Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Feature/add secure rule for alexa ask skill authentication configuration #323

Merged
2 commits merged into from
Jan 6, 2020
Merged

Feature/add secure rule for alexa ask skill authentication configuration #323

2 commits merged into from
Jan 6, 2020

Conversation

phelewski
Copy link
Contributor

Closes #322

Creating two new rules for Alexa::ASK::Skill.AuthenticationConfiguration

  • ClientSecret
  • RefreshToken

These rules are using the BaseRule class. New specs are created to test familiar template scenarios.

ghost
ghost reviewed Dec 10, 2019
View reviewed changes
lib/cfn-nag/custom_rules/AlexaASKSkillAuthenticationConfigurationRefreshTokenRule.rb
def audit_impl(cfn_model)
ask_skills = cfn_model.resources_by_type('Alexa::ASK::Skill')
violating_skills = ask_skills.select do |skill|
refresh_token = skill.authenticationConfiguration['RefreshToken']
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

one thing to be wary of - authenticationConfiguration is required but you could face a malformed template. haven't been totally consistent about handling this. cfn-model can hide/catch some of these issues up front so rule developers don't have to think about it..... you could add a kwalify schema into cfn-model, or you could check missing authenticationConfiguration here.

Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

if somebody jams an Fn::If at the top-level of properties, cfn-model is going to ignore the FnIf, but then the resource will have no properties. there are a lot of places that are going to possibly break with that.... so not something you nec need to care about.

ghost
ghost suggested changes Dec 10, 2019
View reviewed changes
Copy link

@ghost ghost left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

consider missing authenticationConfiguration

@ghost ghost merged commit 0e9a524 into master Jan 6, 2020
@ghost ghost deleted the feature/add_secure_rule_for_alexa_ask_skill_authentication_configuration branch January 6, 2020 21:59
This pull request was closed.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Create secure rules for Alexa::ASK::Skill.AuthenticationConfiguration
1 participant
@phelewski