github.com/khulnasoft-lab/defsec@v1.0.5-0.20230827010352-5e9f46893d95/internal/adapters/cloudformation/aws/codebuild/project.go

github.com/khulnasoft-lab/defsec@v1.0.5-0.20230827010352-5e9f46893d95/internal/adapters/cloudformation/aws/codebuild/project.go (about)

     1  package codebuild
     2  
     3  import (
     4  	"github.com/khulnasoft-lab/defsec/pkg/providers/aws/codebuild"
     5  	"github.com/khulnasoft-lab/defsec/pkg/scanners/cloudformation/parser"
     6  	"github.com/khulnasoft-lab/defsec/pkg/types"
     7  )
     8  
     9  func getProjects(ctx parser.FileContext) (projects []codebuild.Project) {
    10  
    11  	projectResources := ctx.GetResourcesByType("AWS::CodeBuild::Project")
    12  
    13  	for _, r := range projectResources {
    14  		project := codebuild.Project{
    15  			Metadata:                  r.Metadata(),
    16  			ArtifactSettings:          getArtifactSettings(r),
    17  			SecondaryArtifactSettings: getSecondaryArtifactSettings(r),
    18  		}
    19  
    20  		projects = append(projects, project)
    21  	}
    22  
    23  	return projects
    24  }
    25  
    26  func getSecondaryArtifactSettings(r *parser.Resource) (secondaryArtifacts []codebuild.ArtifactSettings) {
    27  	secondaryArtifactsList := r.GetProperty("SecondaryArtifacts")
    28  	if secondaryArtifactsList.IsNil() || !secondaryArtifactsList.IsList() {
    29  		return
    30  	}
    31  
    32  	for _, a := range secondaryArtifactsList.AsList() {
    33  		settings := codebuild.ArtifactSettings{
    34  			Metadata:          secondaryArtifactsList.Metadata(),
    35  			EncryptionEnabled: types.BoolDefault(true, secondaryArtifactsList.Metadata()),
    36  		}
    37  		encryptionDisabled := a.GetProperty("EncryptionDisabled")
    38  		if encryptionDisabled.IsBool() {
    39  			settings.EncryptionEnabled = types.Bool(!encryptionDisabled.AsBool(), encryptionDisabled.Metadata())
    40  		}
    41  		secondaryArtifacts = append(secondaryArtifacts, settings)
    42  	}
    43  
    44  	return secondaryArtifacts
    45  }
    46  
    47  func getArtifactSettings(r *parser.Resource) codebuild.ArtifactSettings {
    48  
    49  	settings := codebuild.ArtifactSettings{
    50  		Metadata:          r.Metadata(),
    51  		EncryptionEnabled: types.BoolDefault(true, r.Metadata()),
    52  	}
    53  
    54  	artifactsProperty := r.GetProperty("Artifacts")
    55  	if artifactsProperty.IsNotNil() {
    56  		encryptionDisabled := artifactsProperty.GetProperty("EncryptionDisabled")
    57  		if encryptionDisabled.IsBool() {
    58  			settings.EncryptionEnabled = types.Bool(!encryptionDisabled.AsBool(), encryptionDisabled.Metadata())
    59  		}
    60  	}
    61  
    62  	return settings
    63  }