Class: SecurityGroupIngressAllProtocolsRule

Inherits:
BaseRule show all
Defined in:
lib/cfn-nag/custom_rules/SecurityGroupIngressAllProtocolsRule.rb

Instance Method Summary collapse

Methods inherited from BaseRule

#audit

Instance Method Details

#audit_impl(cfn_model) ⇒ Object

This will behave slightly different than the legacy jq based rule which was targeted against inline ingress only


22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
# File 'lib/cfn-nag/custom_rules/SecurityGroupIngressAllProtocolsRule.rb', line 22

def audit_impl(cfn_model)
  violating_security_groups = cfn_model.security_groups.select do |security_group|
    violating_ingresses = security_group.ingresses.select do |ingress|
      violating_ingress(ingress)
    end

    !violating_ingresses.empty?
  end

  violating_ingresses = cfn_model.standalone_ingress.select do |standalone_ingress|
    violating_ingress(standalone_ingress)
  end

  violating_security_groups.map(&:logical_resource_id) + violating_ingresses.map(&:logical_resource_id)
end

#rule_idObject


15
16
17
# File 'lib/cfn-nag/custom_rules/SecurityGroupIngressAllProtocolsRule.rb', line 15

def rule_id
  'W42'
end

#rule_textObject


7
8
9
# File 'lib/cfn-nag/custom_rules/SecurityGroupIngressAllProtocolsRule.rb', line 7

def rule_text
  'Security Groups ingress with an ipProtocol of -1 found '
end

#rule_typeObject


11
12
13
# File 'lib/cfn-nag/custom_rules/SecurityGroupIngressAllProtocolsRule.rb', line 11

def rule_type
  Violation::WARNING
end