Class: UnencryptedS3PutObjectAllowedRule

Inherits:
Object
  • Object
show all
Defined in:
lib/custom_rules/unencrypted_s3_put_allowed.rb

Instance Method Summary collapse

Instance Method Details

#audit(cfn_model) ⇒ Object 



18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
 
# File 'lib/custom_rules/unencrypted_s3_put_allowed.rb', line 18

def audit(cfn_model)
  logical_resource_ids = []
  cfn_model.bucket_policies.each do |bucket_policy|
    found_statement = bucket_policy.statements.find do |statement|
      blocks_put_object_without_encryption(statement)
    end
    if found_statement.nil?
      logical_resource_ids << bucket_policy.logical_resource_id
    end
  end

  if logical_resource_ids.size > 0
    Violation.new(id: rule_id,
                  type: rule_type,
                  message: rule_text,
                  logical_resource_ids: logical_resource_ids)
  else
    nil
  end
end

#rule_idObject 



14
15
16
 
# File 'lib/custom_rules/unencrypted_s3_put_allowed.rb', line 14

def rule_id
  'W1000'
end

#rule_textObject 



6
7
8
 
# File 'lib/custom_rules/unencrypted_s3_put_allowed.rb', line 6

def rule_text
  'It appears that the S3 Bucket Policy allows s3:PutObject without server-side encryption'
end

#rule_typeObject 



10
11
12
 
# File 'lib/custom_rules/unencrypted_s3_put_allowed.rb', line 10

def rule_type
  Violation::WARNING
end