def add_failure_to_result( self, result: Result, reason: str, granularity: Optional[RuleGranularity] = None, resource_ids: Optional[Set] = None, actions: Optional[Set] = None, risk_value: Optional[RuleRisk] = None, rule_mode: Optional[RuleMode] = None, context: Optional[Dict] = None, ): rule_mode = rule_mode or self.rule_mode risk_value = risk_value or self.risk_value for fltr in self.rule_config.filters: try: if fltr(**context): risk_value = fltr.risk_value or risk_value rule_mode = fltr.rule_mode or rule_mode except Exception: logger.exception( f"Exception raised while evaluating filter for `{fltr.reason}`", extra=context) if rule_mode not in (RuleMode.DISABLED, RuleMode.WHITELISTED): result.add_failure( rule=type(self).__name__, reason=reason, rule_mode=rule_mode, risk_value=risk_value, resource_ids=resource_ids, actions=actions, granularity=granularity or self.GRANULARITY, )
def add_failure_to_result( self, result: Result, reason: str, granularity: Optional[RuleGranularity] = None, resource_ids: Optional[Set] = None, resource_types: Optional[Set] = None, actions: Optional[Set] = None, risk_value: Optional[RuleRisk] = None, rule_mode: Optional[RuleMode] = None, context: Optional[Dict] = None, ): rule_mode = rule_mode or self.rule_mode risk_value = risk_value or self.risk_value granularity = granularity or self.GRANULARITY for rule_filter in self.rule_filters: try: if rule_filter(**context): risk_value = rule_filter.risk_value or risk_value rule_mode = rule_filter.rule_mode or rule_mode except Exception: logger.exception(f"Exception raised while evaluating filter for `{rule_filter.reason}`", extra=context) if rule_mode != RuleMode.ALLOWED: result.add_failure( rule=type(self).__name__, reason=reason, rule_mode=rule_mode, risk_value=risk_value, resource_ids=resource_ids, resource_types=resource_types, actions=actions, granularity=granularity, )
def test_get_failures( failures: List[Tuple], include_rule_modes: Set[RuleMode], exclude_rule_modes: Set[RuleMode], expected_result: List[Failure], ): result = Result() for failure in failures: result.add_failure(*failure) assert compare_lists_of_failures(result.get_failures(include_rule_modes, exclude_rule_modes), expected_result)
def test_result_valid_after_removing_failures(): result = Result() result.add_failure( rule="mock_rule", reason="mock_reason", rule_mode=RuleMode.BLOCKING, risk_value=RuleRisk.HIGH, granularity=RuleGranularity.STACK, ) # Result has a blocking failure, so it should be invalid assert result.valid is False result.failed_rules = [] # Result has no failures, so it should be valid assert result.valid is True
def add_failure_to_result( self, result: Result, reason: str, granularity: Optional[RuleGranularity] = None, resource_ids: Optional[Set] = None, actions: Optional[Set] = None, risk_value: Optional[RuleRisk] = None, rule_mode: Optional[RuleMode] = None, ): result.add_failure( rule=type(self).__name__, reason=reason, rule_mode=rule_mode or self.RULE_MODE, risk_value=risk_value or self.RISK_VALUE, resource_ids=resource_ids, actions=actions, granularity=granularity or self.GRANULARITY, )