class BatchJobDefinitionContainerPropertiesPrivilegedRule

Public Instance Methods

audit_impl(cfn_model) click to toggle source
# File lib/cfn-nag/custom_rules/BatchJobDefinitionContainerPropertiesPrivilegedRule.rb, line 19
def audit_impl(cfn_model)
  violating_job_definitions = cfn_model.resources_by_type('AWS::Batch::JobDefinition')
                                       .select do |job_definition|
    if job_definition.containerProperties
      truthy?(job_definition.containerProperties['Privileged'])
    else
      false
    end
  end

  violating_job_definitions.map(&:logical_resource_id)
end
rule_id() click to toggle source
# File lib/cfn-nag/custom_rules/BatchJobDefinitionContainerPropertiesPrivilegedRule.rb, line 15
def rule_id
  'W34'
end
rule_text() click to toggle source
# File lib/cfn-nag/custom_rules/BatchJobDefinitionContainerPropertiesPrivilegedRule.rb, line 7
def rule_text
  'Batch Job Definition Container Properties should not have Privileged set to true'
end
rule_type() click to toggle source
# File lib/cfn-nag/custom_rules/BatchJobDefinitionContainerPropertiesPrivilegedRule.rb, line 11
def rule_type
  Violation::WARNING
end