provider: Prevent potential panics due to setting resource identifier…

…s with raw string pointer dereferencing (#16594)

Reference: #12992

These fixes were automatically applied by `semgrep --autofix` and are always safe since `(helper/schema.ResourceData).SetId()` only accepts a `string` type. Other types would generate a Go compilation error.

Output from acceptance testing (provided as a smoke test):

```
--- PASS: TestAccDataSourceAwsApiGatewayRestApi_basic (24.51s)
```

.semgrep.yml

@@ -35,6 +35,16 @@ rules:
           metavariable: '$Y'
           regex: '^"github.com/aws/aws-sdk-go/service/[^/]+"$'
     severity: WARNING
+
+  - id: aws-go-sdk-pointer-conversion-ResourceData-SetId
+    fix: d.SetId(aws.StringValue($VALUE))
+    languages: [go]
+    message: Prefer AWS Go SDK pointer conversion aws.StringValue() function for dereferencing during d.SetId()
+    paths:
+      include:
+        - aws/
+    pattern: 'd.SetId(*$VALUE)'
+    severity: WARNING
 
   - id: helper-schema-ResourceData-GetOk-with-extraneous-conditional
     languages: [go]

aws/data_source_aws_api_gateway_resource.go

@@ -59,7 +59,7 @@ func dataSourceAwsApiGatewayResourceRead(d *schema.ResourceData, meta interface{
 		return fmt.Errorf("no Resources with path %q found for rest api %q", target, restApiId)
 	}
 
-	d.SetId(*match.Id)
+	d.SetId(aws.StringValue(match.Id))
 	d.Set("path_part", match.PathPart)
 	d.Set("parent_id", match.ParentId)
 

aws/data_source_aws_api_gateway_rest_api.go

@@ -105,7 +105,7 @@ func dataSourceAwsApiGatewayRestApiRead(d *schema.ResourceData, meta interface{}
 
 	match := matchedApis[0]
 
-	d.SetId(*match.Id)
+	d.SetId(aws.StringValue(match.Id))
 
 	restApiArn := arn.ARN{
 		Partition: meta.(*AWSClient).partition,

aws/data_source_aws_api_gateway_vpc_link.go

@@ -76,7 +76,7 @@ func dataSourceAwsApiGatewayVpcLinkRead(d *schema.ResourceData, meta interface{}
 
 	match := matchedVpcLinks[0]
 
-	d.SetId(*match.Id)
+	d.SetId(aws.StringValue(match.Id))
 	d.Set("name", match.Name)
 	d.Set("status", match.Status)
 	d.Set("status_message", match.StatusMessage)

aws/data_source_aws_cloudformation_stack.go

@@ -84,7 +84,7 @@ func dataSourceAwsCloudFormationStackRead(d *schema.ResourceData, meta interface
 		return fmt.Errorf("Expected 1 CloudFormation stack (%s), found %d", name, l)
 	}
 	stack := out.Stacks[0]
-	d.SetId(*stack.StackId)
+	d.SetId(aws.StringValue(stack.StackId))
 
 	d.Set("description", stack.Description)
 	d.Set("disable_rollback", stack.DisableRollback)

aws/data_source_aws_db_snapshot.go

@@ -195,7 +195,7 @@ func mostRecentDbSnapshot(snapshots []*rds.DBSnapshot) *rds.DBSnapshot {
 }
 
 func dbSnapshotDescriptionAttributes(d *schema.ResourceData, snapshot *rds.DBSnapshot) error {
-	d.SetId(*snapshot.DBSnapshotIdentifier)
+	d.SetId(aws.StringValue(snapshot.DBSnapshotIdentifier))
 	d.Set("db_instance_identifier", snapshot.DBInstanceIdentifier)
 	d.Set("db_snapshot_identifier", snapshot.DBSnapshotIdentifier)
 	d.Set("snapshot_type", snapshot.SnapshotType)

aws/data_source_aws_dynamodb_table.go

@@ -224,7 +224,7 @@ func dataSourceAwsDynamoDbTableRead(d *schema.ResourceData, meta interface{}) er
 		return fmt.Errorf("Error retrieving DynamoDB table: %s", err)
 	}
 
-	d.SetId(*result.Table.TableName)
+	d.SetId(aws.StringValue(result.Table.TableName))
 
 	err = flattenAwsDynamoDbTableResource(d, result.Table)
 	if err != nil {

aws/data_source_aws_ebs_volume.go

@@ -5,6 +5,7 @@ import (
 	"log"
 	"sort"
 
+	"github.com/aws/aws-sdk-go/aws"
 	"github.com/aws/aws-sdk-go/aws/arn"
 	"github.com/aws/aws-sdk-go/service/ec2"
 	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
@@ -129,7 +130,7 @@ func mostRecentVolume(volumes []*ec2.Volume) *ec2.Volume {
 }
 
 func volumeDescriptionAttributes(d *schema.ResourceData, client *AWSClient, volume *ec2.Volume) error {
-	d.SetId(*volume.VolumeId)
+	d.SetId(aws.StringValue(volume.VolumeId))
 	d.Set("volume_id", volume.VolumeId)
 
 	arn := arn.ARN{

aws/data_source_aws_efs_access_point.go

@@ -113,7 +113,7 @@ func dataSourceAwsEfsAccessPointRead(d *schema.ResourceData, meta interface{}) e
 
 	log.Printf("[DEBUG] Found EFS access point: %#v", ap)
 
-	d.SetId(*ap.AccessPointId)
+	d.SetId(aws.StringValue(ap.AccessPointId))
 
 	fsARN := arn.ARN{
 		AccountID: meta.(*AWSClient).accountid,

aws/data_source_aws_elastic_beanstalk_solution_stack.go

@@ -5,6 +5,7 @@ import (
 	"log"
 	"regexp"
 
+	"github.com/aws/aws-sdk-go/aws"
 	"github.com/aws/aws-sdk-go/service/elasticbeanstalk"
 	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
 	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/validation"
@@ -88,7 +89,7 @@ func mostRecentSolutionStack(solutionStacks []*string) *string {
 // populate the numerous fields that the image description returns.
 func solutionStackDescriptionAttributes(d *schema.ResourceData, solutionStack *string) error {
 	// Simple attributes first
-	d.SetId(*solutionStack)
+	d.SetId(aws.StringValue(solutionStack))
 	d.Set("name", solutionStack)
 	return nil
 }

aws/data_source_aws_elasticache_cluster.go

@@ -174,7 +174,7 @@ func dataSourceAwsElastiCacheClusterRead(d *schema.ResourceData, meta interface{
 
 	cluster := resp.CacheClusters[0]
 
-	d.SetId(*cluster.CacheClusterId)
+	d.SetId(aws.StringValue(cluster.CacheClusterId))
 
 	d.Set("cluster_id", cluster.CacheClusterId)
 	d.Set("node_type", cluster.CacheNodeType)

aws/data_source_aws_elasticsearch_domain.go

@@ -294,7 +294,7 @@ func dataSourceAwsElasticSearchDomainRead(d *schema.ResourceData, meta interface
 
 	ds := resp.DomainStatus
 
-	d.SetId(*ds.ARN)
+	d.SetId(aws.StringValue(ds.ARN))
 
 	if ds.AccessPolicies != nil && *ds.AccessPolicies != "" {
 		policies, err := structure.NormalizeJsonString(*ds.AccessPolicies)

aws/data_source_aws_elb.go

@@ -212,7 +212,7 @@ func dataSourceAwsElbRead(d *schema.ResourceData, meta interface{}) error {
 	if len(resp.LoadBalancerDescriptions) != 1 {
 		return fmt.Errorf("Search returned %d results, please revise so only one is returned", len(resp.LoadBalancerDescriptions))
 	}
-	d.SetId(*resp.LoadBalancerDescriptions[0].LoadBalancerName)
+	d.SetId(aws.StringValue(resp.LoadBalancerDescriptions[0].LoadBalancerName))
 
 	arn := arn.ARN{
 		Partition: meta.(*AWSClient).partition,

aws/data_source_aws_iam_group.go

@@ -85,7 +85,7 @@ func dataSourceAwsIAMGroupRead(d *schema.ResourceData, meta interface{}) error {
 		return fmt.Errorf("no IAM group found")
 	}
 
-	d.SetId(*group.GroupId)
+	d.SetId(aws.StringValue(group.GroupId))
 	d.Set("arn", group.Arn)
 	d.Set("path", group.Path)
 	d.Set("group_id", group.GroupId)

aws/data_source_aws_iam_instance_profile.go

@@ -66,7 +66,7 @@ func dataSourceAwsIAMInstanceProfileRead(d *schema.ResourceData, meta interface{
 
 	instanceProfile := resp.InstanceProfile
 
-	d.SetId(*instanceProfile.InstanceProfileId)
+	d.SetId(aws.StringValue(instanceProfile.InstanceProfileId))
 	d.Set("arn", instanceProfile.Arn)
 	d.Set("create_date", fmt.Sprintf("%v", instanceProfile.CreateDate))
 	d.Set("path", instanceProfile.Path)

aws/data_source_aws_iam_server_certificate.go

@@ -134,7 +134,7 @@ func dataSourceAwsIAMServerCertificateRead(d *schema.ResourceData, meta interfac
 	}
 
 	metadata := metadatas[0]
-	d.SetId(*metadata.ServerCertificateId)
+	d.SetId(aws.StringValue(metadata.ServerCertificateId))
 	d.Set("arn", metadata.Arn)
 	d.Set("path", metadata.Path)
 	d.Set("name", metadata.ServerCertificateName)

aws/data_source_aws_instance.go

@@ -409,7 +409,7 @@ func dataSourceAwsInstanceRead(d *schema.ResourceData, meta interface{}) error {
 
 // Populate instance attribute fields with the returned instance
 func instanceDescriptionAttributes(d *schema.ResourceData, instance *ec2.Instance, conn *ec2.EC2, ignoreTagsConfig *keyvaluetags.IgnoreConfig) error {
-	d.SetId(*instance.InstanceId)
+	d.SetId(aws.StringValue(instance.InstanceId))
 	// Set the easy attributes
 	d.Set("instance_state", instance.State.Name)
 	if instance.Placement != nil {

aws/data_source_aws_lambda_alias.go

@@ -62,7 +62,7 @@ func dataSourceAwsLambdaAliasRead(d *schema.ResourceData, meta interface{}) erro
 		return fmt.Errorf("Error getting Lambda alias: %s", err)
 	}
 
-	d.SetId(*aliasConfiguration.AliasArn)
+	d.SetId(aws.StringValue(aliasConfiguration.AliasArn))
 
 	d.Set("arn", aliasConfiguration.AliasArn)
 	d.Set("description", aliasConfiguration.Description)

aws/data_source_aws_lb_listener.go

@@ -245,7 +245,7 @@ func dataSourceAwsLbListenerRead(d *schema.ResourceData, meta interface{}) error
 	for _, listener := range resp.Listeners {
 		if *listener.Port == int64(port.(int)) {
 			//log.Printf("[DEBUG] get listener arn for %s:%s: %s", lbArn, port, *listener.Port)
-			d.SetId(*listener.ListenerArn)
+			d.SetId(aws.StringValue(listener.ListenerArn))
 			return resourceAwsLbListenerRead(d, meta)
 		}
 	}

aws/data_source_aws_network_interface.go

@@ -165,7 +165,7 @@ func dataSourceAwsNetworkInterfaceRead(d *schema.ResourceData, meta interface{})
 
 	eni := resp.NetworkInterfaces[0]
 
-	d.SetId(*eni.NetworkInterfaceId)
+	d.SetId(aws.StringValue(eni.NetworkInterfaceId))
 	if eni.Association != nil {
 		d.Set("association", flattenEc2NetworkInterfaceAssociation(eni.Association))
 	}

aws/data_source_aws_prefix_list.go

@@ -62,7 +62,7 @@ func dataSourceAwsPrefixListRead(d *schema.ResourceData, meta interface{}) error
 
 	pl := resp.PrefixLists[0]
 
-	d.SetId(*pl.PrefixListId)
+	d.SetId(aws.StringValue(pl.PrefixListId))
 	d.Set("name", pl.PrefixListName)
 
 	cidrs := make([]string, len(pl.Cidrs))

aws/data_source_aws_security_group.go

@@ -90,7 +90,7 @@ func dataSourceAwsSecurityGroupRead(d *schema.ResourceData, meta interface{}) er
 
 	sg := resp.SecurityGroups[0]
 
-	d.SetId(*sg.GroupId)
+	d.SetId(aws.StringValue(sg.GroupId))
 	d.Set("name", sg.GroupName)
 	d.Set("description", sg.Description)
 	d.Set("vpc_id", sg.VpcId)

aws/data_source_aws_sfn_activity.go

@@ -73,7 +73,7 @@ func dataSourceAwsSfnActivityRead(d *schema.ResourceData, meta interface{}) erro
 
 		act := acts[0]
 
-		d.SetId(*act.ActivityArn)
+		d.SetId(aws.StringValue(act.ActivityArn))
 		d.Set("name", act.Name)
 		d.Set("arn", act.ActivityArn)
 		if err := d.Set("creation_date", act.CreationDate.Format(time.RFC3339)); err != nil {
@@ -96,7 +96,7 @@ func dataSourceAwsSfnActivityRead(d *schema.ResourceData, meta interface{}) erro
 			return fmt.Errorf("No activity found with arn %s in this region", arn)
 		}
 
-		d.SetId(*act.ActivityArn)
+		d.SetId(aws.StringValue(act.ActivityArn))
 		d.Set("name", act.Name)
 		d.Set("arn", act.ActivityArn)
 		if err := d.Set("creation_date", act.CreationDate.Format(time.RFC3339)); err != nil {

aws/data_source_aws_ssm_parameter.go

@@ -63,7 +63,7 @@ func dataAwsSsmParameterRead(d *schema.ResourceData, meta interface{}) error {
 	}
 
 	param := resp.Parameter
-	d.SetId(*param.Name)
+	d.SetId(aws.StringValue(param.Name))
 
 	arn := arn.ARN{
 		Partition: meta.(*AWSClient).partition,

aws/data_source_aws_ssm_patch_baseline.go

@@ -107,7 +107,7 @@ func dataAwsSsmPatchBaselineRead(d *schema.ResourceData, meta interface{}) error
 
 	baseline := *filteredBaselines[0]
 
-	d.SetId(*baseline.BaselineId)
+	d.SetId(aws.StringValue(baseline.BaselineId))
 	d.Set("name", baseline.BaselineName)
 	d.Set("description", baseline.BaselineDescription)
 	d.Set("default_baseline", baseline.DefaultBaseline)

aws/data_source_aws_subnet.go

@@ -166,7 +166,7 @@ func dataSourceAwsSubnetRead(d *schema.ResourceData, meta interface{}) error {
 
 	subnet := resp.Subnets[0]
 
-	d.SetId(*subnet.SubnetId)
+	d.SetId(aws.StringValue(subnet.SubnetId))
 	d.Set("vpc_id", subnet.VpcId)
 	d.Set("availability_zone", subnet.AvailabilityZone)
 	d.Set("availability_zone_id", subnet.AvailabilityZoneId)

aws/resource_aws_acm_certificate.go

@@ -285,7 +285,7 @@ func resourceAwsAcmCertificateCreateRequested(d *schema.ResourceData, meta inter
 		return fmt.Errorf("Error requesting certificate: %s", err)
 	}
 
-	d.SetId(*resp.CertificateArn)
+	d.SetId(aws.StringValue(resp.CertificateArn))
 
 	return resourceAwsAcmCertificateRead(d, meta)
 }

aws/resource_aws_api_gateway_client_certificate.go

@@ -63,7 +63,7 @@ func resourceAwsApiGatewayClientCertificateCreate(d *schema.ResourceData, meta i
 		return fmt.Errorf("Failed to generate client certificate: %s", err)
 	}
 
-	d.SetId(*out.ClientCertificateId)
+	d.SetId(aws.StringValue(out.ClientCertificateId))
 
 	return resourceAwsApiGatewayClientCertificateRead(d, meta)
 }

aws/resource_aws_api_gateway_deployment.go

@@ -96,7 +96,7 @@ func resourceAwsApiGatewayDeploymentCreate(d *schema.ResourceData, meta interfac
 		return fmt.Errorf("Error creating API Gateway Deployment: %s", err)
 	}
 
-	d.SetId(*deployment.Id)
+	d.SetId(aws.StringValue(deployment.Id))
 	log.Printf("[DEBUG] API Gateway Deployment ID: %s", d.Id())
 
 	return resourceAwsApiGatewayDeploymentRead(d, meta)

aws/resource_aws_api_gateway_domain_name.go

@@ -202,7 +202,7 @@ func resourceAwsApiGatewayDomainNameCreate(d *schema.ResourceData, meta interfac
 		return fmt.Errorf("Error creating API Gateway Domain Name: %s", err)
 	}
 
-	d.SetId(*domainName.DomainName)
+	d.SetId(aws.StringValue(domainName.DomainName))
 
 	return resourceAwsApiGatewayDomainNameRead(d, meta)
 }

aws/resource_aws_api_gateway_model.go

@@ -103,7 +103,7 @@ func resourceAwsApiGatewayModelCreate(d *schema.ResourceData, meta interface{})
 		return fmt.Errorf("Error creating API Gateway Model: %s", err)
 	}
 
-	d.SetId(*model.Id)
+	d.SetId(aws.StringValue(model.Id))
 
 	return nil
 }

aws/resource_aws_api_gateway_request_validator.go

@@ -72,7 +72,7 @@ func resourceAwsApiGatewayRequestValidatorCreate(d *schema.ResourceData, meta in
 		return fmt.Errorf("Error creating Request Validator: %s", err)
 	}
 
-	d.SetId(*out.Id)
+	d.SetId(aws.StringValue(out.Id))
 
 	return nil
 }

aws/resource_aws_api_gateway_resource.go

@@ -70,7 +70,7 @@ func resourceAwsApiGatewayResourceCreate(d *schema.ResourceData, meta interface{
 		return fmt.Errorf("Error creating API Gateway Resource: %s", err)
 	}
 
-	d.SetId(*resource.Id)
+	d.SetId(aws.StringValue(resource.Id))
 
 	return resourceAwsApiGatewayResourceRead(d, meta)
 }

aws/resource_aws_api_gateway_rest_api.go

@@ -173,7 +173,7 @@ func resourceAwsApiGatewayRestApiCreate(d *schema.ResourceData, meta interface{}
 		return fmt.Errorf("Error creating API Gateway: %s", err)
 	}
 
-	d.SetId(*gateway.Id)
+	d.SetId(aws.StringValue(gateway.Id))
 
 	if body, ok := d.GetOk("body"); ok {
 		log.Printf("[DEBUG] Initializing API Gateway from OpenAPI spec %s", d.Id())

aws/resource_aws_api_gateway_usage_plan_key.go

@@ -77,7 +77,7 @@ func resourceAwsApiGatewayUsagePlanKeyCreate(d *schema.ResourceData, meta interf
 		return fmt.Errorf("Error creating API Gateway Usage Plan Key: %s", err)
 	}
 
-	d.SetId(*up.Id)
+	d.SetId(aws.StringValue(up.Id))
 
 	return resourceAwsApiGatewayUsagePlanKeyRead(d, meta)
 }

aws/resource_aws_api_gateway_vpc_link.go

@@ -74,7 +74,7 @@ func resourceAwsApiGatewayVpcLinkCreate(d *schema.ResourceData, meta interface{}
 		return err
 	}
 
-	d.SetId(*resp.Id)
+	d.SetId(aws.StringValue(resp.Id))
 
 	stateConf := &resource.StateChangeConf{
 		Pending:    []string{apigateway.VpcLinkStatusPending},

aws/resource_aws_appsync_graphql_api.go

@@ -242,7 +242,7 @@ func resourceAwsAppsyncGraphqlApiCreate(d *schema.ResourceData, meta interface{}
 		return fmt.Errorf("error creating AppSync GraphQL API: %s", err)
 	}
 
-	d.SetId(*resp.GraphqlApi.ApiId)
+	d.SetId(aws.StringValue(resp.GraphqlApi.ApiId))
 
 	if err := resourceAwsAppsyncSchemaPut(d, meta); err != nil {
 		return fmt.Errorf("error creating AppSync GraphQL API (%s) Schema: %s", d.Id(), err)

aws/resource_aws_athena_named_query.go

@@ -68,7 +68,7 @@ func resourceAwsAthenaNamedQueryCreate(d *schema.ResourceData, meta interface{})
 	if err != nil {
 		return err
 	}
-	d.SetId(*resp.NamedQueryId)
+	d.SetId(aws.StringValue(resp.NamedQueryId))
 	return resourceAwsAthenaNamedQueryRead(d, meta)
 }
 

aws/resource_aws_batch_job_definition.go

@@ -144,7 +144,7 @@ func resourceAwsBatchJobDefinitionCreate(d *schema.ResourceData, meta interface{
 	if err != nil {
 		return fmt.Errorf("%s %q", err, name)
 	}
-	d.SetId(*out.JobDefinitionArn)
+	d.SetId(aws.StringValue(out.JobDefinitionArn))
 	d.Set("arn", out.JobDefinitionArn)
 	return resourceAwsBatchJobDefinitionRead(d, meta)
 }

aws/resource_aws_cloud9_environment_ec2.go

@@ -110,7 +110,7 @@ func resourceAwsCloud9EnvironmentEc2Create(d *schema.ResourceData, meta interfac
 	if err != nil {
 		return fmt.Errorf("Error creating Cloud9 EC2 Environment: %s", err)
 	}
-	d.SetId(*out.EnvironmentId)
+	d.SetId(aws.StringValue(out.EnvironmentId))
 
 	stateConf := resource.StateChangeConf{
 		Pending: []string{