Class: CfnNag

Inherits:

Object

• Object
• CfnNag

Defined in:

lib/cfn-nag/cfn_nag.rb

Class Method Summary

• .configure_logging(opts) ⇒ Object

Instance Method Summary

• #audit(cloudformation_string:) ⇒ Object

  Given cloudformation json/yml, run all the rules against it.

• #audit_aggregate_across_files(input_path:) ⇒ Object

  Given a file or directory path, return aggregate results.

• #audit_aggregate_across_files_and_render_results(input_path:, output_format: 'txt') ⇒ Object

  Given a file or directory path, emit aggregate results to stdout.

• #initialize(profile_definition: nil, rule_directory: nil) ⇒ CfnNag constructor

  A new instance of CfnNag.

Constructor Details

#initialize(profile_definition: nil, rule_directory: nil) ⇒ CfnNag

Returns a new instance of CfnNag.

# File 'lib/cfn-nag/cfn_nag.rb', line 11

def initialize(profile_definition: nil,
               rule_directory: nil)
  @rule_directory = rule_directory
  @custom_rule_loader = CustomRuleLoader.new(rule_directory: rule_directory)
  @profile_definition = profile_definition
end

Class Method Details

.configure_logging(opts) ⇒ Object

# File 'lib/cfn-nag/cfn_nag.rb', line 78

def self.configure_logging(opts)
  logger = Logging.logger['log']
  if opts[:debug]
    logger.level = :debug
  else
    logger.level = :info
  end

  logger.add_appenders Logging.appenders.stdout
end

Instance Method Details

#audit(cloudformation_string:) ⇒ Object

Given cloudformation json/yml, run all the rules against it

Return a hash with failure count

# File 'lib/cfn-nag/cfn_nag.rb', line 55

def audit(cloudformation_string:)
  stop_processing = false
  violations = []

  begin
    cfn_model = CfnParser.new.parse cloudformation_string
  rescue ParserError => parser_error
    violations << Violation.new(id: 'FATAL',
                                type: Violation::FAILING_VIOLATION,
                                message: parser_error.to_s)
    stop_processing = true
  end

  violations += @custom_rule_loader.execute_custom_rules(cfn_model) unless stop_processing == true

  violations = filter_violations_by_profile violations unless stop_processing == true

  {
    failure_count: Violation.count_failures(violations),
    violations: violations
  }
end

#audit_aggregate_across_files(input_path:) ⇒ Object

Given a file or directory path, return aggregate results

# File 'lib/cfn-nag/cfn_nag.rb', line 38

def audit_aggregate_across_files(input_path:)
  templates = TemplateDiscovery.new.discover_templates(input_path)
  aggregate_results = []
  templates.each do |template|
    aggregate_results << {
      filename: template,
      file_results: audit(cloudformation_string: IO.read(template))
    }
  end
  aggregate_results
end

#audit_aggregate_across_files_and_render_results(input_path:, output_format: 'txt') ⇒ Object

Given a file or directory path, emit aggregate results to stdout

Return an aggregate failure count (for exit code usage)

# File 'lib/cfn-nag/cfn_nag.rb', line 23

def audit_aggregate_across_files_and_render_results(input_path:,
                                                    output_format:'txt')
  aggregate_results = audit_aggregate_across_files input_path: input_path

  render_results(aggregate_results: aggregate_results,
                 output_format: output_format)

  aggregate_results.inject(0) do |total_failure_count, results|
    total_failure_count + results[:file_results][:failure_count]
  end
end