package s3 import ( "github.com/aquasecurity/trivy/pkg/iac/providers/aws/iam" iacTypes "github.com/aquasecurity/trivy/pkg/iac/types" ) type Bucket struct { Metadata iacTypes.Metadata Name iacTypes.StringValue PublicAccessBlock *PublicAccessBlock BucketPolicies []iam.Policy Encryption Encryption Versioning Versioning Logging Logging ACL iacTypes.StringValue BucketLocation iacTypes.StringValue AccelerateConfigurationStatus iacTypes.StringValue LifecycleConfiguration []Rules Objects []Contents Website *Website } func (b *Bucket) HasPublicExposureACL() bool { for _, publicACL := range []string{"public-read", "public-read-write", "website", "authenticated-read"} { if b.ACL.EqualTo(publicACL) { // if there is a public access block, check the public ACL blocks if b.PublicAccessBlock != nil && b.PublicAccessBlock.Metadata.IsManaged() { return b.PublicAccessBlock.IgnorePublicACLs.IsFalse() && b.PublicAccessBlock.BlockPublicACLs.IsFalse() } return true } } return false } type Logging struct { Metadata iacTypes.Metadata Enabled iacTypes.BoolValue TargetBucket iacTypes.StringValue } type Versioning struct { Metadata iacTypes.Metadata Enabled iacTypes.BoolValue MFADelete iacTypes.BoolValue } type Encryption struct { Metadata iacTypes.Metadata Enabled iacTypes.BoolValue Algorithm iacTypes.StringValue KMSKeyId iacTypes.StringValue } type Rules struct { Metadata iacTypes.Metadata Status iacTypes.StringValue } type Contents struct { Metadata iacTypes.Metadata } type Website struct { Metadata iacTypes.Metadata }