Class: UnencryptedS3PutObjectAllowedRule

Inherits:
Object
  • Object
show all
Defined in:
lib/custom_rules/unencrypted_s3_put_allowed.rb

Instance Method Summary collapse

Instance Method Details

#audit(cfn_model) ⇒ Object 



10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
 
# File 'lib/custom_rules/unencrypted_s3_put_allowed.rb', line 10

def audit(cfn_model)
  logical_resource_ids = []
  cfn_model.bucket_policies.each do |bucket_policy|
    found_statement = bucket_policy.statements.find do |statement|
      blocks_put_object_without_encryption(statement)
    end
    if found_statement.nil?
      logical_resource_ids << bucket_policy.logical_resource_id
    end
  end

  if logical_resource_ids.size > 0
    Violation.new(type: Violation::WARNING,
                  message: rule_text,
                  logical_resource_ids: logical_resource_ids)
  else
    nil
  end
end

#rule_textObject 



6
7
8
 
# File 'lib/custom_rules/unencrypted_s3_put_allowed.rb', line 6

def rule_text
  'It appears that the S3 Bucket Policy allows s3:PutObject without server-side encryption'
end