small performance improvements

salesforce · Aug 25, 2024 · af42643 · af42643
1 parent efb481d
commit af42643
Show file tree

Hide file tree

Showing 2 changed files with 15 additions and 10 deletions.
diff --git a/cloudsplaining/scan/statement_detail.py b/cloudsplaining/scan/statement_detail.py
@@ -263,9 +263,11 @@ def missing_resource_constraints_for_modify_actions(self, exclusions: Exclusions
 
         actions_missing_resource_constraints = self.missing_resource_constraints(exclusions)
 
-        always_actions_found = [
-            action for action in actions_missing_resource_constraints if action.lower() in always_look_for_actions
-        ]
+        always_actions_found = (
+            [action for action in actions_missing_resource_constraints if action.lower() in always_look_for_actions]
+            if always_look_for_actions
+            else []
+        )
 
         modify_actions_missing_constraints = set()
         modify_actions_missing_constraints.update(remove_read_level_actions(actions_missing_resource_constraints))

diff --git a/cloudsplaining/shared/exclusions.py b/cloudsplaining/shared/exclusions.py
@@ -116,18 +116,21 @@ def is_principal_excluded(self, principal: str, principal_type: str) -> bool:
     def get_allowed_actions(self, requested_actions: list[str]) -> list[str]:
         """Given a list of actions, it will evaluate those actions against the exclusions configuration and return a
         list of actions after filtering for exclusions."""
+        if not self.exclude_actions:
+            # no exclusion -> all allowed
+            return list(set(requested_actions))
 
-        always_include_actions = set()
-        actions_minus_exclusions = set()
+        allowed_actions = set()
         for action in requested_actions:
+            action_lower = action.lower()
             # ALWAYS INCLUDE ACTIONS
-            if action.lower() in self.include_actions:
-                always_include_actions.add(action)
+            if action_lower in self.include_actions:
+                allowed_actions.add(action)
             # RULE OUT EXCLUDED ACTIONS
-            if not is_name_excluded(action.lower(), self.exclude_actions):
-                actions_minus_exclusions.add(action)
+            if not is_name_excluded(action_lower, self.exclude_actions):
+                allowed_actions.add(action)
 
-        return list(always_include_actions | actions_minus_exclusions)
+        return list(allowed_actions)
 
 
 # pylint: disable=inconsistent-return-statements