cfn-nag 0.5.37 → 0.5.38
Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: d00074ff86bdea51388549f9936a424e71b517678ee7ddff135a77804910c21c
|
4
|
+
data.tar.gz: c9de622092baf9d93a14a1bce0a90667e2ce2c83ce5b92cff604a45d1b40cab6
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: a877390d4312c8d006647e86792b3017eb36931e41168dbb2fe18d112b2b90d2aea82a8fdec5de57d27a3bf46fa978e8293b833a4b1964f3cc915d4484a34361
|
7
|
+
data.tar.gz: db8e8af8d47dc67d41812f14fdd66616f791701a11e1600e32903618ddf967491efe8d63f3d987f8f39619fc950b34fdabe31bbbaf864fbb288d3cf4d55d8ac8
|
@@ -29,10 +29,14 @@ class EC2NetworkAclEntryOverlappingPortsRule < BaseRule
|
|
29
29
|
|
30
30
|
def overlapping_port_entries(nacl_entries)
|
31
31
|
unique_pairs(nacl_entries).select do |nacl_entry_pair|
|
32
|
-
overlap?(nacl_entry_pair[0], nacl_entry_pair[1])
|
32
|
+
tcp_or_udp_protocol?(nacl_entry_pair[0], nacl_entry_pair[1]) && overlap?(nacl_entry_pair[0], nacl_entry_pair[1])
|
33
33
|
end
|
34
34
|
end
|
35
35
|
|
36
|
+
def tcp_or_udp_protocol?(entry1, entry2)
|
37
|
+
%w[6 17].include?(entry1.protocol) && %w[6 17].include?(entry2.protocol)
|
38
|
+
end
|
39
|
+
|
36
40
|
def unique_pairs(arr)
|
37
41
|
pairs_without_dupes = arr.product(arr).select { |pair| pair[0] != pair[1] }
|
38
42
|
pairs_without_dupes.reduce(Set.new) { |set_of_sets, pair| set_of_sets << Set.new(pair) }.to_a.map(&:to_a)
|