Package org.sonar.python.checks.cdk

Class AbstractIamPolicyStatementCheck

java.lang.Object

org.sonar.plugins.python.api.PythonSubscriptionCheck

org.sonar.python.checks.cdk.AbstractCdkResourceCheck

org.sonar.python.checks.cdk.AbstractIamPolicyStatementCheck

All Implemented Interfaces:

PythonCheck, SubscriptionCheck

Direct Known Subclasses:

IamPolicyPublicAccessCheck, IamPrivilegeEscalationCheck, PrivilegePolicyCheck, ResourceAccessPolicyCheck

public abstract class AbstractIamPolicyStatementCheck
extends AbstractCdkResourceCheck

Nested Class Summary

Nested classes/interfaces inherited from interface org.sonar.plugins.python.api.PythonCheck

PythonCheck.CheckScope, PythonCheck.PreciseIssue

Nested classes/interfaces inherited from interface org.sonar.plugins.python.api.SubscriptionCheck

SubscriptionCheck.Context

Constructor Summary

Constructors

Constructor	Description
AbstractIamPolicyStatementCheck()

Method Summary

Modifier and Type	Method	Description
protected abstract void	checkAllowingPolicyStatement(PolicyStatement policyStatement)
protected void	checkPolicyStatement(PolicyStatement policyStatement)
protected void	checkPolicyStatementFromJson(PolicyStatement policyStatementFormJson)
protected static Optional<DictionaryLiteral>	getDictionaryFromJson(SubscriptionContext ctx, CallExpression call)
protected static List<DictionaryLiteral>	getPolicyStatements(SubscriptionContext ctx, DictionaryLiteral json)	Return a list of PolicyStatement json representation from a PolicyDocument.from_json call
protected static org.sonar.python.checks.cdk.CdkUtils.ExpressionFlow	getSensitiveExpression(org.sonar.python.checks.cdk.CdkUtils.ExpressionFlow expression, Predicate<Expression> predicate)
protected static boolean	hasAllowEffect(org.sonar.python.checks.cdk.CdkUtils.ExpressionFlow effect)
protected void	registerFqnConsumer()

Methods inherited from class org.sonar.python.checks.cdk.AbstractCdkResourceCheck

checkFqn, checkFqns, initialize, visitNode

Methods inherited from class org.sonar.plugins.python.api.PythonSubscriptionCheck

leaveFile, scanFile

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface org.sonar.plugins.python.api.PythonCheck

scanWithoutParsing, scope

Constructor Details

AbstractIamPolicyStatementCheck

public AbstractIamPolicyStatementCheck()

Method Details

registerFqnConsumer

protected void registerFqnConsumer()

Specified by:

registerFqnConsumer in class AbstractCdkResourceCheck

checkPolicyStatement

protected void checkPolicyStatement(PolicyStatement policyStatement)

checkPolicyStatementFromJson

protected void checkPolicyStatementFromJson(PolicyStatement policyStatementFormJson)

hasAllowEffect

protected static boolean hasAllowEffect(@Nullable
 org.sonar.python.checks.cdk.CdkUtils.ExpressionFlow effect)

checkAllowingPolicyStatement

protected abstract void checkAllowingPolicyStatement(PolicyStatement policyStatement)

getDictionaryFromJson

protected static Optional<DictionaryLiteral> getDictionaryFromJson(SubscriptionContext ctx,
 CallExpression call)

getPolicyStatements

protected static List<DictionaryLiteral> getPolicyStatements(SubscriptionContext ctx,
 DictionaryLiteral json)

Return a list of PolicyStatement json representation from a PolicyDocument.from_json call

getSensitiveExpression

protected static org.sonar.python.checks.cdk.CdkUtils.ExpressionFlow getSensitiveExpression(org.sonar.python.checks.cdk.CdkUtils.ExpressionFlow expression,
 Predicate<Expression> predicate)