github.com/khulnasoft-lab/defsec@v1.0.5-0.20230827010352-5e9f46893d95/pkg/providers/aws/ecs/ecs.go (about) 1 package ecs 2 3 import ( 4 "encoding/json" 5 6 defsecTypes "github.com/khulnasoft-lab/defsec/pkg/types" 7 ) 8 9 type ECS struct { 10 Clusters []Cluster 11 TaskDefinitions []TaskDefinition 12 } 13 14 type Cluster struct { 15 Metadata defsecTypes.Metadata 16 Settings ClusterSettings 17 } 18 19 type ClusterSettings struct { 20 Metadata defsecTypes.Metadata 21 ContainerInsightsEnabled defsecTypes.BoolValue 22 } 23 24 type TaskDefinition struct { 25 Metadata defsecTypes.Metadata 26 Volumes []Volume 27 ContainerDefinitions []ContainerDefinition 28 } 29 30 func CreateDefinitionsFromString(metadata defsecTypes.Metadata, str string) ([]ContainerDefinition, error) { 31 var containerDefinitionsJSON []containerDefinitionJSON 32 if err := json.Unmarshal([]byte(str), &containerDefinitionsJSON); err != nil { 33 return nil, err 34 } 35 var definitions []ContainerDefinition 36 for _, j := range containerDefinitionsJSON { 37 definitions = append(definitions, j.convert(metadata)) 38 } 39 return definitions, nil 40 } 41 42 // see https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task_definition_parameters.html 43 type containerDefinitionJSON struct { 44 Name string `json:"name"` 45 Image string `json:"image"` 46 CPU int `json:"cpu"` 47 Memory int `json:"memory"` 48 Essential bool `json:"essential"` 49 PortMappings []portMappingJSON `json:"portMappings"` 50 EnvVars []envVarJSON `json:"environment"` 51 Privileged bool `json:"privileged"` 52 } 53 54 type envVarJSON struct { 55 Name string `json:"name"` 56 Value string `json:"value"` 57 } 58 59 type portMappingJSON struct { 60 ContainerPort int `json:"containerPort"` 61 HostPort int `json:"hostPort"` 62 } 63 64 func (j containerDefinitionJSON) convert(metadata defsecTypes.Metadata) ContainerDefinition { 65 var mappings []PortMapping 66 for _, jMapping := range j.PortMappings { 67 mappings = append(mappings, PortMapping{ 68 ContainerPort: defsecTypes.Int(jMapping.ContainerPort, metadata), 69 HostPort: defsecTypes.Int(jMapping.HostPort, metadata), 70 }) 71 } 72 var envVars []EnvVar 73 for _, env := range j.EnvVars { 74 envVars = append(envVars, EnvVar(env)) 75 } 76 return ContainerDefinition{ 77 Metadata: metadata, 78 Name: defsecTypes.String(j.Name, metadata), 79 Image: defsecTypes.String(j.Image, metadata), 80 CPU: defsecTypes.Int(j.CPU, metadata), 81 Memory: defsecTypes.Int(j.Memory, metadata), 82 Essential: defsecTypes.Bool(j.Essential, metadata), 83 PortMappings: mappings, 84 Environment: envVars, 85 Privileged: defsecTypes.Bool(j.Privileged, metadata), 86 } 87 } 88 89 type ContainerDefinition struct { 90 Metadata defsecTypes.Metadata 91 Name defsecTypes.StringValue 92 Image defsecTypes.StringValue 93 CPU defsecTypes.IntValue 94 Memory defsecTypes.IntValue 95 Essential defsecTypes.BoolValue 96 PortMappings []PortMapping 97 Environment []EnvVar 98 Privileged defsecTypes.BoolValue 99 } 100 101 type EnvVar struct { 102 Name string 103 Value string 104 } 105 106 type PortMapping struct { 107 ContainerPort defsecTypes.IntValue 108 HostPort defsecTypes.IntValue 109 } 110 111 type Volume struct { 112 Metadata defsecTypes.Metadata 113 EFSVolumeConfiguration EFSVolumeConfiguration 114 } 115 116 type EFSVolumeConfiguration struct { 117 Metadata defsecTypes.Metadata 118 TransitEncryptionEnabled defsecTypes.BoolValue 119 }