Improvements - `CrossAccountCheckingRule`, `CrossAccountTrustRule`, `S3CrossAccountTrustRule` and `KMSKeyCrossAccountTrustRule` include support for filters. Breaking changes - `CrossAccountCheckingRule` now includes the invoke method. Statements of PolicyDocument are now analysed using `RESOURCE_TYPE` and `PROPERTY_WITH_POLICYDOCUMENT` class variables.
0.16.0
Not secure
Improvements - Add new `RuleConfig`, allows to overwrite the default behaviour of the rule changing rule mode and risk value. - Add new `Filter`, allows setting custom rule configuration to matching coincidences. - New RuleModes supported: `RuleMode.DISABLED` and `RuleMode.WHITELISTED`. Breaking changes - Class variables `Rule.RULE_MODE` and `Rule.RISK_VALUE` should be changed to use properties `rule_mode` and `risk_value`. These properties take in consideration the custom config that might be applied. - If rule mode is `DISABLED` or `WHITELISTED`; methods `add_failure_to_result` and `add_warning_to_result` will have no effect. - `add_failure_to_result` and `add_warning_to_result` accepts a new optional parameter named `context`. This variable is going to be evaluated by filters defined in the custom config.
0.15.1
Improvements - `SecurityGroupOpenToWorldRule` and `SecurityGroupIngressOpenToWorldRule` are now more accurately scoped to block potentially public CIDR ranges. It it utilising the latest `pycfmodel` release (0.7.0).
0.15.0
Not secure
Improvements - Generate DEFAULT_RULES and BASE_CLASSES using code instead of hardcoding Fixed - Whitelist did not work if it didn't have the `Rule` prefix Breaking changes - Sufix `KMSKeyWildcardPrincipal` and `SecurityGroupIngressOpenToWorld` with `Rule` - Sufix whitelist constant `FullWildcardPrincipal` and `PartialWildcardPrincipal` with `Rule`
0.14.2
Not secure
Improvements - Update dependencies
0.14.1
Not secure
Improvements - Rule processor now accepts an extras parameter that will be forwarded to the rules - Main gets extra information from the event and forwards it to the rule formatter