Class: BaseRule

Inherits:

Object

Object
BaseRule

show all

Defined in:: lib/cfn-nag/custom_rules/base.rb

Direct Known Subclasses

CloudFormationAuthenticationRule, CloudFrontDistributionAccessLoggingRule, EbsVolumeHasSseRule, ElasticLoadBalancerAccessLoggingRule, IamManagedPolicyNotActionRule, IamManagedPolicyNotResourceRule, IamManagedPolicyWildcardActionRule, IamManagedPolicyWildcardResourceRule, IamPolicyNotActionRule, IamPolicyNotResourceRule, IamPolicyWildcardActionRule, IamPolicyWildcardResourceRule, IamRoleNotActionOnPermissionsPolicyRule, IamRoleNotActionOnTrustPolicyRule, IamRoleNotPrincipalOnTrustPolicyRule, IamRoleNotResourceOnPermissionsPolicyRule, IamRoleWildcardActionOnPermissionsPolicyRule, IamRoleWildcardActionOnTrustPolicyRule, IamRoleWildcardResourceOnPermissionsPolicyRule, LambdaPermissionInvokeFunctionActionRule, LambdaPermissionWildcardPrincipalRule, ManagedPolicyOnUserRule, PolicyOnUserRule, S3BucketPolicyNotActionRule, S3BucketPolicyNotPrincipalRule, S3BucketPolicyWildcardActionRule, S3BucketPolicyWildcardPrincipalRule, S3BucketPublicReadAclRule, S3BucketPublicReadWriteAclRule, SecurityGroupEgressOpenToWorldRule, SecurityGroupEgressPortRangeRule, SecurityGroupIngressCidrNon32Rule, SecurityGroupIngressOpenToWorldRule, SecurityGroupIngressPortRangeRule, SecurityGroupMissingEgressRule, SnsTopicPolicyNotActionRule, SnsTopicPolicyNotPrincipalRule, SnsTopicPolicyWildcardPrincipalRule, SqsQueuePolicyNotActionRule, SqsQueuePolicyNotPrincipalRule, SqsQueuePolicyWildcardActionRule, SqsQueuePolicyWildcardPrincipalRule, UserHasInlinePolicyRule, UserMissingGroupRule, WafWebAclDefaultActionRule

Instance Method Summary collapse

#audit(cfn_model) ⇒ Object

Returns nil when there are no violations Returns a Violation object otherwise.
#audit_impl(cfn_model) ⇒ Object

Returns a collection of logical resource ids.

Instance Method Details

#audit(cfn_model) ⇒ `Object`

Returns nil when there are no violations Returns a Violation object otherwise

# File 'lib/cfn-nag/custom_rules/base.rb', line 16

def audit(cfn_model)
  logical_resource_ids = audit_impl(cfn_model)

  if !logical_resource_ids.empty?
    Violation.new(id: rule_id,
                  type: rule_type,
                  message: rule_text,
                  logical_resource_ids: logical_resource_ids)
  else
    nil
  end
end

#audit_impl(cfn_model) ⇒ `Object`

Returns a collection of logical resource ids



8
9
10

# File 'lib/cfn-nag/custom_rules/base.rb', line 8

def audit_impl(cfn_model)
  raise 'must implement in subclass'
end