github.com/khulnasoft-lab/defsec@v1.0.5-0.20230827010352-5e9f46893d95/internal/adapters/terraform/aws/elb/adapt.go

github.com/khulnasoft-lab/defsec@v1.0.5-0.20230827010352-5e9f46893d95/internal/adapters/terraform/aws/elb/adapt.go (about)

     1  package elb
     2  
     3  import (
     4  	"github.com/khulnasoft-lab/defsec/pkg/providers/aws/elb"
     5  	"github.com/khulnasoft-lab/defsec/pkg/terraform"
     6  	defsecTypes "github.com/khulnasoft-lab/defsec/pkg/types"
     7  )
     8  
     9  func Adapt(modules terraform.Modules) elb.ELB {
    10  
    11  	adapter := adapter{
    12  		listenerIDs: modules.GetChildResourceIDMapByType("aws_lb_listener", "aws_alb_listener"),
    13  	}
    14  
    15  	return elb.ELB{
    16  		LoadBalancers: adapter.adaptLoadBalancers(modules),
    17  	}
    18  }
    19  
    20  type adapter struct {
    21  	listenerIDs terraform.ResourceIDResolutions
    22  }
    23  
    24  func (a *adapter) adaptLoadBalancers(modules terraform.Modules) []elb.LoadBalancer {
    25  	var loadBalancers []elb.LoadBalancer
    26  	for _, resource := range modules.GetResourcesByType("aws_lb") {
    27  		loadBalancers = append(loadBalancers, a.adaptLoadBalancer(resource, modules))
    28  	}
    29  	for _, resource := range modules.GetResourcesByType("aws_alb") {
    30  		loadBalancers = append(loadBalancers, a.adaptLoadBalancer(resource, modules))
    31  	}
    32  	for _, resource := range modules.GetResourcesByType("aws_elb") {
    33  		loadBalancers = append(loadBalancers, a.adaptClassicLoadBalancer(resource, modules))
    34  	}
    35  
    36  	orphanResources := modules.GetResourceByIDs(a.listenerIDs.Orphans()...)
    37  	if len(orphanResources) > 0 {
    38  		orphanage := elb.LoadBalancer{
    39  			Metadata:                defsecTypes.NewUnmanagedMetadata(),
    40  			Type:                    defsecTypes.StringDefault(elb.TypeApplication, defsecTypes.NewUnmanagedMetadata()),
    41  			DropInvalidHeaderFields: defsecTypes.BoolDefault(false, defsecTypes.NewUnmanagedMetadata()),
    42  			Internal:                defsecTypes.BoolDefault(false, defsecTypes.NewUnmanagedMetadata()),
    43  			Listeners:               nil,
    44  		}
    45  		for _, listenerResource := range orphanResources {
    46  			orphanage.Listeners = append(orphanage.Listeners, adaptListener(listenerResource, "application"))
    47  		}
    48  		loadBalancers = append(loadBalancers, orphanage)
    49  	}
    50  
    51  	return loadBalancers
    52  }
    53  
    54  func (a *adapter) adaptLoadBalancer(resource *terraform.Block, module terraform.Modules) elb.LoadBalancer {
    55  	var listeners []elb.Listener
    56  
    57  	typeAttr := resource.GetAttribute("load_balancer_type")
    58  	typeVal := typeAttr.AsStringValueOrDefault("application", resource)
    59  
    60  	dropInvalidHeadersAttr := resource.GetAttribute("drop_invalid_header_fields")
    61  	dropInvalidHeadersVal := dropInvalidHeadersAttr.AsBoolValueOrDefault(false, resource)
    62  
    63  	internalAttr := resource.GetAttribute("internal")
    64  	internalVal := internalAttr.AsBoolValueOrDefault(false, resource)
    65  
    66  	listenerBlocks := module.GetReferencingResources(resource, "aws_lb_listener", "load_balancer_arn")
    67  	listenerBlocks = append(listenerBlocks, module.GetReferencingResources(resource, "aws_alb_listener", "load_balancer_arn")...)
    68  
    69  	for _, listenerBlock := range listenerBlocks {
    70  		a.listenerIDs.Resolve(listenerBlock.ID())
    71  		listeners = append(listeners, adaptListener(listenerBlock, typeVal.Value()))
    72  	}
    73  	return elb.LoadBalancer{
    74  		Metadata:                resource.GetMetadata(),
    75  		Type:                    typeVal,
    76  		DropInvalidHeaderFields: dropInvalidHeadersVal,
    77  		Internal:                internalVal,
    78  		Listeners:               listeners,
    79  	}
    80  }
    81  
    82  func (a *adapter) adaptClassicLoadBalancer(resource *terraform.Block, module terraform.Modules) elb.LoadBalancer {
    83  	internalAttr := resource.GetAttribute("internal")
    84  	internalVal := internalAttr.AsBoolValueOrDefault(false, resource)
    85  
    86  	return elb.LoadBalancer{
    87  		Metadata:                resource.GetMetadata(),
    88  		Type:                    defsecTypes.String("classic", resource.GetMetadata()),
    89  		DropInvalidHeaderFields: defsecTypes.BoolDefault(false, resource.GetMetadata()),
    90  		Internal:                internalVal,
    91  		Listeners:               nil,
    92  	}
    93  }
    94  
    95  func adaptListener(listenerBlock *terraform.Block, typeVal string) elb.Listener {
    96  	listener := elb.Listener{
    97  		Metadata:       listenerBlock.GetMetadata(),
    98  		Protocol:       defsecTypes.StringDefault("", listenerBlock.GetMetadata()),
    99  		TLSPolicy:      defsecTypes.StringDefault("", listenerBlock.GetMetadata()),
   100  		DefaultActions: nil,
   101  	}
   102  
   103  	protocolAttr := listenerBlock.GetAttribute("protocol")
   104  	if typeVal == "application" {
   105  		listener.Protocol = protocolAttr.AsStringValueOrDefault("HTTP", listenerBlock)
   106  	}
   107  
   108  	sslPolicyAttr := listenerBlock.GetAttribute("ssl_policy")
   109  	listener.TLSPolicy = sslPolicyAttr.AsStringValueOrDefault("", listenerBlock)
   110  
   111  	for _, defaultActionBlock := range listenerBlock.GetBlocks("default_action") {
   112  		action := elb.Action{
   113  			Metadata: defaultActionBlock.GetMetadata(),
   114  			Type:     defaultActionBlock.GetAttribute("type").AsStringValueOrDefault("", defaultActionBlock),
   115  		}
   116  		listener.DefaultActions = append(listener.DefaultActions, action)
   117  	}
   118  
   119  	return listener
   120  }