github.com/khulnasoft-lab/defsec@v1.0.5-0.20230827010352-5e9f46893d95/internal/adapters/terraform/google/storage/iam.go

github.com/khulnasoft-lab/defsec@v1.0.5-0.20230827010352-5e9f46893d95/internal/adapters/terraform/google/storage/iam.go (about)

     1  package storage
     2  
     3  import (
     4  	"github.com/khulnasoft-lab/defsec/internal/adapters/terraform/google/iam"
     5  	iamTypes "github.com/khulnasoft-lab/defsec/pkg/providers/google/iam"
     6  )
     7  
     8  type parentedBinding struct {
     9  	blockID       string
    10  	bucketID      string
    11  	bucketBlockID string
    12  	bindings      []iamTypes.Binding
    13  }
    14  
    15  type parentedMember struct {
    16  	blockID       string
    17  	bucketID      string
    18  	bucketBlockID string
    19  	member        iamTypes.Member
    20  }
    21  
    22  func (a *adapter) adaptBindings() {
    23  
    24  	for _, iamBlock := range a.modules.GetResourcesByType("google_storage_bucket_iam_policy") {
    25  		var parented parentedBinding
    26  		parented.blockID = iamBlock.ID()
    27  
    28  		bucketAttr := iamBlock.GetAttribute("bucket")
    29  		if bucketAttr.IsString() {
    30  			parented.bucketID = bucketAttr.Value().AsString()
    31  		}
    32  
    33  		if refBlock, err := a.modules.GetReferencedBlock(bucketAttr, iamBlock); err == nil {
    34  			if refBlock.TypeLabel() == "google_storage_bucket" {
    35  				parented.bucketBlockID = refBlock.ID()
    36  			}
    37  		}
    38  
    39  		policyAttr := iamBlock.GetAttribute("policy_data")
    40  		if policyAttr.IsNil() {
    41  			continue
    42  		}
    43  
    44  		policyBlock, err := a.modules.GetReferencedBlock(policyAttr, iamBlock)
    45  		if err != nil {
    46  			continue
    47  		}
    48  
    49  		parented.bindings = iam.ParsePolicyBlock(policyBlock)
    50  		a.bindings = append(a.bindings, parented)
    51  	}
    52  
    53  	for _, iamBlock := range a.modules.GetResourcesByType("google_storage_bucket_iam_binding") {
    54  
    55  		var parented parentedBinding
    56  		parented.blockID = iamBlock.ID()
    57  		parented.bindings = []iamTypes.Binding{iam.AdaptBinding(iamBlock, a.modules)}
    58  
    59  		bucketAttr := iamBlock.GetAttribute("bucket")
    60  		if bucketAttr.IsString() {
    61  			parented.bucketID = bucketAttr.Value().AsString()
    62  		}
    63  
    64  		if refBlock, err := a.modules.GetReferencedBlock(bucketAttr, iamBlock); err == nil {
    65  			if refBlock.TypeLabel() == "google_storage_bucket" {
    66  				parented.bucketBlockID = refBlock.ID()
    67  			}
    68  		}
    69  
    70  		a.bindings = append(a.bindings, parented)
    71  	}
    72  }
    73  
    74  func (a *adapter) adaptMembers() {
    75  
    76  	for _, iamBlock := range a.modules.GetResourcesByType("google_storage_bucket_iam_member") {
    77  
    78  		var parented parentedMember
    79  		parented.blockID = iamBlock.ID()
    80  		parented.member = iam.AdaptMember(iamBlock, a.modules)
    81  
    82  		bucketAttr := iamBlock.GetAttribute("bucket")
    83  		if bucketAttr.IsString() {
    84  			parented.bucketID = bucketAttr.Value().AsString()
    85  		}
    86  
    87  		if refBlock, err := a.modules.GetReferencedBlock(bucketAttr, iamBlock); err == nil {
    88  			if refBlock.TypeLabel() == "google_storage_bucket" {
    89  				parented.bucketBlockID = refBlock.ID()
    90  			}
    91  		}
    92  
    93  		a.members = append(a.members, parented)
    94  	}
    95  
    96  }