github.com/khulnasoft-lab/defsec@v1.0.5-0.20230827010352-5e9f46893d95/internal/adapters/cloud/aws/accessanalyzer/adapt.go

github.com/khulnasoft-lab/defsec@v1.0.5-0.20230827010352-5e9f46893d95/internal/adapters/cloud/aws/accessanalyzer/adapt.go (about)

     1  package api_gateway
     2  
     3  import (
     4  	"fmt"
     5  
     6  	"github.com/aws/aws-sdk-go-v2/aws/arn"
     7  	api "github.com/aws/aws-sdk-go-v2/service/accessanalyzer"
     8  	aatypes "github.com/aws/aws-sdk-go-v2/service/accessanalyzer/types"
     9  	"github.com/khulnasoft-lab/defsec/internal/adapters/cloud/aws"
    10  	"github.com/khulnasoft-lab/defsec/pkg/concurrency"
    11  	"github.com/khulnasoft-lab/defsec/pkg/providers/aws/accessanalyzer"
    12  	"github.com/khulnasoft-lab/defsec/pkg/state"
    13  	"github.com/khulnasoft-lab/defsec/pkg/types"
    14  )
    15  
    16  type adapter struct {
    17  	*aws.RootAdapter
    18  	api *api.Client
    19  }
    20  
    21  func init() {
    22  	aws.RegisterServiceAdapter(&adapter{})
    23  }
    24  
    25  func (a *adapter) Provider() string {
    26  	return "aws"
    27  }
    28  
    29  func (a *adapter) Name() string {
    30  	return "accessanalyzer"
    31  }
    32  
    33  func (a *adapter) Adapt(root *aws.RootAdapter, state *state.State) error {
    34  
    35  	a.RootAdapter = root
    36  	a.api = api.NewFromConfig(root.SessionConfig())
    37  
    38  	var err error
    39  	state.AWS.AccessAnalyzer.Analyzers, err = a.adaptAnalyzers()
    40  	if err != nil {
    41  		return err
    42  	}
    43  
    44  	return nil
    45  }
    46  
    47  func (a *adapter) adaptAnalyzers() ([]accessanalyzer.Analyzer, error) {
    48  	a.Tracker().SetServiceLabel("Discovering analyzers...")
    49  
    50  	var input api.ListAnalyzersInput
    51  	var apiAnalyzers []aatypes.AnalyzerSummary
    52  	for {
    53  		output, err := a.api.ListAnalyzers(a.Context(), &input)
    54  		if err != nil {
    55  			return nil, err
    56  		}
    57  		apiAnalyzers = append(apiAnalyzers, output.Analyzers...)
    58  		a.Tracker().SetTotalResources(len(apiAnalyzers))
    59  		if output.NextToken == nil {
    60  			break
    61  		}
    62  		input.NextToken = output.NextToken
    63  	}
    64  
    65  	a.Tracker().SetServiceLabel("Adapting analyzers...")
    66  	return concurrency.Adapt(apiAnalyzers, a.RootAdapter, a.adaptAnalyzer), nil
    67  }
    68  
    69  func (a *adapter) adaptAnalyzer(apiAnalyzer aatypes.AnalyzerSummary) (*accessanalyzer.Analyzer, error) {
    70  
    71  	if apiAnalyzer.Arn == nil {
    72  		return nil, fmt.Errorf("missing arn")
    73  	}
    74  	parsed, err := arn.Parse(*apiAnalyzer.Arn)
    75  	if err != nil {
    76  		return nil, fmt.Errorf("invalid arn: %w", err)
    77  	}
    78  	if parsed.Region != a.Region() {
    79  		return nil, nil // skip other regions
    80  	}
    81  
    82  	metadata := a.CreateMetadataFromARN(*apiAnalyzer.Arn)
    83  	var name string
    84  	if apiAnalyzer.Name != nil {
    85  		name = *apiAnalyzer.Name
    86  	}
    87  
    88  	var findings []accessanalyzer.Findings
    89  	output, err := a.api.ListFindings(a.Context(), &api.ListFindingsInput{
    90  		AnalyzerArn: apiAnalyzer.Arn,
    91  	})
    92  	if err != nil {
    93  		return nil, err
    94  	}
    95  	if output.Findings != nil {
    96  		for _, r := range output.Findings {
    97  			findings = append(findings, accessanalyzer.Findings{
    98  				Metadata: metadata,
    99  			})
   100  			_ = r
   101  		}
   102  	}
   103  
   104  	return &accessanalyzer.Analyzer{
   105  		Metadata: metadata,
   106  		ARN:      types.String(*apiAnalyzer.Arn, metadata),
   107  		Name:     types.String(name, metadata),
   108  		Active:   types.Bool(apiAnalyzer.Status == aatypes.AnalyzerStatusActive, metadata),
   109  		Findings: findings,
   110  	}, nil
   111  }