Module: IpAddr
- Included in:
- SecurityGroupEgressOpenToWorldRule, SecurityGroupIngressCidrNon32Rule, SecurityGroupIngressOpenToWorldRule
- Defined in:
- lib/cfn-nag/ip_addr.rb
Instance Method Summary collapse
- #ip4_cidr_range?(ingress) ⇒ Boolean
- #ip4_open?(ingress) ⇒ Boolean
- #ip6_cidr_range?(ingress) ⇒ Boolean
- #ip6_open?(ingress) ⇒ Boolean
-
#normalize_cidr_ip6(ingress) ⇒ Object
If it’s a string, just pass through If it’s a symbol - probably because the YAML.load call treats an unquoted ::/0 as a the symbol :‘:/0’ Otherwise it’s probably a Ref or whatever and we aren’t going to do anything with it.
Instance Method Details
#ip4_cidr_range?(ingress) ⇒ Boolean
22 23 24 |
# File 'lib/cfn-nag/ip_addr.rb', line 22 def ip4_cidr_range?(ingress) ingress.cidrIp.is_a?(String) && !ingress.cidrIp.end_with?('/32') end |
#ip4_open?(ingress) ⇒ Boolean
6 7 8 9 10 |
# File 'lib/cfn-nag/ip_addr.rb', line 6 def ip4_open?(ingress) # only care about literals. if a Hash/Ref not going to chase it down # given likely a Parameter with external val ingress.cidrIp.is_a?(String) && ingress.cidrIp == '0.0.0.0/0' end |
#ip6_cidr_range?(ingress) ⇒ Boolean
26 27 28 29 30 31 32 33 |
# File 'lib/cfn-nag/ip_addr.rb', line 26 def ip6_cidr_range?(ingress) normalized_cidr_ip6 = normalize_cidr_ip6(ingress) return false if normalized_cidr_ip6.nil? # only care about literals. if a Hash/Ref not going to chase it down # given likely a Parameter with external val !NetAddr::CIDRv6.create(normalized_cidr_ip6).to_s.end_with?('/128') end |
#ip6_open?(ingress) ⇒ Boolean
12 13 14 15 16 17 18 19 20 |
# File 'lib/cfn-nag/ip_addr.rb', line 12 def ip6_open?(ingress) normalized_cidr_ip6 = normalize_cidr_ip6(ingress) return false if normalized_cidr_ip6.nil? # only care about literals. if a Hash/Ref not going to chase it down # given likely a Parameter with external val (NetAddr::CIDRv6.create(normalized_cidr_ip6) == NetAddr::CIDRv6.create('::/0')) end |
#normalize_cidr_ip6(ingress) ⇒ Object
If it’s a string, just pass through If it’s a symbol - probably because the YAML.load call treats an unquoted ::/0 as a the symbol :‘:/0’ Otherwise it’s probably a Ref or whatever and we aren’t going to do anything with it
42 43 44 45 46 47 48 |
# File 'lib/cfn-nag/ip_addr.rb', line 42 def normalize_cidr_ip6(ingress) if ingress.cidrIpv6.is_a?(Symbol) ":#{ingress.cidrIpv6}" elsif ingress.cidrIpv6.is_a?(String) ingress.cidrIpv6 end end |