diff --git a/avd_docs/aws/autoscaling/AVD-AWS-0339/docs.md b/avd_docs/aws/autoscaling/AVD-AWS-0339/docs.md deleted file mode 100644 index 015c24594..000000000 --- a/avd_docs/aws/autoscaling/AVD-AWS-0339/docs.md +++ /dev/null @@ -1,13 +0,0 @@ - -Ensures that ASGs are created to be cross-AZ for high availability - -### Impact - - - -{{ remediationActions }} - -### Links -- http://docs.aws.amazon.com/autoscaling/latest/userguide/AutoScalingGroup.html - - diff --git a/avd_docs/aws/autoscaling/AVD-AWS-0340/docs.md b/avd_docs/aws/autoscaling/AVD-AWS-0340/docs.md deleted file mode 100644 index 77880bf42..000000000 --- a/avd_docs/aws/autoscaling/AVD-AWS-0340/docs.md +++ /dev/null @@ -1,13 +0,0 @@ - -Ensures all autoscaling groups contain at least 1 instance. - -### Impact - - - -{{ remediationActions }} - -### Links -- https://docs.aws.amazon.com/autoscaling/ec2/userguide/AutoScalingGroup.html - - diff --git a/avd_docs/aws/autoscaling/AVD-AWS-0341/docs.md b/avd_docs/aws/autoscaling/AVD-AWS-0341/docs.md deleted file mode 100644 index 7e03e7c23..000000000 --- a/avd_docs/aws/autoscaling/AVD-AWS-0341/docs.md +++ /dev/null @@ -1,13 +0,0 @@ - -Ensures all Auto Scaling groups have ELB health check active - -### Impact - - - -{{ remediationActions }} - -### Links -- https://docs.aws.amazon.com/autoscaling/ec2/userguide/as-add-elb-healthcheck.html - - diff --git a/avd_docs/aws/iam/AVD-AWS-0342/docs.md b/avd_docs/aws/iam/AVD-AWS-0342/docs.md index ff507cdb6..9e3642313 100644 --- a/avd_docs/aws/iam/AVD-AWS-0342/docs.md +++ b/avd_docs/aws/iam/AVD-AWS-0342/docs.md @@ -1,8 +1,10 @@ -Ensures any IAM pass role attched to roles are flagged and warned. +In iam:PassRole the service carrying out the actions is "provided" a role by the calling principal and implicitly takes on that role to carry out the actions (instead of executing sts:AssumeRole). + The privileges attached to the role are distinct from those of the primary ordering the action and may even be larger and can cause security issues. + ### Impact - +Compromise on security of aws resources. {{ remediationActions }} diff --git a/avd_docs/azure/container/AVD-AZU-0041/Terraform.md b/avd_docs/azure/container/AVD-AZU-0041/Terraform.md index f4474ce45..ed7c2a5df 100644 --- a/avd_docs/azure/container/AVD-AZU-0041/Terraform.md +++ b/avd_docs/azure/container/AVD-AZU-0041/Terraform.md @@ -3,13 +3,9 @@ Limit the access to the API server to a limited IP range ```hcl resource "azurerm_kubernetes_cluster" "good_example" { - api_server_access_profile { - authorized_ip_ranges = [ + api_server_authorized_ip_ranges = [ "1.2.3.4/32" ] - - } - } ``` diff --git a/avd_docs/dockerfile/general/AVD-DS-0029/docs.md b/avd_docs/dockerfile/general/AVD-DS-0029/docs.md index cf6a09672..3116f8b53 100644 --- a/avd_docs/dockerfile/general/AVD-DS-0029/docs.md +++ b/avd_docs/dockerfile/general/AVD-DS-0029/docs.md @@ -1,13 +1,14 @@ -'apt-get' install should use '--no-install-recommends' to minimize image size. +Do not install packages because they may be needed, install them only if you require them. ### Impact - + +Image will increase substantially in size without `--no-install-recommends` for `apt-get install`. {{ remediationActions }} ### Links - https://docs.docker.com/develop/develop-images/dockerfile_best-practices/ - +- https://ubuntu.com/blog/we-reduced-our-docker-images-by-60-with-no-install-recommends diff --git a/go.mod b/go.mod index da81750f0..febd2e987 100644 --- a/go.mod +++ b/go.mod @@ -76,18 +76,6 @@ require ( ) require ( - github.com/aws/aws-sdk-go-v2/service/autoscaling v1.28.4 - github.com/aws/aws-sdk-go-v2/service/kendra v1.38.5 - github.com/aws/aws-sdk-go-v2/service/kinesisvideo v1.15.5 - github.com/aws/aws-sdk-go-v2/service/proton v1.20.3 - github.com/aws/aws-sdk-go-v2/service/ses v1.15.3 - github.com/aws/aws-sdk-go-v2/service/shield v1.18.4 - github.com/aws/aws-sdk-go-v2/service/timestreamwrite v1.16.0 - github.com/aws/aws-sdk-go-v2/service/transfer v1.28.5 - github.com/aws/aws-sdk-go-v2/service/translate v1.17.4 - github.com/aws/aws-sdk-go-v2/service/waf v1.12.4 - github.com/aws/aws-sdk-go-v2/service/wafv2 v1.26.0 - github.com/aws/aws-sdk-go-v2/service/xray v1.16.5 github.com/aws/smithy-go v1.13.5 github.com/mitchellh/mapstructure v1.5.0 k8s.io/utils v0.0.0-20230115233650-391b47cb4029 @@ -121,7 +109,7 @@ require ( github.com/aws/aws-sdk-go-v2/internal/v4a v1.0.14 // indirect github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.9.10 // indirect github.com/aws/aws-sdk-go-v2/service/internal/checksum v1.1.18 // indirect - github.com/aws/aws-sdk-go-v2/service/internal/endpoint-discovery v1.7.23 // indirect + github.com/aws/aws-sdk-go-v2/service/internal/endpoint-discovery v1.7.19 // indirect github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.9.24 // indirect github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.13.17 // indirect github.com/aws/aws-sdk-go-v2/service/sso v1.12.4 // indirect diff --git a/go.sum b/go.sum index 5ae6deb68..6cc4e7da0 100644 --- a/go.sum +++ b/go.sum @@ -294,8 +294,6 @@ github.com/aws/aws-sdk-go-v2/service/apigatewayv2 v1.12.18 h1:b+6dNRDFDdvW8wZcgH github.com/aws/aws-sdk-go-v2/service/apigatewayv2 v1.12.18/go.mod h1:Ei6UH6WRGNA0URIdDX3efUFVc23XGfT+QbYLkgBIqQU= github.com/aws/aws-sdk-go-v2/service/athena v1.18.10 h1:s8cE1HX3Pi53iMg+A+d7gGvmjA+Z4nH6u0BbbuFwXXE= github.com/aws/aws-sdk-go-v2/service/athena v1.18.10/go.mod h1:LiVr7tVQ2lrlv82VQhyuulN8uysLHsEeptFjA5PY1Pc= -github.com/aws/aws-sdk-go-v2/service/autoscaling v1.28.4 h1:FTzD49N7q3gQyqUyJrG7PX0ENFIyHYWfwka0rkJWeyI= -github.com/aws/aws-sdk-go-v2/service/autoscaling v1.28.4/go.mod h1:EzFSRtBStdkmtYdhuL0EJZ1UMz+EfIO1BVqQ5vEYixE= github.com/aws/aws-sdk-go-v2/service/cloudfront v1.20.5 h1:nLAPA7/DSmDWYP/MGtRNP6bHjiL8Fmyg8qeDxW90nm0= github.com/aws/aws-sdk-go-v2/service/cloudfront v1.20.5/go.mod h1:HYQXu2AKM7RLCn3APoQ5EvL2N/RlI4LSNN8pIGbdaDQ= github.com/aws/aws-sdk-go-v2/service/cloudtrail v1.24.4 h1:4n6EhYGGPyNHffNcz1glTQWa7jU5yLfCgDCb2fmXPno= @@ -335,9 +333,8 @@ github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.9.10 h1:dpiPHgm github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.9.10/go.mod h1:9cBNUHI2aW4ho0A5T87O294iPDuuUOSIEDjnd1Lq/z0= github.com/aws/aws-sdk-go-v2/service/internal/checksum v1.1.18 h1:BBYoNQt2kUZUUK4bIPsKrCcjVPUMNsgQpNAwhznK/zo= github.com/aws/aws-sdk-go-v2/service/internal/checksum v1.1.18/go.mod h1:NS55eQ4YixUJPTC+INxi2/jCqe1y2Uw3rnh9wEOVJxY= +github.com/aws/aws-sdk-go-v2/service/internal/endpoint-discovery v1.7.19 h1:V03dAtcAN4Qtly7H3/0B6m3t/cyl4FgyKFqK738fyJw= github.com/aws/aws-sdk-go-v2/service/internal/endpoint-discovery v1.7.19/go.mod h1:2WpVWFC5n4DYhjNXzObtge8xfgId9UP6GWca46KJFLo= -github.com/aws/aws-sdk-go-v2/service/internal/endpoint-discovery v1.7.23 h1:5AwQnYQT3ZX/N7hPTAx4ClWyucaiqr2esQRMNbJIby0= -github.com/aws/aws-sdk-go-v2/service/internal/endpoint-discovery v1.7.23/go.mod h1:s8OUYECPoPpevQHmRmMBemFIx6Oc91iapsw56KiXIMY= github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.9.17/go.mod h1:4nYOrY41Lrbk2170/BGkcJKBhws9Pfn8MG3aGqjjeFI= github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.9.23/go.mod h1:9uPh+Hrz2Vn6oMnQYiUi/zbh3ovbnQk19YKINkQny44= github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.9.24 h1:c5qGfdbCHav6viBwiyDns3OXqhqAbGjfIB4uVu2ayhk= @@ -346,12 +343,8 @@ github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.13.17 h1:HfVVR1vItaG6l github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.13.17/go.mod h1:YqMdV+gEKCQ59NrB7rzrJdALeBIsYiVi8Inj3+KcqHI= github.com/aws/aws-sdk-go-v2/service/kafka v1.19.4 h1:EmEk3gRJzSEK8DUnkvTGDn/RQc/Ud+yimUFIG+PSvTI= github.com/aws/aws-sdk-go-v2/service/kafka v1.19.4/go.mod h1:+O9qi0UC83Lk0KAnC/ixNcw4piXfUtPzXpYn/KC2Mhg= -github.com/aws/aws-sdk-go-v2/service/kendra v1.38.5 h1:vYyn1h1+/eRL8UxfzRgxhH8tm+Jd6ujsyXmUFztfnks= -github.com/aws/aws-sdk-go-v2/service/kendra v1.38.5/go.mod h1:PMq9hXXhaNxmBMIolmknhJ9gXi4PYDsZwsFBaJs7Zak= github.com/aws/aws-sdk-go-v2/service/kinesis v1.15.19 h1:qVaBkJxFxm6o/9DPNnJU6L9O3V7ycEKhCvRm2BFBQTU= github.com/aws/aws-sdk-go-v2/service/kinesis v1.15.19/go.mod h1:9rLNg+J9SEe7rhge/YzKU3QTovlLqOmqH8akb0IB1ko= -github.com/aws/aws-sdk-go-v2/service/kinesisvideo v1.15.5 h1:lVFA8fZBznkErYFE42WM2KyoQ+yRpyA7bLfWOrhGSH4= -github.com/aws/aws-sdk-go-v2/service/kinesisvideo v1.15.5/go.mod h1:JRp3eVmI2W1qreH9VQ+Kh2xtrKG+25ASrt4/lgl+s5g= github.com/aws/aws-sdk-go-v2/service/kms v1.20.8 h1:R5f4VOFi3ScTe7TtePyxLqEhNqTJIAxL57MzrXFNs6I= github.com/aws/aws-sdk-go-v2/service/kms v1.20.8/go.mod h1:OtP3pBOgmJM+acQyQcQXtQHets3yJoVuanCx2T5M7v4= github.com/aws/aws-sdk-go-v2/service/lambda v1.24.6 h1:N7RkXX2SJbN+TCp295J3LdMR0KRFd2Bhi5nIO+svLQY= @@ -360,8 +353,6 @@ github.com/aws/aws-sdk-go-v2/service/mq v1.13.15 h1:K0UbxNfaPHoIXo0T4L4jrbE+TKcV github.com/aws/aws-sdk-go-v2/service/mq v1.13.15/go.mod h1:ycghPMXYItx5Y74iehFgGwDNUMXdq0xCxLaYC5uYZO0= github.com/aws/aws-sdk-go-v2/service/neptune v1.17.12 h1:QxMwblYXBaAUnQsSbGGmGlqj5/lHJKaEr1HcMXnnaok= github.com/aws/aws-sdk-go-v2/service/neptune v1.17.12/go.mod h1:0arQRjGdCQgRNLiCIv5FEFCgQkDMUiLkv0mkrUbSrNE= -github.com/aws/aws-sdk-go-v2/service/proton v1.20.3 h1:jcJeALhHrPufi1p3yJV0UhRcLFzIjwkl+5UaN3gbmI8= -github.com/aws/aws-sdk-go-v2/service/proton v1.20.3/go.mod h1:o7oSUtJ+VE7glg1jyTwLLw0AjBdEW49/heU6QkwbOVI= github.com/aws/aws-sdk-go-v2/service/rds v1.26.1 h1:tiXsw36GaRUWMcH5uRM2uM7vo+bNsa1mEOn68ZOBjWA= github.com/aws/aws-sdk-go-v2/service/rds v1.26.1/go.mod h1:d8jJiNpy2cyl52sw5msQQ12ajEbPAK+twYPR7J35slw= github.com/aws/aws-sdk-go-v2/service/redshift v1.27.7 h1:fKg773iDMTGUxd8UNkEfwYGNjT6H6KFSmqV97Yte+jc= @@ -370,10 +361,6 @@ github.com/aws/aws-sdk-go-v2/service/s3 v1.27.11 h1:3/gm/JTX9bX8CpzTgIlrtYpB3EVB github.com/aws/aws-sdk-go-v2/service/s3 v1.27.11/go.mod h1:fmgDANqTUCxciViKl9hb/zD5LFbvPINFRgWhDbR+vZo= github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.16.2 h1:3x1Qilin49XQ1rK6pDNAfG+DmCFPfB7Rrpl+FUDAR/0= github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.16.2/go.mod h1:HEBBc70BYi5eUvxBqC3xXjU/04NO96X/XNUe5qhC7Bc= -github.com/aws/aws-sdk-go-v2/service/ses v1.15.3 h1:O7gl6f1Zi80GLQkyWFJi2PYzF8c7qd/iUBmLIVVp8og= -github.com/aws/aws-sdk-go-v2/service/ses v1.15.3/go.mod h1:xIWGz5r8k9h6T0f0jhkFdLMZJ10abjOfxmUWoWevw14= -github.com/aws/aws-sdk-go-v2/service/shield v1.18.4 h1:wG6qU1g1j7/PqpwsVINDEDesWXEIFlT3Jo3Icnanbu4= -github.com/aws/aws-sdk-go-v2/service/shield v1.18.4/go.mod h1:ffYls8/rWoTDASJkCpPZ8sB45G+pedR0UCQeD1v79qs= github.com/aws/aws-sdk-go-v2/service/sns v1.18.1 h1:nxfBH9r3VUyybIOWdbIBJ/d5I1wdG7FwIoZ/BH/EhS8= github.com/aws/aws-sdk-go-v2/service/sns v1.18.1/go.mod h1:sIIc12m8ASRbCgOERccSSkTFeekFfHKEM4TKAvzJpG0= github.com/aws/aws-sdk-go-v2/service/sqs v1.20.6 h1:4P/vyx7zCI5yBhlDZ2kwhoLjMJi0X7iR3cxqjNfbego= @@ -384,20 +371,8 @@ github.com/aws/aws-sdk-go-v2/service/ssooidc v1.14.4 h1:YRkWXQveFb0tFC0TLktmmhGs github.com/aws/aws-sdk-go-v2/service/ssooidc v1.14.4/go.mod h1:zVwRrfdSmbRZWkUkWjOItY7SOalnFnq/Yg2LVPqDjwc= github.com/aws/aws-sdk-go-v2/service/sts v1.18.5 h1:L1600eLr0YvTT7gNh3Ni24yGI7NSHkq9Gp62vijPRCs= github.com/aws/aws-sdk-go-v2/service/sts v1.18.5/go.mod h1:1mKZHLLpDMHTNSYPJ7qrcnCQdHCWsNQaT0xRvq2u80s= -github.com/aws/aws-sdk-go-v2/service/timestreamwrite v1.16.0 h1:HHVOprdnZxhM6F5JgljW8nCklfwUyOlbd/wuca6vORA= -github.com/aws/aws-sdk-go-v2/service/timestreamwrite v1.16.0/go.mod h1:d/oxd3ap2hu2jFVz59gwWVK/tKo7cwTFaBQE0+r/M3A= -github.com/aws/aws-sdk-go-v2/service/transfer v1.28.5 h1:/dqvTQdJ9ft48LKYMs2FOEMnFqh6PalEzHIxvkFkK9s= -github.com/aws/aws-sdk-go-v2/service/transfer v1.28.5/go.mod h1:r7g6A0BKTUDCXporXgMuAZTyA/ePlc+ecwgeErbXng4= -github.com/aws/aws-sdk-go-v2/service/translate v1.17.4 h1:YDe25vYZ8vSXtZa+pMYXityWNKk+w7qxq6eZdg6G1tk= -github.com/aws/aws-sdk-go-v2/service/translate v1.17.4/go.mod h1:qdbVoT21RIfEPekui7RbxHvT9azUHBxC7gwXzL5aNxE= -github.com/aws/aws-sdk-go-v2/service/waf v1.12.4 h1:/XibOwP4sHBEwwssi+EpN+EvlQpQbgN+koP65R3Vg6o= -github.com/aws/aws-sdk-go-v2/service/waf v1.12.4/go.mod h1:6eWFoHKs0mvgVDsxp2iezqLZW2sbVC+JefCt3i2G4jI= -github.com/aws/aws-sdk-go-v2/service/wafv2 v1.26.0 h1:s54dXRjvjHaEH6U2tg3VLbPX/72iMPdav3nrpMuZDkw= -github.com/aws/aws-sdk-go-v2/service/wafv2 v1.26.0/go.mod h1:vSTUUghvH8zg+S2i712OAw3M1lXZ5ijNTxC+9MNsO68= github.com/aws/aws-sdk-go-v2/service/workspaces v1.23.0 h1:lrgZ9pZm9utPOPAXmQhqtf8oWRRksoSFxOE8RoD+pHc= github.com/aws/aws-sdk-go-v2/service/workspaces v1.23.0/go.mod h1:vPam8+zGthTXeaFWgl3Uqbzo/0QEoXF22jpuMZ97hSk= -github.com/aws/aws-sdk-go-v2/service/xray v1.16.5 h1:yV19Annb9MQXxvvKaGvcFh8ZQAxR3lfi0ydH/dZsQHQ= -github.com/aws/aws-sdk-go-v2/service/xray v1.16.5/go.mod h1:cQhPXZj4AQrHy6DJ+ts+BmNTzhPVfFHHTZ9hh0DKASU= github.com/aws/smithy-go v1.13.3/go.mod h1:Tg+OJXh4MB2R/uN61Ko2f6hTZwB/ZYGOtib8J3gBHzA= github.com/aws/smithy-go v1.13.4/go.mod h1:Tg+OJXh4MB2R/uN61Ko2f6hTZwB/ZYGOtib8J3gBHzA= github.com/aws/smithy-go v1.13.5 h1:hgz0X/DX0dGqTYpGALqXJoRKRj5oQ7150i5FdTePzO8= diff --git a/internal/adapters/cloud/aws/autoscaling/adapt.go b/internal/adapters/cloud/aws/autoscaling/adapt.go deleted file mode 100644 index 0785a8e27..000000000 --- a/internal/adapters/cloud/aws/autoscaling/adapt.go +++ /dev/null @@ -1,286 +0,0 @@ -package autoscaling - -import ( - "fmt" - - "github.com/aws/aws-sdk-go-v2/aws/arn" - api "github.com/aws/aws-sdk-go-v2/service/autoscaling" - aatypes "github.com/aws/aws-sdk-go-v2/service/autoscaling/types" - - "github.com/aquasecurity/defsec/internal/adapters/cloud/aws" - "github.com/aquasecurity/defsec/pkg/concurrency" - "github.com/aquasecurity/defsec/pkg/providers/aws/autoscaling" - "github.com/aquasecurity/defsec/pkg/state" - "github.com/aquasecurity/defsec/pkg/types" -) - -type adapter struct { - *aws.RootAdapter - api *api.Client -} - -func init() { - aws.RegisterServiceAdapter(&adapter{}) -} - -func (a *adapter) Provider() string { - return "aws" -} - -func (a *adapter) Name() string { - return "autoscaling" -} - -func (a *adapter) Adapt(root *aws.RootAdapter, state *state.State) error { - a.RootAdapter = root - a.api = api.NewFromConfig(root.SessionConfig()) - - var err error - state.AWS.Autoscaling.AutoscalingGroupsList, err = a.getAutoscaling() - if err != nil { - return err - } - - state.AWS.Autoscaling.LaunchConfigurations, err = a.getLaunchConfigurations() - if err != nil { - return err - } - - state.AWS.Autoscaling.NotificationConfigurations, err = a.getNotificationConfigurations() - if err != nil { - return err - } - - return nil -} - -func (a *adapter) getAutoscaling() ([]autoscaling.AutoscalingGroupsList, error) { - a.Tracker().SetServiceLabel(" Availability Zones List...") - - var input api.DescribeAutoScalingGroupsInput - var autoscalingapi []aatypes.AutoScalingGroup - - for { - output, err := a.api.DescribeAutoScalingGroups(a.Context(), &input) - if err != nil { - return nil, err - } - autoscalingapi = append(autoscalingapi, output.AutoScalingGroups...) - - a.Tracker().SetTotalResources(len(autoscalingapi)) - if output.NextToken == nil { - break - } - input.NextToken = output.NextToken - - } - a.Tracker().SetServiceLabel("Adapting analyzers...") - return concurrency.Adapt(autoscalingapi, a.RootAdapter, a.adaptautoscaling), nil - -} - -func (a *adapter) adaptautoscaling(autoscalingapi aatypes.AutoScalingGroup) (*autoscaling.AutoscalingGroupsList, error) { - - if autoscalingapi.AutoScalingGroupARN == nil { - return nil, fmt.Errorf("missing arn") - } - parsed, err := arn.Parse(*autoscalingapi.AutoScalingGroupARN) - if err != nil { - return nil, fmt.Errorf("invalid arn: %w", err) - } - if parsed.Region != a.Region() { - return nil, nil // skip other regions - } - - metadata := a.CreateMetadataFromARN(*autoscalingapi.AutoScalingGroupARN) - var name string - if autoscalingapi.AutoScalingGroupName != nil { - name = *autoscalingapi.AutoScalingGroupName - } - - var AVZone []types.StringValue - for _, av := range autoscalingapi.AvailabilityZones { - AVZone = append(AVZone, types.String(av, metadata)) - } - - var InsList []autoscaling.InstanceList - for _, il := range autoscalingapi.Instances { - var instanceId string - if il.InstanceId != nil { - instanceId = *il.InstanceId - } - - InsList = append(InsList, autoscaling.InstanceList{ - Metadata: metadata, - InstanceId: types.String(instanceId, metadata), - }) - } - - var HCheckType string - if autoscalingapi.HealthCheckType != nil { - HCheckType = *autoscalingapi.HealthCheckType - } - - var LBNames []types.StringValue - for _, LBN := range autoscalingapi.LoadBalancerNames { - LBNames = append(LBNames, types.String(LBN, metadata)) - } - - var ASGArn string - if autoscalingapi.AutoScalingGroupARN != nil { - ASGArn = *autoscalingapi.AutoScalingGroupARN - } - - var DefCooldown int32 - if autoscalingapi.DefaultCooldown != nil { - DefCooldown = *autoscalingapi.DefaultCooldown - } - - var SusProcesses []autoscaling.SuspendedProcesses - for range autoscalingapi.SuspendedProcesses { - - SusProcesses = append(SusProcesses, autoscaling.SuspendedProcesses{ - Metadata: metadata, - }) - } - - var Tag []autoscaling.Tags - for _, tr := range autoscalingapi.Tags { - var resourceid string - if tr.ResourceId != nil { - resourceid = *tr.ResourceId - } - - Tag = append(Tag, autoscaling.Tags{ - Metadata: metadata, - ResourceId: types.String(resourceid, metadata), - }) - - } - - var Launchconfigname string - if autoscalingapi.LaunchConfigurationName != nil { - Launchconfigname = *autoscalingapi.LaunchConfigurationName - } - - return &autoscaling.AutoscalingGroupsList{ - Metadata: metadata, - Name: types.String(name, metadata), - AvailabilityZone: AVZone, - Instances: InsList, - HealthCheckType: types.String(HCheckType, metadata), - LoadBalancerNames: LBNames, - AutoScalingGroupARN: types.String(ASGArn, metadata), - DefaultCooldown: types.IntFromInt32(DefCooldown, metadata), - LaunchConfigurationName: types.String(Launchconfigname, metadata), - SuspendedProcesses: SusProcesses, - Tags: Tag, - }, nil - -} - -func (a *adapter) getLaunchConfigurations() ([]autoscaling.LaunchConfigurations, error) { - a.Tracker().SetServiceLabel("Launch Configurations...") - - var input api.DescribeLaunchConfigurationsInput - var lauchconfigapi []aatypes.LaunchConfiguration - - for { - output, err := a.api.DescribeLaunchConfigurations(a.Context(), &input) - if err != nil { - return nil, err - } - lauchconfigapi = append(lauchconfigapi, output.LaunchConfigurations...) - - a.Tracker().SetTotalResources(len(lauchconfigapi)) - if output.NextToken == nil { - break - } - input.NextToken = output.NextToken - - } - a.Tracker().SetServiceLabel("Adapting LaunchConfiguration...") - return concurrency.Adapt(lauchconfigapi, a.RootAdapter, a.adaptlaunchconfiguration), nil - -} - -func (a *adapter) adaptlaunchconfiguration(lauchconfigapi aatypes.LaunchConfiguration) (*autoscaling.LaunchConfigurations, error) { - - metadata := a.CreateMetadataFromARN(*lauchconfigapi.LaunchConfigurationARN) - - var imgId string - if lauchconfigapi.ImageId != nil { - imgId = *lauchconfigapi.ImageId - } - - var usrData string - if lauchconfigapi.UserData != nil { - usrData = *lauchconfigapi.UserData - } - - var iamInstProf string - if lauchconfigapi.IamInstanceProfile != nil { - iamInstProf = *lauchconfigapi.IamInstanceProfile - } - - var launchCfgName string - if lauchconfigapi.LaunchConfigurationName != nil { - launchCfgName = *lauchconfigapi.LaunchConfigurationName - } - - var launchCfgArn string - if lauchconfigapi.LaunchConfigurationARN != nil { - launchCfgArn = *lauchconfigapi.LaunchConfigurationARN - } - - return &autoscaling.LaunchConfigurations{ - Metadata: metadata, - ImageId: types.String(imgId, metadata), - UserData: types.String(usrData, metadata), - IamInstanceProfile: types.String(iamInstProf, metadata), - LaunchConfigurationName: types.String(launchCfgName, metadata), - LaunchConfigurationARN: types.String(launchCfgArn, metadata), - }, nil - -} - -func (a *adapter) getNotificationConfigurations() ([]autoscaling.NotificationConfigurations, error) { - a.Tracker().SetServiceLabel("Notificaiton Configurations...") - - var input api.DescribeNotificationConfigurationsInput - var notificationconfigapi []aatypes.NotificationConfiguration - - for { - output, err := a.api.DescribeNotificationConfigurations(a.Context(), &input) - if err != nil { - return nil, err - } - notificationconfigapi = append(notificationconfigapi, output.NotificationConfigurations...) - - a.Tracker().SetTotalResources(len(notificationconfigapi)) - if output.NextToken == nil { - break - } - input.NextToken = output.NextToken - - } - a.Tracker().SetServiceLabel("Adapting LaunchConfiguration...") - return concurrency.Adapt(notificationconfigapi, a.RootAdapter, a.adaptnotificationconfiguration), nil - -} - -func (a *adapter) adaptnotificationconfiguration(notificationconfigapi aatypes.NotificationConfiguration) (*autoscaling.NotificationConfigurations, error) { - - metadata := a.CreateMetadataFromARN(*notificationconfigapi.TopicARN) - - var ASGname string - if notificationconfigapi.AutoScalingGroupName != nil { - ASGname = *notificationconfigapi.AutoScalingGroupName - } - - return &autoscaling.NotificationConfigurations{ - Metadata: metadata, - AutoScalingGroupName: types.String(ASGname, metadata), - }, nil - -} diff --git a/internal/adapters/cloud/aws/codebuild/adapt.go b/internal/adapters/cloud/aws/codebuild/adapt.go index ac4393875..04a8be564 100644 --- a/internal/adapters/cloud/aws/codebuild/adapt.go +++ b/internal/adapters/cloud/aws/codebuild/adapt.go @@ -95,32 +95,12 @@ func (a *adapter) adaptProject(name string) (*codebuild.Project, error) { }) } - var encryptionkey, sourcetype string - if project.EncryptionKey != nil { - encryptionkey = *project.EncryptionKey - } - - if project.Source != nil { - sourcetype = string(project.Source.Type) - } - - var secondrysources []codebuild.SecondarySources - for _, s := range project.SecondarySources { - secondrysources = append(secondrysources, codebuild.SecondarySources{ - Metadata: metadata, - Type: defsecTypes.String(string(s.Type), metadata), - }) - } - return &codebuild.Project{ - Metadata: metadata, - SourceType: defsecTypes.String(sourcetype, metadata), - EncryptionKey: defsecTypes.String(encryptionkey, metadata), + Metadata: metadata, ArtifactSettings: codebuild.ArtifactSettings{ Metadata: metadata, EncryptionEnabled: defsecTypes.Bool(encryptionEnabled, metadata), }, SecondaryArtifactSettings: secondaryArtifactSettings, - SecondarySources: secondrysources, }, nil } diff --git a/internal/adapters/cloud/aws/kendra/adapt.go b/internal/adapters/cloud/aws/kendra/adapt.go deleted file mode 100644 index 5600411ff..000000000 --- a/internal/adapters/cloud/aws/kendra/adapt.go +++ /dev/null @@ -1,90 +0,0 @@ -package kendra - -import ( - "github.com/aquasecurity/defsec/internal/adapters/cloud/aws" - "github.com/aquasecurity/defsec/pkg/concurrency" - "github.com/aquasecurity/defsec/pkg/providers/aws/kendra" - "github.com/aquasecurity/defsec/pkg/state" - defsecTypes "github.com/aquasecurity/defsec/pkg/types" - api "github.com/aws/aws-sdk-go-v2/service/kendra" - aatypes "github.com/aws/aws-sdk-go-v2/service/kendra/types" -) - -type adapter struct { - *aws.RootAdapter - api *api.Client -} - -func init() { - aws.RegisterServiceAdapter(&adapter{}) -} - -func (a *adapter) Provider() string { - return "aws" -} - -func (a *adapter) Name() string { - return "kendra" -} - -func (a *adapter) Adapt(root *aws.RootAdapter, state *state.State) error { - - a.RootAdapter = root - a.api = api.NewFromConfig(root.SessionConfig()) - var err error - - state.AWS.Kendra.ListIndices, err = a.getListIndex() - if err != nil { - return err - } - - return nil -} - -func (a *adapter) getListIndex() ([]kendra.ListIndices, error) { - - a.Tracker().SetServiceLabel("Discovering ListIndices...") - - var apiListIndex []aatypes.IndexConfigurationSummary - var input api.ListIndicesInput - for { - output, err := a.api.ListIndices(a.Context(), &input) - if err != nil { - return nil, err - } - apiListIndex = append(apiListIndex, output.IndexConfigurationSummaryItems...) - a.Tracker().SetTotalResources(len(apiListIndex)) - if output.IndexConfigurationSummaryItems == nil { - break - } - input.NextToken = output.NextToken - } - - a.Tracker().SetServiceLabel("Adapting List Indices...") - return concurrency.Adapt(apiListIndex, a.RootAdapter, a.adaptListIndex), nil -} - -func (a *adapter) adaptListIndex(index aatypes.IndexConfigurationSummary) (*kendra.ListIndices, error) { - - metadata := a.CreateMetadata(*index.Name) - - getkey, err := a.api.DescribeIndex(a.Context(), &api.DescribeIndexInput{ - Id: index.Id, - }) - if err != nil { - return nil, err - } - - var key string - if getkey.ServerSideEncryptionConfiguration.KmsKeyId != nil { - key = *getkey.ServerSideEncryptionConfiguration.KmsKeyId - } - - return &kendra.ListIndices{ - Metadata: metadata, - KmsKey: kendra.KmsKey{ - Metadata: metadata, - KmsKeyId: defsecTypes.String(key, metadata), - }, - }, nil -} diff --git a/internal/adapters/cloud/aws/kinesisvideo/adapt.go b/internal/adapters/cloud/aws/kinesisvideo/adapt.go deleted file mode 100644 index 0669a7b53..000000000 --- a/internal/adapters/cloud/aws/kinesisvideo/adapt.go +++ /dev/null @@ -1,80 +0,0 @@ -package kinesisvideo - -import ( - "github.com/aquasecurity/defsec/internal/adapters/cloud/aws" - "github.com/aquasecurity/defsec/pkg/concurrency" - "github.com/aquasecurity/defsec/pkg/providers/aws/kinesisvideo" - "github.com/aquasecurity/defsec/pkg/state" - defsecTypes "github.com/aquasecurity/defsec/pkg/types" - api "github.com/aws/aws-sdk-go-v2/service/kinesisvideo" - aatypes "github.com/aws/aws-sdk-go-v2/service/kinesisvideo/types" -) - -type adapter struct { - *aws.RootAdapter - api *api.Client -} - -func init() { - aws.RegisterServiceAdapter(&adapter{}) -} - -func (a *adapter) Provider() string { - return "aws" -} - -func (a *adapter) Name() string { - return "kinesisvideo" -} - -func (a *adapter) Adapt(root *aws.RootAdapter, state *state.State) error { - - a.RootAdapter = root - a.api = api.NewFromConfig(root.SessionConfig()) - var err error - - state.AWS.Kinesisvideo.StreamInfoList, err = a.getStreamInfo() - if err != nil { - return err - } - - return nil -} - -func (a *adapter) getStreamInfo() ([]kinesisvideo.StreamInfo, error) { - - a.Tracker().SetServiceLabel("Discovering Stream Info...") - - var apiStreamInfo []aatypes.StreamInfo - var input api.ListStreamsInput - for { - output, err := a.api.ListStreams(a.Context(), &input) - if err != nil { - return nil, err - } - apiStreamInfo = append(apiStreamInfo, output.StreamInfoList...) - a.Tracker().SetTotalResources(len(apiStreamInfo)) - if output.StreamInfoList == nil { - break - } - input.NextToken = output.NextToken - } - - a.Tracker().SetServiceLabel("Adapting Stream Info...") - return concurrency.Adapt(apiStreamInfo, a.RootAdapter, a.adaptStreamInfo), nil -} - -func (a *adapter) adaptStreamInfo(apiStreamInfo aatypes.StreamInfo) (*kinesisvideo.StreamInfo, error) { - - metadata := a.CreateMetadataFromARN(*apiStreamInfo.StreamARN) - - var key string - if apiStreamInfo.KmsKeyId != nil { - key = *apiStreamInfo.KmsKeyId - } - - return &kinesisvideo.StreamInfo{ - Metadata: metadata, - KmsKeyId: defsecTypes.String(key, metadata), - }, nil -} diff --git a/internal/adapters/cloud/aws/lambda/adapt.go b/internal/adapters/cloud/aws/lambda/adapt.go index 03beac887..4621b0031 100644 --- a/internal/adapters/cloud/aws/lambda/adapt.go +++ b/internal/adapters/cloud/aws/lambda/adapt.go @@ -79,58 +79,6 @@ func (a *adapter) adaptFunction(function types.FunctionConfiguration) (*lambda.F tracingMode = string(function.TracingConfig.Mode) } - var functionarn string - if function.FunctionArn != nil { - functionarn = *function.FunctionArn - } - - var funcname string - if function.FunctionName != nil { - funcname = *function.FunctionName - } - - var vpcid string - if function.VpcConfig != nil && function.VpcConfig.VpcId != nil { - vpcid = *function.VpcConfig.VpcId - } - - var variables map[string]string - if function.Environment != nil && function.Environment.Variables != nil { - variables = function.Environment.Variables - } - - var runtime string - if function.Runtime.Values() != nil { - runtime = string(function.Runtime) - } - - val, err := a.getPermissions(function, metadata) - if err != nil { - return nil, err - } - - return &lambda.Function{ - Metadata: metadata, - Tracing: lambda.Tracing{ - Metadata: metadata, - Mode: defsecTypes.String(tracingMode, metadata), - }, - Permissions: val, - FunctionName: defsecTypes.String(funcname, metadata), - FunctionArn: defsecTypes.String(functionarn, metadata), - VpcConfig: lambda.VpcConfig{ - Metadata: metadata, - VpcId: defsecTypes.String(vpcid, metadata), - }, - Runtime: defsecTypes.String(runtime, metadata), - Envrionment: lambda.Environment{ - Metadata: metadata, - Variables: defsecTypes.Map(variables, metadata), - }, - }, nil -} - -func (a *adapter) getPermissions(function types.FunctionConfiguration, metadata defsecTypes.Metadata) ([]lambda.Permission, error) { var permissions []lambda.Permission if output, err := a.api.GetPolicy(a.Context(), &lambdaapi.GetPolicyInput{ FunctionName: function.FunctionName, @@ -175,5 +123,13 @@ func (a *adapter) getPermissions(function types.FunctionConfiguration, metadata }) } } - return permissions, nil + + return &lambda.Function{ + Metadata: metadata, + Tracing: lambda.Tracing{ + Metadata: metadata, + Mode: defsecTypes.String(tracingMode, metadata), + }, + Permissions: permissions, + }, nil } diff --git a/internal/adapters/cloud/aws/mq/adapt.go b/internal/adapters/cloud/aws/mq/adapt.go index 5352ef076..8bffcc85a 100644 --- a/internal/adapters/cloud/aws/mq/adapt.go +++ b/internal/adapters/cloud/aws/mq/adapt.go @@ -74,19 +74,10 @@ func (a *adapter) adaptBroker(apiBroker types.BrokerSummary) (*mq.Broker, error) if err != nil { return nil, err } - var kmskeyid string - if output.EncryptionOptions != nil { - kmskeyid = *output.EncryptionOptions.KmsKeyId - } return &mq.Broker{ - Metadata: metadata, - PublicAccess: defsecTypes.Bool(output.PubliclyAccessible, metadata), - DeploymentMode: defsecTypes.String(string(apiBroker.DeploymentMode), metadata), - EngineType: defsecTypes.String(string(apiBroker.EngineType), metadata), - HostInstanceType: defsecTypes.String(*apiBroker.HostInstanceType, metadata), - AutoMinorVersionUpgrade: defsecTypes.Bool(output.AutoMinorVersionUpgrade, metadata), - KmsKeyId: defsecTypes.String(kmskeyid, metadata), + Metadata: metadata, + PublicAccess: defsecTypes.Bool(output.PubliclyAccessible, metadata), Logging: mq.Logging{ Metadata: metadata, General: defsecTypes.Bool(output.Logs != nil && output.Logs.General, metadata), diff --git a/internal/adapters/cloud/aws/msk/adapt.go b/internal/adapters/cloud/aws/msk/adapt.go index 66c36aa11..3ccef390d 100644 --- a/internal/adapters/cloud/aws/msk/adapt.go +++ b/internal/adapters/cloud/aws/msk/adapt.go @@ -69,11 +69,10 @@ func (a *adapter) adaptCluster(apiCluster types.ClusterInfo) (*msk.Cluster, erro metadata := a.CreateMetadataFromARN(*apiCluster.ClusterArn) var encInTransitClientBroker, encAtRestKMSKeyId string - var encAtRestEnabled, incluster bool + var encAtRestEnabled bool if apiCluster.EncryptionInfo != nil { if apiCluster.EncryptionInfo.EncryptionInTransit != nil { encInTransitClientBroker = string(apiCluster.EncryptionInfo.EncryptionInTransit.ClientBroker) - incluster = apiCluster.EncryptionInfo.EncryptionInTransit.InCluster } if apiCluster.EncryptionInfo.EncryptionAtRest != nil { @@ -82,18 +81,6 @@ func (a *adapter) adaptCluster(apiCluster types.ClusterInfo) (*msk.Cluster, erro } } - var publicaccesstype string - if apiCluster.BrokerNodeGroupInfo != nil && apiCluster.BrokerNodeGroupInfo.ConnectivityInfo != nil { - if apiCluster.BrokerNodeGroupInfo.ConnectivityInfo.PublicAccess != nil { - publicaccesstype = *apiCluster.BrokerNodeGroupInfo.ConnectivityInfo.PublicAccess.Type - } - } - - var unauthenticated bool - if apiCluster.ClientAuthentication != nil && apiCluster.ClientAuthentication.Unauthenticated != nil { - unauthenticated = apiCluster.ClientAuthentication.Unauthenticated.Enabled - } - var logS3, logCW, logFH bool if apiCluster.LoggingInfo != nil && apiCluster.LoggingInfo.BrokerLogs != nil { logs := apiCluster.LoggingInfo.BrokerLogs @@ -113,21 +100,12 @@ func (a *adapter) adaptCluster(apiCluster types.ClusterInfo) (*msk.Cluster, erro EncryptionInTransit: msk.EncryptionInTransit{ Metadata: metadata, ClientBroker: defsecTypes.String(encInTransitClientBroker, metadata), - InCluster: defsecTypes.Bool(incluster, metadata), }, EncryptionAtRest: msk.EncryptionAtRest{ Metadata: metadata, KMSKeyARN: defsecTypes.String(encAtRestKMSKeyId, metadata), Enabled: defsecTypes.Bool(encAtRestEnabled, metadata), }, - BrokerNodeGroupInfo: msk.BrokerNodeGroupInfo{ - Metadata: metadata, - PublicAccessType: defsecTypes.String(publicaccesstype, metadata), - }, - ClientAuthentication: msk.ClientAuthentication{ - Metadata: metadata, - Unauthenticated: defsecTypes.Bool(unauthenticated, metadata), - }, Logging: msk.Logging{ Metadata: metadata, Broker: msk.BrokerLogging{ diff --git a/internal/adapters/cloud/aws/proton/adapt.go b/internal/adapters/cloud/aws/proton/adapt.go deleted file mode 100644 index 18762ffc6..000000000 --- a/internal/adapters/cloud/aws/proton/adapt.go +++ /dev/null @@ -1,87 +0,0 @@ -package proton - -import ( - "github.com/aquasecurity/defsec/internal/adapters/cloud/aws" - "github.com/aquasecurity/defsec/pkg/concurrency" - "github.com/aquasecurity/defsec/pkg/providers/aws/proton" - "github.com/aquasecurity/defsec/pkg/state" - defsecTypes "github.com/aquasecurity/defsec/pkg/types" - api "github.com/aws/aws-sdk-go-v2/service/proton" - aatypes "github.com/aws/aws-sdk-go-v2/service/proton/types" -) - -type adapter struct { - *aws.RootAdapter - api *api.Client -} - -func init() { - aws.RegisterServiceAdapter(&adapter{}) -} - -func (a *adapter) Provider() string { - return "aws" -} - -func (a *adapter) Name() string { - return "proton" -} - -func (a *adapter) Adapt(root *aws.RootAdapter, state *state.State) error { - - a.RootAdapter = root - a.api = api.NewFromConfig(root.SessionConfig()) - var err error - - state.AWS.Proton.ListEnvironmentTemplates, err = a.getEnvironmentTemplate() - if err != nil { - return err - } - - return nil -} - -func (a *adapter) getEnvironmentTemplate() ([]proton.EnvironmentTemplate, error) { - - a.Tracker().SetServiceLabel("Discovering Environment Template ...") - - var apiEnvironmentTemplate []aatypes.EnvironmentTemplateSummary - var input api.ListEnvironmentTemplatesInput - for { - output, err := a.api.ListEnvironmentTemplates(a.Context(), &input) - if err != nil { - return nil, err - } - apiEnvironmentTemplate = append(apiEnvironmentTemplate, output.Templates...) - a.Tracker().SetTotalResources(len(apiEnvironmentTemplate)) - if output.Templates == nil { - break - } - input.NextToken = output.NextToken - } - - a.Tracker().SetServiceLabel("Adapting Stream Info...") - return concurrency.Adapt(apiEnvironmentTemplate, a.RootAdapter, a.adaptEnvironmentTemplate), nil -} - -func (a *adapter) adaptEnvironmentTemplate(apiEnvironmentTemplate aatypes.EnvironmentTemplateSummary) (*proton.EnvironmentTemplate, error) { - - metadata := a.CreateMetadataFromARN(*apiEnvironmentTemplate.Arn) - - getEncrytpitonKey, err := a.api.GetEnvironmentTemplate(a.Context(), &api.GetEnvironmentTemplateInput{ - Name: apiEnvironmentTemplate.Name, - }) - if err != nil { - return nil, err - } - - var encryptionkey string - if getEncrytpitonKey.EnvironmentTemplate.EncryptionKey != nil { - encryptionkey = *getEncrytpitonKey.EnvironmentTemplate.EncryptionKey - } - - return &proton.EnvironmentTemplate{ - Metadata: metadata, - EncryptionKey: defsecTypes.String(encryptionkey, metadata), - }, nil -} diff --git a/internal/adapters/cloud/aws/ses/adapt.go b/internal/adapters/cloud/aws/ses/adapt.go deleted file mode 100644 index 83e2f8b57..000000000 --- a/internal/adapters/cloud/aws/ses/adapt.go +++ /dev/null @@ -1,84 +0,0 @@ -package shield - -import ( - "github.com/aquasecurity/defsec/internal/adapters/cloud/aws" - "github.com/aquasecurity/defsec/pkg/concurrency" - "github.com/aquasecurity/defsec/pkg/providers/aws/ses" - "github.com/aquasecurity/defsec/pkg/state" - defsecTypes "github.com/aquasecurity/defsec/pkg/types" - api "github.com/aws/aws-sdk-go-v2/service/ses" -) - -type adapter struct { - *aws.RootAdapter - api *api.Client -} - -func init() { - aws.RegisterServiceAdapter(&adapter{}) -} - -func (a *adapter) Provider() string { - return "aws" -} - -func (a *adapter) Name() string { - return "ses" -} - -func (a *adapter) Adapt(root *aws.RootAdapter, state *state.State) error { - - a.RootAdapter = root - a.api = api.NewFromConfig(root.SessionConfig()) - var err error - - state.AWS.SES.ListIdentities, err = a.getListIdentities() - if err != nil { - return err - } - - return nil -} - -func (a *adapter) getListIdentities() ([]ses.Identities, error) { - - a.Tracker().SetServiceLabel("Discovering Identities...") - - var apiListIdentities []string - var input api.ListIdentitiesInput - for { - output, err := a.api.ListIdentities(a.Context(), &input) - if err != nil { - return nil, err - } - apiListIdentities = append(apiListIdentities, output.Identities...) - a.Tracker().SetTotalResources(len(apiListIdentities)) - if output.Identities == nil { - break - } - input.NextToken = output.NextToken - } - - a.Tracker().SetServiceLabel("Adapting list Identities...") - return concurrency.Adapt(apiListIdentities, a.RootAdapter, a.adaptListIdentities), nil -} - -func (a *adapter) adaptListIdentities(apiListIdentities string) (*ses.Identities, error) { - - metadata := a.CreateMetadata(apiListIdentities) - output, err := a.api.GetIdentityDkimAttributes(a.Context(), &api.GetIdentityDkimAttributesInput{}) - if output.DkimAttributes != nil { - return nil, err - } - - var verificationStatus string - var dkimEnabled bool - return &ses.Identities{ - Metadata: metadata, - DkimAttributes: ses.DkimAttributes{ - Metadata: metadata, - DkimVerificationStatus: defsecTypes.String(verificationStatus, metadata), - DkimEnabled: defsecTypes.Bool(dkimEnabled, metadata), - }, - }, nil -} diff --git a/internal/adapters/cloud/aws/shield/adapt.go b/internal/adapters/cloud/aws/shield/adapt.go deleted file mode 100644 index b3ca97b0d..000000000 --- a/internal/adapters/cloud/aws/shield/adapt.go +++ /dev/null @@ -1,148 +0,0 @@ -package shield - -import ( - "time" - - "github.com/aquasecurity/defsec/internal/adapters/cloud/aws" - "github.com/aquasecurity/defsec/pkg/concurrency" - "github.com/aquasecurity/defsec/pkg/providers/aws/shield" - "github.com/aquasecurity/defsec/pkg/state" - defsecTypes "github.com/aquasecurity/defsec/pkg/types" - api "github.com/aws/aws-sdk-go-v2/service/shield" - aatypes "github.com/aws/aws-sdk-go-v2/service/shield/types" -) - -type adapter struct { - *aws.RootAdapter - api *api.Client -} - -func init() { - aws.RegisterServiceAdapter(&adapter{}) -} - -func (a *adapter) Provider() string { - return "aws" -} - -func (a *adapter) Name() string { - return "shield" -} - -func (a *adapter) Adapt(root *aws.RootAdapter, state *state.State) error { - - a.RootAdapter = root - a.api = api.NewFromConfig(root.SessionConfig()) - var err error - - state.AWS.Shield.DescribeSubscription, err = a.getDescribeSubscription() - if err != nil { - return err - } - - state.AWS.Shield.DescribeEmergencyContactSettings, err = a.getContactSettings() - if err != nil { - return err - } - - state.AWS.Shield.ListProtections, err = a.getProtections() - if err != nil { - return err - } - - return nil -} - -func (a *adapter) getDescribeSubscription() (shield.Subscription, error) { - - var input api.DescribeSubscriptionInput - - a.Tracker().SetServiceLabel("Discovering subscription...") - - describesubscription := shield.Subscription{ - Metadata: defsecTypes.NewUnmanagedMetadata(), - EndTime: defsecTypes.TimeDefault(time.Now(), defsecTypes.NewUnmanagedMetadata()), - AutoRenew: defsecTypes.StringDefault("", defsecTypes.NewUnmanagedMetadata()), - } - - output, err := a.api.DescribeSubscription(a.Context(), &input) - if err != nil { - return describesubscription, err - } - - metadata := a.CreateMetadataFromARN(*output.Subscription.SubscriptionArn) - - var autorenew string - if output.Subscription.AutoRenew != "ENABLED" { - autorenew = "DISABLED" - } - - return shield.Subscription{ - Metadata: metadata, - EndTime: defsecTypes.Time(*output.Subscription.EndTime, metadata), - AutoRenew: defsecTypes.String(autorenew, metadata), - }, nil -} - -func (a *adapter) getContactSettings() ([]shield.ContactSettings, error) { - - a.Tracker().SetServiceLabel("Discovering Contact Settings...") - - var apiContactSettings []aatypes.EmergencyContact - var input api.DescribeEmergencyContactSettingsInput - for { - output, err := a.api.DescribeEmergencyContactSettings(a.Context(), &input) - if err != nil { - return nil, err - } - apiContactSettings = append(apiContactSettings, output.EmergencyContactList...) - a.Tracker().SetTotalResources(len(apiContactSettings)) - if output.EmergencyContactList == nil { - break - } - } - - a.Tracker().SetServiceLabel("Adapting Contact Settings...") - return concurrency.Adapt(apiContactSettings, a.RootAdapter, a.adaptContactSettings), nil -} - -func (a *adapter) adaptContactSettings(apiContactSettings aatypes.EmergencyContact) (*shield.ContactSettings, error) { - - metadata := a.CreateMetadata(*apiContactSettings.EmailAddress) - - return &shield.ContactSettings{ - Metadata: metadata, - }, nil -} - -func (a *adapter) getProtections() ([]shield.Protections, error) { - - a.Tracker().SetServiceLabel("Discovering Protections...") - - var apiProtections []aatypes.Protection - var input api.ListProtectionsInput - for { - output, err := a.api.ListProtections(a.Context(), &input) - if err != nil { - return nil, err - } - apiProtections = append(apiProtections, output.Protections...) - a.Tracker().SetTotalResources(len(apiProtections)) - if output.Protections == nil { - break - } - input.NextToken = output.NextToken - } - - a.Tracker().SetServiceLabel("Adapting Protections...") - return concurrency.Adapt(apiProtections, a.RootAdapter, a.adaptProtections), nil -} - -func (a *adapter) adaptProtections(apiProtections aatypes.Protection) (*shield.Protections, error) { - - metadata := a.CreateMetadata(*apiProtections.ProtectionArn) - - return &shield.Protections{ - Metadata: metadata, - }, nil -} diff --git a/internal/adapters/cloud/aws/timestreamwrite/timestreamwrite.go b/internal/adapters/cloud/aws/timestreamwrite/timestreamwrite.go deleted file mode 100644 index 6008170eb..000000000 --- a/internal/adapters/cloud/aws/timestreamwrite/timestreamwrite.go +++ /dev/null @@ -1,86 +0,0 @@ -package timestreamwrite - -import ( - "github.com/aquasecurity/defsec/internal/adapters/cloud/aws" - "github.com/aquasecurity/defsec/pkg/concurrency" - "github.com/aquasecurity/defsec/pkg/providers/aws/timestreamwrite" - "github.com/aquasecurity/defsec/pkg/state" - defsecTypes "github.com/aquasecurity/defsec/pkg/types" - api "github.com/aws/aws-sdk-go-v2/service/timestreamwrite" - aatypes "github.com/aws/aws-sdk-go-v2/service/timestreamwrite/types" -) - -type adapter struct { - *aws.RootAdapter - api *api.Client -} - -func init() { - aws.RegisterServiceAdapter(&adapter{}) -} - -func (a *adapter) Provider() string { - return "aws" -} - -func (a *adapter) Name() string { - return "timestreamwrite" -} - -func (a *adapter) Adapt(root *aws.RootAdapter, state *state.State) error { - - a.RootAdapter = root - a.api = api.NewFromConfig(root.SessionConfig()) - var err error - - state.AWS.Timestreamwrite.ListDatabases, err = a.getDatabases() - if err != nil { - return err - } - - return nil -} - -func (a *adapter) getDatabases() ([]timestreamwrite.Databases, error) { - - a.Tracker().SetServiceLabel("Discovering listed Databases...") - - var apiListDatabases []aatypes.Database - var input api.ListDatabasesInput - for { - output, err := a.api.ListDatabases(a.Context(), &input) - if err != nil { - return nil, err - } - apiListDatabases = append(apiListDatabases, output.Databases...) - a.Tracker().SetTotalResources(len(apiListDatabases)) - if output.Databases == nil { - break - } - input.NextToken = output.NextToken - } - - a.Tracker().SetServiceLabel("Adapting listed databases...") - return concurrency.Adapt(apiListDatabases, a.RootAdapter, a.adaptListDatabases), nil -} - -func (a *adapter) adaptListDatabases(apiListServer aatypes.Database) (*timestreamwrite.Databases, error) { - - metadata := a.CreateMetadataFromARN(*apiListServer.Arn) - - var arn string - if apiListServer.Arn != nil { - arn = *apiListServer.Arn - } - - var keyid string - if apiListServer.KmsKeyId != nil { - keyid = *apiListServer.KmsKeyId - } - - return ×treamwrite.Databases{ - Metadata: metadata, - Arn: defsecTypes.String(arn, metadata), - KmsKeyID: defsecTypes.String(keyid, metadata), - }, nil -} diff --git a/internal/adapters/cloud/aws/transfer/transfer.go b/internal/adapters/cloud/aws/transfer/transfer.go deleted file mode 100644 index 2553f8a00..000000000 --- a/internal/adapters/cloud/aws/transfer/transfer.go +++ /dev/null @@ -1,80 +0,0 @@ -package transfer - -import ( - "github.com/aquasecurity/defsec/internal/adapters/cloud/aws" - "github.com/aquasecurity/defsec/pkg/concurrency" - "github.com/aquasecurity/defsec/pkg/providers/aws/transfer" - "github.com/aquasecurity/defsec/pkg/state" - defsecTypes "github.com/aquasecurity/defsec/pkg/types" - api "github.com/aws/aws-sdk-go-v2/service/transfer" - aatypes "github.com/aws/aws-sdk-go-v2/service/transfer/types" -) - -type adapter struct { - *aws.RootAdapter - api *api.Client -} - -func init() { - aws.RegisterServiceAdapter(&adapter{}) -} - -func (a *adapter) Provider() string { - return "aws" -} - -func (a *adapter) Name() string { - return "transfer" -} - -func (a *adapter) Adapt(root *aws.RootAdapter, state *state.State) error { - - a.RootAdapter = root - a.api = api.NewFromConfig(root.SessionConfig()) - var err error - - state.AWS.Transfer.ListServers, err = a.getListServers() - if err != nil { - return err - } - - return nil -} - -func (a *adapter) getListServers() ([]transfer.Servers, error) { - - a.Tracker().SetServiceLabel("Discovering listed servers...") - - var apiListServer []aatypes.ListedServer - var input api.ListServersInput - for { - output, err := a.api.ListServers(a.Context(), &input) - if err != nil { - return nil, err - } - apiListServer = append(apiListServer, output.Servers...) - a.Tracker().SetTotalResources(len(apiListServer)) - if output.Servers == nil { - break - } - input.NextToken = output.NextToken - } - - a.Tracker().SetServiceLabel("Adapting listed servers...") - return concurrency.Adapt(apiListServer, a.RootAdapter, a.adaptListServers), nil -} - -func (a *adapter) adaptListServers(apiListServer aatypes.ListedServer) (*transfer.Servers, error) { - - metadata := a.CreateMetadataFromARN(*apiListServer.Arn) - - var arn string - if apiListServer.Arn != nil { - arn = *apiListServer.Arn - } - - return &transfer.Servers{ - Metadata: metadata, - ServerArn: defsecTypes.String(arn, metadata), - }, nil -} diff --git a/internal/adapters/cloud/aws/translate/adapt.go b/internal/adapters/cloud/aws/translate/adapt.go deleted file mode 100644 index 89cddae1c..000000000 --- a/internal/adapters/cloud/aws/translate/adapt.go +++ /dev/null @@ -1,86 +0,0 @@ -package translate - -import ( - "github.com/aquasecurity/defsec/internal/adapters/cloud/aws" - "github.com/aquasecurity/defsec/pkg/concurrency" - "github.com/aquasecurity/defsec/pkg/providers/aws/translate" - "github.com/aquasecurity/defsec/pkg/state" - defsecTypes "github.com/aquasecurity/defsec/pkg/types" - api "github.com/aws/aws-sdk-go-v2/service/translate" - aatypes "github.com/aws/aws-sdk-go-v2/service/translate/types" -) - -type adapter struct { - *aws.RootAdapter - api *api.Client -} - -func init() { - aws.RegisterServiceAdapter(&adapter{}) -} - -func (a *adapter) Provider() string { - return "aws" -} - -func (a *adapter) Name() string { - return "translate" -} - -func (a *adapter) Adapt(root *aws.RootAdapter, state *state.State) error { - - a.RootAdapter = root - a.api = api.NewFromConfig(root.SessionConfig()) - var err error - - state.AWS.Translate.ListTextTranslateJobs, err = a.getListWebACLs() - if err != nil { - return err - } - - return nil -} - -func (a *adapter) getListWebACLs() ([]translate.ListJob, error) { - - a.Tracker().SetServiceLabel("Discovering list text translate jobs...") - - var apiListTextTranslateJobs []aatypes.TextTranslationJobProperties - var input api.ListTextTranslationJobsInput - for { - output, err := a.api.ListTextTranslationJobs(a.Context(), &input) - if err != nil { - return nil, err - } - apiListTextTranslateJobs = append(apiListTextTranslateJobs, output.TextTranslationJobPropertiesList...) - a.Tracker().SetTotalResources(len(apiListTextTranslateJobs)) - if output.TextTranslationJobPropertiesList == nil { - break - } - input.NextToken = output.NextToken - } - - a.Tracker().SetServiceLabel("Adapting list translation text jobs...") - return concurrency.Adapt(apiListTextTranslateJobs, a.RootAdapter, a.adaptListWebACLs), nil -} - -func (a *adapter) adaptListWebACLs(apiListTextTranslateJobs aatypes.TextTranslationJobProperties) (*translate.ListJob, error) { - - metadata := a.CreateMetadataFromARN(*apiListTextTranslateJobs.DataAccessRoleArn) - - var jobid string - if apiListTextTranslateJobs.OutputDataConfig.EncryptionKey.Id != nil { - jobid = *apiListTextTranslateJobs.OutputDataConfig.EncryptionKey.Id - } - - var jobname string - if apiListTextTranslateJobs.JobName != nil { - jobname = *apiListTextTranslateJobs.JobName - } - - return &translate.ListJob{ - Metadata: metadata, - JobName: defsecTypes.String(jobname, metadata), - EncryptionkeyId: defsecTypes.String(jobid, metadata), - }, nil -} diff --git a/internal/adapters/cloud/aws/waf/adapt.go b/internal/adapters/cloud/aws/waf/adapt.go deleted file mode 100644 index 7c26f3a22..000000000 --- a/internal/adapters/cloud/aws/waf/adapt.go +++ /dev/null @@ -1,80 +0,0 @@ -package waf - -import ( - "github.com/aquasecurity/defsec/internal/adapters/cloud/aws" - "github.com/aquasecurity/defsec/pkg/concurrency" - "github.com/aquasecurity/defsec/pkg/providers/aws/waf" - "github.com/aquasecurity/defsec/pkg/state" - defsecTypes "github.com/aquasecurity/defsec/pkg/types" - api "github.com/aws/aws-sdk-go-v2/service/waf" - aatypes "github.com/aws/aws-sdk-go-v2/service/waf/types" -) - -type adapter struct { - *aws.RootAdapter - api *api.Client -} - -func init() { - aws.RegisterServiceAdapter(&adapter{}) -} - -func (a *adapter) Provider() string { - return "aws" -} - -func (a *adapter) Name() string { - return "waf" -} - -func (a *adapter) Adapt(root *aws.RootAdapter, state *state.State) error { - - a.RootAdapter = root - a.api = api.NewFromConfig(root.SessionConfig()) - var err error - - state.AWS.Waf.ListWebACLs, err = a.getListWebACLs() - if err != nil { - return err - } - - return nil -} - -func (a *adapter) getListWebACLs() ([]waf.ListACLs, error) { - - a.Tracker().SetServiceLabel("Discovering WebACLs v1 list...") - - var apiListWebACLs []aatypes.WebACLSummary - var input api.ListWebACLsInput - for { - output, err := a.api.ListWebACLs(a.Context(), &input) - if err != nil { - return nil, err - } - apiListWebACLs = append(apiListWebACLs, output.WebACLs...) - a.Tracker().SetTotalResources(len(apiListWebACLs)) - if output.WebACLs == nil { - break - } - input.NextMarker = output.NextMarker - } - - a.Tracker().SetServiceLabel("Adapting list WebACLs v1...") - return concurrency.Adapt(apiListWebACLs, a.RootAdapter, a.adaptListWebACLs), nil -} - -func (a *adapter) adaptListWebACLs(apiListWebACLs aatypes.WebACLSummary) (*waf.ListACLs, error) { - - metadata := a.CreateMetadata(*apiListWebACLs.WebACLId) - - var webaclid string - if apiListWebACLs.WebACLId != nil { - webaclid = *apiListWebACLs.WebACLId - } - - return &waf.ListACLs{ - Metadata: metadata, - WebACLsID: defsecTypes.String(webaclid, metadata), - }, nil -} diff --git a/internal/adapters/cloud/aws/wafv2/adapt.go b/internal/adapters/cloud/aws/wafv2/adapt.go deleted file mode 100644 index 3b80066d8..000000000 --- a/internal/adapters/cloud/aws/wafv2/adapt.go +++ /dev/null @@ -1,80 +0,0 @@ -package wafv2 - -import ( - "github.com/aquasecurity/defsec/internal/adapters/cloud/aws" - "github.com/aquasecurity/defsec/pkg/concurrency" - "github.com/aquasecurity/defsec/pkg/providers/aws/wafv2" - "github.com/aquasecurity/defsec/pkg/state" - defsecTypes "github.com/aquasecurity/defsec/pkg/types" - api "github.com/aws/aws-sdk-go-v2/service/wafv2" - aatypes "github.com/aws/aws-sdk-go-v2/service/wafv2/types" -) - -type adapter struct { - *aws.RootAdapter - api *api.Client -} - -func init() { - aws.RegisterServiceAdapter(&adapter{}) -} - -func (a *adapter) Provider() string { - return "aws" -} - -func (a *adapter) Name() string { - return "wafv2" -} - -func (a *adapter) Adapt(root *aws.RootAdapter, state *state.State) error { - - a.RootAdapter = root - a.api = api.NewFromConfig(root.SessionConfig()) - var err error - - state.AWS.Wafv2.ListWebACLs, err = a.getListWebACLs2() - if err != nil { - return err - } - - return nil -} - -func (a *adapter) getListWebACLs2() ([]wafv2.WebACLs2, error) { - - a.Tracker().SetServiceLabel("Discovering WebACLs v2 list...") - - var apiListWebACLs2 []aatypes.WebACLSummary - var input api.ListWebACLsInput - for { - output, err := a.api.ListWebACLs(a.Context(), &input) - if err != nil { - return nil, err - } - apiListWebACLs2 = append(apiListWebACLs2, output.WebACLs...) - a.Tracker().SetTotalResources(len(apiListWebACLs2)) - if output.WebACLs == nil { - break - } - input.NextMarker = output.NextMarker - } - - a.Tracker().SetServiceLabel("Adapting list WebACLs v2...") - return concurrency.Adapt(apiListWebACLs2, a.RootAdapter, a.adaptListWebACLs2), nil -} - -func (a *adapter) adaptListWebACLs2(apiListWebACLs2 aatypes.WebACLSummary) (*wafv2.WebACLs2, error) { - - metadata := a.CreateMetadataFromARN(*apiListWebACLs2.ARN) - - var id string - if apiListWebACLs2.Id != nil { - id = *apiListWebACLs2.Id - } - - return &wafv2.WebACLs2{ - Metadata: metadata, - WebACLId: defsecTypes.String(id, metadata), - }, nil -} diff --git a/internal/adapters/cloud/aws/xray/adapt.go b/internal/adapters/cloud/aws/xray/adapt.go deleted file mode 100644 index 0ad7f90fb..000000000 --- a/internal/adapters/cloud/aws/xray/adapt.go +++ /dev/null @@ -1,67 +0,0 @@ -package xray - -import ( - "github.com/aquasecurity/defsec/internal/adapters/cloud/aws" - "github.com/aquasecurity/defsec/pkg/providers/aws/xray" - "github.com/aquasecurity/defsec/pkg/state" - defsecTypes "github.com/aquasecurity/defsec/pkg/types" - api "github.com/aws/aws-sdk-go-v2/service/xray" -) - -type adapter struct { - *aws.RootAdapter - api *api.Client -} - -func init() { - aws.RegisterServiceAdapter(&adapter{}) -} - -func (a *adapter) Provider() string { - return "aws" -} - -func (a *adapter) Name() string { - return "xray" -} - -func (a *adapter) Adapt(root *aws.RootAdapter, state *state.State) error { - - a.RootAdapter = root - a.api = api.NewFromConfig(root.SessionConfig()) - var err error - - state.AWS.Xray.EncryptionConfig, err = a.getEncryptionConfig() - if err != nil { - return err - } - - return nil -} - -func (a *adapter) getEncryptionConfig() (xray.Configuration, error) { - - a.Tracker().SetServiceLabel("Discovering Encryption Configuration ...") - - encryptionconfiguration := xray.Configuration{ - Metadata: defsecTypes.NewUnmanagedMetadata(), - KeyId: defsecTypes.StringDefault("", defsecTypes.NewUnmanagedMetadata()), - } - - var input api.GetEncryptionConfigInput - - output, err := a.api.GetEncryptionConfig(a.Context(), &input) - if err != nil { - return encryptionconfiguration, err - } - metadata := a.CreateMetadata(*output.EncryptionConfig.KeyId) - var key_id string - if output.EncryptionConfig.KeyId != nil { - key_id = *output.EncryptionConfig.KeyId - } - - return xray.Configuration{ - Metadata: metadata, - KeyId: defsecTypes.String(key_id, metadata), - }, nil -} diff --git a/internal/adapters/cloud/aws_services.go b/internal/adapters/cloud/aws_services.go index 2495a2d45..24881b2de 100644 --- a/internal/adapters/cloud/aws_services.go +++ b/internal/adapters/cloud/aws_services.go @@ -4,7 +4,6 @@ import ( _ "github.com/aquasecurity/defsec/internal/adapters/cloud/aws/accessanalyzer" _ "github.com/aquasecurity/defsec/internal/adapters/cloud/aws/api-gateway" _ "github.com/aquasecurity/defsec/internal/adapters/cloud/aws/athena" - _ "github.com/aquasecurity/defsec/internal/adapters/cloud/aws/autoscaling" _ "github.com/aquasecurity/defsec/internal/adapters/cloud/aws/cloudfront" _ "github.com/aquasecurity/defsec/internal/adapters/cloud/aws/cloudtrail" _ "github.com/aquasecurity/defsec/internal/adapters/cloud/aws/cloudwatch" diff --git a/internal/adapters/cloudformation/aws/autoscaling/adapt.go b/internal/adapters/cloudformation/aws/autoscaling/adapt.go deleted file mode 100644 index 18b192554..000000000 --- a/internal/adapters/cloudformation/aws/autoscaling/adapt.go +++ /dev/null @@ -1,140 +0,0 @@ -package autoscaling - -import ( - "github.com/aquasecurity/defsec/pkg/providers/aws/autoscaling" - "github.com/aquasecurity/defsec/pkg/scanners/cloudformation/parser" - "github.com/aquasecurity/defsec/pkg/types" -) - -func getAutoscalingGroups(ctx parser.FileContext) (groups []autoscaling.AutoscalingGroupsList) { - - autoscalingResources := ctx.GetResourcesByType("AWS::AutoScaling::AutoScalingGroup") - - for _, r := range autoscalingResources { - ag := autoscaling.AutoscalingGroupsList{ - Metadata: r.Metadata(), - Name: r.GetStringProperty("AutoScalingGroupName"), - AvailabilityZone: getAvailabilityZone(r), - Instances: getInstancesList(r, ctx), - HealthCheckType: r.GetStringProperty("HealthCheckType"), - LoadBalancerNames: getLBNames(r), - AutoScalingGroupARN: r.GetStringProperty("AutoScalingGroupARN"), - DefaultCooldown: r.GetIntProperty("DefaultCooldown"), - SuspendedProcesses: getSuspendedProcesses(r), - Tags: getTags(r), - LaunchConfigurationName: r.GetStringProperty("LaunchConfigurationName"), - } - - groups = append(groups, ag) - } - return groups -} - -func getLaunchConfigurations(ctx parser.FileContext) (launchconfigvals []autoscaling.LaunchConfigurations) { - - launchConfigResources := ctx.GetResourcesByType("AWS::AutoScaling::LaunchConfiguration") - - for _, r := range launchConfigResources { - lc := autoscaling.LaunchConfigurations{ - Metadata: r.Metadata(), - ImageId: r.GetStringProperty("ImageId"), - UserData: r.GetStringProperty("UserData"), - IamInstanceProfile: r.GetStringProperty("IamInstanceProfile"), - LaunchConfigurationName: r.GetStringProperty("LaunchConfiguraitonName"), - LaunchConfigurationARN: r.GetStringProperty("LaunchConfigurationARN"), - } - - launchconfigvals = append(launchconfigvals, lc) - } - return launchconfigvals -} - -func getNotificationConfigurations(ctx parser.FileContext) (notificationconfigvals []autoscaling.NotificationConfigurations) { - - notificationConfigResources := ctx.GetResourcesByType("AWS::AutoScaling::NotificationConfiguration") - - for _, r := range notificationConfigResources { - nc := autoscaling.NotificationConfigurations{ - Metadata: r.Metadata(), - AutoScalingGroupName: r.GetStringProperty("AutoScalingGroupName"), - } - notificationconfigvals = append(notificationconfigvals, nc) - } - return notificationconfigvals -} - -func getAvailabilityZone(r *parser.Resource) (availabilityZone []types.StringValue) { - - AvailabilityZoneList := r.GetProperty("AvailabilityZones") - - if AvailabilityZoneList.IsNil() || AvailabilityZoneList.IsNotList() { - return availabilityZone - } - - for _, az := range AvailabilityZoneList.AsList() { - availabilityZone = append(availabilityZone, az.AsStringValue()) - } - return availabilityZone -} - -func getLBNames(r *parser.Resource) (loadBalancerNames []types.StringValue) { - - LBNames := r.GetProperty("LoadBalancerNames") - - if LBNames.IsNil() || LBNames.IsNotList() { - return loadBalancerNames - } - - for _, LBN := range LBNames.AsList() { - loadBalancerNames = append(loadBalancerNames, LBN.AsStringValue()) - } - return loadBalancerNames -} - -func getSuspendedProcesses(r *parser.Resource) (suspendedProcesses []autoscaling.SuspendedProcesses) { - - SusProcesses := r.GetProperty("SuspendedProcesses") - - if SusProcesses.IsNil() || SusProcesses.IsNotNil() { - return suspendedProcesses - } - - for _, SP := range SusProcesses.AsList() { - suspendedProcesses = append(suspendedProcesses, autoscaling.SuspendedProcesses{ - Metadata: SP.Metadata(), - }) - } - return suspendedProcesses -} - -func getTags(r *parser.Resource) (tags []autoscaling.Tags) { - - Tag := r.GetProperty("Tags") - - if Tag.IsNil() || Tag.IsNotList() { - return tags - } - - for _, tg := range Tag.AsList() { - tags = append(tags, autoscaling.Tags{ - Metadata: tg.Metadata(), - ResourceId: types.StringDefault("", tg.Metadata()), - }) - } - return tags -} - -func getInstancesList(r *parser.Resource, ctx parser.FileContext) (instances []autoscaling.InstanceList) { - instanceResources := ctx.GetResourcesByType("AWS::AutoScaling::AutoScalingGroup") - for _, r := range instanceResources { - - in := autoscaling.InstanceList{ - Metadata: r.Metadata(), - InstanceId: r.GetStringProperty("InstanceId"), - } - - instances = append(instances, in) - } - - return instances -} diff --git a/internal/adapters/cloudformation/aws/autoscaling/autoscaling.go b/internal/adapters/cloudformation/aws/autoscaling/autoscaling.go deleted file mode 100644 index 02515b9d9..000000000 --- a/internal/adapters/cloudformation/aws/autoscaling/autoscaling.go +++ /dev/null @@ -1,15 +0,0 @@ -package autoscaling - -import ( - "github.com/aquasecurity/defsec/pkg/providers/aws/autoscaling" - "github.com/aquasecurity/defsec/pkg/scanners/cloudformation/parser" -) - -// Adapt ... -func Adapt(cfFile parser.FileContext) autoscaling.Autoscaling { - return autoscaling.Autoscaling{ - AutoscalingGroupsList: getAutoscalingGroups(cfFile), - NotificationConfigurations: getNotificationConfigurations(cfFile), - LaunchConfigurations: getLaunchConfigurations(cfFile), - } -} diff --git a/internal/adapters/cloudformation/aws/codebuild/project.go b/internal/adapters/cloudformation/aws/codebuild/project.go index 711821cc0..6e94e657f 100644 --- a/internal/adapters/cloudformation/aws/codebuild/project.go +++ b/internal/adapters/cloudformation/aws/codebuild/project.go @@ -13,11 +13,8 @@ func getProjects(ctx parser.FileContext) (projects []codebuild.Project) { for _, r := range projectResources { project := codebuild.Project{ Metadata: r.Metadata(), - EncryptionKey: r.GetStringProperty("EncryptionKey"), - SourceType: r.GetStringProperty("Source.Type"), ArtifactSettings: getArtifactSettings(r), SecondaryArtifactSettings: getSecondaryArtifactSettings(r), - SecondarySources: getSecondarySources(r), } projects = append(projects, project) @@ -64,18 +61,3 @@ func getArtifactSettings(r *parser.Resource) codebuild.ArtifactSettings { return settings } - -func getSecondarySources(r *parser.Resource) (secondarySources []codebuild.SecondarySources) { - secondarySourcesList := r.GetProperty("SecondarySources") - if secondarySourcesList.IsNil() || !secondarySourcesList.IsList() { - return - } - - for _, s := range secondarySourcesList.AsList() { - secondarySources = append(secondarySources, codebuild.SecondarySources{ - Metadata: s.Metadata(), - Type: s.GetStringProperty("Type"), - }) - } - return secondarySources -} diff --git a/internal/adapters/cloudformation/aws/kendra/kendra.go b/internal/adapters/cloudformation/aws/kendra/kendra.go deleted file mode 100644 index 3656fc540..000000000 --- a/internal/adapters/cloudformation/aws/kendra/kendra.go +++ /dev/null @@ -1,13 +0,0 @@ -package kendra - -import ( - "github.com/aquasecurity/defsec/pkg/providers/aws/kendra" - "github.com/aquasecurity/defsec/pkg/scanners/cloudformation/parser" -) - -// Adapt ... -func Adapt(cfFile parser.FileContext) kendra.Kendra { - return kendra.Kendra{ - ListIndices: getListIndices(cfFile), - } -} diff --git a/internal/adapters/cloudformation/aws/kendra/listindices.go b/internal/adapters/cloudformation/aws/kendra/listindices.go deleted file mode 100644 index 566d51040..000000000 --- a/internal/adapters/cloudformation/aws/kendra/listindices.go +++ /dev/null @@ -1,25 +0,0 @@ -package kendra - -import ( - "github.com/aquasecurity/defsec/pkg/providers/aws/kendra" - "github.com/aquasecurity/defsec/pkg/scanners/cloudformation/parser" -) - -func getListIndices(ctx parser.FileContext) (indices []kendra.ListIndices) { - - indexResources := ctx.GetResourcesByType("AWS::Kendra::Index") - - for _, r := range indexResources { - indexkey := kendra.ListIndices{ - Metadata: r.Metadata(), - KmsKey: kendra.KmsKey{ - Metadata: r.Metadata(), - KmsKeyId: r.GetStringProperty("ServerSideEncryptionConfiguration.KmsKeyId"), - }, - } - - indices = append(indices, indexkey) - } - - return indices -} diff --git a/internal/adapters/cloudformation/aws/kinesisvideo/kinesisvideo.go b/internal/adapters/cloudformation/aws/kinesisvideo/kinesisvideo.go deleted file mode 100644 index 1f887b2a7..000000000 --- a/internal/adapters/cloudformation/aws/kinesisvideo/kinesisvideo.go +++ /dev/null @@ -1,13 +0,0 @@ -package kinesisvideo - -import ( - "github.com/aquasecurity/defsec/pkg/providers/aws/kinesisvideo" - "github.com/aquasecurity/defsec/pkg/scanners/cloudformation/parser" -) - -// Adapt ... -func Adapt(cfFile parser.FileContext) kinesisvideo.Kinesisvideo { - return kinesisvideo.Kinesisvideo{ - StreamInfoList: getStreamInfo(cfFile), - } -} diff --git a/internal/adapters/cloudformation/aws/kinesisvideo/streaminf.go b/internal/adapters/cloudformation/aws/kinesisvideo/streaminf.go deleted file mode 100644 index 87292f807..000000000 --- a/internal/adapters/cloudformation/aws/kinesisvideo/streaminf.go +++ /dev/null @@ -1,22 +0,0 @@ -package kinesisvideo - -import ( - "github.com/aquasecurity/defsec/pkg/providers/aws/kinesisvideo" - "github.com/aquasecurity/defsec/pkg/scanners/cloudformation/parser" -) - -func getStreamInfo(ctx parser.FileContext) (streaminfo []kinesisvideo.StreamInfo) { - - streamResources := ctx.GetResourcesByType("AWS::KinesisVideo::Stream") - - for _, r := range streamResources { - streaminfos := kinesisvideo.StreamInfo{ - Metadata: r.Metadata(), - KmsKeyId: r.GetStringProperty("KmsKeyId"), - } - - streaminfo = append(streaminfo, streaminfos) - } - - return streaminfo -} diff --git a/internal/adapters/cloudformation/aws/lambda/function.go b/internal/adapters/cloudformation/aws/lambda/function.go index d6137bbe6..2e2576497 100644 --- a/internal/adapters/cloudformation/aws/lambda/function.go +++ b/internal/adapters/cloudformation/aws/lambda/function.go @@ -12,26 +12,13 @@ func getFunctions(ctx parser.FileContext) (functions []lambda.Function) { for _, r := range functionResources { - var variables map[string]string - function := lambda.Function{ Metadata: r.Metadata(), Tracing: lambda.Tracing{ Metadata: r.Metadata(), Mode: types.StringDefault("PassThrough", r.Metadata()), }, - Permissions: getPermissions(r, ctx), - FunctionName: r.GetStringProperty("FunctionName"), - FunctionArn: r.GetStringProperty("Arn"), - VpcConfig: lambda.VpcConfig{ - Metadata: r.Metadata(), - VpcId: types.String("", r.Metadata()), - }, - Envrionment: lambda.Environment{ - Metadata: r.Metadata(), - Variables: types.Map(variables, r.Metadata()), - }, - Runtime: r.GetStringProperty("Runtime"), + Permissions: getPermissions(r, ctx), } if prop := r.GetProperty("TracingConfig"); prop.IsNotNil() { diff --git a/internal/adapters/cloudformation/aws/mq/broker.go b/internal/adapters/cloudformation/aws/mq/broker.go index a30e47b09..ff01407e0 100644 --- a/internal/adapters/cloudformation/aws/mq/broker.go +++ b/internal/adapters/cloudformation/aws/mq/broker.go @@ -10,13 +10,8 @@ func getBrokers(ctx parser.FileContext) (brokers []mq.Broker) { for _, r := range ctx.GetResourcesByType("AWS::AmazonMQ::Broker") { broker := mq.Broker{ - Metadata: r.Metadata(), - PublicAccess: r.GetBoolProperty("PubliclyAccessible"), - DeploymentMode: r.GetStringProperty("DeploymentMode"), - AutoMinorVersionUpgrade: r.GetBoolProperty("AutoMinorVersionUpgrade"), - EngineType: r.GetStringProperty("EngineType"), - HostInstanceType: r.GetStringProperty("HostInstanceType"), - KmsKeyId: r.GetStringProperty("EncryptionOptions.KmsKeyId"), + Metadata: r.Metadata(), + PublicAccess: r.GetBoolProperty("PubliclyAccessible"), Logging: mq.Logging{ Metadata: r.Metadata(), General: types.BoolDefault(false, r.Metadata()), diff --git a/internal/adapters/cloudformation/aws/msk/cluster.go b/internal/adapters/cloudformation/aws/msk/cluster.go index f1ba90c94..9b859dd1d 100644 --- a/internal/adapters/cloudformation/aws/msk/cluster.go +++ b/internal/adapters/cloudformation/aws/msk/cluster.go @@ -14,21 +14,12 @@ func getClusters(ctx parser.FileContext) (clusters []msk.Cluster) { EncryptionInTransit: msk.EncryptionInTransit{ Metadata: r.Metadata(), ClientBroker: defsecTypes.StringDefault("TLS", r.Metadata()), - InCluster: defsecTypes.BoolDefault(true, r.Metadata()), }, EncryptionAtRest: msk.EncryptionAtRest{ Metadata: r.Metadata(), KMSKeyARN: defsecTypes.StringDefault("", r.Metadata()), Enabled: defsecTypes.BoolDefault(false, r.Metadata()), }, - BrokerNodeGroupInfo: msk.BrokerNodeGroupInfo{ - Metadata: r.Metadata(), - PublicAccessType: defsecTypes.String("DISABLED", r.Metadata()), - }, - ClientAuthentication: msk.ClientAuthentication{ - Metadata: r.Metadata(), - Unauthenticated: defsecTypes.BoolDefault(false, r.Metadata()), - }, Logging: msk.Logging{ Metadata: r.Metadata(), Broker: msk.BrokerLogging{ @@ -53,21 +44,6 @@ func getClusters(ctx parser.FileContext) (clusters []msk.Cluster) { cluster.EncryptionInTransit = msk.EncryptionInTransit{ Metadata: encProp.Metadata(), ClientBroker: encProp.GetStringProperty("ClientBroker", "TLS"), - InCluster: encProp.GetBoolProperty("InCluster"), - } - } - - if brokernodeProp := r.GetProperty("BrokerNodeGroupInfo"); brokernodeProp.IsNotNil() { - cluster.BrokerNodeGroupInfo = msk.BrokerNodeGroupInfo{ - Metadata: brokernodeProp.Metadata(), - PublicAccessType: brokernodeProp.GetStringProperty("ConnectivityInfo.PublicAccess.Type"), - } - } - - if clientProp := r.GetProperty("ClientAuthentication"); clientProp.IsNotNil() { - cluster.ClientAuthentication = msk.ClientAuthentication{ - Metadata: clientProp.Metadata(), - Unauthenticated: clientProp.GetBoolProperty("Unauthenticated.Enabled"), } } diff --git a/internal/adapters/cloudformation/aws/proton/proton.go b/internal/adapters/cloudformation/aws/proton/proton.go deleted file mode 100644 index 841fc3abd..000000000 --- a/internal/adapters/cloudformation/aws/proton/proton.go +++ /dev/null @@ -1,13 +0,0 @@ -package proton - -import ( - "github.com/aquasecurity/defsec/pkg/providers/aws/proton" - "github.com/aquasecurity/defsec/pkg/scanners/cloudformation/parser" -) - -// Adapt ... -func Adapt(cfFile parser.FileContext) proton.Proton { - return proton.Proton{ - ListEnvironmentTemplates: nil, - } -} diff --git a/internal/adapters/cloudformation/aws/ses/ses.go b/internal/adapters/cloudformation/aws/ses/ses.go deleted file mode 100644 index fa9b6b4a7..000000000 --- a/internal/adapters/cloudformation/aws/ses/ses.go +++ /dev/null @@ -1,13 +0,0 @@ -package ses - -import ( - "github.com/aquasecurity/defsec/pkg/providers/aws/ses" - "github.com/aquasecurity/defsec/pkg/scanners/cloudformation/parser" -) - -// Adapt ... -func Adapt(cfFile parser.FileContext) ses.Ses { - return ses.Ses{ - ListIdentities: nil, - } -} diff --git a/internal/adapters/cloudformation/aws/shield/subscription.go b/internal/adapters/cloudformation/aws/shield/subscription.go deleted file mode 100644 index 07d73a233..000000000 --- a/internal/adapters/cloudformation/aws/shield/subscription.go +++ /dev/null @@ -1,11 +0,0 @@ -package shield - -import ( - "github.com/aquasecurity/defsec/pkg/providers/aws/shield" - "github.com/aquasecurity/defsec/pkg/scanners/cloudformation/parser" -) - -// Adapt ... -func Adapt(cfFile parser.FileContext) shield.Shield { - return shield.Shield{} -} diff --git a/internal/adapters/cloudformation/aws/timestreamwrite/listdatabases.go b/internal/adapters/cloudformation/aws/timestreamwrite/listdatabases.go deleted file mode 100644 index fd0cbe341..000000000 --- a/internal/adapters/cloudformation/aws/timestreamwrite/listdatabases.go +++ /dev/null @@ -1,23 +0,0 @@ -package timestreamwrite - -import ( - "github.com/aquasecurity/defsec/pkg/providers/aws/timestreamwrite" - "github.com/aquasecurity/defsec/pkg/scanners/cloudformation/parser" -) - -func getListDatabases(ctx parser.FileContext) (databasesInfo []timestreamwrite.Databases) { - - serverResources := ctx.GetResourcesByType("AWS::Timestream::Database") - - for _, r := range serverResources { - databaseInfo := timestreamwrite.Databases{ - Metadata: r.Metadata(), - Arn: r.GetStringProperty("Arn"), - KmsKeyID: r.GetStringProperty("KmsKeyId"), - } - - databasesInfo = append(databasesInfo, databaseInfo) - } - - return databasesInfo -} diff --git a/internal/adapters/cloudformation/aws/timestreamwrite/timestreamwrite.go b/internal/adapters/cloudformation/aws/timestreamwrite/timestreamwrite.go deleted file mode 100644 index c6c707334..000000000 --- a/internal/adapters/cloudformation/aws/timestreamwrite/timestreamwrite.go +++ /dev/null @@ -1,13 +0,0 @@ -package timestreamwrite - -import ( - "github.com/aquasecurity/defsec/pkg/providers/aws/timestreamwrite" - "github.com/aquasecurity/defsec/pkg/scanners/cloudformation/parser" -) - -// Adapt ... -func Adapt(cfFile parser.FileContext) timestreamwrite.Timestream_write { - return timestreamwrite.Timestream_write{ - ListDatabases: getListDatabases(cfFile), - } -} diff --git a/internal/adapters/cloudformation/aws/transfer/listservers.go b/internal/adapters/cloudformation/aws/transfer/listservers.go deleted file mode 100644 index 90e5efdc0..000000000 --- a/internal/adapters/cloudformation/aws/transfer/listservers.go +++ /dev/null @@ -1,22 +0,0 @@ -package transfer - -import ( - "github.com/aquasecurity/defsec/pkg/providers/aws/transfer" - "github.com/aquasecurity/defsec/pkg/scanners/cloudformation/parser" -) - -func getListServers(ctx parser.FileContext) (transferServerInfo []transfer.Servers) { - - serverResources := ctx.GetResourcesByType("AWS::Transfer::Server") - - for _, r := range serverResources { - serverInfo := transfer.Servers{ - Metadata: r.Metadata(), - ServerArn: r.GetStringProperty("Arn"), - } - - transferServerInfo = append(transferServerInfo, serverInfo) - } - - return transferServerInfo -} diff --git a/internal/adapters/cloudformation/aws/transfer/transfer.go b/internal/adapters/cloudformation/aws/transfer/transfer.go deleted file mode 100644 index 870449407..000000000 --- a/internal/adapters/cloudformation/aws/transfer/transfer.go +++ /dev/null @@ -1,13 +0,0 @@ -package transfer - -import ( - "github.com/aquasecurity/defsec/pkg/providers/aws/transfer" - "github.com/aquasecurity/defsec/pkg/scanners/cloudformation/parser" -) - -// Adapt ... -func Adapt(cfFile parser.FileContext) transfer.Transfer { - return transfer.Transfer{ - ListServers: getListServers(cfFile), - } -} diff --git a/internal/adapters/cloudformation/aws/translate/translate.go b/internal/adapters/cloudformation/aws/translate/translate.go deleted file mode 100644 index c13e604ef..000000000 --- a/internal/adapters/cloudformation/aws/translate/translate.go +++ /dev/null @@ -1,13 +0,0 @@ -package translate - -import ( - "github.com/aquasecurity/defsec/pkg/providers/aws/translate" - "github.com/aquasecurity/defsec/pkg/scanners/cloudformation/parser" -) - -// Adapt ... -func Adapt(cfFile parser.FileContext) translate.Translate { - return translate.Translate{ - ListTextTranslateJobs: nil, - } -} diff --git a/internal/adapters/cloudformation/aws/waf/listwebacl.go b/internal/adapters/cloudformation/aws/waf/listwebacl.go deleted file mode 100644 index 547f0e835..000000000 --- a/internal/adapters/cloudformation/aws/waf/listwebacl.go +++ /dev/null @@ -1,22 +0,0 @@ -package waf - -import ( - "github.com/aquasecurity/defsec/pkg/providers/aws/waf" - "github.com/aquasecurity/defsec/pkg/scanners/cloudformation/parser" -) - -func getListWebACLs(ctx parser.FileContext) (webACLInfo []waf.ListACLs) { - - webACLResources := ctx.GetResourcesByType("AWS::WAF::WebACL") - - for _, r := range webACLResources { - webACLs := waf.ListACLs{ - Metadata: r.Metadata(), - WebACLsID: r.GetStringProperty("WebACLId"), - } - - webACLInfo = append(webACLInfo, webACLs) - } - - return webACLInfo -} diff --git a/internal/adapters/cloudformation/aws/waf/waf.go b/internal/adapters/cloudformation/aws/waf/waf.go deleted file mode 100644 index 50a4ed9ab..000000000 --- a/internal/adapters/cloudformation/aws/waf/waf.go +++ /dev/null @@ -1,13 +0,0 @@ -package waf - -import ( - "github.com/aquasecurity/defsec/pkg/providers/aws/waf" - "github.com/aquasecurity/defsec/pkg/scanners/cloudformation/parser" -) - -// Adapt ... -func Adapt(cfFile parser.FileContext) waf.Waf { - return waf.Waf{ - ListWebACLs: getListWebACLs(cfFile), - } -} diff --git a/internal/adapters/cloudformation/aws/wafv2/listwebacls2.go b/internal/adapters/cloudformation/aws/wafv2/listwebacls2.go deleted file mode 100644 index 72057c945..000000000 --- a/internal/adapters/cloudformation/aws/wafv2/listwebacls2.go +++ /dev/null @@ -1,22 +0,0 @@ -package wafv2 - -import ( - "github.com/aquasecurity/defsec/pkg/providers/aws/wafv2" - "github.com/aquasecurity/defsec/pkg/scanners/cloudformation/parser" -) - -func getListWebACLs2(ctx parser.FileContext) (webACLInfo []wafv2.WebACLs2) { - - webACLResources := ctx.GetResourcesByType("AWS::WAFv2::WebACL") - - for _, r := range webACLResources { - webACLInfos := wafv2.WebACLs2{ - Metadata: r.Metadata(), - WebACLId: r.GetStringProperty("Id"), - } - - webACLInfo = append(webACLInfo, webACLInfos) - } - - return webACLInfo -} diff --git a/internal/adapters/cloudformation/aws/wafv2/wafv2.go b/internal/adapters/cloudformation/aws/wafv2/wafv2.go deleted file mode 100644 index 83b6a82a3..000000000 --- a/internal/adapters/cloudformation/aws/wafv2/wafv2.go +++ /dev/null @@ -1,13 +0,0 @@ -package wafv2 - -import ( - "github.com/aquasecurity/defsec/pkg/providers/aws/wafv2" - "github.com/aquasecurity/defsec/pkg/scanners/cloudformation/parser" -) - -// Adapt ... -func Adapt(cfFile parser.FileContext) wafv2.Wafv2 { - return wafv2.Wafv2{ - ListWebACLs: getListWebACLs2(cfFile), - } -} diff --git a/internal/adapters/cloudformation/aws/xray/xray.go b/internal/adapters/cloudformation/aws/xray/xray.go deleted file mode 100644 index 75959682c..000000000 --- a/internal/adapters/cloudformation/aws/xray/xray.go +++ /dev/null @@ -1,11 +0,0 @@ -package xray - -import ( - "github.com/aquasecurity/defsec/pkg/providers/aws/xray" - "github.com/aquasecurity/defsec/pkg/scanners/cloudformation/parser" -) - -// Adapt ... -func Adapt(cfFile parser.FileContext) xray.Xray { - return xray.Xray{} -} diff --git a/internal/adapters/terraform/aws/autoscaling/adapt.go b/internal/adapters/terraform/aws/autoscaling/adapt.go deleted file mode 100644 index a4a518137..000000000 --- a/internal/adapters/terraform/aws/autoscaling/adapt.go +++ /dev/null @@ -1,143 +0,0 @@ -package autoscaling - -import ( - "github.com/aquasecurity/defsec/pkg/providers/aws/autoscaling" - "github.com/aquasecurity/defsec/pkg/terraform" - "github.com/aquasecurity/defsec/pkg/types" -) - -func Adapt(modules terraform.Modules) autoscaling.Autoscaling { - return autoscaling.Autoscaling{ - AutoscalingGroupsList: adaptAutoscalings(modules), - NotificationConfigurations: adaptNotificationConfigurations(modules), - LaunchConfigurations: adaptLaunchConfigurations(modules), - } -} - -func adaptAutoscalings(modules terraform.Modules) []autoscaling.AutoscalingGroupsList { - var AvaiabilityZone []autoscaling.AutoscalingGroupsList - for _, module := range modules { - for _, resource := range module.GetResourcesByType("aws_autoscaling_group") { - AvaiabilityZone = append(AvaiabilityZone, adaptAutoscaling(resource, module)) - } - } - return AvaiabilityZone -} - -func adaptNotificationConfigurations(modules terraform.Modules) []autoscaling.NotificationConfigurations { - var NotificationConfig []autoscaling.NotificationConfigurations - for _, module := range modules { - for _, resource := range module.GetResourcesByType("aws_autoscaling_notification") { - NotificationConfig = append(NotificationConfig, adaptNotificationConfiguration(resource, module)) - } - } - return NotificationConfig -} - -func adaptLaunchConfigurations(modules terraform.Modules) []autoscaling.LaunchConfigurations { - var LaunchConfig []autoscaling.LaunchConfigurations - for _, module := range modules { - for _, resource := range module.GetResourcesByType("aws_launch_configuration") { - LaunchConfig = append(LaunchConfig, adaptLaunchConfiguration(resource, module)) - } - } - return LaunchConfig -} - -func adaptAutoscaling(resource *terraform.Block, module *terraform.Module) autoscaling.AutoscalingGroupsList { - nameAttr := resource.GetAttribute("name") - nameVal := nameAttr.AsStringValueOrDefault("", resource) - - var AZones []types.StringValue - AZAttr := resource.GetAttribute("availability_zones") - for _, AZ := range AZAttr.AsStringValues() { - AZones = append(AZones, AZ) - } - - HCTAttr := resource.GetAttribute("health_check_type") - HCTVal := HCTAttr.AsStringValueOrDefault("", resource) - - var LBNames []types.StringValue - LBNAttr := resource.GetAttribute("load_balancers") - for _, LBN := range LBNAttr.AsStringValues() { - LBNames = append(LBNames, LBN) - } - - ASGArnAttr := resource.GetAttribute("arn") - ASGArnVal := ASGArnAttr.AsStringValueOrDefault("", resource) - - DefaultCooldownAttr := resource.GetAttribute("default_cooldown") - DefaultCooldownVal := DefaultCooldownAttr.AsIntValueOrDefault(0, resource) - - LaunchConfigurationNameAttr := resource.GetAttribute("launch_configuration") - LaunchConfigurationNameVal := LaunchConfigurationNameAttr.AsStringValueOrDefault("", resource) - - var suspendedprocess []autoscaling.SuspendedProcesses - for _, susBlock := range resource.GetBlocks("suspended_processes") { - - suspendedprocess = append(suspendedprocess, autoscaling.SuspendedProcesses{ - Metadata: susBlock.GetMetadata(), - }) - } - - var Tags []autoscaling.Tags - tagsRes := resource.GetBlocks("tags") - for _, tagRes := range tagsRes { - - Tags = append(Tags, autoscaling.Tags{ - Metadata: tagRes.GetMetadata(), - ResourceId: types.StringDefault("", tagRes.GetMetadata()), - }) - } - - return autoscaling.AutoscalingGroupsList{ - Metadata: resource.GetMetadata(), - Name: nameVal, - AvailabilityZone: AZones, - Instances: nil, - HealthCheckType: HCTVal, - LoadBalancerNames: LBNames, - AutoScalingGroupARN: ASGArnVal, - DefaultCooldown: DefaultCooldownVal, - SuspendedProcesses: suspendedprocess, - Tags: Tags, - LaunchConfigurationName: LaunchConfigurationNameVal, - } -} - -func adaptNotificationConfiguration(resource *terraform.Block, module *terraform.Module) autoscaling.NotificationConfigurations { - asgnameAttr := resource.GetAttribute("group_names") - asgnameVal := asgnameAttr.AsStringValueOrDefault("", resource) - - return autoscaling.NotificationConfigurations{ - Metadata: resource.GetMetadata(), - AutoScalingGroupName: asgnameVal, - } -} - -func adaptLaunchConfiguration(resource *terraform.Block, module *terraform.Module) autoscaling.LaunchConfigurations { - - imageIdAttr := resource.GetAttribute("image_id") - imageIdVal := imageIdAttr.AsStringValueOrDefault("", resource) - - userDataAttr := resource.GetAttribute("user_data") - userDataVal := userDataAttr.AsStringValueOrDefault("", resource) - - iamInstanceProfileAttr := resource.GetAttribute("iam_instance_profile") - iamInstanceProfileVal := iamInstanceProfileAttr.AsStringValueOrDefault("", resource) - - launchConfigNameAttr := resource.GetAttribute("name") - launchConfigNameVal := launchConfigNameAttr.AsStringValueOrDefault("", resource) - - launchConfigArnAttr := resource.GetAttribute("arn") - launchConfigArnVal := launchConfigArnAttr.AsStringValueOrDefault("", resource) - - return autoscaling.LaunchConfigurations{ - Metadata: resource.GetMetadata(), - ImageId: imageIdVal, - UserData: userDataVal, - IamInstanceProfile: iamInstanceProfileVal, - LaunchConfigurationName: launchConfigNameVal, - LaunchConfigurationARN: launchConfigArnVal, - } -} diff --git a/internal/adapters/terraform/aws/autoscaling/adapt_test.go b/internal/adapters/terraform/aws/autoscaling/adapt_test.go deleted file mode 100644 index f608421d2..000000000 --- a/internal/adapters/terraform/aws/autoscaling/adapt_test.go +++ /dev/null @@ -1,94 +0,0 @@ -package autoscaling - -import ( - "testing" - - defsecTypes "github.com/aquasecurity/defsec/pkg/types" - - "github.com/aquasecurity/defsec/pkg/providers/aws/autoscaling" - - "github.com/aquasecurity/defsec/internal/adapters/terraform/tftestutil" - - "github.com/aquasecurity/defsec/test/testutil" - "github.com/stretchr/testify/assert" - "github.com/stretchr/testify/require" -) - -func Test_adaptCluster(t *testing.T) { - tests := []struct { - name string - terraform string - expected autoscaling.AutoscalingGroupsList - }{ - { - name: "configured", - terraform: ` - resource "aws_autoscaling_group" "example" { - name = "my-group" - availability_zones = "us-east-1a" - } - -`, - expected: autoscaling.AutoscalingGroupsList{ - Metadata: defsecTypes.NewTestMetadata(), - Name: defsecTypes.String("my-group", defsecTypes.NewTestMetadata()), - AvailabilityZone: []defsecTypes.StringValue{ - defsecTypes.String("us-east-1a", defsecTypes.NewTestMetadata()), - }, - }, - }, - { - name: "defaults", - terraform: ` - resource "aws_autoscaling_group" "example" { - } -`, - expected: autoscaling.AutoscalingGroupsList{ - Metadata: defsecTypes.NewTestMetadata(), - Name: defsecTypes.String("", defsecTypes.NewTestMetadata()), - }, - }, - } - - for _, test := range tests { - t.Run(test.name, func(t *testing.T) { - modules := tftestutil.CreateModulesFromSource(t, test.terraform, ".tf") - adapted := adaptAutoscaling(modules.GetBlocks()[0], modules[0]) - testutil.AssertDefsecEqual(t, test.expected, adapted) - }) - } -} - -func TestLines(t *testing.T) { - src := ` - resource "aws_autoscaling_group" "example" { - name = "my-group" - availability_zones = "us-east-1a" - health_check_type = "ELB" - load_balancers = "test" - - }` - - modules := tftestutil.CreateModulesFromSource(t, src, ".tf") - adapted := Adapt(modules) - - require.Len(t, adapted.AutoscalingGroupsList, 1) - - autoscalingGroupsList := adapted.AutoscalingGroupsList[0] - - assert.Equal(t, 2, autoscalingGroupsList.Metadata.Range().GetStartLine()) - assert.Equal(t, 8, autoscalingGroupsList.Metadata.Range().GetEndLine()) - - assert.Equal(t, 3, autoscalingGroupsList.Name.GetMetadata().Range().GetStartLine()) - assert.Equal(t, 3, autoscalingGroupsList.Name.GetMetadata().Range().GetEndLine()) - - assert.Equal(t, 4, autoscalingGroupsList.AvailabilityZone[0].GetMetadata().Range().GetStartLine()) - assert.Equal(t, 4, autoscalingGroupsList.AvailabilityZone[0].GetMetadata().Range().GetEndLine()) - - assert.Equal(t, 5, autoscalingGroupsList.HealthCheckType.GetMetadata().Range().GetStartLine()) - assert.Equal(t, 5, autoscalingGroupsList.HealthCheckType.GetMetadata().Range().GetEndLine()) - - assert.Equal(t, 6, autoscalingGroupsList.LoadBalancerNames[0].GetMetadata().Range().GetStartLine()) - assert.Equal(t, 6, autoscalingGroupsList.LoadBalancerNames[0].GetMetadata().Range().GetEndLine()) - -} diff --git a/internal/adapters/terraform/aws/codebuild/adapt.go b/internal/adapters/terraform/aws/codebuild/adapt.go index 923686938..7870ff26e 100644 --- a/internal/adapters/terraform/aws/codebuild/adapt.go +++ b/internal/adapters/terraform/aws/codebuild/adapt.go @@ -25,19 +25,12 @@ func adaptProjects(modules terraform.Modules) []codebuild.Project { func adaptProject(resource *terraform.Block) codebuild.Project { project := codebuild.Project{ - Metadata: resource.GetMetadata(), - SourceType: types.StringDefault("", resource.GetMetadata()), - EncryptionKey: resource.GetAttribute("encryption_key").AsStringValueOrDefault("", resource), + Metadata: resource.GetMetadata(), ArtifactSettings: codebuild.ArtifactSettings{ Metadata: resource.GetMetadata(), EncryptionEnabled: types.BoolDefault(true, resource.GetMetadata()), }, SecondaryArtifactSettings: nil, - SecondarySources: nil, - } - - if sourceblock := resource.GetBlock("source"); sourceblock.IsNotNil() { - project.SourceType = sourceblock.GetAttribute("type").AsStringValueOrDefault("CODECOMMIT", sourceblock) } var hasArtifacts bool @@ -69,13 +62,5 @@ func adaptProject(resource *terraform.Block) codebuild.Project { }) } - secondrysources := resource.GetBlocks("secondary_sources") - for _, ss := range secondrysources { - project.SecondarySources = append(project.SecondarySources, codebuild.SecondarySources{ - Metadata: ss.GetMetadata(), - Type: ss.GetAttribute("type").AsStringValueOrDefault("CODECOMMIT", ss), - }) - } - return project } diff --git a/internal/adapters/terraform/aws/kendra/adapt.go b/internal/adapters/terraform/aws/kendra/adapt.go deleted file mode 100644 index 38a272319..000000000 --- a/internal/adapters/terraform/aws/kendra/adapt.go +++ /dev/null @@ -1,42 +0,0 @@ -package kendra - -import ( - "github.com/aquasecurity/defsec/pkg/providers/aws/kendra" - "github.com/aquasecurity/defsec/pkg/terraform" - "github.com/aquasecurity/defsec/pkg/types" -) - -func Adapt(modules terraform.Modules) kendra.Kendra { - return kendra.Kendra{ - ListIndices: adaptListIndices(modules), - } -} - -func adaptListIndices(modules terraform.Modules) []kendra.ListIndices { - var indices []kendra.ListIndices - for _, module := range modules { - for _, resource := range module.GetResourcesByType("aws_kendra_index") { - indices = append(indices, adaptIndex(resource)) - } - } - return indices -} - -func adaptIndex(resource *terraform.Block) kendra.ListIndices { - - index := kendra.ListIndices{ - Metadata: resource.GetMetadata(), - KmsKey: kendra.KmsKey{ - Metadata: resource.GetMetadata(), - KmsKeyId: types.StringDefault("", resource.GetMetadata()), - }, - } - - if serverSideEncryption := resource.GetBlock("server_side_encryption_configuration"); serverSideEncryption.IsNotNil() { - index.KmsKey.Metadata = serverSideEncryption.GetMetadata() - kmskeyAttr := serverSideEncryption.GetAttribute("kms_key_id") - index.KmsKey.KmsKeyId = kmskeyAttr.AsStringValueOrDefault("", serverSideEncryption) - } - - return index -} diff --git a/internal/adapters/terraform/aws/kinesisvideo/adapt.go b/internal/adapters/terraform/aws/kinesisvideo/adapt.go deleted file mode 100644 index 0f6624444..000000000 --- a/internal/adapters/terraform/aws/kinesisvideo/adapt.go +++ /dev/null @@ -1,32 +0,0 @@ -package kinesisvideo - -import ( - "github.com/aquasecurity/defsec/pkg/providers/aws/kinesisvideo" - "github.com/aquasecurity/defsec/pkg/terraform" -) - -func Adapt(modules terraform.Modules) kinesisvideo.Kinesisvideo { - return kinesisvideo.Kinesisvideo{ - StreamInfoList: adaptStreamInfoList(modules), - } -} - -func adaptStreamInfoList(modules terraform.Modules) []kinesisvideo.StreamInfo { - var streaminfo []kinesisvideo.StreamInfo - for _, module := range modules { - for _, resource := range module.GetResourcesByType("aws_kinesis_video_stream") { - streaminfo = append(streaminfo, adaptIndex(resource)) - } - } - return streaminfo -} - -func adaptIndex(resource *terraform.Block) kinesisvideo.StreamInfo { - - index := kinesisvideo.StreamInfo{ - Metadata: resource.GetMetadata(), - KmsKeyId: resource.GetAttribute("kms_key_id").AsStringValueOrDefault("", resource), - } - - return index -} diff --git a/internal/adapters/terraform/aws/lambda/adapt.go b/internal/adapters/terraform/aws/lambda/adapt.go index 103b94d31..286190699 100644 --- a/internal/adapters/terraform/aws/lambda/adapt.go +++ b/internal/adapters/terraform/aws/lambda/adapt.go @@ -39,10 +39,7 @@ func (a *adapter) adaptFunctions(modules terraform.Modules) []lambda.Function { Metadata: defsecTypes.NewUnmanagedMetadata(), Mode: defsecTypes.StringDefault("", defsecTypes.NewUnmanagedMetadata()), }, - FunctionName: defsecTypes.StringDefault("", defsecTypes.NewUnmanagedMetadata()), - FunctionArn: defsecTypes.StringDefault("", defsecTypes.NewUnmanagedMetadata()), - Runtime: defsecTypes.StringDefault("", defsecTypes.NewUnmanagedMetadata()), - Permissions: nil, + Permissions: nil, } for _, permission := range orphanResources { orphanage.Permissions = append(orphanage.Permissions, a.adaptPermission(permission)) @@ -55,7 +52,6 @@ func (a *adapter) adaptFunctions(modules terraform.Modules) []lambda.Function { func (a *adapter) adaptFunction(function *terraform.Block, modules terraform.Modules, orphans terraform.ResourceIDResolutions) lambda.Function { var permissions []lambda.Permission - for _, module := range modules { for _, p := range module.GetResourcesByType("aws_lambda_permission") { if referencedBlock, err := module.GetReferencedBlock(p.GetAttribute("function_name"), p); err == nil && referencedBlock == function { @@ -66,20 +62,9 @@ func (a *adapter) adaptFunction(function *terraform.Block, modules terraform.Mod } return lambda.Function{ - Metadata: function.GetMetadata(), - Tracing: a.adaptTracing(function), - Permissions: permissions, - FunctionName: function.GetAttribute("function_name").AsStringValueOrDefault("", function), - FunctionArn: function.GetAttribute("arn").AsStringValueOrDefault("", function), - VpcConfig: lambda.VpcConfig{ - Metadata: function.GetMetadata(), - VpcId: defsecTypes.String("", function.GetMetadata()), - }, - Runtime: function.GetAttribute("runtime").AsStringValueOrDefault("", function), - Envrionment: lambda.Environment{ - Metadata: function.GetMetadata(), - Variables: defsecTypes.MapDefault(nil, function.GetMetadata()), - }, + Metadata: function.GetMetadata(), + Tracing: a.adaptTracing(function), + Permissions: permissions, } } diff --git a/internal/adapters/terraform/aws/lambda/adapt_test.go b/internal/adapters/terraform/aws/lambda/adapt_test.go index 86180c565..5874a66ee 100644 --- a/internal/adapters/terraform/aws/lambda/adapt_test.go +++ b/internal/adapters/terraform/aws/lambda/adapt_test.go @@ -44,10 +44,7 @@ func Test_Adapt(t *testing.T) { expected: lambda.Lambda{ Functions: []lambda.Function{ { - Metadata: defsecTypes.NewTestMetadata(), - FunctionName: defsecTypes.String("lambda_function_name", defsecTypes.NewTestMetadata()), - FunctionArn: defsecTypes.String("", defsecTypes.NewTestMetadata()), - Runtime: defsecTypes.String("nodejs12.x", defsecTypes.NewTestMetadata()), + Metadata: defsecTypes.NewTestMetadata(), Tracing: lambda.Tracing{ Metadata: defsecTypes.NewTestMetadata(), Mode: defsecTypes.String("Passthrough", defsecTypes.NewTestMetadata()), @@ -59,10 +56,6 @@ func Test_Adapt(t *testing.T) { SourceARN: defsecTypes.String("default", defsecTypes.NewTestMetadata()), }, }, - Envrionment: lambda.Environment{ - Metadata: defsecTypes.NewTestMetadata(), - Variables: defsecTypes.MapDefault(nil, defsecTypes.NewTestMetadata()), - }, }, }, }, diff --git a/internal/adapters/terraform/aws/mq/adapt.go b/internal/adapters/terraform/aws/mq/adapt.go index c2183bd73..c5da698dc 100644 --- a/internal/adapters/terraform/aws/mq/adapt.go +++ b/internal/adapters/terraform/aws/mq/adapt.go @@ -25,13 +25,8 @@ func adaptBrokers(modules terraform.Modules) []mq.Broker { func adaptBroker(resource *terraform.Block) mq.Broker { broker := mq.Broker{ - Metadata: resource.GetMetadata(), - PublicAccess: types.BoolDefault(false, resource.GetMetadata()), - EngineType: resource.GetAttribute("engine_type").AsStringValueOrDefault("", resource), - HostInstanceType: resource.GetAttribute("host_instance_type").AsStringValueOrDefault("", resource), - AutoMinorVersionUpgrade: resource.GetAttribute("auto_minor_version_upgrade").AsBoolValueOrDefault(true, resource), - DeploymentMode: resource.GetAttribute("deployment_mode").AsStringValueOrDefault("SINGLE_INSTANCE", resource), - KmsKeyId: types.StringDefault("", resource.GetMetadata()), + Metadata: resource.GetMetadata(), + PublicAccess: types.BoolDefault(false, resource.GetMetadata()), Logging: mq.Logging{ Metadata: resource.GetMetadata(), General: types.BoolDefault(false, resource.GetMetadata()), @@ -48,9 +43,6 @@ func adaptBroker(resource *terraform.Block) mq.Broker { generalAttr := logsBlock.GetAttribute("general") broker.Logging.General = generalAttr.AsBoolValueOrDefault(false, logsBlock) } - if encryptBlock := resource.GetBlock("encryption_options"); encryptBlock.IsNotNil() { - broker.KmsKeyId = encryptBlock.GetAttribute("kms_key_id").AsStringValueOrDefault("", resource) - } return broker } diff --git a/internal/adapters/terraform/aws/mq/adapt_test.go b/internal/adapters/terraform/aws/mq/adapt_test.go index 085000585..3fa7097c5 100644 --- a/internal/adapters/terraform/aws/mq/adapt_test.go +++ b/internal/adapters/terraform/aws/mq/adapt_test.go @@ -29,15 +29,11 @@ func Test_adaptBroker(t *testing.T) { } publicly_accessible = false - auto_minor_version_upgrade = false - deployment_mode = "CLUSTER_MULTI_AZ" } `, expected: mq.Broker{ - Metadata: defsecTypes.NewTestMetadata(), - PublicAccess: defsecTypes.Bool(false, defsecTypes.NewTestMetadata()), - AutoMinorVersionUpgrade: defsecTypes.Bool(false, defsecTypes.NewTestMetadata()), - DeploymentMode: defsecTypes.String("CLUSTER_MULTI_AZ", defsecTypes.NewTestMetadata()), + Metadata: defsecTypes.NewTestMetadata(), + PublicAccess: defsecTypes.Bool(false, defsecTypes.NewTestMetadata()), Logging: mq.Logging{ Metadata: defsecTypes.NewTestMetadata(), General: defsecTypes.Bool(false, defsecTypes.NewTestMetadata()), @@ -54,15 +50,11 @@ func Test_adaptBroker(t *testing.T) { } publicly_accessible = true - auto_minor_version_upgrade = true - deployment_mode = "SINGLE_INSTANCE" } `, expected: mq.Broker{ - Metadata: defsecTypes.NewTestMetadata(), - PublicAccess: defsecTypes.Bool(true, defsecTypes.NewTestMetadata()), - AutoMinorVersionUpgrade: defsecTypes.Bool(true, defsecTypes.NewTestMetadata()), - DeploymentMode: defsecTypes.String("SINGLE_INSTANCE", defsecTypes.NewTestMetadata()), + Metadata: defsecTypes.NewTestMetadata(), + PublicAccess: defsecTypes.Bool(true, defsecTypes.NewTestMetadata()), Logging: mq.Logging{ Metadata: defsecTypes.NewTestMetadata(), General: defsecTypes.Bool(true, defsecTypes.NewTestMetadata()), @@ -77,10 +69,8 @@ func Test_adaptBroker(t *testing.T) { } `, expected: mq.Broker{ - Metadata: defsecTypes.NewTestMetadata(), - PublicAccess: defsecTypes.Bool(false, defsecTypes.NewTestMetadata()), - AutoMinorVersionUpgrade: defsecTypes.Bool(true, defsecTypes.NewTestMetadata()), - DeploymentMode: defsecTypes.String("SINGLE_INSTANCE", defsecTypes.NewTestMetadata()), + Metadata: defsecTypes.NewTestMetadata(), + PublicAccess: defsecTypes.Bool(false, defsecTypes.NewTestMetadata()), Logging: mq.Logging{ Metadata: defsecTypes.NewTestMetadata(), General: defsecTypes.Bool(false, defsecTypes.NewTestMetadata()), diff --git a/internal/adapters/terraform/aws/msk/adapt.go b/internal/adapters/terraform/aws/msk/adapt.go index 454c5f29d..faf43df21 100644 --- a/internal/adapters/terraform/aws/msk/adapt.go +++ b/internal/adapters/terraform/aws/msk/adapt.go @@ -28,15 +28,6 @@ func adaptCluster(resource *terraform.Block) msk.Cluster { EncryptionInTransit: msk.EncryptionInTransit{ Metadata: resource.GetMetadata(), ClientBroker: defsecTypes.StringDefault("TLS_PLAINTEXT", resource.GetMetadata()), - InCluster: defsecTypes.BoolDefault(true, resource.GetMetadata()), - }, - BrokerNodeGroupInfo: msk.BrokerNodeGroupInfo{ - Metadata: resource.GetMetadata(), - PublicAccessType: defsecTypes.StringDefault("DISABLED", resource.GetMetadata()), - }, - ClientAuthentication: msk.ClientAuthentication{ - Metadata: resource.GetMetadata(), - Unauthenticated: defsecTypes.BoolDefault(false, resource.GetMetadata()), }, EncryptionAtRest: msk.EncryptionAtRest{ Metadata: resource.GetMetadata(), @@ -69,7 +60,6 @@ func adaptCluster(resource *terraform.Block) msk.Cluster { if clientBrokerAttr := encryptionInTransitBlock.GetAttribute("client_broker"); clientBrokerAttr.IsNotNil() { cluster.EncryptionInTransit.ClientBroker = clientBrokerAttr.AsStringValueOrDefault("TLS", encryptionInTransitBlock) } - cluster.EncryptionInTransit.InCluster = encryptionInTransitBlock.GetAttribute("in_cluster").AsBoolValueOrDefault(true, encryptionInTransitBlock) } if encryptionAtRestAttr := encryptBlock.GetAttribute("encryption_at_rest_kms_key_arn"); encryptionAtRestAttr.IsNotNil() { @@ -79,20 +69,6 @@ func adaptCluster(resource *terraform.Block) msk.Cluster { } } - if clientBlock := resource.GetBlock("client_authentication"); clientBlock.IsNotNil() { - cluster.ClientAuthentication.Metadata = clientBlock.GetMetadata() - cluster.ClientAuthentication.Unauthenticated = clientBlock.GetAttribute("unauthenticated").AsBoolValueOrDefault(false, clientBlock) - } - - if brokernodeBlock := resource.GetBlock("broker_node_group_info"); brokernodeBlock.IsNotNil() { - cluster.BrokerNodeGroupInfo.Metadata = brokernodeBlock.GetMetadata() - if connectBlock := brokernodeBlock.GetBlock("connectivity_info"); connectBlock.IsNotNil() { - if publicaccessBlock := connectBlock.GetBlock("public-access"); publicaccessBlock.IsNotNil() { - cluster.BrokerNodeGroupInfo.PublicAccessType = publicaccessBlock.GetAttribute("type").AsStringValueOrDefault("DISABLED", publicaccessBlock) - } - } - } - if logBlock := resource.GetBlock("logging_info"); logBlock.IsNotNil() { cluster.Logging.Metadata = logBlock.GetMetadata() if brokerLogsBlock := logBlock.GetBlock("broker_logs"); brokerLogsBlock.IsNotNil() { diff --git a/internal/adapters/terraform/aws/msk/adapt_test.go b/internal/adapters/terraform/aws/msk/adapt_test.go index 4ae35f482..0cbf09fd0 100644 --- a/internal/adapters/terraform/aws/msk/adapt_test.go +++ b/internal/adapters/terraform/aws/msk/adapt_test.go @@ -51,13 +51,6 @@ func Test_adaptCluster(t *testing.T) { } } } - broker_node_group_info { - connectivity_info { - public-access{ - type = "SERVICE_PROVIDED_EIPS" - } - } - } } `, expected: msk.Cluster{ @@ -65,17 +58,12 @@ func Test_adaptCluster(t *testing.T) { EncryptionInTransit: msk.EncryptionInTransit{ Metadata: defsecTypes.NewTestMetadata(), ClientBroker: defsecTypes.String("TLS", defsecTypes.NewTestMetadata()), - InCluster: defsecTypes.Bool(true, defsecTypes.NewTestMetadata()), }, EncryptionAtRest: msk.EncryptionAtRest{ Metadata: defsecTypes.NewTestMetadata(), KMSKeyARN: defsecTypes.String("foo-bar-key", defsecTypes.NewTestMetadata()), Enabled: defsecTypes.Bool(true, defsecTypes.NewTestMetadata()), }, - BrokerNodeGroupInfo: msk.BrokerNodeGroupInfo{ - Metadata: defsecTypes.NewTestMetadata(), - PublicAccessType: defsecTypes.String("SERVICE_PROVIDED_EIPS", defsecTypes.NewTestMetadata()), - }, Logging: msk.Logging{ Metadata: defsecTypes.NewTestMetadata(), Broker: msk.BrokerLogging{ @@ -107,11 +95,6 @@ func Test_adaptCluster(t *testing.T) { EncryptionInTransit: msk.EncryptionInTransit{ Metadata: defsecTypes.NewTestMetadata(), ClientBroker: defsecTypes.String("TLS_PLAINTEXT", defsecTypes.NewTestMetadata()), - InCluster: defsecTypes.Bool(true, defsecTypes.NewTestMetadata()), - }, - BrokerNodeGroupInfo: msk.BrokerNodeGroupInfo{ - Metadata: defsecTypes.NewTestMetadata(), - PublicAccessType: defsecTypes.String("DISABLED", defsecTypes.NewTestMetadata()), }, Logging: msk.Logging{ Metadata: defsecTypes.NewTestMetadata(), diff --git a/internal/adapters/terraform/aws/proton/adapt.go b/internal/adapters/terraform/aws/proton/adapt.go deleted file mode 100644 index 88e861724..000000000 --- a/internal/adapters/terraform/aws/proton/adapt.go +++ /dev/null @@ -1,12 +0,0 @@ -package proton - -import ( - "github.com/aquasecurity/defsec/pkg/providers/aws/proton" - "github.com/aquasecurity/defsec/pkg/terraform" -) - -func Adapt(modules terraform.Modules) proton.Proton { - return proton.Proton{ - ListEnvironmentTemplates: nil, - } -} diff --git a/internal/adapters/terraform/aws/ses/adapt.go b/internal/adapters/terraform/aws/ses/adapt.go deleted file mode 100644 index 2cc26c5d5..000000000 --- a/internal/adapters/terraform/aws/ses/adapt.go +++ /dev/null @@ -1,12 +0,0 @@ -package ses - -import ( - "github.com/aquasecurity/defsec/pkg/providers/aws/ses" - "github.com/aquasecurity/defsec/pkg/terraform" -) - -func Adapt(modules terraform.Modules) ses.Ses { - return ses.Ses{ - ListIdentities: nil, - } -} diff --git a/internal/adapters/terraform/aws/shield/adapt.go b/internal/adapters/terraform/aws/shield/adapt.go deleted file mode 100644 index 921c3b619..000000000 --- a/internal/adapters/terraform/aws/shield/adapt.go +++ /dev/null @@ -1,66 +0,0 @@ -package kendra - -import ( - "time" - - "github.com/aquasecurity/defsec/pkg/providers/aws/shield" - "github.com/aquasecurity/defsec/pkg/terraform" - "github.com/aquasecurity/defsec/pkg/types" -) - -func Adapt(modules terraform.Modules) shield.Shield { - return shield.Shield{ - DescribeSubscription: adaptDescribeSubscriptions(modules), - DescribeEmergencyContactSettings: adaptContactSettings(modules), - ListProtections: adaptListProtections(modules), - } -} - -func adaptDescribeSubscriptions(modules terraform.Modules) shield.Subscription { - subscription := shield.Subscription{ - Metadata: types.NewUnmanagedMetadata(), - EndTime: types.TimeDefault(time.Now(), types.NewUnmanagedMetadata()), - AutoRenew: types.StringDefault("", types.NewUnmanagedMetadata()), - } - - for _, resource := range modules.GetResourcesByType("aws_shield_protection") { - subscription.Metadata = resource.GetMetadata() - subscription.EndTime = types.TimeUnresolvable(resource.GetMetadata()) - subscription.AutoRenew = types.StringUnresolvable(resource.GetMetadata()) - } - - return subscription - -} - -func adaptContactSettings(modules terraform.Modules) []shield.ContactSettings { - var contactSettings []shield.ContactSettings - for _, module := range modules { - for _, resource := range module.GetResourcesByType("aws_shield_protection") { - contactSettings = append(contactSettings, adaptSetting(resource)) - } - } - return contactSettings -} - -func adaptSetting(resourceBlock *terraform.Block) shield.ContactSettings { - return shield.ContactSettings{ - Metadata: resourceBlock.GetMetadata(), - } -} - -func adaptListProtections(modules terraform.Modules) []shield.Protections { - var protections []shield.Protections - for _, module := range modules { - for _, resource := range module.GetResourcesByType("aws_shield_protection") { - protections = append(protections, adaptProtection(resource)) - } - } - return protections -} - -func adaptProtection(resourceBlock *terraform.Block) shield.Protections { - return shield.Protections{ - Metadata: resourceBlock.GetMetadata(), - } -} diff --git a/internal/adapters/terraform/aws/timestreamwrite/adapt.go b/internal/adapters/terraform/aws/timestreamwrite/adapt.go deleted file mode 100644 index 695dd66d7..000000000 --- a/internal/adapters/terraform/aws/timestreamwrite/adapt.go +++ /dev/null @@ -1,33 +0,0 @@ -package timestreamwrite - -import ( - "github.com/aquasecurity/defsec/pkg/providers/aws/timestreamwrite" - "github.com/aquasecurity/defsec/pkg/terraform" -) - -func Adapt(modules terraform.Modules) timestreamwrite.Timestream_write { - return timestreamwrite.Timestream_write{ - ListDatabases: adaptListDatabases(modules), - } -} - -func adaptListDatabases(modules terraform.Modules) []timestreamwrite.Databases { - var listDatabsesInfo []timestreamwrite.Databases - for _, module := range modules { - for _, resource := range module.GetResourcesByType("aws_transfer_server") { - listDatabsesInfo = append(listDatabsesInfo, adaptListDatabase(resource)) - } - } - return listDatabsesInfo -} - -func adaptListDatabase(resource *terraform.Block) timestreamwrite.Databases { - - databaseinfo := timestreamwrite.Databases{ - Metadata: resource.GetMetadata(), - Arn: resource.GetAttribute("arn").AsStringValueOrDefault("", resource), - KmsKeyID: resource.GetAttribute("kms_key_id").AsStringValueOrDefault("", resource), - } - - return databaseinfo -} diff --git a/internal/adapters/terraform/aws/transfer/adapt.go b/internal/adapters/terraform/aws/transfer/adapt.go deleted file mode 100644 index 4096521c6..000000000 --- a/internal/adapters/terraform/aws/transfer/adapt.go +++ /dev/null @@ -1,32 +0,0 @@ -package transfer - -import ( - "github.com/aquasecurity/defsec/pkg/providers/aws/transfer" - "github.com/aquasecurity/defsec/pkg/terraform" -) - -func Adapt(modules terraform.Modules) transfer.Transfer { - return transfer.Transfer{ - ListServers: adaptListServers(modules), - } -} - -func adaptListServers(modules terraform.Modules) []transfer.Servers { - var listServerInfo []transfer.Servers - for _, module := range modules { - for _, resource := range module.GetResourcesByType("aws_transfer_server") { - listServerInfo = append(listServerInfo, adaptListServer(resource)) - } - } - return listServerInfo -} - -func adaptListServer(resource *terraform.Block) transfer.Servers { - - serverinfo := transfer.Servers{ - Metadata: resource.GetMetadata(), - ServerArn: resource.GetAttribute("arn").AsStringValueOrDefault("", resource), - } - - return serverinfo -} diff --git a/internal/adapters/terraform/aws/translate/adapt.go b/internal/adapters/terraform/aws/translate/adapt.go deleted file mode 100644 index 28175ec0f..000000000 --- a/internal/adapters/terraform/aws/translate/adapt.go +++ /dev/null @@ -1,12 +0,0 @@ -package translate - -import ( - "github.com/aquasecurity/defsec/pkg/providers/aws/translate" - "github.com/aquasecurity/defsec/pkg/terraform" -) - -func Adapt(modules terraform.Modules) translate.Translate { - return translate.Translate{ - ListTextTranslateJobs: nil, - } -} diff --git a/internal/adapters/terraform/aws/waf/adapt.go b/internal/adapters/terraform/aws/waf/adapt.go deleted file mode 100644 index bf0beb72b..000000000 --- a/internal/adapters/terraform/aws/waf/adapt.go +++ /dev/null @@ -1,32 +0,0 @@ -package waf - -import ( - "github.com/aquasecurity/defsec/pkg/providers/aws/waf" - "github.com/aquasecurity/defsec/pkg/terraform" -) - -func Adapt(modules terraform.Modules) waf.Waf { - return waf.Waf{ - ListWebACLs: adaptWebACLsList(modules), - } -} - -func adaptWebACLsList(modules terraform.Modules) []waf.ListACLs { - var webACLsInfo []waf.ListACLs - for _, module := range modules { - for _, resource := range module.GetResourcesByType("aws_waf_web_acl") { - webACLsInfo = append(webACLsInfo, adaptWebACLsListID(resource)) - } - } - return webACLsInfo -} - -func adaptWebACLsListID(resource *terraform.Block) waf.ListACLs { - - aclinfo := waf.ListACLs{ - Metadata: resource.GetMetadata(), - WebACLsID: resource.GetAttribute("id").AsStringValueOrDefault("", resource), - } - - return aclinfo -} diff --git a/internal/adapters/terraform/aws/wafv2/adapt.go b/internal/adapters/terraform/aws/wafv2/adapt.go deleted file mode 100644 index 6a5523d3c..000000000 --- a/internal/adapters/terraform/aws/wafv2/adapt.go +++ /dev/null @@ -1,32 +0,0 @@ -package wafv2 - -import ( - "github.com/aquasecurity/defsec/pkg/providers/aws/wafv2" - "github.com/aquasecurity/defsec/pkg/terraform" -) - -func Adapt(modules terraform.Modules) wafv2.Wafv2 { - return wafv2.Wafv2{ - ListWebACLs: adaptWebACLs2List(modules), - } -} - -func adaptWebACLs2List(modules terraform.Modules) []wafv2.WebACLs2 { - var webACLsInfo []wafv2.WebACLs2 - for _, module := range modules { - for _, resource := range module.GetResourcesByType("aws_wafv2_web_acl") { - webACLsInfo = append(webACLsInfo, adaptWebACLs2ListID(resource)) - } - } - return webACLsInfo -} - -func adaptWebACLs2ListID(resource *terraform.Block) wafv2.WebACLs2 { - - aclinfo := wafv2.WebACLs2{ - Metadata: resource.GetMetadata(), - WebACLId: resource.GetAttribute("id").AsStringValueOrDefault("", resource), - } - - return aclinfo -} diff --git a/package-lock.json b/package-lock.json deleted file mode 100644 index 1a494ca49..000000000 --- a/package-lock.json +++ /dev/null @@ -1,6 +0,0 @@ -{ - "name": "defsec", - "lockfileVersion": 2, - "requires": true, - "packages": {} -} diff --git a/pkg/providers/aws/autoscaling/autoscaling.go b/pkg/providers/aws/autoscaling/autoscaling.go deleted file mode 100644 index b9e12efbb..000000000 --- a/pkg/providers/aws/autoscaling/autoscaling.go +++ /dev/null @@ -1,53 +0,0 @@ -package autoscaling - -import ( - defsecTypes "github.com/aquasecurity/defsec/pkg/types" -) - -type Autoscaling struct { - AutoscalingGroupsList []AutoscalingGroupsList - NotificationConfigurations []NotificationConfigurations - LaunchConfigurations []LaunchConfigurations -} - -type AutoscalingGroupsList struct { - Metadata defsecTypes.Metadata - Name defsecTypes.StringValue - AvailabilityZone []defsecTypes.StringValue - Instances []InstanceList - HealthCheckType defsecTypes.StringValue - LoadBalancerNames []defsecTypes.StringValue - AutoScalingGroupARN defsecTypes.StringValue - DefaultCooldown defsecTypes.IntValue - SuspendedProcesses []SuspendedProcesses - Tags []Tags - LaunchConfigurationName defsecTypes.StringValue -} - -type InstanceList struct { - Metadata defsecTypes.Metadata - InstanceId defsecTypes.StringValue -} - -type NotificationConfigurations struct { - Metadata defsecTypes.Metadata - AutoScalingGroupName defsecTypes.StringValue -} - -type LaunchConfigurations struct { - Metadata defsecTypes.Metadata - ImageId defsecTypes.StringValue - UserData defsecTypes.StringValue - IamInstanceProfile defsecTypes.StringValue - LaunchConfigurationName defsecTypes.StringValue - LaunchConfigurationARN defsecTypes.StringValue -} - -type SuspendedProcesses struct { - Metadata defsecTypes.Metadata -} - -type Tags struct { - Metadata defsecTypes.Metadata - ResourceId defsecTypes.StringValue -} diff --git a/pkg/providers/aws/aws.go b/pkg/providers/aws/aws.go index 95611aa1f..f9232282e 100755 --- a/pkg/providers/aws/aws.go +++ b/pkg/providers/aws/aws.go @@ -4,7 +4,6 @@ import ( "github.com/aquasecurity/defsec/pkg/providers/aws/accessanalyzer" "github.com/aquasecurity/defsec/pkg/providers/aws/apigateway" "github.com/aquasecurity/defsec/pkg/providers/aws/athena" - "github.com/aquasecurity/defsec/pkg/providers/aws/autoscaling" "github.com/aquasecurity/defsec/pkg/providers/aws/cloudfront" "github.com/aquasecurity/defsec/pkg/providers/aws/cloudtrail" "github.com/aquasecurity/defsec/pkg/providers/aws/cloudwatch" @@ -22,78 +21,55 @@ import ( "github.com/aquasecurity/defsec/pkg/providers/aws/elb" "github.com/aquasecurity/defsec/pkg/providers/aws/emr" "github.com/aquasecurity/defsec/pkg/providers/aws/iam" - "github.com/aquasecurity/defsec/pkg/providers/aws/kendra" "github.com/aquasecurity/defsec/pkg/providers/aws/kinesis" - "github.com/aquasecurity/defsec/pkg/providers/aws/kinesisvideo" "github.com/aquasecurity/defsec/pkg/providers/aws/kms" "github.com/aquasecurity/defsec/pkg/providers/aws/lambda" "github.com/aquasecurity/defsec/pkg/providers/aws/mq" "github.com/aquasecurity/defsec/pkg/providers/aws/msk" "github.com/aquasecurity/defsec/pkg/providers/aws/neptune" - "github.com/aquasecurity/defsec/pkg/providers/aws/proton" "github.com/aquasecurity/defsec/pkg/providers/aws/rds" "github.com/aquasecurity/defsec/pkg/providers/aws/redshift" "github.com/aquasecurity/defsec/pkg/providers/aws/s3" "github.com/aquasecurity/defsec/pkg/providers/aws/sam" - "github.com/aquasecurity/defsec/pkg/providers/aws/ses" - "github.com/aquasecurity/defsec/pkg/providers/aws/shield" "github.com/aquasecurity/defsec/pkg/providers/aws/sns" "github.com/aquasecurity/defsec/pkg/providers/aws/sqs" "github.com/aquasecurity/defsec/pkg/providers/aws/ssm" - "github.com/aquasecurity/defsec/pkg/providers/aws/timestreamwrite" - "github.com/aquasecurity/defsec/pkg/providers/aws/transfer" - "github.com/aquasecurity/defsec/pkg/providers/aws/translate" - "github.com/aquasecurity/defsec/pkg/providers/aws/waf" - "github.com/aquasecurity/defsec/pkg/providers/aws/wafv2" "github.com/aquasecurity/defsec/pkg/providers/aws/workspaces" - "github.com/aquasecurity/defsec/pkg/providers/aws/xray" ) type AWS struct { - AccessAnalyzer accessanalyzer.AccessAnalyzer - Autoscaling autoscaling.Autoscaling - APIGateway apigateway.APIGateway - Athena athena.Athena - Cloudfront cloudfront.Cloudfront - CloudTrail cloudtrail.CloudTrail - CloudWatch cloudwatch.CloudWatch - CodeBuild codebuild.CodeBuild - Config config.Config - DocumentDB documentdb.DocumentDB - DynamoDB dynamodb.DynamoDB - EC2 ec2.EC2 - ECR ecr.ECR - ECS ecs.ECS - EFS efs.EFS - EKS eks.EKS - ElastiCache elasticache.ElastiCache - Elasticsearch elasticsearch.Elasticsearch - ELB elb.ELB - EMR emr.EMR - IAM iam.IAM - Kinesis kinesis.Kinesis - Kinesisvideo kinesisvideo.Kinesisvideo - Kendra kendra.Kendra - KMS kms.KMS - Lambda lambda.Lambda - MQ mq.MQ - MSK msk.MSK - Neptune neptune.Neptune - Proton proton.Proton - RDS rds.RDS - Redshift redshift.Redshift - SAM sam.SAM - S3 s3.S3 - SNS sns.SNS - SQS sqs.SQS - SES ses.Ses - Shield shield.Shield - SSM ssm.SSM - Timestreamwrite timestreamwrite.Timestream_write - Translate translate.Translate - Transfer transfer.Transfer - Waf waf.Waf - Wafv2 wafv2.Wafv2 - WorkSpaces workspaces.WorkSpaces - Xray xray.Xray + AccessAnalyzer accessanalyzer.AccessAnalyzer + APIGateway apigateway.APIGateway + Athena athena.Athena + Cloudfront cloudfront.Cloudfront + CloudTrail cloudtrail.CloudTrail + CloudWatch cloudwatch.CloudWatch + CodeBuild codebuild.CodeBuild + Config config.Config + DocumentDB documentdb.DocumentDB + DynamoDB dynamodb.DynamoDB + EC2 ec2.EC2 + ECR ecr.ECR + ECS ecs.ECS + EFS efs.EFS + EKS eks.EKS + ElastiCache elasticache.ElastiCache + Elasticsearch elasticsearch.Elasticsearch + ELB elb.ELB + EMR emr.EMR + IAM iam.IAM + Kinesis kinesis.Kinesis + KMS kms.KMS + Lambda lambda.Lambda + MQ mq.MQ + MSK msk.MSK + Neptune neptune.Neptune + RDS rds.RDS + Redshift redshift.Redshift + SAM sam.SAM + S3 s3.S3 + SNS sns.SNS + SQS sqs.SQS + SSM ssm.SSM + WorkSpaces workspaces.WorkSpaces } diff --git a/pkg/providers/aws/codebuild/codebuild.go b/pkg/providers/aws/codebuild/codebuild.go index ad274d56a..5db722f70 100755 --- a/pkg/providers/aws/codebuild/codebuild.go +++ b/pkg/providers/aws/codebuild/codebuild.go @@ -10,9 +10,6 @@ type CodeBuild struct { type Project struct { Metadata defsecTypes.Metadata - SourceType defsecTypes.StringValue - EncryptionKey defsecTypes.StringValue - SecondarySources []SecondarySources ArtifactSettings ArtifactSettings SecondaryArtifactSettings []ArtifactSettings } @@ -21,8 +18,3 @@ type ArtifactSettings struct { Metadata defsecTypes.Metadata EncryptionEnabled defsecTypes.BoolValue } - -type SecondarySources struct { - Metadata defsecTypes.Metadata - Type defsecTypes.StringValue -} diff --git a/pkg/providers/aws/kendra/kendra.go b/pkg/providers/aws/kendra/kendra.go deleted file mode 100644 index 4fb3099a5..000000000 --- a/pkg/providers/aws/kendra/kendra.go +++ /dev/null @@ -1,19 +0,0 @@ -package kendra - -import ( - defsecTypes "github.com/aquasecurity/defsec/pkg/types" -) - -type Kendra struct { - ListIndices []ListIndices -} - -type ListIndices struct { - Metadata defsecTypes.Metadata - KmsKey KmsKey -} - -type KmsKey struct { - Metadata defsecTypes.Metadata - KmsKeyId defsecTypes.StringValue -} diff --git a/pkg/providers/aws/kinesisvideo/kinesisvideo.go b/pkg/providers/aws/kinesisvideo/kinesisvideo.go deleted file mode 100644 index 811fe97ae..000000000 --- a/pkg/providers/aws/kinesisvideo/kinesisvideo.go +++ /dev/null @@ -1,14 +0,0 @@ -package kinesisvideo - -import ( - defsecTypes "github.com/aquasecurity/defsec/pkg/types" -) - -type Kinesisvideo struct { - StreamInfoList []StreamInfo -} - -type StreamInfo struct { - Metadata defsecTypes.Metadata - KmsKeyId defsecTypes.StringValue -} diff --git a/pkg/providers/aws/lambda/lambda.go b/pkg/providers/aws/lambda/lambda.go index 44bbac3e9..6b1c79318 100755 --- a/pkg/providers/aws/lambda/lambda.go +++ b/pkg/providers/aws/lambda/lambda.go @@ -9,24 +9,9 @@ type Lambda struct { } type Function struct { - Metadata defsecTypes.Metadata - Tracing Tracing - Permissions []Permission - FunctionName defsecTypes.StringValue - FunctionArn defsecTypes.StringValue - VpcConfig VpcConfig - Runtime defsecTypes.StringValue - Envrionment Environment -} - -type Environment struct { - Metadata defsecTypes.Metadata - Variables defsecTypes.MapValue -} - -type VpcConfig struct { - Metadata defsecTypes.Metadata - VpcId defsecTypes.StringValue + Metadata defsecTypes.Metadata + Tracing Tracing + Permissions []Permission } const ( diff --git a/pkg/providers/aws/mq/mq.go b/pkg/providers/aws/mq/mq.go index ae3d8edf7..a736844a1 100755 --- a/pkg/providers/aws/mq/mq.go +++ b/pkg/providers/aws/mq/mq.go @@ -9,14 +9,9 @@ type MQ struct { } type Broker struct { - Metadata defsecTypes.Metadata - PublicAccess defsecTypes.BoolValue - DeploymentMode defsecTypes.StringValue - EngineType defsecTypes.StringValue - HostInstanceType defsecTypes.StringValue - KmsKeyId defsecTypes.StringValue - AutoMinorVersionUpgrade defsecTypes.BoolValue - Logging Logging + Metadata defsecTypes.Metadata + PublicAccess defsecTypes.BoolValue + Logging Logging } type Logging struct { diff --git a/pkg/providers/aws/msk/msk.go b/pkg/providers/aws/msk/msk.go index 7e59122ca..f6d99a0ab 100755 --- a/pkg/providers/aws/msk/msk.go +++ b/pkg/providers/aws/msk/msk.go @@ -9,12 +9,10 @@ type MSK struct { } type Cluster struct { - Metadata defsecTypes.Metadata - EncryptionInTransit EncryptionInTransit - EncryptionAtRest EncryptionAtRest - BrokerNodeGroupInfo BrokerNodeGroupInfo - ClientAuthentication ClientAuthentication - Logging Logging + Metadata defsecTypes.Metadata + EncryptionInTransit EncryptionInTransit + EncryptionAtRest EncryptionAtRest + Logging Logging } const ( @@ -26,7 +24,6 @@ const ( type EncryptionInTransit struct { Metadata defsecTypes.Metadata ClientBroker defsecTypes.StringValue - InCluster defsecTypes.BoolValue } type EncryptionAtRest struct { @@ -61,13 +58,3 @@ type FirehoseLogging struct { Metadata defsecTypes.Metadata Enabled defsecTypes.BoolValue } - -type BrokerNodeGroupInfo struct { - Metadata defsecTypes.Metadata - PublicAccessType defsecTypes.StringValue -} - -type ClientAuthentication struct { - Metadata defsecTypes.Metadata - Unauthenticated defsecTypes.BoolValue -} diff --git a/pkg/providers/aws/proton/proton.go b/pkg/providers/aws/proton/proton.go deleted file mode 100644 index d21a393e8..000000000 --- a/pkg/providers/aws/proton/proton.go +++ /dev/null @@ -1,14 +0,0 @@ -package proton - -import ( - defsecTypes "github.com/aquasecurity/defsec/pkg/types" -) - -type Proton struct { - ListEnvironmentTemplates []EnvironmentTemplate -} - -type EnvironmentTemplate struct { - Metadata defsecTypes.Metadata - EncryptionKey defsecTypes.StringValue -} diff --git a/pkg/providers/aws/qldb/qldb.go b/pkg/providers/aws/qldb/qldb.go deleted file mode 100644 index 9f0a7ec32..000000000 --- a/pkg/providers/aws/qldb/qldb.go +++ /dev/null @@ -1,13 +0,0 @@ -package qldb - -import ( - defsecTypes "github.com/aquasecurity/defsec/pkg/types" -) - -type Translate struct { - ListTextTranslateJobs []ListJob -} - -type ListJob struct { - Metadata defsecTypes.Metadata -} diff --git a/pkg/providers/aws/ses/ses.go b/pkg/providers/aws/ses/ses.go deleted file mode 100644 index 3044d7d2d..000000000 --- a/pkg/providers/aws/ses/ses.go +++ /dev/null @@ -1,20 +0,0 @@ -package ses - -import ( - defsecTypes "github.com/aquasecurity/defsec/pkg/types" -) - -type Ses struct { - ListIdentities []Identities -} - -type Identities struct { - Metadata defsecTypes.Metadata - DkimAttributes DkimAttributes -} - -type DkimAttributes struct { - Metadata defsecTypes.Metadata - DkimEnabled defsecTypes.BoolValue - DkimVerificationStatus defsecTypes.StringValue -} diff --git a/pkg/providers/aws/shield/shield.go b/pkg/providers/aws/shield/shield.go deleted file mode 100644 index 4d4b42b9e..000000000 --- a/pkg/providers/aws/shield/shield.go +++ /dev/null @@ -1,25 +0,0 @@ -package shield - -import ( - defsecTypes "github.com/aquasecurity/defsec/pkg/types" -) - -type Shield struct { - DescribeSubscription Subscription - DescribeEmergencyContactSettings []ContactSettings - ListProtections []Protections -} - -type Subscription struct { - Metadata defsecTypes.Metadata - EndTime defsecTypes.TimeValue - AutoRenew defsecTypes.StringValue -} - -type ContactSettings struct { - Metadata defsecTypes.Metadata -} - -type Protections struct { - Metadata defsecTypes.Metadata -} diff --git a/pkg/providers/aws/timestreamwrite/timestreamwrite.go b/pkg/providers/aws/timestreamwrite/timestreamwrite.go deleted file mode 100644 index 6d9e9ae93..000000000 --- a/pkg/providers/aws/timestreamwrite/timestreamwrite.go +++ /dev/null @@ -1,15 +0,0 @@ -package timestreamwrite - -import ( - defsecTypes "github.com/aquasecurity/defsec/pkg/types" -) - -type Timestream_write struct { - ListDatabases []Databases -} - -type Databases struct { - Metadata defsecTypes.Metadata - Arn defsecTypes.StringValue - KmsKeyID defsecTypes.StringValue -} diff --git a/pkg/providers/aws/transfer/transfer.go b/pkg/providers/aws/transfer/transfer.go deleted file mode 100644 index 6b4cd6f55..000000000 --- a/pkg/providers/aws/transfer/transfer.go +++ /dev/null @@ -1,14 +0,0 @@ -package transfer - -import ( - defsecTypes "github.com/aquasecurity/defsec/pkg/types" -) - -type Transfer struct { - ListServers []Servers -} - -type Servers struct { - Metadata defsecTypes.Metadata - ServerArn defsecTypes.StringValue -} diff --git a/pkg/providers/aws/translate/translate.go b/pkg/providers/aws/translate/translate.go deleted file mode 100644 index 0c7685a6c..000000000 --- a/pkg/providers/aws/translate/translate.go +++ /dev/null @@ -1,15 +0,0 @@ -package translate - -import ( - defsecTypes "github.com/aquasecurity/defsec/pkg/types" -) - -type Translate struct { - ListTextTranslateJobs []ListJob -} - -type ListJob struct { - Metadata defsecTypes.Metadata - JobName defsecTypes.StringValue - EncryptionkeyId defsecTypes.StringValue -} diff --git a/pkg/providers/aws/waf/waf.go b/pkg/providers/aws/waf/waf.go deleted file mode 100644 index 04b356327..000000000 --- a/pkg/providers/aws/waf/waf.go +++ /dev/null @@ -1,14 +0,0 @@ -package waf - -import ( - defsecTypes "github.com/aquasecurity/defsec/pkg/types" -) - -type Waf struct { - ListWebACLs []ListACLs -} - -type ListACLs struct { - Metadata defsecTypes.Metadata - WebACLsID defsecTypes.StringValue -} diff --git a/pkg/providers/aws/wafv2/wafv2.go b/pkg/providers/aws/wafv2/wafv2.go deleted file mode 100644 index 8db6eca8a..000000000 --- a/pkg/providers/aws/wafv2/wafv2.go +++ /dev/null @@ -1,14 +0,0 @@ -package wafv2 - -import ( - defsecTypes "github.com/aquasecurity/defsec/pkg/types" -) - -type Wafv2 struct { - ListWebACLs []WebACLs2 -} - -type WebACLs2 struct { - Metadata defsecTypes.Metadata - WebACLId defsecTypes.StringValue -} diff --git a/pkg/providers/aws/xray/xray.go b/pkg/providers/aws/xray/xray.go deleted file mode 100644 index 133a00978..000000000 --- a/pkg/providers/aws/xray/xray.go +++ /dev/null @@ -1,14 +0,0 @@ -package xray - -import ( - defsecTypes "github.com/aquasecurity/defsec/pkg/types" -) - -type Xray struct { - EncryptionConfig Configuration -} - -type Configuration struct { - Metadata defsecTypes.Metadata - KeyId defsecTypes.StringValue -} diff --git a/pkg/rego/schemas/cloud.json b/pkg/rego/schemas/cloud.json index b551a2f34..db34a3a2a 100644 --- a/pkg/rego/schemas/cloud.json +++ b/pkg/rego/schemas/cloud.json @@ -58,10 +58,6 @@ "type": "object", "$ref": "#/definitions/github.aaakk.us.kg.aquasecurity.defsec.pkg.providers.aws.athena.Athena" }, - "autoscaling": { - "type": "object", - "$ref": "#/definitions/github.aaakk.us.kg.aquasecurity.defsec.pkg.providers.aws.autoscaling.Autoscaling" - }, "cloudfront": { "type": "object", "$ref": "#/definitions/github.aaakk.us.kg.aquasecurity.defsec.pkg.providers.aws.cloudfront.Cloudfront" @@ -130,18 +126,10 @@ "type": "object", "$ref": "#/definitions/github.aaakk.us.kg.aquasecurity.defsec.pkg.providers.aws.iam.IAM" }, - "kendra": { - "type": "object", - "$ref": "#/definitions/github.aaakk.us.kg.aquasecurity.defsec.pkg.providers.aws.kendra.Kendra" - }, "kinesis": { "type": "object", "$ref": "#/definitions/github.aaakk.us.kg.aquasecurity.defsec.pkg.providers.aws.kinesis.Kinesis" }, - "kinesisvideo": { - "type": "object", - "$ref": "#/definitions/github.aaakk.us.kg.aquasecurity.defsec.pkg.providers.aws.kinesisvideo.Kinesisvideo" - }, "kms": { "type": "object", "$ref": "#/definitions/github.aaakk.us.kg.aquasecurity.defsec.pkg.providers.aws.kms.KMS" @@ -162,10 +150,6 @@ "type": "object", "$ref": "#/definitions/github.aaakk.us.kg.aquasecurity.defsec.pkg.providers.aws.neptune.Neptune" }, - "proton": { - "type": "object", - "$ref": "#/definitions/github.aaakk.us.kg.aquasecurity.defsec.pkg.providers.aws.proton.Proton" - }, "rds": { "type": "object", "$ref": "#/definitions/github.aaakk.us.kg.aquasecurity.defsec.pkg.providers.aws.rds.RDS" @@ -182,14 +166,6 @@ "type": "object", "$ref": "#/definitions/github.aaakk.us.kg.aquasecurity.defsec.pkg.providers.aws.sam.SAM" }, - "ses": { - "type": "object", - "$ref": "#/definitions/github.aaakk.us.kg.aquasecurity.defsec.pkg.providers.aws.ses.Ses" - }, - "shield": { - "type": "object", - "$ref": "#/definitions/github.aaakk.us.kg.aquasecurity.defsec.pkg.providers.aws.shield.Shield" - }, "sns": { "type": "object", "$ref": "#/definitions/github.aaakk.us.kg.aquasecurity.defsec.pkg.providers.aws.sns.SNS" @@ -202,33 +178,9 @@ "type": "object", "$ref": "#/definitions/github.aaakk.us.kg.aquasecurity.defsec.pkg.providers.aws.ssm.SSM" }, - "timestreamwrite": { - "type": "object", - "$ref": "#/definitions/github.aaakk.us.kg.aquasecurity.defsec.pkg.providers.aws.timestreamwrite.Timestream_write" - }, - "transfer": { - "type": "object", - "$ref": "#/definitions/github.aaakk.us.kg.aquasecurity.defsec.pkg.providers.aws.transfer.Transfer" - }, - "translate": { - "type": "object", - "$ref": "#/definitions/github.aaakk.us.kg.aquasecurity.defsec.pkg.providers.aws.translate.Translate" - }, - "waf": { - "type": "object", - "$ref": "#/definitions/github.aaakk.us.kg.aquasecurity.defsec.pkg.providers.aws.waf.Waf" - }, - "wafv2": { - "type": "object", - "$ref": "#/definitions/github.aaakk.us.kg.aquasecurity.defsec.pkg.providers.aws.wafv2.Wafv2" - }, "workspaces": { "type": "object", "$ref": "#/definitions/github.aaakk.us.kg.aquasecurity.defsec.pkg.providers.aws.workspaces.WorkSpaces" - }, - "xray": { - "type": "object", - "$ref": "#/definitions/github.aaakk.us.kg.aquasecurity.defsec.pkg.providers.aws.xray.Xray" } } }, @@ -550,147 +502,6 @@ } } }, - "github.aaakk.us.kg.aquasecurity.defsec.pkg.providers.aws.autoscaling.Autoscaling": { - "type": "object", - "properties": { - "autoscalinggroupslist": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.aaakk.us.kg.aquasecurity.defsec.pkg.providers.aws.autoscaling.AutoscalingGroupsList" - } - }, - "launchconfigurations": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.aaakk.us.kg.aquasecurity.defsec.pkg.providers.aws.autoscaling.LaunchConfigurations" - } - }, - "notificationconfigurations": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.aaakk.us.kg.aquasecurity.defsec.pkg.providers.aws.autoscaling.NotificationConfigurations" - } - } - } - }, - "github.aaakk.us.kg.aquasecurity.defsec.pkg.providers.aws.autoscaling.AutoscalingGroupsList": { - "type": "object", - "properties": { - "autoscalinggrouparn": { - "type": "object", - "$ref": "#/definitions/github.aaakk.us.kg.aquasecurity.defsec.pkg.types.StringValue" - }, - "availabilityzone": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.aaakk.us.kg.aquasecurity.defsec.pkg.types.StringValue" - } - }, - "defaultcooldown": { - "type": "object", - "$ref": "#/definitions/github.aaakk.us.kg.aquasecurity.defsec.pkg.types.IntValue" - }, - "healthchecktype": { - "type": "object", - "$ref": "#/definitions/github.aaakk.us.kg.aquasecurity.defsec.pkg.types.StringValue" - }, - "instances": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.aaakk.us.kg.aquasecurity.defsec.pkg.providers.aws.autoscaling.InstanceList" - } - }, - "launchconfigurationname": { - "type": "object", - "$ref": "#/definitions/github.aaakk.us.kg.aquasecurity.defsec.pkg.types.StringValue" - }, - "loadbalancernames": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.aaakk.us.kg.aquasecurity.defsec.pkg.types.StringValue" - } - }, - "name": { - "type": "object", - "$ref": "#/definitions/github.aaakk.us.kg.aquasecurity.defsec.pkg.types.StringValue" - }, - "suspendedprocesses": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.aaakk.us.kg.aquasecurity.defsec.pkg.providers.aws.autoscaling.SuspendedProcesses" - } - }, - "tags": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.aaakk.us.kg.aquasecurity.defsec.pkg.providers.aws.autoscaling.Tags" - } - } - } - }, - "github.aaakk.us.kg.aquasecurity.defsec.pkg.providers.aws.autoscaling.InstanceList": { - "type": "object", - "properties": { - "instanceid": { - "type": "object", - "$ref": "#/definitions/github.aaakk.us.kg.aquasecurity.defsec.pkg.types.StringValue" - } - } - }, - "github.aaakk.us.kg.aquasecurity.defsec.pkg.providers.aws.autoscaling.LaunchConfigurations": { - "type": "object", - "properties": { - "iaminstanceprofile": { - "type": "object", - "$ref": "#/definitions/github.aaakk.us.kg.aquasecurity.defsec.pkg.types.StringValue" - }, - "imageid": { - "type": "object", - "$ref": "#/definitions/github.aaakk.us.kg.aquasecurity.defsec.pkg.types.StringValue" - }, - "launchconfigurationarn": { - "type": "object", - "$ref": "#/definitions/github.aaakk.us.kg.aquasecurity.defsec.pkg.types.StringValue" - }, - "launchconfigurationname": { - "type": "object", - "$ref": "#/definitions/github.aaakk.us.kg.aquasecurity.defsec.pkg.types.StringValue" - }, - "userdata": { - "type": "object", - "$ref": "#/definitions/github.aaakk.us.kg.aquasecurity.defsec.pkg.types.StringValue" - } - } - }, - "github.aaakk.us.kg.aquasecurity.defsec.pkg.providers.aws.autoscaling.NotificationConfigurations": { - "type": "object", - "properties": { - "autoscalinggroupname": { - "type": "object", - "$ref": "#/definitions/github.aaakk.us.kg.aquasecurity.defsec.pkg.types.StringValue" - } - } - }, - "github.aaakk.us.kg.aquasecurity.defsec.pkg.providers.aws.autoscaling.SuspendedProcesses": { - "type": "object" - }, - "github.aaakk.us.kg.aquasecurity.defsec.pkg.providers.aws.autoscaling.Tags": { - "type": "object", - "properties": { - "resourceid": { - "type": "object", - "$ref": "#/definitions/github.aaakk.us.kg.aquasecurity.defsec.pkg.types.StringValue" - } - } - }, "github.aaakk.us.kg.aquasecurity.defsec.pkg.providers.aws.cloudfront.CacheBehaviour": { "type": "object", "properties": { @@ -983,36 +794,12 @@ "type": "object", "$ref": "#/definitions/github.aaakk.us.kg.aquasecurity.defsec.pkg.providers.aws.codebuild.ArtifactSettings" }, - "encryptionkey": { - "type": "object", - "$ref": "#/definitions/github.aaakk.us.kg.aquasecurity.defsec.pkg.types.StringValue" - }, "secondaryartifactsettings": { "type": "array", "items": { "type": "object", "$ref": "#/definitions/github.aaakk.us.kg.aquasecurity.defsec.pkg.providers.aws.codebuild.ArtifactSettings" } - }, - "secondarysources": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.aaakk.us.kg.aquasecurity.defsec.pkg.providers.aws.codebuild.SecondarySources" - } - }, - "sourcetype": { - "type": "object", - "$ref": "#/definitions/github.aaakk.us.kg.aquasecurity.defsec.pkg.types.StringValue" - } - } - }, - "github.aaakk.us.kg.aquasecurity.defsec.pkg.providers.aws.codebuild.SecondarySources": { - "type": "object", - "properties": { - "type": { - "type": "object", - "$ref": "#/definitions/github.aaakk.us.kg.aquasecurity.defsec.pkg.types.StringValue" } } }, @@ -2288,36 +2075,6 @@ } } }, - "github.aaakk.us.kg.aquasecurity.defsec.pkg.providers.aws.kendra.Kendra": { - "type": "object", - "properties": { - "listindices": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.aaakk.us.kg.aquasecurity.defsec.pkg.providers.aws.kendra.ListIndices" - } - } - } - }, - "github.aaakk.us.kg.aquasecurity.defsec.pkg.providers.aws.kendra.KmsKey": { - "type": "object", - "properties": { - "kmskeyid": { - "type": "object", - "$ref": "#/definitions/github.aaakk.us.kg.aquasecurity.defsec.pkg.types.StringValue" - } - } - }, - "github.aaakk.us.kg.aquasecurity.defsec.pkg.providers.aws.kendra.ListIndices": { - "type": "object", - "properties": { - "kmskey": { - "type": "object", - "$ref": "#/definitions/github.aaakk.us.kg.aquasecurity.defsec.pkg.providers.aws.kendra.KmsKey" - } - } - }, "github.aaakk.us.kg.aquasecurity.defsec.pkg.providers.aws.kinesis.Encryption": { "type": "object", "properties": { @@ -2352,27 +2109,6 @@ } } }, - "github.aaakk.us.kg.aquasecurity.defsec.pkg.providers.aws.kinesisvideo.Kinesisvideo": { - "type": "object", - "properties": { - "streaminfolist": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.aaakk.us.kg.aquasecurity.defsec.pkg.providers.aws.kinesisvideo.StreamInfo" - } - } - } - }, - "github.aaakk.us.kg.aquasecurity.defsec.pkg.providers.aws.kinesisvideo.StreamInfo": { - "type": "object", - "properties": { - "kmskeyid": { - "type": "object", - "$ref": "#/definitions/github.aaakk.us.kg.aquasecurity.defsec.pkg.types.StringValue" - } - } - }, "github.aaakk.us.kg.aquasecurity.defsec.pkg.providers.aws.kms.KMS": { "type": "object", "properties": { @@ -2398,30 +2134,9 @@ } } }, - "github.aaakk.us.kg.aquasecurity.defsec.pkg.providers.aws.lambda.Environment": { - "type": "object", - "properties": { - "variables": { - "type": "object", - "$ref": "#/definitions/github.aaakk.us.kg.aquasecurity.defsec.pkg.types.MapValue" - } - } - }, "github.aaakk.us.kg.aquasecurity.defsec.pkg.providers.aws.lambda.Function": { "type": "object", "properties": { - "envrionment": { - "type": "object", - "$ref": "#/definitions/github.aaakk.us.kg.aquasecurity.defsec.pkg.providers.aws.lambda.Environment" - }, - "functionarn": { - "type": "object", - "$ref": "#/definitions/github.aaakk.us.kg.aquasecurity.defsec.pkg.types.StringValue" - }, - "functionname": { - "type": "object", - "$ref": "#/definitions/github.aaakk.us.kg.aquasecurity.defsec.pkg.types.StringValue" - }, "permissions": { "type": "array", "items": { @@ -2429,17 +2144,9 @@ "$ref": "#/definitions/github.aaakk.us.kg.aquasecurity.defsec.pkg.providers.aws.lambda.Permission" } }, - "runtime": { - "type": "object", - "$ref": "#/definitions/github.aaakk.us.kg.aquasecurity.defsec.pkg.types.StringValue" - }, "tracing": { "type": "object", "$ref": "#/definitions/github.aaakk.us.kg.aquasecurity.defsec.pkg.providers.aws.lambda.Tracing" - }, - "vpcconfig": { - "type": "object", - "$ref": "#/definitions/github.aaakk.us.kg.aquasecurity.defsec.pkg.providers.aws.lambda.VpcConfig" } } }, @@ -2477,38 +2184,9 @@ } } }, - "github.aaakk.us.kg.aquasecurity.defsec.pkg.providers.aws.lambda.VpcConfig": { - "type": "object", - "properties": { - "vpcid": { - "type": "object", - "$ref": "#/definitions/github.aaakk.us.kg.aquasecurity.defsec.pkg.types.StringValue" - } - } - }, "github.aaakk.us.kg.aquasecurity.defsec.pkg.providers.aws.mq.Broker": { "type": "object", "properties": { - "autominorversionupgrade": { - "type": "object", - "$ref": "#/definitions/github.aaakk.us.kg.aquasecurity.defsec.pkg.types.BoolValue" - }, - "deploymentmode": { - "type": "object", - "$ref": "#/definitions/github.aaakk.us.kg.aquasecurity.defsec.pkg.types.StringValue" - }, - "enginetype": { - "type": "object", - "$ref": "#/definitions/github.aaakk.us.kg.aquasecurity.defsec.pkg.types.StringValue" - }, - "hostinstancetype": { - "type": "object", - "$ref": "#/definitions/github.aaakk.us.kg.aquasecurity.defsec.pkg.types.StringValue" - }, - "kmskeyid": { - "type": "object", - "$ref": "#/definitions/github.aaakk.us.kg.aquasecurity.defsec.pkg.types.StringValue" - }, "logging": { "type": "object", "$ref": "#/definitions/github.aaakk.us.kg.aquasecurity.defsec.pkg.providers.aws.mq.Logging" @@ -2561,24 +2239,6 @@ } } }, - "github.aaakk.us.kg.aquasecurity.defsec.pkg.providers.aws.msk.BrokerNodeGroupInfo": { - "type": "object", - "properties": { - "publicaccesstype": { - "type": "object", - "$ref": "#/definitions/github.aaakk.us.kg.aquasecurity.defsec.pkg.types.StringValue" - } - } - }, - "github.aaakk.us.kg.aquasecurity.defsec.pkg.providers.aws.msk.ClientAuthentication": { - "type": "object", - "properties": { - "unauthenticated": { - "type": "object", - "$ref": "#/definitions/github.aaakk.us.kg.aquasecurity.defsec.pkg.types.BoolValue" - } - } - }, "github.aaakk.us.kg.aquasecurity.defsec.pkg.providers.aws.msk.CloudwatchLogging": { "type": "object", "properties": { @@ -2591,14 +2251,6 @@ "github.aaakk.us.kg.aquasecurity.defsec.pkg.providers.aws.msk.Cluster": { "type": "object", "properties": { - "brokernodegroupinfo": { - "type": "object", - "$ref": "#/definitions/github.aaakk.us.kg.aquasecurity.defsec.pkg.providers.aws.msk.BrokerNodeGroupInfo" - }, - "clientauthentication": { - "type": "object", - "$ref": "#/definitions/github.aaakk.us.kg.aquasecurity.defsec.pkg.providers.aws.msk.ClientAuthentication" - }, "encryptionatrest": { "type": "object", "$ref": "#/definitions/github.aaakk.us.kg.aquasecurity.defsec.pkg.providers.aws.msk.EncryptionAtRest" @@ -2632,10 +2284,6 @@ "clientbroker": { "type": "object", "$ref": "#/definitions/github.aaakk.us.kg.aquasecurity.defsec.pkg.types.StringValue" - }, - "incluster": { - "type": "object", - "$ref": "#/definitions/github.aaakk.us.kg.aquasecurity.defsec.pkg.types.BoolValue" } } }, @@ -2716,27 +2364,6 @@ } } }, - "github.aaakk.us.kg.aquasecurity.defsec.pkg.providers.aws.proton.EnvironmentTemplate": { - "type": "object", - "properties": { - "encryptionkey": { - "type": "object", - "$ref": "#/definitions/github.aaakk.us.kg.aquasecurity.defsec.pkg.types.StringValue" - } - } - }, - "github.aaakk.us.kg.aquasecurity.defsec.pkg.providers.aws.proton.Proton": { - "type": "object", - "properties": { - "listenvironmenttemplates": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.aaakk.us.kg.aquasecurity.defsec.pkg.providers.aws.proton.EnvironmentTemplate" - } - } - } - }, "github.aaakk.us.kg.aquasecurity.defsec.pkg.providers.aws.rds.Classic": { "type": "object", "properties": { @@ -3627,82 +3254,6 @@ } } }, - "github.aaakk.us.kg.aquasecurity.defsec.pkg.providers.aws.ses.DkimAttributes": { - "type": "object", - "properties": { - "dkimenabled": { - "type": "object", - "$ref": "#/definitions/github.aaakk.us.kg.aquasecurity.defsec.pkg.types.BoolValue" - }, - "dkimverificationstatus": { - "type": "object", - "$ref": "#/definitions/github.aaakk.us.kg.aquasecurity.defsec.pkg.types.StringValue" - } - } - }, - "github.aaakk.us.kg.aquasecurity.defsec.pkg.providers.aws.ses.Identities": { - "type": "object", - "properties": { - "dkimattributes": { - "type": "object", - "$ref": "#/definitions/github.aaakk.us.kg.aquasecurity.defsec.pkg.providers.aws.ses.DkimAttributes" - } - } - }, - "github.aaakk.us.kg.aquasecurity.defsec.pkg.providers.aws.ses.Ses": { - "type": "object", - "properties": { - "listidentities": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.aaakk.us.kg.aquasecurity.defsec.pkg.providers.aws.ses.Identities" - } - } - } - }, - "github.aaakk.us.kg.aquasecurity.defsec.pkg.providers.aws.shield.ContactSettings": { - "type": "object" - }, - "github.aaakk.us.kg.aquasecurity.defsec.pkg.providers.aws.shield.Protections": { - "type": "object" - }, - "github.aaakk.us.kg.aquasecurity.defsec.pkg.providers.aws.shield.Shield": { - "type": "object", - "properties": { - "describeemergencycontactsettings": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.aaakk.us.kg.aquasecurity.defsec.pkg.providers.aws.shield.ContactSettings" - } - }, - "describesubscription": { - "type": "object", - "$ref": "#/definitions/github.aaakk.us.kg.aquasecurity.defsec.pkg.providers.aws.shield.Subscription" - }, - "listprotections": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.aaakk.us.kg.aquasecurity.defsec.pkg.providers.aws.shield.Protections" - } - } - } - }, - "github.aaakk.us.kg.aquasecurity.defsec.pkg.providers.aws.shield.Subscription": { - "type": "object", - "properties": { - "autorenew": { - "type": "object", - "$ref": "#/definitions/github.aaakk.us.kg.aquasecurity.defsec.pkg.types.StringValue" - }, - "endtime": { - "type": "object", - "$ref": "#/definitions/github.aaakk.us.kg.aquasecurity.defsec.pkg.types.TimeValue" - } - } - }, "github.aaakk.us.kg.aquasecurity.defsec.pkg.providers.aws.sns.Encryption": { "type": "object", "properties": { @@ -3803,119 +3354,6 @@ } } }, - "github.aaakk.us.kg.aquasecurity.defsec.pkg.providers.aws.timestreamwrite.Databases": { - "type": "object", - "properties": { - "arn": { - "type": "object", - "$ref": "#/definitions/github.aaakk.us.kg.aquasecurity.defsec.pkg.types.StringValue" - }, - "kmskeyid": { - "type": "object", - "$ref": "#/definitions/github.aaakk.us.kg.aquasecurity.defsec.pkg.types.StringValue" - } - } - }, - "github.aaakk.us.kg.aquasecurity.defsec.pkg.providers.aws.timestreamwrite.Timestream_write": { - "type": "object", - "properties": { - "listdatabases": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.aaakk.us.kg.aquasecurity.defsec.pkg.providers.aws.timestreamwrite.Databases" - } - } - } - }, - "github.aaakk.us.kg.aquasecurity.defsec.pkg.providers.aws.transfer.Servers": { - "type": "object", - "properties": { - "serverarn": { - "type": "object", - "$ref": "#/definitions/github.aaakk.us.kg.aquasecurity.defsec.pkg.types.StringValue" - } - } - }, - "github.aaakk.us.kg.aquasecurity.defsec.pkg.providers.aws.transfer.Transfer": { - "type": "object", - "properties": { - "listservers": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.aaakk.us.kg.aquasecurity.defsec.pkg.providers.aws.transfer.Servers" - } - } - } - }, - "github.aaakk.us.kg.aquasecurity.defsec.pkg.providers.aws.translate.ListJob": { - "type": "object", - "properties": { - "encryptionkeyid": { - "type": "object", - "$ref": "#/definitions/github.aaakk.us.kg.aquasecurity.defsec.pkg.types.StringValue" - }, - "jobname": { - "type": "object", - "$ref": "#/definitions/github.aaakk.us.kg.aquasecurity.defsec.pkg.types.StringValue" - } - } - }, - "github.aaakk.us.kg.aquasecurity.defsec.pkg.providers.aws.translate.Translate": { - "type": "object", - "properties": { - "listtexttranslatejobs": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.aaakk.us.kg.aquasecurity.defsec.pkg.providers.aws.translate.ListJob" - } - } - } - }, - "github.aaakk.us.kg.aquasecurity.defsec.pkg.providers.aws.waf.ListACLs": { - "type": "object", - "properties": { - "webaclsid": { - "type": "object", - "$ref": "#/definitions/github.aaakk.us.kg.aquasecurity.defsec.pkg.types.StringValue" - } - } - }, - "github.aaakk.us.kg.aquasecurity.defsec.pkg.providers.aws.waf.Waf": { - "type": "object", - "properties": { - "listwebacls": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.aaakk.us.kg.aquasecurity.defsec.pkg.providers.aws.waf.ListACLs" - } - } - } - }, - "github.aaakk.us.kg.aquasecurity.defsec.pkg.providers.aws.wafv2.Wafv2": { - "type": "object", - "properties": { - "listwebacls": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.aaakk.us.kg.aquasecurity.defsec.pkg.providers.aws.wafv2.WebACLs2" - } - } - } - }, - "github.aaakk.us.kg.aquasecurity.defsec.pkg.providers.aws.wafv2.WebACLs2": { - "type": "object", - "properties": { - "webaclid": { - "type": "object", - "$ref": "#/definitions/github.aaakk.us.kg.aquasecurity.defsec.pkg.types.StringValue" - } - } - }, "github.aaakk.us.kg.aquasecurity.defsec.pkg.providers.aws.workspaces.Encryption": { "type": "object", "properties": { @@ -3959,24 +3397,6 @@ } } }, - "github.aaakk.us.kg.aquasecurity.defsec.pkg.providers.aws.xray.Configuration": { - "type": "object", - "properties": { - "keyid": { - "type": "object", - "$ref": "#/definitions/github.aaakk.us.kg.aquasecurity.defsec.pkg.types.StringValue" - } - } - }, - "github.aaakk.us.kg.aquasecurity.defsec.pkg.providers.aws.xray.Xray": { - "type": "object", - "properties": { - "encryptionconfig": { - "type": "object", - "$ref": "#/definitions/github.aaakk.us.kg.aquasecurity.defsec.pkg.providers.aws.xray.Configuration" - } - } - }, "github.aaakk.us.kg.aquasecurity.defsec.pkg.providers.azure.Azure": { "type": "object", "properties": { diff --git a/rules/cloud/policies/aws/autoscaling/asg_multiaz.rego b/rules/cloud/policies/aws/autoscaling/asg_multiaz.rego deleted file mode 100644 index 2d5d1b19a..000000000 --- a/rules/cloud/policies/aws/autoscaling/asg_multiaz.rego +++ /dev/null @@ -1,25 +0,0 @@ -# METADATA -# title: "ASG Multiple AZ" -# description: "Ensures that ASGs are created to be cross-AZ for high availability" -# scope: package -# schemas: -# - input: schema["cloud"] -# related_resources: -# - http://docs.aws.amazon.com/autoscaling/latest/userguide/AutoScalingGroup.html -# custom: -# avd_id: AVD-AWS-0339 -# provider: aws -# service: autoscaling -# severity: LOW -# short_code: asg-multi-az -# recommended_action: "Modify the autoscaling instance to enable scaling across multiple availability zones" -# input: -# selector: -# - type: cloud -package builtin.aws.autoscaling.aws0339 - -deny[res] { - group := input.aws.autoscaling.autoscalinggroupslist[_] - count(group.availabilityzone) <= 1 - res := result.new(sprintf("Auto scaling group is only using (%v) availability zones", [count(group.availabilityzone)]), group) -} diff --git a/rules/cloud/policies/aws/autoscaling/asg_multiaz_test.rego b/rules/cloud/policies/aws/autoscaling/asg_multiaz_test.rego deleted file mode 100644 index cbd77f904..000000000 --- a/rules/cloud/policies/aws/autoscaling/asg_multiaz_test.rego +++ /dev/null @@ -1,11 +0,0 @@ -package builtin.aws.autoscaling.aws0339 - -test_detects_when_more_than_1 { - r := deny with input as {"aws": {"autoscaling": {"autoscalinggroupslist": [{"availabilityzone": [{"value": "test-1"}, {"value": "test-2"}]}]}}} - count(r) == 0 -} - -test_when_not_more_than_1 { - r := deny with input as {"aws": {"autoscaling": {"autoscalinggroupslist": [{"availabilityzone": [{"value": "test-1"}]}]}}} - count(r) == 1 -} diff --git a/rules/cloud/policies/aws/autoscaling/elb_health_check_active.rego b/rules/cloud/policies/aws/autoscaling/elb_health_check_active.rego deleted file mode 100644 index c23632a44..000000000 --- a/rules/cloud/policies/aws/autoscaling/elb_health_check_active.rego +++ /dev/null @@ -1,26 +0,0 @@ -# METADATA -# title: "ELB Health Check Active" -# description: "Ensures all Auto Scaling groups have ELB health check active" -# scope: package -# schemas: -# - input: schema["cloud"] -# related_resources: -# - https://docs.aws.amazon.com/autoscaling/ec2/userguide/as-add-elb-healthcheck.html -# custom: -# avd_id: AVD-AWS-0341 -# provider: aws -# service: autoscaling -# severity: LOW -# short_code: elb-health-check-active -# recommended_action: "Enable ELB health check for the Auto Scaling groups" -# input: -# selector: -# - type: cloud -package builtin.aws.autoscaling.aws0341 - -deny[res] { - group := input.aws.autoscaling.autoscalinggroupslist[_] - not group.healthchecktype.value == "ELB" - group.loadbalancernames - res := result.new("Auto Scaling group does not have ELB health check active", group) -} diff --git a/rules/cloud/policies/aws/autoscaling/elb_health_check_active_test.rego b/rules/cloud/policies/aws/autoscaling/elb_health_check_active_test.rego deleted file mode 100644 index 708d235ba..000000000 --- a/rules/cloud/policies/aws/autoscaling/elb_health_check_active_test.rego +++ /dev/null @@ -1,17 +0,0 @@ -package builtin.aws.autoscaling.aws0341 - -test_detects_when_elb_active { - r := deny with input as {"aws": {"autoscaling": {"autoscalinggroupslist": [ - {"healthchecktype": {"value": "ELB"}}, - {}, - ]}}} - count(r) == 0 -} - -test_when_elb_not_active { - r := deny with input as {"aws": {"autoscaling": {"autoscalinggroupslist": [ - {"healthchecktype": {"value": "EC2"}}, - {"loadbalancernames": [{"name": {"value": "test"}}]}, - ]}}} - count(r) == 1 -} diff --git a/rules/cloud/policies/aws/autoscaling/empty_asg.rego b/rules/cloud/policies/aws/autoscaling/empty_asg.rego deleted file mode 100644 index 54fad2116..000000000 --- a/rules/cloud/policies/aws/autoscaling/empty_asg.rego +++ /dev/null @@ -1,25 +0,0 @@ -# METADATA -# title: "Empty AutoScaling Group" -# description: "Ensures all autoscaling groups contain at least 1 instance." -# scope: package -# schemas: -# - input: schema["cloud"] -# related_resources: -# - https://docs.aws.amazon.com/autoscaling/ec2/userguide/AutoScalingGroup.html -# custom: -# avd_id: AVD-AWS-0340 -# provider: aws -# service: autoscaling -# severity: LOW -# short_code: empty-asg -# recommended_action: "Delete the unused AutoScaling group." -# input: -# selector: -# - type: cloud -package builtin.aws.autoscaling.aws0340 - -deny[res] { - group := input.aws.autoscaling.autoscalinggroupslist[_] - not group.instances - res := result.new("Auto scaling group does not contain any instance", group) -} diff --git a/rules/cloud/policies/aws/autoscaling/empty_asg_test.rego b/rules/cloud/policies/aws/autoscaling/empty_asg_test.rego deleted file mode 100644 index 49fb3e609..000000000 --- a/rules/cloud/policies/aws/autoscaling/empty_asg_test.rego +++ /dev/null @@ -1,11 +0,0 @@ -package builtin.aws.autoscaling.aws0340 - -test_detects_when_have_instances { - r := deny with input as {"aws": {"autoscaling": {"autoscalinggroupslist": [{"instances": [{"instanceid": {"value": "test-1"}}]}]}}} - count(r) == 0 -} - -test_when_have_no_instances { - r := deny with input as {"aws": {"autoscaling": {"autoscalinggroupslist": [{}]}}} - count(r) == 1 -} diff --git a/test/loader_test.go b/test/loader_test.go index be2b85481..7a33a0744 100644 --- a/test/loader_test.go +++ b/test/loader_test.go @@ -16,7 +16,7 @@ func Test_loader_returns_expected_providers(t *testing.T) { func Test_load_returns_expected_services(t *testing.T) { services := rules.GetProviderServiceNames("aws") - assert.Len(t, services, 34) + assert.Len(t, services, 33) } func Test_load_returns_expected_service_checks(t *testing.T) {