add kinesis

aquasecurity · Oct 7, 2021 · 6865bd0 · 6865bd0
1 parent ce7af87
commit 6865bd0
Show file tree

Hide file tree

Showing 122 changed files with 376 additions and 327 deletions.
diff --git a/cmd/cfsec-docs/checks.go b/cmd/cfsec-docs/checks.go
@@ -1,3 +1 @@
 package main
-
-
diff --git a/cmd/cfsec-docs/extension_codes.go b/cmd/cfsec-docs/extension_codes.go
@@ -26,14 +26,14 @@ func generateExtensionCodeFile(registeredChecks []rule.Rule) error {
 	var blocks []checkBlock
 
 	for _, check := range registeredChecks {
-			blocks = append(blocks, checkBlock{
-				Code:        check.ID(),
-				Service:     check.Base.Rule().Service,
-				Description: check.Base.Rule().Summary,
-				Impact:      check.Base.Rule().Impact,
-				Resolution:  check.Base.Rule().Resolution,
-				DocUrl:      fmt.Sprintf("https://cfsec.dev/docs/%s/%s/", check.Base.Rule().Service, check.Base.Rule().ShortCode),
-			})
+		blocks = append(blocks, checkBlock{
+			Code:        check.ID(),
+			Service:     check.Base.Rule().Service,
+			Description: check.Base.Rule().Summary,
+			Impact:      check.Base.Rule().Impact,
+			Resolution:  check.Base.Rule().Resolution,
+			DocUrl:      fmt.Sprintf("https://cfsec.dev/docs/%s/%s/", check.Base.Rule().Service, check.Base.Rule().ShortCode),
+		})
 	}
 
 	file, err := os.Create("checkdocs/codes.json")

diff --git a/cmd/cfsec-docs/main.go b/cmd/cfsec-docs/main.go
@@ -43,12 +43,12 @@ var rootCmd = &cobra.Command{
 
 func getSortedChecks() []rule.Rule {
 	checks := scanner.GetRegisteredRules()
-	
+
 	// sort the checks alpha
 	sort.Slice(checks, func(i, j int) bool {
 		return checks[i].ID() < checks[j].ID()
 	})
-	
+
 	if err := generateNavIndexFile(checks); err != nil {
 		panic(err)
 	}

diff --git a/cmd/cfsec-docs/navigation_docs.go b/cmd/cfsec-docs/navigation_docs.go
@@ -22,7 +22,6 @@ const navDocsTemplate = `---
 
 `
 
-
 type navBlock struct {
 	Title    string    `yaml:"title"`
 	Services []service `yaml:"services"`
@@ -38,7 +37,7 @@ func generateNavIndexFile(registeredChecks []rule.Rule) error {
 
 	topLevel := &[]navBlock{
 		{
-			Title: "Services",
+			Title:    "Services",
 			Services: getServices(registeredChecks),
 		},
 	}
@@ -69,7 +68,7 @@ func getServices(checks []rule.Rule) []service {
 
 	for _, check := range checks {
 		rulePath := fmt.Sprintf("%s/%s", check.Base.Rule().Service, check.Base.Rule().ShortCode)
-		serviceMap[check.Base.Rule().Service] = append(serviceMap[check.Base.Rule().Service], rulePath )
+		serviceMap[check.Base.Rule().Service] = append(serviceMap[check.Base.Rule().Service], rulePath)
 	}
 
 	var services []service
@@ -79,9 +78,9 @@ func getServices(checks []rule.Rule) []service {
 			return docs[i] < docs[j]
 		})
 		services = append(services, service{
-			Title: s,
+			Title:   s,
 			Service: s,
-			Docs: docs,
+			Docs:    docs,
 		})
 	}
 
@@ -92,4 +91,3 @@ func getServices(checks []rule.Rule) []service {
 	return services
 
 }
-
diff --git a/cmd/cfsec-docs/webpage.go b/cmd/cfsec-docs/webpage.go
@@ -59,19 +59,16 @@ The following example will pass the {{$.ID}} check.
 )
 
 type docEntry struct {
-	Summary string
-	ID string
-	ShortCode string
-	Service string
+	Summary     string
+	ID          string
+	ShortCode   string
+	Service     string
 	Explanation string
-	Impact string
-	Resolution string
-	BadExample []string
+	Impact      string
+	Resolution  string
+	BadExample  []string
 	GoodExample []string
-	Links []string
-
-
-
+	Links       []string
 }
 
 func newEntry(check rule.Rule) docEntry {
@@ -84,26 +81,25 @@ func newEntry(check rule.Rule) docEntry {
 		Resolution:  check.Base.Rule().Resolution,
 		BadExample:  check.BadExample,
 		GoodExample: check.GoodExample,
-		Service: check.Base.Rule().Service,
+		Service:     check.Base.Rule().Service,
 		Links:       append(check.Base.Rule().Links, check.Links...),
 	}
 }
 
-
 func generateWebPages(fileContents []rule.Rule) error {
 	for _, check := range fileContents {
-			webProviderPath := fmt.Sprintf("%s/docs/%s", webPath, strings.ToLower(check.Base.Rule().Service))
-			entry := newEntry(check)
-			if err := generateWebPage(webProviderPath, entry); err != nil {
-				return err
-			}
+		webProviderPath := fmt.Sprintf("%s/docs/%s", webPath, strings.ToLower(check.Base.Rule().Service))
+		entry := newEntry(check)
+		if err := generateWebPage(webProviderPath, entry); err != nil {
+			return err
 		}
+	}
 	return nil
 }
 
 var funcMap = template.FuncMap{
-	"ToUpper":            strings.ToUpper,
-	"Join":               join,
+	"ToUpper": strings.ToUpper,
+	"Join":    join,
 }
 
 func join(s []string) string {

diff --git a/internal/app/cfsec/adapter/aws/adapt.go b/internal/app/cfsec/adapter/aws/adapt.go
@@ -21,6 +21,7 @@ import (
 	"github.com/aquasecurity/cfsec/internal/app/cfsec/adapter/aws/elasticsearch"
 	"github.com/aquasecurity/cfsec/internal/app/cfsec/adapter/aws/elb"
 	"github.com/aquasecurity/cfsec/internal/app/cfsec/adapter/aws/iam"
+	"github.com/aquasecurity/cfsec/internal/app/cfsec/adapter/aws/kinesis"
 	"github.com/aquasecurity/cfsec/internal/app/cfsec/adapter/aws/mq"
 	"github.com/aquasecurity/cfsec/internal/app/cfsec/adapter/aws/msk"
 	"github.com/aquasecurity/cfsec/internal/app/cfsec/adapter/aws/neptune"
@@ -60,6 +61,7 @@ func Adapt(cfFile parser.FileContext) aws.AWS {
 		ELB:           elb.Adapt(cfFile),
 		MSK:           msk.Adapt(cfFile),
 		MQ:            mq.Adapt(cfFile),
+		Kinesis:       kinesis.Adapt(cfFile),
 		Neptune:       neptune.Adapt(cfFile),
 		RDS:           rds.Adapt(cfFile),
 		Redshift:      redshift.Adapt(cfFile),

diff --git a/internal/app/cfsec/adapter/aws/apigateway/apigateway.go b/internal/app/cfsec/adapter/aws/apigateway/apigateway.go
@@ -6,14 +6,12 @@ import (
 )
 
 const (
-	apiGatewayType = "AWS::ApiGatewayV2::Api"
+	apiGatewayType      = "AWS::ApiGatewayV2::Api"
 	apiGatewayStageType = "AWS::ApiGatewayV2::Stage"
-
 )
 
 func Adapt(cfFile parser.FileContext) apigateway.APIGateway {
 	return apigateway.APIGateway{
 		APIs: getApis(cfFile),
 	}
 }
-
diff --git a/internal/app/cfsec/adapter/aws/apigateway/stage.go b/internal/app/cfsec/adapter/aws/apigateway/stage.go
@@ -8,12 +8,11 @@ import (
 
 func getApis(cfFile parser.FileContext) (apis []apigateway.API) {
 
-
 	apiResources := cfFile.GetResourceByType(apiGatewayType)
 	for _, apiRes := range apiResources {
 		api := apigateway.API{
 			Metadata: apiRes.Metadata(),
-			Stages: getStages(apiRes.ID(), cfFile),
+			Stages:   getStages(apiRes.ID(), cfFile),
 		}
 		apis = append(apis, api)
 	}
@@ -32,7 +31,7 @@ func getStages(apiId string, cfFile parser.FileContext) []apigateway.Stage {
 		}
 
 		s := apigateway.Stage{
-			Metadata:  stageRes.Metadata(),
+			Metadata:      stageRes.Metadata(),
 			Name:          getStageName(stageRes),
 			AccessLogging: getAccessLogging(stageRes),
 		}
@@ -71,7 +70,7 @@ func getAccessLogging(r *parser.Resource) apigateway.AccessLogging {
 
 	if destinationProp.IsNil() {
 		return apigateway.AccessLogging{
-			Metadata: loggingProp.Metadata(),
+			Metadata:              loggingProp.Metadata(),
 			CloudwatchLogGroupARN: types.StringDefault("", r.Metadata()),
 		}
 	}

diff --git a/internal/app/cfsec/adapter/aws/autoscaling/autoscaling.go b/internal/app/cfsec/adapter/aws/autoscaling/autoscaling.go
@@ -11,4 +11,3 @@ func Adapt(cfFile parser.FileContext) autoscaling.Autoscaling {
 		LaunchConfigurations: getLaunchConfigurations(cfFile),
 	}
 }
-
diff --git a/internal/app/cfsec/adapter/aws/autoscaling/launch_configuration.go b/internal/app/cfsec/adapter/aws/autoscaling/launch_configuration.go
@@ -7,18 +7,18 @@ import (
 )
 
 func getLaunchConfigurations(file parser.FileContext) (launchConfigurations []autoscaling.LaunchConfiguration) {
-		launchConfigResources := file.GetResourceByType("AWS::AutoScaling::LaunchConfiguration")
+	launchConfigResources := file.GetResourceByType("AWS::AutoScaling::LaunchConfiguration")
 
 	for _, r := range launchConfigResources {
 
 		launchConfig := autoscaling.LaunchConfiguration{
 			Name:              getName(r),
 			AssociatePublicIP: hasPublicIPAssociated(r),
-			EBSBlockDevices: []autoscaling.BlockDevice{},
+			EBSBlockDevices:   []autoscaling.BlockDevice{},
 		}
 
 		blockDevices := getBlockDevices(r)
-		for i	, device := range blockDevices {
+		for i, device := range blockDevices {
 			if i == 0 {
 				launchConfig.RootBlockDevice = &device
 				continue
@@ -50,7 +50,6 @@ func getBlockDevices(r *parser.Resource) []autoscaling.BlockDevice {
 			result = encrypted.AsBoolValue()
 		}
 
-
 		device := autoscaling.BlockDevice{
 			Encrypted: result,
 		}
@@ -61,7 +60,6 @@ func getBlockDevices(r *parser.Resource) []autoscaling.BlockDevice {
 	return blockDevices
 }
 
-
 func hasPublicIPAssociated(r *parser.Resource) types.BoolValue {
 	publicIpProp := r.GetProperty("AssociatePublicIpAddress")
 	if publicIpProp.IsNil() {
@@ -86,4 +84,3 @@ func getName(r *parser.Resource) types.StringValue {
 
 	return nameProp.AsStringValue()
 }
-
diff --git a/internal/app/cfsec/adapter/aws/cloudfront/cloudfront.go b/internal/app/cfsec/adapter/aws/cloudfront/cloudfront.go
@@ -1,6 +1,5 @@
 package cloudfront
 
-
 import (
 	"github.com/aquasecurity/cfsec/internal/app/cfsec/parser"
 	"github.com/aquasecurity/defsec/provider/aws/cloudfront"
@@ -12,4 +11,3 @@ func Adapt(cfFile parser.FileContext) cloudfront.Cloudfront {
 		Distributions: getDistributions(cfFile),
 	}
 }
-
diff --git a/internal/app/cfsec/adapter/aws/cloudtrail/cloudtrail.go b/internal/app/cfsec/adapter/aws/cloudtrail/cloudtrail.go
@@ -12,4 +12,3 @@ func Adapt(cfFile parser.FileContext) cloudtrail.CloudTrail {
 	}
 
 }
-
diff --git a/internal/app/cfsec/adapter/aws/cloudtrail/trails.go b/internal/app/cfsec/adapter/aws/cloudtrail/trails.go
@@ -36,7 +36,7 @@ func getKmsId(r *parser.Resource) types.StringValue {
 func isMultiRegion(r *parser.Resource) types.BoolValue {
 	prop := r.GetProperty("IsMultiRegionTrail")
 
-	if prop.IsNil() || !prop.IsBool(){
+	if prop.IsNil() || !prop.IsBool() {
 		return types.BoolDefault(false, r.Metadata())
 	}
 	return prop.AsBoolValue()
@@ -45,7 +45,7 @@ func isMultiRegion(r *parser.Resource) types.BoolValue {
 func hasLogValidation(r *parser.Resource) types.BoolValue {
 	prop := r.GetProperty("EnableLogFileValidation")
 
-	if prop.IsNil() || !prop.IsBool(){
+	if prop.IsNil() || !prop.IsBool() {
 		return types.BoolDefault(false, r.Metadata())
 	}
 	return prop.AsBoolValue()
@@ -58,4 +58,4 @@ func getTrailName(r *parser.Resource) types.StringValue {
 		return types.StringDefault("", r.Metadata())
 	}
 	return prop.AsStringValue()
-}
+}
diff --git a/internal/app/cfsec/adapter/aws/cloudwatch/cloudwatch.go b/internal/app/cfsec/adapter/aws/cloudwatch/cloudwatch.go
@@ -11,4 +11,3 @@ func Adapt(cfFile parser.FileContext) cloudwatch.CloudWatch {
 		LogGroups: getLogGroups(cfFile),
 	}
 }
-
diff --git a/internal/app/cfsec/adapter/aws/cloudwatch/log_group.go b/internal/app/cfsec/adapter/aws/cloudwatch/log_group.go
@@ -35,4 +35,4 @@ func getName(r *parser.Resource) types.StringValue {
 		return types.StringDefault("", r.Metadata())
 	}
 	return logGroupName.AsStringValue()
-}
+}
diff --git a/internal/app/cfsec/adapter/aws/codebuild/codebuild.go b/internal/app/cfsec/adapter/aws/codebuild/codebuild.go
@@ -5,10 +5,8 @@ import (
 	"github.com/aquasecurity/defsec/provider/aws/codebuild"
 )
 
-func Adapt(cfFile parser.FileContext) codebuild.CodeBuild{
+func Adapt(cfFile parser.FileContext) codebuild.CodeBuild {
 	return codebuild.CodeBuild{
 		Projects: getProjects(cfFile),
-
 	}
 }
-
diff --git a/internal/app/cfsec/adapter/aws/config/aggregator.go b/internal/app/cfsec/adapter/aws/config/aggregator.go
@@ -23,7 +23,7 @@ func isSourcingAllRegions(r *parser.Resource) types.BoolValue {
 	accountProp := r.GetProperty("AccountAggregationSources")
 	orgProp := r.GetProperty("OrganizationAggregationSource")
 
-	if accountProp.IsNotNil() && accountProp.IsList(){
+	if accountProp.IsNotNil() && accountProp.IsList() {
 		for _, a := range accountProp.AsList() {
 			regionsProp := a.GetProperty("AllAwsRegions")
 			if regionsProp.IsNil() || regionsProp.IsBool() {
@@ -32,7 +32,7 @@ func isSourcingAllRegions(r *parser.Resource) types.BoolValue {
 		}
 	}
 
-	if orgProp.IsNotNil(){
+	if orgProp.IsNotNil() {
 		regionsProp := orgProp.GetProperty("AllAwsRegions")
 		if regionsProp.IsNotNil() || regionsProp.IsBool() {
 			return regionsProp.AsBoolValue()

diff --git a/internal/app/cfsec/adapter/aws/config/config.go b/internal/app/cfsec/adapter/aws/config/config.go
@@ -10,4 +10,3 @@ func Adapt(cfFile parser.FileContext) config.Config {
 		ConfigurationAggregrator: getConfiguraionAggregator(cfFile),
 	}
 }
-
diff --git a/internal/app/cfsec/adapter/aws/documentdb/cluster.go b/internal/app/cfsec/adapter/aws/documentdb/cluster.go
@@ -12,8 +12,8 @@ func getClusters(ctx parser.FileContext) (clusters []documentdb.Cluster) {
 
 	for _, r := range clusterResources {
 		cluster := documentdb.Cluster{
-			Metadata: r.Metadata(),
-			Identifier: getIdentifier(r),
+			Metadata:          r.Metadata(),
+			Identifier:        getIdentifier(r),
 			EnabledLogExports: getLogExports(r),
 			StorageEncrypted:  isStorageEncrypted(r),
 			KMSKeyID:          getKmsKeyId(r),
@@ -31,13 +31,13 @@ func updateInstancesOnCluster(cluster *documentdb.Cluster, ctx parser.FileContex
 	instanceResources := ctx.GetResourceByType("AWS::DocDB::DBInstance")
 
 	for _, r := range instanceResources {
-		 clusterIdentifier := getIdentifier(r)
-		 if clusterIdentifier == cluster.Identifier {
-			 cluster.Instances = append(cluster.Instances, documentdb.Instance{
-				 Metadata: r.Metadata(),
-				 KMSKeyID: cluster.KMSKeyID,
-			 })
-		 }
+		clusterIdentifier := getIdentifier(r)
+		if clusterIdentifier == cluster.Identifier {
+			cluster.Instances = append(cluster.Instances, documentdb.Instance{
+				Metadata: r.Metadata(),
+				KMSKeyID: cluster.KMSKeyID,
+			})
+		}
 	}
 }