add: accessanalyzer adapter (#1179)

* add: accessanalyzer adapter * add(cloud): listfinding call added * add: schema added * modify: initialized active field in accessanalyzer cloudformation and terraform
aquasecurity · Mar 2, 2023 · 0fd1fd0 · 0fd1fd0
1 parent 160a9d6
commit 0fd1fd0
Show file tree

Hide file tree

Showing 6 changed files with 114 additions and 4 deletions.
diff --git a/internal/adapters/cloud/aws/accessanalyzer/adapt.go b/internal/adapters/cloud/aws/accessanalyzer/adapt.go
@@ -84,10 +84,28 @@ func (a *adapter) adaptAnalyzer(apiAnalyzer aatypes.AnalyzerSummary) (*accessana
 	if apiAnalyzer.Name != nil {
 		name = *apiAnalyzer.Name
 	}
+
+	var findings []accessanalyzer.Findings
+	output, err := a.api.ListFindings(a.Context(), &api.ListFindingsInput{
+		AnalyzerArn: apiAnalyzer.Arn,
+	})
+	if err != nil {
+		return nil, err
+	}
+	if output.Findings != nil {
+		for _, r := range output.Findings {
+			findings = append(findings, accessanalyzer.Findings{
+				Metadata: metadata,
+			})
+			_ = r
+		}
+	}
+
 	return &accessanalyzer.Analyzer{
 		Metadata: metadata,
 		ARN:      types.String(*apiAnalyzer.Arn, metadata),
 		Name:     types.String(name, metadata),
 		Active:   types.Bool(apiAnalyzer.Status == aatypes.AnalyzerStatusActive, metadata),
+		Findings: findings,
 	}, nil
 }
diff --git a/internal/adapters/cloudformation/aws/accessanalyzer/accessanalyzer.go b/internal/adapters/cloudformation/aws/accessanalyzer/accessanalyzer.go
@@ -0,0 +1,13 @@
+package accessanalyzer
+
+import (
+	"github.com/aquasecurity/defsec/pkg/providers/aws/accessanalyzer"
+	"github.com/aquasecurity/defsec/pkg/scanners/cloudformation/parser"
+)
+
+// Adapt ...
+func Adapt(cfFile parser.FileContext) accessanalyzer.AccessAnalyzer {
+	return accessanalyzer.AccessAnalyzer{
+		Analyzers: getAccessAnalyzer(cfFile),
+	}
+}
diff --git a/internal/adapters/cloudformation/aws/accessanalyzer/analyzer.go b/internal/adapters/cloudformation/aws/accessanalyzer/analyzer.go
@@ -0,0 +1,24 @@
+package accessanalyzer
+
+import (
+	"github.com/aquasecurity/defsec/pkg/providers/aws/accessanalyzer"
+	"github.com/aquasecurity/defsec/pkg/scanners/cloudformation/parser"
+	"github.com/aquasecurity/defsec/pkg/types"
+)
+
+func getAccessAnalyzer(ctx parser.FileContext) (analyzers []accessanalyzer.Analyzer) {
+
+	analyzersList := ctx.GetResourcesByType("AWS::AccessAnalyzer::Analyzer")
+
+	for _, r := range analyzersList {
+		aa := accessanalyzer.Analyzer{
+			Metadata: r.Metadata(),
+			Name:     r.GetStringProperty("AnalyzerName"),
+			ARN:      r.StringDefault(""),
+			Active:   types.BoolDefault(false, r.Metadata()),
+		}
+
+		analyzers = append(analyzers, aa)
+	}
+	return analyzers
+}
diff --git a/internal/adapters/terraform/aws/accessanalyzer/accessanalyzer.go b/internal/adapters/terraform/aws/accessanalyzer/accessanalyzer.go
@@ -0,0 +1,40 @@
+package accessanalyzer
+
+import (
+	"github.com/aquasecurity/defsec/pkg/providers/aws/accessanalyzer"
+	"github.com/aquasecurity/defsec/pkg/terraform"
+	"github.com/aquasecurity/defsec/pkg/types"
+)
+
+func Adapt(modules terraform.Modules) accessanalyzer.AccessAnalyzer {
+	return accessanalyzer.AccessAnalyzer{
+		Analyzers: adaptTrails(modules),
+	}
+}
+
+func adaptTrails(modules terraform.Modules) []accessanalyzer.Analyzer {
+	var analyzer []accessanalyzer.Analyzer
+
+	for _, module := range modules {
+		for _, resource := range module.GetResourcesByType("aws_accessanalyzer_analyzer") {
+			analyzer = append(analyzer, adaptAnalyzers(resource))
+		}
+	}
+	return analyzer
+}
+
+func adaptAnalyzers(resource *terraform.Block) accessanalyzer.Analyzer {
+
+	analyzerName := resource.GetAttribute("analyzer_name")
+	analyzerNameAttr := analyzerName.AsStringValueOrDefault("", resource)
+
+	arnAnalyzer := resource.GetAttribute("arn")
+	arnAnalyzerAttr := arnAnalyzer.AsStringValueOrDefault("", resource)
+
+	return accessanalyzer.Analyzer{
+		Metadata: resource.GetMetadata(),
+		Name:     analyzerNameAttr,
+		ARN:      arnAnalyzerAttr,
+		Active:   types.BoolDefault(false, resource.GetMetadata()),
+	}
+}
diff --git a/pkg/providers/aws/accessanalyzer/aa.go b/pkg/providers/aws/accessanalyzer/aa.go
@@ -7,8 +7,13 @@ type AccessAnalyzer struct {
 }
 
 type Analyzer struct {
-	types.Metadata
-	ARN    types.StringValue
-	Name   types.StringValue
-	Active types.BoolValue
+	Metadata types.Metadata
+	ARN      types.StringValue
+	Name     types.StringValue
+	Active   types.BoolValue
+	Findings []Findings
+}
+
+type Findings struct {
+	Metadata types.Metadata
 }
diff --git a/pkg/rego/schemas/cloud.json b/pkg/rego/schemas/cloud.json
@@ -203,12 +203,22 @@
           "type": "object",
           "$ref": "#/definitions/github.aaakk.us.kg.aquasecurity.defsec.pkg.types.StringValue"
         },
+        "findings": {
+          "type": "array",
+          "items": {
+            "type": "object",
+            "$ref": "#/definitions/github.aaakk.us.kg.aquasecurity.defsec.pkg.providers.aws.accessanalyzer.Findings"
+          }
+        },
         "name": {
           "type": "object",
           "$ref": "#/definitions/github.aaakk.us.kg.aquasecurity.defsec.pkg.types.StringValue"
         }
       }
     },
+    "github.aaakk.us.kg.aquasecurity.defsec.pkg.providers.aws.accessanalyzer.Findings": {
+      "type": "object"
+    },
     "github.aaakk.us.kg.aquasecurity.defsec.pkg.providers.aws.apigateway.APIGateway": {
       "type": "object",
       "properties": {