diff --git a/cfripper/config/regex.py b/cfripper/config/regex.py index 7bd69ea6..39bb40e2 100644 --- a/cfripper/config/regex.py +++ b/cfripper/config/regex.py @@ -173,19 +173,3 @@ - sns:Get* """ REGEX_HAS_STAR_OR_STAR_AFTER_COLON = re.compile(r"^(\w*:)*[*?]+$") - - -""" -Check that stack name only consists of alphanumerical characters and hyphens. -Valid: -- abcdefg -- ABCDEFG -- abcdEFG -- aBc-DeFG -- a1b2c3 -Invalid: -- abc_defg -- AB:cdefg -- !@£$$%aA -""" -REGEX_ALPHANUMERICAL_OR_HYPHEN = re.compile(r"^[A-Za-z0-9\-]+$") diff --git a/cfripper/rules/__init__.py b/cfripper/rules/__init__.py index 46e4d5d2..adf902a8 100644 --- a/cfripper/rules/__init__.py +++ b/cfripper/rules/__init__.py @@ -38,7 +38,6 @@ SQSQueuePolicyNotPrincipalRule, SQSQueuePolicyPublicRule, ) -from cfripper.rules.stack_name_matches_regex import StackNameMatchesRegexRule from cfripper.rules.storage_encrypted_rule import StorageEncryptedRule from cfripper.rules.wildcard_policies import ( GenericResourceWildcardPolicyRule, @@ -97,7 +96,6 @@ SQSQueuePolicyNotPrincipalRule, SQSQueuePolicyPublicRule, SQSQueuePolicyWildcardActionRule, - StackNameMatchesRegexRule, WildcardResourceRule, ) } diff --git a/cfripper/rules/stack_name_matches_regex.py b/cfripper/rules/stack_name_matches_regex.py deleted file mode 100644 index c2f0a935..00000000 --- a/cfripper/rules/stack_name_matches_regex.py +++ /dev/null @@ -1,46 +0,0 @@ -from typing import Dict, Optional - -from pycfmodel.model.cf_model import CFModel - -from cfripper.config.regex import REGEX_ALPHANUMERICAL_OR_HYPHEN -from cfripper.model.enums import RuleGranularity, RuleMode, RuleRisk -from cfripper.model.result import Result -from cfripper.rules.base_rules import Rule - - -class StackNameMatchesRegexRule(Rule): - """ - Checks that a given stack follows the naming convention given by a regex. For this to work, - the stack name must be given either in the config or in the extras using the key - "stack_name". - """ - - RULE_MODE = RuleMode.DEBUG # for demonstration purposes - RISK_VALUE = RuleRisk.LOW - GRANULARITY = RuleGranularity.STACK - REASON = ( - "The stack name {} does not follow the naming convention (only alphanumerical characters and hyphens allowed)." - ) - REGEX = REGEX_ALPHANUMERICAL_OR_HYPHEN - - def _stack_name_matches_regex(self, stack_name: str) -> bool: - """Check that stack name follows naming convention.""" - return bool(self.REGEX.match(stack_name)) - - def invoke(self, cfmodel: CFModel, extras: Optional[Dict] = None) -> Result: - result = Result() - stack_name = self._config.stack_name or extras.get("stack_name", "") - if not stack_name: - return result - if not extras: - extras = {} - - if not self._stack_name_matches_regex(stack_name): - self.add_failure_to_result( - result, - self.REASON.format(stack_name), - self.GRANULARITY, - risk_value=self.RISK_VALUE, - context={"config": self._config, "extras": extras}, - ) - return result diff --git a/tests/rules/test_StackNameMatchesRegexRule.py b/tests/rules/test_StackNameMatchesRegexRule.py deleted file mode 100644 index 90eae654..00000000 --- a/tests/rules/test_StackNameMatchesRegexRule.py +++ /dev/null @@ -1,60 +0,0 @@ -import pytest -from pycfmodel.model.cf_model import CFModel - -from cfripper.config.config import Config -from cfripper.rules import StackNameMatchesRegexRule - - -@pytest.mark.parametrize( - "stack_name, expected_result", - [ - ("justlowercase", True), - ("lowercase-with-hyphens", True), - ("lowercaseANDUPPERCASE", True), - ("lowercase-AND-UPPERCASE-with-hyphens", True), - ("also-123-including-456-numbers", True), - ("including_underscore", False), - ("including space", False), - ("including-other-symbols!@£$%^&*()", False), - ], -) -def test_stack_name_matches_regex(stack_name, expected_result): - rule = StackNameMatchesRegexRule(Config(stack_name=stack_name, rules=["StackNameMatchesRegexRule"])) - assert rule._stack_name_matches_regex(stack_name) == expected_result - - -def test_works_with_extras(): - rule = StackNameMatchesRegexRule(Config(stack_name="some-valid-stack-name", rules=["StackNameMatchesRegexRule"])) - extras = {"stack": {"tags": [{"key": "project", "value": "some_project"}]}} - result = rule.invoke(cfmodel=CFModel(), extras=extras) - assert result.valid - - -def test_stack_name_from_extras(): - rule = StackNameMatchesRegexRule(Config(stack_name="some-valid-stack-name", rules=["StackNameMatchesRegexRule"])) - extras = {"stack": {"tags": [{"key": "project", "value": "some_project"}]}, "stack_name": "some_invalid_name"} - result = rule.invoke(cfmodel=CFModel(), extras=extras) - assert result.valid - - -def test_failure_is_added_for_invalid_stack_name(): - rule = StackNameMatchesRegexRule(Config(stack_name="some_invalid_stack_name", rules=["StackNameMatchesRegexRule"])) - result = rule.invoke(cfmodel=CFModel()) - assert result.failures - assert ( - result.failures[0].reason - == "The stack name some_invalid_stack_name does not follow the naming convention (only alphanumerical " - "characters and hyphens allowed)." - ) - - -def test_failure_is_added_for_invalid_stack_name_from_extras(): - rule = StackNameMatchesRegexRule(Config(rules=["StackNameMatchesRegexRule"])) - extras = {"stack": {"tags": [{"key": "project", "value": "some_project"}]}, "stack_name": "some_invalid_stack_name"} - result = rule.invoke(cfmodel=CFModel(), extras=extras) - assert result.failures - assert ( - result.failures[0].reason - == "The stack name some_invalid_stack_name does not follow the naming convention (only alphanumerical " - "characters and hyphens allowed)." - )