github.com/khulnasoft-lab/defsec@v1.0.5-0.20230827010352-5e9f46893d95/pkg/providers/aws/ec2/instance.go (about) 1 package ec2 2 3 import ( 4 defsecTypes "github.com/khulnasoft-lab/defsec/pkg/types" 5 "github.com/owenrumney/squealer/pkg/squealer" 6 ) 7 8 type Instance struct { 9 Metadata defsecTypes.Metadata 10 MetadataOptions MetadataOptions 11 UserData defsecTypes.StringValue 12 SecurityGroups []SecurityGroup 13 RootBlockDevice *BlockDevice 14 EBSBlockDevices []*BlockDevice 15 } 16 17 type BlockDevice struct { 18 Metadata defsecTypes.Metadata 19 Encrypted defsecTypes.BoolValue 20 } 21 22 type MetadataOptions struct { 23 Metadata defsecTypes.Metadata 24 HttpTokens defsecTypes.StringValue 25 HttpEndpoint defsecTypes.StringValue 26 } 27 28 func NewInstance(metadata defsecTypes.Metadata) *Instance { 29 return &Instance{ 30 Metadata: metadata, 31 MetadataOptions: MetadataOptions{ 32 Metadata: metadata, 33 HttpTokens: defsecTypes.StringDefault("optional", metadata), 34 HttpEndpoint: defsecTypes.StringDefault("enabled", metadata), 35 }, 36 UserData: defsecTypes.StringDefault("", metadata), 37 SecurityGroups: []SecurityGroup{}, 38 RootBlockDevice: nil, 39 EBSBlockDevices: nil, 40 } 41 } 42 43 func (i *Instance) RequiresIMDSToken() bool { 44 return i.MetadataOptions.HttpTokens.EqualTo("required") 45 } 46 47 func (i *Instance) HasHTTPEndpointDisabled() bool { 48 return i.MetadataOptions.HttpEndpoint.EqualTo("disabled") 49 } 50 51 func (i *Instance) HasSensitiveInformationInUserData() bool { 52 scanner := squealer.NewStringScanner() 53 return scanner.Scan(i.UserData.Value()).TransgressionFound 54 }