class CfnNagExecutor
Public Class Methods
new()
click to toggle source
# File lib/cfn-nag/cfn_nag_executor.rb, line 8 def initialize @profile_definition = nil @blacklist_definition = nil @parameter_values_string = nil @condition_values_string = nil @rule_repository_definitions = [] @rule_arguments_string = nil end
Public Instance Methods
scan(options_type:)
click to toggle source
# File lib/cfn-nag/cfn_nag_executor.rb, line 17 def scan(options_type:) @total_failure_count = 0 options = Options.for(options_type) validate_options(options) execute_io_options(options) CfnNagLogging.configure_logging(options) cfn_nag = CfnNag.new( config: cfn_nag_config(options) ) options_type == 'scan' ? execute_aggregate_scan(cfn_nag, options) : execute_file_or_piped_scan(cfn_nag, options) end
Private Instance Methods
argf_close()
click to toggle source
# File lib/cfn-nag/cfn_nag_executor.rb, line 141 def argf_close ARGF.close end
argf_filename()
click to toggle source
# File lib/cfn-nag/cfn_nag_executor.rb, line 150 def argf_filename ARGF.filename end
argf_finished?()
click to toggle source
# File lib/cfn-nag/cfn_nag_executor.rb, line 137 def argf_finished? ARGF.closed? || ARGF.eof? end
argf_read()
click to toggle source
# File lib/cfn-nag/cfn_nag_executor.rb, line 145 def argf_read ARGF.set_encoding(Encoding::UTF_8) ARGF.file.read end
cfn_nag_config(opts)
click to toggle source
# File lib/cfn-nag/cfn_nag_executor.rb, line 122 def cfn_nag_config(opts) CfnNagConfig.new( profile_definition: @profile_definition, blacklist_definition: @blacklist_definition, rule_directory: opts[:rule_directory], allow_suppression: opts[:allow_suppression], print_suppression: opts[:print_suppression], isolate_custom_rule_exceptions: opts[:isolate_custom_rule_exceptions], fail_on_warnings: opts[:fail_on_warnings], rule_repository_definitions: @rule_repository_definitions, ignore_fatal: opts[:ignore_fatal], rule_arguments: merge_rule_arguments(opts) ) end
execute_aggregate_scan(cfn_nag, opts)
click to toggle source
# File lib/cfn-nag/cfn_nag_executor.rb, line 49 def execute_aggregate_scan(cfn_nag, opts) cfn_nag.audit_aggregate_across_files_and_render_results( input_path: opts[:input_path], output_format: opts[:output_format], parameter_values_path: opts[:parameter_values_path], condition_values_path: opts[:condition_values_path], template_pattern: opts[:template_pattern] ) end
execute_file_or_piped_scan(cfn_nag, opts)
click to toggle source
# File lib/cfn-nag/cfn_nag_executor.rb, line 35 def execute_file_or_piped_scan(cfn_nag, opts) aggregate_results = [] until argf_finished? aggregate_results << scan_file(cfn_nag, opts[:fail_on_warnings]) argf_close end cfn_nag.render_results(aggregate_results: aggregate_results, output_format: opts[:output_format]) @total_failure_count end
execute_io_options(opts)
click to toggle source
# File lib/cfn-nag/cfn_nag_executor.rb, line 89 def execute_io_options(opts) @profile_definition = read_conditionally(opts[:profile_path]) @blacklist_definition = read_conditionally(opts[:blacklist_path]) @parameter_values_string = read_conditionally(opts[:parameter_values_path]) @condition_values_string = read_conditionally(opts[:condition_values_path]) @rule_arguments_string = read_conditionally(opts[:rule_arguments_path]) opts[:rule_repository]&.each do |rule_repository| @rule_repository_definitions << IO.read(rule_repository) end end
merge_rule_arguments(opts)
click to toggle source
# File lib/cfn-nag/cfn_nag_executor.rb, line 111 def merge_rule_arguments(opts) rule_arguments = {} rule_arguments = JSON.parse(@rule_arguments_string) if @rule_arguments_string opts[:rule_arguments]&.each do |rule_argument| name = rule_argument.split(':')[0] value = rule_argument.split(':')[1] rule_arguments[name] = value end rule_arguments end
read_conditionally(path)
click to toggle source
# File lib/cfn-nag/cfn_nag_executor.rb, line 105 def read_conditionally(path) unless path.nil? IO.read(path) end end
scan_file(cfn_nag, fail_on_warnings)
click to toggle source
# File lib/cfn-nag/cfn_nag_executor.rb, line 59 def scan_file(cfn_nag, fail_on_warnings) audit_result = cfn_nag.audit(cloudformation_string: argf_read, parameter_values_string: @parameter_values_string, condition_values_string: @condition_values_string) @total_failure_count += if fail_on_warnings audit_result[:violations].length else audit_result[:failure_count] end { filename: argf_filename, file_results: audit_result } end
validate_options(opts)
click to toggle source
# File lib/cfn-nag/cfn_nag_executor.rb, line 76 def validate_options(opts) unless opts[:output_format].nil? || %w[colortxt txt json].include?(opts[:output_format]) Optimist.die(:output_format, 'Must be colortxt, txt, or json') end opts[:rule_arguments]&.each do |rule_argument| unless rule_argument.include?(':') Optimist.die(:rule_arguments, 'Must be of form name:value') end end end