⭐️ cloudformation provider

Makefile

@@ -203,7 +203,8 @@ providers/build: \
 	providers/build/azure \
 	providers/build/ms365 \
 	providers/build/aws \
-	providers/build/atlassian
+	providers/build/atlassian \
+	providers/build/cloudformation
 
 .PHONY: providers/install
 # Note we need \ to escape the target line into multiple lines
@@ -228,7 +229,8 @@ providers/install: \
 	providers/install/azure \
 	providers/install/ms365 \
 	providers/install/atlassian \
-	providers/install/aws
+	providers/install/aws \
+    providers/build/cloudformation
 
 providers/build/mock: providers/lr
 	./lr go providers-sdk/v1/testutils/mockprovider/resources/mockprovider.lr
@@ -341,6 +343,11 @@ providers/build/ms365: providers/lr
 providers/install/ms365:
 	@$(call installProvider, providers/ms365)
 
+providers/build/cloudformation: providers/lr
+	@$(call buildProvider, providers/cloudformation)
+providers/install/cloudformation:
+	@$(call installProvider, providers/cloudformation)
+
 providers/dist:
 	@$(call buildProviderDist, providers/network)
 	@$(call buildProviderDist, providers/os)
@@ -363,6 +370,7 @@ providers/dist:
 	@$(call buildProviderDist, providers/ms365)
 	@$(call buildProviderDist, providers/aws)
 	@$(call buildProviderDist, providers/atlassian)
+	@$(call buildProviderDist, providers/cloudformation)
 
 providers/bundle:
 	@$(call bundleProvider, providers/network)
@@ -386,6 +394,7 @@ providers/bundle:
 	@$(call bundleProvider, providers/ms365)
 	@$(call bundleProvider, providers/aws)
 	@$(call bundleProvider, providers/atlassian)
+	@$(call bundleProvider, providers/cloudformation)
 
 providers/test:
 	@$(call testProvider, providers/core)
@@ -410,6 +419,7 @@ providers/test:
 	@$(call testGoModProvider, providers/ms365)
 	@$(call testGoModProvider, providers/aws)
 	@$(call testGoModProvider, providers/atlassian)
+	@$(call testGoModProvider, providers/cloudformation)
 
 lr/test:
 	go test ./resources/lr/...
@@ -434,7 +444,7 @@ lr/docs/markdown: providers/lr
 		--docs-file providers/atlassian/resources/atlassian.lr.manifest.yaml \
 		--output ../docs/docs/mql/resources/atlassian-pack
 	./lr markdown providers/aws/resources/aws.lr \
-    --pack-name "Amazon Web Services (AWS)" \
+    	--pack-name "Amazon Web Services (AWS)" \
 		--description "The Amazon Web Services (AWS) resource pack lets you use MQL to query and assess the security of your AWS cloud services." \
 		--docs-file providers/aws/resources/aws.lr.manifest.yaml \
 		--output ../docs/docs/mql/resources/aws-pack
@@ -443,6 +453,11 @@ lr/docs/markdown: providers/lr
 		--description "The Azure resource pack lets you use MQL to query and assess the security of your Azure cloud services." \
 		--docs-file providers/azure/resources/azure.lr.manifest.yaml \
 		--output ../docs/docs/mql/resources/azure-pack
+	./lr markdown providers/cloudformation/resources/cloudformation.lr \
+		--pack-name "AWS CloudFormation" \
+		--description "The AWS CloudFormation resource pack lets you use MQL to query and assess the security of your AWS CloudFormation." \
+		--docs-file providers/cloudformation/resources/cloudformation.lr.manifest.yaml \
+		--output ../docs/docs/mql/resources/cloudformation-pack
 	./lr markdown providers/core/resources/core.lr \
 		--pack-name "Core" \
 		--description "The Core pack provides basic MQL resources that let you query and assess the security of assets in your infrastructure." \

providers/cloudformation/README.md

@@ -0,0 +1,4 @@
+
+
+
+https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/template-reference.html

providers/cloudformation/config/config.go

@@ -0,0 +1,27 @@
+// Copyright (c) Mondoo, Inc.
+// SPDX-License-Identifier: BUSL-1.1
+
+package config
+
+import (
+	"go.mondoo.com/cnquery/v11/providers-sdk/v1/plugin"
+	"go.mondoo.com/cnquery/v11/providers/cloudformation/provider"
+)
+
+var Config = plugin.Provider{
+	Name:            "cloudformation",
+	ID:              "go.mondoo.com/cnquery/v11/providers/cloudformation",
+	Version:         "11.0.0",
+	ConnectionTypes: []string{provider.DefaultConnectionType},
+	Connectors: []plugin.Connector{
+		{
+			Name:      "cloudformation",
+			Use:       "cloudformation PATH",
+			Short:     "AWS Cloudformation template or AWS SAM template",
+			MinArgs:   1,
+			MaxArgs:   1,
+			Discovery: []string{},
+			Flags:     []plugin.Flag{},
+		},
+	},
+}

providers/cloudformation/connection/connection.go

@@ -0,0 +1,62 @@
+// Copyright (c) Mondoo, Inc.
+// SPDX-License-Identifier: BUSL-1.1
+
+package connection
+
+import (
+	"os"
+
+	"github.com/aws-cloudformation/rain/cft"
+	"github.com/aws-cloudformation/rain/cft/parse"
+	"go.mondoo.com/cnquery/v11/providers-sdk/v1/inventory"
+	"go.mondoo.com/cnquery/v11/providers-sdk/v1/plugin"
+)
+
+var _ plugin.Connection = (*CloudformationConnection)(nil)
+
+type CloudformationConnection struct {
+	plugin.Connection
+	Conf  *inventory.Config
+	asset *inventory.Asset
+	// Add custom connection fields here
+	path        string
+	cftTemplate cft.Template
+}
+
+func NewCloudformationConnection(id uint32, asset *inventory.Asset, conf *inventory.Config) (*CloudformationConnection, error) {
+	conn := &CloudformationConnection{
+		Connection: plugin.NewConnection(id, asset),
+		Conf:       conf,
+		asset:      asset,
+	}
+	// initialize your connection here
+	cc := asset.Connections[0]
+	path := cc.Options["path"]
+	conn.path = path
+
+	f, err := os.Open(path)
+	if err != nil {
+		return nil, err
+	}
+	defer f.Close()
+
+	cftTemplate, err := parse.Reader(f)
+	if err != nil {
+		return nil, err
+	}
+	conn.cftTemplate = cftTemplate
+
+	return conn, nil
+}
+
+func (c *CloudformationConnection) Name() string {
+	return "cloudformation"
+}
+
+func (c *CloudformationConnection) Asset() *inventory.Asset {
+	return c.asset
+}
+
+func (c *CloudformationConnection) CftTemplate() cft.Template {
+	return c.cftTemplate
+}

providers/cloudformation/connection/connection_test.go

@@ -0,0 +1,46 @@
+// Copyright (c) Mondoo, Inc.
+// SPDX-License-Identifier: BUSL-1.1
+
+package connection
+
+import (
+	"bytes"
+	"fmt"
+	"os"
+	"testing"
+
+	"github.com/aws-cloudformation/rain/cft"
+	"github.com/aws-cloudformation/rain/cft/parse"
+	"github.com/stretchr/testify/require"
+)
+
+func TestParse(t *testing.T) {
+	testTemplate, err := os.ReadFile("testdata/json/ec2instance.json")
+	require.NoError(t, err)
+	cftTemplate, err := parse.Reader(bytes.NewReader(testTemplate))
+	require.NoError(t, err)
+	require.NotNil(t, cftTemplate)
+
+	resource, err := cftTemplate.GetResource("myLaunchTemplate")
+	if err != nil {
+		t.Fatal(err)
+	}
+	if resource == nil {
+		t.Error("Unexpected: resource is nil")
+	}
+
+	section, err := cftTemplate.GetSection(cft.Resources)
+	require.NoError(t, err)
+	require.NotNil(t, section)
+
+	for i := 0; i < len(section.Content); i += 2 {
+		logicalId := section.Content[i].Value
+		resource := section.Content[i+1]
+		fmt.Print(logicalId, resource)
+	}
+
+	types, err := cftTemplate.GetTypes()
+	require.NoError(t, err)
+	fmt.Println(types)
+
+}

providers/cloudformation/connection/testdata/json/ec2instance.json

@@ -0,0 +1,94 @@
+{
+  "Resources":{
+    "myLaunchTemplate":{
+      "Type":"AWS::EC2::LaunchTemplate",
+      "Properties":{
+        "LaunchTemplateName":{ "Fn::Sub": "${AWS::StackName}-launch-template" },
+        "LaunchTemplateData":{
+          "ImageId":"ami-02354e95b3example",
+          "InstanceType":"t3.micro",
+          "IamInstanceProfile":{
+            "Name":{
+              "Ref":"myInstanceProfile"
+            }
+          },
+          "SecurityGroupIds":[
+            {
+              "Ref":"myNewEC2SecurityGroup"
+            },
+            "sg-083cd3bfb8example"
+          ],
+          "UserData":{
+            "Fn::Base64":{
+              "Fn::Join": [
+                "", [
+                  "#!/bin/bash\n",
+                  "cd /tmp\n",
+                  "yum install -y https://s3.amazonaws.com/ec2-downloads-windows/SSMAgent/latest/linux_amd64/amazon-ssm-agent.rpm\n",
+                  "systemctl enable amazon-ssm-agent\n",
+                  "systemctl start amazon-ssm-agent\n"
+                ]
+              ]
+            }
+          },
+          "TagSpecifications":[
+            {
+              "ResourceType":"instance",
+              "Tags":[
+                {
+                  "Key":"environment",
+                  "Value":"development"
+                }
+              ]
+            },
+            {
+              "ResourceType":"volume",
+              "Tags":[
+                {
+                  "Key":"environment",
+                  "Value":"development"
+                }
+              ]
+            }
+          ]
+        }
+      }
+    },
+    "myInstanceRole":{
+      "Type":"AWS::IAM::Role",
+      "Properties":{
+        "RoleName":"InstanceRole",
+        "AssumeRolePolicyDocument":{
+          "Version":"2012-10-17",
+          "Statement":[
+            {
+              "Effect":"Allow",
+              "Principal":{
+                "Service":[
+                  "ec2.amazonaws.com"
+                ]
+              },
+              "Action":[
+                "sts:AssumeRole"
+              ]
+            }
+          ]
+        },
+        "ManagedPolicyArns":[
+          "arn:aws:iam::aws:policy/myCustomerManagedPolicy"
+        ]
+      }
+    },
+    "myInstanceProfile":{
+      "Type":"AWS::IAM::InstanceProfile",
+      "Properties":{
+        "Path":"/",
+        "Roles":[
+          {
+            "Ref":"myInstanceRole"
+          }
+        ]
+      }
+    }
+  }
+}

providers/cloudformation/gen/main.go

@@ -0,0 +1,13 @@
+// Copyright (c) Mondoo, Inc.
+// SPDX-License-Identifier: BUSL-1.1
+
+package main
+
+import (
+	"go.mondoo.com/cnquery/v11/providers-sdk/v1/plugin/gen"
+	"go.mondoo.com/cnquery/v11/providers/cloudformation/config"
+)
+
+func main() {
+	gen.CLI(&config.Config)
+}