cfn-nag 0.7.13 → 0.8.0

data/lib/cfn-nag/custom_rules/LambdaPermissionInvokeFunctionActionRule.rb

@@ -6,7 +6,7 @@ require_relative 'base'
 class LambdaPermissionInvokeFunctionActionRule < BaseRule
   def rule_text
     'Lambda permission beside InvokeFunction might not be what you want? ' \
-    'Not sure!?'
+      'Not sure!?'
   end
 
   def rule_type

data/lib/cfn-nag/custom_rules/ManagedBlockchainMemberMemberFabricConfigurationAdminPasswordRule.rb

@@ -8,7 +8,7 @@ require_relative 'base'
 class ManagedBlockchainMemberMemberFabricConfigurationAdminPasswordRule < BaseRule
   def rule_text
     'ManagedBlockchain Member MemberFabricConfiguration AdminPasswordRule must ' \
-    'not be a plaintext string or a Ref to a NoEcho Parameter with a Default value.'
+      'not be a plaintext string or a Ref to a NoEcho Parameter with a Default value.'
   end
 
   def rule_type
@@ -42,14 +42,11 @@ class ManagedBlockchainMemberMemberFabricConfigurationAdminPasswordRule < BaseRu
   #   'MemberFabricConfiguration'
   #   'AdminPassword'
   def password_property_does_not_exist(member)
-    if member.memberConfiguration['MemberFrameworkConfiguration'].nil?
-      true
-    elsif member.memberConfiguration['MemberFrameworkConfiguration']['MemberFabricConfiguration'].nil?
-      true
-    elsif member.memberConfiguration['MemberFrameworkConfiguration']['MemberFabricConfiguration']['AdminPassword'].nil?
+    if member.memberConfiguration['MemberFrameworkConfiguration'].nil? ||
+       member.memberConfiguration['MemberFrameworkConfiguration']['MemberFabricConfiguration'].nil?
       true
     else
-      false
+      member.memberConfiguration['MemberFrameworkConfiguration']['MemberFabricConfiguration']['AdminPassword'].nil?
     end
   end
 end

data/lib/cfn-nag/custom_rules/OpsWorksAppAppSourcePasswordRule.rb

@@ -6,8 +6,8 @@ require_relative 'password_base_rule'
 class OpsWorksAppAppSourcePasswordRule < PasswordBaseRule
   def rule_text
     'OpsWorks App AppSource Password must not be a plaintext ' \
-    'string or a Ref to a Parameter with a Default value.  ' \
-    'Can be Ref to a NoEcho Parameter without a Default, or a dynamic reference to a secretsmanager/ssm-secure value.'
+      'string or a Ref to a Parameter with a Default value.  ' \
+      'Can be Ref to a NoEcho Parameter without a Default, or a dynamic reference to a secretsmanager/ssm-secure value.'
   end
 
   def rule_type

data/lib/cfn-nag/custom_rules/OpsWorksAppSslConfigurationPrivateKeyRule.rb

@@ -6,8 +6,8 @@ require_relative 'password_base_rule'
 class OpsWorksAppSslConfigurationPrivateKeyRule < PasswordBaseRule
   def rule_text
     'OpsWorks App SslConfiguration PrivateKey must not be a plaintext ' \
-    'string or a Ref to a Parameter with a Default value.  ' \
-    'Can be Ref to a NoEcho Parameter without a Default, or a dynamic reference to a secretsmanager value.'
+      'string or a Ref to a Parameter with a Default value.  ' \
+      'Can be Ref to a NoEcho Parameter without a Default, or a dynamic reference to a secretsmanager value.'
   end
 
   def rule_type

data/lib/cfn-nag/custom_rules/OpsWorksStackCustomCookbooksSourcePasswordRule.rb

@@ -6,8 +6,8 @@ require_relative 'password_base_rule'
 class OpsWorksStackCustomCookbooksSourcePasswordRule < PasswordBaseRule
   def rule_text
     'OpsWorks Stack CustomCookbooksSource Password must not be a plaintext ' \
-    'string or a Ref to a Parameter with a Default value.  ' \
-    'Can be Ref to a NoEcho Parameter without a Default, or a dynamic reference to a secretsmanager/ssm-secure value.'
+      'string or a Ref to a Parameter with a Default value.  ' \
+      'Can be Ref to a NoEcho Parameter without a Default, or a dynamic reference to a secretsmanager/ssm-secure value.'
   end
 
   def rule_type

data/lib/cfn-nag/custom_rules/OpsWorksStackRdsDbInstancesDbPasswordRule.rb

@@ -6,8 +6,8 @@ require_relative 'sub_property_with_list_password_base_rule'
 class OpsWorksStackRdsDbInstancesDbPasswordRule < SubPropertyWithListPasswordBaseRule
   def rule_text
     'OpsWorks Stack RDS DbInstance DbPassword must not be a plaintext string '\
-    'or a Ref to a Parameter with a Default value.  ' \
-    'Can be Ref to a NoEcho Parameter without a Default, or a dynamic reference to a secretsmanager/ssm-secure value.'
+      'or a Ref to a Parameter with a Default value.  ' \
+      'Can be Ref to a NoEcho Parameter without a Default, or a dynamic reference to a secretsmanager/ssm-secure value.'
   end
 
   def rule_type

data/lib/cfn-nag/custom_rules/PinpointAPNSChannelPrivateKeyRule.rb

@@ -6,8 +6,8 @@ require_relative 'password_base_rule'
 class PinpointAPNSChannelPrivateKeyRule < PasswordBaseRule
   def rule_text
     'Pinpoint APNSChannel PrivateKey must not be a plaintext string ' \
-    'or a Ref to a Parameter with a Default value.  ' \
-    'Can be Ref to a NoEcho Parameter without a Default, or a dynamic reference to a secretsmanager value.'
+      'or a Ref to a Parameter with a Default value.  ' \
+      'Can be Ref to a NoEcho Parameter without a Default, or a dynamic reference to a secretsmanager value.'
   end
 
   def rule_type

data/lib/cfn-nag/custom_rules/PinpointAPNSChannelTokenKeyRule.rb

@@ -6,8 +6,8 @@ require_relative 'password_base_rule'
 class PinpointAPNSChannelTokenKeyRule < PasswordBaseRule
   def rule_text
     'Pinpoint APNSChannel TokenKey must not be a plaintext string ' \
-    'or a Ref to a Parameter with a Default value.  ' \
-    'Can be Ref to a NoEcho Parameter without a Default, or a dynamic reference to a secretsmanager value.'
+      'or a Ref to a Parameter with a Default value.  ' \
+      'Can be Ref to a NoEcho Parameter without a Default, or a dynamic reference to a secretsmanager value.'
   end
 
   def rule_type

data/lib/cfn-nag/custom_rules/PinpointAPNSSandboxChannelPrivateKeyRule.rb

@@ -6,8 +6,8 @@ require_relative 'password_base_rule'
 class PinpointAPNSSandboxChannelPrivateKeyRule < PasswordBaseRule
   def rule_text
     'Pinpoint APNSSandboxChannel PrivateKey must not be a plaintext string ' \
-    'or a Ref to a Parameter with a Default value.  ' \
-    'Can be Ref to a NoEcho Parameter without a Default, or a dynamic reference to a secretsmanager value.'
+      'or a Ref to a Parameter with a Default value.  ' \
+      'Can be Ref to a NoEcho Parameter without a Default, or a dynamic reference to a secretsmanager value.'
   end
 
   def rule_type

data/lib/cfn-nag/custom_rules/PinpointAPNSSandboxChannelTokenKeyRule.rb

@@ -6,8 +6,8 @@ require_relative 'password_base_rule'
 class PinpointAPNSSandboxChannelTokenKeyRule < PasswordBaseRule
   def rule_text
     'Pinpoint APNSSandboxChannel TokenKey must not be a plaintext string ' \
-    'or a Ref to a Parameter with a Default value.  ' \
-    'Can be Ref to a NoEcho Parameter without a Default, or a dynamic reference to a secretsmanager value.'
+      'or a Ref to a Parameter with a Default value.  ' \
+      'Can be Ref to a NoEcho Parameter without a Default, or a dynamic reference to a secretsmanager value.'
   end
 
   def rule_type

data/lib/cfn-nag/custom_rules/PinpointAPNSVoipChannelPrivateKeyRule.rb

@@ -6,8 +6,8 @@ require_relative 'password_base_rule'
 class PinpointAPNSVoipChannelPrivateKeyRule < PasswordBaseRule
   def rule_text
     'Pinpoint APNSVoipChannel PrivateKey must not be a plaintext string ' \
-    'or a Ref to a Parameter with a Default value.  ' \
-    'Can be Ref to a NoEcho Parameter without a Default, or a dynamic reference to a secretsmanager value.'
+      'or a Ref to a Parameter with a Default value.  ' \
+      'Can be Ref to a NoEcho Parameter without a Default, or a dynamic reference to a secretsmanager value.'
   end
 
   def rule_type

data/lib/cfn-nag/custom_rules/PinpointAPNSVoipChannelTokenKeyRule.rb

@@ -6,8 +6,8 @@ require_relative 'password_base_rule'
 class PinpointAPNSVoipChannelTokenKeyRule < PasswordBaseRule
   def rule_text
     'Pinpoint APNSChannel TokenKey must not be a plaintext string ' \
-    'or a Ref to a Parameter with a Default value.  ' \
-    'Can be Ref to a NoEcho Parameter without a Default, or a dynamic reference to a secretsmanager value.'
+      'or a Ref to a Parameter with a Default value.  ' \
+      'Can be Ref to a NoEcho Parameter without a Default, or a dynamic reference to a secretsmanager value.'
   end
 
   def rule_type

data/lib/cfn-nag/custom_rules/PinpointAPNSVoipSandboxChannelPrivateKeyRule.rb

@@ -6,8 +6,8 @@ require_relative 'password_base_rule'
 class PinpointAPNSVoipSandboxChannelPrivateKeyRule < PasswordBaseRule
   def rule_text
     'Pinpoint APNSVoipSandboxChannel PrivateKey must not be a plaintext ' \
-    'string or a Ref to a Parameter with a Default value.  ' \
-    'Can be Ref to a NoEcho Parameter without a Default, or a dynamic reference to a secretsmanager value.'
+      'string or a Ref to a Parameter with a Default value.  ' \
+      'Can be Ref to a NoEcho Parameter without a Default, or a dynamic reference to a secretsmanager value.'
   end
 
   def rule_type

data/lib/cfn-nag/custom_rules/PinpointAPNSVoipSandboxChannelTokenKeyRule.rb

@@ -6,8 +6,8 @@ require_relative 'password_base_rule'
 class PinpointAPNSVoipSandboxChannelTokenKeyRule < PasswordBaseRule
   def rule_text
     'Pinpoint APNSVoipSandboxChannel TokenKey must not be a plaintext string ' \
-    'or a Ref to a Parameter with a Default value.  ' \
-    'Can be Ref to a NoEcho Parameter without a Default, or a dynamic reference to a secretsmanager value.'
+      'or a Ref to a Parameter with a Default value.  ' \
+      'Can be Ref to a NoEcho Parameter without a Default, or a dynamic reference to a secretsmanager value.'
   end
 
   def rule_type

data/lib/cfn-nag/custom_rules/RDSDBClusterMasterUserPasswordRule.rb

@@ -6,8 +6,8 @@ require_relative 'password_base_rule'
 class RDSDBClusterMasterUserPasswordRule < PasswordBaseRule
   def rule_text
     'RDS DB Cluster master user password must not be a plaintext string ' \
-    'or a Ref to a Parameter with a Default value.  ' \
-    'Can be Ref to a NoEcho Parameter without a Default, or a dynamic reference to a secretsmanager/ssm-secure value.'
+      'or a Ref to a Parameter with a Default value.  ' \
+      'Can be Ref to a NoEcho Parameter without a Default, or a dynamic reference to a secretsmanager/ssm-secure value.'
   end
 
   def rule_type

data/lib/cfn-nag/custom_rules/RDSDBInstanceMasterUserPasswordRule.rb

@@ -6,8 +6,8 @@ require_relative 'password_base_rule'
 class RDSDBInstanceMasterUserPasswordRule < PasswordBaseRule
   def rule_text
     'RDS instance master user password must not be a plaintext string ' \
-    'or a Ref to a Parameter with a Default value.  ' \
-    'Can be Ref to a NoEcho Parameter without a Default, or a dynamic reference to a secretsmanager/ssm-secure value.'
+      'or a Ref to a Parameter with a Default value.  ' \
+      'Can be Ref to a NoEcho Parameter without a Default, or a dynamic reference to a secretsmanager/ssm-secure value.'
   end
 
   def rule_type

data/lib/cfn-nag/custom_rules/RDSDBInstanceMasterUsernameRule.rb

@@ -7,8 +7,8 @@ require_relative 'password_base_rule'
 class RDSDBInstanceMasterUsernameRule < PasswordBaseRule
   def rule_text
     'RDS instance master username must not be a plaintext string ' \
-    'or a Ref to a Parameter with a Default value.  ' \
-    'Can be Ref to a NoEcho Parameter without a Default, or a dynamic reference to a secretsmanager value.'
+      'or a Ref to a Parameter with a Default value.  ' \
+      'Can be Ref to a NoEcho Parameter without a Default, or a dynamic reference to a secretsmanager value.'
   end
 
   def rule_type

data/lib/cfn-nag/custom_rules/RedshiftClusterMasterUserPasswordRule.rb

@@ -6,8 +6,8 @@ require_relative 'password_base_rule'
 class RedshiftClusterMasterUserPasswordRule < PasswordBaseRule
   def rule_text
     'Redshift Cluster master user password must not be a plaintext string ' \
-    'or a Ref to a Parameter with a Default value.  ' \
-    'Can be Ref to a NoEcho Parameter without a Default, or a dynamic reference to a secretsmanager/ssm-secure value.'
+      'or a Ref to a Parameter with a Default value.  ' \
+      'Can be Ref to a NoEcho Parameter without a Default, or a dynamic reference to a secretsmanager/ssm-secure value.'
   end
 
   def rule_type

data/lib/cfn-nag/custom_rules/ResourceWithExplicitNameRule.rb

@@ -26,7 +26,7 @@ class ResourceWithExplicitNameRule < BaseRule
 
   def rule_text
     'Resource found with an explicit name, this disallows updates that ' \
-    'require replacement of this resource'
+      'require replacement of this resource'
   end
 
   def rule_type

data/lib/cfn-nag/custom_rules/SecretsManagerSecretKmsKeyIdRule.rb

@@ -6,7 +6,7 @@ require_relative 'boolean_base_rule'
 class SecretsManagerSecretKmsKeyIdRule < BooleanBaseRule
   def rule_text
     'Secrets Manager Secret should explicitly specify KmsKeyId.' \
-    ' Besides control of the key this will allow the secret to be shared cross-account'
+      ' Besides control of the key this will allow the secret to be shared cross-account'
   end
 
   def rule_type

data/lib/cfn-nag/custom_rules/SecurityGroupIngressOpenToWorldRule.rb

@@ -9,7 +9,7 @@ class SecurityGroupIngressOpenToWorldRule < BaseRule
 
   def rule_text
     'Security Groups found with cidr open to world on ingress.  This should ' \
-    'never be true on instance.  Permissible on ELB'
+      'never be true on instance.  Permissible on ELB'
   end
 
   def rule_type

data/lib/cfn-nag/custom_rules/SecurityGroupIngressPortRangeRule.rb

@@ -6,7 +6,7 @@ require_relative 'base'
 class SecurityGroupIngressPortRangeRule < BaseRule
   def rule_text
     'Security Groups found ingress with port range instead of just a single ' \
-    'port'
+      'port'
   end
 
   def rule_type

data/lib/cfn-nag/custom_rules/SecurityGroupMissingEgressRule.rb

@@ -6,7 +6,7 @@ require_relative 'base'
 class SecurityGroupMissingEgressRule < BaseRule
   def rule_text
     'Missing egress rule means all traffic is allowed outbound.  Make this ' \
-    'explicit if it is desired configuration'
+      'explicit if it is desired configuration'
   end
 
   def rule_type

data/lib/cfn-nag/custom_rules/SecurityGroupRuleDescriptionRule.rb

@@ -8,8 +8,8 @@ require 'cfn-nag/util/blank'
 class SecurityGroupRuleDescriptionRule < BaseRule
   def rule_text
     'Security group rules without a description obscure their purpose and may '\
-    'lead to bad practices in ensuring they only allow traffic from the ports '\
-    'and sources/destinations required.'
+      'lead to bad practices in ensuring they only allow traffic from the ports '\
+      'and sources/destinations required.'
   end
 
   def rule_type

data/lib/cfn-nag/deny_list_loader.rb

@@ -0,0 +1,43 @@
+# frozen_string_literal: true
+
+require 'yaml'
+
+class DenyListLoader
+  def initialize(rules_registry)
+    @rules_registry = rules_registry
+  end
+
+  def load(deny_list_definition:)
+    raise 'Empty profile' if deny_list_definition.strip == ''
+
+    deny_list_ruleset = RuleIdSet.new
+
+    deny_list_hash = load_deny_list_yaml(deny_list_definition)
+    raise 'Deny list is malformed' unless deny_list_hash.is_a? Hash
+
+    rules_to_suppress = deny_list_hash.fetch('RulesToSuppress', {})
+    raise 'Missing RulesToSuppress key in deny list' if rules_to_suppress.empty?
+
+    rule_ids_to_suppress = rules_to_suppress.map { |rule| rule['id'] }
+    rule_ids_to_suppress.each do |rule_id|
+      check_valid_rule_id rule_id
+      deny_list_ruleset.add_rule rule_id
+    end
+
+    deny_list_ruleset
+  end
+
+  private
+
+  def load_deny_list_yaml(deny_list_definition)
+    YAML.safe_load(deny_list_definition)
+  rescue StandardError => yaml_parse_error
+    raise "YAML parse of deny list failed: #{yaml_parse_error}"
+  end
+
+  def check_valid_rule_id(rule_id)
+    return true unless @rules_registry.by_id(rule_id).nil?
+
+    raise "#{rule_id} is not a legal rule identifier from: #{@rules_registry.ids}"
+  end
+end

data/lib/cfn-nag/iam_complexity_metric/spcm.rb

@@ -11,8 +11,8 @@ class SPCM
                         parameter_values_path: nil,
                         condition_values_path: nil,
                         template_pattern: DEFAULT_TEMPLATE_PATTERN)
-    parameter_values_string = parameter_values_path.nil? ? nil : IO.read(parameter_values_path)
-    condition_values_string = condition_values_path.nil? ? nil : IO.read(condition_values_path)
+    parameter_values_string = parameter_values_path.nil? ? nil : File.read(parameter_values_path)
+    condition_values_string = condition_values_path.nil? ? nil : File.read(condition_values_path)
 
     templates = TemplateDiscovery.new.discover_templates(input_json_path: input_path,
                                                          template_pattern: template_pattern)
@@ -21,7 +21,7 @@ class SPCM
       aggregate_results << {
         filename: template,
         file_results: metric(
-          cloudformation_string: IO.read(template),
+          cloudformation_string: File.read(template),
           parameter_values_string: parameter_values_string,
           condition_values_string: condition_values_string
         )

data/lib/cfn-nag/util/enforce_reference_parameter.rb

@@ -29,5 +29,5 @@ end
 # is not present; otherwise returns true
 def no_echo_and_no_default_parameter_check(cfn_model, key_to_check)
   parameter = cfn_model.parameters[key_to_check['Ref']]
-  truthy?(parameter.noEcho) && parameter.default.nil? ? false : true
+  !(truthy?(parameter.noEcho) && parameter.default.nil?)
 end

data/lib/cfn-nag/violation_filtering.rb

@@ -1,7 +1,7 @@
 # frozen_string_literal: true
 
 require 'cfn-nag/profile_loader'
-require 'cfn-nag/blacklist_loader'
+require 'cfn-nag/deny_list_loader'
 
 module ViolationFiltering
   def filter_violations_by_profile(profile_definition:, rule_definitions:, violations:)
@@ -20,19 +20,19 @@ module ViolationFiltering
     end
   end
 
-  def filter_violations_by_blacklist(blacklist_definition:, rule_definitions:, violations:)
-    blacklist = nil
-    unless blacklist_definition.nil?
+  def filter_violations_by_deny_list(deny_list_definition:, rule_definitions:, violations:)
+    deny_list = nil
+    unless deny_list_definition.nil?
       begin
-        blacklist = BlackListLoader.new(rule_definitions)
-                                   .load(blacklist_definition: blacklist_definition)
-      rescue StandardError => blacklist_load_error
-        raise "Blacklist loading error: #{blacklist_load_error}"
+        deny_list = DenyListLoader.new(rule_definitions)
+                                  .load(deny_list_definition: deny_list_definition)
+      rescue StandardError => deny_list_load_error
+        raise "Deny list loading error: #{deny_list_load_error}"
       end
     end
 
     violations.reject do |violation|
-      !blacklist.nil? && blacklist.contains_rule?(violation.id)
+      !deny_list.nil? && deny_list.contains_rule?(violation.id)
     end
   end
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: cfn-nag
 version: !ruby/object:Gem::Version
-  version: 0.7.13
+  version: 0.8.0
 platform: ruby
 authors:
 - Eric Kascic
-autorequire:
+autorequire: 
 bindir: bin
 cert_chain: []
-date: 2021-05-11 00:00:00.000000000 Z
+date: 2021-10-07 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rake
@@ -72,14 +72,14 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.6.0
+        version: 0.6.3
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.6.0
+        version: 0.6.3
 - !ruby/object:Gem::Dependency
   name: logging
   requirement: !ruby/object:Gem::Requirement
@@ -165,7 +165,7 @@ dependencies:
       - !ruby/object:Gem::Version
         version: '0'
 description: Auditing tool for CloudFormation templates
-email:
+email: 
 executables:
 - cfn_nag
 - cfn_nag_rules
@@ -180,7 +180,6 @@ files:
 - bin/spcm_scan
 - lib/cfn-nag.rb
 - lib/cfn-nag/base_rule.rb
-- lib/cfn-nag/blacklist_loader.rb
 - lib/cfn-nag/cfn_nag.rb
 - lib/cfn-nag/cfn_nag_config.rb
 - lib/cfn-nag/cfn_nag_executor.rb
@@ -359,6 +358,7 @@ files:
 - lib/cfn-nag/custom_rules/password_base_rule.rb
 - lib/cfn-nag/custom_rules/resource_base_rule.rb
 - lib/cfn-nag/custom_rules/sub_property_with_list_password_base_rule.rb
+- lib/cfn-nag/deny_list_loader.rb
 - lib/cfn-nag/iam_complexity_metric/condition_metric.rb
 - lib/cfn-nag/iam_complexity_metric/html_results_renderer.rb
 - lib/cfn-nag/iam_complexity_metric/policy_document_metric.rb
@@ -394,7 +394,7 @@ homepage: https://github.com/stelligent/cfn_nag
 licenses:
 - MIT
 metadata: {}
-post_install_message:
+post_install_message: 
 rdoc_options: []
 require_paths:
 - lib
@@ -411,7 +411,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
 requirements: []
 rubygems_version: 3.1.2
-signing_key:
+signing_key: 
 specification_version: 4
 summary: cfn-nag
 test_files: []

data/lib/cfn-nag/blacklist_loader.rb

@@ -1,43 +0,0 @@
-# frozen_string_literal: true
-
-require 'yaml'
-
-class BlackListLoader
-  def initialize(rules_registry)
-    @rules_registry = rules_registry
-  end
-
-  def load(blacklist_definition:)
-    raise 'Empty profile' if blacklist_definition.strip == ''
-
-    blacklist_ruleset = RuleIdSet.new
-
-    blacklist_hash = load_blacklist_yaml(blacklist_definition)
-    raise 'Blacklist is malformed' unless blacklist_hash.is_a? Hash
-
-    rules_to_suppress = blacklist_hash.fetch('RulesToSuppress', {})
-    raise 'Missing RulesToSuppress key in black list' if rules_to_suppress.empty?
-
-    rule_ids_to_suppress = rules_to_suppress.map { |rule| rule['id'] }
-    rule_ids_to_suppress.each do |rule_id|
-      check_valid_rule_id rule_id
-      blacklist_ruleset.add_rule rule_id
-    end
-
-    blacklist_ruleset
-  end
-
-  private
-
-  def load_blacklist_yaml(blacklist_definition)
-    YAML.safe_load(blacklist_definition)
-  rescue StandardError => yaml_parse_error
-    raise "YAML parse of blacklist failed: #{yaml_parse_error}"
-  end
-
-  def check_valid_rule_id(rule_id)
-    return true unless @rules_registry.by_id(rule_id).nil?
-
-    raise "#{rule_id} is not a legal rule identifier from: #{@rules_registry.ids}"
-  end
-end