Sha256: d0d3c8c213ca8cb650b69a924500486383ff0217f7a5b2e90ab76a21ff3c282a
Contents?: true
Size: 1 KB
Versions: 3
Compression:
Stored size: 1 KB
Contents
# frozen_string_literal: true
require 'terracop/cop/aws/security_group_rule_cop'
module Terracop
module Cop
module Aws
# This cop warns against an ingress rule from 0.0.0.0/0 on port 22 (SSH).
# That is a Very Bad Idea™.
#
# @example
# # bad
# resource "aws_security_group_rule" "ingress" {
# type = "ingress"
# cidr_blocks = ["0.0.0.0/0"]
# # Notice this port range includes 22
# from_port = 10
# to_port = 30
# }
#
# # good
# resource "aws_security_group_rule" "ingress" {
# type = "ingress"
# cidr_blocks = ["1.2.3.4/32"]
# from_port = 22
# to_port = 22
# }
class OpenSsh < SecurityGroupRuleCop
register
def check
return unless ingress? && any_ip? && tcp? && port?(22)
offense('Do not leave port 22 (SSH) open to the world.', :security)
end
end
end
end
end
Version data entries
3 entries across 3 versions & 1 rubygems
| Version | Path |
|---|---|
| terracop-0.2.0 | lib/terracop/cop/aws/open_ssh.rb |
| terracop-0.1.1 | lib/terracop/cop/aws/open_ssh.rb |
| terracop-0.1.0 | lib/terracop/cop/aws/open_ssh.rb |