10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
|
# File 'lib/custom_rules/unencrypted_s3_put_allowed.rb', line 10
def audit(cfn_model)
logical_resource_ids = []
cfn_model.bucket_policies.each do |bucket_policy|
found_statement = bucket_policy.statements.find do |statement|
blocks_put_object_without_encryption(statement)
end
if found_statement.nil?
logical_resource_ids << bucket_policy.logical_resource_id
end
end
if logical_resource_ids.size > 0
Violation.new(type: Violation::WARNING,
message: rule_text,
logical_resource_ids: logical_resource_ids)
else
nil
end
end
|