Class: BaseRule

Inherits:

Object

Object
BaseRule

show all

Defined in:: lib/cfn-nag/custom_rules/base.rb

Overview

Base class all Rules should subclass

Direct Known Subclasses

AmazonMQBrokerUserPasswordRule, ApiGatewayAccessLoggingRule, ApiGatewayV2AccessLoggingRule, BatchJobDefinitionContainerPropertiesPrivilegedRule, BooleanBaseRule, CloudFormationAuthenticationRule, CloudFrontDistributionAccessLoggingRule, CodeBuildEncryptionKeyRule, EC2SubnetMapPublicIpOnLaunchRule, EbsVolumeEncryptionKeyRule, ElasticLoadBalancerAccessLoggingRule, ElasticLoadBalancerV2AccessLoggingRule, IamManagedPolicyNotActionRule, IamManagedPolicyNotResourceRule, IamManagedPolicyWildcardActionRule, IamManagedPolicyWildcardResourceRule, IamPolicyNotActionRule, IamPolicyNotResourceRule, IamPolicyWildcardActionRule, IamPolicyWildcardResourceRule, IamRoleAdministratorAccessPolicyRule, IamRoleElevatedManagedPolicyRule, IamRoleNotActionOnPermissionsPolicyRule, IamRoleNotActionOnTrustPolicyRule, IamRoleNotPrincipalOnTrustPolicyRule, IamRoleNotResourceOnPermissionsPolicyRule, IamRolePassRoleWildcardResourceRule, IamRoleWildcardActionOnPermissionsPolicyRule, IamRoleWildcardActionOnTrustPolicyRule, IamRoleWildcardResourceOnPermissionsPolicyRule, IamUserLoginProfilePasswordResetRule, IamUserLoginProfilePasswordRule, IotPolicyWildcardActionRule, IotPolicyWildcardResourceRule, KMSKeyRotationRule, KinesisStreamStreamEncryptionRule, LambdaPermissionInvokeFunctionActionRule, LambdaPermissionWildcardPrincipalRule, ManagedPolicyOnUserRule, MissingBucketPolicyRule, PassRoleBaseRule, PasswordBaseRule, PolicyOnUserRule, RDSDBInstanceStorageEncryptedRule, RDSInstancePubliclyAccessibleRule, ResourceWithExplicitNameRule, S3BucketAccessLoggingRule, S3BucketEncryptionSetRule, S3BucketPolicyNotActionRule, S3BucketPolicyNotPrincipalRule, S3BucketPolicyWildcardActionRule, S3BucketPolicyWildcardPrincipalRule, S3BucketPublicReadAclRule, S3BucketPublicReadWriteAclRule, SecurityGroupEgressAllProtocolsRule, SecurityGroupEgressOpenToWorldRule, SecurityGroupEgressPortRangeRule, SecurityGroupIngressAllProtocolsRule, SecurityGroupIngressCidrNon32Rule, SecurityGroupIngressOpenToWorldRule, SecurityGroupIngressPortRangeRule, SecurityGroupMissingEgressRule, SecurityGroupRuleDescriptionRule, SnsTopicKmsMasterKeyIdRule, SnsTopicPolicyNotActionRule, SnsTopicPolicyNotPrincipalRule, SnsTopicPolicyWildcardPrincipalRule, SqsQueueKmsMasterKeyIdRule, SqsQueuePolicyNotActionRule, SqsQueuePolicyNotPrincipalRule, SqsQueuePolicyWildcardActionRule, SqsQueuePolicyWildcardPrincipalRule, SubPropertyWithListPasswordBaseRule, UserHasInlinePolicyRule, UserMissingGroupRule, WafWebAclDefaultActionRule, WorkspacesWorkspaceEncryptionRule

Instance Method Summary collapse

#audit(cfn_model) ⇒ Object

Returns nil when there are no violations Returns a Violation object otherwise.
#audit_impl(_cfn_model) ⇒ Object

Returns a collection of logical resource ids.

Instance Method Details

#audit(cfn_model) ⇒ `Object`

Returns nil when there are no violations Returns a Violation object otherwise

# File 'lib/cfn-nag/custom_rules/base.rb', line 18

def audit(cfn_model)
  logical_resource_ids = audit_impl(cfn_model)
  return if logical_resource_ids.empty?

  Violation.new(id: rule_id,
                type: rule_type,
                message: rule_text,
                logical_resource_ids: logical_resource_ids)
end

#audit_impl(_cfn_model) ⇒ `Object`

Returns a collection of logical resource ids



10
11
12

# File 'lib/cfn-nag/custom_rules/base.rb', line 10

def audit_impl(_cfn_model)
  raise 'must implement in subclass'
end