Releases: Skyscanner/cfripper
Releases · Skyscanner/cfripper
1.3.1
1.3.0
1.2.2
1.2.1
[1.2.1] - 2022-01-04
Fixes
- The
WildcardResourceRulewould fail if it received a policy document that was a string. It was expecting all policy documents to be a dictionary. Some AWS services allow for string policies though (e.g.AWS::Logs::ResourcePolicy). The rule has been updated to handle string policies by attempting to convert it to a dictionary.
1.2.0
[1.2.0] - 2021-11-03
Updates
- The rules
EC2SecurityGroupOpenToWorldRuleandEC2SecurityGroupIngressOpenToWorldRulewere by default allowing ports 80 and 443. This has now been migrated to use a filter object, that can be optionally applied. See the README for further details. This means if the filter is not applied, Security Groups open to the world on ports 80 and 443 will start failing in CFRipper.
1.1.2
[1.1.2] - 2021-10-06
Fixes
- Add a fix to the
KMSKeyEnabledKeyRotationrule to be able to detect theEnableKeyRotationproperty properly.
1.1.1
[1.1.1] - 2021-09-30
Fixes
- Add a fix to the
PartialWildcardPrincipalrule to be able to detect policies where whole account access is specified via just the account ID. - For example, if the Principal was defined as
Principal: AWS: 123456789012as opposed toPrincipal: AWS: arn:aws:iam::123456789012:root.
1.1.0
[1.1.0] - 2021-09-22
Improvements
- Add
S3ObjectVersioningrule - Update
pycfmodelto0.11.0- This includes model support for S3 Buckets. Rules against these resources have been updated (alongside tests).
1.0.9
[1.0.9] - 2021-09-10
Improvements
- Update valid AWS Account IDs that might be included as principals on policies.
- This list now covers ELB Logs, CloudTrail Logs, Redshift Audit, and ElastiCache backups.
WildCardResourceRuleis now triggered by resources that only limit by service (ex:arn:aws:s3:::*)
1.0.8
[1.0.8] - 2021-08-19
Improvements
- Add
S3LifecycleConfiguratonrule