github.com/khulnasoft-lab/defsec@v1.0.5-0.20230827010352-5e9f46893d95/internal/adapters/cloudformation/aws/ecs/task_definition.go

github.com/khulnasoft-lab/defsec@v1.0.5-0.20230827010352-5e9f46893d95/internal/adapters/cloudformation/aws/ecs/task_definition.go (about)

     1  package ecs
     2  
     3  import (
     4  	"github.com/khulnasoft-lab/defsec/pkg/providers/aws/ecs"
     5  	"github.com/khulnasoft-lab/defsec/pkg/scanners/cloudformation/parser"
     6  	"github.com/khulnasoft-lab/defsec/pkg/types"
     7  )
     8  
     9  func getTaskDefinitions(ctx parser.FileContext) (taskDefinitions []ecs.TaskDefinition) {
    10  
    11  	taskDefResources := ctx.GetResourcesByType("AWS::ECS::TaskDefinition")
    12  
    13  	for _, r := range taskDefResources {
    14  		definitions, _ := getContainerDefinitions(r)
    15  		taskDef := ecs.TaskDefinition{
    16  			Metadata:             r.Metadata(),
    17  			Volumes:              getVolumes(r),
    18  			ContainerDefinitions: definitions,
    19  		}
    20  		taskDefinitions = append(taskDefinitions, taskDef)
    21  	}
    22  
    23  	return taskDefinitions
    24  }
    25  
    26  func getContainerDefinitions(r *parser.Resource) ([]ecs.ContainerDefinition, error) {
    27  	var definitions []ecs.ContainerDefinition
    28  	containerDefs := r.GetProperty("ContainerDefinitions")
    29  	if containerDefs.IsNil() || containerDefs.IsNotList() {
    30  		return definitions, nil
    31  	}
    32  	for _, containerDef := range containerDefs.AsList() {
    33  
    34  		var envVars []ecs.EnvVar
    35  		envVarsList := containerDef.GetProperty("Environment")
    36  		if envVarsList.IsNotNil() && envVarsList.IsList() {
    37  			for _, envVar := range envVarsList.AsList() {
    38  				envVars = append(envVars, ecs.EnvVar{
    39  					Name:  envVar.GetStringProperty("Name", "").Value(),
    40  					Value: envVar.GetStringProperty("Value", "").Value(),
    41  				})
    42  			}
    43  		}
    44  		definition := ecs.ContainerDefinition{
    45  			Metadata:     containerDef.Metadata(),
    46  			Name:         containerDef.GetStringProperty("Name", ""),
    47  			Image:        containerDef.GetStringProperty("Image", ""),
    48  			CPU:          containerDef.GetIntProperty("CPU", 1),
    49  			Memory:       containerDef.GetIntProperty("Memory", 128),
    50  			Essential:    containerDef.GetBoolProperty("Essential", false),
    51  			Privileged:   containerDef.GetBoolProperty("Privileged", false),
    52  			Environment:  envVars,
    53  			PortMappings: nil,
    54  		}
    55  		definitions = append(definitions, definition)
    56  	}
    57  	if containerDefs.IsNotNil() && containerDefs.IsString() {
    58  		return ecs.CreateDefinitionsFromString(r.Metadata(), containerDefs.AsString())
    59  	}
    60  	return definitions, nil
    61  }
    62  
    63  func getVolumes(r *parser.Resource) (volumes []ecs.Volume) {
    64  
    65  	volumesList := r.GetProperty("Volumes")
    66  	if volumesList.IsNil() || volumesList.IsNotList() {
    67  		return volumes
    68  	}
    69  
    70  	for _, v := range volumesList.AsList() {
    71  		volume := ecs.Volume{
    72  			Metadata: r.Metadata(),
    73  			EFSVolumeConfiguration: ecs.EFSVolumeConfiguration{
    74  				Metadata:                 r.Metadata(),
    75  				TransitEncryptionEnabled: types.BoolDefault(false, r.Metadata()),
    76  			},
    77  		}
    78  		transitProp := v.GetProperty("EFSVolumeConfiguration.TransitEncryption")
    79  		if transitProp.IsNotNil() && transitProp.EqualTo("enabled", parser.IgnoreCase) {
    80  			volume.EFSVolumeConfiguration.TransitEncryptionEnabled = types.Bool(true, transitProp.Metadata())
    81  		}
    82  
    83  		volumes = append(volumes, volume)
    84  	}
    85  	return volumes
    86  }