class PasswordBaseRule

Public Instance Methods

audit_impl(cfn_model) click to toggle source
# File lib/cfn-nag/custom_rules/password_base_rule.rb, line 19
def audit_impl(cfn_model)
  resources = cfn_model.resources_by_type(resource_type)

  violating_resources = resources.select do |resource|
    if property_does_not_exist(resource, password_property, sub_property_name)
      false
    else
      verify_insecure_string_and_parameter(
        cfn_model, resource, password_property, sub_property_name
      )
    end
  end

  violating_resources.map(&:logical_resource_id)
end
password_property() click to toggle source
# File lib/cfn-nag/custom_rules/password_base_rule.rb, line 13
def password_property
  raise 'must implement in subclass'
end
resource_type() click to toggle source
# File lib/cfn-nag/custom_rules/password_base_rule.rb, line 9
def resource_type
  raise 'must implement in subclass'
end
sub_property_name() click to toggle source
# File lib/cfn-nag/custom_rules/password_base_rule.rb, line 17
def sub_property_name; end

Private Instance Methods

property_does_not_exist(resource, password_property, sub_property_name) click to toggle source
# File lib/cfn-nag/custom_rules/password_base_rule.rb, line 37
def property_does_not_exist(resource, password_property, sub_property_name)
  if resource.send(password_property).nil?
    true
  elsif sub_property_name.nil?
    false
  else
    resource.send(password_property)[sub_property_name].nil?
  end
end
verify_insecure_string_and_parameter( cfn_model, resource, password_property, sub_property_name ) click to toggle source
# File lib/cfn-nag/custom_rules/password_base_rule.rb, line 47
def verify_insecure_string_and_parameter(
  cfn_model, resource, password_property, sub_property_name
)
  if sub_property_name.nil?
    insecure_parameter?(cfn_model, resource.send(password_property)) ||
      insecure_string_or_dynamic_reference?(
        cfn_model, resource.send(password_property)
      )
  else
    insecure_parameter?(
      cfn_model, resource.send(password_property)[sub_property_name]
    ) ||
      insecure_string_or_dynamic_reference?(
        cfn_model, resource.send(password_property)[sub_property_name]
      )
  end
end