-
Notifications
You must be signed in to change notification settings - Fork 1
/
function.go
58 lines (52 loc) · 1.77 KB
/
function.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
package sam
import (
"github.com/aquasecurity/defsec/pkg/providers/aws/iam"
"github.com/aquasecurity/defsec/pkg/providers/aws/sam"
defsecTypes "github.com/aquasecurity/defsec/pkg/types"
"github.com/khulnasoft-lab/vul-iac/pkg/scanners/cloudformation/parser"
"github.com/liamg/iamgo"
)
func getFunctions(cfFile parser.FileContext) (functions []sam.Function) {
functionResources := cfFile.GetResourcesByType("AWS::Serverless::Function")
for _, r := range functionResources {
function := sam.Function{
Metadata: r.Metadata(),
FunctionName: r.GetStringProperty("FunctionName"),
Tracing: r.GetStringProperty("Tracing", sam.TracingModePassThrough),
ManagedPolicies: nil,
Policies: nil,
}
setFunctionPolicies(r, &function)
functions = append(functions, function)
}
return functions
}
func setFunctionPolicies(r *parser.Resource, function *sam.Function) {
policies := r.GetProperty("Policies")
if policies.IsNotNil() {
if policies.IsString() {
function.ManagedPolicies = append(function.ManagedPolicies, policies.AsStringValue())
} else if policies.IsList() {
for _, property := range policies.AsList() {
if property.IsMap() {
parsed, err := iamgo.Parse(property.GetJsonBytes(true))
if err != nil {
continue
}
policy := iam.Policy{
Metadata: property.Metadata(),
Name: defsecTypes.StringDefault("", property.Metadata()),
Document: iam.Document{
Metadata: property.Metadata(),
Parsed: *parsed,
},
Builtin: defsecTypes.Bool(false, property.Metadata()),
}
function.Policies = append(function.Policies, policy)
} else if property.IsString() {
function.ManagedPolicies = append(function.ManagedPolicies, property.AsStringValue())
}
}
}
}
}