Class: WafWebAclDefaultActionRule

Inherits:

BaseRule

Object
BaseRule
WafWebAclDefaultActionRule

show all

Defined in:: lib/cfn-nag/custom_rules/WafWebAclDefaultActionRule.rb

Instance Method Summary collapse

Methods inherited from BaseRule

#audit

Instance Method Details

#audit_impl(cfn_model) ⇒ `Object`

# File 'lib/cfn-nag/custom_rules/WafWebAclDefaultActionRule.rb', line 27

def audit_impl(cfn_model)
  violating_web_acls = cfn_model.resources_by_type('AWS::WAF::WebACL').select do |web_acl|
    web_acl.defaultAction['Type'] == 'ALLOW'
  end

  violating_web_acls.map { |web_acl| web_acl.logical_resource_id }
end

#rule_id ⇒ `Object`



23
24
25

# File 'lib/cfn-nag/custom_rules/WafWebAclDefaultActionRule.rb', line 23

def rule_id
  'F665'
end

#rule_text ⇒ `Object`



15
16
17

# File 'lib/cfn-nag/custom_rules/WafWebAclDefaultActionRule.rb', line 15

def rule_text
  'WebAcl DefaultAction should not be ALLOW'
end

#rule_type ⇒ `Object`



19
20
21

# File 'lib/cfn-nag/custom_rules/WafWebAclDefaultActionRule.rb', line 19

def rule_type
  Violation::FAILING_VIOLATION
end

Class: WafWebAclDefaultActionRule

Instance Method Summary collapse

Methods inherited from BaseRule

Instance Method Details

#audit_impl(cfn_model) ⇒ Object

#rule_id ⇒ Object

#rule_text ⇒ Object

#rule_type ⇒ Object

#audit_impl(cfn_model) ⇒ `Object`

#rule_id ⇒ `Object`

#rule_text ⇒ `Object`

#rule_type ⇒ `Object`