Class: CfnNag
- Inherits:
-
Object
- Object
- CfnNag
- Defined in:
- lib/cfn-nag/cfn_nag.rb
Overview
Top-level CfnNag class for running profiles
Class Method Summary collapse
-
.configure_logging(opts) ⇒ Object
rubocop:enable Metrics/MethodLength.
Instance Method Summary collapse
-
#audit(cloudformation_string:, parameter_values_string: nil) ⇒ Object
Given cloudformation json/yml, run all the rules against it.
-
#audit_aggregate_across_files(input_path:, parameter_values_path: nil) ⇒ Object
Given a file or directory path, return aggregate results.
-
#audit_aggregate_across_files_and_render_results(input_path:, output_format: 'txt', parameter_values_path: nil) ⇒ Object
Given a file or directory path, emit aggregate results to stdout.
-
#initialize(profile_definition: nil, rule_directory: nil, allow_suppression: true, print_suppression: false, isolate_custom_rule_exceptions: false) ⇒ CfnNag
constructor
A new instance of CfnNag.
Constructor Details
#initialize(profile_definition: nil, rule_directory: nil, allow_suppression: true, print_suppression: false, isolate_custom_rule_exceptions: false) ⇒ CfnNag
Returns a new instance of CfnNag.
12 13 14 15 16 17 18 19 20 21 22 23 24 |
# File 'lib/cfn-nag/cfn_nag.rb', line 12 def initialize(profile_definition: nil, rule_directory: nil, allow_suppression: true, print_suppression: false, isolate_custom_rule_exceptions: false) @rule_directory = rule_directory @custom_rule_loader = CustomRuleLoader.new( rule_directory: rule_directory, allow_suppression: allow_suppression, print_suppression: print_suppression, isolate_custom_rule_exceptions: isolate_custom_rule_exceptions ) @profile_definition = profile_definition end |
Class Method Details
.configure_logging(opts) ⇒ Object
rubocop:enable Metrics/MethodLength
94 95 96 97 98 99 100 101 102 103 |
# File 'lib/cfn-nag/cfn_nag.rb', line 94 def self.configure_logging(opts) logger = Logging.logger['log'] logger.level = if opts[:debug] :debug else :info end logger.add_appenders Logging.appenders.stdout end |
Instance Method Details
#audit(cloudformation_string:, parameter_values_string: nil) ⇒ Object
Given cloudformation json/yml, run all the rules against it
Optionally include JSON with Parameters key to substitute into cfn_model.parameters
Return a hash with failure count
77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 |
# File 'lib/cfn-nag/cfn_nag.rb', line 77 def audit(cloudformation_string:, parameter_values_string: nil) violations = [] cfn_model = CfnParser.new.parse cloudformation_string, parameter_values_string violations += @custom_rule_loader.execute_custom_rules(cfn_model) violations = filter_violations_by_profile violations { failure_count: Violation.count_failures(violations), violations: violations } rescue Psych::SyntaxError, ParserError => parser_error violations << Violation.new(id: 'FATAL', type: Violation::FAILING_VIOLATION, message: parser_error.to_s) { failure_count: Violation.count_failures(violations), violations: violations } end |
#audit_aggregate_across_files(input_path:, parameter_values_path: nil) ⇒ Object
Given a file or directory path, return aggregate results
51 52 53 54 55 56 57 58 59 60 61 62 63 64 |
# File 'lib/cfn-nag/cfn_nag.rb', line 51 def audit_aggregate_across_files(input_path:, parameter_values_path: nil) parameter_values_string = \ parameter_values_path.nil? ? nil : IO.read(parameter_values_path) templates = TemplateDiscovery.new.discover_templates(input_path) aggregate_results = [] templates.each do |template| aggregate_results << { filename: template, file_results: audit(cloudformation_string: IO.read(template), parameter_values_string: parameter_values_string) } end aggregate_results end |
#audit_aggregate_across_files_and_render_results(input_path:, output_format: 'txt', parameter_values_path: nil) ⇒ Object
Given a file or directory path, emit aggregate results to stdout
Return an aggregate failure count (for exit code usage)
31 32 33 34 35 36 37 38 39 40 41 42 43 44 |
# File 'lib/cfn-nag/cfn_nag.rb', line 31 def audit_aggregate_across_files_and_render_results( input_path:, output_format: 'txt', parameter_values_path: nil ) aggregate_results = \ audit_aggregate_across_files input_path: input_path, parameter_values_path: parameter_values_path render_results(aggregate_results: aggregate_results, output_format: output_format) aggregate_results.inject(0) do |total_failure_count, results| total_failure_count + results[:file_results][:failure_count] end end |