class CustomRuleLoader
This object can discover the internal and custom user-provided rules and apply these rules to a CfnModel object
Attributes
rule_arguments[RW]
Public Class Methods
new(rule_directory: nil, allow_suppression: true, print_suppression: false, isolate_custom_rule_exceptions: false, rule_repository_definitions: [])
click to toggle source
# File lib/cfn-nag/custom_rule_loader.rb, line 26 def initialize(rule_directory: nil, allow_suppression: true, print_suppression: false, isolate_custom_rule_exceptions: false, rule_repository_definitions: []) @rule_directory = rule_directory @allow_suppression = allow_suppression @print_suppression = print_suppression @isolate_custom_rule_exceptions = isolate_custom_rule_exceptions @rule_repository_definitions = rule_repository_definitions @registry = nil end
Public Instance Methods
execute_custom_rules(cfn_model, rules_registry)
click to toggle source
# File lib/cfn-nag/custom_rule_loader.rb, line 55 def execute_custom_rules(cfn_model, rules_registry) if Logging.logger['log'].debug? Logging.logger['log'].debug "cfn_model: #{cfn_model}" end violations = [] validate_cfn_nag_metadata(cfn_model) filter_rule_classes cfn_model, violations, rules_registry violations end
rule_definitions(force_refresh: false)
click to toggle source
the first time this runs, it's “expensive”. the core rules, the gem-based rules will load, and any other repos like “s3” will go the expensive route. after that, it's cached so you can call it as many times as you like unless you force_refresh
# File lib/cfn-nag/custom_rule_loader.rb, line 44 def rule_definitions(force_refresh: false) if @registry.nil? || force_refresh @registry = FileBasedRuleRepo.new(@rule_directory).discover_rules @registry.merge! GemBasedRuleRepo.new.discover_rules @registry = RuleRepositoryLoader.new.merge(@registry, @rule_repository_definitions) @registry end @registry end
Private Instance Methods
filter_rule_classes(cfn_model, violations, rules_registry)
click to toggle source
rubocop:disable Style/RedundantBegin
# File lib/cfn-nag/custom_rule_loader.rb, line 80 def filter_rule_classes(cfn_model, violations, rules_registry) rules_registry.rule_classes.each do |rule_class| begin filtered_cfn_model = cfn_model_with_suppressed_resources_removed( cfn_model: cfn_model, rule_id: rule_class.new.rule_id, allow_suppression: @allow_suppression, print_suppression: @print_suppression ) rule = rule_class.new inject_rule_arguments_into_rule(rule) audit_result = rule.audit(filtered_cfn_model) violations << audit_result unless audit_result.nil? rescue ScriptError, StandardError => rule_error raise rule_error unless @isolate_custom_rule_exceptions $stderr.puts rule_error end end end
inject_rule_arguments_into_rule(rule)
click to toggle source
# File lib/cfn-nag/custom_rule_loader.rb, line 71 def inject_rule_arguments_into_rule(rule) self.class.rule_arguments.each do |rule_argument_name, rule_argument_value| if rule.respond_to?("#{rule_argument_name}=".to_sym) rule.send "#{rule_argument_name}=".to_sym, rule_argument_value end end end