cfn-nag 0.5.48 → 0.5.49
Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: bc69e9ae75126fd6ddfc0215515c073b1ce8d4f5b191e755b4687cddc0278637
|
4
|
+
data.tar.gz: af7c29a1d164ef38d78a9edd60d06805e853582056ebb29194d393e06d21344a
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 982570bb083e1817aef943a861155262321d427f98d8a0f70dbad84ef2b73d89eeec7a5ca4457c518dead0eef3c1f956a5d08dc1a1382f491649c6bb795e6518
|
7
|
+
data.tar.gz: f674c23f317c5ef344f5c355d887661ef3133142f2a7fe3805df7eaab51a3a72957267f24b43c4abf007e8b841d880958c3ac4d99a911dc4643d6841c3af5856
|
@@ -1,6 +1,7 @@
|
|
1
1
|
# frozen_string_literal: true
|
2
2
|
|
3
3
|
require 'cfn-nag/violation'
|
4
|
+
require 'cfn-nag/util/truthy'
|
4
5
|
require_relative 'base'
|
5
6
|
|
6
7
|
class ElasticLoadBalancerV2AccessLoggingRule < BaseRule
|
@@ -29,14 +30,14 @@ class ElasticLoadBalancerV2AccessLoggingRule < BaseRule
|
|
29
30
|
|
30
31
|
def access_logging_is_false?(load_balancer)
|
31
32
|
false_access_log_attribute = load_balancer.loadBalancerAttributes.find do |load_balancer_attribute|
|
32
|
-
load_balancer_attribute['Key'] ==
|
33
|
+
load_balancer_attribute['Key'] == 'access_logs.s3.enabled' && not_truthy?(load_balancer_attribute['Value'])
|
33
34
|
end
|
34
35
|
false_access_log_attribute
|
35
36
|
end
|
36
37
|
|
37
38
|
def missing_access_logs?(load_balancer)
|
38
39
|
access_log_attribute = load_balancer.loadBalancerAttributes.find do |load_balancer_attribute|
|
39
|
-
load_balancer_attribute['Key'] ==
|
40
|
+
load_balancer_attribute['Key'] == 'access_logs.s3.enabled'
|
40
41
|
end
|
41
42
|
access_log_attribute.nil?
|
42
43
|
end
|
@@ -1,6 +1,8 @@
|
|
1
1
|
# frozen_string_literal: true
|
2
2
|
|
3
|
+
require 'cfn-nag/util/truthy'
|
3
4
|
require 'cfn-nag/violation'
|
5
|
+
require 'cfn-nag/util/truthy'
|
4
6
|
require_relative 'base'
|
5
7
|
|
6
8
|
class ElasticsearchDomainEncryptionAtRestOptionsRule < BaseRule
|
@@ -18,15 +20,9 @@ class ElasticsearchDomainEncryptionAtRestOptionsRule < BaseRule
|
|
18
20
|
|
19
21
|
def audit_impl(cfn_model)
|
20
22
|
violating_domains = cfn_model.resources_by_type('AWS::Elasticsearch::Domain').select do |domain|
|
21
|
-
domain.encryptionAtRestOptions.nil? ||
|
23
|
+
domain.encryptionAtRestOptions.nil? || not_truthy?(domain.encryptionAtRestOptions['Enabled'])
|
22
24
|
end
|
23
25
|
|
24
26
|
violating_domains.map(&:logical_resource_id)
|
25
27
|
end
|
26
|
-
|
27
|
-
private
|
28
|
-
|
29
|
-
def encryption_not_enabled?(encryption_at_rest_options)
|
30
|
-
encryption_at_rest_options['Enabled'].nil? || encryption_at_rest_options['Enabled'].to_s.casecmp?('false')
|
31
|
-
end
|
32
28
|
end
|