Skip to content

Commit

Permalink
refactor(mutelist): use jsonschema on mutelist (#6264)
Browse files Browse the repository at this point in the history
  • Loading branch information
@pedrooot
pedrooot authored Jan 10, 2025
1 parent 42dbefb commit b0fe696
Show file tree
Hide file tree
Showing 2 changed files with 76 additions and 26 deletions.
24 changes: 0 additions & 24 deletions prowler/lib/mutelist/models.py
View file

This file was deleted.

78 changes: 76 additions & 2 deletions prowler/lib/mutelist/mutelist.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,12 +2,86 @@
from abc import ABC, abstractmethod

import yaml
from jsonschema import validate

from prowler.lib.logger import logger
from prowler.lib.mutelist.models import mutelist_schema
from prowler.lib.outputs.common import Status
from prowler.lib.outputs.utils import unroll_dict, unroll_tags

mutelist_schema = {
"type": "object",
"properties": {
"Accounts": {
"type": "object",
"patternProperties": {
".*": { # Match any account
"type": "object",
"properties": {
"Checks": {
"type": "object",
"patternProperties": {
".*": { # Match any check
"type": "object",
"properties": {
"Regions": {
"type": "array",
"items": {"type": "string"},
},
"Resources": {
"type": "array",
"items": {"type": "string"},
},
"Tags": { # Optional field
"type": "array",
"items": {"type": "string"},
},
"Exceptions": { # Optional field
"type": "object",
"properties": {
"Accounts": { # Optional field
"type": "array",
"items": {"type": "string"},
},
"Regions": { # Optional field
"type": "array",
"items": {"type": "string"},
},
"Resources": { # Optional field
"type": "array",
"items": {"type": "string"},
},
"Tags": { # Optional field
"type": "array",
"items": {"type": "string"},
},
},
"additionalProperties": False,
},
"Description": { # Optional field
"type": "string",
},
},
"required": [
"Regions",
"Resources",
], # Mandatory within a check
"additionalProperties": False,
}
},
"additionalProperties": False,
},
},
"required": ["Checks"], # Mandatory within an account
"additionalProperties": False,
}
},
"additionalProperties": False,
}
},
"required": ["Accounts"], # Accounts is mandatory at the root level
"additionalProperties": False,
}


class Mutelist(ABC):
"""
Expand Down Expand Up @@ -70,7 +144,7 @@ def get_mutelist_file_from_local_file(self, mutelist_path: str):

def validate_mutelist(self) -> bool:
try:
self._mutelist = mutelist_schema.validate(self._mutelist)
validate(self._mutelist, schema=mutelist_schema)
return True
except Exception as error:
logger.error(
Expand Down

0 comments on commit b0fe696

Please sign in to comment.