github.com/khulnasoft-lab/defsec@v1.0.5-0.20230827010352-5e9f46893d95/internal/adapters/arm/storage/adapt.go

github.com/khulnasoft-lab/defsec@v1.0.5-0.20230827010352-5e9f46893d95/internal/adapters/arm/storage/adapt.go (about)

     1  package storage
     2  
     3  import (
     4  	"strings"
     5  
     6  	"github.com/khulnasoft-lab/defsec/pkg/providers/azure/storage"
     7  	"github.com/khulnasoft-lab/defsec/pkg/scanners/azure"
     8  
     9  	"github.com/khulnasoft-lab/defsec/pkg/types"
    10  )
    11  
    12  func Adapt(deployment azure.Deployment) storage.Storage {
    13  	return storage.Storage{
    14  		Accounts: adaptAccounts(deployment),
    15  	}
    16  }
    17  
    18  func adaptAccounts(deployment azure.Deployment) []storage.Account {
    19  	var accounts []storage.Account
    20  	for _, resource := range deployment.GetResourcesByType("Microsoft.Storage/storageAccounts") {
    21  
    22  		var networkRules []storage.NetworkRule
    23  		for _, acl := range resource.Properties.GetMapValue("networkAcls").AsList() {
    24  
    25  			var bypasses []types.StringValue
    26  			bypassProp := acl.GetMapValue("bypass")
    27  			for _, bypass := range strings.Split(bypassProp.AsString(), ",") {
    28  				bypasses = append(bypasses, types.String(bypass, bypassProp.GetMetadata()))
    29  			}
    30  
    31  			networkRules = append(networkRules, storage.NetworkRule{
    32  				Metadata:       acl.GetMetadata(),
    33  				Bypass:         bypasses,
    34  				AllowByDefault: types.Bool(acl.GetMapValue("defaultAction").EqualTo("Allow"), acl.GetMetadata()),
    35  			})
    36  		}
    37  
    38  		var queues []storage.Queue
    39  		for _, queueResource := range resource.GetResourcesByType("queueServices/queues") {
    40  			queues = append(queues, storage.Queue{
    41  				Metadata: queueResource.Metadata,
    42  				Name:     queueResource.Name.AsStringValue("", queueResource.Metadata),
    43  			})
    44  		}
    45  
    46  		var containers []storage.Container
    47  		for _, containerResource := range resource.GetResourcesByType("containerServices/containers") {
    48  			containers = append(containers, storage.Container{
    49  				Metadata:     containerResource.Metadata,
    50  				PublicAccess: containerResource.Properties.GetMapValue("publicAccess").AsStringValue("None", containerResource.Metadata),
    51  			})
    52  		}
    53  
    54  		account := storage.Account{
    55  			Metadata:     resource.Metadata,
    56  			NetworkRules: networkRules,
    57  			EnforceHTTPS: resource.Properties.GetMapValue("supportsHttpsTrafficOnly").AsBoolValue(false, resource.Properties.GetMetadata()),
    58  			Containers:   containers,
    59  			QueueProperties: storage.QueueProperties{
    60  				Metadata:      resource.Properties.GetMetadata(),
    61  				EnableLogging: types.BoolDefault(false, resource.Properties.GetMetadata()),
    62  			},
    63  			MinimumTLSVersion: resource.Properties.GetMapValue("minimumTlsVersion").AsStringValue("TLS1_0", resource.Properties.GetMetadata()),
    64  			Queues:            queues,
    65  		}
    66  		accounts = append(accounts, account)
    67  	}
    68  	return accounts
    69  }