github.com/khulnasoft-lab/defsec@v1.0.5-0.20230827010352-5e9f46893d95/internal/adapters/cloud/aws/iam/certs.go

github.com/khulnasoft-lab/defsec@v1.0.5-0.20230827010352-5e9f46893d95/internal/adapters/cloud/aws/iam/certs.go (about)

     1  package iam
     2  
     3  import (
     4  	"fmt"
     5  
     6  	defsecTypes "github.com/khulnasoft-lab/defsec/pkg/types"
     7  
     8  	iamapi "github.com/aws/aws-sdk-go-v2/service/iam"
     9  	iamtypes "github.com/aws/aws-sdk-go-v2/service/iam/types"
    10  	"github.com/khulnasoft-lab/defsec/pkg/concurrency"
    11  	"github.com/khulnasoft-lab/defsec/pkg/providers/aws/iam"
    12  	"github.com/khulnasoft-lab/defsec/pkg/state"
    13  )
    14  
    15  func (a *adapter) adaptServerCertificates(state *state.State) error {
    16  	a.Tracker().SetServiceLabel("Discovering server certificates...")
    17  
    18  	var certs []iamtypes.ServerCertificateMetadata
    19  
    20  	input := &iamapi.ListServerCertificatesInput{}
    21  	for {
    22  		certsOutput, err := a.api.ListServerCertificates(a.Context(), input)
    23  		if err != nil {
    24  			return err
    25  		}
    26  		certs = append(certs, certsOutput.ServerCertificateMetadataList...)
    27  		a.Tracker().SetTotalResources(len(certs))
    28  		if !certsOutput.IsTruncated {
    29  			break
    30  		}
    31  		input.Marker = certsOutput.Marker
    32  	}
    33  
    34  	a.Tracker().SetServiceLabel("Adapting server certificates...")
    35  
    36  	state.AWS.IAM.ServerCertificates = concurrency.Adapt(certs, a.RootAdapter, a.adaptServerCertificate)
    37  	return nil
    38  }
    39  
    40  func (a *adapter) adaptServerCertificate(certInfo iamtypes.ServerCertificateMetadata) (*iam.ServerCertificate, error) {
    41  	cert, err := a.api.GetServerCertificate(a.Context(), &iamapi.GetServerCertificateInput{
    42  		ServerCertificateName: certInfo.ServerCertificateName,
    43  	})
    44  	if err != nil {
    45  		return nil, err
    46  	}
    47  
    48  	if cert.ServerCertificate.ServerCertificateMetadata == nil || cert.ServerCertificate.ServerCertificateMetadata.Arn == nil {
    49  		return nil, fmt.Errorf("server certificate metadata is nil")
    50  	}
    51  
    52  	metadata := a.CreateMetadataFromARN(*cert.ServerCertificate.ServerCertificateMetadata.Arn)
    53  
    54  	expiration := defsecTypes.TimeUnresolvable(metadata)
    55  	if cert.ServerCertificate.ServerCertificateMetadata.Expiration != nil {
    56  		expiration = defsecTypes.Time(*cert.ServerCertificate.ServerCertificateMetadata.Expiration, metadata)
    57  	}
    58  
    59  	return &iam.ServerCertificate{
    60  		Metadata:   metadata,
    61  		Expiration: expiration,
    62  	}, nil
    63  }