Class: BaseRule

Inherits:
Object
  • Object
show all
Defined in:
lib/cfn-nag/custom_rules/base.rb

Overview

Base class all Rules should subclass

Direct Known Subclasses

CloudFormationAuthenticationRule, CloudFrontDistributionAccessLoggingRule, EFSFileSystemEncryptedRule, EbsVolumeHasSseRule, ElastiCacheReplicationGroupAtRestEncryptionRule, ElastiCacheReplicationGroupTransitEncryptionRule, ElasticLoadBalancerAccessLoggingRule, IamManagedPolicyNotActionRule, IamManagedPolicyNotResourceRule, IamManagedPolicyWildcardActionRule, IamManagedPolicyWildcardResourceRule, IamPolicyNotActionRule, IamPolicyNotResourceRule, IamPolicyWildcardActionRule, IamPolicyWildcardResourceRule, IamRoleNotActionOnPermissionsPolicyRule, IamRoleNotActionOnTrustPolicyRule, IamRoleNotPrincipalOnTrustPolicyRule, IamRoleNotResourceOnPermissionsPolicyRule, IamRoleWildcardActionOnPermissionsPolicyRule, IamRoleWildcardActionOnTrustPolicyRule, IamRoleWildcardResourceOnPermissionsPolicyRule, LambdaPermissionInvokeFunctionActionRule, LambdaPermissionWildcardPrincipalRule, ManagedPolicyOnUserRule, PolicyOnUserRule, RDSDBClusterStorageEncryptedRule, RDSDBInstanceStorageEncryptedRule, RDSInstanceMasterUserPasswordRule, RDSInstanceMasterUsernameRule, RDSInstancePubliclyAccessibleRule, RedshiftClusterEncryptedRule, S3BucketPolicyNotActionRule, S3BucketPolicyNotPrincipalRule, S3BucketPolicyWildcardActionRule, S3BucketPolicyWildcardPrincipalRule, S3BucketPublicReadAclRule, S3BucketPublicReadWriteAclRule, SecurityGroupEgressOpenToWorldRule, SecurityGroupEgressPortRangeRule, SecurityGroupIngressCidrNon32Rule, SecurityGroupIngressOpenToWorldRule, SecurityGroupIngressPortRangeRule, SecurityGroupMissingEgressRule, SnsTopicPolicyNotActionRule, SnsTopicPolicyNotPrincipalRule, SnsTopicPolicyWildcardPrincipalRule, SqsQueuePolicyNotActionRule, SqsQueuePolicyNotPrincipalRule, SqsQueuePolicyWildcardActionRule, SqsQueuePolicyWildcardPrincipalRule, UserHasInlinePolicyRule, UserMissingGroupRule, WafWebAclDefaultActionRule, WorkspacesWorkspaceEncryptionRule

Instance Method Summary collapse

Instance Method Details

#audit(cfn_model) ⇒ Object

Returns nil when there are no violations Returns a Violation object otherwise



18
19
20
21
22
23
24
25
26
 
# File 'lib/cfn-nag/custom_rules/base.rb', line 18

def audit(cfn_model)
  logical_resource_ids = audit_impl(cfn_model)
  return if logical_resource_ids.empty?

  Violation.new(id: rule_id,
                type: rule_type,
                message: rule_text,
                logical_resource_ids: logical_resource_ids)
end

#audit_impl(_cfn_model) ⇒ Object

Returns a collection of logical resource ids



10
11
12
 
# File 'lib/cfn-nag/custom_rules/base.rb', line 10

def audit_impl(_cfn_model)
  raise 'must implement in subclass'
end