From 88d9a3a982dad530aef6304c1a590430efe5dde1 Mon Sep 17 00:00:00 2001 From: realwebdev Date: Wed, 15 Feb 2023 17:12:03 +0500 Subject: [PATCH] add: accessanalyzer adapter --- .../aws/accessanalyzer/accessanalyzer.go | 13 +++++++ .../aws/accessanalyzer/analyzer.go | 21 ++++++++++ .../aws/accessanalyzer/accessanalyzer.go | 38 +++++++++++++++++++ pkg/providers/aws/accessanalyzer/aa.go | 8 ++-- 4 files changed, 76 insertions(+), 4 deletions(-) create mode 100644 internal/adapters/cloudformation/aws/accessanalyzer/accessanalyzer.go create mode 100644 internal/adapters/cloudformation/aws/accessanalyzer/analyzer.go create mode 100644 internal/adapters/terraform/aws/accessanalyzer/accessanalyzer.go diff --git a/internal/adapters/cloudformation/aws/accessanalyzer/accessanalyzer.go b/internal/adapters/cloudformation/aws/accessanalyzer/accessanalyzer.go new file mode 100644 index 000000000..221cd2238 --- /dev/null +++ b/internal/adapters/cloudformation/aws/accessanalyzer/accessanalyzer.go @@ -0,0 +1,13 @@ +package accessanalyzer + +import ( + "github.com/aquasecurity/defsec/pkg/providers/aws/accessanalyzer" + "github.com/aquasecurity/defsec/pkg/scanners/cloudformation/parser" +) + +// Adapt ... +func Adapt(cfFile parser.FileContext) accessanalyzer.AccessAnalyzer { + return accessanalyzer.AccessAnalyzer{ + Analyzers: getAccessAnalyzer(cfFile), + } +} diff --git a/internal/adapters/cloudformation/aws/accessanalyzer/analyzer.go b/internal/adapters/cloudformation/aws/accessanalyzer/analyzer.go new file mode 100644 index 000000000..f5f13c407 --- /dev/null +++ b/internal/adapters/cloudformation/aws/accessanalyzer/analyzer.go @@ -0,0 +1,21 @@ +package accessanalyzer + +import ( + "github.com/aquasecurity/defsec/pkg/providers/aws/accessanalyzer" + "github.com/aquasecurity/defsec/pkg/scanners/cloudformation/parser" +) + +func getAccessAnalyzer(ctx parser.FileContext) (analyzers []accessanalyzer.Analyzer) { + + analyzersList := ctx.GetResourcesByType("AWS::AccessAnalyzer::Analyzer") + + for _, r := range analyzersList { + aa := accessanalyzer.Analyzer{ + Metadata: r.Metadata(), + Name: r.GetStringProperty("AnalyzerName"), + } + + analyzers = append(analyzers, aa) + } + return analyzers +} diff --git a/internal/adapters/terraform/aws/accessanalyzer/accessanalyzer.go b/internal/adapters/terraform/aws/accessanalyzer/accessanalyzer.go new file mode 100644 index 000000000..a345db6c1 --- /dev/null +++ b/internal/adapters/terraform/aws/accessanalyzer/accessanalyzer.go @@ -0,0 +1,38 @@ +package accessanalyzer + +import ( + "github.com/aquasecurity/defsec/pkg/providers/aws/accessanalyzer" + "github.com/aquasecurity/defsec/pkg/terraform" +) + +func Adapt(modules terraform.Modules) accessanalyzer.AccessAnalyzer { + return accessanalyzer.AccessAnalyzer{ + Analyzers: adaptTrails(modules), + } +} + +func adaptTrails(modules terraform.Modules) []accessanalyzer.Analyzer { + var analyzer []accessanalyzer.Analyzer + + for _, module := range modules { + for _, resource := range module.GetResourcesByType("aws_accessanalyzer_analyzer") { + analyzer = append(analyzer, adaptAnalyzers(resource)) + } + } + return analyzer +} + +func adaptAnalyzers(resource *terraform.Block) accessanalyzer.Analyzer { + + analyzerName := resource.GetAttribute("analyzer_name") + analyzerNameAttr := analyzerName.AsStringValueOrDefault("", resource) + + arnAnalyzer := resource.GetAttribute("arn") + arnAnalyzerAttr := arnAnalyzer.AsStringValueOrDefault("", resource) + + return accessanalyzer.Analyzer{ + Metadata: resource.GetMetadata(), + Name: analyzerNameAttr, + ARN: arnAnalyzerAttr, + } +} diff --git a/pkg/providers/aws/accessanalyzer/aa.go b/pkg/providers/aws/accessanalyzer/aa.go index 210feea3a..77d235f83 100644 --- a/pkg/providers/aws/accessanalyzer/aa.go +++ b/pkg/providers/aws/accessanalyzer/aa.go @@ -7,8 +7,8 @@ type AccessAnalyzer struct { } type Analyzer struct { - types.Metadata - ARN types.StringValue - Name types.StringValue - Active types.BoolValue + Metadata types.Metadata + ARN types.StringValue + Name types.StringValue + Active types.BoolValue }