Functions

Functions

Use functions in rules to identify specific information about resource types. Functions use following syntax:

<function>(<argument>)  

Following are the functions used in NGL:

len

Usage: len is a function which calculates the length of a list property or a string property, and returns it as an integer value.

Syntax: len(list_property1)

Example:

microsoft365 malwarefilterpolicy should-have len(FileTypes) > 0

Explanation: NGL will return all Microsoft365 apps’ malware filter policy whose length of file type is greater than 0.

age

Usage: age is a function which calculates the time difference of a time property till the current time. It takes two parameters, the time property name and unit of time as a string, and returns an integer representing the time difference of that time property measured in the units provided to the function. The value of the property should be an integer representing an Epoch (Unix) time.

Syntax: age(time_property1, “unit_of_time”)

Example:

github repository should-have age(created_at , "days") > 1

Explanation: NGL will return a list of GitHub repositories which have been created before 1 day and greater.

text match

Usage: textmatch is a function which evaluates the specified regular expression against a given string property. If the string contains the pattern, It returns true otherwise false. See different expressions used with textmatch in How to use the textmatch function article.

Syntax: textmatch(string_property, regex_pattern)

Example:

azuread oauth2permissiongrant should-not-have textmatch(scope, "AppRoleAssignment.ReadWrite.All") = true

Explanation: NGL will generate findings if the ‘scope‘ value is equal to the string “AppRoleAssignment.ReadWrite.All” (i.e. true).

Share this Doc

Functions

Or copy link

In this topic ...