github.com/khulnasoft-lab/defsec@v1.0.5-0.20230827010352-5e9f46893d95/internal/adapters/terraform/nifcloud/sslcertificate/server_certificate.go

github.com/khulnasoft-lab/defsec@v1.0.5-0.20230827010352-5e9f46893d95/internal/adapters/terraform/nifcloud/sslcertificate/server_certificate.go (about)

     1  package sslcertificate
     2  
     3  import (
     4  	"crypto/x509"
     5  	"encoding/pem"
     6  
     7  	"github.com/khulnasoft-lab/defsec/pkg/providers/nifcloud/sslcertificate"
     8  	"github.com/khulnasoft-lab/defsec/pkg/terraform"
     9  	defsecTypes "github.com/khulnasoft-lab/defsec/pkg/types"
    10  )
    11  
    12  func adaptServerCertificates(modules terraform.Modules) []sslcertificate.ServerCertificate {
    13  	var serverCertificates []sslcertificate.ServerCertificate
    14  
    15  	for _, resource := range modules.GetResourcesByType("nifcloud_ssl_certificate") {
    16  		serverCertificates = append(serverCertificates, adaptServerCertificate(resource))
    17  	}
    18  	return serverCertificates
    19  }
    20  
    21  func adaptServerCertificate(resource *terraform.Block) sslcertificate.ServerCertificate {
    22  	certificateAttr := resource.GetAttribute("certificate")
    23  	expiryDateVal := defsecTypes.TimeUnresolvable(resource.GetMetadata())
    24  
    25  	if certificateAttr.IsNotNil() {
    26  		expiryDateVal = defsecTypes.TimeUnresolvable(certificateAttr.GetMetadata())
    27  		if certificateAttr.IsString() {
    28  			certificateString := certificateAttr.Value().AsString()
    29  			if block, _ := pem.Decode([]byte(certificateString)); block != nil {
    30  				if cert, err := x509.ParseCertificate(block.Bytes); err == nil {
    31  					expiryDateVal = defsecTypes.Time(cert.NotAfter, certificateAttr.GetMetadata())
    32  				}
    33  			}
    34  		}
    35  	}
    36  
    37  	return sslcertificate.ServerCertificate{
    38  		Metadata:   resource.GetMetadata(),
    39  		Expiration: expiryDateVal,
    40  	}
    41  }