Class: BaseRule
- Inherits:
-
Object
- Object
- BaseRule
- Defined in:
- lib/cfn-nag/custom_rules/base.rb
Overview
Base class all Rules should subclass
Direct Known Subclasses
CloudFormationAuthenticationRule, CloudFrontDistributionAccessLoggingRule, EFSFileSystemEncryptedRule, EbsVolumeHasSseRule, ElastiCacheReplicationGroupAtRestEncryptionRule, ElastiCacheReplicationGroupTransitEncryptionRule, ElasticLoadBalancerAccessLoggingRule, IamManagedPolicyNotActionRule, IamManagedPolicyNotResourceRule, IamManagedPolicyWildcardActionRule, IamManagedPolicyWildcardResourceRule, IamPolicyNotActionRule, IamPolicyNotResourceRule, IamPolicyWildcardActionRule, IamPolicyWildcardResourceRule, IamRoleNotActionOnPermissionsPolicyRule, IamRoleNotActionOnTrustPolicyRule, IamRoleNotPrincipalOnTrustPolicyRule, IamRoleNotResourceOnPermissionsPolicyRule, IamRoleWildcardActionOnPermissionsPolicyRule, IamRoleWildcardActionOnTrustPolicyRule, IamRoleWildcardResourceOnPermissionsPolicyRule, LambdaPermissionInvokeFunctionActionRule, LambdaPermissionWildcardPrincipalRule, ManagedPolicyOnUserRule, PolicyOnUserRule, RDSDBClusterStorageEncryptedRule, RDSDBInstanceStorageEncryptedRule, RDSInstanceMasterUserPasswordRule, RDSInstanceMasterUsernameRule, RDSInstancePubliclyAccessibleRule, RedshiftClusterEncryptedRule, S3BucketPolicyNotActionRule, S3BucketPolicyNotPrincipalRule, S3BucketPolicyWildcardActionRule, S3BucketPolicyWildcardPrincipalRule, S3BucketPublicReadAclRule, S3BucketPublicReadWriteAclRule, SecurityGroupEgressOpenToWorldRule, SecurityGroupEgressPortRangeRule, SecurityGroupIngressCidrNon32Rule, SecurityGroupIngressOpenToWorldRule, SecurityGroupIngressPortRangeRule, SecurityGroupMissingEgressRule, SnsTopicPolicyNotActionRule, SnsTopicPolicyNotPrincipalRule, SnsTopicPolicyWildcardPrincipalRule, SqsQueuePolicyNotActionRule, SqsQueuePolicyNotPrincipalRule, SqsQueuePolicyWildcardActionRule, SqsQueuePolicyWildcardPrincipalRule, UserHasInlinePolicyRule, UserMissingGroupRule, WafWebAclDefaultActionRule, WorkspacesWorkspaceEncryptionRule
Instance Method Summary collapse
-
#audit(cfn_model) ⇒ Object
Returns nil when there are no violations Returns a Violation object otherwise.
-
#audit_impl(_cfn_model) ⇒ Object
Returns a collection of logical resource ids.
Instance Method Details
#audit(cfn_model) ⇒ Object
Returns nil when there are no violations Returns a Violation object otherwise
18 19 20 21 22 23 24 25 26 |
# File 'lib/cfn-nag/custom_rules/base.rb', line 18 def audit(cfn_model) logical_resource_ids = audit_impl(cfn_model) return if logical_resource_ids.empty? Violation.new(id: rule_id, type: rule_type, message: rule_text, logical_resource_ids: logical_resource_ids) end |
#audit_impl(_cfn_model) ⇒ Object
Returns a collection of logical resource ids
10 11 12 |
# File 'lib/cfn-nag/custom_rules/base.rb', line 10 def audit_impl(_cfn_model) raise 'must implement in subclass' end |