Sha256: 683731ddcda183941fc279e381f289920f1ecac1e5366c0ef4817e010bfcc94a
Contents?: true
Size: 1011 Bytes
Versions: 3
Compression:
Stored size: 1011 Bytes
Contents
# frozen_string_literal: true
require 'terracop/cop/aws/security_group_rule_cop'
module Terracop
module Cop
module Aws
# This cop warns against egress security group rules that allow any port.
# This would, for example, allow an attacker to use your machine to send
# spam emails, since you left port 25 outbound open.
#
# @example
# # bad
# resource "aws_security_group_rule" "egress" {
# type = "egress"
# from_port = 0
# to_port = 65535
# }
#
# # good
# resource "aws_security_group_rule" "egress" {
# type = "egress"
# from_port = 443
# to_port = 443
# }
class UnrestrictedEgressPorts < SecurityGroupRuleCop
register
def check
return unless egress? && (tcp? || udp?) && any_port?
offense('Limit egress traffic to small port ranges.', :security)
end
end
end
end
end
Version data entries
3 entries across 3 versions & 1 rubygems