Update tests and adapters

- update adapters to use common form and leverage the helpers
- update the tests to get the expectedCode from the rule

cmd/cfsec-docs/extension_codes.go

@@ -5,7 +5,7 @@ import (
 	"fmt"
 	"os"
 
-	"github.com/aquasecurity/cfsec/internal/app/cfsec/rule"
+	"github.com/aquasecurity/cfsec/internal/app/cfsec/rules"
 )
 
 type checkBlock struct {
@@ -22,7 +22,7 @@ type checksBlock struct {
 	Checks []checkBlock `json:"checks"`
 }
 
-func generateExtensionCodeFile(registeredChecks []rule.Rule) error {
+func generateExtensionCodeFile(registeredChecks []rules.Rule) error {
 	var blocks []checkBlock
 
 	for _, check := range registeredChecks {

cmd/cfsec-docs/main.go

@@ -5,7 +5,7 @@ import (
 	"os"
 	"sort"
 
-	"github.com/aquasecurity/cfsec/internal/app/cfsec/rule"
+	"github.com/aquasecurity/cfsec/internal/app/cfsec/rules"
 
 	"github.com/spf13/cobra"
 
@@ -41,7 +41,7 @@ var rootCmd = &cobra.Command{
 	},
 }
 
-func getSortedChecks() []rule.Rule {
+func getSortedChecks() []rules.Rule {
 	checks := scanner.GetRegisteredRules()
 
 	// sort the checks alpha

cmd/cfsec-docs/navigation_docs.go

@@ -7,7 +7,7 @@ import (
 	"sort"
 	"strings"
 
-	"github.com/aquasecurity/cfsec/internal/app/cfsec/rule"
+	"github.com/aquasecurity/cfsec/internal/app/cfsec/rules"
 	"gopkg.in/yaml.v2"
 )
 
@@ -33,7 +33,7 @@ type service struct {
 	Docs    []string `yaml:"docs"`
 }
 
-func generateNavIndexFile(registeredChecks []rule.Rule) error {
+func generateNavIndexFile(registeredChecks []rules.Rule) error {
 
 	topLevel := &[]navBlock{
 		{
@@ -62,7 +62,7 @@ func generateNavIndexFile(registeredChecks []rule.Rule) error {
 	return err
 }
 
-func getServices(checks []rule.Rule) []service {
+func getServices(checks []rules.Rule) []service {
 
 	serviceMap := make(map[string][]string)
 

cmd/cfsec-docs/webpage.go

@@ -6,7 +6,7 @@ import (
 	"strings"
 	"text/template"
 
-	"github.com/aquasecurity/cfsec/internal/app/cfsec/rule"
+	"github.com/aquasecurity/cfsec/internal/app/cfsec/rules"
 )
 
 const (
@@ -71,7 +71,7 @@ type docEntry struct {
 	Links       []string
 }
 
-func newEntry(check rule.Rule) docEntry {
+func newEntry(check rules.Rule) docEntry {
 	return docEntry{
 		Summary:     check.Base.Rule().Summary,
 		ID:          check.ID(),
@@ -86,7 +86,7 @@ func newEntry(check rule.Rule) docEntry {
 	}
 }
 
-func generateWebPages(fileContents []rule.Rule) error {
+func generateWebPages(fileContents []rules.Rule) error {
 	for _, check := range fileContents {
 		webProviderPath := fmt.Sprintf("%s/docs/%s", webPath, strings.ToLower(check.Base.Rule().Service))
 		entry := newEntry(check)

internal/app/cfsec/adapter/aws/apigateway/apigateway.go

@@ -5,11 +5,6 @@ import (
 	"github.com/aquasecurity/defsec/provider/aws/apigateway"
 )
 
-const (
-	apiGatewayType      = "AWS::ApiGatewayV2::Api"
-	apiGatewayStageType = "AWS::ApiGatewayV2::Stage"
-)
-
 func Adapt(cfFile parser.FileContext) apigateway.APIGateway {
 	return apigateway.APIGateway{
 		APIs: getApis(cfFile),

internal/app/cfsec/adapter/aws/apigateway/stage.go

@@ -8,7 +8,7 @@ import (
 
 func getApis(cfFile parser.FileContext) (apis []apigateway.API) {
 
-	apiResources := cfFile.GetResourceByType(apiGatewayType)
+	apiResources := cfFile.GetResourceByType("AWS::ApiGatewayV2::Api")
 	for _, apiRes := range apiResources {
 		api := apigateway.API{
 			Metadata: apiRes.Metadata(),
@@ -24,39 +24,23 @@ func getStages(apiId string, cfFile parser.FileContext) []apigateway.Stage {
 	var apiStages []apigateway.Stage
 
 	stageResources := cfFile.GetResourceByType("AWS::ApiGatewayV2::Stage")
-	for _, stageRes := range stageResources {
-		stageApiId := getApiID(stageRes)
+	for _, r := range stageResources {
+		stageApiId := r.GetStringProperty("ApiId")
 		if stageApiId.Value() != apiId {
 			continue
 		}
 
 		s := apigateway.Stage{
-			Metadata:      stageRes.Metadata(),
-			Name:          getStageName(stageRes),
-			AccessLogging: getAccessLogging(stageRes),
+			Metadata:      r.Metadata(),
+			Name:          r.GetStringProperty("StageName"),
+			AccessLogging: getAccessLogging(r),
 		}
 		apiStages = append(apiStages, s)
 	}
 
 	return apiStages
 }
 
-func getApiID(res *parser.Resource) types.StringValue {
-	apiIDProp := res.GetProperty("ApiId")
-	if apiIDProp == nil {
-		return types.StringDefault("", res.Metadata())
-	}
-	return apiIDProp.AsStringValue()
-}
-
-func getStageName(res *parser.Resource) types.StringValue {
-	stageNameProp := res.GetProperty("StageName")
-	if stageNameProp == nil {
-		return types.StringDefault("", res.Metadata())
-	}
-	return stageNameProp.AsStringValue()
-}
-
 func getAccessLogging(r *parser.Resource) apigateway.AccessLogging {
 
 	loggingProp := r.GetProperty("AccessLogSettings")

internal/app/cfsec/adapter/aws/athena/workgroup.go

@@ -3,7 +3,6 @@ package athena
 import (
 	"github.com/aquasecurity/cfsec/internal/app/cfsec/parser"
 	"github.com/aquasecurity/defsec/provider/aws/athena"
-	"github.com/aquasecurity/defsec/types"
 )
 
 func getWorkGroups(cfFile parser.FileContext) []athena.Workgroup {
@@ -16,11 +15,11 @@ func getWorkGroups(cfFile parser.FileContext) []athena.Workgroup {
 
 		wg := athena.Workgroup{
 			Metadata: r.Metadata(),
-			Name:     getName(r),
+			Name:     r.GetStringProperty("Name"),
 			Encryption: athena.EncryptionConfiguration{
-				Type: getEncryptionType(r),
+				Type: r.GetStringProperty("WorkGroupConfiguration.ResultConfiguration.EncryptionConfiguration.EncryptionOption"),
 			},
-			EnforceConfiguration: getConfigurationEnforcement(r),
+			EnforceConfiguration: r.GetBoolProperty("WorkGroupConfiguration.EnforceWorkGroupConfiguration"),
 		}
 
 		workgroups = append(workgroups, wg)
@@ -29,43 +28,3 @@ func getWorkGroups(cfFile parser.FileContext) []athena.Workgroup {
 	return workgroups
 }
 
-func getName(r *parser.Resource) types.StringValue {
-
-	nameProp := r.GetProperty("Name")
-
-	if nameProp.IsNil() {
-		return types.StringDefault("", r.Metadata())
-	}
-
-	return nameProp.AsStringValue()
-}
-
-func getEncryptionType(r *parser.Resource) types.StringValue {
-
-	typeProp := r.GetProperty("WorkGroupConfiguration.ResultConfiguration.EncryptionConfiguration.EncryptionOption")
-
-	if typeProp.IsNil() {
-		return types.StringDefault("", r.Metadata())
-	}
-
-	if typeProp.IsEmpty() {
-		return types.StringDefault("", typeProp.Metadata())
-	}
-
-	return typeProp.AsStringValue()
-}
-
-func getConfigurationEnforcement(r *parser.Resource) types.BoolValue {
-
-	enforceProp := r.GetProperty("WorkGroupConfiguration.EnforceWorkGroupConfiguration")
-
-	if enforceProp.IsNil() {
-		return types.BoolDefault(false, r.Metadata())
-	}
-
-	if !enforceProp.IsBool() {
-		return types.BoolDefault(false, enforceProp.Metadata())
-	}
-
-	return enforceProp.AsBoolValue()
-}

internal/app/cfsec/adapter/aws/autoscaling/launch_configuration.go

@@ -12,8 +12,8 @@ func getLaunchConfigurations(file parser.FileContext) (launchConfigurations []au
 	for _, r := range launchConfigResources {
 
 		launchConfig := autoscaling.LaunchConfiguration{
-			Name:              getName(r),
-			AssociatePublicIP: hasPublicIPAssociated(r),
+			Name:              r.GetStringProperty("Name"),
+			AssociatePublicIP: r.GetBoolProperty("AssociatePublicIpAddress"),
 			EBSBlockDevices:   []autoscaling.BlockDevice{},
 		}
 
@@ -60,27 +60,3 @@ func getBlockDevices(r *parser.Resource) []autoscaling.BlockDevice {
 	return blockDevices
 }
 
-func hasPublicIPAssociated(r *parser.Resource) types.BoolValue {
-	publicIpProp := r.GetProperty("AssociatePublicIpAddress")
-	if publicIpProp.IsNil() {
-		return types.BoolDefault(false, r.Metadata())
-	}
-
-	if !publicIpProp.IsBool() {
-		return types.BoolDefault(false, publicIpProp.Metadata())
-	}
-	return publicIpProp.AsBoolValue()
-}
-
-func getName(r *parser.Resource) types.StringValue {
-	nameProp := r.GetProperty("Name")
-	if nameProp.IsNil() {
-		return types.StringDefault("", r.Metadata())
-	}
-
-	if !nameProp.IsString() {
-		return types.StringDefault("", nameProp.Metadata())
-	}
-
-	return nameProp.AsStringValue()
-}

internal/app/cfsec/adapter/aws/cloudfront/distribution.go

@@ -12,14 +12,14 @@ func getDistributions(ctx parser.FileContext) (distributions []cloudfront.Distri
 
 	for _, r := range distributionResources {
 		distribution := cloudfront.Distribution{
-			WAFID: getWafId(r, ctx),
+			WAFID: r.GetStringProperty("DistributionConfig.WebACLId"),
 			Logging: cloudfront.Logging{
-				Bucket: getBucketName(r, ctx),
+				Bucket: r.GetStringProperty("DistributionConfig.Logging.Bucket"),
 			},
-			DefaultCacheBehaviour:  getDefaultCacheBehaviour(r, ctx),
+			DefaultCacheBehaviour:  getDefaultCacheBehaviour(r),
 			OrdererCacheBehaviours: nil,
 			ViewerCertificate: cloudfront.ViewerCertificate{
-				MinimumProtocolVersion: getTlsVersion(r),
+				MinimumProtocolVersion: r.GetStringProperty("DistributionConfig.ViewerCertificate.MinimumProtocolVersion"),
 			},
 		}
 
@@ -29,7 +29,7 @@ func getDistributions(ctx parser.FileContext) (distributions []cloudfront.Distri
 	return distributions
 }
 
-func getDefaultCacheBehaviour(r *parser.Resource, ctx parser.FileContext) cloudfront.CacheBehaviour {
+func getDefaultCacheBehaviour(r *parser.Resource) cloudfront.CacheBehaviour {
 	defaultCache := r.GetProperty("DistributionConfig.DefaultCacheBehavior")
 	if defaultCache.IsNil() {
 		return cloudfront.CacheBehaviour{
@@ -47,40 +47,3 @@ func getDefaultCacheBehaviour(r *parser.Resource, ctx parser.FileContext) cloudf
 		ViewerProtocolPolicy: protoProp.AsStringValue(),
 	}
 }
-
-func getTlsVersion(r *parser.Resource) types.StringValue {
-
-	tlsVerProp := r.GetProperty("DistributionConfig.ViewerCertificate.MinimumProtocolVersion")
-
-	if tlsVerProp.IsNil() {
-		return types.StringDefault("TLSv1", r.Metadata())
-	}
-
-	if tlsVerProp.IsEmpty() {
-		return types.StringDefault("TLSv1", r.Metadata())
-	}
-
-	return tlsVerProp.AsStringValue()
-}
-
-func getBucketName(r *parser.Resource, ctx parser.FileContext) types.StringValue {
-	logBucketProp := r.GetProperty("DistributionConfig.Logging.Bucket")
-	if logBucketProp.IsNil() {
-		return types.StringDefault("", r.Metadata())
-	}
-	if logBucketProp.IsEmpty() {
-		return types.StringDefault("", logBucketProp.Metadata())
-	}
-	return logBucketProp.AsStringValue()
-}
-
-func getWafId(r *parser.Resource, ctx parser.FileContext) types.StringValue {
-	wafIdProp := r.GetProperty("DistributionConfig.WebACLId")
-	if wafIdProp.IsNil() {
-		return types.StringDefault("", r.Metadata())
-	}
-	if wafIdProp.IsEmpty() {
-		return types.StringDefault("", wafIdProp.Metadata())
-	}
-	return wafIdProp.AsStringValue()
-}

internal/app/cfsec/adapter/aws/cloudtrail/trails.go

@@ -3,7 +3,6 @@ package cloudtrail
 import (
 	"github.com/aquasecurity/cfsec/internal/app/cfsec/parser"
 	"github.com/aquasecurity/defsec/provider/aws/cloudtrail"
-	"github.com/aquasecurity/defsec/types"
 )
 
 func getCloudTrails(ctx parser.FileContext) (trails []cloudtrail.Trail) {
@@ -12,50 +11,13 @@ func getCloudTrails(ctx parser.FileContext) (trails []cloudtrail.Trail) {
 
 	for _, r := range cloudtrailResources {
 		ct := cloudtrail.Trail{
-			Name:                    getTrailName(r),
-			EnableLogFileValidation: hasLogValidation(r),
-			IsMultiRegion:           isMultiRegion(r),
-			KMSKeyID:                getKmsId(r),
+			Name:                    r.GetStringProperty("TrailName"),
+			EnableLogFileValidation: r.GetBoolProperty("EnableLogFileValidation"),
+			IsMultiRegion:           r.GetBoolProperty("IsMultiRegionTrail"),
+			KMSKeyID:                r.GetStringProperty("KmsKeyId"),
 		}
 
 		trails = append(trails, ct)
 	}
-
 	return trails
 }
-
-func getKmsId(r *parser.Resource) types.StringValue {
-	prop := r.GetProperty("KmsKeyId")
-
-	if prop.IsNil() || !prop.IsString() {
-		return types.StringDefault("", r.Metadata())
-	}
-	return prop.AsStringValue()
-}
-
-func isMultiRegion(r *parser.Resource) types.BoolValue {
-	prop := r.GetProperty("IsMultiRegionTrail")
-
-	if prop.IsNil() || !prop.IsBool() {
-		return types.BoolDefault(false, r.Metadata())
-	}
-	return prop.AsBoolValue()
-}
-
-func hasLogValidation(r *parser.Resource) types.BoolValue {
-	prop := r.GetProperty("EnableLogFileValidation")
-
-	if prop.IsNil() || !prop.IsBool() {
-		return types.BoolDefault(false, r.Metadata())
-	}
-	return prop.AsBoolValue()
-}
-
-func getTrailName(r *parser.Resource) types.StringValue {
-	prop := r.GetProperty("TrailName")
-
-	if prop.IsNil() || !prop.IsString() {
-		return types.StringDefault("", r.Metadata())
-	}
-	return prop.AsStringValue()
-}