github.com/khulnasoft-lab/defsec@v1.0.5-0.20230827010352-5e9f46893d95/internal/adapters/terraform/aws/s3/policies.go (about) 1 package s3 2 3 import ( 4 iamAdapter "github.com/khulnasoft-lab/defsec/internal/adapters/terraform/aws/iam" 5 "github.com/khulnasoft-lab/defsec/pkg/providers/aws/iam" 6 defsecTypes "github.com/khulnasoft-lab/defsec/pkg/types" 7 ) 8 9 func (a *adapter) adaptBucketPolicies() { 10 11 for _, b := range a.modules.GetResourcesByType("aws_s3_bucket_policy") { 12 13 policyAttr := b.GetAttribute("policy") 14 if policyAttr.IsNil() { 15 continue 16 } 17 doc, err := iamAdapter.ParsePolicyFromAttr(policyAttr, b, a.modules) 18 if err != nil { 19 continue 20 } 21 22 policy := iam.Policy{ 23 Metadata: policyAttr.GetMetadata(), 24 Name: defsecTypes.StringDefault("", b.GetMetadata()), 25 Document: *doc, 26 Builtin: defsecTypes.Bool(false, b.GetMetadata()), 27 } 28 29 var bucketName string 30 bucketAttr := b.GetAttribute("bucket") 31 32 if bucketAttr.IsNotNil() { 33 if referencedBlock, err := a.modules.GetReferencedBlock(bucketAttr, b); err == nil { 34 if bucket, ok := a.bucketMap[referencedBlock.ID()]; ok { 35 bucket.BucketPolicies = append(bucket.BucketPolicies, policy) 36 a.bucketMap[referencedBlock.ID()] = bucket 37 continue 38 } 39 } 40 } 41 42 if bucketAttr.IsString() { 43 bucketName = bucketAttr.Value().AsString() 44 for id, bucket := range a.bucketMap { 45 if bucket.Name.EqualTo(bucketName) { 46 bucket.BucketPolicies = append(bucket.BucketPolicies, policy) 47 a.bucketMap[id] = bucket 48 break 49 } 50 } 51 } 52 } 53 }