class AlexaASKSkillAuthenticationConfigurationRefreshTokenRule

Public Instance Methods

audit_impl(cfn_model) click to toggle source
# File lib/cfn-nag/custom_rules/AlexaASKSkillAuthenticationConfigurationRefreshTokenRule.rb, line 22
def audit_impl(cfn_model)
  ask_skills = cfn_model.resources_by_type('Alexa::ASK::Skill')
  violating_skills = ask_skills.select do |skill|
    refresh_token = skill.authenticationConfiguration['RefreshToken']
    if refresh_token.nil?
      false
    else
      insecure_parameter?(cfn_model, refresh_token) ||
        insecure_string_or_dynamic_reference?(cfn_model, refresh_token)
    end
  end

  violating_skills.map(&:logical_resource_id)
end
rule_id() click to toggle source
# File lib/cfn-nag/custom_rules/AlexaASKSkillAuthenticationConfigurationRefreshTokenRule.rb, line 18
def rule_id
  'F75'
end
rule_text() click to toggle source
# File lib/cfn-nag/custom_rules/AlexaASKSkillAuthenticationConfigurationRefreshTokenRule.rb, line 9
def rule_text
  'Alexa ASK Skill AuthenticationConfiguration RefreshToken must not be ' \
  'a plaintext string or a Ref to a NoEcho Parameter with a Default value.'
end
rule_type() click to toggle source
# File lib/cfn-nag/custom_rules/AlexaASKSkillAuthenticationConfigurationRefreshTokenRule.rb, line 14
def rule_type
  Violation::FAILING_VIOLATION
end