github.com/khulnasoft-lab/defsec@v1.0.5-0.20230827010352-5e9f46893d95/internal/adapters/arm/appservice/adapt.go

github.com/khulnasoft-lab/defsec@v1.0.5-0.20230827010352-5e9f46893d95/internal/adapters/arm/appservice/adapt.go (about)

     1  package appservice
     2  
     3  import (
     4  	"github.com/khulnasoft-lab/defsec/pkg/providers/azure/appservice"
     5  	"github.com/khulnasoft-lab/defsec/pkg/scanners/azure"
     6  	defsecTypes "github.com/khulnasoft-lab/defsec/pkg/types"
     7  )
     8  
     9  func Adapt(deployment azure.Deployment) appservice.AppService {
    10  	return appservice.AppService{
    11  		Services:     adaptServices(deployment),
    12  		FunctionApps: adaptFunctionApps(deployment),
    13  	}
    14  }
    15  
    16  func adaptFunctionApps(deployment azure.Deployment) []appservice.FunctionApp {
    17  	var functionApps []appservice.FunctionApp
    18  
    19  	for _, resource := range deployment.GetResourcesByType("Microsoft.Web/sites") {
    20  		functionApps = append(functionApps, adaptFunctionApp(resource))
    21  	}
    22  	return functionApps
    23  }
    24  
    25  func adaptServices(deployment azure.Deployment) []appservice.Service {
    26  	var services []appservice.Service
    27  	for _, resource := range deployment.GetResourcesByType("Microsoft.Web/sites") {
    28  		services = append(services, adaptService(resource))
    29  	}
    30  	return services
    31  }
    32  
    33  func adaptFunctionApp(resource azure.Resource) appservice.FunctionApp {
    34  	return appservice.FunctionApp{
    35  		Metadata:  resource.Metadata,
    36  		HTTPSOnly: resource.Properties.GetMapValue("httpsOnly").AsBoolValue(false, resource.Properties.GetMetadata()),
    37  	}
    38  }
    39  
    40  func adaptService(resource azure.Resource) appservice.Service {
    41  	return appservice.Service{
    42  		Metadata:         resource.Metadata,
    43  		EnableClientCert: resource.Properties.GetMapValue("clientCertEnabled").AsBoolValue(false, resource.Properties.GetMetadata()),
    44  		Identity: struct{ Type defsecTypes.StringValue }{
    45  			Type: resource.Properties.GetMapValue("identity").GetMapValue("type").AsStringValue("", resource.Properties.GetMetadata()),
    46  		},
    47  		Authentication: struct{ Enabled defsecTypes.BoolValue }{
    48  			Enabled: resource.Properties.GetMapValue("siteAuthSettings").GetMapValue("enabled").AsBoolValue(false, resource.Properties.GetMetadata()),
    49  		},
    50  		Site: struct {
    51  			EnableHTTP2       defsecTypes.BoolValue
    52  			MinimumTLSVersion defsecTypes.StringValue
    53  		}{
    54  			EnableHTTP2:       resource.Properties.GetMapValue("httpsOnly").AsBoolValue(false, resource.Properties.GetMetadata()),
    55  			MinimumTLSVersion: resource.Properties.GetMapValue("minTlsVersion").AsStringValue("", resource.Properties.GetMetadata()),
    56  		},
    57  	}
    58  }