github.com/khulnasoft-lab/defsec@v1.0.5-0.20230827010352-5e9f46893d95/internal/adapters/cloud/aws/codebuild/adapt.go

github.com/khulnasoft-lab/defsec@v1.0.5-0.20230827010352-5e9f46893d95/internal/adapters/cloud/aws/codebuild/adapt.go (about)

     1  package codebuild
     2  
     3  import (
     4  	api "github.com/aws/aws-sdk-go-v2/service/codebuild"
     5  	"github.com/khulnasoft-lab/defsec/internal/adapters/cloud/aws"
     6  	"github.com/khulnasoft-lab/defsec/pkg/concurrency"
     7  	"github.com/khulnasoft-lab/defsec/pkg/providers/aws/codebuild"
     8  	"github.com/khulnasoft-lab/defsec/pkg/state"
     9  	defsecTypes "github.com/khulnasoft-lab/defsec/pkg/types"
    10  )
    11  
    12  type adapter struct {
    13  	*aws.RootAdapter
    14  	client *api.Client
    15  }
    16  
    17  func init() {
    18  	aws.RegisterServiceAdapter(&adapter{})
    19  }
    20  
    21  func (a *adapter) Provider() string {
    22  	return "aws"
    23  }
    24  
    25  func (a *adapter) Name() string {
    26  	return "codebuild"
    27  }
    28  
    29  func (a *adapter) Adapt(root *aws.RootAdapter, state *state.State) error {
    30  
    31  	a.RootAdapter = root
    32  	a.client = api.NewFromConfig(root.SessionConfig())
    33  	var err error
    34  
    35  	state.AWS.CodeBuild.Projects, err = a.getProjects()
    36  	if err != nil {
    37  		return err
    38  	}
    39  
    40  	return nil
    41  }
    42  
    43  func (a *adapter) getProjects() ([]codebuild.Project, error) {
    44  
    45  	a.Tracker().SetServiceLabel("Discovering projects...")
    46  
    47  	var projectNames []string
    48  	var input api.ListProjectsInput
    49  	for {
    50  		output, err := a.client.ListProjects(a.Context(), &input)
    51  		if err != nil {
    52  			return nil, err
    53  		}
    54  		projectNames = append(projectNames, output.Projects...)
    55  		a.Tracker().SetTotalResources(len(projectNames))
    56  		if output.NextToken == nil {
    57  			break
    58  		}
    59  		input.NextToken = output.NextToken
    60  	}
    61  
    62  	a.Tracker().SetServiceLabel("Adapting projects...")
    63  	return concurrency.Adapt(projectNames, a.RootAdapter, a.adaptProject), nil
    64  }
    65  
    66  func (a *adapter) adaptProject(name string) (*codebuild.Project, error) {
    67  
    68  	output, err := a.client.BatchGetProjects(a.Context(), &api.BatchGetProjectsInput{
    69  		Names: []string{name},
    70  	})
    71  	if err != nil {
    72  		return nil, err
    73  	}
    74  
    75  	project := output.Projects[0]
    76  
    77  	metadata := a.CreateMetadataFromARN(*project.Arn)
    78  
    79  	encryptionEnabled := true
    80  	if project.Artifacts != nil {
    81  		if project.Artifacts.EncryptionDisabled != nil {
    82  			encryptionEnabled = !*project.Artifacts.EncryptionDisabled
    83  		}
    84  	}
    85  
    86  	var secondaryArtifactSettings []codebuild.ArtifactSettings
    87  	for _, settings := range project.SecondaryArtifacts {
    88  		encryptionEnabled := true
    89  		if settings.EncryptionDisabled != nil {
    90  			encryptionEnabled = !*settings.EncryptionDisabled
    91  		}
    92  		secondaryArtifactSettings = append(secondaryArtifactSettings, codebuild.ArtifactSettings{
    93  			Metadata:          metadata,
    94  			EncryptionEnabled: defsecTypes.Bool(encryptionEnabled, metadata),
    95  		})
    96  	}
    97  
    98  	return &codebuild.Project{
    99  		Metadata: metadata,
   100  		ArtifactSettings: codebuild.ArtifactSettings{
   101  			Metadata:          metadata,
   102  			EncryptionEnabled: defsecTypes.Bool(encryptionEnabled, metadata),
   103  		},
   104  		SecondaryArtifactSettings: secondaryArtifactSettings,
   105  	}, nil
   106  }