Class: BaseRule
- Inherits:
-
Object
- Object
- BaseRule
- Defined in:
- lib/cfn-nag/custom_rules/base.rb
Overview
Base class all Rules should subclass
Direct Known Subclasses
CloudFormationAuthenticationRule, CloudFrontDistributionAccessLoggingRule, EFSFileSystemEncryptedRule, EbsVolumeHasSseRule, ElastiCacheReplicationGroupAtRestEncryptionRule, ElastiCacheReplicationGroupTransitEncryptionRule, ElasticLoadBalancerAccessLoggingRule, IamManagedPolicyNotActionRule, IamManagedPolicyNotResourceRule, IamManagedPolicyWildcardActionRule, IamManagedPolicyWildcardResourceRule, IamPolicyNotActionRule, IamPolicyNotResourceRule, IamPolicyWildcardActionRule, IamPolicyWildcardResourceRule, IamRoleNotActionOnPermissionsPolicyRule, IamRoleNotActionOnTrustPolicyRule, IamRoleNotPrincipalOnTrustPolicyRule, IamRoleNotResourceOnPermissionsPolicyRule, IamRoleWildcardActionOnPermissionsPolicyRule, IamRoleWildcardActionOnTrustPolicyRule, IamRoleWildcardResourceOnPermissionsPolicyRule, LambdaPermissionInvokeFunctionActionRule, LambdaPermissionWildcardPrincipalRule, ManagedPolicyOnUserRule, PolicyOnUserRule, RDSDBClusterStorageEncryptedRule, RDSDBInstanceStorageEncryptedRule, RDSInstanceMasterUserPasswordRule, RDSInstanceMasterUsernameRule, RDSInstancePubliclyAccessibleRule, RedshiftClusterEncryptedRule, S3BucketPolicyNotActionRule, S3BucketPolicyNotPrincipalRule, S3BucketPolicyWildcardActionRule, S3BucketPolicyWildcardPrincipalRule, S3BucketPublicReadAclRule, S3BucketPublicReadWriteAclRule, SecurityGroupEgressOpenToWorldRule, SecurityGroupEgressPortRangeRule, SecurityGroupIngressCidrNon32Rule, SecurityGroupIngressOpenToWorldRule, SecurityGroupIngressPortRangeRule, SecurityGroupMissingEgressRule, SnsTopicPolicyNotActionRule, SnsTopicPolicyNotPrincipalRule, SnsTopicPolicyWildcardPrincipalRule, SqsQueuePolicyNotActionRule, SqsQueuePolicyNotPrincipalRule, SqsQueuePolicyWildcardActionRule, SqsQueuePolicyWildcardPrincipalRule, UserHasInlinePolicyRule, UserMissingGroupRule, WafWebAclDefaultActionRule, WorkspacesWorkspaceEncryptionRule
Instance Method Summary collapse
-
#audit(cfn_model) ⇒ Object
Returns nil when there are no violations Returns a Violation object otherwise.
-
#audit_impl(_cfn_model) ⇒ Object
Returns a collection of logical resource ids.
Instance Method Details
#audit(cfn_model) ⇒ Object
Returns nil when there are no violations Returns a Violation object otherwise
16 17 18 19 20 21 22 23 |
# File 'lib/cfn-nag/custom_rules/base.rb', line 16 def audit(cfn_model) logical_resource_ids = audit_impl(cfn_model) return if logical_resource_ids.empty? Violation.new(id: rule_id, type: rule_type, message: rule_text, logical_resource_ids: logical_resource_ids) end |
#audit_impl(_cfn_model) ⇒ Object
Returns a collection of logical resource ids
8 9 10 |
# File 'lib/cfn-nag/custom_rules/base.rb', line 8 def audit_impl(_cfn_model) raise 'must implement in subclass' end |