def get_rules()

in code/SecGuardRails/cfn_validate_lambda.py [0:0]

• 39 lines of code
• 11 McCabe index (conditional complexity)

def get_rules():
    # Find table
    client = boto3.client('dynamodb')
    resource = boto3.resource('dynamodb')
    response = client.list_tables()
    logTable = ""
    for i in range(len(response['TableNames'])):
        if "AWS-devsecops" in response['TableNames'][i]:
            logTable = response['TableNames'][i]

    # Verify that rules are created and if not, create them
    response = client.scan(
        TableName=logTable,
        AttributesToGet=[
            'rule',
        ]
    )
    if len(response['Items']) == 0:
        add_rules(logTable)
        time.sleep(45)

    # Get all rules from DDB.
    # Rules have rule, ruledata, type and weight
    rules = dict()
    sgRules = []
    ec2Rules = []
    volRules = []

    for n in range(len(response['Items'])):
        rule = client.get_item(
            TableName=logTable,
            Key={
                'rule': {'S':response['Items'][n]['rule']['S']}
            },
            ConsistentRead=True
        )['Item']
        if rule['category']['S'] == "SecurityGroup":
            sgRules.append(rule)
        elif rule['category']['S'] == "EC2Instance":
            ec2Rules.append(rule)
        elif rule['category']['S'] == "Volume":
            volRules.append(rule)

    rules['sgRules'] = sgRules
    rules['ec2Rules'] = ec2Rules
    rules['volRules'] = volRules
    return rules