[ Avaa Bypassed ]

"""
Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
SPDX-License-Identifier: MIT-0
"""
import regex as re

from cfnlint.helpers import FUNCTIONS
from cfnlint.rules import CloudFormationLintRule, RuleMatch


class Aliases(CloudFormationLintRule):
    """Check if CloudFront Aliases are valid domain names"""

    id = "E3013"
    shortdesc = "CloudFront Aliases"
    description = "CloudFront aliases should contain valid domain names"
    source_url = "https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudfront-distribution-distributionconfig.html#cfn-cloudfront-distribution-distributionconfig-aliases"
    tags = ["properties", "cloudfront"]

    def match(self, cfn):
        """Check cloudfront Resource Parameters"""

        matches = []

        valid_domain = re.compile(
            r"^(?:[a-z0-9\*](?:[a-z0-9-]{0,61}[a-z0-9])?\.)+[a-z0-9][a-z0-9-]{0,61}[a-z0-9]$"
        )

        results = cfn.get_resource_properties(
            ["AWS::CloudFront::Distribution", "DistributionConfig"]
        )
        for result in results:
            aliases = result["Value"].get("Aliases")
            if aliases:
                for alias in aliases:
                    if isinstance(alias, str) and alias not in FUNCTIONS:
                        wildcard = alias.split(".")
                        if "*" in wildcard[1:]:
                            path = result["Path"] + ["Aliases"]
                            message = f'Invalid use of wildcards: {alias} at {"/".join(result["Path"])}'
                            matches.append(RuleMatch(path, message))
                        if not re.match(valid_domain, alias):
                            path = result["Path"] + ["Aliases"]
                            message = f'Invalid alias found: {alias} at {"/".join(result["Path"])}'
                            matches.append(RuleMatch(path, message))

        return matches