From cdd74399fcd6befccdfec6f09b67bb222e93697a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jan=20=C4=8Cern=C3=BD?= Date: Tue, 6 Feb 2024 16:15:35 +0100 Subject: [PATCH] Prevent conflicts in references If a reference type is provided by a control file it shouldn't be set in rule.yml. We add a build time check that interrupts the build if there is a conflict. This check ensures that the references are centralized in control files. --- ssg/controls.py | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/ssg/controls.py b/ssg/controls.py index d11af2a432a..f7d899ffaa0 100644 --- a/ssg/controls.py +++ b/ssg/controls.py @@ -388,6 +388,16 @@ def get_level_with_ancestors_sequence(self, level_id): levels[l] = "" return list(levels.keys()) + def _check_conflict_in_rules(self, rules): + for rule_id, rule in rules.items(): + if self.reference_type in rule.references: + msg = ( + "Rule %s contains %s reference, but this reference " + "type is provided by %s controls. Please remove the " + "reference from rule.yml." % ( + rule_id, self.reference_type, self.id)) + raise ValueError(msg) + def add_references(self, rules): if not self.reference_type: return @@ -398,6 +408,7 @@ def add_references(self, rules): if self.reference_type not in allowed_reference_types: msg = "Unknown reference type %s" % (self.reference_type) raise(ValueError(msg)) + self._check_conflict_in_rules(rules) for control in self.controls_by_id.values(): control.add_references(self.reference_type, rules)