Skip to content

Commit

Permalink
fix(misconf): wrap Azure PortRange in iac types (#7357)
Browse files Browse the repository at this point in the history
Signed-off-by: nikpivkin <[email protected]>
  • Loading branch information
nikpivkin authored Aug 20, 2024
1 parent 0c6687d commit c5c62d5
Show file tree
Hide file tree
Showing 5 changed files with 21 additions and 19 deletions.
8 changes: 4 additions & 4 deletions pkg/iac/adapters/arm/network/adapt.go
Original file line number Diff line number Diff line change
Expand Up @@ -27,11 +27,11 @@ func adaptSecurityGroups(deployment azure.Deployment) (sgs []network.SecurityGro
func adaptSecurityGroup(resource azure.Resource, deployment azure.Deployment) network.SecurityGroup {
return network.SecurityGroup{
Metadata: resource.Metadata,
Rules: adaptSecurityGroupRules(resource, deployment),
Rules: adaptSecurityGroupRules(deployment),
}
}

func adaptSecurityGroupRules(resource azure.Resource, deployment azure.Deployment) (rules []network.SecurityGroupRule) {
func adaptSecurityGroupRules(deployment azure.Deployment) (rules []network.SecurityGroupRule) {
for _, resource := range deployment.GetResourcesByType("Microsoft.Network/networkSecurityGroups/securityRules") {
rules = append(rules, adaptSecurityGroupRule(resource))
}
Expand Down Expand Up @@ -120,7 +120,7 @@ func expandRange(r string, m iacTypes.Metadata) network.PortRange {

return network.PortRange{
Metadata: m,
Start: start,
End: end,
Start: iacTypes.Int(start, m),
End: iacTypes.Int(end, m),
}
}
12 changes: 6 additions & 6 deletions pkg/iac/adapters/terraform/azure/network/adapt.go
Original file line number Diff line number Diff line change
Expand Up @@ -136,8 +136,8 @@ func (a *adapter) adaptSource(ruleBlock *terraform.Block, rule *network.Security
f := sourcePortRangeAttr.AsNumber()
rule.SourcePorts = append(rule.SourcePorts, network.PortRange{
Metadata: sourcePortRangeAttr.GetMetadata(),
Start: int(f),
End: int(f),
Start: iacTypes.Int(int(f), sourcePortRangeAttr.GetMetadata()),
End: iacTypes.Int(int(f), sourcePortRangeAttr.GetMetadata()),
})
}
}
Expand All @@ -160,8 +160,8 @@ func (a *adapter) adaptDestination(ruleBlock *terraform.Block, rule *network.Sec
f := destPortRangeAttr.AsNumber()
rule.DestinationPorts = append(rule.DestinationPorts, network.PortRange{
Metadata: destPortRangeAttr.GetMetadata(),
Start: int(f),
End: int(f),
Start: iacTypes.Int(int(f), destPortRangeAttr.GetMetadata()),
End: iacTypes.Int(int(f), destPortRangeAttr.GetMetadata()),
})
}
}
Expand Down Expand Up @@ -189,8 +189,8 @@ func expandRange(r string, m iacTypes.Metadata) network.PortRange {

return network.PortRange{
Metadata: m,
Start: start,
End: end,
Start: iacTypes.Int(start, m),
End: iacTypes.Int(end, m),
}
}

Expand Down
8 changes: 4 additions & 4 deletions pkg/iac/adapters/terraform/azure/network/adapt_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -65,15 +65,15 @@ func Test_Adapt(t *testing.T) {
SourcePorts: []network.PortRange{
{
Metadata: iacTypes.NewTestMetadata(),
Start: 0,
End: 65535,
Start: iacTypes.IntTest(0),
End: iacTypes.IntTest(65535),
},
},
DestinationPorts: []network.PortRange{
{
Metadata: iacTypes.NewTestMetadata(),
Start: 3389,
End: 3389,
Start: iacTypes.IntTest(3389),
End: iacTypes.IntTest(3389),
},
},
Protocol: iacTypes.String("TCP", iacTypes.NewTestMetadata()),
Expand Down
6 changes: 3 additions & 3 deletions pkg/iac/providers/azure/network/network.go
Original file line number Diff line number Diff line change
Expand Up @@ -27,12 +27,12 @@ type SecurityGroupRule struct {

type PortRange struct {
Metadata iacTypes.Metadata
Start int
End int
Start iacTypes.IntValue
End iacTypes.IntValue
}

func (r PortRange) Includes(port int) bool {
return port >= r.Start && port <= r.End
return port >= r.Start.Value() && port <= r.End.Value()
}

type NetworkWatcherFlowLog struct {
Expand Down
6 changes: 4 additions & 2 deletions pkg/iac/rego/schemas/cloud.json
Original file line number Diff line number Diff line change
Expand Up @@ -5207,10 +5207,12 @@
"$ref": "#/definitions/github.aaakk.us.kg.aquasecurity.trivy.pkg.iac.types.Metadata"
},
"end": {
"type": "integer"
"type": "object",
"$ref": "#/definitions/github.aaakk.us.kg.aquasecurity.trivy.pkg.iac.types.IntValue"
},
"start": {
"type": "integer"
"type": "object",
"$ref": "#/definitions/github.aaakk.us.kg.aquasecurity.trivy.pkg.iac.types.IntValue"
}
}
},
Expand Down

0 comments on commit c5c62d5

Please sign in to comment.