404

[ Avaa Bypassed ]




Upload:

Command:

botdev@3.15.26.71: ~ $
"""
Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
SPDX-License-Identifier: MIT-0
"""
from collections import defaultdict

import cfnlint.helpers
from cfnlint.rules import CloudFormationLintRule, RuleMatch


class RouteTableAssociation(CloudFormationLintRule):
    """Check only one route table association defined per subnet"""

    id = "E3022"
    shortdesc = "Resource SubnetRouteTableAssociation Properties"
    description = "Validate there is only one SubnetRouteTableAssociation per subnet"
    source_url = "https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-subnet-route-table-assoc.html"
    tags = ["resources", "ec2", "subnet", "route table"]

    def __init__(self):
        super().__init__()
        self.resource_values = {}
        self.associated_resources = defaultdict(list)

    def initialize(self, cfn):
        self.resource_values = {}
        self.associated_resources = defaultdict(list)

    def get_values(self, subnetid, resource_condition, property_condition):
        """Get string literal(s) from value of SubnetId"""
        values = []
        if isinstance(subnetid, dict):
            if len(subnetid) == 1:
                for key, value in subnetid.items():
                    if key in cfnlint.helpers.CONDITION_FUNCTIONS:
                        if isinstance(value, list):
                            if len(value) == 3:
                                property_condition = value[0]
                                values.extend(
                                    self.get_values(
                                        value[1], resource_condition, property_condition
                                    )
                                )
                                values.extend(
                                    self.get_values(
                                        value[2], resource_condition, property_condition
                                    )
                                )
                    if key == "Ref":
                        values.extend(
                            self.get_values(
                                value, resource_condition, property_condition
                            )
                        )
                    if key == "Fn::GetAtt":
                        if isinstance(value[1], (str)):
                            sub_value = ".".join(value)
                            values.append(
                                (resource_condition, property_condition, sub_value)
                            )
        else:
            values.append((resource_condition, property_condition, subnetid))
        return values

    def check_values(self, subnetid, resource_condition, resource_name):
        """Check subnet value is not associated with other route tables"""
        property_condition = None
        values = self.get_values(subnetid, resource_condition, property_condition)
        self.resource_values[resource_name] = values
        for value in values:
            self.associated_resources[value].append(resource_name)

    def match(self, cfn):
        """Check SubnetRouteTableAssociation Resource Properties"""
        matches = []
        resources = cfn.get_resources(["AWS::EC2::SubnetRouteTableAssociation"])
        for resource_name, resource in resources.items():
            properties = resource.get("Properties")
            if properties:
                resource_condition = resource.get("Condition")
                subnetid = properties.get("SubnetId")
                self.check_values(subnetid, resource_condition, resource_name)
        for resource_name, resource_values in self.resource_values.items():
            for value in resource_values:
                bare_value = (None, None, value[2])
                other_resources = []

                if len(self.associated_resources[value]) > 1:
                    for resource in self.associated_resources[value]:
                        if resource != resource_name:
                            other_resources.append(resource)

                if value != bare_value and self.associated_resources[bare_value]:
                    other_resources.extend(self.associated_resources[bare_value])

                if other_resources:
                    path = ["Resources", resource_name, "Properties", "SubnetId"]
                    message = "SubnetId in {0} is also associated with {1}"
                    matches.append(
                        RuleMatch(
                            path,
                            message.format(resource_name, ", ".join(other_resources)),
                        )
                    )

        return matches

Filemanager

Name Type Size Permission Actions
__pycache__ Folder 0755
Ebs.py File 3.93 KB 0644
RouteTableAssociation.py File 4.59 KB 0644
SecurityGroupIngress.py File 3.29 KB 0644
__init__.py File 106 B 0644