class EC2NetworkAclEntryDuplicateRule

Public Instance Methods

audit_impl(cfn_model) click to toggle source
# File lib/cfn-nag/custom_rules/EC2NetworkAclEntryDuplicateRule.rb, line 20
def audit_impl(cfn_model)
  violating_nacl_entries = []
  cfn_model.resources_by_type('AWS::EC2::NetworkAcl').each do |nacl|
    violating_nacl_entries += violating_nacl_entries(nacl)
  end

  violating_nacl_entries.map(&:logical_resource_id)
end
rule_id() click to toggle source
# File lib/cfn-nag/custom_rules/EC2NetworkAclEntryDuplicateRule.rb, line 16
def rule_id
  'F79'
end
rule_text() click to toggle source
# File lib/cfn-nag/custom_rules/EC2NetworkAclEntryDuplicateRule.rb, line 8
def rule_text
  'A NetworkACL\'s rule numbers cannot be repeated unless one is egress and one is ingress.'
end
rule_type() click to toggle source
# File lib/cfn-nag/custom_rules/EC2NetworkAclEntryDuplicateRule.rb, line 12
def rule_type
  Violation::FAILING_VIOLATION
end

Private Instance Methods

duplicate_rule_numbers(nacl_entries) click to toggle source
# File lib/cfn-nag/custom_rules/EC2NetworkAclEntryDuplicateRule.rb, line 31
def duplicate_rule_numbers(nacl_entries)
  nacl_entries.group_by(&:ruleNumber).select { |_, entries| entries.size > 1 }.map { |_, entries| entries }.flatten
end
egress(nacl_entries) click to toggle source
# File lib/cfn-nag/custom_rules/EC2NetworkAclEntryDuplicateRule.rb, line 35
def egress(nacl_entries)
  nacl_entries.select do |nacl_entry|
    truthy?(nacl_entry.egress)
  end
end
ingress(nacl_entries) click to toggle source
# File lib/cfn-nag/custom_rules/EC2NetworkAclEntryDuplicateRule.rb, line 41
def ingress(nacl_entries)
  nacl_entries.select do |nacl_entry|
    not_truthy?(nacl_entry.egress)
  end
end
violating_nacl_entries(nacl) click to toggle source
# File lib/cfn-nag/custom_rules/EC2NetworkAclEntryDuplicateRule.rb, line 47
def violating_nacl_entries(nacl)
  duplicate_rule_numbers(egress(nacl.network_acl_entries)) +
    duplicate_rule_numbers(ingress(nacl.network_acl_entries))
end