Class: CfnNag
- Inherits:
-
Object
- Object
- CfnNag
- Defined in:
- lib/cfn-nag/cfn_nag.rb
Overview
Top-level CfnNag class for running profiles
Class Method Summary collapse
Instance Method Summary collapse
-
#audit(cloudformation_string:, parameter_values_string: nil) ⇒ Object
Given cloudformation json/yml, run all the rules against it.
-
#audit_aggregate_across_files(input_path:, parameter_values_path: nil, template_pattern: '..*\.json|..*\.yaml|..*\.yml|..*\.template') ⇒ Object
Given a file or directory path, return aggregate results.
-
#audit_aggregate_across_files_and_render_results(input_path:, output_format: 'txt', parameter_values_path: nil, template_pattern: '..*\.json|..*\.yaml|..*\.yml|..*\.template') ⇒ Object
Given a file or directory path, emit aggregate results to stdout.
- #audit_result(violations) ⇒ Object
- #fatal_violation(message) ⇒ Object
-
#initialize(profile_definition: nil, rule_directory: nil, allow_suppression: true, print_suppression: false, isolate_custom_rule_exceptions: false) ⇒ CfnNag
constructor
A new instance of CfnNag.
Constructor Details
#initialize(profile_definition: nil, rule_directory: nil, allow_suppression: true, print_suppression: false, isolate_custom_rule_exceptions: false) ⇒ CfnNag
Returns a new instance of CfnNag.
12 13 14 15 16 17 18 19 20 21 22 23 24 |
# File 'lib/cfn-nag/cfn_nag.rb', line 12 def initialize(profile_definition: nil, rule_directory: nil, allow_suppression: true, print_suppression: false, isolate_custom_rule_exceptions: false) @rule_directory = rule_directory @custom_rule_loader = CustomRuleLoader.new( rule_directory: rule_directory, allow_suppression: allow_suppression, print_suppression: print_suppression, isolate_custom_rule_exceptions: isolate_custom_rule_exceptions ) @profile_definition = profile_definition end |
Class Method Details
.configure_logging(opts) ⇒ Object
106 107 108 109 110 111 112 113 114 115 |
# File 'lib/cfn-nag/cfn_nag.rb', line 106 def self.configure_logging(opts) logger = Logging.logger['log'] logger.level = if opts[:debug] :debug else :info end logger.add_appenders Logging.appenders.stdout end |
Instance Method Details
#audit(cloudformation_string:, parameter_values_string: nil) ⇒ Object
Given cloudformation json/yml, run all the rules against it
Optionally include JSON with Parameters key to substitute into cfn_model.parameters
Return a hash with failure count
88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 |
# File 'lib/cfn-nag/cfn_nag.rb', line 88 def audit(cloudformation_string:, parameter_values_string: nil) violations = [] begin cfn_model = CfnParser.new.parse cloudformation_string, parameter_values_string violations += @custom_rule_loader.execute_custom_rules(cfn_model) violations = filter_violations_by_profile violations rescue Psych::SyntaxError, ParserError => parser_error violations << fatal_violation(parser_error.to_s) rescue JSON::ParserError => json_parameters_error error = "JSON Parameter values parse error: #{json_parameters_error.to_s}" violations << fatal_violation(error) end audit_result(violations) end |
#audit_aggregate_across_files(input_path:, parameter_values_path: nil, template_pattern: '..*\.json|..*\.yaml|..*\.yml|..*\.template') ⇒ Object
Given a file or directory path, return aggregate results
50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 |
# File 'lib/cfn-nag/cfn_nag.rb', line 50 def audit_aggregate_across_files(input_path:, parameter_values_path: nil, template_pattern: '..*\.json|..*\.yaml|..*\.yml|..*\.template') parameter_values_string = parameter_values_path.nil? ? nil : IO.read(parameter_values_path) templates = TemplateDiscovery.new.discover_templates(input_json_path: input_path, template_pattern: template_pattern) aggregate_results = [] templates.each do |template| aggregate_results << { filename: template, file_results: audit(cloudformation_string: IO.read(template), parameter_values_string: parameter_values_string) } end aggregate_results end |
#audit_aggregate_across_files_and_render_results(input_path:, output_format: 'txt', parameter_values_path: nil, template_pattern: '..*\.json|..*\.yaml|..*\.yml|..*\.template') ⇒ Object
Given a file or directory path, emit aggregate results to stdout
Return an aggregate failure count (for exit code usage)
31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 |
# File 'lib/cfn-nag/cfn_nag.rb', line 31 def audit_aggregate_across_files_and_render_results(input_path:, output_format: 'txt', parameter_values_path: nil, template_pattern: '..*\.json|..*\.yaml|..*\.yml|..*\.template') aggregate_results = audit_aggregate_across_files input_path: input_path, parameter_values_path: parameter_values_path, template_pattern: template_pattern render_results(aggregate_results: aggregate_results, output_format: output_format) aggregate_results.inject(0) do |total_failure_count, results| total_failure_count + results[:file_results][:failure_count] end end |
#audit_result(violations) ⇒ Object
67 68 69 70 71 72 |
# File 'lib/cfn-nag/cfn_nag.rb', line 67 def audit_result(violations) { failure_count: Violation.count_failures(violations), violations: violations } end |
#fatal_violation(message) ⇒ Object
74 75 76 77 78 |
# File 'lib/cfn-nag/cfn_nag.rb', line 74 def fatal_violation() Violation.new(id: 'FATAL', type: Violation::FAILING_VIOLATION, message: ) end |