Class: SecurityGroupEgressPortRangeRule
- Defined in:
- lib/cfn-nag/custom_rules/SecurityGroupEgressPortRangeRule.rb
Instance Method Summary collapse
-
#audit_impl(cfn_model) ⇒ Object
This will behave slightly different than the legacy jq based rule which was targeted against inline ingress only.
- #rule_id ⇒ Object
- #rule_text ⇒ Object
- #rule_type ⇒ Object
Methods inherited from BaseRule
Instance Method Details
#audit_impl(cfn_model) ⇒ Object
This will behave slightly different than the legacy jq based rule which was targeted against inline ingress only
19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 |
# File 'lib/cfn-nag/custom_rules/SecurityGroupEgressPortRangeRule.rb', line 19 def audit_impl(cfn_model) logical_resource_ids = [] cfn_model.security_groups.each do |security_group| violating_egresses = security_group.egresses.select do |egress| egress.fromPort != egress.toPort end logical_resource_ids << security_group.logical_resource_id unless violating_egresses.empty? end violating_egresses = cfn_model.standalone_egress.select do |standalone_egress| standalone_egress.fromPort != standalone_egress.toPort end logical_resource_ids + violating_egresses.map(&:logical_resource_id) end |
#rule_id ⇒ Object
13 14 15 |
# File 'lib/cfn-nag/custom_rules/SecurityGroupEgressPortRangeRule.rb', line 13 def rule_id 'W29' end |
#rule_text ⇒ Object
5 6 7 |
# File 'lib/cfn-nag/custom_rules/SecurityGroupEgressPortRangeRule.rb', line 5 def rule_text 'Security Groups found egress with port range instead of just a single port' end |