class SecurityGroupRuleDescriptionRule

Public Instance Methods

audit_impl(cfn_model) click to toggle source
# File lib/cfn-nag/custom_rules/SecurityGroupRuleDescriptionRule.rb, line 23
def audit_impl(cfn_model)
  violating_security_groups?(cfn_model) +
    violating_ingress?(cfn_model) +
    violating_egress?(cfn_model)
end
rule_id() click to toggle source
# File lib/cfn-nag/custom_rules/SecurityGroupRuleDescriptionRule.rb, line 19
def rule_id
  'W36'
end
rule_text() click to toggle source
# File lib/cfn-nag/custom_rules/SecurityGroupRuleDescriptionRule.rb, line 9
def rule_text
  'Security group rules without a description obscure their purpose and may '\
  'lead to bad practices in ensuring they only allow traffic from the ports '\
  'and sources/destinations required.'
end
rule_type() click to toggle source
# File lib/cfn-nag/custom_rules/SecurityGroupRuleDescriptionRule.rb, line 15
def rule_type
  Violation::WARNING
end

Private Instance Methods

violating_egress?(cfn_model) click to toggle source
# File lib/cfn-nag/custom_rules/SecurityGroupRuleDescriptionRule.rb, line 52
def violating_egress?(cfn_model)
  violating_egress = cfn_model.resources_by_type('AWS::EC2::SecurityGroupEgress').select do |standalone_egress|
    blank?(standalone_egress.description)
  end
  violating_egress.map(&:logical_resource_id)
end
violating_ingress?(cfn_model) click to toggle source
# File lib/cfn-nag/custom_rules/SecurityGroupRuleDescriptionRule.rb, line 45
def violating_ingress?(cfn_model)
  violating_ingress = cfn_model.resources_by_type('AWS::EC2::SecurityGroupIngress').select do |standalone_ingress|
    blank?(standalone_ingress.description)
  end
  violating_ingress.map(&:logical_resource_id)
end
violating_security_groups?(cfn_model) click to toggle source
# File lib/cfn-nag/custom_rules/SecurityGroupRuleDescriptionRule.rb, line 37
def violating_security_groups?(cfn_model)
  violating_security_groups = cfn_model.security_groups.select do |security_group|
    !violating_sg_component(security_group.securityGroupIngress).empty? ||
      !violating_sg_component(security_group.securityGroupEgress).empty?
  end
  violating_security_groups.map(&:logical_resource_id)
end
violating_sg_component(sg_component) click to toggle source
# File lib/cfn-nag/custom_rules/SecurityGroupRuleDescriptionRule.rb, line 31
def violating_sg_component(sg_component)
  sg_component.select do |item|
    blank?(item['Description'])
  end
end