Class: CustomRuleLoader

Inherits:

Object

Object
CustomRuleLoader

show all

Defined in:: lib/cfn-nag/custom_rule_loader.rb

Overview

This object can discover the internal and custom user-provided rules and apply these rules to a CfnModel object

rubocop:disable Metrics/ClassLength

Instance Method Summary collapse

#execute_custom_rules(cfn_model) ⇒ Object

rubocop:enable Security/Eval.
#initialize(rule_directory: nil, allow_suppression: true, print_suppression: false, isolate_custom_rule_exceptions: false) ⇒ CustomRuleLoader constructor

A new instance of CustomRuleLoader.
#rule_definitions ⇒ Object

rubocop:disable Security/Eval.

Constructor Details

#initialize(rule_directory: nil, allow_suppression: true, print_suppression: false, isolate_custom_rule_exceptions: false) ⇒ `CustomRuleLoader`

Returns a new instance of CustomRuleLoader.

# File 'lib/cfn-nag/custom_rule_loader.rb', line 15

def initialize(rule_directory: nil,
               allow_suppression: true,
               print_suppression: false,
               isolate_custom_rule_exceptions: false)
  @rule_directory = rule_directory
  @allow_suppression = allow_suppression
  @print_suppression = print_suppression
  @isolate_custom_rule_exceptions = isolate_custom_rule_exceptions
  validate_extra_rule_directory rule_directory
end

Instance Method Details

#execute_custom_rules(cfn_model) ⇒ `Object`

rubocop:enable Security/Eval

# File 'lib/cfn-nag/custom_rule_loader.rb', line 46

def execute_custom_rules(cfn_model)
  if Logging.logger['log'].debug?
    Logging.logger['log'].debug "cfn_model: #{cfn_model}"
  end

  violations = []

  validate_cfn_nag_metadata(cfn_model)

  filter_rule_classes cfn_model, violations

  filter_jmespath_filenames cfn_model, violations

  violations
end

#rule_definitions ⇒ `Object`

rubocop:disable Security/Eval

# File 'lib/cfn-nag/custom_rule_loader.rb', line 27

def rule_definitions
  rule_registry = RuleRegistry.new

  discover_rule_classes(@rule_directory).each do |rule_class|
    rule_registry
      .definition(**rule_registry_from_rule_class(rule_class))
  end

  discover_jmespath_filenames(@rule_directory).each do |jmespath_file|
    evaluator = JmesPathDiscovery.new rule_registry
    evaluator.instance_eval do
      eval IO.read jmespath_file
    end
  end

  rule_registry
end