diff --git a/.semgrep.yml b/.semgrep.yml index 8637bcd5012e..450e814a12fd 100644 --- a/.semgrep.yml +++ b/.semgrep.yml @@ -48,7 +48,28 @@ rules: metavariable: '$Y' regex: '^"github.com/aws/aws-sdk-go/service/[^/]+"$' severity: WARNING - + + - id: prefer-aws-go-sdk-pointer-conversion-assignment + languages: [go] + message: Prefer AWS Go SDK pointer conversion functions for dereferencing during assignment, e.g. aws.StringValue() + paths: + exclude: + - aws/cloudfront_distribution_configuration_structure.go + - aws/data_source_aws_route_table.go + - aws/opsworks_layers.go + - aws/resource* + - aws/structure.go + - aws/waf_helpers.go + - aws/internal/generators/ + - aws/internal/keyvaluetags/ + - awsproviderlint/vendor/ + include: + - aws/ + patterns: + - pattern: '$LHS = *$RHS' + - pattern-not: '*$LHS2 = *$RHS' + severity: WARNING + - id: aws-go-sdk-pointer-conversion-ResourceData-SetId fix: d.SetId(aws.StringValue($VALUE)) languages: [go] diff --git a/aws/data_source_aws_cloudfront_origin_request_policy.go b/aws/data_source_aws_cloudfront_origin_request_policy.go index c5ac2a9babb7..d7e735d4d5bd 100644 --- a/aws/data_source_aws_cloudfront_origin_request_policy.go +++ b/aws/data_source_aws_cloudfront_origin_request_policy.go @@ -128,7 +128,11 @@ func dataSourceAwsCloudFrontOriginRequestPolicyRead(d *schema.ResourceData, meta } d.Set("etag", aws.StringValue(resp.ETag)) - originRequestPolicy := *resp.OriginRequestPolicy.OriginRequestPolicyConfig + if resp == nil || resp.OriginRequestPolicy == nil || resp.OriginRequestPolicy.OriginRequestPolicyConfig == nil { + return nil + } + + originRequestPolicy := resp.OriginRequestPolicy.OriginRequestPolicyConfig d.Set("comment", aws.StringValue(originRequestPolicy.Comment)) d.Set("name", aws.StringValue(originRequestPolicy.Name)) d.Set("cookies_config", flattenCloudFrontOriginRequestPolicyCookiesConfig(originRequestPolicy.CookiesConfig)) diff --git a/aws/data_source_aws_db_instance.go b/aws/data_source_aws_db_instance.go index 9c856bc7dd3c..02491560d817 100644 --- a/aws/data_source_aws_db_instance.go +++ b/aws/data_source_aws_db_instance.go @@ -230,14 +230,14 @@ func dataSourceAwsDbInstanceRead(d *schema.ResourceData, meta interface{}) error return err } - if len(resp.DBInstances) < 1 { + if resp == nil || len(resp.DBInstances) < 1 || resp.DBInstances[0] == nil { return fmt.Errorf("Your query returned no results. Please change your search criteria and try again.") } if len(resp.DBInstances) > 1 { return fmt.Errorf("Your query returned more than one result. Please try a more specific search criteria.") } - dbInstance := *resp.DBInstances[0] + dbInstance := resp.DBInstances[0] d.SetId(d.Get("db_instance_identifier").(string)) diff --git a/aws/data_source_aws_ebs_volume.go b/aws/data_source_aws_ebs_volume.go index 6f64db6511ce..496198e3bb02 100644 --- a/aws/data_source_aws_ebs_volume.go +++ b/aws/data_source_aws_ebs_volume.go @@ -122,8 +122,8 @@ type volumeSort []*ec2.Volume func (a volumeSort) Len() int { return len(a) } func (a volumeSort) Swap(i, j int) { a[i], a[j] = a[j], a[i] } func (a volumeSort) Less(i, j int) bool { - itime := *a[i].CreateTime - jtime := *a[j].CreateTime + itime := aws.TimeValue(a[i].CreateTime) + jtime := aws.TimeValue(a[j].CreateTime) return itime.Unix() < jtime.Unix() } diff --git a/aws/data_source_aws_ec2_managed_prefix_list.go b/aws/data_source_aws_ec2_managed_prefix_list.go index cbee0c9e144b..92722378a1ce 100644 --- a/aws/data_source_aws_ec2_managed_prefix_list.go +++ b/aws/data_source_aws_ec2_managed_prefix_list.go @@ -93,7 +93,7 @@ func dataSourceAwsEc2ManagedPrefixListRead(ctx context.Context, d *schema.Resour return diag.Errorf("error describing EC2 Managed Prefix Lists: %s", err) } - if len(out.PrefixLists) < 1 { + if out == nil || len(out.PrefixLists) < 1 || out.PrefixLists[0] == nil { return diag.Errorf("no managed prefix lists matched the given criteria") } @@ -101,7 +101,7 @@ func dataSourceAwsEc2ManagedPrefixListRead(ctx context.Context, d *schema.Resour return diag.Errorf("more than 1 prefix list matched the given criteria") } - pl := *out.PrefixLists[0] + pl := out.PrefixLists[0] d.SetId(aws.StringValue(pl.PrefixListId)) d.Set("name", pl.PrefixListName) diff --git a/aws/data_source_aws_ecs_container_definition.go b/aws/data_source_aws_ecs_container_definition.go index 7c3b71048b6b..7fc8c6bb4425 100644 --- a/aws/data_source_aws_ecs_container_definition.go +++ b/aws/data_source_aws_ecs_container_definition.go @@ -72,10 +72,14 @@ func dataSourceAwsEcsContainerDefinitionRead(d *schema.ResourceData, meta interf desc, err := conn.DescribeTaskDefinition(params) if err != nil { - return err + return fmt.Errorf("error reading ECS Task Definition: %w", err) } - taskDefinition := *desc.TaskDefinition + if desc == nil || desc.TaskDefinition == nil { + return fmt.Errorf("error reading ECS Task Definition: empty response") + } + + taskDefinition := desc.TaskDefinition for _, def := range taskDefinition.ContainerDefinitions { if aws.StringValue(def.Name) != d.Get("container_name").(string) { continue diff --git a/aws/data_source_aws_ecs_task_definition.go b/aws/data_source_aws_ecs_task_definition.go index 27ce0ff4cdbd..07aec31648fd 100644 --- a/aws/data_source_aws_ecs_task_definition.go +++ b/aws/data_source_aws_ecs_task_definition.go @@ -56,7 +56,11 @@ func dataSourceAwsEcsTaskDefinitionRead(d *schema.ResourceData, meta interface{} return fmt.Errorf("Failed getting task definition %q: %w", d.Get("task_definition").(string), err) } - taskDefinition := *desc.TaskDefinition + if desc == nil || desc.TaskDefinition == nil { + return fmt.Errorf("error reading ECS Task Definition: empty response") + } + + taskDefinition := desc.TaskDefinition d.SetId(aws.StringValue(taskDefinition.TaskDefinitionArn)) d.Set("family", aws.StringValue(taskDefinition.Family)) diff --git a/aws/data_source_aws_eip.go b/aws/data_source_aws_eip.go index 03dad246c8e4..7ee7ab175561 100644 --- a/aws/data_source_aws_eip.go +++ b/aws/data_source_aws_eip.go @@ -136,16 +136,16 @@ func dataSourceAwsEipRead(d *schema.ResourceData, meta interface{}) error { d.Set("network_interface_id", eip.NetworkInterfaceId) d.Set("network_interface_owner_id", eip.NetworkInterfaceOwnerId) - region := *conn.Config.Region + region := aws.StringValue(conn.Config.Region) d.Set("private_ip", eip.PrivateIpAddress) if eip.PrivateIpAddress != nil { - d.Set("private_dns", fmt.Sprintf("ip-%s.%s", resourceAwsEc2DashIP(*eip.PrivateIpAddress), resourceAwsEc2RegionalPrivateDnsSuffix(region))) + d.Set("private_dns", fmt.Sprintf("ip-%s.%s", resourceAwsEc2DashIP(aws.StringValue(eip.PrivateIpAddress)), resourceAwsEc2RegionalPrivateDnsSuffix(region))) } d.Set("public_ip", eip.PublicIp) if eip.PublicIp != nil { - d.Set("public_dns", meta.(*AWSClient).PartitionHostname(fmt.Sprintf("ec2-%s.%s", resourceAwsEc2DashIP(*eip.PublicIp), resourceAwsEc2RegionalPublicDnsSuffix(region)))) + d.Set("public_dns", meta.(*AWSClient).PartitionHostname(fmt.Sprintf("ec2-%s.%s", resourceAwsEc2DashIP(aws.StringValue(eip.PublicIp)), resourceAwsEc2RegionalPublicDnsSuffix(region)))) } d.Set("public_ipv4_pool", eip.PublicIpv4Pool) d.Set("carrier_ip", eip.CarrierIp) diff --git a/aws/data_source_aws_instance.go b/aws/data_source_aws_instance.go index 8d6b119675c4..bf466a68b717 100644 --- a/aws/data_source_aws_instance.go +++ b/aws/data_source_aws_instance.go @@ -501,8 +501,8 @@ func instanceDescriptionAttributes(d *schema.ResourceData, instance *ec2.Instanc d.Set("source_dest_check", instance.SourceDestCheck) } - if instance.Monitoring != nil && instance.Monitoring.State != nil { - monitoringState := *instance.Monitoring.State + if instance.Monitoring != nil { + monitoringState := aws.StringValue(instance.Monitoring.State) d.Set("monitoring", monitoringState == "enabled" || monitoringState == "pending") } diff --git a/aws/data_source_aws_mq_broker.go b/aws/data_source_aws_mq_broker.go index 5edbe7bce309..15e314038281 100644 --- a/aws/data_source_aws_mq_broker.go +++ b/aws/data_source_aws_mq_broker.go @@ -1,7 +1,6 @@ package aws import ( - "errors" "fmt" "github.com/aws/aws-sdk-go/aws" @@ -195,23 +194,31 @@ func dataSourceAwsmQBrokerRead(d *schema.ResourceData, meta interface{}) error { } else { conn := meta.(*AWSClient).mqconn brokerName := d.Get("broker_name").(string) - var nextToken string - for { - out, err := conn.ListBrokers(&mq.ListBrokersInput{NextToken: aws.String(nextToken)}) - if err != nil { - return errors.New("Failed to list mq brokers") + + input := &mq.ListBrokersInput{} + + err := conn.ListBrokersPages(input, func(page *mq.ListBrokersResponse, lastPage bool) bool { + if page == nil { + return !lastPage } - for _, broker := range out.BrokerSummaries { - if aws.StringValue(broker.BrokerName) == brokerName { - brokerId := aws.StringValue(broker.BrokerId) - d.Set("broker_id", brokerId) - d.SetId(brokerId) + + for _, brokerSummary := range page.BrokerSummaries { + if brokerSummary == nil { + continue + } + + if aws.StringValue(brokerSummary.BrokerName) == brokerName { + d.Set("broker_id", brokerSummary.BrokerId) + d.SetId(aws.StringValue(brokerSummary.BrokerId)) + return false } } - if out.NextToken == nil { - break - } - nextToken = *out.NextToken + + return !lastPage + }) + + if err != nil { + return fmt.Errorf("error listing MQ Brokers: %w", err) } if d.Id() == "" { diff --git a/aws/data_source_aws_prefix_list.go b/aws/data_source_aws_prefix_list.go index 59a667dbd6aa..586edfa23e90 100644 --- a/aws/data_source_aws_prefix_list.go +++ b/aws/data_source_aws_prefix_list.go @@ -65,12 +65,7 @@ func dataSourceAwsPrefixListRead(d *schema.ResourceData, meta interface{}) error d.SetId(aws.StringValue(pl.PrefixListId)) d.Set("name", pl.PrefixListName) - - cidrs := make([]string, len(pl.Cidrs)) - for i, v := range pl.Cidrs { - cidrs[i] = *v - } - d.Set("cidr_blocks", cidrs) + d.Set("cidr_blocks", aws.StringValueSlice(pl.Cidrs)) return nil } diff --git a/aws/data_source_aws_redshift_cluster.go b/aws/data_source_aws_redshift_cluster.go index a6b3222d3a6e..630a44711c74 100644 --- a/aws/data_source_aws_redshift_cluster.go +++ b/aws/data_source_aws_redshift_cluster.go @@ -185,11 +185,11 @@ func dataSourceAwsRedshiftClusterRead(d *schema.ResourceData, meta interface{}) return fmt.Errorf("Error describing Redshift Cluster: %s, error: %w", cluster, err) } - if resp.Clusters == nil || len(resp.Clusters) == 0 { + if resp.Clusters == nil || len(resp.Clusters) == 0 || resp.Clusters[0] == nil { return fmt.Errorf("Error describing Redshift Cluster: %s, cluster information not found", cluster) } - rsc := *resp.Clusters[0] + rsc := resp.Clusters[0] d.SetId(cluster) d.Set("allow_version_upgrade", rsc.AllowVersionUpgrade) diff --git a/aws/data_source_aws_route53_resolver_rule.go b/aws/data_source_aws_route53_resolver_rule.go index da80eed78d03..faf941156b3f 100644 --- a/aws/data_source_aws_route53_resolver_rule.go +++ b/aws/data_source_aws_route53_resolver_rule.go @@ -120,8 +120,7 @@ func dataSourceAwsRoute53ResolverRuleRead(d *schema.ResourceData, meta interface } d.SetId(aws.StringValue(rule.Id)) - arn := *rule.Arn - d.Set("arn", arn) + d.Set("arn", rule.Arn) // To be consistent with other AWS services that do not accept a trailing period, // we remove the suffix from the Domain Name returned from the API d.Set("domain_name", trimTrailingPeriod(aws.StringValue(rule.DomainName))) @@ -134,6 +133,7 @@ func dataSourceAwsRoute53ResolverRuleRead(d *schema.ResourceData, meta interface d.Set("share_status", shareStatus) // https://github.com/hashicorp/terraform-provider-aws/issues/10211 if shareStatus != route53resolver.ShareStatusSharedWithMe { + arn := aws.StringValue(rule.Arn) tags, err := keyvaluetags.Route53resolverListTags(conn, arn) if err != nil { diff --git a/aws/data_source_aws_s3_bucket_object.go b/aws/data_source_aws_s3_bucket_object.go index 060ecaa435bd..6bab45bade98 100644 --- a/aws/data_source_aws_s3_bucket_object.go +++ b/aws/data_source_aws_s3_bucket_object.go @@ -216,7 +216,7 @@ func dataSourceAwsS3BucketObjectRead(d *schema.ResourceData, meta interface{}) e if out.ContentType == nil { contentType = "" } else { - contentType = *out.ContentType + contentType = aws.StringValue(out.ContentType) } log.Printf("[INFO] Ignoring body of S3 object %s with Content-Type %q", uniqueId, contentType) diff --git a/aws/data_source_aws_ssm_patch_baseline.go b/aws/data_source_aws_ssm_patch_baseline.go index 61ed4a5f3c2c..c0ea0384346b 100644 --- a/aws/data_source_aws_ssm_patch_baseline.go +++ b/aws/data_source_aws_ssm_patch_baseline.go @@ -97,7 +97,7 @@ func dataAwsSsmPatchBaselineRead(d *schema.ResourceData, meta interface{}) error } } - if len(filteredBaselines) < 1 { + if len(filteredBaselines) < 1 || filteredBaselines[0] == nil { return fmt.Errorf("Your query returned no results. Please change your search criteria and try again.") } @@ -105,7 +105,7 @@ func dataAwsSsmPatchBaselineRead(d *schema.ResourceData, meta interface{}) error return fmt.Errorf("Your query returned more than one result. Please try a more specific search criteria") } - baseline := *filteredBaselines[0] + baseline := filteredBaselines[0] d.SetId(aws.StringValue(baseline.BaselineId)) d.Set("name", baseline.BaselineName)