change validate function to return []Violation instead of taking a po…

…inter to a ValidationReport
stelligent · Mar 18, 2018 · f201958 · f201958
1 parent e059238
commit f201958
Show file tree

Hide file tree

Showing 3 changed files with 24 additions and 15 deletions.
diff --git a/cli/kubernetes.go b/cli/kubernetes.go
@@ -42,25 +42,25 @@ func loadKubernetesResources(filename string, log assertion.LoggingFunction) []a
 	return resources
 }
 
-func (l KubernetesLinter) ValidateKubernetesResources(report *assertion.ValidationReport, resources []assertion.Resource, rules []assertion.Rule, tags []string) {
+func (l KubernetesLinter) ValidateKubernetesResources(resources []assertion.Resource, rules []assertion.Rule, tags []string) []assertion.Violation {
 
 	valueSource := assertion.StandardValueSource{Log: l.Log}
 	filteredRules := assertion.FilterRulesByTag(rules, tags)
 	resolvedRules := assertion.ResolveRules(filteredRules, valueSource, l.Log)
 
+	allViolations := make([]assertion.Violation, 0)
 	for _, rule := range resolvedRules {
 		l.Log(fmt.Sprintf("Rule %s: %s", rule.Id, rule.Message))
 		for _, resource := range assertion.FilterResourcesByType(resources, rule.Resource) {
 			if assertion.ExcludeResource(rule, resource) {
 				l.Log(fmt.Sprintf("Ignoring resource %s", resource.Id))
 			} else {
 				_, violations := assertion.CheckRule(rule, resource, l.Log)
-				for _, violation := range violations {
-					report.Violations[violation.Status] = append(report.Violations[violation.Status], violation)
-				}
+				allViolations = append(allViolations, violations...)
 			}
 		}
 	}
+	return allViolations
 }
 
 func (l KubernetesLinter) Validate(report *assertion.ValidationReport, filenames []string, ruleSet assertion.RuleSet, tags []string, ruleIds []string) {
@@ -69,7 +69,10 @@ func (l KubernetesLinter) Validate(report *assertion.ValidationReport, filenames
 		if assertion.ShouldIncludeFile(ruleSet.Files, filename) {
 			l.Log(fmt.Sprintf("Processing %s", filename))
 			resources := loadKubernetesResources(filename, l.Log)
-			l.ValidateKubernetesResources(report, resources, rules, tags)
+			violations := l.ValidateKubernetesResources(resources, rules, tags)
+			for _, violation := range violations {
+				report.Violations[violation.Status] = append(report.Violations[violation.Status], violation)
+			}
 			report.FilesScanned = append(report.FilesScanned, filename)
 		}
 	}

diff --git a/cli/security_group.go b/cli/security_group.go
@@ -48,31 +48,34 @@ func loadSecurityGroupResources(log assertion.LoggingFunction) []assertion.Resou
 	return resources
 }
 
-func (l SecurityGroupLinter) ValidateSecurityGroupResources(report *assertion.ValidationReport, resources []assertion.Resource, rules []assertion.Rule, tags []string) {
+func (l SecurityGroupLinter) ValidateSecurityGroupResources(resources []assertion.Resource, rules []assertion.Rule, tags []string) []assertion.Violation {
 
 	valueSource := assertion.StandardValueSource{Log: l.Log}
 	filteredRules := assertion.FilterRulesByTag(rules, tags)
 	resolvedRules := assertion.ResolveRules(filteredRules, valueSource, l.Log)
 
+	allViolations := make([]assertion.Violation, 0)
 	for _, rule := range resolvedRules {
 		l.Log(fmt.Sprintf("Rule %s: %s", rule.Id, rule.Message))
 		for _, resource := range assertion.FilterResourcesByType(resources, rule.Resource) {
 			if assertion.ExcludeResource(rule, resource) {
 				l.Log(fmt.Sprintf("Ignoring resource %s", resource.Id))
 			} else {
 				_, violations := assertion.CheckRule(rule, resource, l.Log)
-				for _, violation := range violations {
-					report.Violations[violation.Status] = append(report.Violations[violation.Status], violation)
-				}
+				allViolations = append(allViolations, violations...)
 			}
 		}
 	}
+	return allViolations
 }
 
 func (l SecurityGroupLinter) Validate(report *assertion.ValidationReport, filenames []string, ruleSet assertion.RuleSet, tags []string, ruleIds []string) {
 	rules := assertion.FilterRulesById(ruleSet.Rules, ruleIds)
 	resources := loadSecurityGroupResources(l.Log)
-	l.ValidateSecurityGroupResources(report, resources, rules, tags)
+	violations := l.ValidateSecurityGroupResources(resources, rules, tags)
+	for _, violation := range violations {
+		report.Violations[violation.Status] = append(report.Violations[violation.Status], violation)
+	}
 }
 
 func (l SecurityGroupLinter) Search(filenames []string, ruleSet assertion.RuleSet, searchExpression string) {

diff --git a/cli/terraform.go b/cli/terraform.go
@@ -89,33 +89,36 @@ func loadTerraformResources(filename string, log assertion.LoggingFunction) []as
 	return resources
 }
 
-func (l TerraformLinter) ValidateTerraformResources(report *assertion.ValidationReport, resources []assertion.Resource, rules []assertion.Rule, tags []string) {
+func (l TerraformLinter) ValidateTerraformResources(resources []assertion.Resource, rules []assertion.Rule, tags []string) []assertion.Violation {
 
 	valueSource := assertion.StandardValueSource{Log: l.Log}
 	filteredRules := assertion.FilterRulesByTag(rules, tags)
 	resolvedRules := assertion.ResolveRules(filteredRules, valueSource, l.Log)
 
+	allViolations := make([]assertion.Violation, 0)
 	for _, rule := range resolvedRules {
 		l.Log(fmt.Sprintf("Rule %s: %s", rule.Id, rule.Message))
 		for _, resource := range assertion.FilterResourcesByType(resources, rule.Resource) {
 			if assertion.ExcludeResource(rule, resource) {
 				l.Log(fmt.Sprintf("Ignoring resource %s", resource.Id))
 			} else {
 				_, violations := assertion.CheckRule(rule, resource, l.Log)
-				for _, violation := range violations {
-					report.Violations[violation.Status] = append(report.Violations[violation.Status], violation)
-				}
+				allViolations = append(allViolations, violations...)
 			}
 		}
 	}
+	return allViolations
 }
 
 func (l TerraformLinter) Validate(report *assertion.ValidationReport, filenames []string, ruleSet assertion.RuleSet, tags []string, ruleIds []string) {
 	rules := assertion.FilterRulesById(ruleSet.Rules, ruleIds)
 	for _, filename := range filenames {
 		if assertion.ShouldIncludeFile(ruleSet.Files, filename) {
 			resources := loadTerraformResources(filename, l.Log)
-			l.ValidateTerraformResources(report, resources, rules, tags)
+			violations := l.ValidateTerraformResources(resources, rules, tags)
+			for _, violation := range violations {
+				report.Violations[violation.Status] = append(report.Violations[violation.Status], violation)
+			}
 			report.FilesScanned = append(report.FilesScanned, filename)
 		}
 	}