cfn-nag 0.5.58 → 0.5.59
Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 88b9f3101473272ce300ce3390c3922d17081e25088aa34ac1d44a4848bf4e65
|
|
4
|
+
data.tar.gz: 70fc0a0dea544568076033371443ebca322a9f1cdca28001e192dc866910c81e
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: c4fb16627884fd2f1cad6f0f1c24cd0272ada7568c2b931eb3455f0eee02e8b5a70d50b8b42502ffd36fac35179a02476526836090ea2800bfada77bddb1f468
|
|
7
|
+
data.tar.gz: 80084d78ae6c63905bb694c8db66f3e2adebc35a6fe82ade342ee263630864c040b75db5508749cad6e51063528d7f244cb3c9aed7b0ad5110b8810500ee3a37
|
|
@@ -68,8 +68,29 @@ class EC2NetworkAclEntryOverlappingPortsRule < BaseRule
|
|
|
68
68
|
end
|
|
69
69
|
end
|
|
70
70
|
|
|
71
|
+
def ip6_entries(nacl_entries)
|
|
72
|
+
nacl_entries.select do |nacl_entry|
|
|
73
|
+
!nacl_entry.ipv6CidrBlock.nil?
|
|
74
|
+
end
|
|
75
|
+
end
|
|
76
|
+
|
|
77
|
+
def ip4_entries(nacl_entries)
|
|
78
|
+
nacl_entries.select do |nacl_entry|
|
|
79
|
+
nacl_entry.ipv6CidrBlock.nil?
|
|
80
|
+
end
|
|
81
|
+
end
|
|
82
|
+
|
|
71
83
|
def violating_nacl_entries(nacl)
|
|
72
|
-
|
|
73
|
-
|
|
84
|
+
violating_ip4_nacl_entries(nacl) || violating_ip6_nacl_entries(nacl)
|
|
85
|
+
end
|
|
86
|
+
|
|
87
|
+
def violating_ip4_nacl_entries(nacl)
|
|
88
|
+
overlapping_port_entries(egress_entries(ip4_entries(nacl.network_acl_entries))).flatten.uniq &&
|
|
89
|
+
overlapping_port_entries(ingress_entries(ip4_entries(nacl.network_acl_entries))).flatten.uniq
|
|
90
|
+
end
|
|
91
|
+
|
|
92
|
+
def violating_ip6_nacl_entries(nacl)
|
|
93
|
+
overlapping_port_entries(egress_entries(ip6_entries(nacl.network_acl_entries))).flatten.uniq &&
|
|
94
|
+
overlapping_port_entries(ingress_entries(ip6_entries(nacl.network_acl_entries))).flatten.uniq
|
|
74
95
|
end
|
|
75
96
|
end
|