Module: IpAddr
- Included in:
- SecurityGroupEgressOpenToWorldRule, SecurityGroupIngressCidrNon32Rule, SecurityGroupIngressOpenToWorldRule
- Defined in:
- lib/cfn-nag/ip_addr.rb
Instance Method Summary collapse
- #ip4_cidr_range?(ingress) ⇒ Boolean
- #ip4_open?(ingress) ⇒ Boolean
- #ip6_cidr_range?(ingress) ⇒ Boolean
- #ip6_open?(ingress) ⇒ Boolean
-
#normalize_cidr_ip6(ingress) ⇒ Object
If it’s a string, just pass through If it’s a symbol - probably because the YAML.load call treats an unquoted ::/0 as a the symbol :‘:/0’ Otherwise it’s probably a Ref or whatever and we aren’t going to do anything with it.
Instance Method Details
#ip4_cidr_range?(ingress) ⇒ Boolean
18 19 20 |
# File 'lib/cfn-nag/ip_addr.rb', line 18 def ip4_cidr_range?(ingress) ingress.cidrIp.is_a?(String) && !ingress.cidrIp.end_with?('/32') end |
#ip4_open?(ingress) ⇒ Boolean
4 5 6 7 |
# File 'lib/cfn-nag/ip_addr.rb', line 4 def ip4_open?(ingress) # only care about literals. if a Hash/Ref not going to chase it down given likely a Parameter with external val ingress.cidrIp.is_a?(String) && ingress.cidrIp == '0.0.0.0/0' end |
#ip6_cidr_range?(ingress) ⇒ Boolean
22 23 24 25 26 27 28 |
# File 'lib/cfn-nag/ip_addr.rb', line 22 def ip6_cidr_range?(ingress) normalized_cidr_ip6 = normalize_cidr_ip6(ingress) return false if normalized_cidr_ip6.nil? # only care about literals. if a Hash/Ref not going to chase it down given likely a Parameter with external val !NetAddr::CIDRv6.create(normalized_cidr_ip6).to_s.end_with?('/128') end |
#ip6_open?(ingress) ⇒ Boolean
10 11 12 13 14 15 16 |
# File 'lib/cfn-nag/ip_addr.rb', line 10 def ip6_open?(ingress) normalized_cidr_ip6 = normalize_cidr_ip6(ingress) return false if normalized_cidr_ip6.nil? # only care about literals. if a Hash/Ref not going to chase it down given likely a Parameter with external val (NetAddr::CIDRv6.create(normalized_cidr_ip6) == NetAddr::CIDRv6.create('::/0')) end |
#normalize_cidr_ip6(ingress) ⇒ Object
If it’s a string, just pass through If it’s a symbol - probably because the YAML.load call treats an unquoted ::/0 as a the symbol :‘:/0’ Otherwise it’s probably a Ref or whatever and we aren’t going to do anything with it
35 36 37 38 39 40 41 42 43 |
# File 'lib/cfn-nag/ip_addr.rb', line 35 def normalize_cidr_ip6(ingress) if ingress.cidrIpv6.is_a?(Symbol) ":#{ingress.cidrIpv6.to_s}" elsif ingress.cidrIpv6.is_a?(String) ingress.cidrIpv6 else nil end end |