Class: BaseRule

Inherits:
Object
  • Object
show all
Defined in:
lib/cfn-nag/custom_rules/base.rb

Overview

Base class all Rules should subclass

Direct Known Subclasses

CloudFormationAuthenticationRule, CloudFrontDistributionAccessLoggingRule, EFSFileSystemEncryptedRule, EbsVolumeHasSseRule, ElastiCacheReplicationGroupAtRestEncryptionRule, ElastiCacheReplicationGroupTransitEncryptionRule, ElasticLoadBalancerAccessLoggingRule, IamManagedPolicyNotActionRule, IamManagedPolicyNotResourceRule, IamManagedPolicyWildcardActionRule, IamManagedPolicyWildcardResourceRule, IamPolicyNotActionRule, IamPolicyNotResourceRule, IamPolicyWildcardActionRule, IamPolicyWildcardResourceRule, IamRoleNotActionOnPermissionsPolicyRule, IamRoleNotActionOnTrustPolicyRule, IamRoleNotPrincipalOnTrustPolicyRule, IamRoleNotResourceOnPermissionsPolicyRule, IamRoleWildcardActionOnPermissionsPolicyRule, IamRoleWildcardActionOnTrustPolicyRule, IamRoleWildcardResourceOnPermissionsPolicyRule, LambdaPermissionInvokeFunctionActionRule, LambdaPermissionWildcardPrincipalRule, ManagedPolicyOnUserRule, PolicyOnUserRule, RDSDBClusterStorageEncryptedRule, RDSDBInstanceStorageEncryptedRule, RDSInstanceMasterUserPasswordRule, RDSInstanceMasterUsernameRule, RDSInstancePubliclyAccessibleRule, RedshiftClusterEncryptedRule, S3BucketPolicyNotActionRule, S3BucketPolicyNotPrincipalRule, S3BucketPolicyWildcardActionRule, S3BucketPolicyWildcardPrincipalRule, S3BucketPublicReadAclRule, S3BucketPublicReadWriteAclRule, SecurityGroupEgressOpenToWorldRule, SecurityGroupEgressPortRangeRule, SecurityGroupIngressCidrNon32Rule, SecurityGroupIngressOpenToWorldRule, SecurityGroupIngressPortRangeRule, SecurityGroupMissingEgressRule, SnsTopicPolicyNotActionRule, SnsTopicPolicyNotPrincipalRule, SnsTopicPolicyWildcardPrincipalRule, SqsQueuePolicyNotActionRule, SqsQueuePolicyNotPrincipalRule, SqsQueuePolicyWildcardActionRule, SqsQueuePolicyWildcardPrincipalRule, UserHasInlinePolicyRule, UserMissingGroupRule, WafWebAclDefaultActionRule, WorkspacesWorkspaceEncryptionRule

Instance Method Summary collapse

Instance Method Details

#audit(cfn_model) ⇒ Object

Returns nil when there are no violations Returns a Violation object otherwise



16
17
18
19
20
21
22
23
 
# File 'lib/cfn-nag/custom_rules/base.rb', line 16

def audit(cfn_model)
  logical_resource_ids = audit_impl(cfn_model)
  return if logical_resource_ids.empty?
  Violation.new(id: rule_id,
                type: rule_type,
                message: rule_text,
                logical_resource_ids: logical_resource_ids)
end

#audit_impl(_cfn_model) ⇒ Object

Returns a collection of logical resource ids



8
9
10
 
# File 'lib/cfn-nag/custom_rules/base.rb', line 8

def audit_impl(_cfn_model)
  raise 'must implement in subclass'
end