Skip to content

Commit

Permalink
fix(cloudformation): resolve property depending on conditions
Browse files Browse the repository at this point in the history
  • Loading branch information
nikpivkin authored and simar7 committed Jul 20, 2023
1 parent f21fdf3 commit 0cc230c
Show file tree
Hide file tree
Showing 2 changed files with 82 additions and 3 deletions.
10 changes: 7 additions & 3 deletions pkg/scanners/cloudformation/parser/property.go
Original file line number Diff line number Diff line change
Expand Up @@ -241,13 +241,17 @@ func (p *Property) GetProperty(path string) *Property {
pathParts := strings.Split(path, ".")

first := pathParts[0]
var property *Property
property := p

if p.IsNotMap() {
if p.isFunction() {
property, _ = p.resolveValue()
}

if property.IsNotMap() {
return nil
}

for n, p := range p.AsMap() {
for n, p := range property.AsMap() {
if n == first {
property = p
break
Expand Down
75 changes: 75 additions & 0 deletions pkg/scanners/cloudformation/parser/resource_test.go
Original file line number Diff line number Diff line change
@@ -0,0 +1,75 @@
package parser

import (
"testing"

"github.com/aquasecurity/defsec/pkg/scanners/cloudformation/cftypes"
"github.com/stretchr/testify/require"
)

func Test_GetProperty_PropIsFunction(t *testing.T) {
resource := Resource{
Inner: ResourceInner{
Type: "AWS::S3::Bucket",
Properties: map[string]*Property{
"BucketName": {
Inner: PropertyInner{
Type: cftypes.String,
Value: "mybucket",
},
},
"VersioningConfiguration": {
Inner: PropertyInner{
Type: cftypes.Map,
Value: map[string]*Property{
"Fn::If": {
Inner: PropertyInner{
Type: cftypes.List,
Value: []*Property{
{
Inner: PropertyInner{
Type: cftypes.Bool,
Value: false,
},
},
{
Inner: PropertyInner{
Type: cftypes.Map,
Value: map[string]*Property{
"Status": {
Inner: PropertyInner{
Type: cftypes.String,
Value: "Enabled",
},
},
},
},
},
{
Inner: PropertyInner{
Type: cftypes.Map,
Value: map[string]*Property{
"Status": {
Inner: PropertyInner{
Type: cftypes.String,
Value: "Suspended",
},
},
},
},
},
},
},
},
},
},
},
},
},
}

prop := resource.GetProperty("VersioningConfiguration.Status")
require.NotNil(t, prop)
require.True(t, prop.IsString())
require.Equal(t, "Suspended", prop.AsString())
}

0 comments on commit 0cc230c

Please sign in to comment.