github.com/khulnasoft-lab/defsec@v1.0.5-0.20230827010352-5e9f46893d95/internal/adapters/terraform/aws/lambda/adapt.go (about)

     1  package lambda
     2  
     3  import (
     4  	"github.com/khulnasoft-lab/defsec/pkg/providers/aws/lambda"
     5  	"github.com/khulnasoft-lab/defsec/pkg/terraform"
     6  	defsecTypes "github.com/khulnasoft-lab/defsec/pkg/types"
     7  )
     8  
     9  func Adapt(modules terraform.Modules) lambda.Lambda {
    10  
    11  	adapter := adapter{
    12  		permissionIDs: modules.GetChildResourceIDMapByType("aws_lambda_permission"),
    13  	}
    14  
    15  	return lambda.Lambda{
    16  		Functions: adapter.adaptFunctions(modules),
    17  	}
    18  }
    19  
    20  type adapter struct {
    21  	permissionIDs terraform.ResourceIDResolutions
    22  }
    23  
    24  func (a *adapter) adaptFunctions(modules terraform.Modules) []lambda.Function {
    25  
    26  	var functions []lambda.Function
    27  	for _, module := range modules {
    28  		for _, resource := range module.GetResourcesByType("aws_lambda_function") {
    29  			functions = append(functions, a.adaptFunction(resource, modules, a.permissionIDs))
    30  		}
    31  	}
    32  
    33  	orphanResources := modules.GetResourceByIDs(a.permissionIDs.Orphans()...)
    34  
    35  	if len(orphanResources) > 0 {
    36  		orphanage := lambda.Function{
    37  			Metadata: defsecTypes.NewUnmanagedMetadata(),
    38  			Tracing: lambda.Tracing{
    39  				Metadata: defsecTypes.NewUnmanagedMetadata(),
    40  				Mode:     defsecTypes.StringDefault("", defsecTypes.NewUnmanagedMetadata()),
    41  			},
    42  			Permissions: nil,
    43  		}
    44  		for _, permission := range orphanResources {
    45  			orphanage.Permissions = append(orphanage.Permissions, a.adaptPermission(permission))
    46  		}
    47  		functions = append(functions, orphanage)
    48  	}
    49  
    50  	return functions
    51  }
    52  
    53  func (a *adapter) adaptFunction(function *terraform.Block, modules terraform.Modules, orphans terraform.ResourceIDResolutions) lambda.Function {
    54  	var permissions []lambda.Permission
    55  	for _, module := range modules {
    56  		for _, p := range module.GetResourcesByType("aws_lambda_permission") {
    57  			if referencedBlock, err := module.GetReferencedBlock(p.GetAttribute("function_name"), p); err == nil && referencedBlock == function {
    58  				permissions = append(permissions, a.adaptPermission(p))
    59  				delete(orphans, p.ID())
    60  			}
    61  		}
    62  	}
    63  
    64  	return lambda.Function{
    65  		Metadata:    function.GetMetadata(),
    66  		Tracing:     a.adaptTracing(function),
    67  		Permissions: permissions,
    68  	}
    69  }
    70  
    71  func (a *adapter) adaptTracing(function *terraform.Block) lambda.Tracing {
    72  	if tracingConfig := function.GetBlock("tracing_config"); tracingConfig.IsNotNil() {
    73  		return lambda.Tracing{
    74  			Metadata: tracingConfig.GetMetadata(),
    75  			Mode:     tracingConfig.GetAttribute("mode").AsStringValueOrDefault("", tracingConfig),
    76  		}
    77  	}
    78  
    79  	return lambda.Tracing{
    80  		Metadata: function.GetMetadata(),
    81  		Mode:     defsecTypes.StringDefault("", function.GetMetadata()),
    82  	}
    83  }
    84  
    85  func (a *adapter) adaptPermission(permission *terraform.Block) lambda.Permission {
    86  	sourceARNAttr := permission.GetAttribute("source_arn")
    87  	sourceARN := sourceARNAttr.AsStringValueOrDefault("", permission)
    88  
    89  	if len(sourceARNAttr.AllReferences()) > 0 {
    90  		sourceARN = defsecTypes.String(sourceARNAttr.AllReferences()[0].NameLabel(), sourceARNAttr.GetMetadata())
    91  	}
    92  
    93  	return lambda.Permission{
    94  		Metadata:  permission.GetMetadata(),
    95  		Principal: permission.GetAttribute("principal").AsStringValueOrDefault("", permission),
    96  		SourceARN: sourceARN,
    97  	}
    98  }