github.com/khulnasoft-lab/defsec@v1.0.5-0.20230827010352-5e9f46893d95/internal/adapters/terraform/aws/apigateway/apiv1.go (about)

     1  package apigateway
     2  
     3  import (
     4  	v1 "github.com/khulnasoft-lab/defsec/pkg/providers/aws/apigateway/v1"
     5  	"github.com/khulnasoft-lab/defsec/pkg/terraform"
     6  	defsecTypes "github.com/khulnasoft-lab/defsec/pkg/types"
     7  )
     8  
     9  func adaptAPIResourcesV1(modules terraform.Modules, apiBlock *terraform.Block) []v1.Resource {
    10  	var resources []v1.Resource
    11  	for _, resourceBlock := range modules.GetReferencingResources(apiBlock, "aws_api_gateway_resource", "rest_api_id") {
    12  		method := v1.Resource{
    13  			Metadata: resourceBlock.GetMetadata(),
    14  			Methods:  adaptAPIMethodsV1(modules, resourceBlock),
    15  		}
    16  		resources = append(resources, method)
    17  	}
    18  	return resources
    19  }
    20  
    21  func adaptAPIMethodsV1(modules terraform.Modules, resourceBlock *terraform.Block) []v1.Method {
    22  	var methods []v1.Method
    23  	for _, methodBlock := range modules.GetReferencingResources(resourceBlock, "aws_api_gateway_method", "resource_id") {
    24  		method := v1.Method{
    25  			Metadata:          methodBlock.GetMetadata(),
    26  			HTTPMethod:        methodBlock.GetAttribute("http_method").AsStringValueOrDefault("", methodBlock),
    27  			AuthorizationType: methodBlock.GetAttribute("authorization").AsStringValueOrDefault("", methodBlock),
    28  			APIKeyRequired:    methodBlock.GetAttribute("api_key_required").AsBoolValueOrDefault(false, methodBlock),
    29  		}
    30  		methods = append(methods, method)
    31  	}
    32  	return methods
    33  }
    34  
    35  func adaptAPIsV1(modules terraform.Modules) []v1.API {
    36  
    37  	var apis []v1.API
    38  	apiStageIDs := modules.GetChildResourceIDMapByType("aws_api_gateway_stage")
    39  
    40  	for _, apiBlock := range modules.GetResourcesByType("aws_api_gateway_rest_api") {
    41  		api := v1.API{
    42  			Metadata:  apiBlock.GetMetadata(),
    43  			Name:      apiBlock.GetAttribute("name").AsStringValueOrDefault("", apiBlock),
    44  			Stages:    nil,
    45  			Resources: adaptAPIResourcesV1(modules, apiBlock),
    46  		}
    47  
    48  		for _, stageBlock := range modules.GetReferencingResources(apiBlock, "aws_api_gateway_stage", "rest_api_id") {
    49  			apiStageIDs.Resolve(stageBlock.ID())
    50  			stage := adaptStageV1(stageBlock, modules)
    51  
    52  			api.Stages = append(api.Stages, stage)
    53  		}
    54  
    55  		apis = append(apis, api)
    56  	}
    57  
    58  	orphanResources := modules.GetResourceByIDs(apiStageIDs.Orphans()...)
    59  
    60  	if len(orphanResources) > 0 {
    61  		orphanage := v1.API{
    62  			Metadata: defsecTypes.NewUnmanagedMetadata(),
    63  			Name:     defsecTypes.StringDefault("", defsecTypes.NewUnmanagedMetadata()),
    64  		}
    65  		for _, stage := range orphanResources {
    66  			orphanage.Stages = append(orphanage.Stages, adaptStageV1(stage, modules))
    67  		}
    68  		apis = append(apis, orphanage)
    69  	}
    70  
    71  	return apis
    72  }
    73  
    74  func adaptStageV1(stageBlock *terraform.Block, modules terraform.Modules) v1.Stage {
    75  	stage := v1.Stage{
    76  		Metadata: stageBlock.GetMetadata(),
    77  		Name:     stageBlock.GetAttribute("name").AsStringValueOrDefault("", stageBlock),
    78  		AccessLogging: v1.AccessLogging{
    79  			Metadata:              stageBlock.GetMetadata(),
    80  			CloudwatchLogGroupARN: defsecTypes.StringDefault("", stageBlock.GetMetadata()),
    81  		},
    82  		XRayTracingEnabled: stageBlock.GetAttribute("xray_tracing_enabled").AsBoolValueOrDefault(false, stageBlock),
    83  	}
    84  	for _, methodSettings := range modules.GetReferencingResources(stageBlock, "aws_api_gateway_method_settings", "stage_name") {
    85  
    86  		restMethodSettings := v1.RESTMethodSettings{
    87  			Metadata:           methodSettings.GetMetadata(),
    88  			Method:             defsecTypes.String("", methodSettings.GetMetadata()),
    89  			CacheDataEncrypted: defsecTypes.BoolDefault(false, methodSettings.GetMetadata()),
    90  			CacheEnabled:       defsecTypes.BoolDefault(false, methodSettings.GetMetadata()),
    91  		}
    92  
    93  		if settings := methodSettings.GetBlock("settings"); settings.IsNotNil() {
    94  			if encrypted := settings.GetAttribute("cache_data_encrypted"); encrypted.IsNotNil() {
    95  				restMethodSettings.CacheDataEncrypted = settings.GetAttribute("cache_data_encrypted").AsBoolValueOrDefault(false, settings)
    96  			}
    97  			if encrypted := settings.GetAttribute("caching_enabled"); encrypted.IsNotNil() {
    98  				restMethodSettings.CacheEnabled = settings.GetAttribute("caching_enabled").AsBoolValueOrDefault(false, settings)
    99  			}
   100  		}
   101  
   102  		stage.RESTMethodSettings = append(stage.RESTMethodSettings, restMethodSettings)
   103  	}
   104  
   105  	stage.Name = stageBlock.GetAttribute("stage_name").AsStringValueOrDefault("", stageBlock)
   106  	if accessLogging := stageBlock.GetBlock("access_log_settings"); accessLogging.IsNotNil() {
   107  		stage.AccessLogging.Metadata = accessLogging.GetMetadata()
   108  		stage.AccessLogging.CloudwatchLogGroupARN = accessLogging.GetAttribute("destination_arn").AsStringValueOrDefault("", accessLogging)
   109  	} else {
   110  		stage.AccessLogging.Metadata = stageBlock.GetMetadata()
   111  		stage.AccessLogging.CloudwatchLogGroupARN = defsecTypes.StringDefault("", stageBlock.GetMetadata())
   112  	}
   113  
   114  	return stage
   115  }