Class: Policy

Inherits:

Object

• Object
• Policy

Defined in:

lib/policy.rb

Constant Summary

KNOWN_TOP_KEYS =

%w[severity rules policy ignore exceptions].freeze

KNOWN_POLICY_KEYS =

%w[require recommend].freeze

Instance Attribute Summary

• #config ⇒ Object readonly

  Returns the value of attribute config.

• #errors ⇒ Object readonly

  Returns the value of attribute errors.

Instance Method Summary

• #excepted?(finding) ⇒ Boolean

  Is this finding excepted?.

• #ignored?(filename) ⇒ Boolean

  Should this file be ignored?.

• #initialize(path = nil) ⇒ Policy constructor

  A new instance of Policy.

• #loaded? ⇒ Boolean
• #min_severity ⇒ Object

  Severity override — returns the configured minimum severity or default.

• #recommended_policies ⇒ Object
• #required_policies ⇒ Object

  Policy requirements.

• #rule_severity(rule_name) ⇒ Object

  Rule severity override or :off.

Constructor Details

#initialize(path = nil) ⇒ Policy

Returns a new instance of Policy.

# File 'lib/policy.rb', line 9

def initialize(path = nil)
    @path = path
    @config = {}
    @errors = []
    load_config if @path && File.exist?(@path)
end

Instance Attribute Details

#config ⇒ Object (readonly)

Returns the value of attribute config.

# File 'lib/policy.rb', line 7

def config
  @config
end

#errors ⇒ Object (readonly)

Returns the value of attribute errors.

# File 'lib/policy.rb', line 7

def errors
  @errors
end

Instance Method Details

#excepted?(finding) ⇒ Boolean

Is this finding excepted?

Returns:

• (Boolean)

# File 'lib/policy.rb', line 42

def excepted?(finding)
    exceptions = @config["exceptions"] || []
    exceptions.any? { |ex|
        ex["rule"] == finding.rule &&
        (ex["file"].nil? || ex["file"] == finding.file)
    }
end

#ignored?(filename) ⇒ Boolean

Should this file be ignored?

Returns:

• (Boolean)

# File 'lib/policy.rb', line 36

def ignored?(filename)
    patterns = @config["ignore"] || []
    patterns.any? { |pat| File.fnmatch(pat, filename, File::FNM_PATHNAME) }
end

#loaded? ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/policy.rb', line 16

def loaded? = !@config.empty?

#min_severity ⇒ Object

Severity override — returns the configured minimum severity or default

# File 'lib/policy.rb', line 19

def min_severity
    sev = @config["severity"]
    return :low unless sev
    sev.to_sym
end

#recommended_policies ⇒ Object

# File 'lib/policy.rb', line 52

def recommended_policies = (@config.dig("policy", "recommend") || [])

#required_policies ⇒ Object

Policy requirements

# File 'lib/policy.rb', line 51

def required_policies = (@config.dig("policy", "require") || [])

#rule_severity(rule_name) ⇒ Object

Rule severity override or :off

# File 'lib/policy.rb', line 26

def rule_severity(rule_name)
    rules = @config["rules"] || {}
    return nil unless rules.key?(rule_name)
    override = rules[rule_name]
    # YAML parses "off" as boolean false
    return :off if override == false || override.to_s == "off"
    override.to_sym
end