github.com/khulnasoft-lab/defsec@v1.0.5-0.20230827010352-5e9f46893d95/internal/adapters/cloud/aws/elb/adapt.go (about) 1 package elb 2 3 import ( 4 api "github.com/aws/aws-sdk-go-v2/service/elasticloadbalancingv2" 5 "github.com/aws/aws-sdk-go-v2/service/elasticloadbalancingv2/types" 6 "github.com/khulnasoft-lab/defsec/internal/adapters/cloud/aws" 7 "github.com/khulnasoft-lab/defsec/pkg/concurrency" 8 "github.com/khulnasoft-lab/defsec/pkg/providers/aws/elb" 9 "github.com/khulnasoft-lab/defsec/pkg/state" 10 defsecTypes "github.com/khulnasoft-lab/defsec/pkg/types" 11 ) 12 13 type adapter struct { 14 *aws.RootAdapter 15 api *api.Client 16 } 17 18 func init() { 19 aws.RegisterServiceAdapter(&adapter{}) 20 } 21 22 func (a *adapter) Provider() string { 23 return "aws" 24 } 25 26 func (a *adapter) Name() string { 27 return "elb" 28 } 29 30 func (a *adapter) Adapt(root *aws.RootAdapter, state *state.State) error { 31 32 a.RootAdapter = root 33 a.api = api.NewFromConfig(root.SessionConfig()) 34 var err error 35 36 state.AWS.ELB.LoadBalancers, err = a.getLoadBalancers() 37 if err != nil { 38 return err 39 } 40 41 return nil 42 } 43 44 func (a *adapter) getLoadBalancers() ([]elb.LoadBalancer, error) { 45 46 a.Tracker().SetServiceLabel("Discovering load balancers...") 47 48 var apiLoadBalancers []types.LoadBalancer 49 var input api.DescribeLoadBalancersInput 50 for { 51 output, err := a.api.DescribeLoadBalancers(a.Context(), &input) 52 if err != nil { 53 return nil, err 54 } 55 apiLoadBalancers = append(apiLoadBalancers, output.LoadBalancers...) 56 a.Tracker().SetTotalResources(len(apiLoadBalancers)) 57 if output.NextMarker == nil { 58 break 59 } 60 input.Marker = output.NextMarker 61 } 62 63 a.Tracker().SetServiceLabel("Adapting load balancers...") 64 return concurrency.Adapt(apiLoadBalancers, a.RootAdapter, a.adaptLoadBalancer), nil 65 } 66 67 func (a *adapter) adaptLoadBalancer(apiLoadBalancer types.LoadBalancer) (*elb.LoadBalancer, error) { 68 metadata := a.CreateMetadataFromARN(*apiLoadBalancer.LoadBalancerArn) 69 70 var dropInvalidHeaders bool 71 { 72 // routing.http.drop_invalid_header_fields.enabled 73 output, err := a.api.DescribeLoadBalancerAttributes(a.Context(), &api.DescribeLoadBalancerAttributesInput{ 74 LoadBalancerArn: apiLoadBalancer.LoadBalancerArn, 75 }) 76 if err != nil { 77 return nil, err 78 } 79 for _, attr := range output.Attributes { 80 if attr.Key != nil && *attr.Key == "routing.http.drop_invalid_header_fields.enabled" { 81 dropInvalidHeaders = attr.Value != nil && *attr.Value == "true" 82 break 83 } 84 } 85 } 86 87 var listeners []elb.Listener 88 { 89 input := api.DescribeListenersInput{ 90 LoadBalancerArn: apiLoadBalancer.LoadBalancerArn, 91 } 92 for { 93 output, err := a.api.DescribeListeners(a.Context(), &input) 94 if err != nil { 95 return nil, err 96 } 97 for _, listener := range output.Listeners { 98 metadata := a.CreateMetadataFromARN(*listener.ListenerArn) 99 100 var actions []elb.Action 101 for _, action := range listener.DefaultActions { 102 actions = append(actions, elb.Action{ 103 Metadata: metadata, 104 Type: defsecTypes.String(string(action.Type), metadata), 105 }) 106 } 107 108 sslPolicy := defsecTypes.StringDefault("", metadata) 109 if listener.SslPolicy != nil { 110 sslPolicy = defsecTypes.String(*listener.SslPolicy, metadata) 111 } 112 113 listeners = append(listeners, elb.Listener{ 114 Metadata: metadata, 115 Protocol: defsecTypes.String(string(listener.Protocol), metadata), 116 TLSPolicy: sslPolicy, 117 DefaultActions: actions, 118 }) 119 } 120 if output.NextMarker == nil { 121 break 122 } 123 input.Marker = output.NextMarker 124 } 125 } 126 127 return &elb.LoadBalancer{ 128 Metadata: metadata, 129 Type: defsecTypes.String(string(apiLoadBalancer.Type), metadata), 130 DropInvalidHeaderFields: defsecTypes.Bool(dropInvalidHeaders, metadata), 131 Internal: defsecTypes.Bool(apiLoadBalancer.Scheme == types.LoadBalancerSchemeEnumInternal, metadata), 132 Listeners: listeners, 133 }, nil 134 }