cfn-nag 0.5.18 → 0.5.19
Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 124a02da9e87b460c06b6fb0d46c8c1d51b82769e7a03ba7b45096fadb3c1a8e
|
4
|
+
data.tar.gz: d5c12e18ce9a591eb953ddeca851171d68b2cabd182e1b49f9d01adeceb70760
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: '00941f2e6f2c8edfe28d67a1d08173eac807ed3c8543f546d617f6e26fe8831681a563abd1251e73646ea85514775e744394b01046aaf4f93834098fae521872'
|
7
|
+
data.tar.gz: cb71b5c028ba4bf3cae1f3604f92e8528f754a46deff78ae6c50464c6a06ddb471caaeef132a88b7ff11c07ff6d6dd18fc5c48de496b6ad65eb711b7243414d9
|
@@ -5,7 +5,8 @@ require_relative 'base'
|
|
5
5
|
|
6
6
|
class ApiGatewayMethodAuthorizationTypeRule < BaseRule
|
7
7
|
def rule_text
|
8
|
-
"AWS::ApiGateway::Method should not have AuthorizationType set to 'NONE'
|
8
|
+
"AWS::ApiGateway::Method should not have AuthorizationType set to 'NONE' unless it is of " \
|
9
|
+
'HttpMethod: OPTIONS.'
|
9
10
|
end
|
10
11
|
|
11
12
|
def rule_type
|
@@ -17,10 +18,18 @@ class ApiGatewayMethodAuthorizationTypeRule < BaseRule
|
|
17
18
|
end
|
18
19
|
|
19
20
|
def audit_impl(cfn_model)
|
20
|
-
|
21
|
-
|
21
|
+
violating_methods = cfn_model.resources_by_type('AWS::ApiGateway::Method').select do |method|
|
22
|
+
violating_method?(method)
|
22
23
|
end
|
23
24
|
|
24
|
-
|
25
|
+
violating_methods.map(&:logical_resource_id)
|
26
|
+
end
|
27
|
+
|
28
|
+
private
|
29
|
+
|
30
|
+
def violating_method?(method)
|
31
|
+
unless method.httpMethod.to_s.casecmp('options').zero?
|
32
|
+
method.authorizationType.nil? || method.authorizationType.to_s.casecmp('none').zero?
|
33
|
+
end
|
25
34
|
end
|
26
35
|
end
|