github.com/khulnasoft-lab/defsec@v1.0.5-0.20230827010352-5e9f46893d95/internal/adapters/cloudformation/aws/sam/http_api.go (about) 1 package sam 2 3 import ( 4 "github.com/khulnasoft-lab/defsec/pkg/providers/aws/sam" 5 "github.com/khulnasoft-lab/defsec/pkg/scanners/cloudformation/parser" 6 "github.com/khulnasoft-lab/defsec/pkg/types" 7 ) 8 9 func getHttpApis(cfFile parser.FileContext) (apis []sam.HttpAPI) { 10 11 apiResources := cfFile.GetResourcesByType("AWS::Serverless::HttpApi") 12 for _, r := range apiResources { 13 api := sam.HttpAPI{ 14 Metadata: r.Metadata(), 15 Name: r.GetStringProperty("Name", ""), 16 DomainConfiguration: getDomainConfiguration(r), 17 AccessLogging: getAccessLoggingV2(r), 18 DefaultRouteSettings: getRouteSettings(r), 19 } 20 21 apis = append(apis, api) 22 } 23 24 return apis 25 } 26 27 func getAccessLoggingV2(r *parser.Resource) sam.AccessLogging { 28 29 logging := sam.AccessLogging{ 30 Metadata: r.Metadata(), 31 CloudwatchLogGroupARN: types.StringDefault("", r.Metadata()), 32 } 33 34 if access := r.GetProperty("AccessLogSettings"); access.IsNotNil() { 35 logging = sam.AccessLogging{ 36 Metadata: access.Metadata(), 37 CloudwatchLogGroupARN: access.GetStringProperty("DestinationArn", ""), 38 } 39 } 40 41 return logging 42 } 43 44 func getRouteSettings(r *parser.Resource) sam.RouteSettings { 45 46 routeSettings := sam.RouteSettings{ 47 Metadata: r.Metadata(), 48 LoggingEnabled: types.BoolDefault(false, r.Metadata()), 49 DataTraceEnabled: types.BoolDefault(false, r.Metadata()), 50 DetailedMetricsEnabled: types.BoolDefault(false, r.Metadata()), 51 } 52 53 if route := r.GetProperty("DefaultRouteSettings"); route.IsNotNil() { 54 routeSettings = sam.RouteSettings{ 55 Metadata: route.Metadata(), 56 LoggingEnabled: route.GetBoolProperty("LoggingLevel"), 57 DataTraceEnabled: route.GetBoolProperty("DataTraceEnabled"), 58 DetailedMetricsEnabled: route.GetBoolProperty("DetailedMetricsEnabled"), 59 } 60 } 61 62 return routeSettings 63 64 }