cfn-nag 0.5.56 → 0.5.57

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: c7e42dcbf8c7bf6a58382251f5b1d8fd3b05041c0a95b7f0a368cb5477d1c9ab
-  data.tar.gz: b420858b4a25f470669a5d493922b728129c0fe1651f1dd86fa162ccbcdc1acb
+  metadata.gz: 2dface312df3dd72f2558707f21422af7b66b0f8a88acc7872b1555f4241fdc5
+  data.tar.gz: d21a5469fc1df233d167142b7362a418fc122dd56dd0ffc9237b808585480369
 SHA512:
-  metadata.gz: 6c89e7c5c2d61ec1f3ad51e2357eae7fc75c9901c0b848534b51e7eae5ebf21ce738c3fefcd911bafd3bb4b7d080fc08b77af73c037c53a0d1b081c73e56d367
-  data.tar.gz: bfe1f8b2d59598874f02ff04651618f1cda849a100a72ae537bfece58fc49ae2117a146ab69653e2ef3373742e0424b06f90e06849a8cac94c58a476063538f3
+  metadata.gz: aa7ca44ea66663c738707e26f08f9f034c15125d018017b7494ad06a31396fab263817c828fcd3d93f207de554005ba4ad751dda1d158ab8e41a129d29dfa183
+  data.tar.gz: b44b8added22ac4f11dcf467bee2bcd6ab8dfdcd3e6fcfec8a439f1ca0c9dc4465b2f8cee4fc3075d51cdd793ee78a6fec849f03258d95cde514a1eeb2d5ff35

data/lib/cfn-nag/custom_rules/EC2NetworkAclEntryIneffectiveDenyRule.rb

@@ -37,7 +37,7 @@ class EC2NetworkAclEntryIneffectiveDenyRule < BaseRule
   def not_all_cidrs_covered?(nacl_entry)
     (!nacl_entry.cidrBlock.nil? &&
       nacl_entry.cidrBlock != '0.0.0.0/0') ||
-      (!nacl_entry.ipv6CidrBlock.nil? && nacl_entry.ipv6CidrBlock != '::/0')
+      (!nacl_entry.ipv6CidrBlock.nil? && (nacl_entry.ipv6CidrBlock != '::/0' && nacl_entry.ipv6CidrBlock != ':/0'))
   end
 
   def egress(nacl_entries)

data/lib/cfn-nag/custom_rules/EC2NetworkAclEntryOverlappingPortsRule.rb

@@ -34,7 +34,7 @@ class EC2NetworkAclEntryOverlappingPortsRule < BaseRule
   end
 
   def tcp_or_udp_protocol?(entry1, entry2)
-    %w[6 17].include?(entry1.protocol) && %w[6 17].include?(entry2.protocol)
+    %w[6 17].include?(entry1.protocol.to_s) && %w[6 17].include?(entry2.protocol.to_s)
   end
 
   def unique_pairs(arr)

data/lib/cfn-nag/custom_rules/EC2NetworkAclEntryPortRangeRule.rb

@@ -29,7 +29,7 @@ class EC2NetworkAclEntryPortRangeRule < BaseRule
 
   # Port Range is required for protocols "6" (TCP) and "17" (UDP)
   def tcp_or_udp_protocol?(network_acl_entry)
-    %w[6 17].include?(network_acl_entry.protocol)
+    %w[6 17].include?(network_acl_entry.protocol.to_s)
   end
 
   def port_range_params_not_exist?(network_acl_entry)
@@ -38,7 +38,7 @@ class EC2NetworkAclEntryPortRangeRule < BaseRule
   end
 
   def full_port_range?(network_acl_entry)
-    network_acl_entry.portRange['From'] == '0' && network_acl_entry.portRange['To'] == '65535'
+    network_acl_entry.portRange['From'].to_s == '0' && network_acl_entry.portRange['To'].to_s == '65535'
   end
 
   def violating_network_acl_entries?(network_acl_entry)

data/lib/cfn-nag/custom_rules/EC2NetworkAclEntryProtocolRule.rb

@@ -42,11 +42,11 @@ class EC2NetworkAclEntryProtocolRule < BaseRule
   end
 
   def tcp_udp_icmp_protocol?(network_acl_entry)
-    %w[1 6 17].include?(network_acl_entry.protocol)
+    %w[1 6 17].include?(network_acl_entry.protocol.to_s)
   end
 
   def icmpv6_protocol?(network_acl_entry)
-    network_acl_entry.protocol == '58' && !network_acl_entry.ipv6CidrBlock.nil? &&
+    network_acl_entry.protocol.to_s == '58' && !network_acl_entry.ipv6CidrBlock.nil? &&
       !network_acl_entry.icmp.nil? && !network_acl_entry.icmp['Code'].nil? &&
       !network_acl_entry.icmp['Type'].nil?
   end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: cfn-nag
 version: !ruby/object:Gem::Version
-  version: 0.5.56
+  version: 0.5.57
 platform: ruby
 authors:
 - Eric Kascic