Class: SecurityGroupIngressPortRangeRule

Inherits:
BaseRule
  • Object
show all
Defined in:
lib/cfn-nag/custom_rules/SecurityGroupIngressPortRangeRule.rb

Instance Method Summary collapse

Methods inherited from BaseRule

#audit

Instance Method Details

#audit_impl(cfn_model) ⇒ Object

This will behave slightly different than the legacy jq based rule which was targeted against inline ingress only



23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
# File 'lib/cfn-nag/custom_rules/SecurityGroupIngressPortRangeRule.rb', line 23

def audit_impl(cfn_model)
  violating_security_groups = cfn_model.security_groups.select do |security_group|
    violating_ingresses = security_group.ingresses.select do |ingress|
      ingress.fromPort != ingress.toPort
    end

    !violating_ingresses.empty?
  end

  violating_ingresses = cfn_model.standalone_ingress.select do |standalone_ingress|
    standalone_ingress.fromPort != standalone_ingress.toPort
  end

  violating_security_groups.map(&:logical_resource_id) + violating_ingresses.map(&:logical_resource_id)
end

#rule_idObject



16
17
18
# File 'lib/cfn-nag/custom_rules/SecurityGroupIngressPortRangeRule.rb', line 16

def rule_id
  'W27'
end

#rule_textObject



7
8
9
10
# File 'lib/cfn-nag/custom_rules/SecurityGroupIngressPortRangeRule.rb', line 7

def rule_text
  'Security Groups found ingress with port range instead of just a single ' \
  'port'
end

#rule_typeObject



12
13
14
# File 'lib/cfn-nag/custom_rules/SecurityGroupIngressPortRangeRule.rb', line 12

def rule_type
  Violation::WARNING
end