Skip to content

Commit

Permalink
Have rule I3042 only check inside a sub (#1928)
Browse files Browse the repository at this point in the history
  • Loading branch information
@kddejong
kddejong authored Mar 12, 2021
1 parent 8ff68a8 commit baf0274
Show file tree
Hide file tree
Showing 8 changed files with 4 additions and 484 deletions.
3 changes: 2 additions & 1 deletion src/cfnlint/rules/resources/HardCodedArnProperties.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -53,7 +53,8 @@ def _match_values(self, cfnelem, path):
# Leaf node
if isinstance(cfnelem, six.string_types): # and re.match(searchRegex, cfnelem):
for variable in re.findall(self.regex, cfnelem):
values.append(path + [variable])
if 'Fn::Sub' in path:
values.append(path + [variable])

return values

Expand Down
25 changes: 0 additions & 25 deletions test/fixtures/results/public/lambda-poller.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -25,30 +25,5 @@
"ShortDescription": "Check if EOL Lambda Function Runtimes are used",
"Source": "https://docs.aws.amazon.com/lambda/latest/dg/runtime-support-policy.html"
}
},
{
"Filename":"test/fixtures/templates/public/lambda-poller.yaml",
"Level":"Informational",
"Location":{
"End":{
"ColumnNumber":76,
"LineNumber":39
},
"Path":[
"Resources",
"PollerFunctionIamRole"
],
"Start":{
"ColumnNumber":12,
"LineNumber":39
}
},
"Message":"ARN in Resource LambdaExecutionRole contains hardcoded Partition in ARN or incorrectly placed Pseudo Parameters",
"Rule":{
"Description":"Checks Resources if ARNs use correctly placed Pseudo Parameters instead of hardcoded Partition, Region, and Account Number",
"Id":"I3042",
"ShortDescription":"ARNs should use correctly placed Pseudo Parameters",
"Source":""
}
}
]
196 changes: 0 additions & 196 deletions test/fixtures/results/quickstart/cis_benchmark.json
View file
Original file line number Diff line number Diff line change
@@ -1,144 +1,4 @@
[
{
"Filename": "test/fixtures/templates/quickstart/cis_benchmark.yaml",
"Level": "Informational",
"Location": {
"End": {
"ColumnNumber": 60,
"LineNumber": 89
},
"Path": [
"Resources",
"MasterConfigRole",
"Properties",
"ManagedPolicyArns",
0
],
"Start": {
"ColumnNumber": 13,
"LineNumber": 89
}
},
"Message": "ARN in Resource MasterConfigRole contains hardcoded Partition in ARN or incorrectly placed Pseudo Parameters",
"Rule": {
"Description": "Checks Resources if ARNs use correctly placed Pseudo Parameters instead of hardcoded Partition, Region, and Account Number",
"Id": "I3042",
"ShortDescription": "ARNs should use correctly placed Pseudo Parameters",
"Source": ""
}
},
{
"Filename": "test/fixtures/templates/quickstart/cis_benchmark.yaml",
"Level": "Informational",
"Location": {
"End": {
"ColumnNumber": 64,
"LineNumber": 90
},
"Path": [
"Resources",
"MasterConfigRole",
"Properties",
"ManagedPolicyArns",
1
],
"Start": {
"ColumnNumber": 13,
"LineNumber": 90
}
},
"Message": "ARN in Resource MasterConfigRole contains hardcoded Partition in ARN or incorrectly placed Pseudo Parameters",
"Rule": {
"Description": "Checks Resources if ARNs use correctly placed Pseudo Parameters instead of hardcoded Partition, Region, and Account Number",
"Id": "I3042",
"ShortDescription": "ARNs should use correctly placed Pseudo Parameters",
"Source": ""
}
},
{
"Filename": "test/fixtures/templates/quickstart/cis_benchmark.yaml",
"Level": "Informational",
"Location": {
"End": {
"ColumnNumber": 54,
"LineNumber": 91
},
"Path": [
"Resources",
"MasterConfigRole",
"Properties",
"ManagedPolicyArns",
2
],
"Start": {
"ColumnNumber": 13,
"LineNumber": 91
}
},
"Message": "ARN in Resource MasterConfigRole contains hardcoded Partition in ARN or incorrectly placed Pseudo Parameters",
"Rule": {
"Description": "Checks Resources if ARNs use correctly placed Pseudo Parameters instead of hardcoded Partition, Region, and Account Number",
"Id": "I3042",
"ShortDescription": "ARNs should use correctly placed Pseudo Parameters",
"Source": ""
}
},
{
"Filename": "test/fixtures/templates/quickstart/cis_benchmark.yaml",
"Level": "Informational",
"Location": {
"End": {
"ColumnNumber": 77,
"LineNumber": 92
},
"Path": [
"Resources",
"MasterConfigRole",
"Properties",
"ManagedPolicyArns",
3
],
"Start": {
"ColumnNumber": 13,
"LineNumber": 92
}
},
"Message": "ARN in Resource MasterConfigRole contains hardcoded Partition in ARN or incorrectly placed Pseudo Parameters",
"Rule": {
"Description": "Checks Resources if ARNs use correctly placed Pseudo Parameters instead of hardcoded Partition, Region, and Account Number",
"Id": "I3042",
"ShortDescription": "ARNs should use correctly placed Pseudo Parameters",
"Source": ""
}
},
{
"Filename": "test/fixtures/templates/quickstart/cis_benchmark.yaml",
"Level": "Informational",
"Location": {
"End": {
"ColumnNumber": 77,
"LineNumber": 93
},
"Path": [
"Resources",
"MasterConfigRole",
"Properties",
"ManagedPolicyArns",
4
],
"Start": {
"ColumnNumber": 13,
"LineNumber": 93
}
},
"Message": "ARN in Resource MasterConfigRole contains hardcoded Partition in ARN or incorrectly placed Pseudo Parameters",
"Rule": {
"Description": "Checks Resources if ARNs use correctly placed Pseudo Parameters instead of hardcoded Partition, Region, and Account Number",
"Id": "I3042",
"ShortDescription": "ARNs should use correctly placed Pseudo Parameters",
"Source": ""
}
},
{
"Filename": "test/fixtures/templates/quickstart/cis_benchmark.yaml",
"Level": "Warning",
Expand Down Expand Up @@ -1509,34 +1369,6 @@
"Source": "https://aws.amazon.com/blogs/devops/optimize-aws-cloudformation-templates/"
}
},
{
"Filename": "test/fixtures/templates/quickstart/cis_benchmark.yaml",
"Level": "Informational",
"Location": {
"End": {
"ColumnNumber": 77,
"LineNumber": 1842
},
"Path": [
"Resources",
"RoleForCloudWatchEvents",
"Properties",
"ManagedPolicyArns",
0
],
"Start": {
"ColumnNumber": 13,
"LineNumber": 1842
}
},
"Message": "ARN in Resource RoleForCloudWatchEvents contains hardcoded Partition in ARN or incorrectly placed Pseudo Parameters",
"Rule": {
"Description": "Checks Resources if ARNs use correctly placed Pseudo Parameters instead of hardcoded Partition, Region, and Account Number",
"Id": "I3042",
"ShortDescription": "ARNs should use correctly placed Pseudo Parameters",
"Source": ""
}
},
{
"Filename": "test/fixtures/templates/quickstart/cis_benchmark.yaml",
"Level": "Warning",
Expand Down Expand Up @@ -1647,34 +1479,6 @@
"Source": "https://github.com/aws-cloudformation/cfn-python-lint/blob/master/docs/cfn-resource-specification.md#valueprimitivetype"
}
},
{
"Filename": "test/fixtures/templates/quickstart/cis_benchmark.yaml",
"Level": "Informational",
"Location": {
"End": {
"ColumnNumber": 77,
"LineNumber": 2232
},
"Path": [
"Resources",
"RoleForDisableUnusedCredentialsFunction",
"Properties",
"ManagedPolicyArns",
0
],
"Start": {
"ColumnNumber": 13,
"LineNumber": 2232
}
},
"Message": "ARN in Resource RoleForDisableUnusedCredentialsFunction contains hardcoded Partition in ARN or incorrectly placed Pseudo Parameters",
"Rule": {
"Description": "Checks Resources if ARNs use correctly placed Pseudo Parameters instead of hardcoded Partition, Region, and Account Number",
"Id": "I3042",
"ShortDescription": "ARNs should use correctly placed Pseudo Parameters",
"Source": ""
}
},
{
"Filename": "test/fixtures/templates/quickstart/cis_benchmark.yaml",
"Level": "Warning",
Expand Down
Loading

0 comments on commit baf0274

Please sign in to comment.