function testPort()

in src/rules/ec2/EC2RestrictedCommonPorts.ts [54:88]

• 31 lines of code
• 11 McCabe index (conditional complexity)

function testPort(
  node: CfnResource,
  rule: CfnSecurityGroupIngress,
  portNum: Number
): boolean {
  //Does this rule apply to TCP traffic?
  const ipProtocol = NagRules.resolveIfPrimitive(node, rule.ipProtocol);
  const cidrIp = NagRules.resolveIfPrimitive(node, rule.cidrIp);
  const fromPort = NagRules.resolveIfPrimitive(node, rule.fromPort);
  const toPort = NagRules.resolveIfPrimitive(node, rule.toPort);
  if (ipProtocol === 'tcp') {
    //Does this rule allow all IPv4 addresses (unrestricted access)?
    if (cidrIp != undefined && cidrIp.includes('/0')) {
      //Is a port range specified?
      if (fromPort != undefined && toPort != undefined) {
        if (
          (fromPort <= portNum && toPort >= portNum) ||
          fromPort == -1 ||
          toPort == -1
        ) {
          return false;
        }
      } else {
        if (fromPort == portNum) {
          return false;
        }
      }
    }
  }
  //Are all ports allowed?
  if (ipProtocol === '-1') {
    return false;
  }
  return true;
}