Skip to content

Commit

Permalink
Merge branch 'master' into create-kms-example-rule
Browse files Browse the repository at this point in the history
  • Loading branch information
@Max-Huneshagen
Max-Huneshagen authored Nov 13, 2023
2 parents 607b7f8 + 66d15bf commit 58598de
Show file tree
Hide file tree
Showing 3 changed files with 21 additions and 6 deletions.
16 changes: 16 additions & 0 deletions cfripper/config/regex.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -173,3 +173,19 @@
- sns:Get*
"""
REGEX_HAS_STAR_OR_STAR_AFTER_COLON = re.compile(r"^(\w*:)*[*?]+$")


"""
Check that stack name only consists of alphanumerical characters and hyphens.
Valid:
- abcdefg
- ABCDEFG
- abcdEFG
- aBc-DeFG
- a1b2c3
Invalid:
- abc_defg
- AB:cdefg
- !@£$$%aA
"""
REGEX_ALPHANUMERICAL_OR_HYPHEN = re.compile(r"^[A-Za-z0-9\-]+$")
4 changes: 4 additions & 0 deletions cfripper/rules/__init__.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -38,7 +38,10 @@
SQSQueuePolicyNotPrincipalRule,
SQSQueuePolicyPublicRule,
)

from cfripper.rules.stack_name_matches_regex import StackNameMatchesRegexRule
from cfripper.rules.storage_encrypted_rule import StorageEncryptedRule

from cfripper.rules.wildcard_policies import (
GenericResourceWildcardPolicyRule,
S3BucketPolicyWildcardActionRule,
Expand Down Expand Up @@ -96,6 +99,7 @@
SQSQueuePolicyNotPrincipalRule,
SQSQueuePolicyPublicRule,
SQSQueuePolicyWildcardActionRule,
StackNameMatchesRegexRule,
WildcardResourceRule,
)
}
Expand Down
7 changes: 1 addition & 6 deletions tests/rules/test_StackNameMatchesRegexRule.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -29,12 +29,6 @@ def test_works_with_extras():
result = rule.invoke(cfmodel=CFModel(), extras=extras)
assert result.valid

def test_stack_name_from_extras():
rule = StackNameMatchesRegexRule(Config(stack_name="some-valid-stack-name", rules=["StackNameMatchesRegexRule"]))
extras = {"stack": {"tags": [{"key": "project", "value": "some_project"}]}, "stack_name": "some_invalid_name"}
result = rule.invoke(cfmodel=CFModel(), extras=extras)
assert result.valid


def test_stack_name_from_extras():
rule = StackNameMatchesRegexRule(Config(stack_name="some-valid-stack-name", rules=["StackNameMatchesRegexRule"]))
Expand Down Expand Up @@ -65,6 +59,7 @@ def test_failure_is_added_for_invalid_stack_name_from_extras():
"characters and hyphens allowed."
)


def failure_is_added_for_invalid_stack_name_from_extras():
rule = StackNameMatchesRegexRule(Config(rules=["StackNameMatchesRegexRule"]))
extras = {"stack": {"tags": [{"key": "project", "value": "some_project"}]}, "stack_name": "some_invalid_stack_name"}
Expand Down

0 comments on commit 58598de

Please sign in to comment.