Module: Rule
- Included in:
- CfnNag, SecurityGroupMissingEgressRule, UserMissingGroupRule
- Defined in:
- lib/rule.rb
Instance Attribute Summary collapse
-
#failure_count ⇒ Object
Returns the value of attribute failure_count.
-
#input_json_path ⇒ Object
Returns the value of attribute input_json_path.
Instance Method Summary collapse
- #assertion(jq:, message:) ⇒ Object
- #fatal_assertion(jq:, message:) ⇒ Object
- #fatal_violation(jq:, message:) ⇒ Object
- #message(message_type:, message:, logical_resource_ids: nil, violating_code: nil) ⇒ Object
- #raw_fatal_assertion(jq:, message:) ⇒ Object
- #raw_fatal_violation(jq:, message:) ⇒ Object
- #resources ⇒ Object
- #resources_by_type(resource) ⇒ Object
- #violation(jq:, message:) ⇒ Object
- #warning(jq:, message:) ⇒ Object
Instance Attribute Details
#failure_count ⇒ Object
Returns the value of attribute failure_count.
4 5 6 |
# File 'lib/rule.rb', line 4 def failure_count @failure_count end |
#input_json_path ⇒ Object
Returns the value of attribute input_json_path.
4 5 6 |
# File 'lib/rule.rb', line 4 def input_json_path @input_json_path end |
Instance Method Details
#assertion(jq:, message:) ⇒ Object
74 75 76 77 78 79 |
# File 'lib/rule.rb', line 74 def assertion(jq:, message:) failing_rule(jq_expression: jq, fail_if_found: false, message: , message_type: 'assertion') end |
#fatal_assertion(jq:, message:) ⇒ Object
42 43 44 45 46 47 48 |
# File 'lib/rule.rb', line 42 def fatal_assertion(jq:, message:) failing_rule(jq_expression: jq, fail_if_found: false, fatal: true, message: , message_type: 'fatal assertion') end |
#fatal_violation(jq:, message:) ⇒ Object
59 60 61 62 63 64 65 |
# File 'lib/rule.rb', line 59 def fatal_violation(jq:, message:) failing_rule(jq_expression: jq, fail_if_found: true, fatal: true, message: , message_type: 'fatal violation') end |
#message(message_type:, message:, logical_resource_ids: nil, violating_code: nil) ⇒ Object
81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 |
# File 'lib/rule.rb', line 81 def (message_type:, message:, logical_resource_ids: nil, violating_code: nil) if logical_resource_ids == [] logical_resource_ids = nil end (1..60).each { print '-' } puts puts "| #{.upcase}" puts '|' puts "| Resources: #{logical_resource_ids}" unless logical_resource_ids.nil? puts '|' unless logical_resource_ids.nil? puts "| #{}" unless violating_code.nil? puts '|' puts indent_multiline_string_with_prefix('|', violating_code.to_s) end end |
#raw_fatal_assertion(jq:, message:) ⇒ Object
33 34 35 36 37 38 39 40 |
# File 'lib/rule.rb', line 33 def raw_fatal_assertion(jq:, message:) failing_rule(jq_expression: jq, fail_if_found: false, fatal: true, message: , message_type: 'fatal assertion', raw: true) end |
#raw_fatal_violation(jq:, message:) ⇒ Object
50 51 52 53 54 55 56 57 |
# File 'lib/rule.rb', line 50 def raw_fatal_violation(jq:, message:) failing_rule(jq_expression: jq, fail_if_found: true, fatal: true, message: , message_type: 'fatal violation', raw: true) end |
#resources ⇒ Object
6 7 8 |
# File 'lib/rule.rb', line 6 def resources '.Resources|with_entries(.value.LogicalResourceId = .key)[]' end |
#resources_by_type(resource) ⇒ Object
10 11 12 |
# File 'lib/rule.rb', line 10 def resources_by_type(resource) "#{resources}| select(.Type == \"#{resource}\")" end |
#violation(jq:, message:) ⇒ Object
67 68 69 70 71 72 |
# File 'lib/rule.rb', line 67 def violation(jq:, message:) failing_rule(jq_expression: jq, fail_if_found: true, message: , message_type: 'violation') end |
#warning(jq:, message:) ⇒ Object
14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 |
# File 'lib/rule.rb', line 14 def warning(jq:, message:) Logging.logger['log'].debug jq stdout = jq_command(@input_json_path, jq) result = $?.exitstatus scrape_jq_output_for_error(stdout) resource_ids = parse_logical_resource_ids(stdout) new_warnings = resource_ids.size if result == 0 and new_warnings > 0 @warning_count ||= 0 @warning_count += new_warnings (message_type: 'warning', message: , logical_resource_ids: resource_ids) end end |