package org.sonar.iac.terraform.checks;

import org.sonar.check.Rule;
import org.sonar.iac.terraform.checks.utils.ExpressionPredicate;

@Rule(key = "S6265")
/* loaded from: input_file:org/sonar/iac/terraform/checks/BucketsAccessCheck.class */
public class BucketsAccessCheck extends AbstractNewResourceCheck {
    private static final String MESSAGE = "Make sure granting access to %s group is safe here.";
    private static final String SECONDARY_MSG = "Related bucket";

    @Override // org.sonar.iac.terraform.checks.AbstractNewResourceCheck
    protected void registerResourceConsumer() {
        register("aws_s3_bucket", resourceSymbol -> {
            resourceSymbol.attribute("acl").reportIf(ExpressionPredicate.equalTo("authenticated-read"), String.format(MESSAGE, "AuthenticatedUsers"), resourceSymbol.toSecondary(SECONDARY_MSG)).reportIf(ExpressionPredicate.matchesPattern("public-read(-write)?"), String.format(MESSAGE, "AllUsers"), resourceSymbol.toSecondary(SECONDARY_MSG));
        });
    }
}
