil? || method.authorizationType.to_s.casecmp('none').zero?
33
+ end
25
34
  end
26
35
  end
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: cfn-nag
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.5.18
4
+ version: 0.5.19
5
5
  platform: ruby
6
6
  authors:
7
7
  - Eric Kascic