github.com/khulnasoft-lab/defsec@v1.0.5-0.20230827010352-5e9f46893d95/internal/adapters/terraform/aws/s3/public_access_block.go

github.com/khulnasoft-lab/defsec@v1.0.5-0.20230827010352-5e9f46893d95/internal/adapters/terraform/aws/s3/public_access_block.go (about)

     1  package s3
     2  
     3  import (
     4  	"github.com/khulnasoft-lab/defsec/pkg/providers/aws/s3"
     5  )
     6  
     7  func (a *adapter) adaptPublicAccessBlocks() {
     8  
     9  	for _, b := range a.modules.GetResourcesByType("aws_s3_bucket_public_access_block") {
    10  
    11  		pba := s3.PublicAccessBlock{
    12  			Metadata:              b.GetMetadata(),
    13  			BlockPublicACLs:       b.GetAttribute("block_public_acls").AsBoolValueOrDefault(false, b),
    14  			BlockPublicPolicy:     b.GetAttribute("block_public_policy").AsBoolValueOrDefault(false, b),
    15  			IgnorePublicACLs:      b.GetAttribute("ignore_public_acls").AsBoolValueOrDefault(false, b),
    16  			RestrictPublicBuckets: b.GetAttribute("restrict_public_buckets").AsBoolValueOrDefault(false, b),
    17  		}
    18  
    19  		var bucketName string
    20  		bucketAttr := b.GetAttribute("bucket")
    21  		if bucketAttr.IsNotNil() {
    22  			if referencedBlock, err := a.modules.GetReferencedBlock(bucketAttr, b); err == nil {
    23  				if bucket, ok := a.bucketMap[referencedBlock.ID()]; ok {
    24  					bucket.PublicAccessBlock = &pba
    25  					a.bucketMap[referencedBlock.ID()] = bucket
    26  					continue
    27  				}
    28  			}
    29  		}
    30  		if bucketAttr.IsString() {
    31  			bucketName = bucketAttr.Value().AsString()
    32  			for id, bucket := range a.bucketMap {
    33  				if bucketAttr.Equals(id) || bucket.Name.EqualTo(bucketName) {
    34  					bucket.PublicAccessBlock = &pba
    35  					a.bucketMap[id] = bucket
    36  					continue
    37  				}
    38  			}
    39  		}
    40  	}
    41  }