cfn-nag 0.5.23 → 0.5.24

Sign up to get free protection for your applications and to get access to all the features.
Files changed (3) hide show
  1. checksums.yaml +4 -4
  2. data/lib/cfn-nag/custom_rules/GameLiftFleetInboundPortRangeRule.rb +31 -0
  3. metadata +2 -1
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 77936fbd0d92e78a9d26f7ff212dbef7a7fa9981d3f4c4af27e03ac517b1f282
4
- data.tar.gz: 0ff8757b552095ae17ff0bee59d8fc9a619ee2d9aa3f0250ca0eabd60a48da63
3
+ metadata.gz: 4a8a87ad1545dc25f34b5a53a5c6a35911e46449f74de1429072b6310ec21c19
4
+ data.tar.gz: b8b5487b49fca68f7851478e5bb4f0ed2f47bae508d58b69ab2bf4c8677735ea
5
5
  SHA512:
6
- metadata.gz: b718f2d67bd55edf25730ebfe49c04937ceddb37e55249f4f0100381e23ede8e3d4510e3ce73b442b8abbf886e13d7dff0af8fc1c5ccb12f1948390d2538f907
7
- data.tar.gz: 270cf2f735b68ffba1c05de7229c7354afc2e8c651890114f933da1fd7375f34bc84530c38d2b564b27cc9ac0dc93e19dfad585e208e145766e5caa46a2c27c8
6
+ metadata.gz: 979f212db72f7bdf6f19a65ee81488320b777606cc3040b49ec05878a3c3b8e06eda6d6ba7d6a8a30dddd8b9f50df378adf733c6e74f4a577473c774937ef620
7
+ data.tar.gz: e2dbd26ab94b4fa47a43ffcb4d189fd690c1415c7704d6ab73adbb6035332a54b8ac422eb58ba5cf4600e025f85f7ea59cfa0b0138b43ecbeaf9af473753a5ec
data/lib/cfn-nag/custom_rules/GameLiftFleetInboundPortRangeRule.rb ADDED
@@ -0,0 +1,31 @@
1
+ # frozen_string_literal: true
2
+
3
+ require 'cfn-nag/violation'
4
+ require_relative 'base'
5
+
6
+ class GameLiftFleetInboundPortRangeRule < BaseRule
7
+ def rule_text
8
+ 'GameLift fleet EC2InboundPermissions found with port range instead of just a single port'
9
+ end
10
+
11
+ def rule_type
12
+ Violation::WARNING
13
+ end
14
+
15
+ def rule_id
16
+ 'W65'
17
+ end
18
+
19
+ def audit_impl(cfn_model)
20
+ violating_gamelift_fleets = cfn_model.resources_by_type('AWS::GameLift::Fleet').select do |gamelift_fleet|
21
+ violating_permissions = gamelift_fleet.eC2InboundPermissions.select do |permission|
22
+ # Cast to strings incase template provided mixed types
23
+ permission['FromPort'].to_s != permission['ToPort'].to_s
24
+ end
25
+
26
+ !violating_permissions.empty?
27
+ end
28
+
29
+ violating_gamelift_fleets.map(&:logical_resource_id)
30
+ end
31
+ end
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: cfn-nag
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.5.23
4
+ version: 0.5.24
5
5
  platform: ruby
6
6
  authors:
7
7
  - Eric Kascic
@@ -215,6 +215,7 @@ files:
215
215
  - lib/cfn-nag/custom_rules/ElasticLoadBalancerV2ListenerProtocolRule.rb
216
216
  - lib/cfn-nag/custom_rules/ElasticLoadBalancerV2ListenerSslPolicyRule.rb
217
217
  - lib/cfn-nag/custom_rules/ElasticsearchDomainEncryptionAtRestOptionsRule.rb
218
+ - lib/cfn-nag/custom_rules/GameLiftFleetInboundPortRangeRule.rb
218
219
  - lib/cfn-nag/custom_rules/IAMUserLoginProfilePasswordRule.rb
219
220
  - lib/cfn-nag/custom_rules/IamManagedPolicyNotActionRule.rb
220
221
  - lib/cfn-nag/custom_rules/IamManagedPolicyNotResourceRule.rb