github.com/khulnasoft-lab/defsec@v1.0.5-0.20230827010352-5e9f46893d95/internal/adapters/terraform/aws/iam/policies.go

github.com/khulnasoft-lab/defsec@v1.0.5-0.20230827010352-5e9f46893d95/internal/adapters/terraform/aws/iam/policies.go (about)

     1  package iam
     2  
     3  import (
     4  	"strings"
     5  
     6  	defsecTypes "github.com/khulnasoft-lab/defsec/pkg/types"
     7  
     8  	"github.com/liamg/iamgo"
     9  
    10  	"github.com/khulnasoft-lab/defsec/pkg/terraform"
    11  
    12  	"github.com/khulnasoft-lab/defsec/pkg/providers/aws/iam"
    13  )
    14  
    15  func sameProvider(b1, b2 *terraform.Block) bool {
    16  
    17  	if b1.HasChild("provider") != b2.HasChild("provider") {
    18  		return false
    19  	}
    20  
    21  	var provider1, provider2 string
    22  	if providerAttr := b1.GetAttribute("provider"); providerAttr.IsString() {
    23  		provider1 = providerAttr.Value().AsString()
    24  	}
    25  	if providerAttr := b2.GetAttribute("provider"); providerAttr.IsString() {
    26  		provider2 = providerAttr.Value().AsString()
    27  	}
    28  	return strings.EqualFold(provider1, provider2)
    29  }
    30  
    31  func parsePolicy(policyBlock *terraform.Block, modules terraform.Modules) (iam.Policy, error) {
    32  	policy := iam.Policy{
    33  		Metadata: policyBlock.GetMetadata(),
    34  		Name:     policyBlock.GetAttribute("name").AsStringValueOrDefault("", policyBlock),
    35  		Document: iam.Document{
    36  			Metadata: defsecTypes.NewUnmanagedMetadata(),
    37  			Parsed:   iamgo.Document{},
    38  			IsOffset: false,
    39  			HasRefs:  false,
    40  		},
    41  		Builtin: defsecTypes.Bool(false, policyBlock.GetMetadata()),
    42  	}
    43  	var err error
    44  	doc, err := ParsePolicyFromAttr(policyBlock.GetAttribute("policy"), policyBlock, modules)
    45  	if err != nil {
    46  		return policy, err
    47  	}
    48  	policy.Document = *doc
    49  	return policy, nil
    50  }
    51  
    52  func adaptPolicies(modules terraform.Modules) (policies []iam.Policy) {
    53  	for _, policyBlock := range modules.GetResourcesByType("aws_iam_policy") {
    54  		policy := iam.Policy{
    55  			Metadata: policyBlock.GetMetadata(),
    56  			Name:     policyBlock.GetAttribute("name").AsStringValueOrDefault("", policyBlock),
    57  			Document: iam.Document{
    58  				Metadata: defsecTypes.NewUnmanagedMetadata(),
    59  				Parsed:   iamgo.Document{},
    60  				IsOffset: false,
    61  				HasRefs:  false,
    62  			},
    63  			Builtin: defsecTypes.Bool(false, policyBlock.GetMetadata()),
    64  		}
    65  		doc, err := ParsePolicyFromAttr(policyBlock.GetAttribute("policy"), policyBlock, modules)
    66  		if err != nil {
    67  			continue
    68  		}
    69  		policy.Document = *doc
    70  		policies = append(policies, policy)
    71  	}
    72  	return
    73  }