in src/nag-suppressions.ts [31:72]
static addStackSuppressions(
stack: Stack,
suppressions: NagPackSuppression[],
applyToNestedStacks: boolean = false
): void {
const stacks = applyToNestedStacks
? stack.node.findAll().filter((x): x is Stack => x instanceof Stack)
: [stack];
stacks.forEach((s) => {
const newSuppressions = [];
for (const suppression of suppressions) {
if (suppression.reason.length >= 10) {
newSuppressions.push(suppression);
} else {
throw Error(
`${s.node.id}: The cdk_nag suppression for ${suppression.id} must have a reason of 10 characters or more. See https://github.com/cdklabs/cdk-nag#suppressing-a-rule for information on suppressing a rule.`
);
}
}
let currentSuppressions =
s.templateOptions.metadata?.cdk_nag?.rules_to_suppress;
currentSuppressions = Array.isArray(currentSuppressions)
? currentSuppressions
: [];
currentSuppressions.push(...newSuppressions);
const dedupSuppressions = new Set();
const result = currentSuppressions.filter((x: any) =>
!dedupSuppressions.has(JSON.stringify(x))
? dedupSuppressions.add(JSON.stringify(x))
: false
);
if (s.templateOptions.metadata) {
s.templateOptions.metadata.cdk_nag = {
rules_to_suppress: result,
};
} else {
s.templateOptions.metadata = {
cdk_nag: { rules_to_suppress: result },
};
}
});
}