@factiii/stack 0.1.33 → 0.1.35
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +441 -441
- package/bin/stack +46 -0
- package/dist/cli/fix.d.ts.map +1 -1
- package/dist/cli/fix.js +17 -11
- package/dist/cli/fix.js.map +1 -1
- package/dist/cli/init.d.ts.map +1 -1
- package/dist/cli/init.js +20 -7
- package/dist/cli/init.js.map +1 -1
- package/dist/cli/scan.d.ts.map +1 -1
- package/dist/cli/scan.js +14 -22
- package/dist/cli/scan.js.map +1 -1
- package/dist/generators/generate-stack-yml.d.ts +1 -1
- package/dist/generators/generate-stack-yml.d.ts.map +1 -1
- package/dist/generators/generate-stack-yml.js +96 -69
- package/dist/generators/generate-stack-yml.js.map +1 -1
- package/dist/plugins/addons/openclaw/index.d.ts +45 -0
- package/dist/plugins/addons/openclaw/index.d.ts.map +1 -0
- package/dist/plugins/addons/openclaw/index.js +107 -0
- package/dist/plugins/addons/openclaw/index.js.map +1 -0
- package/dist/plugins/addons/openclaw/scanfix/setup.d.ts +19 -0
- package/dist/plugins/addons/openclaw/scanfix/setup.d.ts.map +1 -0
- package/dist/plugins/addons/openclaw/scanfix/setup.js +441 -0
- package/dist/plugins/addons/openclaw/scanfix/setup.js.map +1 -0
- package/dist/plugins/frameworks/expo/index.d.ts +45 -0
- package/dist/plugins/frameworks/expo/index.d.ts.map +1 -0
- package/dist/plugins/frameworks/expo/index.js +549 -0
- package/dist/plugins/frameworks/expo/index.js.map +1 -0
- package/dist/plugins/frameworks/prisma-trpc/index.js +8 -8
- package/dist/plugins/frameworks/prisma-trpc/index.js.map +1 -1
- package/dist/plugins/index.d.ts.map +1 -1
- package/dist/plugins/index.js +16 -0
- package/dist/plugins/index.js.map +1 -1
- package/dist/plugins/pipelines/aws/index.js +15 -15
- package/dist/plugins/pipelines/aws/prod.js +7 -7
- package/dist/plugins/pipelines/aws/scanfix/aws-cli.d.ts +3 -1
- package/dist/plugins/pipelines/aws/scanfix/aws-cli.d.ts.map +1 -1
- package/dist/plugins/pipelines/aws/scanfix/aws-cli.js +17 -7
- package/dist/plugins/pipelines/aws/scanfix/aws-cli.js.map +1 -1
- package/dist/plugins/pipelines/aws/scanfix/config.js +4 -4
- package/dist/plugins/pipelines/aws/scanfix/config.js.map +1 -1
- package/dist/plugins/pipelines/aws/scanfix/credentials.d.ts +1 -1
- package/dist/plugins/pipelines/aws/scanfix/credentials.d.ts.map +1 -1
- package/dist/plugins/pipelines/aws/scanfix/credentials.js +30 -76
- package/dist/plugins/pipelines/aws/scanfix/credentials.js.map +1 -1
- package/dist/plugins/pipelines/aws/scanfix/db-replication.d.ts +1 -4
- package/dist/plugins/pipelines/aws/scanfix/db-replication.d.ts.map +1 -1
- package/dist/plugins/pipelines/aws/scanfix/db-replication.js +11 -41
- package/dist/plugins/pipelines/aws/scanfix/db-replication.js.map +1 -1
- package/dist/plugins/pipelines/aws/scanfix/ec2.d.ts +1 -0
- package/dist/plugins/pipelines/aws/scanfix/ec2.d.ts.map +1 -1
- package/dist/plugins/pipelines/aws/scanfix/ec2.js +64 -113
- package/dist/plugins/pipelines/aws/scanfix/ec2.js.map +1 -1
- package/dist/plugins/pipelines/aws/scanfix/ecr.d.ts +1 -0
- package/dist/plugins/pipelines/aws/scanfix/ecr.d.ts.map +1 -1
- package/dist/plugins/pipelines/aws/scanfix/ecr.js +27 -36
- package/dist/plugins/pipelines/aws/scanfix/ecr.js.map +1 -1
- package/dist/plugins/pipelines/aws/scanfix/iam.d.ts +1 -0
- package/dist/plugins/pipelines/aws/scanfix/iam.d.ts.map +1 -1
- package/dist/plugins/pipelines/aws/scanfix/iam.js +37 -46
- package/dist/plugins/pipelines/aws/scanfix/iam.js.map +1 -1
- package/dist/plugins/pipelines/aws/scanfix/rds.d.ts +1 -0
- package/dist/plugins/pipelines/aws/scanfix/rds.d.ts.map +1 -1
- package/dist/plugins/pipelines/aws/scanfix/rds.js +43 -108
- package/dist/plugins/pipelines/aws/scanfix/rds.js.map +1 -1
- package/dist/plugins/pipelines/aws/scanfix/s3.d.ts +1 -0
- package/dist/plugins/pipelines/aws/scanfix/s3.d.ts.map +1 -1
- package/dist/plugins/pipelines/aws/scanfix/s3.js +46 -55
- package/dist/plugins/pipelines/aws/scanfix/s3.js.map +1 -1
- package/dist/plugins/pipelines/aws/scanfix/security-groups.d.ts +1 -0
- package/dist/plugins/pipelines/aws/scanfix/security-groups.d.ts.map +1 -1
- package/dist/plugins/pipelines/aws/scanfix/security-groups.js +83 -82
- package/dist/plugins/pipelines/aws/scanfix/security-groups.js.map +1 -1
- package/dist/plugins/pipelines/aws/scanfix/ses.d.ts +1 -0
- package/dist/plugins/pipelines/aws/scanfix/ses.d.ts.map +1 -1
- package/dist/plugins/pipelines/aws/scanfix/ses.js +31 -53
- package/dist/plugins/pipelines/aws/scanfix/ses.js.map +1 -1
- package/dist/plugins/pipelines/aws/scanfix/ssh-bridge.d.ts +17 -0
- package/dist/plugins/pipelines/aws/scanfix/ssh-bridge.d.ts.map +1 -0
- package/dist/plugins/pipelines/aws/scanfix/ssh-bridge.js +180 -0
- package/dist/plugins/pipelines/aws/scanfix/ssh-bridge.js.map +1 -0
- package/dist/plugins/pipelines/aws/scanfix/vpc.d.ts +1 -0
- package/dist/plugins/pipelines/aws/scanfix/vpc.d.ts.map +1 -1
- package/dist/plugins/pipelines/aws/scanfix/vpc.js +97 -98
- package/dist/plugins/pipelines/aws/scanfix/vpc.js.map +1 -1
- package/dist/plugins/pipelines/aws/utils/aws-helpers.d.ts +101 -28
- package/dist/plugins/pipelines/aws/utils/aws-helpers.d.ts.map +1 -1
- package/dist/plugins/pipelines/aws/utils/aws-helpers.js +428 -76
- package/dist/plugins/pipelines/aws/utils/aws-helpers.js.map +1 -1
- package/dist/plugins/pipelines/factiii/index.d.ts +11 -1
- package/dist/plugins/pipelines/factiii/index.d.ts.map +1 -1
- package/dist/plugins/pipelines/factiii/index.js +183 -33
- package/dist/plugins/pipelines/factiii/index.js.map +1 -1
- package/dist/plugins/pipelines/factiii/scanfix/ansible.js +1 -1
- package/dist/plugins/pipelines/factiii/scanfix/ansible.js.map +1 -1
- package/dist/plugins/pipelines/factiii/scanfix/bootstrap.js +6 -6
- package/dist/plugins/pipelines/factiii/scanfix/bootstrap.js.map +1 -1
- package/dist/plugins/pipelines/factiii/scanfix/config.d.ts +1 -1
- package/dist/plugins/pipelines/factiii/scanfix/config.js +4 -4
- package/dist/plugins/pipelines/factiii/scanfix/config.js.map +1 -1
- package/dist/plugins/pipelines/factiii/scanfix/env-files.js +7 -7
- package/dist/plugins/pipelines/factiii/scanfix/env-files.js.map +1 -1
- package/dist/plugins/pipelines/factiii/scanfix/github-cli.js +1 -1
- package/dist/plugins/pipelines/factiii/scanfix/github-cli.js.map +1 -1
- package/dist/plugins/pipelines/factiii/scanfix/secrets.d.ts.map +1 -1
- package/dist/plugins/pipelines/factiii/scanfix/secrets.js +73 -13
- package/dist/plugins/pipelines/factiii/scanfix/secrets.js.map +1 -1
- package/dist/plugins/pipelines/factiii/scanfix/workflows.d.ts.map +1 -1
- package/dist/plugins/pipelines/factiii/scanfix/workflows.js +52 -4
- package/dist/plugins/pipelines/factiii/scanfix/workflows.js.map +1 -1
- package/dist/plugins/servers/mac/index.js +13 -13
- package/dist/plugins/servers/mac/scanfix/config.js +5 -5
- package/dist/plugins/servers/mac/scanfix/config.js.map +1 -1
- package/dist/plugins/servers/mac/scanfix/containers.js +1 -1
- package/dist/plugins/servers/mac/scanfix/containers.js.map +1 -1
- package/dist/plugins/servers/mac/scanfix/system.js +6 -6
- package/dist/plugins/servers/mac/scanfix/system.js.map +1 -1
- package/dist/plugins/servers/mac/staging.js +4 -4
- package/dist/plugins/servers/windows/index.js +2 -2
- package/dist/plugins/servers/windows/index.js.map +1 -1
- package/dist/scanfix/fixes/certbot.js +1 -1
- package/dist/scripts/validate-example-values.d.ts +1 -1
- package/dist/scripts/validate-example-values.js +6 -6
- package/dist/utils/config-helpers.d.ts +3 -0
- package/dist/utils/config-helpers.d.ts.map +1 -1
- package/dist/utils/config-helpers.js.map +1 -1
- package/dist/utils/secret-prompts.d.ts +5 -2
- package/dist/utils/secret-prompts.d.ts.map +1 -1
- package/dist/utils/secret-prompts.js +55 -32
- package/dist/utils/secret-prompts.js.map +1 -1
- package/dist/utils/template-generator.js +71 -71
- package/package.json +8 -1
|
@@ -4,74 +4,64 @@
|
|
|
4
4
|
*
|
|
5
5
|
* Provisions S3 bucket with encryption and blocked public access.
|
|
6
6
|
* Configures CORS for the production domain.
|
|
7
|
+
* Uses AWS SDK v3.
|
|
7
8
|
*/
|
|
8
9
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
9
10
|
exports.s3Fixes = void 0;
|
|
10
11
|
const aws_helpers_js_1 = require("../utils/aws-helpers.js");
|
|
11
|
-
/**
|
|
12
|
-
* Check if S3 bucket exists
|
|
13
|
-
*/
|
|
14
|
-
function findBucket(bucketName, region) {
|
|
15
|
-
const result = (0, aws_helpers_js_1.awsExecSafe)('aws s3api head-bucket --bucket ' + bucketName, region);
|
|
16
|
-
// head-bucket returns empty on success, throws on failure
|
|
17
|
-
return result !== null;
|
|
18
|
-
}
|
|
19
|
-
/**
|
|
20
|
-
* Check if CORS is configured on bucket
|
|
21
|
-
*/
|
|
22
|
-
function hasCors(bucketName, region) {
|
|
23
|
-
const result = (0, aws_helpers_js_1.awsExecSafe)('aws s3api get-bucket-cors --bucket ' + bucketName, region);
|
|
24
|
-
return !!result && result !== 'null';
|
|
25
|
-
}
|
|
26
|
-
/**
|
|
27
|
-
* Check if AWS is configured for this project
|
|
28
|
-
*/
|
|
29
|
-
function isAwsConfigured(config) {
|
|
30
|
-
if ((0, aws_helpers_js_1.isOnServer)())
|
|
31
|
-
return false;
|
|
32
|
-
if (config.aws)
|
|
33
|
-
return true;
|
|
34
|
-
// eslint-disable-next-line @typescript-eslint/no-require-imports
|
|
35
|
-
const { extractEnvironments } = require('../../../../utils/config-helpers.js');
|
|
36
|
-
const environments = extractEnvironments(config);
|
|
37
|
-
return Object.values(environments).some((e) => e.pipeline === 'aws');
|
|
38
|
-
}
|
|
39
12
|
exports.s3Fixes = [
|
|
40
13
|
{
|
|
41
14
|
id: 'aws-s3-bucket-missing',
|
|
42
15
|
stage: 'prod',
|
|
43
16
|
severity: 'warning',
|
|
44
|
-
description: 'S3 bucket not created for file storage',
|
|
17
|
+
description: '🪣 S3 bucket not created for file storage',
|
|
45
18
|
scan: async (config) => {
|
|
46
|
-
if (!isAwsConfigured(config))
|
|
19
|
+
if (!(0, aws_helpers_js_1.isAwsConfigured)(config))
|
|
47
20
|
return false;
|
|
48
21
|
const { region } = (0, aws_helpers_js_1.getAwsConfig)(config);
|
|
49
22
|
const projectName = (0, aws_helpers_js_1.getProjectName)(config);
|
|
50
23
|
const bucketName = 'factiii-' + projectName;
|
|
51
|
-
return !findBucket(bucketName, region);
|
|
24
|
+
return !(await (0, aws_helpers_js_1.findBucket)(bucketName, region));
|
|
52
25
|
},
|
|
53
26
|
fix: async (config) => {
|
|
54
27
|
const { region } = (0, aws_helpers_js_1.getAwsConfig)(config);
|
|
55
28
|
const projectName = (0, aws_helpers_js_1.getProjectName)(config);
|
|
56
29
|
const bucketName = 'factiii-' + projectName;
|
|
57
30
|
try {
|
|
31
|
+
const s3 = (0, aws_helpers_js_1.getS3Client)(region);
|
|
58
32
|
// Create bucket (us-east-1 doesn't need LocationConstraint)
|
|
59
33
|
if (region === 'us-east-1') {
|
|
60
|
-
(
|
|
34
|
+
await s3.send(new aws_helpers_js_1.CreateBucketCommand({ Bucket: bucketName }));
|
|
61
35
|
}
|
|
62
36
|
else {
|
|
63
|
-
(
|
|
64
|
-
|
|
37
|
+
await s3.send(new aws_helpers_js_1.CreateBucketCommand({
|
|
38
|
+
Bucket: bucketName,
|
|
39
|
+
CreateBucketConfiguration: { LocationConstraint: region },
|
|
40
|
+
}));
|
|
65
41
|
}
|
|
66
42
|
console.log(' Created S3 bucket: ' + bucketName);
|
|
67
43
|
// Block all public access
|
|
68
|
-
(
|
|
69
|
-
|
|
44
|
+
await s3.send(new aws_helpers_js_1.PutPublicAccessBlockCommand({
|
|
45
|
+
Bucket: bucketName,
|
|
46
|
+
PublicAccessBlockConfiguration: {
|
|
47
|
+
BlockPublicAcls: true,
|
|
48
|
+
IgnorePublicAcls: true,
|
|
49
|
+
BlockPublicPolicy: true,
|
|
50
|
+
RestrictPublicBuckets: true,
|
|
51
|
+
},
|
|
52
|
+
}));
|
|
70
53
|
console.log(' Blocked all public access');
|
|
71
54
|
// Enable server-side encryption (AES-256)
|
|
72
|
-
(
|
|
73
|
-
|
|
74
|
-
|
|
55
|
+
await s3.send(new aws_helpers_js_1.PutBucketEncryptionCommand({
|
|
56
|
+
Bucket: bucketName,
|
|
57
|
+
ServerSideEncryptionConfiguration: {
|
|
58
|
+
Rules: [{
|
|
59
|
+
ApplyServerSideEncryptionByDefault: {
|
|
60
|
+
SSEAlgorithm: 'AES256',
|
|
61
|
+
},
|
|
62
|
+
}],
|
|
63
|
+
},
|
|
64
|
+
}));
|
|
75
65
|
console.log(' Enabled AES-256 encryption');
|
|
76
66
|
return true;
|
|
77
67
|
}
|
|
@@ -86,42 +76,43 @@ exports.s3Fixes = [
|
|
|
86
76
|
id: 'aws-s3-cors-missing',
|
|
87
77
|
stage: 'prod',
|
|
88
78
|
severity: 'info',
|
|
89
|
-
description: 'S3 bucket CORS not configured for production domain',
|
|
79
|
+
description: '🪣 S3 bucket CORS not configured for production domain',
|
|
90
80
|
scan: async (config) => {
|
|
91
|
-
if (!isAwsConfigured(config))
|
|
81
|
+
if (!(0, aws_helpers_js_1.isAwsConfigured)(config))
|
|
92
82
|
return false;
|
|
93
83
|
const { region } = (0, aws_helpers_js_1.getAwsConfig)(config);
|
|
94
84
|
const projectName = (0, aws_helpers_js_1.getProjectName)(config);
|
|
95
85
|
const bucketName = 'factiii-' + projectName;
|
|
96
|
-
if (!findBucket(bucketName, region))
|
|
86
|
+
if (!(await (0, aws_helpers_js_1.findBucket)(bucketName, region)))
|
|
97
87
|
return false;
|
|
98
|
-
return !hasCors(bucketName, region);
|
|
88
|
+
return !(await (0, aws_helpers_js_1.hasCors)(bucketName, region));
|
|
99
89
|
},
|
|
100
90
|
fix: async (config) => {
|
|
101
91
|
const { region } = (0, aws_helpers_js_1.getAwsConfig)(config);
|
|
102
92
|
const projectName = (0, aws_helpers_js_1.getProjectName)(config);
|
|
103
93
|
const bucketName = 'factiii-' + projectName;
|
|
104
|
-
// Get production domain for CORS
|
|
105
94
|
// eslint-disable-next-line @typescript-eslint/no-require-imports
|
|
106
95
|
const { extractEnvironments } = require('../../../../utils/config-helpers.js');
|
|
107
96
|
const environments = extractEnvironments(config);
|
|
108
97
|
const prodEnv = environments.prod ?? environments.production;
|
|
109
98
|
const domain = prodEnv?.domain;
|
|
110
|
-
if (!domain || domain.startsWith('
|
|
99
|
+
if (!domain || domain.startsWith('EXAMPLE_')) {
|
|
111
100
|
console.log(' Set production domain in stack.yml first');
|
|
112
101
|
return false;
|
|
113
102
|
}
|
|
114
103
|
try {
|
|
115
|
-
const
|
|
116
|
-
|
|
117
|
-
|
|
118
|
-
|
|
119
|
-
|
|
120
|
-
|
|
121
|
-
|
|
122
|
-
|
|
123
|
-
|
|
124
|
-
|
|
104
|
+
const s3 = (0, aws_helpers_js_1.getS3Client)(region);
|
|
105
|
+
await s3.send(new aws_helpers_js_1.PutBucketCorsCommand({
|
|
106
|
+
Bucket: bucketName,
|
|
107
|
+
CORSConfiguration: {
|
|
108
|
+
CORSRules: [{
|
|
109
|
+
AllowedHeaders: ['*'],
|
|
110
|
+
AllowedMethods: ['GET', 'PUT', 'POST', 'DELETE'],
|
|
111
|
+
AllowedOrigins: ['https://' + domain],
|
|
112
|
+
MaxAgeSeconds: 3600,
|
|
113
|
+
}],
|
|
114
|
+
},
|
|
115
|
+
}));
|
|
125
116
|
console.log(' Configured CORS for https://' + domain);
|
|
126
117
|
return true;
|
|
127
118
|
}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"s3.js","sourceRoot":"","sources":["../../../../../src/plugins/pipelines/aws/scanfix/s3.ts"],"names":[],"mappings":";AAAA
|
|
1
|
+
{"version":3,"file":"s3.js","sourceRoot":"","sources":["../../../../../src/plugins/pipelines/aws/scanfix/s3.ts"],"names":[],"mappings":";AAAA;;;;;;GAMG;;;AAGH,4DAWiC;AAEpB,QAAA,OAAO,GAAU;IAC5B;QACE,EAAE,EAAE,uBAAuB;QAC3B,KAAK,EAAE,MAAM;QACb,QAAQ,EAAE,SAAS;QACnB,WAAW,EAAE,2CAA2C;QACxD,IAAI,EAAE,KAAK,EAAE,MAAqB,EAAoB,EAAE;YACtD,IAAI,CAAC,IAAA,gCAAe,EAAC,MAAM,CAAC;gBAAE,OAAO,KAAK,CAAC;YAC3C,MAAM,EAAE,MAAM,EAAE,GAAG,IAAA,6BAAY,EAAC,MAAM,CAAC,CAAC;YACxC,MAAM,WAAW,GAAG,IAAA,+BAAc,EAAC,MAAM,CAAC,CAAC;YAC3C,MAAM,UAAU,GAAG,UAAU,GAAG,WAAW,CAAC;YAC5C,OAAO,CAAC,CAAC,MAAM,IAAA,2BAAU,EAAC,UAAU,EAAE,MAAM,CAAC,CAAC,CAAC;QACjD,CAAC;QACD,GAAG,EAAE,KAAK,EAAE,MAAqB,EAAoB,EAAE;YACrD,MAAM,EAAE,MAAM,EAAE,GAAG,IAAA,6BAAY,EAAC,MAAM,CAAC,CAAC;YACxC,MAAM,WAAW,GAAG,IAAA,+BAAc,EAAC,MAAM,CAAC,CAAC;YAC3C,MAAM,UAAU,GAAG,UAAU,GAAG,WAAW,CAAC;YAE5C,IAAI,CAAC;gBACH,MAAM,EAAE,GAAG,IAAA,4BAAW,EAAC,MAAM,CAAC,CAAC;gBAE/B,4DAA4D;gBAC5D,IAAI,MAAM,KAAK,WAAW,EAAE,CAAC;oBAC3B,MAAM,EAAE,CAAC,IAAI,CAAC,IAAI,oCAAmB,CAAC,EAAE,MAAM,EAAE,UAAU,EAAE,CAAC,CAAC,CAAC;gBACjE,CAAC;qBAAM,CAAC;oBACN,MAAM,EAAE,CAAC,IAAI,CAAC,IAAI,oCAAmB,CAAC;wBACpC,MAAM,EAAE,UAAU;wBAClB,yBAAyB,EAAE,EAAE,kBAAkB,EAAE,MAAa,EAAE;qBACjE,CAAC,CAAC,CAAC;gBACN,CAAC;gBACD,OAAO,CAAC,GAAG,CAAC,wBAAwB,GAAG,UAAU,CAAC,CAAC;gBAEnD,0BAA0B;gBAC1B,MAAM,EAAE,CAAC,IAAI,CAAC,IAAI,4CAA2B,CAAC;oBAC5C,MAAM,EAAE,UAAU;oBAClB,8BAA8B,EAAE;wBAC9B,eAAe,EAAE,IAAI;wBACrB,gBAAgB,EAAE,IAAI;wBACtB,iBAAiB,EAAE,IAAI;wBACvB,qBAAqB,EAAE,IAAI;qBAC5B;iBACF,CAAC,CAAC,CAAC;gBACJ,OAAO,CAAC,GAAG,CAAC,8BAA8B,CAAC,CAAC;gBAE5C,0CAA0C;gBAC1C,MAAM,EAAE,CAAC,IAAI,CAAC,IAAI,2CAA0B,CAAC;oBAC3C,MAAM,EAAE,UAAU;oBAClB,iCAAiC,EAAE;wBACjC,KAAK,EAAE,CAAC;gCACN,kCAAkC,EAAE;oCAClC,YAAY,EAAE,QAAQ;iCACvB;6BACF,CAAC;qBACH;iBACF,CAAC,CAAC,CAAC;gBACJ,OAAO,CAAC,GAAG,CAAC,+BAA+B,CAAC,CAAC;gBAE7C,OAAO,IAAI,CAAC;YACd,CAAC;YAAC,OAAO,CAAC,EAAE,CAAC;gBACX,OAAO,CAAC,GAAG,CAAC,iCAAiC,GAAG,CAAC,CAAC,YAAY,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;gBAC9F,OAAO,KAAK,CAAC;YACf,CAAC;QACH,CAAC;QACD,SAAS,EAAE,4DAA4D;KACxE;IACD;QACE,EAAE,EAAE,qBAAqB;QACzB,KAAK,EAAE,MAAM;QACb,QAAQ,EAAE,MAAM;QAChB,WAAW,EAAE,wDAAwD;QACrE,IAAI,EAAE,KAAK,EAAE,MAAqB,EAAoB,EAAE;YACtD,IAAI,CAAC,IAAA,gCAAe,EAAC,MAAM,CAAC;gBAAE,OAAO,KAAK,CAAC;YAC3C,MAAM,EAAE,MAAM,EAAE,GAAG,IAAA,6BAAY,EAAC,MAAM,CAAC,CAAC;YACxC,MAAM,WAAW,GAAG,IAAA,+BAAc,EAAC,MAAM,CAAC,CAAC;YAC3C,MAAM,UAAU,GAAG,UAAU,GAAG,WAAW,CAAC;YAC5C,IAAI,CAAC,CAAC,MAAM,IAAA,2BAAU,EAAC,UAAU,EAAE,MAAM,CAAC,CAAC;gBAAE,OAAO,KAAK,CAAC;YAC1D,OAAO,CAAC,CAAC,MAAM,IAAA,wBAAO,EAAC,UAAU,EAAE,MAAM,CAAC,CAAC,CAAC;QAC9C,CAAC;QACD,GAAG,EAAE,KAAK,EAAE,MAAqB,EAAoB,EAAE;YACrD,MAAM,EAAE,MAAM,EAAE,GAAG,IAAA,6BAAY,EAAC,MAAM,CAAC,CAAC;YACxC,MAAM,WAAW,GAAG,IAAA,+BAAc,EAAC,MAAM,CAAC,CAAC;YAC3C,MAAM,UAAU,GAAG,UAAU,GAAG,WAAW,CAAC;YAE5C,iEAAiE;YACjE,MAAM,EAAE,mBAAmB,EAAE,GAAG,OAAO,CAAC,qCAAqC,CAAC,CAAC;YAC/E,MAAM,YAAY,GAAG,mBAAmB,CAAC,MAAM,CAAC,CAAC;YACjD,MAAM,OAAO,GAAG,YAAY,CAAC,IAAI,IAAI,YAAY,CAAC,UAAU,CAAC;YAC7D,MAAM,MAAM,GAAG,OAAO,EAAE,MAAM,CAAC;YAE/B,IAAI,CAAC,MAAM,IAAI,MAAM,CAAC,UAAU,CAAC,UAAU,CAAC,EAAE,CAAC;gBAC7C,OAAO,CAAC,GAAG,CAAC,6CAA6C,CAAC,CAAC;gBAC3D,OAAO,KAAK,CAAC;YACf,CAAC;YAED,IAAI,CAAC;gBACH,MAAM,EAAE,GAAG,IAAA,4BAAW,EAAC,MAAM,CAAC,CAAC;gBAE/B,MAAM,EAAE,CAAC,IAAI,CAAC,IAAI,qCAAoB,CAAC;oBACrC,MAAM,EAAE,UAAU;oBAClB,iBAAiB,EAAE;wBACjB,SAAS,EAAE,CAAC;gCACV,cAAc,EAAE,CAAC,GAAG,CAAC;gCACrB,cAAc,EAAE,CAAC,KAAK,EAAE,KAAK,EAAE,MAAM,EAAE,QAAQ,CAAC;gCAChD,cAAc,EAAE,CAAC,UAAU,GAAG,MAAM,CAAC;gCACrC,aAAa,EAAE,IAAI;6BACpB,CAAC;qBACH;iBACF,CAAC,CAAC,CAAC;gBACJ,OAAO,CAAC,GAAG,CAAC,iCAAiC,GAAG,MAAM,CAAC,CAAC;gBACxD,OAAO,IAAI,CAAC;YACd,CAAC;YAAC,OAAO,CAAC,EAAE,CAAC;gBACX,OAAO,CAAC,GAAG,CAAC,+BAA+B,GAAG,CAAC,CAAC,YAAY,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;gBAC5F,OAAO,KAAK,CAAC;YACf,CAAC;QACH,CAAC;QACD,SAAS,EAAE,iEAAiE;KAC7E;CACF,CAAC"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"security-groups.d.ts","sourceRoot":"","sources":["../../../../../src/plugins/pipelines/aws/scanfix/security-groups.ts"],"names":[],"mappings":"AAAA
|
|
1
|
+
{"version":3,"file":"security-groups.d.ts","sourceRoot":"","sources":["../../../../../src/plugins/pipelines/aws/scanfix/security-groups.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAEH,OAAO,KAAK,EAAiB,GAAG,EAAE,MAAM,4BAA4B,CAAC;AAcrE,eAAO,MAAM,kBAAkB,EAAE,GAAG,EA6NnC,CAAC"}
|
|
@@ -5,83 +5,71 @@
|
|
|
5
5
|
* Provisions security groups for EC2 and RDS.
|
|
6
6
|
* EC2 SG: SSH(22), HTTP(80), HTTPS(443)
|
|
7
7
|
* RDS SG: PostgreSQL(5432) from EC2 SG only
|
|
8
|
+
* Uses AWS SDK v3.
|
|
8
9
|
*/
|
|
9
10
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
10
11
|
exports.securityGroupFixes = void 0;
|
|
11
12
|
const aws_helpers_js_1 = require("../utils/aws-helpers.js");
|
|
12
|
-
/**
|
|
13
|
-
* Find security group by name and VPC
|
|
14
|
-
*/
|
|
15
|
-
function findSecurityGroup(groupName, vpcId, region) {
|
|
16
|
-
const result = (0, aws_helpers_js_1.awsExecSafe)('aws ec2 describe-security-groups --filters "Name=group-name,Values=' + groupName + '" "Name=vpc-id,Values=' + vpcId + '" --query "SecurityGroups[0].GroupId" --output text', region);
|
|
17
|
-
if (!result || result === 'None' || result === 'null')
|
|
18
|
-
return null;
|
|
19
|
-
return result.replace(/"/g, '');
|
|
20
|
-
}
|
|
21
|
-
/**
|
|
22
|
-
* Find VPC by factiii:project tag (shared with vpc.ts)
|
|
23
|
-
*/
|
|
24
|
-
function findVpc(projectName, region) {
|
|
25
|
-
const result = (0, aws_helpers_js_1.awsExecSafe)('aws ec2 describe-vpcs --filters "Name=tag:factiii:project,Values=' + projectName + '" --query "Vpcs[0].VpcId" --output text', region);
|
|
26
|
-
if (!result || result === 'None' || result === 'null')
|
|
27
|
-
return null;
|
|
28
|
-
return result.replace(/"/g, '');
|
|
29
|
-
}
|
|
30
|
-
/**
|
|
31
|
-
* Check if AWS is configured for this project
|
|
32
|
-
*/
|
|
33
|
-
function isAwsConfigured(config) {
|
|
34
|
-
if ((0, aws_helpers_js_1.isOnServer)())
|
|
35
|
-
return false;
|
|
36
|
-
if (config.aws)
|
|
37
|
-
return true;
|
|
38
|
-
// eslint-disable-next-line @typescript-eslint/no-require-imports
|
|
39
|
-
const { extractEnvironments } = require('../../../../utils/config-helpers.js');
|
|
40
|
-
const environments = extractEnvironments(config);
|
|
41
|
-
return Object.values(environments).some((e) => e.pipeline === 'aws');
|
|
42
|
-
}
|
|
43
13
|
exports.securityGroupFixes = [
|
|
44
14
|
{
|
|
45
15
|
id: 'aws-sg-ec2-missing',
|
|
46
16
|
stage: 'prod',
|
|
47
17
|
severity: 'critical',
|
|
48
|
-
description: 'EC2 security group not created (SSH, HTTP, HTTPS)',
|
|
18
|
+
description: '🛡️ EC2 security group not created (SSH, HTTP, HTTPS)',
|
|
49
19
|
scan: async (config) => {
|
|
50
|
-
if (!isAwsConfigured(config))
|
|
20
|
+
if (!(0, aws_helpers_js_1.isAwsConfigured)(config))
|
|
51
21
|
return false;
|
|
52
22
|
const { region } = (0, aws_helpers_js_1.getAwsConfig)(config);
|
|
53
23
|
const projectName = (0, aws_helpers_js_1.getProjectName)(config);
|
|
54
|
-
const vpcId = findVpc(projectName, region);
|
|
24
|
+
const vpcId = await (0, aws_helpers_js_1.findVpc)(projectName, region);
|
|
55
25
|
if (!vpcId)
|
|
56
|
-
return false;
|
|
57
|
-
return !findSecurityGroup('factiii-' + projectName + '-ec2', vpcId, region);
|
|
26
|
+
return false;
|
|
27
|
+
return !(await (0, aws_helpers_js_1.findSecurityGroup)('factiii-' + projectName + '-ec2', vpcId, region));
|
|
58
28
|
},
|
|
59
29
|
fix: async (config) => {
|
|
60
30
|
const { region } = (0, aws_helpers_js_1.getAwsConfig)(config);
|
|
61
31
|
const projectName = (0, aws_helpers_js_1.getProjectName)(config);
|
|
62
|
-
const vpcId = findVpc(projectName, region);
|
|
32
|
+
const vpcId = await (0, aws_helpers_js_1.findVpc)(projectName, region);
|
|
63
33
|
if (!vpcId) {
|
|
64
34
|
console.log(' VPC must be created first');
|
|
65
35
|
return false;
|
|
66
36
|
}
|
|
67
37
|
try {
|
|
38
|
+
const ec2 = (0, aws_helpers_js_1.getEC2Client)(region);
|
|
68
39
|
const groupName = 'factiii-' + projectName + '-ec2';
|
|
69
40
|
// Create security group
|
|
70
|
-
const sgResult = (
|
|
71
|
-
|
|
72
|
-
'
|
|
73
|
-
|
|
74
|
-
|
|
41
|
+
const sgResult = await ec2.send(new aws_helpers_js_1.CreateSecurityGroupCommand({
|
|
42
|
+
GroupName: groupName,
|
|
43
|
+
Description: 'EC2 security group for ' + projectName,
|
|
44
|
+
VpcId: vpcId,
|
|
45
|
+
TagSpecifications: [(0, aws_helpers_js_1.tagSpec)('security-group', projectName)],
|
|
46
|
+
}));
|
|
47
|
+
const sgId = sgResult.GroupId;
|
|
75
48
|
console.log(' Created EC2 security group: ' + sgId);
|
|
76
49
|
// Allow SSH (port 22)
|
|
77
|
-
(
|
|
78
|
-
|
|
50
|
+
await ec2.send(new aws_helpers_js_1.AuthorizeSecurityGroupIngressCommand({
|
|
51
|
+
GroupId: sgId,
|
|
52
|
+
IpProtocol: 'tcp',
|
|
53
|
+
FromPort: 22,
|
|
54
|
+
ToPort: 22,
|
|
55
|
+
CidrIp: '0.0.0.0/0',
|
|
56
|
+
}));
|
|
79
57
|
// Allow HTTP (port 80)
|
|
80
|
-
(
|
|
81
|
-
|
|
58
|
+
await ec2.send(new aws_helpers_js_1.AuthorizeSecurityGroupIngressCommand({
|
|
59
|
+
GroupId: sgId,
|
|
60
|
+
IpProtocol: 'tcp',
|
|
61
|
+
FromPort: 80,
|
|
62
|
+
ToPort: 80,
|
|
63
|
+
CidrIp: '0.0.0.0/0',
|
|
64
|
+
}));
|
|
82
65
|
// Allow HTTPS (port 443)
|
|
83
|
-
(
|
|
84
|
-
|
|
66
|
+
await ec2.send(new aws_helpers_js_1.AuthorizeSecurityGroupIngressCommand({
|
|
67
|
+
GroupId: sgId,
|
|
68
|
+
IpProtocol: 'tcp',
|
|
69
|
+
FromPort: 443,
|
|
70
|
+
ToPort: 443,
|
|
71
|
+
CidrIp: '0.0.0.0/0',
|
|
72
|
+
}));
|
|
85
73
|
console.log(' Allowed inbound: SSH(22), HTTP(80), HTTPS(443)');
|
|
86
74
|
return true;
|
|
87
75
|
}
|
|
@@ -96,43 +84,52 @@ exports.securityGroupFixes = [
|
|
|
96
84
|
id: 'aws-sg-rds-missing',
|
|
97
85
|
stage: 'prod',
|
|
98
86
|
severity: 'critical',
|
|
99
|
-
description: 'RDS security group not created (PostgreSQL from EC2 only)',
|
|
87
|
+
description: '🛡️ RDS security group not created (PostgreSQL from EC2 only)',
|
|
100
88
|
scan: async (config) => {
|
|
101
|
-
if (!isAwsConfigured(config))
|
|
89
|
+
if (!(0, aws_helpers_js_1.isAwsConfigured)(config))
|
|
102
90
|
return false;
|
|
103
91
|
const { region } = (0, aws_helpers_js_1.getAwsConfig)(config);
|
|
104
92
|
const projectName = (0, aws_helpers_js_1.getProjectName)(config);
|
|
105
|
-
const vpcId = findVpc(projectName, region);
|
|
93
|
+
const vpcId = await (0, aws_helpers_js_1.findVpc)(projectName, region);
|
|
106
94
|
if (!vpcId)
|
|
107
95
|
return false;
|
|
108
|
-
return !findSecurityGroup('factiii-' + projectName + '-rds', vpcId, region);
|
|
96
|
+
return !(await (0, aws_helpers_js_1.findSecurityGroup)('factiii-' + projectName + '-rds', vpcId, region));
|
|
109
97
|
},
|
|
110
98
|
fix: async (config) => {
|
|
111
99
|
const { region } = (0, aws_helpers_js_1.getAwsConfig)(config);
|
|
112
100
|
const projectName = (0, aws_helpers_js_1.getProjectName)(config);
|
|
113
|
-
const vpcId = findVpc(projectName, region);
|
|
101
|
+
const vpcId = await (0, aws_helpers_js_1.findVpc)(projectName, region);
|
|
114
102
|
if (!vpcId) {
|
|
115
103
|
console.log(' VPC must be created first');
|
|
116
104
|
return false;
|
|
117
105
|
}
|
|
118
|
-
|
|
119
|
-
const ec2SgId = findSecurityGroup('factiii-' + projectName + '-ec2', vpcId, region);
|
|
106
|
+
const ec2SgId = await (0, aws_helpers_js_1.findSecurityGroup)('factiii-' + projectName + '-ec2', vpcId, region);
|
|
120
107
|
if (!ec2SgId) {
|
|
121
108
|
console.log(' EC2 security group must be created first');
|
|
122
109
|
return false;
|
|
123
110
|
}
|
|
124
111
|
try {
|
|
112
|
+
const ec2 = (0, aws_helpers_js_1.getEC2Client)(region);
|
|
125
113
|
const groupName = 'factiii-' + projectName + '-rds';
|
|
126
114
|
// Create RDS security group
|
|
127
|
-
const sgResult = (
|
|
128
|
-
|
|
129
|
-
'
|
|
130
|
-
|
|
131
|
-
|
|
115
|
+
const sgResult = await ec2.send(new aws_helpers_js_1.CreateSecurityGroupCommand({
|
|
116
|
+
GroupName: groupName,
|
|
117
|
+
Description: 'RDS security group for ' + projectName,
|
|
118
|
+
VpcId: vpcId,
|
|
119
|
+
TagSpecifications: [(0, aws_helpers_js_1.tagSpec)('security-group', projectName)],
|
|
120
|
+
}));
|
|
121
|
+
const sgId = sgResult.GroupId;
|
|
132
122
|
console.log(' Created RDS security group: ' + sgId);
|
|
133
123
|
// Allow PostgreSQL (port 5432) from EC2 security group ONLY
|
|
134
|
-
(
|
|
135
|
-
|
|
124
|
+
await ec2.send(new aws_helpers_js_1.AuthorizeSecurityGroupIngressCommand({
|
|
125
|
+
GroupId: sgId,
|
|
126
|
+
IpPermissions: [{
|
|
127
|
+
IpProtocol: 'tcp',
|
|
128
|
+
FromPort: 5432,
|
|
129
|
+
ToPort: 5432,
|
|
130
|
+
UserIdGroupPairs: [{ GroupId: ec2SgId }],
|
|
131
|
+
}],
|
|
132
|
+
}));
|
|
136
133
|
console.log(' Allowed inbound: PostgreSQL(5432) from EC2 SG only');
|
|
137
134
|
return true;
|
|
138
135
|
}
|
|
@@ -147,43 +144,42 @@ exports.securityGroupFixes = [
|
|
|
147
144
|
id: 'aws-sg-rds-mac-access',
|
|
148
145
|
stage: 'prod',
|
|
149
146
|
severity: 'info',
|
|
150
|
-
description: 'RDS security group does not allow Mac Mini staging access',
|
|
147
|
+
description: '🛡️ RDS security group does not allow Mac Mini staging access',
|
|
151
148
|
scan: async (config) => {
|
|
152
|
-
if (!isAwsConfigured(config))
|
|
149
|
+
if (!(0, aws_helpers_js_1.isAwsConfigured)(config))
|
|
153
150
|
return false;
|
|
154
151
|
const { region } = (0, aws_helpers_js_1.getAwsConfig)(config);
|
|
155
152
|
const projectName = (0, aws_helpers_js_1.getProjectName)(config);
|
|
156
|
-
const vpcId = findVpc(projectName, region);
|
|
153
|
+
const vpcId = await (0, aws_helpers_js_1.findVpc)(projectName, region);
|
|
157
154
|
if (!vpcId)
|
|
158
155
|
return false;
|
|
159
|
-
const rdsSgId = findSecurityGroup('factiii-' + projectName + '-rds', vpcId, region);
|
|
156
|
+
const rdsSgId = await (0, aws_helpers_js_1.findSecurityGroup)('factiii-' + projectName + '-rds', vpcId, region);
|
|
160
157
|
if (!rdsSgId)
|
|
161
|
-
return false;
|
|
162
|
-
// Check if staging domain is configured
|
|
158
|
+
return false;
|
|
163
159
|
// eslint-disable-next-line @typescript-eslint/no-require-imports
|
|
164
160
|
const { extractEnvironments } = require('../../../../utils/config-helpers.js');
|
|
165
161
|
const environments = extractEnvironments(config);
|
|
166
162
|
const stagingEnv = environments.staging;
|
|
167
163
|
if (!stagingEnv?.domain)
|
|
168
|
-
return false; // No staging configured
|
|
169
|
-
// Check if RDS SG has an inbound rule for the staging IP
|
|
170
|
-
const rulesResult = (0, aws_helpers_js_1.awsExecSafe)('aws ec2 describe-security-groups --group-ids ' + rdsSgId + ' --query "SecurityGroups[0].IpPermissions" --output json', region);
|
|
171
|
-
if (!rulesResult)
|
|
172
164
|
return false;
|
|
165
|
+
// Check if RDS SG has an inbound rule for the staging IP
|
|
173
166
|
try {
|
|
174
|
-
const
|
|
167
|
+
const ec2 = (0, aws_helpers_js_1.getEC2Client)(region);
|
|
168
|
+
const rulesResult = await ec2.send(new aws_helpers_js_1.DescribeSecurityGroupsCommand({
|
|
169
|
+
GroupIds: [rdsSgId],
|
|
170
|
+
}));
|
|
171
|
+
const rules = rulesResult.SecurityGroups?.[0]?.IpPermissions ?? [];
|
|
175
172
|
const stagingIp = stagingEnv.domain;
|
|
176
|
-
// Check if any rule allows the staging IP on port 5432
|
|
177
173
|
for (const rule of rules) {
|
|
178
174
|
if (rule.FromPort === 5432 && rule.ToPort === 5432) {
|
|
179
|
-
for (const ipRange of (rule.IpRanges
|
|
175
|
+
for (const ipRange of (rule.IpRanges ?? [])) {
|
|
180
176
|
if (ipRange.CidrIp === stagingIp + '/32') {
|
|
181
|
-
return false;
|
|
177
|
+
return false;
|
|
182
178
|
}
|
|
183
179
|
}
|
|
184
180
|
}
|
|
185
181
|
}
|
|
186
|
-
return true;
|
|
182
|
+
return true;
|
|
187
183
|
}
|
|
188
184
|
catch {
|
|
189
185
|
return false;
|
|
@@ -192,10 +188,10 @@ exports.securityGroupFixes = [
|
|
|
192
188
|
fix: async (config) => {
|
|
193
189
|
const { region } = (0, aws_helpers_js_1.getAwsConfig)(config);
|
|
194
190
|
const projectName = (0, aws_helpers_js_1.getProjectName)(config);
|
|
195
|
-
const vpcId = findVpc(projectName, region);
|
|
191
|
+
const vpcId = await (0, aws_helpers_js_1.findVpc)(projectName, region);
|
|
196
192
|
if (!vpcId)
|
|
197
193
|
return false;
|
|
198
|
-
const rdsSgId = findSecurityGroup('factiii-' + projectName + '-rds', vpcId, region);
|
|
194
|
+
const rdsSgId = await (0, aws_helpers_js_1.findSecurityGroup)('factiii-' + projectName + '-rds', vpcId, region);
|
|
199
195
|
if (!rdsSgId) {
|
|
200
196
|
console.log(' RDS security group must be created first');
|
|
201
197
|
return false;
|
|
@@ -209,10 +205,15 @@ exports.securityGroupFixes = [
|
|
|
209
205
|
return false;
|
|
210
206
|
}
|
|
211
207
|
try {
|
|
208
|
+
const ec2 = (0, aws_helpers_js_1.getEC2Client)(region);
|
|
212
209
|
const stagingIp = stagingEnv.domain;
|
|
213
|
-
|
|
214
|
-
|
|
215
|
-
'
|
|
210
|
+
await ec2.send(new aws_helpers_js_1.AuthorizeSecurityGroupIngressCommand({
|
|
211
|
+
GroupId: rdsSgId,
|
|
212
|
+
IpProtocol: 'tcp',
|
|
213
|
+
FromPort: 5432,
|
|
214
|
+
ToPort: 5432,
|
|
215
|
+
CidrIp: stagingIp + '/32',
|
|
216
|
+
}));
|
|
216
217
|
console.log(' Allowed Mac Mini (' + stagingIp + ') access to RDS on port 5432');
|
|
217
218
|
return true;
|
|
218
219
|
}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"security-groups.js","sourceRoot":"","sources":["../../../../../src/plugins/pipelines/aws/scanfix/security-groups.ts"],"names":[],"mappings":";AAAA
|
|
1
|
+
{"version":3,"file":"security-groups.js","sourceRoot":"","sources":["../../../../../src/plugins/pipelines/aws/scanfix/security-groups.ts"],"names":[],"mappings":";AAAA;;;;;;;GAOG;;;AAGH,4DAWiC;AAEpB,QAAA,kBAAkB,GAAU;IACvC;QACE,EAAE,EAAE,oBAAoB;QACxB,KAAK,EAAE,MAAM;QACb,QAAQ,EAAE,UAAU;QACpB,WAAW,EAAE,uDAAuD;QACpE,IAAI,EAAE,KAAK,EAAE,MAAqB,EAAoB,EAAE;YACtD,IAAI,CAAC,IAAA,gCAAe,EAAC,MAAM,CAAC;gBAAE,OAAO,KAAK,CAAC;YAC3C,MAAM,EAAE,MAAM,EAAE,GAAG,IAAA,6BAAY,EAAC,MAAM,CAAC,CAAC;YACxC,MAAM,WAAW,GAAG,IAAA,+BAAc,EAAC,MAAM,CAAC,CAAC;YAC3C,MAAM,KAAK,GAAG,MAAM,IAAA,wBAAO,EAAC,WAAW,EAAE,MAAM,CAAC,CAAC;YACjD,IAAI,CAAC,KAAK;gBAAE,OAAO,KAAK,CAAC;YACzB,OAAO,CAAC,CAAC,MAAM,IAAA,kCAAiB,EAAC,UAAU,GAAG,WAAW,GAAG,MAAM,EAAE,KAAK,EAAE,MAAM,CAAC,CAAC,CAAC;QACtF,CAAC;QACD,GAAG,EAAE,KAAK,EAAE,MAAqB,EAAoB,EAAE;YACrD,MAAM,EAAE,MAAM,EAAE,GAAG,IAAA,6BAAY,EAAC,MAAM,CAAC,CAAC;YACxC,MAAM,WAAW,GAAG,IAAA,+BAAc,EAAC,MAAM,CAAC,CAAC;YAC3C,MAAM,KAAK,GAAG,MAAM,IAAA,wBAAO,EAAC,WAAW,EAAE,MAAM,CAAC,CAAC;YACjD,IAAI,CAAC,KAAK,EAAE,CAAC;gBACX,OAAO,CAAC,GAAG,CAAC,8BAA8B,CAAC,CAAC;gBAC5C,OAAO,KAAK,CAAC;YACf,CAAC;YAED,IAAI,CAAC;gBACH,MAAM,GAAG,GAAG,IAAA,6BAAY,EAAC,MAAM,CAAC,CAAC;gBACjC,MAAM,SAAS,GAAG,UAAU,GAAG,WAAW,GAAG,MAAM,CAAC;gBAEpD,wBAAwB;gBACxB,MAAM,QAAQ,GAAG,MAAM,GAAG,CAAC,IAAI,CAAC,IAAI,2CAA0B,CAAC;oBAC7D,SAAS,EAAE,SAAS;oBACpB,WAAW,EAAE,yBAAyB,GAAG,WAAW;oBACpD,KAAK,EAAE,KAAK;oBACZ,iBAAiB,EAAE,CAAC,IAAA,wBAAO,EAAC,gBAAgB,EAAE,WAAW,CAAC,CAAC;iBAC5D,CAAC,CAAC,CAAC;gBACJ,MAAM,IAAI,GAAG,QAAQ,CAAC,OAAO,CAAC;gBAC9B,OAAO,CAAC,GAAG,CAAC,iCAAiC,GAAG,IAAI,CAAC,CAAC;gBAEtD,sBAAsB;gBACtB,MAAM,GAAG,CAAC,IAAI,CAAC,IAAI,qDAAoC,CAAC;oBACtD,OAAO,EAAE,IAAI;oBACb,UAAU,EAAE,KAAK;oBACjB,QAAQ,EAAE,EAAE;oBACZ,MAAM,EAAE,EAAE;oBACV,MAAM,EAAE,WAAW;iBACpB,CAAC,CAAC,CAAC;gBAEJ,uBAAuB;gBACvB,MAAM,GAAG,CAAC,IAAI,CAAC,IAAI,qDAAoC,CAAC;oBACtD,OAAO,EAAE,IAAI;oBACb,UAAU,EAAE,KAAK;oBACjB,QAAQ,EAAE,EAAE;oBACZ,MAAM,EAAE,EAAE;oBACV,MAAM,EAAE,WAAW;iBACpB,CAAC,CAAC,CAAC;gBAEJ,yBAAyB;gBACzB,MAAM,GAAG,CAAC,IAAI,CAAC,IAAI,qDAAoC,CAAC;oBACtD,OAAO,EAAE,IAAI;oBACb,UAAU,EAAE,KAAK;oBACjB,QAAQ,EAAE,GAAG;oBACb,MAAM,EAAE,GAAG;oBACX,MAAM,EAAE,WAAW;iBACpB,CAAC,CAAC,CAAC;gBAEJ,OAAO,CAAC,GAAG,CAAC,mDAAmD,CAAC,CAAC;gBACjE,OAAO,IAAI,CAAC;YACd,CAAC;YAAC,OAAO,CAAC,EAAE,CAAC;gBACX,OAAO,CAAC,GAAG,CAAC,0CAA0C,GAAG,CAAC,CAAC,YAAY,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;gBACvG,OAAO,KAAK,CAAC;YACf,CAAC;QACH,CAAC;QACD,SAAS,EAAE,gFAAgF;KAC5F;IACD;QACE,EAAE,EAAE,oBAAoB;QACxB,KAAK,EAAE,MAAM;QACb,QAAQ,EAAE,UAAU;QACpB,WAAW,EAAE,+DAA+D;QAC5E,IAAI,EAAE,KAAK,EAAE,MAAqB,EAAoB,EAAE;YACtD,IAAI,CAAC,IAAA,gCAAe,EAAC,MAAM,CAAC;gBAAE,OAAO,KAAK,CAAC;YAC3C,MAAM,EAAE,MAAM,EAAE,GAAG,IAAA,6BAAY,EAAC,MAAM,CAAC,CAAC;YACxC,MAAM,WAAW,GAAG,IAAA,+BAAc,EAAC,MAAM,CAAC,CAAC;YAC3C,MAAM,KAAK,GAAG,MAAM,IAAA,wBAAO,EAAC,WAAW,EAAE,MAAM,CAAC,CAAC;YACjD,IAAI,CAAC,KAAK;gBAAE,OAAO,KAAK,CAAC;YACzB,OAAO,CAAC,CAAC,MAAM,IAAA,kCAAiB,EAAC,UAAU,GAAG,WAAW,GAAG,MAAM,EAAE,KAAK,EAAE,MAAM,CAAC,CAAC,CAAC;QACtF,CAAC;QACD,GAAG,EAAE,KAAK,EAAE,MAAqB,EAAoB,EAAE;YACrD,MAAM,EAAE,MAAM,EAAE,GAAG,IAAA,6BAAY,EAAC,MAAM,CAAC,CAAC;YACxC,MAAM,WAAW,GAAG,IAAA,+BAAc,EAAC,MAAM,CAAC,CAAC;YAC3C,MAAM,KAAK,GAAG,MAAM,IAAA,wBAAO,EAAC,WAAW,EAAE,MAAM,CAAC,CAAC;YACjD,IAAI,CAAC,KAAK,EAAE,CAAC;gBACX,OAAO,CAAC,GAAG,CAAC,8BAA8B,CAAC,CAAC;gBAC5C,OAAO,KAAK,CAAC;YACf,CAAC;YAED,MAAM,OAAO,GAAG,MAAM,IAAA,kCAAiB,EAAC,UAAU,GAAG,WAAW,GAAG,MAAM,EAAE,KAAK,EAAE,MAAM,CAAC,CAAC;YAC1F,IAAI,CAAC,OAAO,EAAE,CAAC;gBACb,OAAO,CAAC,GAAG,CAAC,6CAA6C,CAAC,CAAC;gBAC3D,OAAO,KAAK,CAAC;YACf,CAAC;YAED,IAAI,CAAC;gBACH,MAAM,GAAG,GAAG,IAAA,6BAAY,EAAC,MAAM,CAAC,CAAC;gBACjC,MAAM,SAAS,GAAG,UAAU,GAAG,WAAW,GAAG,MAAM,CAAC;gBAEpD,4BAA4B;gBAC5B,MAAM,QAAQ,GAAG,MAAM,GAAG,CAAC,IAAI,CAAC,IAAI,2CAA0B,CAAC;oBAC7D,SAAS,EAAE,SAAS;oBACpB,WAAW,EAAE,yBAAyB,GAAG,WAAW;oBACpD,KAAK,EAAE,KAAK;oBACZ,iBAAiB,EAAE,CAAC,IAAA,wBAAO,EAAC,gBAAgB,EAAE,WAAW,CAAC,CAAC;iBAC5D,CAAC,CAAC,CAAC;gBACJ,MAAM,IAAI,GAAG,QAAQ,CAAC,OAAO,CAAC;gBAC9B,OAAO,CAAC,GAAG,CAAC,iCAAiC,GAAG,IAAI,CAAC,CAAC;gBAEtD,4DAA4D;gBAC5D,MAAM,GAAG,CAAC,IAAI,CAAC,IAAI,qDAAoC,CAAC;oBACtD,OAAO,EAAE,IAAI;oBACb,aAAa,EAAE,CAAC;4BACd,UAAU,EAAE,KAAK;4BACjB,QAAQ,EAAE,IAAI;4BACd,MAAM,EAAE,IAAI;4BACZ,gBAAgB,EAAE,CAAC,EAAE,OAAO,EAAE,OAAO,EAAE,CAAC;yBACzC,CAAC;iBACH,CAAC,CAAC,CAAC;gBAEJ,OAAO,CAAC,GAAG,CAAC,uDAAuD,CAAC,CAAC;gBACrE,OAAO,IAAI,CAAC;YACd,CAAC;YAAC,OAAO,CAAC,EAAE,CAAC;gBACX,OAAO,CAAC,GAAG,CAAC,0CAA0C,GAAG,CAAC,CAAC,YAAY,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;gBACvG,OAAO,KAAK,CAAC;YACf,CAAC;QACH,CAAC;QACD,SAAS,EAAE,kFAAkF;KAC9F;IACD;QACE,EAAE,EAAE,uBAAuB;QAC3B,KAAK,EAAE,MAAM;QACb,QAAQ,EAAE,MAAM;QAChB,WAAW,EAAE,+DAA+D;QAC5E,IAAI,EAAE,KAAK,EAAE,MAAqB,EAAoB,EAAE;YACtD,IAAI,CAAC,IAAA,gCAAe,EAAC,MAAM,CAAC;gBAAE,OAAO,KAAK,CAAC;YAC3C,MAAM,EAAE,MAAM,EAAE,GAAG,IAAA,6BAAY,EAAC,MAAM,CAAC,CAAC;YACxC,MAAM,WAAW,GAAG,IAAA,+BAAc,EAAC,MAAM,CAAC,CAAC;YAC3C,MAAM,KAAK,GAAG,MAAM,IAAA,wBAAO,EAAC,WAAW,EAAE,MAAM,CAAC,CAAC;YACjD,IAAI,CAAC,KAAK;gBAAE,OAAO,KAAK,CAAC;YAEzB,MAAM,OAAO,GAAG,MAAM,IAAA,kCAAiB,EAAC,UAAU,GAAG,WAAW,GAAG,MAAM,EAAE,KAAK,EAAE,MAAM,CAAC,CAAC;YAC1F,IAAI,CAAC,OAAO;gBAAE,OAAO,KAAK,CAAC;YAE3B,iEAAiE;YACjE,MAAM,EAAE,mBAAmB,EAAE,GAAG,OAAO,CAAC,qCAAqC,CAAC,CAAC;YAC/E,MAAM,YAAY,GAAG,mBAAmB,CAAC,MAAM,CAAC,CAAC;YACjD,MAAM,UAAU,GAAG,YAAY,CAAC,OAAO,CAAC;YACxC,IAAI,CAAC,UAAU,EAAE,MAAM;gBAAE,OAAO,KAAK,CAAC;YAEtC,yDAAyD;YACzD,IAAI,CAAC;gBACH,MAAM,GAAG,GAAG,IAAA,6BAAY,EAAC,MAAM,CAAC,CAAC;gBACjC,MAAM,WAAW,GAAG,MAAM,GAAG,CAAC,IAAI,CAAC,IAAI,8CAA6B,CAAC;oBACnE,QAAQ,EAAE,CAAC,OAAO,CAAC;iBACpB,CAAC,CAAC,CAAC;gBACJ,MAAM,KAAK,GAAG,WAAW,CAAC,cAAc,EAAE,CAAC,CAAC,CAAC,EAAE,aAAa,IAAI,EAAE,CAAC;gBACnE,MAAM,SAAS,GAAG,UAAU,CAAC,MAAM,CAAC;gBAEpC,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;oBACzB,IAAI,IAAI,CAAC,QAAQ,KAAK,IAAI,IAAI,IAAI,CAAC,MAAM,KAAK,IAAI,EAAE,CAAC;wBACnD,KAAK,MAAM,OAAO,IAAI,CAAC,IAAI,CAAC,QAAQ,IAAI,EAAE,CAAC,EAAE,CAAC;4BAC5C,IAAI,OAAO,CAAC,MAAM,KAAK,SAAS,GAAG,KAAK,EAAE,CAAC;gCACzC,OAAO,KAAK,CAAC;4BACf,CAAC;wBACH,CAAC;oBACH,CAAC;gBACH,CAAC;gBACD,OAAO,IAAI,CAAC;YACd,CAAC;YAAC,MAAM,CAAC;gBACP,OAAO,KAAK,CAAC;YACf,CAAC;QACH,CAAC;QACD,GAAG,EAAE,KAAK,EAAE,MAAqB,EAAoB,EAAE;YACrD,MAAM,EAAE,MAAM,EAAE,GAAG,IAAA,6BAAY,EAAC,MAAM,CAAC,CAAC;YACxC,MAAM,WAAW,GAAG,IAAA,+BAAc,EAAC,MAAM,CAAC,CAAC;YAC3C,MAAM,KAAK,GAAG,MAAM,IAAA,wBAAO,EAAC,WAAW,EAAE,MAAM,CAAC,CAAC;YACjD,IAAI,CAAC,KAAK;gBAAE,OAAO,KAAK,CAAC;YAEzB,MAAM,OAAO,GAAG,MAAM,IAAA,kCAAiB,EAAC,UAAU,GAAG,WAAW,GAAG,MAAM,EAAE,KAAK,EAAE,MAAM,CAAC,CAAC;YAC1F,IAAI,CAAC,OAAO,EAAE,CAAC;gBACb,OAAO,CAAC,GAAG,CAAC,6CAA6C,CAAC,CAAC;gBAC3D,OAAO,KAAK,CAAC;YACf,CAAC;YAED,iEAAiE;YACjE,MAAM,EAAE,mBAAmB,EAAE,GAAG,OAAO,CAAC,qCAAqC,CAAC,CAAC;YAC/E,MAAM,YAAY,GAAG,mBAAmB,CAAC,MAAM,CAAC,CAAC;YACjD,MAAM,UAAU,GAAG,YAAY,CAAC,OAAO,CAAC;YACxC,IAAI,CAAC,UAAU,EAAE,MAAM,EAAE,CAAC;gBACxB,OAAO,CAAC,GAAG,CAAC,iCAAiC,CAAC,CAAC;gBAC/C,OAAO,KAAK,CAAC;YACf,CAAC;YAED,IAAI,CAAC;gBACH,MAAM,GAAG,GAAG,IAAA,6BAAY,EAAC,MAAM,CAAC,CAAC;gBACjC,MAAM,SAAS,GAAG,UAAU,CAAC,MAAM,CAAC;gBAEpC,MAAM,GAAG,CAAC,IAAI,CAAC,IAAI,qDAAoC,CAAC;oBACtD,OAAO,EAAE,OAAO;oBAChB,UAAU,EAAE,KAAK;oBACjB,QAAQ,EAAE,IAAI;oBACd,MAAM,EAAE,IAAI;oBACZ,MAAM,EAAE,SAAS,GAAG,KAAK;iBAC1B,CAAC,CAAC,CAAC;gBAEJ,OAAO,CAAC,GAAG,CAAC,uBAAuB,GAAG,SAAS,GAAG,8BAA8B,CAAC,CAAC;gBAClF,OAAO,IAAI,CAAC;YACd,CAAC;YAAC,OAAO,CAAC,EAAE,CAAC;gBACX,OAAO,CAAC,GAAG,CAAC,oCAAoC,GAAG,CAAC,CAAC,YAAY,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;gBACjG,OAAO,KAAK,CAAC;YACf,CAAC;QACH,CAAC;QACD,SAAS,EAAE,2EAA2E;KACvF;CACF,CAAC"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"ses.d.ts","sourceRoot":"","sources":["../../../../../src/plugins/pipelines/aws/scanfix/ses.ts"],"names":[],"mappings":"AAAA
|
|
1
|
+
{"version":3,"file":"ses.d.ts","sourceRoot":"","sources":["../../../../../src/plugins/pipelines/aws/scanfix/ses.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH,OAAO,KAAK,EAAiB,GAAG,EAAE,MAAM,4BAA4B,CAAC;AA0BrE,eAAO,MAAM,QAAQ,EAAE,GAAG,EA8HzB,CAAC"}
|