class PasswordBaseRule
Public Instance Methods
audit_impl(cfn_model)
click to toggle source
# File lib/cfn-nag/custom_rules/password_base_rule.rb, line 19 def audit_impl(cfn_model) resources = cfn_model.resources_by_type(resource_type) violating_resources = resources.select do |resource| if property_does_not_exist(resource, password_property, sub_property_name) false else verify_insecure_string_and_parameter( cfn_model, resource, password_property, sub_property_name ) end end violating_resources.map(&:logical_resource_id) end
password_property()
click to toggle source
# File lib/cfn-nag/custom_rules/password_base_rule.rb, line 13 def password_property raise 'must implement in subclass' end
resource_type()
click to toggle source
# File lib/cfn-nag/custom_rules/password_base_rule.rb, line 9 def resource_type raise 'must implement in subclass' end
sub_property_name()
click to toggle source
# File lib/cfn-nag/custom_rules/password_base_rule.rb, line 17 def sub_property_name; end
Private Instance Methods
property_does_not_exist(resource, password_property, sub_property_name)
click to toggle source
# File lib/cfn-nag/custom_rules/password_base_rule.rb, line 37 def property_does_not_exist(resource, password_property, sub_property_name) if resource.send(password_property).nil? true elsif sub_property_name.nil? false else resource.send(password_property)[sub_property_name].nil? end end
verify_insecure_string_and_parameter( cfn_model, resource, password_property, sub_property_name )
click to toggle source
# File lib/cfn-nag/custom_rules/password_base_rule.rb, line 47 def verify_insecure_string_and_parameter( cfn_model, resource, password_property, sub_property_name ) if sub_property_name.nil? insecure_parameter?(cfn_model, resource.send(password_property)) || insecure_string_or_dynamic_reference?( cfn_model, resource.send(password_property) ) else insecure_parameter?( cfn_model, resource.send(password_property)[sub_property_name] ) || insecure_string_or_dynamic_reference?( cfn_model, resource.send(password_property)[sub_property_name] ) end end