Class: CfnNag
- Inherits:
-
Object
- Object
- CfnNag
- Defined in:
- lib/cfn-nag/cfn_nag.rb
Overview
Top-level CfnNag class for running profiles
Class Method Summary collapse
Instance Method Summary collapse
-
#audit(cloudformation_string:, parameter_values_string: nil) ⇒ Object
Given cloudformation json/yml, run all the rules against it.
-
#audit_aggregate_across_files(input_path:, parameter_values_path: nil, template_pattern: '..*\.json|..*\.yaml|..*\.yml|..*\.template') ⇒ Object
Given a file or directory path, return aggregate results.
-
#audit_aggregate_across_files_and_render_results(input_path:, output_format: 'txt', parameter_values_path: nil, template_pattern: '..*\.json|..*\.yaml|..*\.yml|..*\.template') ⇒ Object
Given a file or directory path, emit aggregate results to stdout.
-
#initialize(profile_definition: nil, rule_directory: nil, allow_suppression: true, print_suppression: false, isolate_custom_rule_exceptions: false) ⇒ CfnNag
constructor
A new instance of CfnNag.
Constructor Details
#initialize(profile_definition: nil, rule_directory: nil, allow_suppression: true, print_suppression: false, isolate_custom_rule_exceptions: false) ⇒ CfnNag
Returns a new instance of CfnNag.
14 15 16 17 18 19 20 21 22 23 24 25 26 |
# File 'lib/cfn-nag/cfn_nag.rb', line 14 def initialize(profile_definition: nil, rule_directory: nil, allow_suppression: true, print_suppression: false, isolate_custom_rule_exceptions: false) @rule_directory = rule_directory @custom_rule_loader = CustomRuleLoader.new( rule_directory: rule_directory, allow_suppression: allow_suppression, print_suppression: print_suppression, isolate_custom_rule_exceptions: isolate_custom_rule_exceptions ) @profile_definition = profile_definition end |
Class Method Details
.configure_logging(opts) ⇒ Object
95 96 97 98 99 100 101 102 103 104 |
# File 'lib/cfn-nag/cfn_nag.rb', line 95 def self.configure_logging(opts) logger = Logging.logger['log'] logger.level = if opts[:debug] :debug else :info end logger.add_appenders Logging.appenders.stdout end |
Instance Method Details
#audit(cloudformation_string:, parameter_values_string: nil) ⇒ Object
Given cloudformation json/yml, run all the rules against it
Optionally include JSON with Parameters key to substitute into cfn_model.parameters
Return a hash with failure count
77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 |
# File 'lib/cfn-nag/cfn_nag.rb', line 77 def audit(cloudformation_string:, parameter_values_string: nil) violations = [] begin cfn_model = CfnParser.new.parse cloudformation_string, parameter_values_string violations += @custom_rule_loader.execute_custom_rules(cfn_model) violations = filter_violations_by_profile violations rescue Psych::SyntaxError, ParserError => exception violations << fatal_violation(exception.to_s) rescue JSON::ParserError => json_parameters_error error = "JSON Parameter values parse error: #{json_parameters_error}" violations << fatal_violation(error) end audit_result(violations) end |
#audit_aggregate_across_files(input_path:, parameter_values_path: nil, template_pattern: '..*\.json|..*\.yaml|..*\.yml|..*\.template') ⇒ Object
Given a file or directory path, return aggregate results
52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 |
# File 'lib/cfn-nag/cfn_nag.rb', line 52 def audit_aggregate_across_files(input_path:, parameter_values_path: nil, template_pattern: '..*\.json|..*\.yaml|..*\.yml|..*\.template') parameter_values_string = parameter_values_path.nil? ? nil : IO.read(parameter_values_path) templates = TemplateDiscovery.new.discover_templates(input_json_path: input_path, template_pattern: template_pattern) aggregate_results = [] templates.each do |template| aggregate_results << { filename: template, file_results: audit(cloudformation_string: IO.read(template), parameter_values_string: parameter_values_string) } end aggregate_results end |
#audit_aggregate_across_files_and_render_results(input_path:, output_format: 'txt', parameter_values_path: nil, template_pattern: '..*\.json|..*\.yaml|..*\.yml|..*\.template') ⇒ Object
Given a file or directory path, emit aggregate results to stdout
Return an aggregate failure count (for exit code usage)
33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 |
# File 'lib/cfn-nag/cfn_nag.rb', line 33 def audit_aggregate_across_files_and_render_results(input_path:, output_format: 'txt', parameter_values_path: nil, template_pattern: '..*\.json|..*\.yaml|..*\.yml|..*\.template') aggregate_results = audit_aggregate_across_files input_path: input_path, parameter_values_path: parameter_values_path, template_pattern: template_pattern render_results(aggregate_results: aggregate_results, output_format: output_format) aggregate_results.inject(0) do |total_failure_count, results| total_failure_count + results[:file_results][:failure_count] end end |