0.23.1

Improvements

• Add more X-Ray permissions that accept wildcard resource only
• CLI handles case of empty template by returning appropriate exception message
• CLI now returns exit code 2 for scenarios where CFRipper finds a template violating any of the rules

0.23.0

Breaking changes

• Rule config files using filters must now use ingress_obj and not ingress.

Additions

• Rules using IP Address Ranges now export both ingress_obj and ingress_ip filter fields.
• Add support to load an external rules configuration file

0.22.0

[0.22.0] - 2020-12-11

Breaking changes

• Classes inheriting from ResourceSpecificRule now must allow an extra field in the resource_invoke function

Improvements

• Improved context data for BaseDangerousPolicyActions and classes inheriting from it

Bugfix

• CrossAccountCheckingRule did not check properly for calculated mock fields.

0.21.1

[0.21.1] - 2020-12-9

Improvements

• Add SNS actions that only allow wildcards

0.21.0

[0.21.0] - 2020-11-30

Improvements

• Upgraded to pycfmodel 0.8.1 (this will improve policy action detection)
• Refactored a few classes to use improvements from new base classes and pycfmodel
• PrivilegeEscalationRule now detects issues in all policies

Additions

• New Rules: SNSTopicDangerousPolicyActionsRule and SQSDangerousPolicyActionsRule
• New abstract base rule: BaseDangerousPolicyActions

Fixes

• Various typo fixes

0.20.1

Improvements

• Added more actions that only allow wildcard as resource

Fixes

• Require pycfmodel 0.7.2

Other

• Bump pip-tools dev requirement to 5.3.1

0.20.0

Improvements

• Add WildcardResourceRule rule

0.19.2

Improvements

• Add regex:ignorecase filter function

0.19.1

Improvements

• Add support for this new S3 URL format: https://bucket.s3.aws-region.amazonaws.com/path1/path2

0.19.0

Breaking changes

• rule_mode is now BLOCKING for all Rules.