github.com/aquasecurity/trivy-iac@v0.8.1-0.20240127024015-3d8e412cf0ab/internal/adapters/cloudformation/aws/config/aggregator.go

github.com/aquasecurity/trivy-iac@v0.8.1-0.20240127024015-3d8e412cf0ab/internal/adapters/cloudformation/aws/config/aggregator.go (about)

     1  package config
     2  
     3  import (
     4  	"github.com/aquasecurity/defsec/pkg/providers/aws/config"
     5  	defsecTypes "github.com/aquasecurity/defsec/pkg/types"
     6  	"github.com/aquasecurity/trivy-iac/pkg/scanners/cloudformation/parser"
     7  )
     8  
     9  func getConfigurationAggregator(ctx parser.FileContext) config.ConfigurationAggregrator {
    10  
    11  	aggregator := config.ConfigurationAggregrator{
    12  		Metadata:         defsecTypes.NewUnmanagedMetadata(),
    13  		SourceAllRegions: defsecTypes.BoolDefault(false, ctx.Metadata()),
    14  	}
    15  
    16  	aggregatorResources := ctx.GetResourcesByType("AWS::Config::ConfigurationAggregator")
    17  
    18  	if len(aggregatorResources) == 0 {
    19  		return aggregator
    20  	}
    21  
    22  	return config.ConfigurationAggregrator{
    23  		Metadata:         aggregatorResources[0].Metadata(),
    24  		SourceAllRegions: isSourcingAllRegions(aggregatorResources[0]),
    25  	}
    26  }
    27  
    28  func isSourcingAllRegions(r *parser.Resource) defsecTypes.BoolValue {
    29  	accountProp := r.GetProperty("AccountAggregationSources")
    30  
    31  	if accountProp.IsNotNil() && accountProp.IsList() {
    32  		for _, a := range accountProp.AsList() {
    33  			regionsProp := a.GetProperty("AllAwsRegions")
    34  			if regionsProp.IsNotNil() {
    35  				return a.GetBoolProperty("AllAwsRegions")
    36  			}
    37  		}
    38  	}
    39  
    40  	return r.GetBoolProperty("OrganizationAggregationSource.AllAwsRegions")
    41  }