class WafWebAclDefaultActionRule

Public Instance Methods

audit_impl(cfn_model) click to toggle source
# File lib/cfn-nag/custom_rules/WafWebAclDefaultActionRule.rb, line 28
def audit_impl(cfn_model)
  violating_web_acls = cfn_model.resources_by_type('AWS::WAF::WebACL').select do |web_acl|
    web_acl.defaultAction['Type'] == 'ALLOW'
  end

  violating_web_acls.map(&:logical_resource_id)
end
rule_id() click to toggle source
# File lib/cfn-nag/custom_rules/WafWebAclDefaultActionRule.rb, line 24
def rule_id
  'F665'
end
rule_text() click to toggle source
# File lib/cfn-nag/custom_rules/WafWebAclDefaultActionRule.rb, line 16
def rule_text
  'WebAcl DefaultAction should not be ALLOW'
end
rule_type() click to toggle source
# File lib/cfn-nag/custom_rules/WafWebAclDefaultActionRule.rb, line 20
def rule_type
  Violation::FAILING_VIOLATION
end