Class: CfnNag

Inherits:

Object

Object
CfnNag

show all

Includes:: ViolationFiltering

Defined in:: lib/cfn-nag/cfn_nag.rb

Overview

Top-level CfnNag class for running profiles

Instance Method Summary collapse

#audit(cloudformation_string:, parameter_values_string: nil) ⇒ Object

Given cloudformation json/yml, run all the rules against it.
#audit_aggregate_across_files(input_path:, parameter_values_path: nil, template_pattern: '..*\.json|..*\.yaml|..*\.yml|..*\.template') ⇒ Object

Given a file or directory path, return aggregate results.
#audit_aggregate_across_files_and_render_results(input_path:, output_format: 'txt', parameter_values_path: nil, template_pattern: '..*\.json|..*\.yaml|..*\.yml|..*\.template') ⇒ Object

Given a file or directory path, emit aggregate results to stdout.
#initialize(config:) ⇒ CfnNag constructor

A new instance of CfnNag.
#render_results(aggregate_results:, output_format:) ⇒ Object

Methods included from ViolationFiltering

#filter_violations_by_blacklist, #filter_violations_by_profile

Constructor Details

#initialize(config:) ⇒ `CfnNag`

Returns a new instance of CfnNag.



17
18
19

# File 'lib/cfn-nag/cfn_nag.rb', line 17

def initialize(config:)
  @config = config
end

Instance Method Details

#audit(cloudformation_string:, parameter_values_string: nil) ⇒ `Object`

Given cloudformation json/yml, run all the rules against it

Optionally include JSON with Parameters key to substitute into cfn_model.parameters

Return a hash with failure count

# File 'lib/cfn-nag/cfn_nag.rb', line 75

def audit(cloudformation_string:, parameter_values_string: nil)
  violations = []

  begin
    cfn_model = CfnParser.new.parse cloudformation_string,
                                    parameter_values_string,
                                    true
    violations += @config.custom_rule_loader.execute_custom_rules(cfn_model)

    violations = filter_violations_by_blacklist_and_profile(violations)
    violations = mark_line_numbers(violations, cfn_model)
  rescue Psych::SyntaxError, ParserError => parser_error
    violations << fatal_violation(parser_error.to_s)
  rescue JSON::ParserError => json_parameters_error
    error = "JSON Parameter values parse error: #{json_parameters_error}"
    violations << fatal_violation(error)
  end

  audit_result(violations)
end

#audit_aggregate_across_files(input_path:, parameter_values_path: nil, template_pattern: '..\.json|..\.yaml|..\.yml|..\.template') ⇒ `Object`

Given a file or directory path, return aggregate results

# File 'lib/cfn-nag/cfn_nag.rb', line 50

def audit_aggregate_across_files(input_path:,
                                 parameter_values_path: nil,
                                 template_pattern: '..*\.json|..*\.yaml|..*\.yml|..*\.template')
  parameter_values_string = parameter_values_path.nil? ? nil : IO.read(parameter_values_path)
  templates = TemplateDiscovery.new.discover_templates(input_json_path: input_path,
                                                       template_pattern: template_pattern)
  aggregate_results = []
  templates.each do |template|
    aggregate_results << {
      filename: template,
      file_results: audit(cloudformation_string: IO.read(template),
                          parameter_values_string: parameter_values_string)
    }
  end
  aggregate_results
end

#audit_aggregate_across_files_and_render_results(input_path:, output_format: 'txt', parameter_values_path: nil, template_pattern: '..\.json|..\.yaml|..\.yml|..\.template') ⇒ `Object`

Given a file or directory path, emit aggregate results to stdout

Return an aggregate failure count (for exit code usage)

# File 'lib/cfn-nag/cfn_nag.rb', line 26

def audit_aggregate_across_files_and_render_results(input_path:,
                                                    output_format: 'txt',
                                                    parameter_values_path: nil,
                                                    template_pattern: '..*\.json|..*\.yaml|..*\.yml|..*\.template')

  aggregate_results = audit_aggregate_across_files input_path: input_path,
                                                   parameter_values_path: parameter_values_path,
                                                   template_pattern: template_pattern

  render_results(aggregate_results: aggregate_results,
                 output_format: output_format)

  aggregate_results.inject(0) do |total_failure_count, results|
    if @config.fail_on_warnings
      total_failure_count + results[:file_results][:violations].length
    else
      total_failure_count + results[:file_results][:failure_count]
    end
  end
end

#render_results(aggregate_results:, output_format:) ⇒ `Object`

# File 'lib/cfn-nag/cfn_nag.rb', line 96

def render_results(aggregate_results:,
                   output_format:)
  results_renderer(output_format).new.render(aggregate_results)
end

Class: CfnNag

Overview

Instance Method Summary collapse

Methods included from ViolationFiltering

Constructor Details

#initialize(config:) ⇒ CfnNag

Instance Method Details

#audit(cloudformation_string:, parameter_values_string: nil) ⇒ Object

#audit_aggregate_across_files(input_path:, parameter_values_path: nil, template_pattern: '..*\.json|..*\.yaml|..*\.yml|..*\.template') ⇒ Object

#audit_aggregate_across_files_and_render_results(input_path:, output_format: 'txt', parameter_values_path: nil, template_pattern: '..*\.json|..*\.yaml|..*\.yml|..*\.template') ⇒ Object

#render_results(aggregate_results:, output_format:) ⇒ Object

#initialize(config:) ⇒ `CfnNag`

#audit(cloudformation_string:, parameter_values_string: nil) ⇒ `Object`

#audit_aggregate_across_files(input_path:, parameter_values_path: nil, template_pattern: '..\.json|..\.yaml|..\.yml|..\.template') ⇒ `Object`

#audit_aggregate_across_files_and_render_results(input_path:, output_format: 'txt', parameter_values_path: nil, template_pattern: '..\.json|..\.yaml|..\.yml|..\.template') ⇒ `Object`

#render_results(aggregate_results:, output_format:) ⇒ `Object`