Class: UnencryptedS3PutObjectAllowedRule
- Inherits:
-
Object
- Object
- UnencryptedS3PutObjectAllowedRule
- Defined in:
- lib/custom_rules/unencrypted_s3_put_allowed.rb
Instance Method Summary collapse
Instance Method Details
#audit(cfn_model) ⇒ Object
18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 |
# File 'lib/custom_rules/unencrypted_s3_put_allowed.rb', line 18 def audit(cfn_model) logical_resource_ids = [] cfn_model.bucket_policies.each do |bucket_policy| found_statement = bucket_policy.statements.find do |statement| blocks_put_object_without_encryption(statement) end if found_statement.nil? logical_resource_ids << bucket_policy.logical_resource_id end end if logical_resource_ids.size > 0 Violation.new(id: rule_id, type: rule_type, message: rule_text, logical_resource_ids: logical_resource_ids) else nil end end |
#rule_id ⇒ Object
14 15 16 |
# File 'lib/custom_rules/unencrypted_s3_put_allowed.rb', line 14 def rule_id 'W1000' end |
#rule_text ⇒ Object
6 7 8 |
# File 'lib/custom_rules/unencrypted_s3_put_allowed.rb', line 6 def rule_text 'It appears that the S3 Bucket Policy allows s3:PutObject without server-side encryption' end |