def add_failure_to_result(
self,
result: Result,
reason: str,
granularity: Optional[RuleGranularity] = None,
resource_ids: Optional[Set] = None,
actions: Optional[Set] = None,
risk_value: Optional[RuleRisk] = None,
rule_mode: Optional[RuleMode] = None,
context: Optional[Dict] = None,
):
rule_mode = rule_mode or self.rule_mode
risk_value = risk_value or self.risk_value
for fltr in self.rule_config.filters:
try:
if fltr(**context):
risk_value = fltr.risk_value or risk_value
rule_mode = fltr.rule_mode or rule_mode
except Exception:
logger.exception(
f"Exception raised while evaluating filter for `{fltr.reason}`",
extra=context)
if rule_mode not in (RuleMode.DISABLED, RuleMode.WHITELISTED):
result.add_failure(
rule=type(self).__name__,
reason=reason,
rule_mode=rule_mode,
risk_value=risk_value,
resource_ids=resource_ids,
actions=actions,
granularity=granularity or self.GRANULARITY,
)
def add_failure_to_result(
self,
result: Result,
reason: str,
granularity: Optional[RuleGranularity] = None,
resource_ids: Optional[Set] = None,
resource_types: Optional[Set] = None,
actions: Optional[Set] = None,
risk_value: Optional[RuleRisk] = None,
rule_mode: Optional[RuleMode] = None,
context: Optional[Dict] = None,
):
rule_mode = rule_mode or self.rule_mode
risk_value = risk_value or self.risk_value
granularity = granularity or self.GRANULARITY
for rule_filter in self.rule_filters:
try:
if rule_filter(**context):
risk_value = rule_filter.risk_value or risk_value
rule_mode = rule_filter.rule_mode or rule_mode
except Exception:
logger.exception(f"Exception raised while evaluating filter for `{rule_filter.reason}`", extra=context)
if rule_mode != RuleMode.ALLOWED:
result.add_failure(
rule=type(self).__name__,
reason=reason,
rule_mode=rule_mode,
risk_value=risk_value,
resource_ids=resource_ids,
resource_types=resource_types,
actions=actions,
granularity=granularity,
)
def test_get_failures(
failures: List[Tuple],
include_rule_modes: Set[RuleMode],
exclude_rule_modes: Set[RuleMode],
expected_result: List[Failure],
):
result = Result()
for failure in failures:
result.add_failure(*failure)
assert compare_lists_of_failures(result.get_failures(include_rule_modes, exclude_rule_modes), expected_result)
def test_result_valid_after_removing_failures():
result = Result()
result.add_failure(
rule="mock_rule",
reason="mock_reason",
rule_mode=RuleMode.BLOCKING,
risk_value=RuleRisk.HIGH,
granularity=RuleGranularity.STACK,
)
# Result has a blocking failure, so it should be invalid
assert result.valid is False
result.failed_rules = []
# Result has no failures, so it should be valid
assert result.valid is True
def add_failure_to_result(
self,
result: Result,
reason: str,
granularity: Optional[RuleGranularity] = None,
resource_ids: Optional[Set] = None,
actions: Optional[Set] = None,
risk_value: Optional[RuleRisk] = None,
rule_mode: Optional[RuleMode] = None,
):
result.add_failure(
rule=type(self).__name__,
reason=reason,
rule_mode=rule_mode or self.RULE_MODE,
risk_value=risk_value or self.RISK_VALUE,
resource_ids=resource_ids,
actions=actions,
granularity=granularity or self.GRANULARITY,
)
