class EC2NetworkAclEntryDuplicateRule
Public Instance Methods
audit_impl(cfn_model)
click to toggle source
# File lib/cfn-nag/custom_rules/EC2NetworkAclEntryDuplicateRule.rb, line 20 def audit_impl(cfn_model) violating_nacl_entries = [] cfn_model.resources_by_type('AWS::EC2::NetworkAcl').each do |nacl| violating_nacl_entries += violating_nacl_entries(nacl) end violating_nacl_entries.map(&:logical_resource_id) end
rule_id()
click to toggle source
# File lib/cfn-nag/custom_rules/EC2NetworkAclEntryDuplicateRule.rb, line 16 def rule_id 'F79' end
rule_text()
click to toggle source
# File lib/cfn-nag/custom_rules/EC2NetworkAclEntryDuplicateRule.rb, line 8 def rule_text 'A NetworkACL\'s rule numbers cannot be repeated unless one is egress and one is ingress.' end
rule_type()
click to toggle source
# File lib/cfn-nag/custom_rules/EC2NetworkAclEntryDuplicateRule.rb, line 12 def rule_type Violation::FAILING_VIOLATION end
Private Instance Methods
duplicate_rule_numbers(nacl_entries)
click to toggle source
# File lib/cfn-nag/custom_rules/EC2NetworkAclEntryDuplicateRule.rb, line 31 def duplicate_rule_numbers(nacl_entries) nacl_entries.group_by(&:ruleNumber).select { |_, entries| entries.size > 1 }.map { |_, entries| entries }.flatten end
egress(nacl_entries)
click to toggle source
# File lib/cfn-nag/custom_rules/EC2NetworkAclEntryDuplicateRule.rb, line 35 def egress(nacl_entries) nacl_entries.select do |nacl_entry| truthy?(nacl_entry.egress) end end
ingress(nacl_entries)
click to toggle source
# File lib/cfn-nag/custom_rules/EC2NetworkAclEntryDuplicateRule.rb, line 41 def ingress(nacl_entries) nacl_entries.select do |nacl_entry| not_truthy?(nacl_entry.egress) end end
violating_nacl_entries(nacl)
click to toggle source
# File lib/cfn-nag/custom_rules/EC2NetworkAclEntryDuplicateRule.rb, line 47 def violating_nacl_entries(nacl) duplicate_rule_numbers(egress(nacl.network_acl_entries)) + duplicate_rule_numbers(ingress(nacl.network_acl_entries)) end