-
Notifications
You must be signed in to change notification settings - Fork 210
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Update Network ACL overlapping port rule (Fixes #487, #483) #491
Conversation
…stelligent#483) - Test for port values from references - Test for entries without logical nacl resource - Test for correctly evaluating metadata to ignore warning Fix up various linting errors in yaml templates Refactor nacl grouping logic
end | ||
|
||
def tcp_or_udp_protocol?(entry1, entry2) | ||
%w[6 17].include?(entry1.protocol.to_s) && %w[6 17].include?(entry2.protocol.to_s) | ||
def valid_ports?(entry) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
When running the test cfn_nag_scan --input-path spec/test_templates/yaml/ec2_networkaclentry/ec2_networkaclentry_missing_port_range.yml
, we fail here with this response:
Traceback (most recent call last):
21: from /Users/stephengoncher/.rvm/gems/ruby-2.6.6/bin/ruby_executable_hooks:24:in<main>' 20: from /Users/stephengoncher/.rvm/gems/ruby-2.6.6/bin/ruby_executable_hooks:24:in
eval'
19: from /Users/stephengoncher/.rvm/gems/ruby-2.6.6/bin/cfn_nag_scan:23:in<main>' 18: from /Users/stephengoncher/.rvm/gems/ruby-2.6.6/bin/cfn_nag_scan:23:in
load'
17: from /private/tmp/arothian_cfn_nag/bin/cfn_nag_scan:11:in<top (required)>' 16: from /private/tmp/arothian_cfn_nag/lib/cfn-nag/cfn_nag_executor.rb:30:in
scan'
15: from /private/tmp/arothian_cfn_nag/lib/cfn-nag/cfn_nag_executor.rb:50:inexecute_aggregate_scan' 14: from /private/tmp/arothian_cfn_nag/lib/cfn-nag/cfn_nag.rb:34:in
audit_aggregate_across_files_and_render_results'
13: from /private/tmp/arothian_cfn_nag/lib/cfn-nag/cfn_nag.rb:64:inaudit_aggregate_across_files' 12: from /private/tmp/arothian_cfn_nag/lib/cfn-nag/cfn_nag.rb:64:in
each'
11: from /private/tmp/arothian_cfn_nag/lib/cfn-nag/cfn_nag.rb:67:inblock in audit_aggregate_across_files' 10: from /private/tmp/arothian_cfn_nag/lib/cfn-nag/cfn_nag.rb:91:in
audit'
9: from /private/tmp/arothian_cfn_nag/lib/cfn-nag/custom_rule_loader.rb:64:inexecute_custom_rules' 8: from /private/tmp/arothian_cfn_nag/lib/cfn-nag/custom_rule_loader.rb:81:in
filter_rule_classes'
7: from /Users/stephengoncher/.rvm/rubies/ruby-2.6.6/lib/ruby/2.6.0/set.rb:338:ineach' 6: from /Users/stephengoncher/.rvm/rubies/ruby-2.6.6/lib/ruby/2.6.0/set.rb:338:in
each_key'
5: from /private/tmp/arothian_cfn_nag/lib/cfn-nag/custom_rule_loader.rb:91:inblock in filter_rule_classes' 4: from /private/tmp/arothian_cfn_nag/lib/cfn-nag/custom_rules/base.rb:19:in
audit'
3: from /private/tmp/arothian_cfn_nag/lib/cfn-nag/custom_rules/EC2NetworkAclEntryOverlappingPortsRule.rb:24:inaudit_impl' 2: from /private/tmp/arothian_cfn_nag/lib/cfn-nag/custom_rules/EC2NetworkAclEntryOverlappingPortsRule.rb:24:in
select!'
1: from /private/tmp/arothian_cfn_nag/lib/cfn-nag/custom_rules/EC2NetworkAclEntryOverlappingPortsRule.rb:25:inblock in audit_impl' /private/tmp/arothian_cfn_nag/lib/cfn-nag/custom_rules/EC2NetworkAclEntryOverlappingPortsRule.rb:46:in
valid_ports?': undefined method `[]' for nil:NilClass (NoMethodError)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks, updated!
Fix issue with evaluating NACL entries using non-literal ports
Fix issue with evaluating NACL entries without direct NACL resource in the same template
Fix issue with metadata not ignoring warnings on NACL entries
Fix up various lint errors in yaml test templates
Refactor NACL grouping logic