def _load_checks_from_dir(self, directory: str,
external_check: bool) -> None:
dir = os.path.expanduser(directory)
self.logger.info("Loading external checks from {}".format(dir))
for root, d_names, f_names in os.walk(dir):
self.logger.info(f"Searching through {d_names} and {f_names}")
for file in f_names:
file_ending = os.path.splitext(file)[1]
if file_ending in CHECKS_POSSIBLE_ENDING:
with open(f"{root}/{file}", "r") as f:
if dir != self.checks_dir:
self.logger.info(f"loading {file}")
check_yaml = yaml.safe_load(f)
check_json = json.loads(json.dumps(check_yaml))
if not isinstance(check_json, dict):
self.logger.error(
f"Loaded data from JSON is not Dict. Skipping. Data: {check_json}."
)
continue
check = self.parser.parse_raw_check(
check_json,
resources_types=self._get_resource_types(
check_json))
if not any(c for c in self.checks if check.id == c.id):
if external_check:
# Note the external check; used in the should_run_check logic
RunnerFilter.notify_external_check(check.id)
self.checks.append(check)
def test_run_by_id_external_disabled(self):
instance = Registry()
run_filter = RunnerFilter(checks=[],
skip_checks=["CKV_1", "CKV_EXT_999"])
run_filter.notify_external_check("CKV_EXT_999")
self.assertFalse(
instance._should_run_scan("CKV_EXT_999", {}, run_filter))
def test_run_by_id_external4(self):
instance = Registry()
run_filter = RunnerFilter(checks=["CKV_1"],
skip_checks=["CKV_2"],
all_external=True)
run_filter.notify_external_check("CKV_EXT_999")
self.assertTrue(
instance._should_run_scan("CKV_EXT_999", {}, run_filter))
def register(self, check):
# IMPLEMENTATION NOTE: Checks are registered when the script is loaded
# (see BaseResourceCheck.__init__() for the various frameworks). The only
# difficultly with this process is that external checks need to be specially
# identified for filter handling. That's why you'll see stateful setting of
# RunnerFilters during load_external_checks.
# Built-in checks are registered immediately at script start, before
# external checks.
if BaseCheckRegistry.__loading_external_checks:
RunnerFilter.notify_external_check(check.id)
for entity in check.supported_entities:
checks = self.wildcard_checks if self._is_wildcard(entity) else self.checks
checks[entity].append(check)
def test_should_run_external_disabled(self):
instance = RunnerFilter(skip_checks=["CHECK_1", "EXT_CHECK_999"])
instance.notify_external_check("EXT_CHECK_999")
self.assertFalse(instance.should_run_check("EXT_CHECK_999"))
def test_should_run_external3(self):
instance = RunnerFilter(checks=["EXT_CHECK_999"])
instance.notify_external_check("EXT_CHECK_999")
self.assertTrue(instance.should_run_check("EXT_CHECK_999"))
def test_should_run_external4(self):
instance = RunnerFilter(checks=["CHECK_1"],
skip_checks=["CHECK_2"],
all_external=True)
instance.notify_external_check("EXT_CHECK_999")
self.assertTrue(instance.should_run_check("EXT_CHECK_999"))
