Skip to content

Compliant Policies Arguments Validation #5168

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
almog2296 wants to merge 21 commits into
base: master
Choose a base branch
from
Open

Compliant Policies Arguments Validation #5168

almog2296 wants to merge 21 commits into from

Conversation

@almog2296
Copy link

@almog2296 almog2296 commented Dec 21, 2025

Related Issues

fixes: Ticket

Description

Adds a new ignorable validation (BA129) that ensures commands/scripts declare the appropriate compliantpolicies when using arguments associated with specific compliance standards (defined in compliant_policies.json).

Key Logic:
Checks if command arguments match any known policy arguments.
Verifies that the compliantpolicies field contains the required policy name.
Multi-Policy Support: If an argument is associated with multiple policies (e.g., "Soft" and "Hard" remediation), the validation passes if at least one of them is present.

@almog2296 almog2296 requested review from a team and yedidyacohenpalo as code owners December 21, 2025 13:18
@github-actions
Copy link

github-actions bot commented Dec 21, 2025

Changelog(s) in markdown:

  • Adds a new ignorable validation (BA129) that ensures commands/scripts declare the appropriate compliantpolicies when using arguments associated with specific compliance standards (defined in compliant_policies.json). #5168

@github-actions
Copy link

github-actions bot commented Dec 25, 2025

Changelog(s) in markdown:

  • Adds a new validation (BA129) that ensures commands/scripts declare the appropriate compliantpolicies when using arguments associated with specific compliance standards (defined in compliant_policies.json). #5168

Shellyber
Shellyber reviewed Jan 8, 2026
View reviewed changes
demisto_sdk/commands/validate/validators/BA_validators/BA129_missing_compliant_policies.py
if not valid_policy_options:
continue
# Check if the declared policies cover the requirements for this arg
if valid_policy_options.isdisjoint(declared_policies):
Copy link
Contributor

@Shellyber Shellyber Jan 1, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

You can only report the actually missing policies to give more precise feedback.
Something like:

missing_for_arg = valid_policy_options - declared_policies
if missing_for_arg:
    problematic_arguments.add(arg)
    missing_policy_options.update(missing_for_arg)

Copy link
Author

@almog2296 almog2296 Jan 8, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I can’t do this because, for example, for "user" it is sufficient that at least one policy is available "Hard User Remediation" or "Soft User Remediation".
So i check whether there is any overlap between the required and declared policies. If an overlap exists, we continue. If not, we add the relevant missing optional policies.

It will report only actually missing required policies because its per argument.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@Shellyber Shellyber Shellyber left review comments

@yedidyacohenpalo yedidyacohenpalo Awaiting requested review from yedidyacohenpalo yedidyacohenpalo is a code owner

@YuvHayun YuvHayun Awaiting requested review from YuvHayun

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@almog2296 @Shellyber