class SecurityGroupRuleDescriptionRule
Public Instance Methods
audit_impl(cfn_model)
click to toggle source
# File lib/cfn-nag/custom_rules/SecurityGroupRuleDescriptionRule.rb, line 23 def audit_impl(cfn_model) violating_security_groups?(cfn_model) + violating_ingress?(cfn_model) + violating_egress?(cfn_model) end
rule_id()
click to toggle source
# File lib/cfn-nag/custom_rules/SecurityGroupRuleDescriptionRule.rb, line 19 def rule_id 'W36' end
rule_text()
click to toggle source
# File lib/cfn-nag/custom_rules/SecurityGroupRuleDescriptionRule.rb, line 9 def rule_text 'Security group rules without a description obscure their purpose and may '\ 'lead to bad practices in ensuring they only allow traffic from the ports '\ 'and sources/destinations required.' end
rule_type()
click to toggle source
# File lib/cfn-nag/custom_rules/SecurityGroupRuleDescriptionRule.rb, line 15 def rule_type Violation::WARNING end
Private Instance Methods
violating_egress?(cfn_model)
click to toggle source
# File lib/cfn-nag/custom_rules/SecurityGroupRuleDescriptionRule.rb, line 52 def violating_egress?(cfn_model) violating_egress = cfn_model.resources_by_type('AWS::EC2::SecurityGroupEgress').select do |standalone_egress| blank?(standalone_egress.description) end violating_egress.map(&:logical_resource_id) end
violating_ingress?(cfn_model)
click to toggle source
# File lib/cfn-nag/custom_rules/SecurityGroupRuleDescriptionRule.rb, line 45 def violating_ingress?(cfn_model) violating_ingress = cfn_model.resources_by_type('AWS::EC2::SecurityGroupIngress').select do |standalone_ingress| blank?(standalone_ingress.description) end violating_ingress.map(&:logical_resource_id) end
violating_security_groups?(cfn_model)
click to toggle source
# File lib/cfn-nag/custom_rules/SecurityGroupRuleDescriptionRule.rb, line 37 def violating_security_groups?(cfn_model) violating_security_groups = cfn_model.security_groups.select do |security_group| !violating_sg_component(security_group.securityGroupIngress).empty? || !violating_sg_component(security_group.securityGroupEgress).empty? end violating_security_groups.map(&:logical_resource_id) end
violating_sg_component(sg_component)
click to toggle source
# File lib/cfn-nag/custom_rules/SecurityGroupRuleDescriptionRule.rb, line 31 def violating_sg_component(sg_component) sg_component.select do |item| blank?(item['Description']) end end