github.com/aquasecurity/trivy-iac@v0.8.1-0.20240127024015-3d8e412cf0ab/pkg/scanners/cloudformation/parser/fn_builtin.go (about) 1 package parser 2 3 import ( 4 "fmt" 5 "net" 6 7 "github.com/aquasecurity/trivy-iac/pkg/scanners/cloudformation/cftypes" 8 9 "github.com/apparentlymart/go-cidr/cidr" 10 ) 11 12 func GetAzs(property *Property) (*Property, bool) { 13 return property.deriveResolved(cftypes.List, []*Property{ 14 property.deriveResolved(cftypes.String, "us-east-1a"), 15 property.deriveResolved(cftypes.String, "us-east-1a"), 16 property.deriveResolved(cftypes.String, "us-east-1a"), 17 }), true 18 } 19 20 func GetCidr(property *Property) (*Property, bool) { 21 if !property.isFunction() { 22 return property, true 23 } 24 25 refValue := property.AsMap()["Fn::Cidr"] 26 if refValue.IsNotList() || len(refValue.AsList()) != 3 { 27 return abortIntrinsic(property, "Fn::Cidr expects a list of 3 attributes") 28 } 29 30 listParts := refValue.AsList() 31 ipaddressProp := listParts[0] 32 ipAddress := "10.0.0.0/2" 33 if ipaddressProp.IsString() { 34 ipAddress = ipaddressProp.AsString() 35 } 36 count := listParts[1].AsInt() 37 bit := listParts[2].AsInt() 38 39 ranges, err := calculateCidrs(ipAddress, count, bit, property) 40 if err != nil { 41 return abortIntrinsic(property, "Could not calculate the required ranges") 42 } 43 return property.deriveResolved(cftypes.List, ranges), true 44 } 45 46 func calculateCidrs(ipaddress string, count int, bit int, original *Property) ([]*Property, error) { 47 48 var cidrProperties []*Property 49 50 _, network, err := net.ParseCIDR(ipaddress) 51 if err != nil { 52 return nil, err 53 } 54 55 for i := 0; i < count; i++ { 56 next, err := cidr.Subnet(network, bit, i) 57 if err != nil { 58 return nil, fmt.Errorf("failed to create cidr blocks") 59 } 60 61 cidrProperties = append(cidrProperties, original.deriveResolved(cftypes.String, next.String())) 62 } 63 64 return cidrProperties, nil 65 }