Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Feature/253 remaining password property rules #345

Merged
7 commits merged into from
Jan 16, 2020
Merged

Feature/253 remaining password property rules #345

7 commits merged into from
Jan 16, 2020

Conversation

phelewski
Copy link
Contributor

Partial for #253

Creates rule for the following resource properties:

  • AWS::CodePipeline::Webhook.WebhookAuthConfiguration SecretToken
  • AWS::ElastiCache::ReplicationGroup AuthToken
  • AWS::Lambda::Permission EventSourceToken
  • AWS::ManagedBlockchain::Member.MemberFabricConfiguration AdminPassword
  • AWS::DocDB::DBCluster MasterUserPassword

ghost
ghost reviewed Jan 16, 2020
View reviewed changes
lib/cfn-nag/custom_rules/ManagedBlockchainMemberMemberFabricConfigurationAdminPasswordRule.rb Outdated
def audit_impl(cfn_model)
managed_blockchain_members = cfn_model.resources_by_type('AWS::ManagedBlockchain::Member')
violating_managed_blockchains = managed_blockchain_members.select do |member|
member_config = member.memberConfiguration['MemberFrameworkConfiguration']['MemberFabricConfiguration']['AdminPassword']
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

MemberFabricConfiguration is optional

Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

which looks like you got, but don't want to dereference the AdminPassword then?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I've added some logic here to ensure all of these optional properties exist.

ghost
ghost suggested changes Jan 16, 2020
View reviewed changes
Copy link

@ghost ghost left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

looks good - just make sure the framwork config bit is straightened out for the block chain resource

#253 adding check to ensure the optional property exists in template …
37a53d6 
…before running secure check against value
@ghost ghost merged commit c1868bd into master Jan 16, 2020
@ghost ghost deleted the feature/253_remaining_password_property_rules branch February 26, 2020 15:04
This pull request was closed.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@phelewski