neetob 0.5.16 → 0.5.18
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/.env +4 -0
- data/.neetoci/default.yml +1 -1
- data/.ruby-version +1 -1
- data/Gemfile +1 -1
- data/Gemfile.lock +108 -109
- data/lib/neetob/cli/cloudflare/always_use_https.rb +7 -2
- data/lib/neetob/cli/cloudflare/bot_fight_mode.rb +7 -2
- data/lib/neetob/cli/cloudflare/dns_proxy_status.rb +8 -2
- data/lib/neetob/cli/cloudflare/min_tls_version.rb +8 -2
- data/lib/neetob/cli/cloudflare/ssl_mode.rb +4 -1
- data/lib/neetob/cli/cloudflare/verify_spf.rb +21 -8
- data/lib/neetob/cli/code/audit.rb +19 -7
- data/lib/neetob/cli/cronitor/base.rb +49 -0
- data/lib/neetob/cli/cronitor/get_all_monitors.rb +21 -0
- data/lib/neetob/cli/github/base.rb +3 -2
- data/lib/neetob/cli/github/brakeman.rb +7 -3
- data/lib/neetob/cli/github/bundle_audit.rb +52 -0
- data/lib/neetob/cli/github/make_pr/base.rb +10 -2
- data/lib/neetob/cli/github/repositories/get_security_details.rb +45 -0
- data/lib/neetob/cli/github/repositories/pull_requests.rb +34 -0
- data/lib/neetob/cli/github/yarn_audit.rb +47 -0
- data/lib/neetob/cli/monthly_audit/commands.rb +19 -0
- data/lib/neetob/cli/monthly_audit/databases/main.rb +29 -0
- data/lib/neetob/cli/monthly_audit/databases/users_unique_email_index.rb +40 -0
- data/lib/neetob/cli/monthly_audit/databases/uuid_primary_key.rb +45 -0
- data/lib/neetob/cli/monthly_audit/instances_and_addons/cloudflare/always_use_https_is_enabled.rb +32 -0
- data/lib/neetob/cli/monthly_audit/instances_and_addons/cloudflare/bot_protection_enabled.rb +32 -0
- data/lib/neetob/cli/monthly_audit/instances_and_addons/cloudflare/dns_entry_has_proxy_status.rb +41 -0
- data/lib/neetob/cli/monthly_audit/instances_and_addons/cloudflare/main.rb +38 -0
- data/lib/neetob/cli/monthly_audit/instances_and_addons/cloudflare/minimum_tls_version_is_one_point_two.rb +34 -0
- data/lib/neetob/cli/monthly_audit/instances_and_addons/cloudflare/spf_records_are_valid.rb +41 -0
- data/lib/neetob/cli/monthly_audit/instances_and_addons/cloudflare/ssl_tls_encryption_mode_set_to_full.rb +34 -0
- data/lib/neetob/cli/monthly_audit/instances_and_addons/cronitor/main.rb +29 -0
- data/lib/neetob/cli/monthly_audit/instances_and_addons/cronitor/setup_correctly_for_apps.rb +54 -0
- data/lib/neetob/cli/monthly_audit/instances_and_addons/cronitor/setup_correctly_for_help_center.rb +53 -0
- data/lib/neetob/cli/monthly_audit/instances_and_addons/cronitor/setup_correctly_for_landing_pages.rb +53 -0
- data/lib/neetob/cli/monthly_audit/instances_and_addons/honeybadger/main.rb +23 -0
- data/lib/neetob/cli/monthly_audit/instances_and_addons/honeybadger/setup_correctly_for_apps.rb +49 -0
- data/lib/neetob/cli/monthly_audit/instances_and_addons/main.rb +40 -0
- data/lib/neetob/cli/monthly_audit/instances_and_addons/neeto_deploy/auto_scaling_enabled.rb +46 -0
- data/lib/neetob/cli/monthly_audit/instances_and_addons/neeto_deploy/cloudfront_cdn_enabled.rb +56 -0
- data/lib/neetob/cli/monthly_audit/instances_and_addons/neeto_deploy/essential_environment_variables_set.rb +43 -0
- data/lib/neetob/cli/monthly_audit/instances_and_addons/neeto_deploy/main.rb +35 -0
- data/lib/neetob/cli/monthly_audit/instances_and_addons/neeto_deploy/scheduled_exports_enabled.rb +43 -0
- data/lib/neetob/cli/monthly_audit/instances_and_addons/neeto_deploy/ssl_certificates_over_thirty_days_from_expiry.rb +41 -0
- data/lib/neetob/cli/monthly_audit/misc/main.rb +32 -0
- data/lib/neetob/cli/monthly_audit/misc/redirections_working_correctly.rb +30 -0
- data/lib/neetob/cli/monthly_audit/misc/sparkpost_sub_account_used_for_all_apps.rb +32 -0
- data/lib/neetob/cli/monthly_audit/misc/ssl_certs_setup_for_auto_renewal.rb +29 -0
- data/lib/neetob/cli/monthly_audit/perform.rb +41 -0
- data/lib/neetob/cli/monthly_audit/security/code/brakeman.rb +38 -0
- data/lib/neetob/cli/monthly_audit/security/code/bundle_audit.rb +40 -0
- data/lib/neetob/cli/monthly_audit/security/code/main.rb +29 -0
- data/lib/neetob/cli/monthly_audit/security/code/yarn_audit.rb +44 -0
- data/lib/neetob/cli/monthly_audit/security/github/dependabot_prs_merged.rb +48 -0
- data/lib/neetob/cli/monthly_audit/security/github/dependabot_turned_on.rb +44 -0
- data/lib/neetob/cli/monthly_audit/security/github/main.rb +26 -0
- data/lib/neetob/cli/monthly_audit/security/main.rb +31 -0
- data/lib/neetob/cli/neeto_deploy/autoscaling_config.rb +6 -1
- data/lib/neetob/cli/neeto_deploy/certificates.rb +3 -0
- data/lib/neetob/cli/neeto_deploy/config_vars/list.rb +8 -2
- data/lib/neetob/cli/neeto_deploy/scheduled_exports.rb +6 -1
- data/lib/neetob/cli/redirections/check.rb +13 -3
- data/lib/neetob/cli/sre/base.rb +10 -0
- data/lib/neetob/cli/sre/check_essential_env.rb +18 -3
- data/lib/neetob/cli/ui.rb +43 -3
- data/lib/neetob/cli.rb +4 -0
- data/lib/neetob/version.rb +1 -1
- metadata +48 -5
|
@@ -0,0 +1,34 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
3
|
+
require_relative "../../../cloudflare/min_tls_version"
|
|
4
|
+
|
|
5
|
+
module Neetob
|
|
6
|
+
class CLI
|
|
7
|
+
module MonthlyAudit
|
|
8
|
+
module InstancesAndAddons
|
|
9
|
+
module Cloudflare
|
|
10
|
+
class MinimumTlsVersionIsOnePointTwo < CLI::Base
|
|
11
|
+
def initialize
|
|
12
|
+
super()
|
|
13
|
+
end
|
|
14
|
+
|
|
15
|
+
def run
|
|
16
|
+
ui.success "### 3.2.3. Checking whether Minimum TLS version is 1.2"
|
|
17
|
+
|
|
18
|
+
domains_data = [["Domain", "Minimum TLS version", "Audit Passed"]]
|
|
19
|
+
ui.info("\n", print_to_audit_log: false)
|
|
20
|
+
Neetob::CLI::Cloudflare::Base::ZONE_IDS.keys.select { |domain|
|
|
21
|
+
domain.to_s.include?(".com") }.map do |domain|
|
|
22
|
+
ui.info("Checking Minimum TLS version for #{domain}", print_to_audit_log: false)
|
|
23
|
+
min_tls_version = Neetob::CLI::Cloudflare::MinTlsVersion.new(domain).run
|
|
24
|
+
audit_passed = min_tls_version.to_s == "1.2" ? "Yes" : "No"
|
|
25
|
+
domains_data << [domain, min_tls_version, audit_passed]
|
|
26
|
+
end
|
|
27
|
+
ui.print_table(domains_data)
|
|
28
|
+
end
|
|
29
|
+
end
|
|
30
|
+
end
|
|
31
|
+
end
|
|
32
|
+
end
|
|
33
|
+
end
|
|
34
|
+
end
|
|
@@ -0,0 +1,41 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
3
|
+
module Neetob
|
|
4
|
+
class CLI
|
|
5
|
+
module MonthlyAudit
|
|
6
|
+
module InstancesAndAddons
|
|
7
|
+
module Cloudflare
|
|
8
|
+
class SpfRecordsAreValid < CLI::Base
|
|
9
|
+
def initialize
|
|
10
|
+
super()
|
|
11
|
+
end
|
|
12
|
+
|
|
13
|
+
def run
|
|
14
|
+
ui.success "### 3.2.5. Checking whether SPF records are valid"
|
|
15
|
+
|
|
16
|
+
domains_data = [["Domain", "SPF records data", "Comments", "Audit Passed"]]
|
|
17
|
+
ui.info("\n", print_to_audit_log: false)
|
|
18
|
+
Neetob::CLI::Cloudflare::Base::ZONE_IDS.keys.select { |domain|
|
|
19
|
+
domain.to_s.include?(".com") }.map do |domain|
|
|
20
|
+
ui.info("Checking SPF records data for #{domain}", print_to_audit_log: false)
|
|
21
|
+
spf_records_verification_data = Neetob::CLI::Cloudflare::VerifySpf.new(domain).run
|
|
22
|
+
audit_passed = (
|
|
23
|
+
spf_records_verification_data[:hard_fail_not_set_message].present? ||
|
|
24
|
+
spf_records_verification_data[:message].present?
|
|
25
|
+
) ? "No" : "Yes"
|
|
26
|
+
comments =
|
|
27
|
+
spf_records_verification_data[:hard_fail_not_set_message] ||
|
|
28
|
+
spf_records_verification_data[:message]
|
|
29
|
+
data = spf_records_verification_data[:spf_txt_records].map { |record|
|
|
30
|
+
"#{record[:name]} => #{record[:content]}"
|
|
31
|
+
}.join(", ")
|
|
32
|
+
domains_data << [domain, data, comments, audit_passed]
|
|
33
|
+
end
|
|
34
|
+
ui.print_table(domains_data)
|
|
35
|
+
end
|
|
36
|
+
end
|
|
37
|
+
end
|
|
38
|
+
end
|
|
39
|
+
end
|
|
40
|
+
end
|
|
41
|
+
end
|
|
@@ -0,0 +1,34 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
3
|
+
require_relative "../../../cloudflare/ssl_mode"
|
|
4
|
+
|
|
5
|
+
module Neetob
|
|
6
|
+
class CLI
|
|
7
|
+
module MonthlyAudit
|
|
8
|
+
module InstancesAndAddons
|
|
9
|
+
module Cloudflare
|
|
10
|
+
class SslTlsEncryptionModeSetToFull < CLI::Base
|
|
11
|
+
def initialize
|
|
12
|
+
super()
|
|
13
|
+
end
|
|
14
|
+
|
|
15
|
+
def run
|
|
16
|
+
ui.success "### 3.2.1. Checking whether SSL/TLS encryption mode is set to Full"
|
|
17
|
+
|
|
18
|
+
domains_data = [["Domain", "SSL/TLS encryption mode", "Audit Passed"]]
|
|
19
|
+
ui.info("\n", print_to_audit_log: false)
|
|
20
|
+
Neetob::CLI::Cloudflare::Base::ZONE_IDS.keys.select { |domain|
|
|
21
|
+
domain.to_s.include?(".com") }.each do |domain|
|
|
22
|
+
ui.info("Checking SSL/TLS encryption mode for #{domain}", print_to_audit_log: false)
|
|
23
|
+
ssl_mode = Neetob::CLI::Cloudflare::SSLMode.new(domain).run
|
|
24
|
+
audit_passed = ssl_mode.to_s == "full" ? "Yes" : "No"
|
|
25
|
+
domains_data << [domain, ssl_mode, audit_passed]
|
|
26
|
+
end
|
|
27
|
+
ui.print_table(domains_data)
|
|
28
|
+
end
|
|
29
|
+
end
|
|
30
|
+
end
|
|
31
|
+
end
|
|
32
|
+
end
|
|
33
|
+
end
|
|
34
|
+
end
|
|
@@ -0,0 +1,29 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
3
|
+
require_relative "setup_correctly_for_apps"
|
|
4
|
+
require_relative "setup_correctly_for_help_center"
|
|
5
|
+
require_relative "setup_correctly_for_landing_pages"
|
|
6
|
+
|
|
7
|
+
module Neetob
|
|
8
|
+
class CLI
|
|
9
|
+
module MonthlyAudit
|
|
10
|
+
module InstancesAndAddons
|
|
11
|
+
module Cronitor
|
|
12
|
+
class Main < CLI::Base
|
|
13
|
+
def initialize
|
|
14
|
+
super()
|
|
15
|
+
end
|
|
16
|
+
|
|
17
|
+
def run
|
|
18
|
+
SetupCorrectlyForApps.new.run
|
|
19
|
+
ui.info "\n"
|
|
20
|
+
SetupCorrectlyForHelpCenter.new.run
|
|
21
|
+
ui.info "\n"
|
|
22
|
+
SetupCorrectlyForLandingPages.new.run
|
|
23
|
+
end
|
|
24
|
+
end
|
|
25
|
+
end
|
|
26
|
+
end
|
|
27
|
+
end
|
|
28
|
+
end
|
|
29
|
+
end
|
|
@@ -0,0 +1,54 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
3
|
+
require_relative "../../../cronitor/get_all_monitors"
|
|
4
|
+
|
|
5
|
+
module Neetob
|
|
6
|
+
class CLI
|
|
7
|
+
module MonthlyAudit
|
|
8
|
+
module InstancesAndAddons
|
|
9
|
+
module Cronitor
|
|
10
|
+
class SetupCorrectlyForApps < CLI::Base
|
|
11
|
+
def initialize
|
|
12
|
+
super()
|
|
13
|
+
end
|
|
14
|
+
|
|
15
|
+
def run
|
|
16
|
+
ui.success "### 3.3.1. Checking whether Cronitor monitors are set up correctly for apps"
|
|
17
|
+
|
|
18
|
+
all_monitors = Neetob::CLI::Cronitor::GetAllMonitors.new.run
|
|
19
|
+
|
|
20
|
+
apps_data = [["App", "Monitor for Application present", "Monitor for Application enabled", "Comments",
|
|
21
|
+
"Audit Passed"]]
|
|
22
|
+
ui.info("\n", print_to_audit_log: false)
|
|
23
|
+
Neetob::CLI::Sre::Base::RESOURCES.keys.each do |app|
|
|
24
|
+
comments = nil
|
|
25
|
+
audit_passed = "No"
|
|
26
|
+
monitor_for_app_present = "No"
|
|
27
|
+
monitor_for_app_enabled = "No"
|
|
28
|
+
ui.info("Checking Application monitor for #{app}", print_to_audit_log: false)
|
|
29
|
+
application_monitor = all_monitors.select { |monitor|
|
|
30
|
+
monitor[:name].downcase == "#{app} Application".downcase }.first
|
|
31
|
+
|
|
32
|
+
if application_monitor.nil?
|
|
33
|
+
comments = "Monitor not present"
|
|
34
|
+
else
|
|
35
|
+
monitor_for_app_present = "Yes"
|
|
36
|
+
if application_monitor[:paused]
|
|
37
|
+
comments = "Monitor is paused"
|
|
38
|
+
else
|
|
39
|
+
monitor_for_app_enabled = "Yes"
|
|
40
|
+
audit_passed = "Yes"
|
|
41
|
+
end
|
|
42
|
+
end
|
|
43
|
+
|
|
44
|
+
apps_data << [app, monitor_for_app_present, monitor_for_app_enabled, comments, audit_passed]
|
|
45
|
+
end
|
|
46
|
+
|
|
47
|
+
ui.print_table(apps_data)
|
|
48
|
+
end
|
|
49
|
+
end
|
|
50
|
+
end
|
|
51
|
+
end
|
|
52
|
+
end
|
|
53
|
+
end
|
|
54
|
+
end
|
data/lib/neetob/cli/monthly_audit/instances_and_addons/cronitor/setup_correctly_for_help_center.rb
ADDED
|
@@ -0,0 +1,53 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
3
|
+
module Neetob
|
|
4
|
+
class CLI
|
|
5
|
+
module MonthlyAudit
|
|
6
|
+
module InstancesAndAddons
|
|
7
|
+
module Cronitor
|
|
8
|
+
class SetupCorrectlyForHelpCenter < CLI::Base
|
|
9
|
+
def initialize
|
|
10
|
+
super()
|
|
11
|
+
end
|
|
12
|
+
|
|
13
|
+
def run
|
|
14
|
+
ui.success "### 3.3.2. Checking whether Cronitor monitors are set up correctly for Help Centers"
|
|
15
|
+
|
|
16
|
+
all_monitors = Neetob::CLI::Cronitor::GetAllMonitors.new.run
|
|
17
|
+
|
|
18
|
+
apps_data = [["App", "Monitor for Application help center present",
|
|
19
|
+
"Monitor for Application help center enabled", "Comments", "Audit Passed"]]
|
|
20
|
+
ui.info("\n", print_to_audit_log: false)
|
|
21
|
+
Neetob::CLI::Sre::Base::RESOURCES.keys.each do |app|
|
|
22
|
+
comments = nil
|
|
23
|
+
audit_passed = "No"
|
|
24
|
+
monitor_for_app_help_center_present = "No"
|
|
25
|
+
monitor_for_app_help_center_enabled = "No"
|
|
26
|
+
ui.info("Checking Application help center monitor for #{app}", print_to_audit_log: false)
|
|
27
|
+
application_help_center_monitor = all_monitors.select { |monitor|
|
|
28
|
+
monitor[:name].downcase == "#{app} Help Center".downcase }.first
|
|
29
|
+
|
|
30
|
+
if application_help_center_monitor.nil?
|
|
31
|
+
comments = "Monitor not present"
|
|
32
|
+
else
|
|
33
|
+
monitor_for_app_help_center_present = "Yes"
|
|
34
|
+
if application_help_center_monitor[:paused]
|
|
35
|
+
comments = "Monitor is paused"
|
|
36
|
+
else
|
|
37
|
+
monitor_for_app_help_center_enabled = "Yes"
|
|
38
|
+
audit_passed = "Yes"
|
|
39
|
+
end
|
|
40
|
+
end
|
|
41
|
+
|
|
42
|
+
apps_data << [app, monitor_for_app_help_center_present, monitor_for_app_help_center_enabled, comments,
|
|
43
|
+
audit_passed]
|
|
44
|
+
end
|
|
45
|
+
|
|
46
|
+
ui.print_table(apps_data)
|
|
47
|
+
end
|
|
48
|
+
end
|
|
49
|
+
end
|
|
50
|
+
end
|
|
51
|
+
end
|
|
52
|
+
end
|
|
53
|
+
end
|
data/lib/neetob/cli/monthly_audit/instances_and_addons/cronitor/setup_correctly_for_landing_pages.rb
ADDED
|
@@ -0,0 +1,53 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
3
|
+
module Neetob
|
|
4
|
+
class CLI
|
|
5
|
+
module MonthlyAudit
|
|
6
|
+
module InstancesAndAddons
|
|
7
|
+
module Cronitor
|
|
8
|
+
class SetupCorrectlyForLandingPages < CLI::Base
|
|
9
|
+
def initialize
|
|
10
|
+
super()
|
|
11
|
+
end
|
|
12
|
+
|
|
13
|
+
def run
|
|
14
|
+
ui.success "### 3.3.3. Checking whether Cronitor monitors are set up correctly for landing pages"
|
|
15
|
+
|
|
16
|
+
all_monitors = Neetob::CLI::Cronitor::GetAllMonitors.new.run
|
|
17
|
+
|
|
18
|
+
apps_data = [["App", "Monitor for Application landing page present",
|
|
19
|
+
"Monitor for Application landing page enabled", "Comments", "Audit Passed"]]
|
|
20
|
+
ui.info("\n", print_to_audit_log: false)
|
|
21
|
+
Neetob::CLI::Sre::Base::RESOURCES.keys.each do |app|
|
|
22
|
+
comments = nil
|
|
23
|
+
audit_passed = "No"
|
|
24
|
+
monitor_for_app_landing_page_present = "No"
|
|
25
|
+
monitor_for_app_landing_page_enabled = "No"
|
|
26
|
+
ui.info("Checking Application landing page monitor for #{app}", print_to_audit_log: false)
|
|
27
|
+
application_landing_page_monitor = all_monitors.select { |monitor|
|
|
28
|
+
monitor[:name].downcase == "#{app} Homepage".downcase }.first
|
|
29
|
+
|
|
30
|
+
if application_landing_page_monitor.nil?
|
|
31
|
+
comments = "Monitor not present"
|
|
32
|
+
else
|
|
33
|
+
monitor_for_app_landing_page_present = "Yes"
|
|
34
|
+
if application_landing_page_monitor[:paused]
|
|
35
|
+
comments = "Monitor is paused"
|
|
36
|
+
else
|
|
37
|
+
monitor_for_app_landing_page_enabled = "Yes"
|
|
38
|
+
audit_passed = "Yes"
|
|
39
|
+
end
|
|
40
|
+
end
|
|
41
|
+
|
|
42
|
+
apps_data << [app, monitor_for_app_landing_page_present, monitor_for_app_landing_page_enabled,
|
|
43
|
+
comments, audit_passed]
|
|
44
|
+
end
|
|
45
|
+
|
|
46
|
+
ui.print_table(apps_data)
|
|
47
|
+
end
|
|
48
|
+
end
|
|
49
|
+
end
|
|
50
|
+
end
|
|
51
|
+
end
|
|
52
|
+
end
|
|
53
|
+
end
|
|
@@ -0,0 +1,23 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
3
|
+
require_relative "setup_correctly_for_apps"
|
|
4
|
+
|
|
5
|
+
module Neetob
|
|
6
|
+
class CLI
|
|
7
|
+
module MonthlyAudit
|
|
8
|
+
module InstancesAndAddons
|
|
9
|
+
module Honeybadger
|
|
10
|
+
class Main < CLI::Base
|
|
11
|
+
def initialize
|
|
12
|
+
super()
|
|
13
|
+
end
|
|
14
|
+
|
|
15
|
+
def run
|
|
16
|
+
SetupCorrectlyForApps.new.run
|
|
17
|
+
end
|
|
18
|
+
end
|
|
19
|
+
end
|
|
20
|
+
end
|
|
21
|
+
end
|
|
22
|
+
end
|
|
23
|
+
end
|
data/lib/neetob/cli/monthly_audit/instances_and_addons/honeybadger/setup_correctly_for_apps.rb
ADDED
|
@@ -0,0 +1,49 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
3
|
+
module Neetob
|
|
4
|
+
class CLI
|
|
5
|
+
module MonthlyAudit
|
|
6
|
+
module InstancesAndAddons
|
|
7
|
+
module Honeybadger
|
|
8
|
+
class SetupCorrectlyForApps < CLI::Base
|
|
9
|
+
def initialize
|
|
10
|
+
super()
|
|
11
|
+
end
|
|
12
|
+
|
|
13
|
+
def run
|
|
14
|
+
ui.success "### 3.4.1. [Manual] Checking whether Honeybadger is correctly set up for apps"
|
|
15
|
+
ui.info "#### Please manually check and add Yes/No for all the following checks on the Honeybadger dashboard for the apps listed in the table below:"
|
|
16
|
+
ui.info "- Settings > General > Project Settings > Enable notifications for production is turned on"
|
|
17
|
+
ui.info "- Settings > Alerts & integrations > This project's integrations > GitHub is integrated to the correct project repo."
|
|
18
|
+
ui.info "- Settings > Alerts & integrations > This project's integrations > GitHub > Edit > Error Events > Automatically create an issue when an error occurs and Automatically re-open issues are turned on"
|
|
19
|
+
ui.info "- Settings > Alerts & integrations > This project's integrations > Slack is integrated to the correct project channel in #neeto-health workspace"
|
|
20
|
+
ui.info "- Please add comments if any for the checks below in the Comments column in the table"
|
|
21
|
+
ui.info "- Finally, set Audit Passed as Yes only if all the checks are passed for the app, otherwise set it as No, and add a comment in the Comments column"
|
|
22
|
+
|
|
23
|
+
apps_data = [
|
|
24
|
+
[
|
|
25
|
+
"App",
|
|
26
|
+
"Enable Notifications for production is turned on",
|
|
27
|
+
"GitHub is integrated to the correct project repo",
|
|
28
|
+
"Automatically create GitHub issue and automatically re-open issue is turned on",
|
|
29
|
+
"Slack is integrated to the correct project channel in #neeto-health workspace",
|
|
30
|
+
"Comments",
|
|
31
|
+
"Audit Passed"
|
|
32
|
+
]
|
|
33
|
+
]
|
|
34
|
+
ui.info("\n")
|
|
35
|
+
(
|
|
36
|
+
Neetob::CLI::Sre::Base::APPS_LIST[:neetodeploy] +
|
|
37
|
+
Neetob::CLI::Sre::Base::APPS_LIST[:heroku]
|
|
38
|
+
).select { |app| app.include?("production") }.each do |app|
|
|
39
|
+
|
|
40
|
+
apps_data << [app, nil, nil, nil, nil, nil, nil]
|
|
41
|
+
end
|
|
42
|
+
ui.print_table(apps_data)
|
|
43
|
+
end
|
|
44
|
+
end
|
|
45
|
+
end
|
|
46
|
+
end
|
|
47
|
+
end
|
|
48
|
+
end
|
|
49
|
+
end
|
|
@@ -0,0 +1,40 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
3
|
+
require_relative "neeto_deploy/main"
|
|
4
|
+
require_relative "cloudflare/main"
|
|
5
|
+
require_relative "cronitor/main"
|
|
6
|
+
require_relative "honeybadger/main"
|
|
7
|
+
|
|
8
|
+
module Neetob
|
|
9
|
+
class CLI
|
|
10
|
+
module MonthlyAudit
|
|
11
|
+
module InstancesAndAddons
|
|
12
|
+
class Main < CLI::Base
|
|
13
|
+
def initialize
|
|
14
|
+
super()
|
|
15
|
+
end
|
|
16
|
+
|
|
17
|
+
def run
|
|
18
|
+
ui.success("# 3. Running audit for application instances and add-ons")
|
|
19
|
+
ui.info "\n"
|
|
20
|
+
ui.success("## 3.1. Checking NeetoDeploy related configurations")
|
|
21
|
+
ui.info "\n"
|
|
22
|
+
NeetoDeploy::Main.new.run
|
|
23
|
+
ui.info "\n"
|
|
24
|
+
ui.success("## 3.2. Checking Cloudflare related configurations")
|
|
25
|
+
ui.info "\n"
|
|
26
|
+
Cloudflare::Main.new.run
|
|
27
|
+
ui.info "\n"
|
|
28
|
+
ui.success("## 3.3. Checking Cronitor related configurations")
|
|
29
|
+
ui.info "\n"
|
|
30
|
+
Cronitor::Main.new.run
|
|
31
|
+
ui.info "\n"
|
|
32
|
+
ui.success("## 3.4. Checking Honeybadger related configurations")
|
|
33
|
+
ui.info "\n"
|
|
34
|
+
Honeybadger::Main.new.run
|
|
35
|
+
end
|
|
36
|
+
end
|
|
37
|
+
end
|
|
38
|
+
end
|
|
39
|
+
end
|
|
40
|
+
end
|
|
@@ -0,0 +1,46 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
3
|
+
module Neetob
|
|
4
|
+
class CLI
|
|
5
|
+
module MonthlyAudit
|
|
6
|
+
module InstancesAndAddons
|
|
7
|
+
module NeetoDeploy
|
|
8
|
+
class AutoScalingEnabled < CLI::Base
|
|
9
|
+
def initialize
|
|
10
|
+
super()
|
|
11
|
+
end
|
|
12
|
+
|
|
13
|
+
def run
|
|
14
|
+
ui.success "### 3.1.4. Checking whether auto-scaling is enabled"
|
|
15
|
+
|
|
16
|
+
apps_data = [["App", "Autoscaling config", "Comments", "Audit Passed"]]
|
|
17
|
+
ui.info("\n", print_to_audit_log: false)
|
|
18
|
+
Neetob::CLI::Sre::Base::APPS_LIST[:neetodeploy].select { |app| app.include?("production") }.each do |app|
|
|
19
|
+
ui.info("Checking auto_scaling config for #{app}", print_to_audit_log: false)
|
|
20
|
+
autoscaling_config_result = Neetob::CLI::NeetoDeploy::AutoscalingConfig.new(app).run
|
|
21
|
+
audit_passed = nil
|
|
22
|
+
comments = nil
|
|
23
|
+
autoscaling_config = nil
|
|
24
|
+
if autoscaling_config_result.is_a?(Hash) && autoscaling_config_result["error"] == "Forbidden"
|
|
25
|
+
audit_passed = "No"
|
|
26
|
+
comments = "You do not have permission to access the config for this app."
|
|
27
|
+
else
|
|
28
|
+
autoscaling_config = JSON.parse(autoscaling_config_result.gsub("=>", ":"))
|
|
29
|
+
autoscaling_turned_on_for_web = autoscaling_config["web"]
|
|
30
|
+
autoscaling_turned_on_for_worker = autoscaling_config["worker"]
|
|
31
|
+
|
|
32
|
+
audit_passed = autoscaling_turned_on_for_web && autoscaling_turned_on_for_worker ? "Yes" : "No"
|
|
33
|
+
if audit_passed == "No"
|
|
34
|
+
comments = "Auto-scaling is not enabled for web and/or worker dynos."
|
|
35
|
+
end
|
|
36
|
+
end
|
|
37
|
+
apps_data << [app, autoscaling_config, comments, audit_passed]
|
|
38
|
+
end
|
|
39
|
+
ui.print_table(apps_data)
|
|
40
|
+
end
|
|
41
|
+
end
|
|
42
|
+
end
|
|
43
|
+
end
|
|
44
|
+
end
|
|
45
|
+
end
|
|
46
|
+
end
|
|
@@ -0,0 +1,56 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
3
|
+
module Neetob
|
|
4
|
+
class CLI
|
|
5
|
+
module MonthlyAudit
|
|
6
|
+
module InstancesAndAddons
|
|
7
|
+
module NeetoDeploy
|
|
8
|
+
class CloudfrontCdnEnabled < CLI::Base
|
|
9
|
+
def initialize
|
|
10
|
+
super()
|
|
11
|
+
end
|
|
12
|
+
|
|
13
|
+
def run
|
|
14
|
+
ui.success "### 3.1.2. Checking whether Cloudfront CDN is enabled"
|
|
15
|
+
|
|
16
|
+
apps_data = [["App", "ASSET_HOST value", "Comments", "Audit Passed"]]
|
|
17
|
+
ui.info("\n", print_to_audit_log: false)
|
|
18
|
+
Neetob::CLI::Sre::Base::APPS_LIST[:neetodeploy].select { |app| app.include?("production") }.each do |app|
|
|
19
|
+
ui.info("Checking ASSET_HOST value for #{app}", print_to_audit_log: false)
|
|
20
|
+
config_vars_result = Neetob::CLI::NeetoDeploy::ConfigVars::List.new([app]).run
|
|
21
|
+
begin
|
|
22
|
+
config_vars = JSON.parse(config_vars_result.first)
|
|
23
|
+
rescue JSON::ParserError
|
|
24
|
+
config_vars = config_vars_result.first
|
|
25
|
+
end
|
|
26
|
+
audit_passed = nil
|
|
27
|
+
comments = nil
|
|
28
|
+
asset_host_value = nil
|
|
29
|
+
if config_vars.is_a?(Hash) && config_vars["error"] == "Forbidden"
|
|
30
|
+
audit_passed = "No"
|
|
31
|
+
comments = "You do not have permission to access the config vars for this app."
|
|
32
|
+
else
|
|
33
|
+
asset_host_line = config_vars.split("\n").select { |line| line.include?("ASSET_HOST") }.first
|
|
34
|
+
if asset_host_line.nil?
|
|
35
|
+
audit_passed = "No"
|
|
36
|
+
comments = "ASSET_HOST value not found."
|
|
37
|
+
else
|
|
38
|
+
asset_host_value = asset_host_line.split("|")[2].strip
|
|
39
|
+
is_direct_cloudfront_asset_host = asset_host_value.include?("cloudfront.net")
|
|
40
|
+
is_cdn_subdomain_asset_host = asset_host_value == "cdn.#{app.gsub("-web-production", "").gsub("-", "")}.com"
|
|
41
|
+
audit_passed = is_direct_cloudfront_asset_host || is_cdn_subdomain_asset_host ? "Yes" : "No"
|
|
42
|
+
if audit_passed == "No"
|
|
43
|
+
comments = "ASSET_HOST value is not a Cloudfront CDN URL or a CDN subdomain URL."
|
|
44
|
+
end
|
|
45
|
+
end
|
|
46
|
+
end
|
|
47
|
+
apps_data << [app, asset_host_value, comments, audit_passed]
|
|
48
|
+
end
|
|
49
|
+
ui.print_table(apps_data)
|
|
50
|
+
end
|
|
51
|
+
end
|
|
52
|
+
end
|
|
53
|
+
end
|
|
54
|
+
end
|
|
55
|
+
end
|
|
56
|
+
end
|
|
@@ -0,0 +1,43 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
3
|
+
module Neetob
|
|
4
|
+
class CLI
|
|
5
|
+
module MonthlyAudit
|
|
6
|
+
module InstancesAndAddons
|
|
7
|
+
module NeetoDeploy
|
|
8
|
+
class EssentialEnvironmentVariablesSet < CLI::Base
|
|
9
|
+
def initialize
|
|
10
|
+
super()
|
|
11
|
+
end
|
|
12
|
+
|
|
13
|
+
def run
|
|
14
|
+
ui.success "### 3.1.3. Checking whether all essential environment variables are set"
|
|
15
|
+
|
|
16
|
+
apps_data = [["App", "All essential env variables set", "Comments", "Audit Passed"]]
|
|
17
|
+
ui.info("\n", print_to_audit_log: false)
|
|
18
|
+
Neetob::CLI::Sre::Base::APPS_LIST[:neetodeploy].select { |app| app.include?("production") }.each do |app|
|
|
19
|
+
ui.info("Checking essential env variables for #{app}", print_to_audit_log: false)
|
|
20
|
+
essential_env_variables_result = Neetob::CLI::Sre::CheckEssentialEnv.new(app).run
|
|
21
|
+
audit_passed = nil
|
|
22
|
+
comments = nil
|
|
23
|
+
all_essential_env_variables_set = nil
|
|
24
|
+
if essential_env_variables_result["error"] == "Forbidden"
|
|
25
|
+
audit_passed = "No"
|
|
26
|
+
comments = "You do not have permission to access the config vars for this app."
|
|
27
|
+
else
|
|
28
|
+
all_essential_env_variables_set = essential_env_variables_result[:all_keys_present]
|
|
29
|
+
audit_passed = all_essential_env_variables_set ? "Yes" : "No"
|
|
30
|
+
if audit_passed == "No"
|
|
31
|
+
comments = "Missing keys: #{essential_env_variables_result[:missing_keys].join(", ")}"
|
|
32
|
+
end
|
|
33
|
+
end
|
|
34
|
+
apps_data << [app, all_essential_env_variables_set, comments, audit_passed]
|
|
35
|
+
end
|
|
36
|
+
ui.print_table(apps_data)
|
|
37
|
+
end
|
|
38
|
+
end
|
|
39
|
+
end
|
|
40
|
+
end
|
|
41
|
+
end
|
|
42
|
+
end
|
|
43
|
+
end
|
|
@@ -0,0 +1,35 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
3
|
+
require_relative "ssl_certificates_over_thirty_days_from_expiry"
|
|
4
|
+
require_relative "cloudfront_cdn_enabled"
|
|
5
|
+
require_relative "essential_environment_variables_set"
|
|
6
|
+
require_relative "auto_scaling_enabled"
|
|
7
|
+
require_relative "scheduled_exports_enabled"
|
|
8
|
+
|
|
9
|
+
module Neetob
|
|
10
|
+
class CLI
|
|
11
|
+
module MonthlyAudit
|
|
12
|
+
module InstancesAndAddons
|
|
13
|
+
module NeetoDeploy
|
|
14
|
+
class Main < CLI::Base
|
|
15
|
+
def initialize
|
|
16
|
+
super()
|
|
17
|
+
end
|
|
18
|
+
|
|
19
|
+
def run
|
|
20
|
+
SslCertificatesOverThirtyDaysFromExpiry.new.run
|
|
21
|
+
ui.info "\n"
|
|
22
|
+
CloudfrontCdnEnabled.new.run
|
|
23
|
+
ui.info "\n"
|
|
24
|
+
EssentialEnvironmentVariablesSet.new.run
|
|
25
|
+
ui.info "\n"
|
|
26
|
+
AutoScalingEnabled.new.run
|
|
27
|
+
ui.info "\n"
|
|
28
|
+
ScheduledExportsEnabled.new.run
|
|
29
|
+
end
|
|
30
|
+
end
|
|
31
|
+
end
|
|
32
|
+
end
|
|
33
|
+
end
|
|
34
|
+
end
|
|
35
|
+
end
|
data/lib/neetob/cli/monthly_audit/instances_and_addons/neeto_deploy/scheduled_exports_enabled.rb
ADDED
|
@@ -0,0 +1,43 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
3
|
+
module Neetob
|
|
4
|
+
class CLI
|
|
5
|
+
module MonthlyAudit
|
|
6
|
+
module InstancesAndAddons
|
|
7
|
+
module NeetoDeploy
|
|
8
|
+
class ScheduledExportsEnabled < CLI::Base
|
|
9
|
+
def initialize
|
|
10
|
+
super()
|
|
11
|
+
end
|
|
12
|
+
|
|
13
|
+
def run
|
|
14
|
+
ui.success "### 3.1.5. Checking whether scheduled exports are enabled"
|
|
15
|
+
|
|
16
|
+
apps_data = [["App", "Scheduled exports config", "Comments", "Audit Passed"]]
|
|
17
|
+
ui.info("\n", print_to_audit_log: false)
|
|
18
|
+
Neetob::CLI::Sre::Base::APPS_LIST[:neetodeploy].select { |app| app.include?("production") }.each do |app|
|
|
19
|
+
ui.info("Checking Scheduled exports config for #{app}", print_to_audit_log: false)
|
|
20
|
+
scheduled_exports_result = Neetob::CLI::NeetoDeploy::ScheduledExports.new(app).run
|
|
21
|
+
audit_passed = nil
|
|
22
|
+
comments = nil
|
|
23
|
+
scheduled_exports_config = nil
|
|
24
|
+
if scheduled_exports_result.include? "Forbidden"
|
|
25
|
+
audit_passed = "No"
|
|
26
|
+
comments = "You do not have permission to access the config for this app."
|
|
27
|
+
else
|
|
28
|
+
scheduled_exports_config = scheduled_exports_result.gsub("\e[32m", "").gsub("\e[0m", "").strip
|
|
29
|
+
audit_passed = scheduled_exports_config.include?("turned on") ? "Yes" : "No"
|
|
30
|
+
if audit_passed == "No"
|
|
31
|
+
comments = scheduled_exports_config
|
|
32
|
+
end
|
|
33
|
+
end
|
|
34
|
+
apps_data << [app, scheduled_exports_config, comments, audit_passed]
|
|
35
|
+
end
|
|
36
|
+
ui.print_table(apps_data)
|
|
37
|
+
end
|
|
38
|
+
end
|
|
39
|
+
end
|
|
40
|
+
end
|
|
41
|
+
end
|
|
42
|
+
end
|
|
43
|
+
end
|