Module: Vulnerability::Validate

Includes:
Selection
Defined in:
lib/puppet_x/vulnerability/implementation/validate.rb

Overview

Implementation of puppet function vulnerability::validate

Class Method Summary collapse

Instance Method Summary collapse

Methods included from Selection

#all_levels, #allowed_levels, #filter_cves, #level_selection, #selected_levels, #validate_level

Class Method Details

.included(base) ⇒ Object 



12
13
14
15
16
17
18
19
 
# File 'lib/puppet_x/vulnerability/implementation/validate.rb', line 12

def self.included(base)
  base.dispatch :validate do
    param       'Vulnerability::Level',     :level
    param       'Array[String[1]]',         :allow_list
    param       'Boolean',                  :fail_on_unsafe
    return_type 'Hash'
  end
end

Instance Method Details

#validate(level, allow_list, fail_on_unsafe) ⇒ Object

Raises:

  • (Puppet::Error) 


21
22
23
24
25
26
27
28
29
 
# File 'lib/puppet_x/vulnerability/implementation/validate.rb', line 21

def validate(level, allow_list, fail_on_unsafe)
  return {} unless closure_scope.include?('cve_list')

  selected_cves = level_selection(closure_scope['cve_list'], level)
  selected_cves = filter_cves(selected_cves, allow_list)
  raise(Puppet::Error, "System contains vulnerabilies above level '#{level}', that are not on allow list") if !selected_cves.empty? && fail_on_unsafe

  selected_cves
end