cfn-nag 0.5.58 → 0.5.59

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (3) hide show
  1. checksums.yaml +4 -4
  2. data/lib/cfn-nag/custom_rules/EC2NetworkAclEntryOverlappingPortsRule.rb +23 -2
  3. metadata +1 -1
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 3e50fa005a7217a3c9a5e73c35b1ce8d93ecf14653fde06346d863d28e9c916f
4
- data.tar.gz: '0849c39dec2e9753ddeacb59e3d61a47086e56da2761c9e71e3f299f99e5df3c'
3
+ metadata.gz: 88b9f3101473272ce300ce3390c3922d17081e25088aa34ac1d44a4848bf4e65
4
+ data.tar.gz: 70fc0a0dea544568076033371443ebca322a9f1cdca28001e192dc866910c81e
5
5
  SHA512:
6
- metadata.gz: fb60b814db56820d4d774e23a5555645152da8109e9cf696adcdea662cfe12bc032d1e449cf46ca16dc3b9afd27cc5cd033313cd1c6dce20e54483c30e6286bd
7
- data.tar.gz: 3132f073b15ceb55063870b45697c94057e2d10c29a4a5a966a806144696788d5da57a40334d09f5f6660f473bf187ccf8c265a7b4c758d8ee7cb5d335019baf
6
+ metadata.gz: c4fb16627884fd2f1cad6f0f1c24cd0272ada7568c2b931eb3455f0eee02e8b5a70d50b8b42502ffd36fac35179a02476526836090ea2800bfada77bddb1f468
7
+ data.tar.gz: 80084d78ae6c63905bb694c8db66f3e2adebc35a6fe82ade342ee263630864c040b75db5508749cad6e51063528d7f244cb3c9aed7b0ad5110b8810500ee3a37
data/lib/cfn-nag/custom_rules/EC2NetworkAclEntryOverlappingPortsRule.rb CHANGED
@@ -68,8 +68,29 @@ class EC2NetworkAclEntryOverlappingPortsRule < BaseRule
68
68
  end
69
69
  end
70
70
 
71
+ def ip6_entries(nacl_entries)
72
+ nacl_entries.select do |nacl_entry|
73
+ !nacl_entry.ipv6CidrBlock.nil?
74
+ end
75
+ end
76
+
77
+ def ip4_entries(nacl_entries)
78
+ nacl_entries.select do |nacl_entry|
79
+ nacl_entry.ipv6CidrBlock.nil?
80
+ end
81
+ end
82
+
71
83
  def violating_nacl_entries(nacl)
72
- overlapping_port_entries(egress_entries(nacl.network_acl_entries)).flatten.uniq &&
73
- overlapping_port_entries(ingress_entries(nacl.network_acl_entries)).flatten.uniq
84
+ violating_ip4_nacl_entries(nacl) || violating_ip6_nacl_entries(nacl)
85
+ end
86
+
87
+ def violating_ip4_nacl_entries(nacl)
88
+ overlapping_port_entries(egress_entries(ip4_entries(nacl.network_acl_entries))).flatten.uniq &&
89
+ overlapping_port_entries(ingress_entries(ip4_entries(nacl.network_acl_entries))).flatten.uniq
90
+ end
91
+
92
+ def violating_ip6_nacl_entries(nacl)
93
+ overlapping_port_entries(egress_entries(ip6_entries(nacl.network_acl_entries))).flatten.uniq &&
94
+ overlapping_port_entries(ingress_entries(ip6_entries(nacl.network_acl_entries))).flatten.uniq
74
95
  end
75
96
  end
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: cfn-nag
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.5.58
4
+ version: 0.5.59
5
5
  platform: ruby
6
6
  authors:
7
7
  - Eric Kascic