github.com/khulnasoft-lab/defsec@v1.0.5-0.20230827010352-5e9f46893d95/pkg/providers/aws/iam/iam.go

github.com/khulnasoft-lab/defsec@v1.0.5-0.20230827010352-5e9f46893d95/pkg/providers/aws/iam/iam.go (about)

     1  package iam
     2  
     3  import (
     4  	defsecTypes "github.com/khulnasoft-lab/defsec/pkg/types"
     5  	"github.com/liamg/iamgo"
     6  )
     7  
     8  type IAM struct {
     9  	PasswordPolicy     PasswordPolicy
    10  	Policies           []Policy
    11  	Groups             []Group
    12  	Users              []User
    13  	Roles              []Role
    14  	ServerCertificates []ServerCertificate
    15  }
    16  
    17  type ServerCertificate struct {
    18  	Metadata   defsecTypes.Metadata
    19  	Expiration defsecTypes.TimeValue
    20  }
    21  
    22  type Policy struct {
    23  	Metadata defsecTypes.Metadata
    24  	Name     defsecTypes.StringValue
    25  	Document Document
    26  	Builtin  defsecTypes.BoolValue
    27  }
    28  
    29  type Document struct {
    30  	Metadata defsecTypes.Metadata
    31  	Parsed   iamgo.Document
    32  	IsOffset bool
    33  	HasRefs  bool
    34  }
    35  
    36  func (d Document) ToRego() interface{} {
    37  	m := d.Metadata
    38  	doc, _ := d.Parsed.MarshalJSON()
    39  	return map[string]interface{}{
    40  		"filepath":  m.Range().GetFilename(),
    41  		"startline": m.Range().GetStartLine(),
    42  		"endline":   m.Range().GetEndLine(),
    43  		"managed":   m.IsManaged(),
    44  		"explicit":  m.IsExplicit(),
    45  		"value":     string(doc),
    46  		"fskey":     defsecTypes.CreateFSKey(m.Range().GetFS()),
    47  	}
    48  }
    49  
    50  type Group struct {
    51  	Metadata defsecTypes.Metadata
    52  	Name     defsecTypes.StringValue
    53  	Users    []User
    54  	Policies []Policy
    55  }
    56  
    57  type User struct {
    58  	Metadata   defsecTypes.Metadata
    59  	Name       defsecTypes.StringValue
    60  	Groups     []Group
    61  	Policies   []Policy
    62  	AccessKeys []AccessKey
    63  	MFADevices []MFADevice
    64  	LastAccess defsecTypes.TimeValue
    65  }
    66  
    67  func (u *User) HasLoggedIn() bool {
    68  	return u.LastAccess.GetMetadata().IsResolvable() && !u.LastAccess.IsNever()
    69  }
    70  
    71  type MFADevice struct {
    72  	Metadata  defsecTypes.Metadata
    73  	IsVirtual defsecTypes.BoolValue
    74  }
    75  
    76  type AccessKey struct {
    77  	Metadata     defsecTypes.Metadata
    78  	AccessKeyId  defsecTypes.StringValue
    79  	Active       defsecTypes.BoolValue
    80  	CreationDate defsecTypes.TimeValue
    81  	LastAccess   defsecTypes.TimeValue
    82  }
    83  
    84  type Role struct {
    85  	Metadata defsecTypes.Metadata
    86  	Name     defsecTypes.StringValue
    87  	Policies []Policy
    88  }
    89  
    90  func (d Document) MetadataFromIamGo(r ...iamgo.Range) defsecTypes.Metadata {
    91  	m := d.Metadata
    92  	if d.HasRefs {
    93  		return m
    94  	}
    95  	newRange := m.Range()
    96  	var start int
    97  	if !d.IsOffset {
    98  		start = newRange.GetStartLine()
    99  	}
   100  	for _, rng := range r {
   101  		newRange := defsecTypes.NewRange(
   102  			newRange.GetLocalFilename(),
   103  			start+rng.StartLine,
   104  			start+rng.EndLine,
   105  			newRange.GetSourcePrefix(),
   106  			newRange.GetFS(),
   107  		)
   108  		m = defsecTypes.NewMetadata(newRange, m.Reference()).WithParent(m)
   109  	}
   110  	return m
   111  }