def _ValidateSourceAndFindingIdIfParentProvided(args):
"""Validates that source and finding id are provided if parent is provided."""
if args.source is None:
raise InvalidSCCInputError("--source flag must be provided.")
if "/" in args.finding:
raise InvalidSCCInputError(
"Finding id must be provided, instead of the full resource name.")
def ExtractSecurityMarksFromResponse(response, args):
"""Returns security marks from finding response."""
del args
list_finding_response = list(response)
if len(list_finding_response) > 1:
raise InvalidSCCInputError(
"ListFindingResponse must only return one finding since it is "
"filtered by Finding Name.")
for finding_result in list_finding_response:
return finding_result.finding.securityMarks
def ExtractSecurityMarksFromResponse(response, args):
"""Returns security marks from asset response."""
del args
list_asset_response = list(response)
if len(list_asset_response) > 1:
raise InvalidSCCInputError(
"ListAssetResponse must only return one asset since it is filtered "
"by Asset Name.")
for asset_result in list_asset_response:
return asset_result.asset.securityMarks
def _ValidateAndGetBigQueryExportId(args):
"""Validate BigQueryExport ID."""
bq_export_id = args.big_query_export
pattern = re.compile("^[a-z]([a-z0-9-]{0,61}[a-z0-9])?$")
if not pattern.match(bq_export_id):
raise InvalidSCCInputError(
"BigQiery export id does not match the pattern '^[a-z]([a-z0-9-]{0,61}[a-z0-9])?$'."
)
else:
return bq_export_id
def _ValidateAndGetParent(args):
"""Validates parent."""
if args.organization is not None: # Validates organization.
if "/" in args.organization:
pattern = re.compile("^organizations/[0-9]{1,19}$")
if not pattern.match(args.organization):
raise InvalidSCCInputError(
"When providing a full resource path, it must include the pattern "
"'^organizations/[0-9]{1,19}$'.")
else:
return args.organization
else:
pattern = re.compile("^[0-9]{1,19}$")
if not pattern.match(args.organization):
raise InvalidSCCInputError(
"Organization does not match the pattern '^[0-9]{1,19}$'.")
else:
return "organizations/" + args.organization
if args.folder is not None: # Validates folder.
if "/" in args.folder:
pattern = re.compile("^folders/.*$")
if not pattern.match(args.folder):
raise InvalidSCCInputError(
"When providing a full resource path, it must include the pattern "
"'^folders/.*$'.")
else:
return args.folder
else:
return "folders/" + args.folder
if args.project is not None: # Validates project.
if "/" in args.project:
pattern = re.compile("^projects/.*$")
if not pattern.match(args.project):
raise InvalidSCCInputError(
"When providing a full resource path, it must include the pattern "
"'^projects/.*$'.")
else:
return args.project
else:
return "projects/" + args.project
def _GetFindingIdFromName(finding_name):
"""Gets a finding id from the full resource name."""
resource_pattern = re.compile(
"(organizations|projects|folders)/.*/sources/[0-9-]+/findings/[a-zA-Z0-9]+$"
)
if not resource_pattern.match(finding_name):
raise InvalidSCCInputError(
"When providing a full resource path, it must include the pattern "
"organizations/[0-9]+/sources/[0-9-]+/findings/[a-zA-Z0-9]+.")
list_finding_components = finding_name.split("/")
return list_finding_components[len(list_finding_components) - 1]
def _ValidateAndGetBigQueryExportFullResourceName(args):
"""Validates BigQuery export full resource name."""
bq_export_name = args.big_query_export
resource_pattern = re.compile(
"(organizations|projects|folders)/.*/bigQueryExports/[a-z]([a-z0-9-]{0,61}[a-z0-9])?$"
)
if not resource_pattern.match(bq_export_name):
raise InvalidSCCInputError(
"BigQuery export must match the full resource name, or `--organization=`, `--folder=` or `--project=` must be provided."
)
return bq_export_name
def _GetSourceNameForParent(args):
"""Returns relative resource name for a source."""
resource_pattern = re.compile(
"(organizations|projects|folders)/.*/sources/[0-9-]+")
id_pattern = re.compile("[0-9-]+")
if (not resource_pattern.match(args.source)
and not id_pattern.match(args.source)):
raise InvalidSCCInputError(
"The source must either be the full resource "
"name or the numeric source ID.")
if resource_pattern.match(args.source):
# Handle full resource name
return args.source
return GetParent(args) + "/sources/" + args.source
def _GetAssetNameForParent(args):
"""Prepares asset relative path using organization and asset."""
resource_pattern = re.compile(
"^(organizations|projects|folders)/.*/assets/[0-9]+$")
id_pattern = re.compile("^[0-9]+$")
if (not resource_pattern.match(args.asset)
and not id_pattern.match(args.asset)):
raise InvalidSCCInputError(
"Asset argument must match either be the full resource name of "
"the asset or only the number asset id.")
if resource_pattern.match(args.asset):
# Handle asset id as full resource name
return args.asset
return GetParent(args) + "/assets/" + args.asset
def _GetFindingNameForParent(args):
"""Returns relative resource name for a finding name."""
resource_pattern = re.compile(
"(organizations|projects|folders)/.*/sources/[0-9-]+/findings/[a-zA-Z0-9]+$"
)
id_pattern = re.compile("^[a-zA-Z0-9]+$")
if (not resource_pattern.match(args.finding)
and not id_pattern.match(args.finding)):
raise InvalidSCCInputError(
"Finding must match either the full resource name or only the "
"finding id.")
if resource_pattern.match(args.finding):
# Handle finding id as full resource name
return args.finding
return _GetSourceNameForParent(args) + "/findings/" + args.finding
def _ValidateMutexOnSourceAndParent(args):
"""Validates that only a full resource name or split arguments are provided."""
if "/" in args.source and args.parent is not None:
raise InvalidSCCInputError(
"Only provide a full resouce name "
"(organizations/123/sources/456) or a --parent flag, not both.")