Ansible-lint Custom Rule Matching with Regex

Question

I want to use Ansible-lint to check to see if subnets are formatted correctly in my yaml files.

right: 10.10.10.0/32

Wrong: 10.10.10.0 /32

I created a custom rule:

from ansiblelint import AnsibleLintRule
 import re

 class CheckCustomPattern(AnsibleLintRule):
     id = 'CUSTOM005'
     shortdesc = 'Check if pattern "\\s\/[1-3][0-9]" is found'
     description = 'This rule checks if the pattern "\\s\/[1-3][0-9]" is found in any file.'
     severity = 'HIGH'
     tags = ['files']

     def match(self, file, text):
         with open(file['path'], 'r') as file_content:
             content = file_content.read()
             if re.search(r'\s\/[1-3][0-9]', content):
                 return True
         return False

I have checked the Regex against a tester and it is correct.

When I run it, tt is matching on all IP addresses, even ones that are correct. It is even matching on non-IP addresses, like random string like [ TCP UDP ICMP ]. I have checked the regex syntax in a tester and it is correct.

Not sure what I am missing.

Answer 1

It's kind of expected: you're loading the whole file and checking the whole file. You should iterate over the list of lines instead. It's been years since I wrote plain Python code but here's how would it look like in an oversimplified way:

# playbook.yaml
---
- hosts: localhost
  connection: local
  gather_facts: false
  tasks:
    - debug:
        msg: '10.10.10.0/32'

    - debug:
        msg: '10.10.10.0 /32'

    - debug:
        msg: '10.10.10.0  /32'

    - debug:
        msg: '[ TCP UDP ICMP ]'

# match.py
import re

with open('playbook.yaml', 'r') as file_content:
    content = file_content.read()
    incorrect_subnet_spacing_regex = r'\s\/[1-3][0-9]'
    for index, line in enumerate(content.split('\n')):
        match = re.search(incorrect_subnet_spacing_regex, line)
        if match:
            print(f'Incorrect subnet at line {index}, position {match.start()}: {line}')

For the example file, the code above will produce the following result:

Alexanders-Mini:78189854 alexander$ python3 match.py 
Incorrect subnet at line 9, position 24:         msg: '10.10.10.0 /32'
Incorrect subnet at line 12, position 25:         msg: '10.10.10.0  /32'

I would adjust the regex because chances are that a space would be added after the slash, for example.

Answer 2

I ended up solving it this way. I used a built-in rule and modified it for my needs.

from ansiblelint import AnsibleLintRule
import re


class checkSubnetPattern(AnsibleLintRule):
    id = 'checkSubet'
    shortdesc = 'Check if the subnet has a space in it between the net and mask'
    description = 'This rule checks if if subnet has a space in it in any file.'
    severity = 'HIGH'
    tags = ['files']

    variable_syntax = re.compile(r"\s\/[1-3][0-9]")

    def match(self, file, line):
        if not self.variable_syntax.search(line):
            return
        return id