def inspect_access

def inspect_access_layers()

in Azure Firewall/Script - Migrate Checkpoint config to Azure Firewall Policy/chkp2azfw.py [0:0]
32 lines of code
23 McCabe index (conditional complexity)

def inspect_access_layers(layer_list):
    for layer in layer_list:
        for rule in layer:
            # Check rule is a dictionary and contains a type key
            if isinstance(rule, dict) and 'type' in rule:
                if rule['type'] == 'access-rule':
                    # Rule Name
                    rule_name = rule['name'] if len(rule['name']) <= 38 else rule['name'][:38]
                    # action/src/dst/svc object Members
                    rule_action_members_str = str(find_members(policy_objects, rule['action'], member_list=[])[0])
                    rule_src_members = find_members(policy_objects, rule['source'], member_list=[], mode='ip')
                    rule_src_members_str = str(rule_src_members) if len(str(rule_src_members)) <= 38 else str(rule_src_members)[:38]
                    rule_dst_members = find_members(policy_objects, rule['destination'], member_list=[], mode='ip')
                    rule_dst_members_str = str(rule_dst_members) if len(str(rule_dst_members)) <= 38 else str(rule_dst_members)[:38]
                    rule_svc_members = find_members(policy_objects, rule['service'], member_list=[], mode='svc')
                    rule_svc_members_str = str(rule_svc_members) if len(str(rule_svc_members)) <= 38 else str(rule_svc_members)[:38]
                    # For each group ID used as source or destination, create an IP group object
                    if len(rule_src_members) > 0:
                        for src in rule['source']:
                            if not is_ipgroup(ipgroups, src):
                                ipgroups.append({'id': src, 'members': rule_src_members, 'member_count': len(rule_src_members), 'name': find_uid(policy_objects, src)['name']})
                    if len(rule_dst_members) > 0:
                        for dst in rule['destination']:
                            if not is_ipgroup(ipgroups, dst):
                                ipgroups.append({'id': dst, 'members': rule_dst_members, 'member_count': len(rule_dst_members), 'name': find_uid(policy_objects, dst)['name']})
                elif rule['type'] == 'nat-rule':
                    if log_level >= 7:
                        print('DEBUG: processing NAT rule', rule['rule-number'], file=sys.stderr)
                elif rule['type'] == 'threat-rule':
                    if log_level >= 7:
                        print('DEBUG: processing Threat rule', rule['rule-number'], file=sys.stderr)
                else:
                    if log_level >= 7:
                        print('DEBUG: ignoring rule of type', rule['type'], file=sys.stderr)
            else:
                print('ERROR: Rule is not a dictionary or does not contain a type key:', str(rule), file=sys.stderr)