github.com/aquasecurity/trivy-iac@v0.8.1-0.20240127024015-3d8e412cf0ab/pkg/scanners/cloudformation/parser/intrinsics.go

github.com/aquasecurity/trivy-iac@v0.8.1-0.20240127024015-3d8e412cf0ab/pkg/scanners/cloudformation/parser/intrinsics.go (about)

     1  package parser
     2  
     3  import (
     4  	"fmt"
     5  	"strings"
     6  
     7  	"gopkg.in/yaml.v3"
     8  )
     9  
    10  var intrinsicFuncs map[string]func(property *Property) (*Property, bool)
    11  
    12  func init() {
    13  	intrinsicFuncs = map[string]func(property *Property) (*Property, bool){
    14  		"Ref":             ResolveReference,
    15  		"Fn::Base64":      ResolveBase64,
    16  		"Fn::Equals":      ResolveEquals,
    17  		"Fn::Join":        ResolveJoin,
    18  		"Fn::Split":       ResolveSplit,
    19  		"Fn::Sub":         ResolveSub,
    20  		"Fn::FindInMap":   ResolveFindInMap,
    21  		"Fn::Select":      ResolveSelect,
    22  		"Fn::GetAtt":      ResolveGetAtt,
    23  		"Fn::GetAZs":      GetAzs,
    24  		"Fn::Cidr":        GetCidr,
    25  		"Fn::ImportValue": ImportPlaceholder,
    26  		"Fn::If":          ResolveIf,
    27  		"Fn::And":         ResolveAnd,
    28  		"Fn::Or":          ResolveOr,
    29  		"Fn::Not":         ResolveNot,
    30  		"Fn::Length":      ResolveLength,
    31  		"Condition":       ResolveCondition,
    32  	}
    33  }
    34  
    35  func ImportPlaceholder(property *Property) (*Property, bool) {
    36  	property.unresolved = true
    37  	return property, false
    38  }
    39  
    40  func PassthroughResolution(property *Property) (*Property, bool) {
    41  	return property, false
    42  }
    43  
    44  func IsIntrinsicFunc(node *yaml.Node) bool {
    45  	if node == nil || node.Tag == "" {
    46  		return false
    47  	}
    48  
    49  	nodeTag := strings.TrimPrefix(node.Tag, "!")
    50  	if nodeTag != "Ref" && nodeTag != "Condition" {
    51  		nodeTag = fmt.Sprintf("Fn::%s", nodeTag)
    52  	}
    53  	for tag := range intrinsicFuncs {
    54  
    55  		if nodeTag == tag {
    56  			return true
    57  		}
    58  	}
    59  	return false
    60  }
    61  
    62  func IsIntrinsic(key string) bool {
    63  	for tag := range intrinsicFuncs {
    64  		if tag == key {
    65  			return true
    66  		}
    67  	}
    68  	return false
    69  }
    70  
    71  func ResolveIntrinsicFunc(property *Property) (*Property, bool) {
    72  	if property == nil {
    73  		return nil, false
    74  	}
    75  	if !property.IsMap() {
    76  		return property, false
    77  	}
    78  
    79  	for funcName := range property.AsMap() {
    80  		if fn := intrinsicFuncs[funcName]; fn != nil {
    81  			//
    82  			return fn(property)
    83  		}
    84  	}
    85  	return property, false
    86  }
    87  
    88  func getIntrinsicTag(tag string) string {
    89  	tag = strings.TrimPrefix(tag, "!")
    90  	switch tag {
    91  	case "Ref", "Contains":
    92  		return tag
    93  	default:
    94  		return fmt.Sprintf("Fn::%s", tag)
    95  	}
    96  }
    97  
    98  func abortIntrinsic(property *Property, msg string, components ...string) (*Property, bool) {
    99  	//
   100  	return property, false
   101  }