Class: CfnNag

Inherits:

Object

Object
CfnNag

show all

Defined in:: lib/cfn-nag/cfn_nag.rb

Overview

Top-level CfnNag class for running profiles

Class Method Summary collapse

.configure_logging(opts) ⇒ Object

rubocop:enable Metrics/MethodLength.

Instance Method Summary collapse

#audit(cloudformation_string:, parameter_values_string: nil) ⇒ Object

Given cloudformation json/yml, run all the rules against it.
#audit_aggregate_across_files(input_path:, parameter_values_path: nil) ⇒ Object

Given a file or directory path, return aggregate results.
#audit_aggregate_across_files_and_render_results(input_path:, output_format: 'txt', parameter_values_path: nil) ⇒ Object

Given a file or directory path, emit aggregate results to stdout.
#initialize(profile_definition: nil, rule_directory: nil, allow_suppression: true, print_suppression: false, isolate_custom_rule_exceptions: false) ⇒ CfnNag constructor

A new instance of CfnNag.

Constructor Details

#initialize(profile_definition: nil, rule_directory: nil, allow_suppression: true, print_suppression: false, isolate_custom_rule_exceptions: false) ⇒ `CfnNag`

Returns a new instance of CfnNag.

# File 'lib/cfn-nag/cfn_nag.rb', line 12

def initialize(profile_definition: nil,
               rule_directory: nil,
               allow_suppression: true,
               print_suppression: false,
               isolate_custom_rule_exceptions: false)
  @rule_directory = rule_directory
  @custom_rule_loader = CustomRuleLoader.new(
    rule_directory: rule_directory, allow_suppression: allow_suppression,
    print_suppression: print_suppression,
    isolate_custom_rule_exceptions: isolate_custom_rule_exceptions
  )
  @profile_definition = profile_definition
end

Class Method Details

.configure_logging(opts) ⇒ `Object`

rubocop:enable Metrics/MethodLength

# File 'lib/cfn-nag/cfn_nag.rb', line 94

def self.configure_logging(opts)
  logger = Logging.logger['log']
  logger.level = if opts[:debug]
                   :debug
                 else
                   :info
                 end

  logger.add_appenders Logging.appenders.stdout
end

Instance Method Details

#audit(cloudformation_string:, parameter_values_string: nil) ⇒ `Object`

Given cloudformation json/yml, run all the rules against it

Optionally include JSON with Parameters key to substitute into cfn_model.parameters

Return a hash with failure count

# File 'lib/cfn-nag/cfn_nag.rb', line 77

def audit(cloudformation_string:, parameter_values_string: nil)
  violations = []
  cfn_model = CfnParser.new.parse cloudformation_string,
                                  parameter_values_string
  violations += @custom_rule_loader.execute_custom_rules(cfn_model)
  violations = filter_violations_by_profile violations
  { failure_count: Violation.count_failures(violations),
    violations: violations }
rescue Psych::SyntaxError, ParserError => parser_error
  violations << Violation.new(id: 'FATAL',
                              type: Violation::FAILING_VIOLATION,
                              message: parser_error.to_s)
  { failure_count: Violation.count_failures(violations),
    violations: violations }
end

#audit_aggregate_across_files(input_path:, parameter_values_path: nil) ⇒ `Object`

Given a file or directory path, return aggregate results

# File 'lib/cfn-nag/cfn_nag.rb', line 51

def audit_aggregate_across_files(input_path:, parameter_values_path: nil)
  parameter_values_string = \
    parameter_values_path.nil? ? nil : IO.read(parameter_values_path)
  templates = TemplateDiscovery.new.discover_templates(input_path)
  aggregate_results = []
  templates.each do |template|
    aggregate_results << {
      filename: template,
      file_results: audit(cloudformation_string: IO.read(template),
                          parameter_values_string: parameter_values_string)
    }
  end
  aggregate_results
end

#audit_aggregate_across_files_and_render_results(input_path:, output_format: 'txt', parameter_values_path: nil) ⇒ `Object`

Given a file or directory path, emit aggregate results to stdout

Return an aggregate failure count (for exit code usage)

# File 'lib/cfn-nag/cfn_nag.rb', line 31

def audit_aggregate_across_files_and_render_results(
  input_path:, output_format: 'txt', parameter_values_path: nil
)
  aggregate_results = \
    audit_aggregate_across_files input_path: input_path,
                                 parameter_values_path: parameter_values_path

  render_results(aggregate_results: aggregate_results,
                 output_format: output_format)

  aggregate_results.inject(0) do |total_failure_count, results|
    total_failure_count + results[:file_results][:failure_count]
  end
end