github.com/khulnasoft-lab/defsec@v1.0.5-0.20230827010352-5e9f46893d95/internal/adapters/arm/database/postgresql.go

github.com/khulnasoft-lab/defsec@v1.0.5-0.20230827010352-5e9f46893d95/internal/adapters/arm/database/postgresql.go (about)

     1  package database
     2  
     3  import (
     4  	"fmt"
     5  	"strings"
     6  
     7  	"github.com/khulnasoft-lab/defsec/pkg/providers/azure/database"
     8  	"github.com/khulnasoft-lab/defsec/pkg/scanners/azure"
     9  	defsecTypes "github.com/khulnasoft-lab/defsec/pkg/types"
    10  )
    11  
    12  func adaptPostgreSQLServers(deployment azure.Deployment) (databases []database.PostgreSQLServer) {
    13  	for _, resource := range deployment.GetResourcesByType("Microsoft.DBforPostgreSQL/servers") {
    14  		databases = append(databases, adaptPostgreSQLServer(resource, deployment))
    15  	}
    16  
    17  	return databases
    18  }
    19  
    20  func adaptPostgreSQLServer(resource azure.Resource, deployment azure.Deployment) database.PostgreSQLServer {
    21  	return database.PostgreSQLServer{
    22  		Metadata: resource.Metadata,
    23  		Server: database.Server{
    24  			Metadata:                  resource.Metadata,
    25  			EnableSSLEnforcement:      resource.Properties.GetMapValue("sslEnforcement").AsBoolValue(false, resource.Metadata),
    26  			MinimumTLSVersion:         resource.Properties.GetMapValue("minimalTlsVersion").AsStringValue("TLSEnforcementDisabled", resource.Metadata),
    27  			EnablePublicNetworkAccess: resource.Properties.GetMapValue("publicNetworkAccess").AsBoolValue(false, resource.Metadata),
    28  			FirewallRules:             addFirewallRule(resource),
    29  		},
    30  		Config: adaptPostgreSQLConfiguration(resource, deployment),
    31  	}
    32  }
    33  
    34  func adaptPostgreSQLConfiguration(resource azure.Resource, deployment azure.Deployment) database.PostgresSQLConfig {
    35  
    36  	parent := fmt.Sprintf("%s/", resource.Name.AsString())
    37  
    38  	config := database.PostgresSQLConfig{
    39  		Metadata:             resource.Metadata,
    40  		LogCheckpoints:       defsecTypes.BoolDefault(false, resource.Metadata),
    41  		ConnectionThrottling: defsecTypes.BoolDefault(false, resource.Metadata),
    42  		LogConnections:       defsecTypes.BoolDefault(false, resource.Metadata),
    43  	}
    44  
    45  	for _, configuration := range deployment.GetResourcesByType("Microsoft.DBforPostgreSQL/servers/configurations") {
    46  		if strings.HasPrefix(configuration.Name.AsString(), parent) {
    47  			val := configuration.Properties.GetMapValue("value")
    48  			if strings.HasSuffix(configuration.Name.AsString(), "log_checkpoints") {
    49  				config.LogCheckpoints = val.AsBoolValue(false, configuration.Metadata)
    50  				continue
    51  			}
    52  			if strings.HasSuffix(configuration.Name.AsString(), "log_connections") {
    53  				config.LogConnections = val.AsBoolValue(false, configuration.Metadata)
    54  				continue
    55  			}
    56  			if strings.HasSuffix(configuration.Name.AsString(), "connection_throttling") {
    57  				config.ConnectionThrottling = val.AsBoolValue(false, configuration.Metadata)
    58  				continue
    59  			}
    60  		}
    61  	}
    62  
    63  	return config
    64  }