cfn-nag 0.5.48 → 0.5.49

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: '08220755ff105b0beb2227a6f10ac84286f56b9110db4a6168212ff6d39f6e49'
-  data.tar.gz: 9bb91dc2a76bc69853988dad4ce5fec319883a4a4a3c778b99f24f70ef879514
+  metadata.gz: bc69e9ae75126fd6ddfc0215515c073b1ce8d4f5b191e755b4687cddc0278637
+  data.tar.gz: af7c29a1d164ef38d78a9edd60d06805e853582056ebb29194d393e06d21344a
 SHA512:
-  metadata.gz: '005169dde876c4285fee9fde7a94247cfd431346a26ae67d0ebd58dfc2cfe821024a6e40f292f9d106b0162550293c1f585dc2e8cad3219fc689813b11da5126'
-  data.tar.gz: 831ce0b71288c357ca99d9b3becaf41b335ccd45c4399577ff006ca5d6271dcc584259ad7f27682db6bf711d12c1425a68d1de6dc403609d15b5e9d0a685b815
+  metadata.gz: 982570bb083e1817aef943a861155262321d427f98d8a0f70dbad84ef2b73d89eeec7a5ca4457c518dead0eef3c1f956a5d08dc1a1382f491649c6bb795e6518
+  data.tar.gz: f674c23f317c5ef344f5c355d887661ef3133142f2a7fe3805df7eaab51a3a72957267f24b43c4abf007e8b841d880958c3ac4d99a911dc4643d6841c3af5856

data/lib/cfn-nag/custom_rules/ElasticLoadBalancerV2AccessLoggingRule.rb

@@ -1,6 +1,7 @@
 # frozen_string_literal: true
 
 require 'cfn-nag/violation'
+require 'cfn-nag/util/truthy'
 require_relative 'base'
 
 class ElasticLoadBalancerV2AccessLoggingRule < BaseRule
@@ -29,14 +30,14 @@ class ElasticLoadBalancerV2AccessLoggingRule < BaseRule
 
   def access_logging_is_false?(load_balancer)
     false_access_log_attribute = load_balancer.loadBalancerAttributes.find do |load_balancer_attribute|
-      load_balancer_attribute['Key'] ==  'access_logs.s3.enabled' && load_balancer_attribute['Value'].casecmp?('false')
+      load_balancer_attribute['Key'] == 'access_logs.s3.enabled' && not_truthy?(load_balancer_attribute['Value'])
     end
     false_access_log_attribute
   end
 
   def missing_access_logs?(load_balancer)
     access_log_attribute = load_balancer.loadBalancerAttributes.find do |load_balancer_attribute|
-      load_balancer_attribute['Key'] ==  'access_logs.s3.enabled'
+      load_balancer_attribute['Key'] == 'access_logs.s3.enabled'
     end
     access_log_attribute.nil?
   end

data/lib/cfn-nag/custom_rules/ElasticsearchDomainEncryptionAtRestOptionsRule.rb

@@ -1,6 +1,8 @@
 # frozen_string_literal: true
 
+require 'cfn-nag/util/truthy'
 require 'cfn-nag/violation'
+require 'cfn-nag/util/truthy'
 require_relative 'base'
 
 class ElasticsearchDomainEncryptionAtRestOptionsRule < BaseRule
@@ -18,15 +20,9 @@ class ElasticsearchDomainEncryptionAtRestOptionsRule < BaseRule
 
   def audit_impl(cfn_model)
     violating_domains = cfn_model.resources_by_type('AWS::Elasticsearch::Domain').select do |domain|
-      domain.encryptionAtRestOptions.nil? || encryption_not_enabled?(domain.encryptionAtRestOptions)
+      domain.encryptionAtRestOptions.nil? || not_truthy?(domain.encryptionAtRestOptions['Enabled'])
     end
 
     violating_domains.map(&:logical_resource_id)
   end
-
-  private
-
-  def encryption_not_enabled?(encryption_at_rest_options)
-    encryption_at_rest_options['Enabled'].nil? || encryption_at_rest_options['Enabled'].to_s.casecmp?('false')
-  end
 end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: cfn-nag
 version: !ruby/object:Gem::Version
-  version: 0.5.48
+  version: 0.5.49
 platform: ruby
 authors:
 - Eric Kascic