github.com/khulnasoft-lab/defsec@v1.0.5-0.20230827010352-5e9f46893d95/internal/adapters/cloudformation/aws/sam/function.go (about) 1 package sam 2 3 import ( 4 "github.com/khulnasoft-lab/defsec/pkg/providers/aws/iam" 5 "github.com/khulnasoft-lab/defsec/pkg/providers/aws/sam" 6 "github.com/khulnasoft-lab/defsec/pkg/scanners/cloudformation/parser" 7 defsecTypes "github.com/khulnasoft-lab/defsec/pkg/types" 8 "github.com/liamg/iamgo" 9 ) 10 11 func getFunctions(cfFile parser.FileContext) (functions []sam.Function) { 12 13 functionResources := cfFile.GetResourcesByType("AWS::Serverless::Function") 14 for _, r := range functionResources { 15 function := sam.Function{ 16 Metadata: r.Metadata(), 17 FunctionName: r.GetStringProperty("FunctionName"), 18 Tracing: r.GetStringProperty("Tracing", sam.TracingModePassThrough), 19 ManagedPolicies: nil, 20 Policies: nil, 21 } 22 23 setFunctionPolicies(r, &function) 24 functions = append(functions, function) 25 } 26 27 return functions 28 } 29 30 func setFunctionPolicies(r *parser.Resource, function *sam.Function) { 31 policies := r.GetProperty("Policies") 32 if policies.IsNotNil() { 33 if policies.IsString() { 34 function.ManagedPolicies = append(function.ManagedPolicies, policies.AsStringValue()) 35 } else if policies.IsList() { 36 for _, property := range policies.AsList() { 37 if property.IsMap() { 38 parsed, err := iamgo.Parse(property.GetJsonBytes(true)) 39 if err != nil { 40 continue 41 } 42 policy := iam.Policy{ 43 Metadata: property.Metadata(), 44 Name: defsecTypes.StringDefault("", property.Metadata()), 45 Document: iam.Document{ 46 Metadata: property.Metadata(), 47 Parsed: *parsed, 48 }, 49 Builtin: defsecTypes.Bool(false, property.Metadata()), 50 } 51 function.Policies = append(function.Policies, policy) 52 } else if property.IsString() { 53 function.ManagedPolicies = append(function.ManagedPolicies, property.AsStringValue()) 54 } 55 } 56 } 57 } 58 }