github.com/khulnasoft-lab/defsec@v1.0.5-0.20230827010352-5e9f46893d95/pkg/providers/aws/s3/bucket.go (about) 1 package s3 2 3 import ( 4 "github.com/khulnasoft-lab/defsec/pkg/providers/aws/iam" 5 defsecTypes "github.com/khulnasoft-lab/defsec/pkg/types" 6 ) 7 8 type Bucket struct { 9 Metadata defsecTypes.Metadata 10 Name defsecTypes.StringValue 11 PublicAccessBlock *PublicAccessBlock 12 BucketPolicies []iam.Policy 13 Encryption Encryption 14 Versioning Versioning 15 Logging Logging 16 ACL defsecTypes.StringValue 17 BucketLocation defsecTypes.StringValue 18 AccelerateConfigurationStatus defsecTypes.StringValue 19 LifecycleConfiguration []Rules 20 Objects []Contents 21 Website *Website 22 } 23 24 func (b *Bucket) HasPublicExposureACL() bool { 25 for _, publicACL := range []string{"public-read", "public-read-write", "website", "authenticated-read"} { 26 if b.ACL.EqualTo(publicACL) { 27 // if there is a public access block, check the public ACL blocks 28 if b.PublicAccessBlock != nil && b.PublicAccessBlock.Metadata.IsManaged() { 29 return b.PublicAccessBlock.IgnorePublicACLs.IsFalse() && b.PublicAccessBlock.BlockPublicACLs.IsFalse() 30 } 31 return true 32 } 33 } 34 return false 35 } 36 37 type Logging struct { 38 Metadata defsecTypes.Metadata 39 Enabled defsecTypes.BoolValue 40 TargetBucket defsecTypes.StringValue 41 } 42 43 type Versioning struct { 44 Metadata defsecTypes.Metadata 45 Enabled defsecTypes.BoolValue 46 MFADelete defsecTypes.BoolValue 47 } 48 49 type Encryption struct { 50 Metadata defsecTypes.Metadata 51 Enabled defsecTypes.BoolValue 52 Algorithm defsecTypes.StringValue 53 KMSKeyId defsecTypes.StringValue 54 } 55 56 type Rules struct { 57 Metadata defsecTypes.Metadata 58 Status defsecTypes.StringValue 59 } 60 61 type Contents struct { 62 Metadata defsecTypes.Metadata 63 } 64 65 type Website struct { 66 Metadata defsecTypes.Metadata 67 }