Class: BaseRule

Inherits:
Object show all
Defined in:
lib/cfn-nag/custom_rules/base.rb

Overview

Base class all Rules should subclass

Direct Known Subclasses

AlexaASKSkillAuthenticationConfigurationClientSecretRule, AlexaASKSkillAuthenticationConfigurationRefreshTokenRule, AmazonMQBrokerEncryptionOptionsRule, ApiGatewayAccessLoggingRule, ApiGatewayDeploymentUsagePlanRule, ApiGatewayMethodAuthorizationTypeRule, ApiGatewaySecurityPolicyRule, ApiGatewayStageAccessLoggingRule, ApiGatewayStageUsagePlanRule, ApiGatewayV2AccessLoggingRule, BatchJobDefinitionContainerPropertiesPrivilegedRule, BooleanBaseRule, CloudFormationAuthenticationRule, CloudFrontDistributionAccessLoggingRule, CloudfrontMinimumProtocolVersionRule, CodeBuildEncryptionKeyRule, CognitoIdentityPoolAllowUnauthenticatedIdentitiesRule, CognitoUserPoolMfaConfigurationOnorOptionalRule, DynamoDBBillingModeRule, DynamoDBEncryptionRule, EC2NetworkAclEntryDuplicateRule, EC2NetworkAclEntryIneffectiveDenyRule, EC2NetworkAclEntryOverlappingPortsRule, EC2NetworkAclEntryPortRangeRule, EC2NetworkAclEntryProtocolRule, EC2SubnetMapPublicIpOnLaunchRule, EMRClusterSecurityConfigurationAttachedRule, EMRSecurityConfigurationEncryptionsEnabledAndConfiguredRule, ElasticLoadBalancerAccessLoggingRule, ElasticLoadBalancerV2AccessLoggingRule, ElasticLoadBalancerV2ListenerProtocolRule, ElasticLoadBalancerV2ListenerSslPolicyRule, ElasticsearchDomainEncryptionAtRestOptionsRule, GameLiftFleetInboundPortRangeRule, IamManagedPolicyNotActionRule, IamManagedPolicyNotResourceRule, IamManagedPolicyWildcardActionRule, IamManagedPolicyWildcardResourceRule, IamPolicyNotActionRule, IamPolicyNotResourceRule, IamPolicyWildcardActionRule, IamPolicyWildcardResourceRule, IamRoleAdministratorAccessPolicyRule, IamRoleElevatedManagedPolicyRule, IamRoleNotActionOnPermissionsPolicyRule, IamRoleNotActionOnTrustPolicyRule, IamRoleNotPrincipalOnTrustPolicyRule, IamRoleNotResourceOnPermissionsPolicyRule, IamRolePassRoleWildcardResourceRule, IamRoleWildcardActionOnPermissionsPolicyRule, IamRoleWildcardActionOnTrustPolicyRule, IamRoleWildcardResourceOnPermissionsPolicyRule, IamUserLoginProfilePasswordResetRule, IotPolicyWildcardActionRule, IotPolicyWildcardResourceRule, KMSKeyRotationRule, KMSKeyWildcardPrincipalRule, KinesisStreamStreamEncryptionRule, LambdaFunctionCloudWatchLogsRule, LambdaPermissionInvokeFunctionActionRule, LambdaPermissionWildcardPrincipalRule, ManagedBlockchainMemberMemberFabricConfigurationAdminPasswordRule, ManagedPolicyOnUserRule, MissingBucketPolicyRule, PassRoleBaseRule, PasswordBaseRule, PolicyOnUserRule, RDSDBInstanceStorageEncryptedRule, RDSInstanceBackupRetentionPeriodRule, RDSInstanceDeletionProtectionRule, RDSInstancePubliclyAccessibleRule, ResourceBaseRule, ResourceWithExplicitNameRule, S3BucketAccessLoggingRule, S3BucketEncryptionSetRule, S3BucketPolicyNotActionRule, S3BucketPolicyNotPrincipalRule, S3BucketPolicyWildcardActionRule, S3BucketPolicyWildcardPrincipalRule, S3BucketPublicReadAclRule, S3BucketPublicReadWriteAclRule, SPCMRule, SecurityGroupEgressAllProtocolsRule, SecurityGroupEgressOpenToWorldRule, SecurityGroupEgressPortRangeRule, SecurityGroupIngressAllProtocolsRule, SecurityGroupIngressCidrNon32Rule, SecurityGroupIngressOpenToWorldRule, SecurityGroupIngressPortRangeRule, SecurityGroupMissingEgressRule, SecurityGroupRuleDescriptionRule, SnsTopicPolicyNotActionRule, SnsTopicPolicyNotPrincipalRule, SnsTopicPolicyWildcardPrincipalRule, SqsQueuePolicyNotActionRule, SqsQueuePolicyNotPrincipalRule, SqsQueuePolicyWildcardActionRule, SqsQueuePolicyWildcardPrincipalRule, SubPropertyWithListPasswordBaseRule, UserHasInlinePolicyRule, UserMissingGroupRule, VpcHasFlowLogRule, WafWebAclDefaultActionRule, WorkspacesWorkspaceEncryptionRule

Instance Method Summary collapse

Instance Method Details

#audit(cfn_model) ⇒ Object

Returns nil when there are no violations Returns a Violation object otherwise



18
19
20
21
22
23
24
25
26
# File 'lib/cfn-nag/custom_rules/base.rb', line 18

def audit(cfn_model)
  logical_resource_ids = audit_impl(cfn_model)
  return if logical_resource_ids.empty?

  Violation.new(id: rule_id,
                type: rule_type,
                message: rule_text,
                logical_resource_ids: logical_resource_ids)
end

#audit_impl(_cfn_model) ⇒ Object

Returns a collection of logical resource ids



10
11
12
# File 'lib/cfn-nag/custom_rules/base.rb', line 10

def audit_impl(_cfn_model)
  raise 'must implement in subclass'
end