github.com/khulnasoft-lab/defsec@v1.0.5-0.20230827010352-5e9f46893d95/internal/adapters/cloudformation/aws/config/aggregator.go (about) 1 package config 2 3 import ( 4 "github.com/khulnasoft-lab/defsec/pkg/providers/aws/config" 5 "github.com/khulnasoft-lab/defsec/pkg/scanners/cloudformation/parser" 6 defsecTypes "github.com/khulnasoft-lab/defsec/pkg/types" 7 ) 8 9 func getConfigurationAggregator(ctx parser.FileContext) config.ConfigurationAggregrator { 10 11 aggregator := config.ConfigurationAggregrator{ 12 Metadata: defsecTypes.NewUnmanagedMetadata(), 13 SourceAllRegions: defsecTypes.BoolDefault(false, ctx.Metadata()), 14 } 15 16 aggregatorResources := ctx.GetResourcesByType("AWS::Config::ConfigurationAggregator") 17 18 if len(aggregatorResources) == 0 { 19 return aggregator 20 } 21 22 return config.ConfigurationAggregrator{ 23 Metadata: aggregatorResources[0].Metadata(), 24 SourceAllRegions: isSourcingAllRegions(aggregatorResources[0]), 25 } 26 } 27 28 func isSourcingAllRegions(r *parser.Resource) defsecTypes.BoolValue { 29 accountProp := r.GetProperty("AccountAggregationSources") 30 orgProp := r.GetProperty("OrganizationAggregationSource") 31 32 if accountProp.IsNotNil() && accountProp.IsList() { 33 for _, a := range accountProp.AsList() { 34 regionsProp := a.GetProperty("AllAwsRegions") 35 if regionsProp.IsNil() || regionsProp.IsBool() { 36 return regionsProp.AsBoolValue() 37 } 38 } 39 } 40 41 if orgProp.IsNotNil() { 42 regionsProp := orgProp.GetProperty("AllAwsRegions") 43 if regionsProp.IsBool() { 44 return regionsProp.AsBoolValue() 45 } 46 } 47 48 // nothing is set or resolvable so its got to be false 49 return defsecTypes.BoolDefault(false, r.Metadata()) 50 }