-
Notifications
You must be signed in to change notification settings - Fork 1
/
http_api.go
64 lines (50 loc) · 1.83 KB
/
http_api.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
package sam
import (
"github.com/aquasecurity/defsec/pkg/providers/aws/sam"
"github.com/aquasecurity/defsec/pkg/types"
"github.com/khulnasoft-lab/vul-iac/pkg/scanners/cloudformation/parser"
)
func getHttpApis(cfFile parser.FileContext) (apis []sam.HttpAPI) {
apiResources := cfFile.GetResourcesByType("AWS::Serverless::HttpApi")
for _, r := range apiResources {
api := sam.HttpAPI{
Metadata: r.Metadata(),
Name: r.GetStringProperty("Name", ""),
DomainConfiguration: getDomainConfiguration(r),
AccessLogging: getAccessLoggingV2(r),
DefaultRouteSettings: getRouteSettings(r),
}
apis = append(apis, api)
}
return apis
}
func getAccessLoggingV2(r *parser.Resource) sam.AccessLogging {
logging := sam.AccessLogging{
Metadata: r.Metadata(),
CloudwatchLogGroupARN: types.StringDefault("", r.Metadata()),
}
if access := r.GetProperty("AccessLogSettings"); access.IsNotNil() {
logging = sam.AccessLogging{
Metadata: access.Metadata(),
CloudwatchLogGroupARN: access.GetStringProperty("DestinationArn", ""),
}
}
return logging
}
func getRouteSettings(r *parser.Resource) sam.RouteSettings {
routeSettings := sam.RouteSettings{
Metadata: r.Metadata(),
LoggingEnabled: types.BoolDefault(false, r.Metadata()),
DataTraceEnabled: types.BoolDefault(false, r.Metadata()),
DetailedMetricsEnabled: types.BoolDefault(false, r.Metadata()),
}
if route := r.GetProperty("DefaultRouteSettings"); route.IsNotNil() {
routeSettings = sam.RouteSettings{
Metadata: route.Metadata(),
LoggingEnabled: route.GetBoolProperty("LoggingLevel"),
DataTraceEnabled: route.GetBoolProperty("DataTraceEnabled"),
DetailedMetricsEnabled: route.GetBoolProperty("DetailedMetricsEnabled"),
}
}
return routeSettings
}