def evaluate_template()

in code/SecGuardRails/cfn_validate_lambda.py [0:0]

• 48 lines of code
• 18 McCabe index (conditional complexity)

def evaluate_template(rules, template):
    # Validate rules and increase risk value
    risk = 0
    # Extract Security Group Resources
    sgResources = []
    ec2Resources = []
    volumeResources = []
    failedRules = []
    jsonTemplate = json.loads(template)
    print(json.dumps(jsonTemplate, sort_keys=True, indent=4, separators=(',', ': ')))
    print(rules)
    for key in jsonTemplate['Resources'].keys():
        if "EC2::SecurityGroup" in jsonTemplate['Resources'][key]['Type']:
            sgResources.append(jsonTemplate['Resources'][key])
        elif "EC2::Instance" in jsonTemplate['Resources'][key]['Type']:
            ec2Resources.append(jsonTemplate['Resources'][key])
        elif "EC2::Volume" in jsonTemplate['Resources'][key]['Type']:
            volumeResources.append(jsonTemplate['Resources'][key])

    for n in range(len(sgResources)):
        for m in range(len(rules['sgRules'])):
            if rules['sgRules'][m]['active']['S'] == "Y":
                if re.match(rules['sgRules'][m]['ruledata']['S'], str(sgResources[n])):
                    risk = risk + int(rules['sgRules'][m]['riskvalue']['N'])
                    failedRules.append(str(rules['sgRules'][m]['rule']['S']))
                    print("Matched rule: " + str(rules['sgRules'][m]['rule']['S']))
                    print("Resource: " + str(sgResources[n]))
                    print("Riskvalue: " + rules['sgRules'][m]['riskvalue']['N'])
                    print("")

    for n in range(len(ec2Resources)):
        for m in range(len(rules['ec2Rules'])):
            if rules['ec2Rules'][m]['active']['S'] == "Y":
                if re.match(rules['ec2Rules'][m]['ruledata']['S'], str(ec2Resources[n])):
                    risk = risk + int(rules['ec2Rules'][m]['riskvalue']['N'])
                    failedRules.append(str(rules['ec2Rules'][m]['rule']['S']))
                    print("Matched rule: " + str(rules['ec2Rules'][m]['rule']['S']))
                    print("Resource: " + str(ec2Resources[n]))
                    print("Riskvalue: " + rules['ec2Rules'][m]['riskvalue']['N'])
                    print("")

    for n in range(len(volumeResources)):
        for m in range(len(rules['volRules'])):
            if rules['volRules'][m]['active']['S'] == "Y":
                if re.match(rules['volRules'][m]['ruledata']['S'], str(volumeResources[n])):
                    risk = risk + int(rules['volRules'][m]['riskvalue']['N'])
                    failedRules.append(str(rules['volRules'][m]['rule']['S']))
                    print("Matched rule: " + str(rules['volRules'][m]['rule']['S']))
                    print("Resource: " + str(volumeResources[n]))
                    print("Riskvalue: " + rules['volRules'][m]['riskvalue']['N'])
                    print("")
    print("Risk value: " +str(risk))
    return risk, failedRules