cfn-nag 0.5.18 → 0.5.19

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (3) hide show
  1. checksums.yaml +4 -4
  2. data/lib/cfn-nag/custom_rules/ApiGatewayMethodAuthorizationTypeRule.rb +13 -4
  3. metadata +1 -1
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: cb0ad431b8af7111a55475d3084e174c25ed8ba42cdee595aa5a995673441b6a
4
- data.tar.gz: b085fa53679a22e149f246cac29398307ab80f5acd64b70bf5c3bf6864a65286
3
+ metadata.gz: 124a02da9e87b460c06b6fb0d46c8c1d51b82769e7a03ba7b45096fadb3c1a8e
4
+ data.tar.gz: d5c12e18ce9a591eb953ddeca851171d68b2cabd182e1b49f9d01adeceb70760
5
5
  SHA512:
6
- metadata.gz: 1a092890f6b3a9346f7f99e3fff4a9f5cdaa93b3899df22a6bdba434b7a8f1a2f740329d867a8daad6ebfe087b6cd6cb46d91999b29c246732f296de85a653ac
7
- data.tar.gz: f66bb3f5351886c88b05dd891797c070a1459551d7c9041f5502170140cfca847eef0a499f1a81b0d1c3360fe92aac49eea6cdcafe55fa8337ae29307963a896
6
+ metadata.gz: '00941f2e6f2c8edfe28d67a1d08173eac807ed3c8543f546d617f6e26fe8831681a563abd1251e73646ea85514775e744394b01046aaf4f93834098fae521872'
7
+ data.tar.gz: cb71b5c028ba4bf3cae1f3604f92e8528f754a46deff78ae6c50464c6a06ddb471caaeef132a88b7ff11c07ff6d6dd18fc5c48de496b6ad65eb711b7243414d9
data/lib/cfn-nag/custom_rules/ApiGatewayMethodAuthorizationTypeRule.rb CHANGED
@@ -5,7 +5,8 @@ require_relative 'base'
5
5
 
6
6
  class ApiGatewayMethodAuthorizationTypeRule < BaseRule
7
7
  def rule_text
8
- "AWS::ApiGateway::Method should not have AuthorizationType set to 'NONE'. "
8
+ "AWS::ApiGateway::Method should not have AuthorizationType set to 'NONE' unless it is of " \
9
+ 'HttpMethod: OPTIONS.'
9
10
  end
10
11
 
11
12
  def rule_type
@@ -17,10 +18,18 @@ class ApiGatewayMethodAuthorizationTypeRule < BaseRule
17
18
  end
18
19
 
19
20
  def audit_impl(cfn_model)
20
- violating_deployments = cfn_model.resources_by_type('AWS::ApiGateway::Method').select do |method|
21
- method.authorizationType.nil? || method.authorizationType.to_s.casecmp('none').zero?
21
+ violating_methods = cfn_model.resources_by_type('AWS::ApiGateway::Method').select do |method|
22
+ violating_method?(method)
22
23
  end
23
24
 
24
- violating_deployments.map(&:logical_resource_id)
25
+ violating_methods.map(&:logical_resource_id)
26
+ end
27
+
28
+ private
29
+
30
+ def violating_method?(method)
31
+ unless method.httpMethod.to_s.casecmp('options').zero?
32
+ method.authorizationType.nil? || method.authorizationType.to_s.casecmp('none').zero?
33
+ end
25
34
  end
26
35
  end
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: cfn-nag
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.5.18
4
+ version: 0.5.19
5
5
  platform: ruby
6
6
  authors:
7
7
  - Eric Kascic