Sha256: a5b1518b5214d8cf289d46767a6bfb6a4915e6a604c07d37dc58f4d541488840

Contents?: true

Size: 787 Bytes

Versions: 4

Compression:

Stored size: 787 Bytes

Contents

module Outliers
  module Resources
    module Aws
      module Ec2
        class SecurityGroup < Resource
          def self.verifications
            [
              { name: 'no_public_internet_ingress',
                description: 'Security Group has no rules open to "0.0.0.0/0".' }
            ]
          end

          def no_public_internet_ingress?
            logger.debug "Verifying '#{id}'."
            source.ip_permissions.select do |i|
              if !i.egress? && (i.ip_ranges.include? "0.0.0.0/0")
                logger.debug "Security Group '#{id}' is open to '#{i.ip_ranges.join(', ')}' via '#{i.protocol}'."
                false
              else
                true
              end
            end.any?
          end
        end
      end
    end
  end
end

Version data entries

4 entries across 4 versions & 1 rubygems

Version Path
outliers-0.2.0 lib/outliers/resources/aws/ec2/security_group.rb
outliers-0.1.1 lib/outliers/resources/aws/ec2/security_group.rb
outliers-0.1.0 lib/outliers/resources/aws/ec2/security_group.rb
outliers-0.0.1 lib/outliers/resources/aws/ec2/security_group.rb