-
Notifications
You must be signed in to change notification settings - Fork 1
/
adapt.go
94 lines (80 loc) · 2.95 KB
/
adapt.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
package appservice
import (
"github.com/aquasecurity/defsec/pkg/providers/azure/appservice"
"github.com/aquasecurity/defsec/pkg/terraform"
defsecTypes "github.com/aquasecurity/defsec/pkg/types"
)
func Adapt(modules terraform.Modules) appservice.AppService {
return appservice.AppService{
Services: adaptServices(modules),
FunctionApps: adaptFunctionApps(modules),
}
}
func adaptServices(modules terraform.Modules) []appservice.Service {
var services []appservice.Service
for _, module := range modules {
for _, resource := range module.GetResourcesByType("azurerm_app_service") {
services = append(services, adaptService(resource))
}
}
return services
}
func adaptFunctionApps(modules terraform.Modules) []appservice.FunctionApp {
var functionApps []appservice.FunctionApp
for _, module := range modules {
for _, resource := range module.GetResourcesByType("azurerm_function_app") {
functionApps = append(functionApps, adaptFunctionApp(resource))
}
}
return functionApps
}
func adaptService(resource *terraform.Block) appservice.Service {
enableClientCertAttr := resource.GetAttribute("client_cert_enabled")
enableClientCertVal := enableClientCertAttr.AsBoolValueOrDefault(false, resource)
identityBlock := resource.GetBlock("identity")
typeVal := defsecTypes.String("", resource.GetMetadata())
if identityBlock.IsNotNil() {
typeAttr := identityBlock.GetAttribute("type")
typeVal = typeAttr.AsStringValueOrDefault("", identityBlock)
}
authBlock := resource.GetBlock("auth_settings")
enabledVal := defsecTypes.Bool(false, resource.GetMetadata())
if authBlock.IsNotNil() {
enabledAttr := authBlock.GetAttribute("enabled")
enabledVal = enabledAttr.AsBoolValueOrDefault(false, authBlock)
}
siteBlock := resource.GetBlock("site_config")
enableHTTP2Val := defsecTypes.Bool(false, resource.GetMetadata())
minTLSVersionVal := defsecTypes.String("1.2", resource.GetMetadata())
if siteBlock.IsNotNil() {
enableHTTP2Attr := siteBlock.GetAttribute("http2_enabled")
enableHTTP2Val = enableHTTP2Attr.AsBoolValueOrDefault(false, siteBlock)
minTLSVersionAttr := siteBlock.GetAttribute("min_tls_version")
minTLSVersionVal = minTLSVersionAttr.AsStringValueOrDefault("1.2", siteBlock)
}
return appservice.Service{
Metadata: resource.GetMetadata(),
EnableClientCert: enableClientCertVal,
Identity: struct{ Type defsecTypes.StringValue }{
Type: typeVal,
},
Authentication: struct{ Enabled defsecTypes.BoolValue }{
Enabled: enabledVal,
},
Site: struct {
EnableHTTP2 defsecTypes.BoolValue
MinimumTLSVersion defsecTypes.StringValue
}{
EnableHTTP2: enableHTTP2Val,
MinimumTLSVersion: minTLSVersionVal,
},
}
}
func adaptFunctionApp(resource *terraform.Block) appservice.FunctionApp {
HTTPSOnlyAttr := resource.GetAttribute("https_only")
HTTPSOnlyVal := HTTPSOnlyAttr.AsBoolValueOrDefault(false, resource)
return appservice.FunctionApp{
Metadata: resource.GetMetadata(),
HTTPSOnly: HTTPSOnlyVal,
}
}