package ec2 import ( "github.com/owenrumney/squealer/pkg/squealer" iacTypes "github.com/aquasecurity/trivy/pkg/iac/types" ) type Instance struct { Metadata iacTypes.Metadata MetadataOptions MetadataOptions UserData iacTypes.StringValue SecurityGroups []SecurityGroup RootBlockDevice *BlockDevice EBSBlockDevices []*BlockDevice } type BlockDevice struct { Metadata iacTypes.Metadata Encrypted iacTypes.BoolValue } type MetadataOptions struct { Metadata iacTypes.Metadata HttpTokens iacTypes.StringValue HttpEndpoint iacTypes.StringValue } func NewInstance(metadata iacTypes.Metadata) *Instance { return &Instance{ Metadata: metadata, MetadataOptions: MetadataOptions{ Metadata: metadata, HttpTokens: iacTypes.StringDefault("optional", metadata), HttpEndpoint: iacTypes.StringDefault("enabled", metadata), }, UserData: iacTypes.StringDefault("", metadata), SecurityGroups: []SecurityGroup{}, RootBlockDevice: nil, EBSBlockDevices: nil, } } func (i *Instance) RequiresIMDSToken() bool { return i.MetadataOptions.HttpTokens.EqualTo("required") } func (i *Instance) HasHTTPEndpointDisabled() bool { return i.MetadataOptions.HttpEndpoint.EqualTo("disabled") } func (i *Instance) HasSensitiveInformationInUserData() bool { scanner := squealer.NewStringScanner() return scanner.Scan(i.UserData.Value()).TransgressionFound }