def find_members()

in Azure Firewall/Script - Migrate Checkpoint config to Azure Firewall Policy/chkp2azfw.py [0:0]
47 lines of code
27 McCabe index (conditional complexity)

def find_members(object_group_list, uid_list, member_list=[], debug=False, mode='ip'):
    # if debug:
    #     print("DEBUG: looking for UIDs '{0}'...".format(str(uid_list)), file=sys.stderr)
    # Make sure that the uid is a list
    if not isinstance(uid_list, list):
        uid_list = [uid_list]
    # Loop through all objects
    for object_group in object_group_list:
        if object_group['uid'] in uid_list:
            # if debug:
            #     print('DEBUG: found matching object', str(object_group), file=sys.stderr)
            if 'members' in object_group:
                if len(object_group['members']) > 0:
                    for member in object_group['members']:
                        if is_uid(member):
                            member_list = find_members(object_group_list, member, member_list=member_list)
                else:
                    if debug:
                        print('DEBUG: object group {0} has no members.'.format(str(object_group['name'])), file=sys.stderr)
            elif object_group['type'] == 'network':
                member_list.append(object_group['subnet4'] + '/' + str(object_group['mask-length4']))
            elif object_group['type'] == 'host':
                member_list.append(object_group['ipv4-address'] + '/32')
            elif object_group['type'] == 'dns-domain':
                member_list.append(str(object_group['name'])[1:])    # In checkpoint syntax, fqdn starts with a dot
            elif object_group['type'] == 'dynamic-object':  # Service Tag "AVDServiceRanges"
                if debug:
                    print('DEBUG: adding dynamic-object {0}'.format(object_group['name']), str(object_group), file=sys.stderr)
                if object_group['name'] == 'AVDServiceRanges':
                    member_list.append('WindowsVirtualDesktop')
                else:
                    if log_level >= 3:
                        print('ERROR: dynamic-object {0} cannot be mapped to an Azure service tag'.format(object_group['name']), file=sys.stderr)
            elif object_group['type'] == 'service-tcp':
                member_list.append(('tcp', object_group['port']))
            elif object_group['type'] == 'service-udp':
                member_list.append(('udp', object_group['port']))
            elif object_group['type'] == 'service-icmp':
                member_list.append(('icmp', '*'))
            elif object_group['type'] == 'CpmiAnyObject':
                if (mode == 'ip'):
                    member_list.append('*')
                else:
                    member_list.append(('any', '*'))
            elif object_group['type'] == 'RulebaseAction':
                member_list.append(object_group['name'])
            elif object_group['type'] in ('CpmiGatewayCluster', 'CpmiClusterMember', 'CpmiHostCkp', 'simple-cluster', 'Global'):
                if debug:
                    print('DEBUG: ignoring object type', object_group['type'], file=sys.stderr)
            else:
                if debug:
                    print('DEBUG: unknown object type', object_group['type'], file=sys.stderr)
    return list(set(member_list))