aws-cf-checker
Advanced tools
aws-cf-checker - npm Package Compare versions
Comparing version 0.2.1 to 0.3.0
@@ -50,3 +50,3 @@ var fs = require("fs"); | ||
| if (checks.hasOwnProperty(check)) { | ||
| require("./lib/" + check + ".js").check(objects, checks[check], checkCallback); | ||
| require("./check/" + check + ".js").check(objects, checks[check], checkCallback); | ||
| } | ||
@@ -53,0 +53,0 @@ } |
| { | ||
| "name": "aws-cf-checker", | ||
| "version": "0.2.1", | ||
| "version": "0.3.0", | ||
| "description": "Checks AWS CloudFormation templates for security, reliability and conformity", | ||
@@ -5,0 +5,0 @@ "keywords": ["aws", "cloudformation", "cf"], |
@@ -93,3 +93,3 @@ [](http://travis-ci.org/widdix/aws-cf-checker) | ||
| Options: | ||
| Options: (Object) | ||
@@ -104,3 +104,3 @@ * `case`: Enum["pascal", "camel"] (default: "pascal") | ||
| Options: | ||
| Options: (Object) | ||
@@ -137,4 +137,24 @@ * `deny`: Array[String] | ||
| Options: | ||
| Options: (Object) | ||
| * none | ||
| none | ||
| ### iamInlinePolicy | ||
| Checks IAM Users, Groups and Roles for inline policies. | ||
| Options: (Boolean) | ||
| `true` := inline policies are allowed | ||
| `false` := inline policies are denied | ||
| ### iamPolicy | ||
| Checks allowed actions of IAM policies. | ||
| A statement with NotAction is a finding. A statement with Effect != Allow is skipped. | ||
| Options: (Object) | ||
| * `allow`: Array[String] List of allowed actions (whitelist) | ||
| * `deny`: Array[String] List of denied actions (blacklist) |
@@ -273,2 +273,47 @@ var checker = require("../index.js"); | ||
| }); | ||
| it("secure RDS instance setup with external security group", function(done) { | ||
| test({ | ||
| "Parameters": { | ||
| "SGDatabase": { | ||
| "Type": "AWS::EC2::SecurityGroup::Id", | ||
| } | ||
| }, | ||
| "Resources": { | ||
| "Database": { | ||
| "Type": "AWS::RDS::DBInstance", | ||
| "Properties": { | ||
| "VPCSecurityGroups": [{"Ref": "SGDatabase"}] | ||
| } | ||
| } | ||
| } | ||
| }, {"securityGroupInbound": true}, 0, done); | ||
| }); | ||
| it("secure RDS instance setup with external security group as source", function(done) { | ||
| test({ | ||
| "Parameters": { | ||
| "SGDatabaseClient": { | ||
| "Type": "AWS::EC2::SecurityGroup::Id", | ||
| } | ||
| }, | ||
| "Resources": { | ||
| "SGDatabase": { | ||
| "Type": "AWS::EC2::SecurityGroup", | ||
| "Properties": { | ||
| "SecurityGroupIngress": [{ | ||
| "FromPort": 3306, | ||
| "ToPort": 3306, | ||
| "IpProtocol": "tcp", | ||
| "SourceSecurityGroupId": {"Ref": "SGDatabaseClient"} | ||
| }] | ||
| } | ||
| }, | ||
| "Database": { | ||
| "Type": "AWS::RDS::DBInstance", | ||
| "Properties": { | ||
| "VPCSecurityGroups": [{"Ref": "SGDatabase"}] | ||
| } | ||
| } | ||
| } | ||
| }, {"securityGroupInbound": true}, 0, done); | ||
| }); | ||
| }); |
New alerts
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
Dynamic require
Supply chain riskDynamic require can indicate the package is performing dangerous or unsafe dynamic code execution.
Found 1 instance in 1 package
Fixed alerts
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
Dynamic require
Supply chain riskDynamic require can indicate the package is performing dangerous or unsafe dynamic code execution.
Found 1 instance in 1 package
Improved metrics
- Total package byte prevSize
- increased by114.02%
95727
- Number of package files
- increased by19.05%
25
- Lines of code
- increased by115.98%
3108
- Number of lines in readme file
- increased by14.49%
158