github.com/khulnasoft-lab/defsec@v1.0.5-0.20230827010352-5e9f46893d95/internal/adapters/cloudformation/aws/cloudfront/distribution.go (about) 1 package cloudfront 2 3 import ( 4 "github.com/khulnasoft-lab/defsec/pkg/providers/aws/cloudfront" 5 "github.com/khulnasoft-lab/defsec/pkg/scanners/cloudformation/parser" 6 "github.com/khulnasoft-lab/defsec/pkg/types" 7 ) 8 9 func getDistributions(ctx parser.FileContext) (distributions []cloudfront.Distribution) { 10 11 distributionResources := ctx.GetResourcesByType("AWS::CloudFront::Distribution") 12 13 for _, r := range distributionResources { 14 distribution := cloudfront.Distribution{ 15 Metadata: r.Metadata(), 16 WAFID: r.GetStringProperty("DistributionConfig.WebACLId"), 17 Logging: cloudfront.Logging{ 18 Metadata: r.Metadata(), 19 Bucket: r.GetStringProperty("DistributionConfig.Logging.Bucket"), 20 }, 21 DefaultCacheBehaviour: getDefaultCacheBehaviour(r), 22 OrdererCacheBehaviours: nil, 23 ViewerCertificate: cloudfront.ViewerCertificate{ 24 Metadata: r.Metadata(), 25 MinimumProtocolVersion: r.GetStringProperty("DistributionConfig.ViewerCertificate.MinimumProtocolVersion"), 26 }, 27 } 28 29 distributions = append(distributions, distribution) 30 } 31 32 return distributions 33 } 34 35 func getDefaultCacheBehaviour(r *parser.Resource) cloudfront.CacheBehaviour { 36 defaultCache := r.GetProperty("DistributionConfig.DefaultCacheBehavior") 37 if defaultCache.IsNil() { 38 return cloudfront.CacheBehaviour{ 39 Metadata: r.Metadata(), 40 ViewerProtocolPolicy: types.StringDefault("allow-all", r.Metadata()), 41 } 42 } 43 protoProp := r.GetProperty("DistributionConfig.DefaultCacheBehavior.ViewerProtocolPolicy") 44 if protoProp.IsNotString() { 45 return cloudfront.CacheBehaviour{ 46 Metadata: r.Metadata(), 47 ViewerProtocolPolicy: types.StringDefault("allow-all", r.Metadata()), 48 } 49 } 50 51 return cloudfront.CacheBehaviour{ 52 Metadata: r.Metadata(), 53 ViewerProtocolPolicy: protoProp.AsStringValue(), 54 } 55 }