Templates are not getting scanned recursively. #140
Comments
|
hmm..... well mileage may vary under wind0ze - we only run the tests on a *nix variant but..... looking at your command line, i'd suggest two things:
also beware of the shell globbing your asterisk/wildcard. in *nix land, you might need a single quote to make it a literal so that the shell doesn't substitute/swallow the specification before cfn-nag sees it. please let me know if this helps. will have time this weekend to follow-up |
|
@Black742 any feedback on advice? |
|
@erickascic Have tried your suggestion and getting the issue below CMD: cfn_nag_scan --input-path ~/src/sample/templates --template-pattern '*.template.yaml' But, this syntax is working fine in the Linux machine. |
|
So this problem is particular to Wind0ze? Are you using cygwin or something so that the tilde will be substituted properly? I guess I'd try with the real path to the template e.g. C:/Users/tests/src/sample/templates |
|
The problem definitely seems particular to Windows. Although I am not using on *nix$ cfn_nag_scan --input-path ./
------------------------------------------------------------
./foo/bar/foo.json
------------------------------------------------------------
Failures count: 0
Warnings count: 0
------------------------------------------------------------
./foo/foo/bar.json
------------------------------------------------------------------------------------------------------------------------
| WARN W12
|
| Resources: ["BarPolicy"]
|
| IAM policy should not allow * resource
Failures count: 0
Warnings count: 1
------------------------------------------------------------
./bar/foo/foo.yml
------------------------------------------------------------
Failures count: 0
Warnings count: 0
------------------------------------------------------------
./bar/foo/bar.json
------------------------------------------------------------
Failures count: 0
Warnings count: 0$ bash --version
GNU bash, version 4.2.46(2)-release (x86_64-redhat-linux-gnu)
Copyright (C) 2011 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software; you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.on Windows$ cfn_nag_scan --input-path ./
Error: file or url for option 'input_path' cannot be opened: Is a directory @ rb_sysopen - ./.
Try --help for help.I have also tried I am able to get the tool to "work"(scan the first item in a directory) on Windows if I do $ bash --version
bash --version
GNU bash, version 4.4.19(2)-release (x86_64-pc-msys)
Copyright (C) 2016 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software; you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law. |
|
I downloaded the zip file, changed the input path argument type to string instead of io, rebuilt, and it works on windows now like it should. opt :input_path, to opt :input_path, |
|
i had a chance to review this and reproduce... underneath trollop/optimist is a call to open-uri that is failing: require 'open-uri' Will try to get back to this to fix this week |
|
@erickascic Any update? |
ghost
added
the
customer
|
@Black742 - Fix coming shortly! |
The tool working good, however its not scanning all the files under a directory.
I have dir call templates and had lots file underneath, when i apply the cfn_nag_scan for that directory its scanning only a file file in that directory.
cfn_nag_scan --input-path ~/src/sample/templates/** --template-pattern ..*.template.json
C:/Users/test/src/sample/templates/testStack.template.json
Failures count: 0
Warnings count: 0
Could you please suggest me how to scan all the files underneath the directory?
The text was updated successfully, but these errors were encountered: