Class: DenyListLoader

Inherits:
Object show all
Defined in:
lib/cfn-nag/deny_list_loader.rb

Instance Method Summary collapse

Constructor Details

#initialize(rules_registry) ⇒ DenyListLoader

Returns a new instance of DenyListLoader.



6
7
8
# File 'lib/cfn-nag/deny_list_loader.rb', line 6

def initialize(rules_registry)
  @rules_registry = rules_registry
end

Instance Method Details

#load(deny_list_definition:) ⇒ Object



10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
# File 'lib/cfn-nag/deny_list_loader.rb', line 10

def load(deny_list_definition:)
  raise 'Empty profile' if deny_list_definition.strip == ''

  deny_list_ruleset = RuleIdSet.new

  deny_list_hash = load_deny_list_yaml(deny_list_definition)
  raise 'Deny list is malformed' unless deny_list_hash.is_a? Hash

  rules_to_suppress = deny_list_hash.fetch('RulesToSuppress', {})
  raise 'Missing RulesToSuppress key in deny list' if rules_to_suppress.empty?

  rule_ids_to_suppress = rules_to_suppress.map { |rule| rule['id'] }
  rule_ids_to_suppress.each do |rule_id|
    check_valid_rule_id rule_id
    deny_list_ruleset.add_rule rule_id
  end

  deny_list_ruleset
end