cfn-nag 0.5.56 → 0.5.57
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/lib/cfn-nag/custom_rules/EC2NetworkAclEntryIneffectiveDenyRule.rb +1 -1
- data/lib/cfn-nag/custom_rules/EC2NetworkAclEntryOverlappingPortsRule.rb +1 -1
- data/lib/cfn-nag/custom_rules/EC2NetworkAclEntryPortRangeRule.rb +2 -2
- data/lib/cfn-nag/custom_rules/EC2NetworkAclEntryProtocolRule.rb +2 -2
- metadata +1 -1
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 2dface312df3dd72f2558707f21422af7b66b0f8a88acc7872b1555f4241fdc5
|
4
|
+
data.tar.gz: d21a5469fc1df233d167142b7362a418fc122dd56dd0ffc9237b808585480369
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: aa7ca44ea66663c738707e26f08f9f034c15125d018017b7494ad06a31396fab263817c828fcd3d93f207de554005ba4ad751dda1d158ab8e41a129d29dfa183
|
7
|
+
data.tar.gz: b44b8added22ac4f11dcf467bee2bcd6ab8dfdcd3e6fcfec8a439f1ca0c9dc4465b2f8cee4fc3075d51cdd793ee78a6fec849f03258d95cde514a1eeb2d5ff35
|
@@ -37,7 +37,7 @@ class EC2NetworkAclEntryIneffectiveDenyRule < BaseRule
|
|
37
37
|
def not_all_cidrs_covered?(nacl_entry)
|
38
38
|
(!nacl_entry.cidrBlock.nil? &&
|
39
39
|
nacl_entry.cidrBlock != '0.0.0.0/0') ||
|
40
|
-
(!nacl_entry.ipv6CidrBlock.nil? && nacl_entry.ipv6CidrBlock != '::/0')
|
40
|
+
(!nacl_entry.ipv6CidrBlock.nil? && (nacl_entry.ipv6CidrBlock != '::/0' && nacl_entry.ipv6CidrBlock != ':/0'))
|
41
41
|
end
|
42
42
|
|
43
43
|
def egress(nacl_entries)
|
@@ -34,7 +34,7 @@ class EC2NetworkAclEntryOverlappingPortsRule < BaseRule
|
|
34
34
|
end
|
35
35
|
|
36
36
|
def tcp_or_udp_protocol?(entry1, entry2)
|
37
|
-
%w[6 17].include?(entry1.protocol) && %w[6 17].include?(entry2.protocol)
|
37
|
+
%w[6 17].include?(entry1.protocol.to_s) && %w[6 17].include?(entry2.protocol.to_s)
|
38
38
|
end
|
39
39
|
|
40
40
|
def unique_pairs(arr)
|
@@ -29,7 +29,7 @@ class EC2NetworkAclEntryPortRangeRule < BaseRule
|
|
29
29
|
|
30
30
|
# Port Range is required for protocols "6" (TCP) and "17" (UDP)
|
31
31
|
def tcp_or_udp_protocol?(network_acl_entry)
|
32
|
-
%w[6 17].include?(network_acl_entry.protocol)
|
32
|
+
%w[6 17].include?(network_acl_entry.protocol.to_s)
|
33
33
|
end
|
34
34
|
|
35
35
|
def port_range_params_not_exist?(network_acl_entry)
|
@@ -38,7 +38,7 @@ class EC2NetworkAclEntryPortRangeRule < BaseRule
|
|
38
38
|
end
|
39
39
|
|
40
40
|
def full_port_range?(network_acl_entry)
|
41
|
-
network_acl_entry.portRange['From'] == '0' && network_acl_entry.portRange['To'] == '65535'
|
41
|
+
network_acl_entry.portRange['From'].to_s == '0' && network_acl_entry.portRange['To'].to_s == '65535'
|
42
42
|
end
|
43
43
|
|
44
44
|
def violating_network_acl_entries?(network_acl_entry)
|
@@ -42,11 +42,11 @@ class EC2NetworkAclEntryProtocolRule < BaseRule
|
|
42
42
|
end
|
43
43
|
|
44
44
|
def tcp_udp_icmp_protocol?(network_acl_entry)
|
45
|
-
%w[1 6 17].include?(network_acl_entry.protocol)
|
45
|
+
%w[1 6 17].include?(network_acl_entry.protocol.to_s)
|
46
46
|
end
|
47
47
|
|
48
48
|
def icmpv6_protocol?(network_acl_entry)
|
49
|
-
network_acl_entry.protocol == '58' && !network_acl_entry.ipv6CidrBlock.nil? &&
|
49
|
+
network_acl_entry.protocol.to_s == '58' && !network_acl_entry.ipv6CidrBlock.nil? &&
|
50
50
|
!network_acl_entry.icmp.nil? && !network_acl_entry.icmp['Code'].nil? &&
|
51
51
|
!network_acl_entry.icmp['Type'].nil?
|
52
52
|
end
|