diff --git a/prowler/lib/mutelist/models.py b/prowler/lib/mutelist/models.py deleted file mode 100644 index e601f17c873..00000000000 --- a/prowler/lib/mutelist/models.py +++ /dev/null @@ -1,24 +0,0 @@ -from schema import Optional, Schema - -mutelist_schema = Schema( - { - "Accounts": { - str: { - "Checks": { - str: { - "Regions": list, - "Resources": list, - Optional("Tags"): list, - Optional("Exceptions"): { - Optional("Accounts"): list, - Optional("Regions"): list, - Optional("Resources"): list, - Optional("Tags"): list, - }, - Optional("Description"): str, - } - } - } - } - } -) diff --git a/prowler/lib/mutelist/mutelist.py b/prowler/lib/mutelist/mutelist.py index abc4065e01c..68d19ce5675 100644 --- a/prowler/lib/mutelist/mutelist.py +++ b/prowler/lib/mutelist/mutelist.py @@ -2,12 +2,86 @@ from abc import ABC, abstractmethod import yaml +from jsonschema import validate from prowler.lib.logger import logger -from prowler.lib.mutelist.models import mutelist_schema from prowler.lib.outputs.common import Status from prowler.lib.outputs.utils import unroll_dict, unroll_tags +mutelist_schema = { + "type": "object", + "properties": { + "Accounts": { + "type": "object", + "patternProperties": { + ".*": { # Match any account + "type": "object", + "properties": { + "Checks": { + "type": "object", + "patternProperties": { + ".*": { # Match any check + "type": "object", + "properties": { + "Regions": { + "type": "array", + "items": {"type": "string"}, + }, + "Resources": { + "type": "array", + "items": {"type": "string"}, + }, + "Tags": { # Optional field + "type": "array", + "items": {"type": "string"}, + }, + "Exceptions": { # Optional field + "type": "object", + "properties": { + "Accounts": { # Optional field + "type": "array", + "items": {"type": "string"}, + }, + "Regions": { # Optional field + "type": "array", + "items": {"type": "string"}, + }, + "Resources": { # Optional field + "type": "array", + "items": {"type": "string"}, + }, + "Tags": { # Optional field + "type": "array", + "items": {"type": "string"}, + }, + }, + "additionalProperties": False, + }, + "Description": { # Optional field + "type": "string", + }, + }, + "required": [ + "Regions", + "Resources", + ], # Mandatory within a check + "additionalProperties": False, + } + }, + "additionalProperties": False, + }, + }, + "required": ["Checks"], # Mandatory within an account + "additionalProperties": False, + } + }, + "additionalProperties": False, + } + }, + "required": ["Accounts"], # Accounts is mandatory at the root level + "additionalProperties": False, +} + class Mutelist(ABC): """ @@ -70,7 +144,7 @@ def get_mutelist_file_from_local_file(self, mutelist_path: str): def validate_mutelist(self) -> bool: try: - self._mutelist = mutelist_schema.validate(self._mutelist) + validate(self._mutelist, schema=mutelist_schema) return True except Exception as error: logger.error(