Class: CfnNag

Inherits:
Object
  • Object
show all
Includes:
ViolationFiltering
Defined in:
lib/cfn-nag/cfn_nag.rb

Overview

Top-level CfnNag class for running profiles

Instance Method Summary collapse

Methods included from ViolationFiltering

#filter_violations_by_blacklist, #filter_violations_by_profile

Constructor Details

#initialize(config:) ⇒ CfnNag

Returns a new instance of CfnNag.



15
16
17
 
# File 'lib/cfn-nag/cfn_nag.rb', line 15

def initialize(config:)
  @config = config
end

Instance Method Details

#audit(cloudformation_string:, parameter_values_string: nil) ⇒ Object

Given cloudformation json/yml, run all the rules against it

Optionally include JSON with Parameters key to substitute into cfn_model.parameters

Return a hash with failure count



72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
 
# File 'lib/cfn-nag/cfn_nag.rb', line 72

def audit(cloudformation_string:, parameter_values_string: nil)
  violations = []

  begin
    cfn_model = CfnParser.new.parse cloudformation_string,
                                    parameter_values_string,
                                    true
    violations += @config.custom_rule_loader.execute_custom_rules(cfn_model)

    violations = filter_violations_by_blacklist_and_profile(violations)
    violations = mark_line_numbers(violations, cfn_model)
  rescue Psych::SyntaxError, ParserError => parser_error
    violations << fatal_violation(parser_error.to_s)
  rescue JSON::ParserError => json_parameters_error
    error = "JSON Parameter values parse error: #{json_parameters_error}"
    violations << fatal_violation(error)
  end

  audit_result(violations)
end

#audit_aggregate_across_files(input_path:, parameter_values_path: nil, template_pattern: '..*\.json|..*\.yaml|..*\.yml|..*\.template') ⇒ Object

Given a file or directory path, return aggregate results



47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
 
# File 'lib/cfn-nag/cfn_nag.rb', line 47

def audit_aggregate_across_files(input_path:,
                                 parameter_values_path: nil,
                                 template_pattern: '..*\.json|..*\.yaml|..*\.yml|..*\.template')
  parameter_values_string = parameter_values_path.nil? ? nil : IO.read(parameter_values_path)
  templates = TemplateDiscovery.new.discover_templates(input_json_path: input_path,
                                                       template_pattern: template_pattern)
  aggregate_results = []
  templates.each do |template|
    aggregate_results << {
      filename: template,
      file_results: audit(cloudformation_string: IO.read(template),
                          parameter_values_string: parameter_values_string)
    }
  end
  aggregate_results
end

#audit_aggregate_across_files_and_render_results(input_path:, output_format: 'txt', parameter_values_path: nil, template_pattern: '..*\.json|..*\.yaml|..*\.yml|..*\.template') ⇒ Object

Given a file or directory path, emit aggregate results to stdout

Return an aggregate failure count (for exit code usage)



24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
 
# File 'lib/cfn-nag/cfn_nag.rb', line 24

def audit_aggregate_across_files_and_render_results(input_path:,
                                                    output_format: 'txt',
                                                    parameter_values_path: nil,
                                                    template_pattern: '..*\.json|..*\.yaml|..*\.yml|..*\.template')
  aggregate_results = audit_aggregate_across_files input_path: input_path,
                                                   parameter_values_path: parameter_values_path,
                                                   template_pattern: template_pattern

  render_results(aggregate_results: aggregate_results,
                 output_format: output_format)

  aggregate_results.inject(0) do |total_failure_count, results|
    if @config.fail_on_warnings
      total_failure_count + results[:file_results][:violations].length
    else
      total_failure_count + results[:file_results][:failure_count]
    end
  end
end