Merge pull request #192 from stelligent/line-numbers-support

Incorporating line number support from cfn-model
stelligent · May 29, 2019 · 7d707c6 · 7d707c6
2 parents e281093 + 1f19775
commit 7d707c6
Show file tree

Hide file tree

Showing 26 changed files with 687 additions and 44 deletions.
diff --git a/.rubocop.yml b/.rubocop.yml
@@ -37,3 +37,6 @@ Naming/RescuedExceptionsVariableName:
 
 Gemspec/RequiredRubyVersion:
   Enabled: false
+
+Metrics/ClassLength:
+  Max: 115
diff --git a/cfn-nag.gemspec b/cfn-nag.gemspec
@@ -24,8 +24,7 @@ Gem::Specification.new do |s|
   # versus what we used to run tests in cfn-nag before publishing cfn-nag
   # they are coupled and we are doing a good bit of experimenting in cfn-model
   # i might consider collapsing them again....
-  s.add_runtime_dependency('cfn-model', '0.1.35')
-
+  s.add_runtime_dependency('cfn-model', '0.4.0')
   s.add_runtime_dependency('jmespath', '~> 1.3.1')
   s.add_runtime_dependency('logging', '~> 2.2.2')
   s.add_runtime_dependency('netaddr', '~> 1.5.1')

diff --git a/circle.txt b/circle.txt
@@ -0,0 +1,30 @@
+*** LOCAL GEMS ***
+
+ast (2.4.0)
+bundler (default: 1.17.3)
+cfn-model (0.1.29)
+cfn-nag (0.0.0)
+diff-lcs (1.3)
+docile (1.3.1)
+jaro_winkler (1.5.2)
+jmespath (1.3.1)
+json (2.2.0)
+kwalify (0.7.2)
+little-plugger (1.1.4)
+logging (2.2.2)
+multi_json (1.13.1)
+netaddr (1.5.1)
+parallel (1.17.0)
+parser (2.6.3.0)
+rainbow (3.0.0)
+rspec (3.8.0)
+rspec-core (3.8.0)
+rspec-expectations (3.8.3)
+rspec-mocks (3.8.0)
+rspec-support (3.8.0)
+rubocop (0.68.1)
+ruby-progressbar (1.10.0)
+simplecov (0.16.1)
+simplecov-html (0.10.2)
+trollop (2.1.3)
+unicode-display_width (1.5.0)
diff --git a/lib/cfn-nag/cfn_nag.rb b/lib/cfn-nag/cfn_nag.rb
@@ -85,10 +85,12 @@ def audit(cloudformation_string:, parameter_values_string: nil)
 
     begin
       cfn_model = CfnParser.new.parse cloudformation_string,
-                                      parameter_values_string
+                                      parameter_values_string,
+                                      true
       violations += @custom_rule_loader.execute_custom_rules(cfn_model)
 
       violations = filter_violations_by_blacklist_and_profile(violations)
+      violations = mark_line_numbers(violations, cfn_model)
     rescue Psych::SyntaxError, ParserError => parser_error
       violations << fatal_violation(parser_error.to_s)
     rescue JSON::ParserError => json_parameters_error
@@ -101,6 +103,16 @@ def audit(cloudformation_string:, parameter_values_string: nil)
 
   private
 
+  def mark_line_numbers(violations, cfn_model)
+    violations.each do |violation|
+      violation.logical_resource_ids.each do |logical_resource_id|
+        violation.line_numbers << cfn_model.line_numbers[logical_resource_id]
+      end
+    end
+
+    violations
+  end
+
   def filter_violations_by_blacklist_and_profile(violations)
     violations = filter_violations_by_profile(
       profile_definition: @profile_definition,

diff --git a/lib/cfn-nag/result_view/simple_stdout_results.rb b/lib/cfn-nag/result_view/simple_stdout_results.rb
@@ -8,7 +8,8 @@ def message_violations(violations)
     violations.each do |violation|
       message message_type: "#{violation.type} #{violation.id}",
               message: violation.message,
-              logical_resource_ids: violation.logical_resource_ids
+              logical_resource_ids: violation.logical_resource_ids,
+              line_numbers: violation.line_numbers
     end
   end
 
@@ -38,7 +39,8 @@ def render(results)
 
   def message(message_type:,
               message:,
-              logical_resource_ids: nil)
+              logical_resource_ids: nil,
+              line_numbers: [])
 
     logical_resource_ids = nil if logical_resource_ids == []
 
@@ -47,7 +49,8 @@ def message(message_type:,
     puts "| #{message_type.upcase}"
     puts '|'
     puts "| Resources: #{logical_resource_ids}" unless logical_resource_ids.nil?
-    puts '|' unless logical_resource_ids.nil?
+    puts "| Line Numbers: #{line_numbers}" unless line_numbers.empty?
+    puts '|' unless line_numbers.empty? && logical_resource_ids.nil?
     puts "| #{message}"
   end
 

diff --git a/lib/cfn-nag/violation.rb b/lib/cfn-nag/violation.rb
@@ -4,17 +4,19 @@
 
 # Rule definition for violations
 class Violation < RuleDefinition
-  attr_reader :logical_resource_ids
+  attr_reader :logical_resource_ids, :line_numbers
 
   def initialize(id:,
                  type:,
                  message:,
-                 logical_resource_ids: nil)
+                 logical_resource_ids: nil,
+                 line_numbers: [])
     super id: id,
           type: type,
           message: message
 
     @logical_resource_ids = logical_resource_ids
+    @line_numbers = line_numbers
   end
 
   def to_s
@@ -23,7 +25,8 @@ def to_s
 
   def to_h
     super.to_h.merge(
-      logical_resource_ids: @logical_resource_ids
+      logical_resource_ids: @logical_resource_ids,
+      line_numbers: @line_numbers
     )
   end