protected applyRule()

in src/nag-pack.ts [116:195]

• 65 lines of code
• 14 McCabe index (conditional complexity)

  protected applyRule(params: IApplyRule): void {
    if (this.packName === '') {
      throw Error(
        'The NagPack does not have a pack name, therefore the rule could not be applied. Set a packName in the NagPack constructor.'
      );
    }
    let resourceIgnores = params.node.getMetadata('cdk_nag')?.rules_to_suppress;
    resourceIgnores = resourceIgnores ? resourceIgnores : [];
    let stackIgnores = Stack.of(params.node).templateOptions.metadata?.cdk_nag
      ?.rules_to_suppress;
    stackIgnores = stackIgnores ? stackIgnores : [];
    const allIgnores = resourceIgnores.concat(stackIgnores);
    const ruleSuffix = params.ruleSuffixOverride
      ? params.ruleSuffixOverride
      : params.rule.name;
    const ruleId = `${this.packName}-${ruleSuffix}`;
    try {
      const ruleCompliance = params.rule(params.node);
      if (
        this.reports === true &&
        ruleCompliance === NagRuleCompliance.COMPLIANT
      ) {
        this.writeToStackComplianceReport(params, ruleId, ruleCompliance);
      } else if (ruleCompliance === NagRuleCompliance.NON_COMPLIANT) {
        const reason = this.ignoreRule(allIgnores, ruleId);
        if (this.reports === true) {
          this.writeToStackComplianceReport(
            params,
            ruleId,
            ruleCompliance,
            reason
          );
        }
        if (reason) {
          if (this.logIgnores === true) {
            const message = this.createMessage(
              SUPPRESSION_ID,
              `${ruleId} was triggered but suppressed.`,
              `Provided reason: "${reason}"`
            );
            Annotations.of(params.node).addInfo(message);
          }
        } else {
          const message = this.createMessage(
            ruleId,
            params.info,
            params.explanation
          );
          if (params.level == NagMessageLevel.ERROR) {
            Annotations.of(params.node).addError(message);
          } else if (params.level == NagMessageLevel.WARN) {
            Annotations.of(params.node).addWarning(message);
          }
        }
      }
    } catch (error) {
      const reason = this.ignoreRule(allIgnores, VALIDATION_FAILURE_ID);
      if (this.reports === true) {
        this.writeToStackComplianceReport(params, ruleId, 'UNKNOWN', reason);
      }
      if (reason) {
        if (this.logIgnores === true) {
          const message = this.createMessage(
            SUPPRESSION_ID,
            `${VALIDATION_FAILURE_ID} was triggered but suppressed.`,
            reason
          );
          Annotations.of(params.node).addInfo(message);
        }
      } else {
        const information = `'${ruleId}' threw an error during validation. This is generally caused by a parameter referencing an intrinsic function. For more details enable verbose logging.'`;
        const message = this.createMessage(
          VALIDATION_FAILURE_ID,
          information,
          (error as Error).message
        );
        Annotations.of(params.node).addWarning(message);
      }
    }
  }