Giters

Skyscanner / cfripper

Library and CLI tool for analysing CloudFormation templates and check them for security compliance.

Home Page:https://cfripper.readthedocs.io/

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

Error when the template contains Globals

rubendob opened this issue · comments

commented

Hi

Cfripper version: cfripper, version 1.15.1
Installed via: pip

congrats on your fantastic tool.

I'm just playing around a little bit. So far, I've checked two YAML files and I found out that one of them is crashing unexpectedly. But your message is pretty clear about it:

Unhandled exception raised, please create an issue with the error message at https://github.com/Skyscanner/cfripper/issues
Traceback (most recent call last):
    return CFModel(**template)
  File "pydantic/main.py", line 341, in pydantic.main.BaseModel.__init__
pydantic.error_wrappers.ValidationError: 1 validation error for CFModel
Globals
  extra fields not permitted (type=value_error.extra)

Is there any reason you decided to don't take into account Globals? I'm just curious about it!

Thanks!

commented

Could you share an example template that crashes the tool? The issue will most likely be in pycfmodel not cfripper, but we maintain both.

commented

Sure @jsoucheiron

AWSTemplateFormatVersion: '2010-09-09'
Transform: 'AWS::Serverless-2016-10-31'

Parameters:
  Token:
    Description: 'Token'
    Type: 'AWS::SSM::Parameter::Value<String>'
    Default: '/some/path'
  ProjectName:
    Type: String
  Environment:
    Type: String


Globals:
  Function:
    Tags:
      Env:
        Ref: Environment
      Project:
        Ref: ProjectName

Resources:
...
...
...

As soon as I remove the Globals, it works.

commented

I'm afraid this is not a CloudFormation template, but a SAM template. pycfmodel (and by extension CFRipper) does not support SAM. It should be possible to extend them to support it, but we don't use it and it'd be hard for us to do it.

commented

Thanks @jsoucheiron

what I did is remove the Global section from the template

Globals:
  Function:
    Tags:
      Env:
        Ref: Environment
      Project:
        Ref: ProjectName

then I can see the normal warnings that cfripper founds in the template. Just to let you know.

I will open a new issue since I'm playing with the tool a little, hope you don't mind!

commented

Detected the issue is with pycfmodel not being capable of understanding SAM CF templates. I've started to fix this in: Skyscanner/pycfmodel#118

But it might require more time than expected.