github.com/khulnasoft-lab/defsec@v1.0.5-0.20230827010352-5e9f46893d95/internal/adapters/terraform/azure/appservice/adapt.go

github.com/khulnasoft-lab/defsec@v1.0.5-0.20230827010352-5e9f46893d95/internal/adapters/terraform/azure/appservice/adapt.go (about)

     1  package appservice
     2  
     3  import (
     4  	"github.com/khulnasoft-lab/defsec/pkg/providers/azure/appservice"
     5  	"github.com/khulnasoft-lab/defsec/pkg/terraform"
     6  	defsecTypes "github.com/khulnasoft-lab/defsec/pkg/types"
     7  )
     8  
     9  func Adapt(modules terraform.Modules) appservice.AppService {
    10  	return appservice.AppService{
    11  		Services:     adaptServices(modules),
    12  		FunctionApps: adaptFunctionApps(modules),
    13  	}
    14  }
    15  
    16  func adaptServices(modules terraform.Modules) []appservice.Service {
    17  	var services []appservice.Service
    18  
    19  	for _, module := range modules {
    20  		for _, resource := range module.GetResourcesByType("azurerm_app_service") {
    21  			services = append(services, adaptService(resource))
    22  		}
    23  	}
    24  	return services
    25  }
    26  
    27  func adaptFunctionApps(modules terraform.Modules) []appservice.FunctionApp {
    28  	var functionApps []appservice.FunctionApp
    29  
    30  	for _, module := range modules {
    31  		for _, resource := range module.GetResourcesByType("azurerm_function_app") {
    32  			functionApps = append(functionApps, adaptFunctionApp(resource))
    33  		}
    34  	}
    35  	return functionApps
    36  }
    37  
    38  func adaptService(resource *terraform.Block) appservice.Service {
    39  	enableClientCertAttr := resource.GetAttribute("client_cert_enabled")
    40  	enableClientCertVal := enableClientCertAttr.AsBoolValueOrDefault(false, resource)
    41  
    42  	identityBlock := resource.GetBlock("identity")
    43  	typeVal := defsecTypes.String("", resource.GetMetadata())
    44  	if identityBlock.IsNotNil() {
    45  		typeAttr := identityBlock.GetAttribute("type")
    46  		typeVal = typeAttr.AsStringValueOrDefault("", identityBlock)
    47  	}
    48  
    49  	authBlock := resource.GetBlock("auth_settings")
    50  	enabledVal := defsecTypes.Bool(false, resource.GetMetadata())
    51  	if authBlock.IsNotNil() {
    52  		enabledAttr := authBlock.GetAttribute("enabled")
    53  		enabledVal = enabledAttr.AsBoolValueOrDefault(false, authBlock)
    54  	}
    55  
    56  	siteBlock := resource.GetBlock("site_config")
    57  	enableHTTP2Val := defsecTypes.Bool(false, resource.GetMetadata())
    58  	minTLSVersionVal := defsecTypes.String("1.2", resource.GetMetadata())
    59  	if siteBlock.IsNotNil() {
    60  		enableHTTP2Attr := siteBlock.GetAttribute("http2_enabled")
    61  		enableHTTP2Val = enableHTTP2Attr.AsBoolValueOrDefault(false, siteBlock)
    62  
    63  		minTLSVersionAttr := siteBlock.GetAttribute("min_tls_version")
    64  		minTLSVersionVal = minTLSVersionAttr.AsStringValueOrDefault("1.2", siteBlock)
    65  	}
    66  
    67  	return appservice.Service{
    68  		Metadata:         resource.GetMetadata(),
    69  		EnableClientCert: enableClientCertVal,
    70  		Identity: struct{ Type defsecTypes.StringValue }{
    71  			Type: typeVal,
    72  		},
    73  		Authentication: struct{ Enabled defsecTypes.BoolValue }{
    74  			Enabled: enabledVal,
    75  		},
    76  		Site: struct {
    77  			EnableHTTP2       defsecTypes.BoolValue
    78  			MinimumTLSVersion defsecTypes.StringValue
    79  		}{
    80  			EnableHTTP2:       enableHTTP2Val,
    81  			MinimumTLSVersion: minTLSVersionVal,
    82  		},
    83  	}
    84  }
    85  
    86  func adaptFunctionApp(resource *terraform.Block) appservice.FunctionApp {
    87  	HTTPSOnlyAttr := resource.GetAttribute("https_only")
    88  	HTTPSOnlyVal := HTTPSOnlyAttr.AsBoolValueOrDefault(false, resource)
    89  
    90  	return appservice.FunctionApp{
    91  		Metadata:  resource.GetMetadata(),
    92  		HTTPSOnly: HTTPSOnlyVal,
    93  	}
    94  }