#416 Updates to support UTF-8 templates (#420)

* Lock release-master version down to a SHA hash that contains the publish functionality to avoid issues with the latest master branch. * #416 Setting UTF-8 encoding for cfn_nag_executor, creating rspec tests for file encodings, and upgrading version of cfn-model with dependencies. * Adding RuboCop configuration for new Style cops.
stelligent · Mar 27, 2020 · 4499f6e · 4499f6e
1 parent cbc3df7
commit 4499f6e
Show file tree

Hide file tree

Showing 6 changed files with 102 additions and 12 deletions.
diff --git a/.rubocop.yml b/.rubocop.yml
@@ -40,3 +40,12 @@ Gemspec/RequiredRubyVersion:
 
 Metrics/ClassLength:
   Max: 115
+
+Style/HashEachMethods:
+  Enabled: true
+
+Style/HashTransformKeys:
+  Enabled: true
+
+Style/HashTransformValues:
+  Enabled: true
diff --git a/Gemfile.lock b/Gemfile.lock
@@ -3,7 +3,7 @@ PATH
   specs:
     cfn-nag (0.0.0)
       aws-sdk-s3 (~> 1.60.1)
-      cfn-model (= 0.4.23)
+      cfn-model (= 0.4.26)
       lightly (~> 0.3.2)
       logging (~> 2.2.2)
       netaddr (~> 2.0.4)
@@ -14,13 +14,13 @@ GEM
   specs:
     ast (2.4.0)
     aws-eventstream (1.0.3)
-    aws-partitions (1.278.0)
-    aws-sdk-core (3.90.1)
+    aws-partitions (1.288.0)
+    aws-sdk-core (3.92.0)
       aws-eventstream (~> 1.0, >= 1.0.2)
       aws-partitions (~> 1, >= 1.239.0)
       aws-sigv4 (~> 1.1)
       jmespath (~> 1.0)
-    aws-sdk-kms (1.29.0)
+    aws-sdk-kms (1.30.0)
       aws-sdk-core (~> 3, >= 3.71.0)
       aws-sigv4 (~> 1.1)
     aws-sdk-s3 (1.60.2)
@@ -29,7 +29,7 @@ GEM
       aws-sigv4 (~> 1.1)
     aws-sigv4 (1.1.1)
       aws-eventstream (~> 1.0, >= 1.0.2)
-    cfn-model (0.4.23)
+    cfn-model (0.4.26)
       kwalify (= 0.7.2)
       psych (~> 3)
     diff-lcs (1.3)
@@ -46,36 +46,38 @@ GEM
     netaddr (2.0.4)
     optimist (3.0.0)
     parallel (1.19.1)
-    parser (2.7.0.2)
+    parser (2.7.0.5)
       ast (~> 2.4.0)
     psych (3.1.0)
     rainbow (3.0.0)
     rake (13.0.1)
+    rexml (3.2.4)
     rspec (3.9.0)
       rspec-core (~> 3.9.0)
       rspec-expectations (~> 3.9.0)
       rspec-mocks (~> 3.9.0)
     rspec-core (3.9.1)
       rspec-support (~> 3.9.1)
-    rspec-expectations (3.9.0)
+    rspec-expectations (3.9.1)
       diff-lcs (>= 1.2.0, < 2.0)
       rspec-support (~> 3.9.0)
     rspec-mocks (3.9.1)
       diff-lcs (>= 1.2.0, < 2.0)
       rspec-support (~> 3.9.0)
     rspec-support (3.9.2)
-    rubocop (0.79.0)
+    rubocop (0.80.1)
       jaro_winkler (~> 1.5.1)
       parallel (~> 1.10)
       parser (>= 2.7.0.1)
       rainbow (>= 2.2.2, < 4.0)
+      rexml
       ruby-progressbar (~> 1.7)
       unicode-display_width (>= 1.4.0, < 1.7)
     ruby-progressbar (1.10.1)
-    simplecov (0.18.1)
+    simplecov (0.18.5)
       docile (~> 1.1)
-      simplecov-html (~> 0.11.0)
-    simplecov-html (0.11.0)
+      simplecov-html (~> 0.11)
+    simplecov-html (0.12.2)
     unicode-display_width (1.6.1)
 
 PLATFORMS

diff --git a/cfn-nag.gemspec b/cfn-nag.gemspec
@@ -25,7 +25,7 @@ Gem::Specification.new do |s|
   # versus what we used to run tests in cfn-nag before publishing cfn-nag
   # they are coupled and we are doing a good bit of experimenting in cfn-model
   # i might consider collapsing them again....
-  s.add_runtime_dependency('cfn-model', '0.4.23')
+  s.add_runtime_dependency('cfn-model', '0.4.26')
   s.add_runtime_dependency('logging', '~> 2.2.2')
   s.add_runtime_dependency('netaddr', '~> 2.0.4')
   s.add_runtime_dependency('optimist', '~> 3.0.0')

diff --git a/lib/cfn-nag/cfn_nag_executor.rb b/lib/cfn-nag/cfn_nag_executor.rb
@@ -121,6 +121,7 @@ def argf_close
   end
 
   def argf_read
+    ARGF.set_encoding(Encoding::UTF_8)
     ARGF.file.read
   end
 

diff --git a/spec/cfn_nag_integration/cfn_nag_executor_spec.rb b/spec/cfn_nag_integration/cfn_nag_executor_spec.rb
@@ -92,6 +92,38 @@
     end
   end
 
+  context 'single UTF-8 file cfn_nag' do
+    test_file = 'spec/test_templates/yaml/template_with_non-US-ASCII_characters.yml'
+
+    it 'returns a successful zero exit code when read with UTF-8 encoding' do
+      expect(Options).to receive(:file_options).and_return(@default_cli_options)
+
+      cfn_nag_executor = CfnNagExecutor.new
+      expect(cfn_nag_executor).to receive(:argf_read).and_return(IO.read(test_file, encoding: Encoding::UTF_8))
+      expect(cfn_nag_executor).to receive(:argf_close).and_return(nil)
+      expect(cfn_nag_executor).to receive(:argf_finished?).and_return(false, true)
+      expect(cfn_nag_executor).to receive(:argf_filename).and_return(test_file)
+
+      result = cfn_nag_executor.scan(options_type: 'file')
+
+      expect(result).to eq 0
+    end
+
+    it 'returns a non-zero exit code when read with US-ASCII encoding' do
+      expect(Options).to receive(:file_options).and_return(@default_cli_options)
+
+      cfn_nag_executor = CfnNagExecutor.new
+      expect(cfn_nag_executor).to receive(:argf_read).and_return(IO.read(test_file, encoding: Encoding::US_ASCII))
+      expect(cfn_nag_executor).to receive(:argf_close).and_return(nil)
+      expect(cfn_nag_executor).to receive(:argf_finished?).and_return(false, true)
+      expect(cfn_nag_executor).to receive(:argf_filename).and_return(test_file)
+
+      result = cfn_nag_executor.scan(options_type: 'file')
+
+      expect(result).to eq 1
+    end
+  end
+
   # this one triggers a trollop 'system exit' mid-flow :(
   context 'no input path specified' do
     it 'throws error on nil input_path' do

diff --git a/spec/test_templates/yaml/template_with_non-US-ASCII_characters.yml b/spec/test_templates/yaml/template_with_non-US-ASCII_characters.yml
@@ -0,0 +1,46 @@
+---
+AWSTemplateFormatVersion: 2010-09-09
+Description: Create a GameLift Fleet with individual pörts open.
+
+Parameters:
+  Owner:
+    Type: String
+    Description: Owñer of these resources.
+    # Default: pshelby
+  Project:
+    Type: String
+    Description: For what these resources were created.
+    # Default: gamelift-testing
+
+Resources:
+  # Instructions to SSH to GameLift fleet servers
+  # https://docs.aws.amazon.com/gamelift/latest/developerguide/fleets-remote-access.html
+  SecureGameLiftFleet:
+    Type: AWS::GameLift::Fleet
+    Properties:
+      EC2InboundPermissions:
+        - FromPort: 22
+          IpRange: 10.1.0.0/24
+          Protocol: TCP
+          ToPort: 22
+        - FromPort: 10623
+          IpRange: 10.1.0.0/24
+          Protocol: TCP
+          ToPort: 10623
+      EC2InstanceType: t2.micro
+      Name: SecureGameLiftFleet
+      RuntimeConfiguration:
+        ServerProcesses:
+          - ConcurrentExecutions: 2
+            LaunchPath: /local/game/rt_servers.js
+      ScriptId: !GetAtt RealTimeScript.Id
+
+  RealTimeScript:
+    Type: AWS::GameLift::Script
+    Properties:
+      StorageLocation:
+        Bucket:
+          Fn::ImportValue: !Sub ${Owner}-${Project}-GameLiftSourceCodeBucketName
+        Key: rt_servers.zip
+        RoleArn:
+          Fn::ImportValue: !Sub ${Owner}-${Project}-GameLiftSupportRoleArn