/
server_certificate.go
41 lines (34 loc) · 1.35 KB
/
server_certificate.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
package sslcertificate
import (
"crypto/x509"
"encoding/pem"
"github.com/aquasecurity/defsec/pkg/providers/nifcloud/sslcertificate"
"github.com/aquasecurity/defsec/pkg/terraform"
defsecTypes "github.com/aquasecurity/defsec/pkg/types"
)
func adaptServerCertificates(modules terraform.Modules) []sslcertificate.ServerCertificate {
var serverCertificates []sslcertificate.ServerCertificate
for _, resource := range modules.GetResourcesByType("nifcloud_ssl_certificate") {
serverCertificates = append(serverCertificates, adaptServerCertificate(resource))
}
return serverCertificates
}
func adaptServerCertificate(resource *terraform.Block) sslcertificate.ServerCertificate {
certificateAttr := resource.GetAttribute("certificate")
expiryDateVal := defsecTypes.TimeUnresolvable(resource.GetMetadata())
if certificateAttr.IsNotNil() {
expiryDateVal = defsecTypes.TimeUnresolvable(certificateAttr.GetMetadata())
if certificateAttr.IsString() {
certificateString := certificateAttr.Value().AsString()
if block, _ := pem.Decode([]byte(certificateString)); block != nil {
if cert, err := x509.ParseCertificate(block.Bytes); err == nil {
expiryDateVal = defsecTypes.Time(cert.NotAfter, certificateAttr.GetMetadata())
}
}
}
}
return sslcertificate.ServerCertificate{
Metadata: resource.GetMetadata(),
Expiration: expiryDateVal,
}
}