def _load_checks_from_dir(self, directory: str, external_check: bool) -> None: dir = os.path.expanduser(directory) self.logger.info("Loading external checks from {}".format(dir)) for root, d_names, f_names in os.walk(dir): self.logger.info(f"Searching through {d_names} and {f_names}") for file in f_names: file_ending = os.path.splitext(file)[1] if file_ending in CHECKS_POSSIBLE_ENDING: with open(f"{root}/{file}", "r") as f: if dir != self.checks_dir: self.logger.info(f"loading {file}") check_yaml = yaml.safe_load(f) check_json = json.loads(json.dumps(check_yaml)) if not isinstance(check_json, dict): self.logger.error( f"Loaded data from JSON is not Dict. Skipping. Data: {check_json}." ) continue check = self.parser.parse_raw_check( check_json, resources_types=self._get_resource_types( check_json)) if not any(c for c in self.checks if check.id == c.id): if external_check: # Note the external check; used in the should_run_check logic RunnerFilter.notify_external_check(check.id) self.checks.append(check)
def test_run_by_id_external_disabled(self): instance = Registry() run_filter = RunnerFilter(checks=[], skip_checks=["CKV_1", "CKV_EXT_999"]) run_filter.notify_external_check("CKV_EXT_999") self.assertFalse( instance._should_run_scan("CKV_EXT_999", {}, run_filter))
def test_run_by_id_external4(self): instance = Registry() run_filter = RunnerFilter(checks=["CKV_1"], skip_checks=["CKV_2"], all_external=True) run_filter.notify_external_check("CKV_EXT_999") self.assertTrue( instance._should_run_scan("CKV_EXT_999", {}, run_filter))
def register(self, check): # IMPLEMENTATION NOTE: Checks are registered when the script is loaded # (see BaseResourceCheck.__init__() for the various frameworks). The only # difficultly with this process is that external checks need to be specially # identified for filter handling. That's why you'll see stateful setting of # RunnerFilters during load_external_checks. # Built-in checks are registered immediately at script start, before # external checks. if BaseCheckRegistry.__loading_external_checks: RunnerFilter.notify_external_check(check.id) for entity in check.supported_entities: checks = self.wildcard_checks if self._is_wildcard(entity) else self.checks checks[entity].append(check)
def test_should_run_external_disabled(self): instance = RunnerFilter(skip_checks=["CHECK_1", "EXT_CHECK_999"]) instance.notify_external_check("EXT_CHECK_999") self.assertFalse(instance.should_run_check("EXT_CHECK_999"))
def test_should_run_external3(self): instance = RunnerFilter(checks=["EXT_CHECK_999"]) instance.notify_external_check("EXT_CHECK_999") self.assertTrue(instance.should_run_check("EXT_CHECK_999"))
def test_should_run_external4(self): instance = RunnerFilter(checks=["CHECK_1"], skip_checks=["CHECK_2"], all_external=True) instance.notify_external_check("EXT_CHECK_999") self.assertTrue(instance.should_run_check("EXT_CHECK_999"))