npm - @critiq/rules - Versions diffs - 0.2.0 → 0.3.0 - Mend

@critiq/rules 0.2.0 → 0.3.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (199) hide show

package/rules/cfn/cfn.maintainability.ref-getatt-to-resource-that-is-available-when-conditions-are-applied.rule.yaml ADDED Viewed

@@ -0,0 +1,49 @@
+apiVersion: critiq.dev/v1alpha1
+kind: Rule
+metadata:
+  id: cfn.maintainability.ref-getatt-to-resource-that-is-available-when-conditions-are-applied
+  title: Ref/getatt to resource that is available when conditions are applied
+  summary: Ref/getatt to resource that is available when conditions are applied
+  rationale: cfn-lint reports W1001 when Ref/getatt to resource that is available when conditions are applied.
+  aliases:
+    - CFLIN-W1001
+  tags:
+    - cfn
+    - cfn-lint
+    - cloudformation
+    - w1001
+    - rules-catalog
+  stability: stable
+  appliesTo: file
+  detection:
+    kind: pattern
+scope:
+  languages:
+    - all
+  paths:
+    include:
+      - "**/*.yaml"
+      - "**/*.yml"
+      - "**/*.json"
+    exclude:
+      - "**/node_modules/**"
+match:
+  fact:
+    kind: cfn.lint.finding
+    bind: finding
+    where:
+      - path: ruleId
+        equals: W1001
+emit:
+  finding:
+    category: maintainability.configuration
+    severity: medium
+    confidence: 0.85
+    tags:
+      - cfn
+      - cloudformation
+  message:
+    title: Ref/getatt to resource that is available when conditions are applied
+    summary: "${captures.finding.text} matches cfn-lint W1001."
+  remediation:
+    summary: Resolve the cfn-lint W1001 finding in this CloudFormation template.

package/rules/cfn/cfn.maintainability.resource-limit.rule.yaml ADDED Viewed

@@ -0,0 +1,49 @@
+apiVersion: critiq.dev/v1alpha1
+kind: Rule
+metadata:
+  id: cfn.maintainability.resource-limit
+  title: Resource limit
+  summary: Resource limit
+  rationale: cfn-lint reports I3010 when Resource limit.
+  aliases:
+    - CFLIN-I3010
+  tags:
+    - cfn
+    - cfn-lint
+    - cloudformation
+    - i3010
+    - rules-catalog
+  stability: stable
+  appliesTo: file
+  detection:
+    kind: pattern
+scope:
+  languages:
+    - all
+  paths:
+    include:
+      - "**/*.yaml"
+      - "**/*.yml"
+      - "**/*.json"
+    exclude:
+      - "**/node_modules/**"
+match:
+  fact:
+    kind: cfn.lint.finding
+    bind: finding
+    where:
+      - path: ruleId
+        equals: I3010
+emit:
+  finding:
+    category: maintainability.configuration
+    severity: low
+    confidence: 0.8
+    tags:
+      - cfn
+      - cloudformation
+  message:
+    title: Resource limit
+    summary: "${captures.finding.text} matches cfn-lint I3010."
+  remediation:
+    summary: Resolve the cfn-lint I3010 finding in this CloudFormation template.

package/rules/cfn/cfn.maintainability.resource-name-limit.rule.yaml ADDED Viewed

@@ -0,0 +1,49 @@
+apiVersion: critiq.dev/v1alpha1
+kind: Rule
+metadata:
+  id: cfn.maintainability.resource-name-limit
+  title: Resource name limit
+  summary: Resource name limit
+  rationale: cfn-lint reports I3012 when Resource name limit.
+  aliases:
+    - CFLIN-I3012
+  tags:
+    - cfn
+    - cfn-lint
+    - cloudformation
+    - i3012
+    - rules-catalog
+  stability: stable
+  appliesTo: file
+  detection:
+    kind: pattern
+scope:
+  languages:
+    - all
+  paths:
+    include:
+      - "**/*.yaml"
+      - "**/*.yml"
+      - "**/*.json"
+    exclude:
+      - "**/node_modules/**"
+match:
+  fact:
+    kind: cfn.lint.finding
+    bind: finding
+    where:
+      - path: ruleId
+        equals: I3012
+emit:
+  finding:
+    category: maintainability.configuration
+    severity: low
+    confidence: 0.8
+    tags:
+      - cfn
+      - cloudformation
+  message:
+    title: Resource name limit
+    summary: "${captures.finding.text} matches cfn-lint I3012."
+  remediation:
+    summary: Resolve the cfn-lint I3012 finding in this CloudFormation template.

package/rules/cfn/cfn.maintainability.sub-isn-t-needed-if-it-doesn-t-have-a-variable-defined.rule.yaml ADDED Viewed

@@ -0,0 +1,49 @@
+apiVersion: critiq.dev/v1alpha1
+kind: Rule
+metadata:
+  id: cfn.maintainability.sub-isn-t-needed-if-it-doesn-t-have-a-variable-defined
+  title: "Sub isn't needed if it doesn't have a variable defined"
+  summary: "Sub isn't needed if it doesn't have a variable defined"
+  rationale: "cfn-lint reports W1020 when Sub isn't needed if it doesn't have a variable defined."
+  aliases:
+    - CFLIN-W1020
+  tags:
+    - cfn
+    - cfn-lint
+    - cloudformation
+    - w1020
+    - rules-catalog
+  stability: stable
+  appliesTo: file
+  detection:
+    kind: pattern
+scope:
+  languages:
+    - all
+  paths:
+    include:
+      - "**/*.yaml"
+      - "**/*.yml"
+      - "**/*.json"
+    exclude:
+      - "**/node_modules/**"
+match:
+  fact:
+    kind: cfn.lint.finding
+    bind: finding
+    where:
+      - path: ruleId
+        equals: W1020
+emit:
+  finding:
+    category: maintainability.configuration
+    severity: medium
+    confidence: 0.85
+    tags:
+      - cfn
+      - cloudformation
+  message:
+    title: "Sub isn't needed if it doesn't have a variable defined"
+    summary: "${captures.finding.text} matches cfn-lint W1020."
+  remediation:
+    summary: Resolve the cfn-lint W1020 finding in this CloudFormation template.

package/rules/cfn/cfn.maintainability.sub-validation-of-parameters-w1019.rule.yaml ADDED Viewed

@@ -0,0 +1,49 @@
+apiVersion: critiq.dev/v1alpha1
+kind: Rule
+metadata:
+  id: cfn.maintainability.sub-validation-of-parameters-w1019
+  title: Sub validation of parameters
+  summary: Sub validation of parameters
+  rationale: cfn-lint reports W1019 when Sub validation of parameters.
+  aliases:
+    - CFLIN-W1019
+  tags:
+    - cfn
+    - cfn-lint
+    - cloudformation
+    - w1019
+    - rules-catalog
+  stability: stable
+  appliesTo: file
+  detection:
+    kind: pattern
+scope:
+  languages:
+    - all
+  paths:
+    include:
+      - "**/*.yaml"
+      - "**/*.yml"
+      - "**/*.json"
+    exclude:
+      - "**/node_modules/**"
+match:
+  fact:
+    kind: cfn.lint.finding
+    bind: finding
+    where:
+      - path: ruleId
+        equals: W1019
+emit:
+  finding:
+    category: maintainability.configuration
+    severity: medium
+    confidence: 0.85
+    tags:
+      - cfn
+      - cloudformation
+  message:
+    title: Sub validation of parameters
+    summary: "${captures.finding.text} matches cfn-lint W1019."
+  remediation:
+    summary: Resolve the cfn-lint W1019 finding in this CloudFormation template.

package/rules/cfn/cfn.maintainability.template-description-limit-i1003.rule.yaml ADDED Viewed

@@ -0,0 +1,49 @@
+apiVersion: critiq.dev/v1alpha1
+kind: Rule
+metadata:
+  id: cfn.maintainability.template-description-limit-i1003
+  title: Template description limit
+  summary: Template description limit
+  rationale: cfn-lint reports I1003 when Template description limit.
+  aliases:
+    - CFLIN-I1003
+  tags:
+    - cfn
+    - cfn-lint
+    - cloudformation
+    - i1003
+    - rules-catalog
+  stability: stable
+  appliesTo: file
+  detection:
+    kind: pattern
+scope:
+  languages:
+    - all
+  paths:
+    include:
+      - "**/*.yaml"
+      - "**/*.yml"
+      - "**/*.json"
+    exclude:
+      - "**/node_modules/**"
+match:
+  fact:
+    kind: cfn.lint.finding
+    bind: finding
+    where:
+      - path: ruleId
+        equals: I1003
+emit:
+  finding:
+    category: maintainability.configuration
+    severity: low
+    confidence: 0.8
+    tags:
+      - cfn
+      - cloudformation
+  message:
+    title: Template description limit
+    summary: "${captures.finding.text} matches cfn-lint I1003."
+  remediation:
+    summary: Resolve the cfn-lint I1003 finding in this CloudFormation template.

package/rules/cfn/cfn.maintainability.template-size-limit-i1002.rule.yaml ADDED Viewed

@@ -0,0 +1,49 @@
+apiVersion: critiq.dev/v1alpha1
+kind: Rule
+metadata:
+  id: cfn.maintainability.template-size-limit-i1002
+  title: Template size limit
+  summary: Template size limit
+  rationale: cfn-lint reports I1002 when Template size limit.
+  aliases:
+    - CFLIN-I1002
+  tags:
+    - cfn
+    - cfn-lint
+    - cloudformation
+    - i1002
+    - rules-catalog
+  stability: stable
+  appliesTo: file
+  detection:
+    kind: pattern
+scope:
+  languages:
+    - all
+  paths:
+    include:
+      - "**/*.yaml"
+      - "**/*.yml"
+      - "**/*.json"
+    exclude:
+      - "**/node_modules/**"
+match:
+  fact:
+    kind: cfn.lint.finding
+    bind: finding
+    where:
+      - path: ruleId
+        equals: I1002
+emit:
+  finding:
+    category: maintainability.configuration
+    severity: low
+    confidence: 0.8
+    tags:
+      - cfn
+      - cloudformation
+  message:
+    title: Template size limit
+    summary: "${captures.finding.text} matches cfn-lint I1002."
+  remediation:
+    summary: Resolve the cfn-lint I1002 finding in this CloudFormation template.

package/rules/cfn/cfn.maintainability.use-sub-instead-of-join.rule.yaml ADDED Viewed

@@ -0,0 +1,49 @@
+apiVersion: critiq.dev/v1alpha1
+kind: Rule
+metadata:
+  id: cfn.maintainability.use-sub-instead-of-join
+  title: Use sub instead of join
+  summary: Use sub instead of join
+  rationale: cfn-lint reports I1022 when Use sub instead of join.
+  aliases:
+    - CFLIN-I1022
+  tags:
+    - cfn
+    - cfn-lint
+    - cloudformation
+    - i1022
+    - rules-catalog
+  stability: stable
+  appliesTo: file
+  detection:
+    kind: pattern
+scope:
+  languages:
+    - all
+  paths:
+    include:
+      - "**/*.yaml"
+      - "**/*.yml"
+      - "**/*.json"
+    exclude:
+      - "**/node_modules/**"
+match:
+  fact:
+    kind: cfn.lint.finding
+    bind: finding
+    where:
+      - path: ruleId
+        equals: I1022
+emit:
+  finding:
+    category: maintainability.configuration
+    severity: low
+    confidence: 0.8
+    tags:
+      - cfn
+      - cloudformation
+  message:
+    title: Use sub instead of join
+    summary: "${captures.finding.text} matches cfn-lint I1022."
+  remediation:
+    summary: Resolve the cfn-lint I1022 finding in this CloudFormation template.

package/rules/cfn/cfn.maintainability.validate-that-snapstart-is-configured-for-java11-runtimes.rule.yaml ADDED Viewed

@@ -0,0 +1,49 @@
+apiVersion: critiq.dev/v1alpha1
+kind: Rule
+metadata:
+  id: cfn.maintainability.validate-that-snapstart-is-configured-for-java11-runtimes
+  title: "Validate that snapstart is configured for >= java11 runtimes"
+  summary: "Validate that snapstart is configured for >= java11 runtimes"
+  rationale: "cfn-lint reports I2530 when Validate that snapstart is configured for >= java11 runtimes."
+  aliases:
+    - CFLIN-I2530
+  tags:
+    - cfn
+    - cfn-lint
+    - cloudformation
+    - i2530
+    - rules-catalog
+  stability: stable
+  appliesTo: file
+  detection:
+    kind: pattern
+scope:
+  languages:
+    - all
+  paths:
+    include:
+      - "**/*.yaml"
+      - "**/*.yml"
+      - "**/*.json"
+    exclude:
+      - "**/node_modules/**"
+match:
+  fact:
+    kind: cfn.lint.finding
+    bind: finding
+    where:
+      - path: ruleId
+        equals: I2530
+emit:
+  finding:
+    category: maintainability.configuration
+    severity: low
+    confidence: 0.8
+    tags:
+      - cfn
+      - cloudformation
+  message:
+    title: "Validate that snapstart is configured for >= java11 runtimes"
+    summary: "${captures.finding.text} matches cfn-lint I2530."
+  remediation:
+    summary: Resolve the cfn-lint I2530 finding in this CloudFormation template.

package/rules/cfn/cfn.maintainability.validate-that-snapstart-is-properly-configured.rule.yaml ADDED Viewed

@@ -0,0 +1,49 @@
+apiVersion: critiq.dev/v1alpha1
+kind: Rule
+metadata:
+  id: cfn.maintainability.validate-that-snapstart-is-properly-configured
+  title: Validate that snapstart is properly configured
+  summary: Validate that snapstart is properly configured
+  rationale: cfn-lint reports W2530 when Validate that snapstart is properly configured.
+  aliases:
+    - CFLIN-W2530
+  tags:
+    - cfn
+    - cfn-lint
+    - cloudformation
+    - w2530
+    - rules-catalog
+  stability: stable
+  appliesTo: file
+  detection:
+    kind: pattern
+scope:
+  languages:
+    - all
+  paths:
+    include:
+      - "**/*.yaml"
+      - "**/*.yml"
+      - "**/*.json"
+    exclude:
+      - "**/node_modules/**"
+match:
+  fact:
+    kind: cfn.lint.finding
+    bind: finding
+    where:
+      - path: ruleId
+        equals: W2530
+emit:
+  finding:
+    category: maintainability.configuration
+    severity: medium
+    confidence: 0.85
+    tags:
+      - cfn
+      - cloudformation
+  message:
+    title: Validate that snapstart is properly configured
+    summary: "${captures.finding.text} matches cfn-lint W2530."
+  remediation:
+    summary: Resolve the cfn-lint W2530 finding in this CloudFormation template.

package/rules/cfn/cfn.maintainability.warn-when-properties-are-configured-to-only-work-with-the-package-command.rule.yaml ADDED Viewed

@@ -0,0 +1,49 @@
+apiVersion: critiq.dev/v1alpha1
+kind: Rule
+metadata:
+  id: cfn.maintainability.warn-when-properties-are-configured-to-only-work-with-the-package-command
+  title: Warn when properties are configured to only work with the package command
+  summary: Warn when properties are configured to only work with the package command
+  rationale: cfn-lint reports W3002 when Warn when properties are configured to only work with the package command.
+  aliases:
+    - CFLIN-W3002
+  tags:
+    - cfn
+    - cfn-lint
+    - cloudformation
+    - w3002
+    - rules-catalog
+  stability: stable
+  appliesTo: file
+  detection:
+    kind: pattern
+scope:
+  languages:
+    - all
+  paths:
+    include:
+      - "**/*.yaml"
+      - "**/*.yml"
+      - "**/*.json"
+    exclude:
+      - "**/node_modules/**"
+match:
+  fact:
+    kind: cfn.lint.finding
+    bind: finding
+    where:
+      - path: ruleId
+        equals: W3002
+emit:
+  finding:
+    category: maintainability.configuration
+    severity: medium
+    confidence: 0.85
+    tags:
+      - cfn
+      - cloudformation
+  message:
+    title: Warn when properties are configured to only work with the package command
+    summary: "${captures.finding.text} matches cfn-lint W3002."
+  remediation:
+    summary: Resolve the cfn-lint W3002 finding in this CloudFormation template.

package/rules/cfn/cfn.security.check-dynamic-references-secure-strings-are-in-supported-locations.rule.yaml ADDED Viewed

@@ -0,0 +1,53 @@
+apiVersion: critiq.dev/v1alpha1
+kind: Rule
+metadata:
+  id: cfn.security.check-dynamic-references-secure-strings-are-in-supported-locations
+  title: Check dynamic references secure strings are in supported locations
+  summary: Check dynamic references secure strings are in supported locations
+  rationale: cfn-lint reports E1027 when Check dynamic references secure strings are in supported locations.
+  aliases:
+    - CFLIN-E1027
+  tags:
+    - cfn
+    - cfn-lint
+    - cloudformation
+    - e1027
+    - rules-catalog
+  stability: stable
+  appliesTo: file
+  detection:
+    kind: pattern
+  references:
+    - kind: url
+      title: AWS CloudFormation Linter (E1027)
+      url: https://github.com/aws-cloudformation/cfn-lint
+scope:
+  languages:
+    - all
+  paths:
+    include:
+      - "**/*.yaml"
+      - "**/*.yml"
+      - "**/*.json"
+    exclude:
+      - "**/node_modules/**"
+match:
+  fact:
+    kind: cfn.lint.finding
+    bind: finding
+    where:
+      - path: ruleId
+        equals: E1027
+emit:
+  finding:
+    category: security.configuration
+    severity: high
+    confidence: 0.9
+    tags:
+      - cfn
+      - cloudformation
+  message:
+    title: Check dynamic references secure strings are in supported locations
+    summary: "${captures.finding.text} matches cfn-lint E1027."
+  remediation:
+    summary: Resolve the cfn-lint E1027 finding in this CloudFormation template.

package/rules/cfn/cfn.security.check-for-noecho-references.rule.yaml ADDED Viewed

@@ -0,0 +1,53 @@
+apiVersion: critiq.dev/v1alpha1
+kind: Rule
+metadata:
+  id: cfn.security.check-for-noecho-references
+  title: Check for noecho references
+  summary: Check for noecho references
+  rationale: cfn-lint reports W4002 when Check for noecho references.
+  aliases:
+    - CFLIN-W4002
+  tags:
+    - cfn
+    - cfn-lint
+    - cloudformation
+    - w4002
+    - rules-catalog
+  stability: stable
+  appliesTo: file
+  detection:
+    kind: pattern
+  references:
+    - kind: url
+      title: AWS CloudFormation Linter (W4002)
+      url: https://github.com/aws-cloudformation/cfn-lint
+scope:
+  languages:
+    - all
+  paths:
+    include:
+      - "**/*.yaml"
+      - "**/*.yml"
+      - "**/*.json"
+    exclude:
+      - "**/node_modules/**"
+match:
+  fact:
+    kind: cfn.lint.finding
+    bind: finding
+    where:
+      - path: ruleId
+        equals: W4002
+emit:
+  finding:
+    category: security.configuration
+    severity: medium
+    confidence: 0.85
+    tags:
+      - cfn
+      - cloudformation
+  message:
+    title: Check for noecho references
+    summary: "${captures.finding.text} matches cfn-lint W4002."
+  remediation:
+    summary: Resolve the cfn-lint W4002 finding in this CloudFormation template.

package/rules/cfn/cfn.security.check-iam-permission-configuration.rule.yaml ADDED Viewed

@@ -0,0 +1,53 @@
+apiVersion: critiq.dev/v1alpha1
+kind: Rule
+metadata:
+  id: cfn.security.check-iam-permission-configuration
+  title: Check iam permission configuration
+  summary: Check iam permission configuration
+  rationale: cfn-lint reports W3037 when Check iam permission configuration.
+  aliases:
+    - CFLIN-W3037
+  tags:
+    - cfn
+    - cfn-lint
+    - cloudformation
+    - w3037
+    - rules-catalog
+  stability: stable
+  appliesTo: file
+  detection:
+    kind: pattern
+  references:
+    - kind: url
+      title: AWS CloudFormation Linter (W3037)
+      url: https://github.com/aws-cloudformation/cfn-lint
+scope:
+  languages:
+    - all
+  paths:
+    include:
+      - "**/*.yaml"
+      - "**/*.yml"
+      - "**/*.json"
+    exclude:
+      - "**/node_modules/**"
+match:
+  fact:
+    kind: cfn.lint.finding
+    bind: finding
+    where:
+      - path: ruleId
+        equals: W3037
+emit:
+  finding:
+    category: security.configuration
+    severity: medium
+    confidence: 0.85
+    tags:
+      - cfn
+      - cloudformation
+  message:
+    title: Check iam permission configuration
+    summary: "${captures.finding.text} matches cfn-lint W3037."
+  remediation:
+    summary: Resolve the cfn-lint W3037 finding in this CloudFormation template.