@factiii/stack 0.1.34 → 0.1.35
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +441 -441
- package/bin/stack +46 -0
- package/dist/cli/fix.js +10 -10
- package/dist/cli/fix.js.map +1 -1
- package/dist/cli/init.d.ts.map +1 -1
- package/dist/cli/init.js +20 -7
- package/dist/cli/init.js.map +1 -1
- package/dist/cli/scan.d.ts.map +1 -1
- package/dist/cli/scan.js +14 -22
- package/dist/cli/scan.js.map +1 -1
- package/dist/generators/generate-stack-yml.d.ts +1 -1
- package/dist/generators/generate-stack-yml.d.ts.map +1 -1
- package/dist/generators/generate-stack-yml.js +96 -69
- package/dist/generators/generate-stack-yml.js.map +1 -1
- package/dist/plugins/addons/openclaw/index.d.ts +45 -0
- package/dist/plugins/addons/openclaw/index.d.ts.map +1 -0
- package/dist/plugins/addons/openclaw/index.js +107 -0
- package/dist/plugins/addons/openclaw/index.js.map +1 -0
- package/dist/plugins/addons/openclaw/scanfix/setup.d.ts +19 -0
- package/dist/plugins/addons/openclaw/scanfix/setup.d.ts.map +1 -0
- package/dist/plugins/addons/openclaw/scanfix/setup.js +441 -0
- package/dist/plugins/addons/openclaw/scanfix/setup.js.map +1 -0
- package/dist/plugins/index.d.ts.map +1 -1
- package/dist/plugins/index.js +8 -0
- package/dist/plugins/index.js.map +1 -1
- package/dist/plugins/pipelines/aws/index.js +15 -15
- package/dist/plugins/pipelines/aws/prod.js +7 -7
- package/dist/plugins/pipelines/aws/scanfix/aws-cli.d.ts +3 -1
- package/dist/plugins/pipelines/aws/scanfix/aws-cli.d.ts.map +1 -1
- package/dist/plugins/pipelines/aws/scanfix/aws-cli.js +17 -7
- package/dist/plugins/pipelines/aws/scanfix/aws-cli.js.map +1 -1
- package/dist/plugins/pipelines/aws/scanfix/credentials.d.ts +1 -1
- package/dist/plugins/pipelines/aws/scanfix/credentials.d.ts.map +1 -1
- package/dist/plugins/pipelines/aws/scanfix/credentials.js +27 -73
- package/dist/plugins/pipelines/aws/scanfix/credentials.js.map +1 -1
- package/dist/plugins/pipelines/aws/scanfix/db-replication.d.ts +1 -4
- package/dist/plugins/pipelines/aws/scanfix/db-replication.d.ts.map +1 -1
- package/dist/plugins/pipelines/aws/scanfix/db-replication.js +9 -39
- package/dist/plugins/pipelines/aws/scanfix/db-replication.js.map +1 -1
- package/dist/plugins/pipelines/aws/scanfix/ec2.d.ts +1 -0
- package/dist/plugins/pipelines/aws/scanfix/ec2.d.ts.map +1 -1
- package/dist/plugins/pipelines/aws/scanfix/ec2.js +61 -110
- package/dist/plugins/pipelines/aws/scanfix/ec2.js.map +1 -1
- package/dist/plugins/pipelines/aws/scanfix/ecr.d.ts +1 -0
- package/dist/plugins/pipelines/aws/scanfix/ecr.d.ts.map +1 -1
- package/dist/plugins/pipelines/aws/scanfix/ecr.js +25 -34
- package/dist/plugins/pipelines/aws/scanfix/ecr.js.map +1 -1
- package/dist/plugins/pipelines/aws/scanfix/iam.d.ts +1 -0
- package/dist/plugins/pipelines/aws/scanfix/iam.d.ts.map +1 -1
- package/dist/plugins/pipelines/aws/scanfix/iam.js +35 -44
- package/dist/plugins/pipelines/aws/scanfix/iam.js.map +1 -1
- package/dist/plugins/pipelines/aws/scanfix/rds.d.ts +1 -0
- package/dist/plugins/pipelines/aws/scanfix/rds.d.ts.map +1 -1
- package/dist/plugins/pipelines/aws/scanfix/rds.js +39 -104
- package/dist/plugins/pipelines/aws/scanfix/rds.js.map +1 -1
- package/dist/plugins/pipelines/aws/scanfix/s3.d.ts +1 -0
- package/dist/plugins/pipelines/aws/scanfix/s3.d.ts.map +1 -1
- package/dist/plugins/pipelines/aws/scanfix/s3.js +44 -53
- package/dist/plugins/pipelines/aws/scanfix/s3.js.map +1 -1
- package/dist/plugins/pipelines/aws/scanfix/security-groups.d.ts +1 -0
- package/dist/plugins/pipelines/aws/scanfix/security-groups.d.ts.map +1 -1
- package/dist/plugins/pipelines/aws/scanfix/security-groups.js +80 -79
- package/dist/plugins/pipelines/aws/scanfix/security-groups.js.map +1 -1
- package/dist/plugins/pipelines/aws/scanfix/ses.d.ts +1 -0
- package/dist/plugins/pipelines/aws/scanfix/ses.d.ts.map +1 -1
- package/dist/plugins/pipelines/aws/scanfix/ses.js +28 -50
- package/dist/plugins/pipelines/aws/scanfix/ses.js.map +1 -1
- package/dist/plugins/pipelines/aws/scanfix/ssh-bridge.d.ts +17 -0
- package/dist/plugins/pipelines/aws/scanfix/ssh-bridge.d.ts.map +1 -0
- package/dist/plugins/pipelines/aws/scanfix/ssh-bridge.js +180 -0
- package/dist/plugins/pipelines/aws/scanfix/ssh-bridge.js.map +1 -0
- package/dist/plugins/pipelines/aws/scanfix/vpc.d.ts +1 -0
- package/dist/plugins/pipelines/aws/scanfix/vpc.d.ts.map +1 -1
- package/dist/plugins/pipelines/aws/scanfix/vpc.js +93 -94
- package/dist/plugins/pipelines/aws/scanfix/vpc.js.map +1 -1
- package/dist/plugins/pipelines/aws/utils/aws-helpers.d.ts +101 -28
- package/dist/plugins/pipelines/aws/utils/aws-helpers.d.ts.map +1 -1
- package/dist/plugins/pipelines/aws/utils/aws-helpers.js +428 -76
- package/dist/plugins/pipelines/aws/utils/aws-helpers.js.map +1 -1
- package/dist/plugins/pipelines/factiii/index.d.ts +11 -1
- package/dist/plugins/pipelines/factiii/index.d.ts.map +1 -1
- package/dist/plugins/pipelines/factiii/index.js +183 -33
- package/dist/plugins/pipelines/factiii/index.js.map +1 -1
- package/dist/plugins/pipelines/factiii/scanfix/config.d.ts +1 -1
- package/dist/plugins/pipelines/factiii/scanfix/config.js +4 -4
- package/dist/plugins/pipelines/factiii/scanfix/secrets.d.ts.map +1 -1
- package/dist/plugins/pipelines/factiii/scanfix/secrets.js +68 -8
- package/dist/plugins/pipelines/factiii/scanfix/secrets.js.map +1 -1
- package/dist/plugins/servers/mac/index.js +13 -13
- package/dist/plugins/servers/mac/staging.js +4 -4
- package/dist/scanfix/fixes/certbot.js +1 -1
- package/dist/scripts/validate-example-values.d.ts +1 -1
- package/dist/scripts/validate-example-values.js +6 -6
- package/dist/utils/config-helpers.d.ts +3 -0
- package/dist/utils/config-helpers.d.ts.map +1 -1
- package/dist/utils/config-helpers.js.map +1 -1
- package/dist/utils/secret-prompts.d.ts +5 -2
- package/dist/utils/secret-prompts.d.ts.map +1 -1
- package/dist/utils/secret-prompts.js +55 -32
- package/dist/utils/secret-prompts.js.map +1 -1
- package/dist/utils/template-generator.js +71 -71
- package/package.json +8 -1
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"iam.js","sourceRoot":"","sources":["../../../../../src/plugins/pipelines/aws/scanfix/iam.ts"],"names":[],"mappings":";AAAA
|
|
1
|
+
{"version":3,"file":"iam.js","sourceRoot":"","sources":["../../../../../src/plugins/pipelines/aws/scanfix/iam.ts"],"names":[],"mappings":";AAAA;;;;;;;GAOG;;;AAGH,4DAUiC;AAEjC;;GAEG;AACH,SAAS,YAAY,CAAC,WAAmB,EAAE,MAAc,EAAE,SAAiB;IAC1E,OAAO,IAAI,CAAC,SAAS,CAAC;QACpB,OAAO,EAAE,YAAY;QACrB,SAAS,EAAE;YACT;gBACE,GAAG,EAAE,aAAa;gBAClB,MAAM,EAAE,OAAO;gBACf,MAAM,EAAE;oBACN,2BAA2B;oBAC3B,mBAAmB;oBACnB,4BAA4B;oBAC5B,0BAA0B;oBAC1B,gBAAgB;iBACjB;gBACD,QAAQ,EAAE,cAAc,GAAG,MAAM,GAAG,GAAG,GAAG,SAAS,GAAG,cAAc,GAAG,WAAW;aACnF;YACD;gBACE,GAAG,EAAE,SAAS;gBACd,MAAM,EAAE,OAAO;gBACf,MAAM,EAAE,2BAA2B;gBACnC,QAAQ,EAAE,GAAG;aACd;YACD;gBACE,GAAG,EAAE,YAAY;gBACjB,MAAM,EAAE,OAAO;gBACf,MAAM,EAAE;oBACN,cAAc;oBACd,eAAe;iBAChB;gBACD,QAAQ,EAAE;oBACR,uBAAuB,GAAG,WAAW;oBACrC,uBAAuB,GAAG,WAAW,GAAG,IAAI;iBAC7C;aACF;YACD;gBACE,GAAG,EAAE,aAAa;gBAClB,MAAM,EAAE,OAAO;gBACf,MAAM,EAAE;oBACN,uBAAuB;oBACvB,kBAAkB;oBAClB,qBAAqB;oBACrB,4BAA4B;iBAC7B;gBACD,QAAQ,EAAE,GAAG;aACd;YACD;gBACE,GAAG,EAAE,aAAa;gBAClB,MAAM,EAAE,OAAO;gBACf,MAAM,EAAE;oBACN,yBAAyB;oBACzB,4BAA4B;iBAC7B;gBACD,QAAQ,EAAE,GAAG;aACd;SACF;KACF,CAAC,CAAC;AACL,CAAC;AAED;;GAEG;AACH,SAAS,aAAa,CAAC,WAAmB,EAAE,MAAc,EAAE,SAAiB;IAC3E,OAAO,IAAI,CAAC,SAAS,CAAC;QACpB,OAAO,EAAE,YAAY;QACrB,SAAS,EAAE;YACT;gBACE,GAAG,EAAE,eAAe;gBACpB,MAAM,EAAE,OAAO;gBACf,MAAM,EAAE,OAAO;gBACf,QAAQ,EAAE,cAAc,GAAG,MAAM,GAAG,GAAG,GAAG,SAAS,GAAG,cAAc,GAAG,WAAW;aACnF;YACD;gBACE,GAAG,EAAE,SAAS;gBACd,MAAM,EAAE,OAAO;gBACf,MAAM,EAAE,2BAA2B;gBACnC,QAAQ,EAAE,GAAG;aACd;YACD;gBACE,GAAG,EAAE,cAAc;gBACnB,MAAM,EAAE,OAAO;gBACf,MAAM,EAAE,MAAM;gBACd,QAAQ,EAAE;oBACR,uBAAuB,GAAG,WAAW;oBACrC,uBAAuB,GAAG,WAAW,GAAG,IAAI;iBAC7C;aACF;YACD;gBACE,GAAG,EAAE,eAAe;gBACpB,MAAM,EAAE,OAAO;gBACf,MAAM,EAAE;oBACN,uBAAuB;oBACvB,oBAAoB;oBACpB,mBAAmB;oBACnB,qBAAqB;oBACrB,kBAAkB;oBAClB,qBAAqB;oBACrB,4BAA4B;oBAC5B,uBAAuB;iBACxB;gBACD,QAAQ,EAAE,GAAG;aACd;YACD;gBACE,GAAG,EAAE,eAAe;gBACpB,MAAM,EAAE,OAAO;gBACf,MAAM,EAAE;oBACN,yBAAyB;oBACzB,qBAAqB;oBACrB,oBAAoB;oBACpB,sBAAsB;oBACtB,sBAAsB;oBACtB,yBAAyB;iBAC1B;gBACD,QAAQ,EAAE,GAAG;aACd;YACD;gBACE,GAAG,EAAE,eAAe;gBACpB,MAAM,EAAE,OAAO;gBACf,MAAM,EAAE,OAAO;gBACf,QAAQ,EAAE,GAAG;aACd;SACF;KACF,CAAC,CAAC;AACL,CAAC;AAEY,QAAA,QAAQ,GAAU;IAC7B;QACE,EAAE,EAAE,0BAA0B;QAC9B,KAAK,EAAE,SAAS;QAChB,QAAQ,EAAE,SAAS;QACnB,WAAW,EAAE,gDAAgD;QAC7D,IAAI,EAAE,KAAK,EAAE,MAAqB,EAAoB,EAAE;YACtD,IAAI,CAAC,IAAA,gCAAe,EAAC,MAAM,CAAC;gBAAE,OAAO,KAAK,CAAC;YAC3C,MAAM,EAAE,MAAM,EAAE,GAAG,IAAA,6BAAY,EAAC,MAAM,CAAC,CAAC;YACxC,MAAM,WAAW,GAAG,IAAA,+BAAc,EAAC,MAAM,CAAC,CAAC;YAC3C,OAAO,CAAC,CAAC,MAAM,IAAA,4BAAW,EAAC,UAAU,GAAG,WAAW,GAAG,MAAM,EAAE,MAAM,CAAC,CAAC,CAAC;QACzE,CAAC;QACD,GAAG,EAAE,KAAK,EAAE,MAAqB,EAAoB,EAAE;YACrD,MAAM,EAAE,MAAM,EAAE,GAAG,IAAA,6BAAY,EAAC,MAAM,CAAC,CAAC;YACxC,MAAM,WAAW,GAAG,IAAA,+BAAc,EAAC,MAAM,CAAC,CAAC;YAC3C,MAAM,QAAQ,GAAG,UAAU,GAAG,WAAW,GAAG,MAAM,CAAC;YAEnD,IAAI,CAAC;gBACH,MAAM,GAAG,GAAG,IAAA,6BAAY,EAAC,MAAM,CAAC,CAAC;gBAEjC,0BAA0B;gBAC1B,MAAM,SAAS,GAAG,MAAM,IAAA,gCAAe,EAAC,MAAM,CAAC,CAAC;gBAChD,IAAI,CAAC,SAAS,EAAE,CAAC;oBACf,OAAO,CAAC,GAAG,CAAC,iCAAiC,CAAC,CAAC;oBAC/C,OAAO,KAAK,CAAC;gBACf,CAAC;gBAED,kBAAkB;gBAClB,MAAM,GAAG,CAAC,IAAI,CAAC,IAAI,kCAAiB,CAAC,EAAE,QAAQ,EAAE,QAAQ,EAAE,CAAC,CAAC,CAAC;gBAC9D,OAAO,CAAC,GAAG,CAAC,uBAAuB,GAAG,QAAQ,CAAC,CAAC;gBAEhD,kCAAkC;gBAClC,MAAM,MAAM,GAAG,YAAY,CAAC,WAAW,EAAE,MAAM,EAAE,SAAS,CAAC,CAAC;gBAC5D,MAAM,GAAG,CAAC,IAAI,CAAC,IAAI,qCAAoB,CAAC;oBACtC,QAAQ,EAAE,QAAQ;oBAClB,UAAU,EAAE,UAAU,GAAG,WAAW,GAAG,aAAa;oBACpD,cAAc,EAAE,MAAM;iBACvB,CAAC,CAAC,CAAC;gBACJ,OAAO,CAAC,GAAG,CAAC,sDAAsD,CAAC,CAAC;gBAEpE,oBAAoB;gBACpB,MAAM,SAAS,GAAG,MAAM,GAAG,CAAC,IAAI,CAAC,IAAI,uCAAsB,CAAC,EAAE,QAAQ,EAAE,QAAQ,EAAE,CAAC,CAAC,CAAC;gBACrF,MAAM,WAAW,GAAG,SAAS,CAAC,SAAS,EAAE,WAAW,CAAC;gBACrD,MAAM,SAAS,GAAG,SAAS,CAAC,SAAS,EAAE,eAAe,CAAC;gBAEvD,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;gBAChB,OAAO,CAAC,GAAG,CAAC,mCAAmC,CAAC,CAAC;gBACjD,OAAO,CAAC,GAAG,CAAC,oBAAoB,GAAG,WAAW,CAAC,CAAC;gBAChD,OAAO,CAAC,GAAG,CAAC,wBAAwB,GAAG,SAAS,CAAC,CAAC;gBAClD,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;gBAChB,OAAO,CAAC,GAAG,CAAC,wDAAwD,CAAC,CAAC;gBAEtE,OAAO,IAAI,CAAC;YACd,CAAC;YAAC,OAAO,CAAC,EAAE,CAAC;gBACX,OAAO,CAAC,GAAG,CAAC,oCAAoC,GAAG,CAAC,CAAC,YAAY,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;gBACjG,OAAO,KAAK,CAAC;YACf,CAAC;QACH,CAAC;QACD,SAAS,EAAE,iEAAiE;KAC7E;IACD;QACE,EAAE,EAAE,2BAA2B;QAC/B,KAAK,EAAE,SAAS;QAChB,QAAQ,EAAE,SAAS;QACnB,WAAW,EAAE,kDAAkD;QAC/D,IAAI,EAAE,KAAK,EAAE,MAAqB,EAAoB,EAAE;YACtD,IAAI,CAAC,IAAA,gCAAe,EAAC,MAAM,CAAC;gBAAE,OAAO,KAAK,CAAC;YAC3C,MAAM,EAAE,MAAM,EAAE,GAAG,IAAA,6BAAY,EAAC,MAAM,CAAC,CAAC;YACxC,MAAM,WAAW,GAAG,IAAA,+BAAc,EAAC,MAAM,CAAC,CAAC;YAC3C,OAAO,CAAC,CAAC,MAAM,IAAA,4BAAW,EAAC,UAAU,GAAG,WAAW,GAAG,OAAO,EAAE,MAAM,CAAC,CAAC,CAAC;QAC1E,CAAC;QACD,GAAG,EAAE,KAAK,EAAE,MAAqB,EAAoB,EAAE;YACrD,MAAM,EAAE,MAAM,EAAE,GAAG,IAAA,6BAAY,EAAC,MAAM,CAAC,CAAC;YACxC,MAAM,WAAW,GAAG,IAAA,+BAAc,EAAC,MAAM,CAAC,CAAC;YAC3C,MAAM,QAAQ,GAAG,UAAU,GAAG,WAAW,GAAG,OAAO,CAAC;YAEpD,IAAI,CAAC;gBACH,MAAM,GAAG,GAAG,IAAA,6BAAY,EAAC,MAAM,CAAC,CAAC;gBAEjC,0BAA0B;gBAC1B,MAAM,SAAS,GAAG,MAAM,IAAA,gCAAe,EAAC,MAAM,CAAC,CAAC;gBAChD,IAAI,CAAC,SAAS,EAAE,CAAC;oBACf,OAAO,CAAC,GAAG,CAAC,iCAAiC,CAAC,CAAC;oBAC/C,OAAO,KAAK,CAAC;gBACf,CAAC;gBAED,kBAAkB;gBAClB,MAAM,GAAG,CAAC,IAAI,CAAC,IAAI,kCAAiB,CAAC,EAAE,QAAQ,EAAE,QAAQ,EAAE,CAAC,CAAC,CAAC;gBAC9D,OAAO,CAAC,GAAG,CAAC,uBAAuB,GAAG,QAAQ,CAAC,CAAC;gBAEhD,kCAAkC;gBAClC,MAAM,MAAM,GAAG,aAAa,CAAC,WAAW,EAAE,MAAM,EAAE,SAAS,CAAC,CAAC;gBAC7D,MAAM,GAAG,CAAC,IAAI,CAAC,IAAI,qCAAoB,CAAC;oBACtC,QAAQ,EAAE,QAAQ;oBAClB,UAAU,EAAE,UAAU,GAAG,WAAW,GAAG,cAAc;oBACrD,cAAc,EAAE,MAAM;iBACvB,CAAC,CAAC,CAAC;gBACJ,OAAO,CAAC,GAAG,CAAC,uDAAuD,CAAC,CAAC;gBAErE,oBAAoB;gBACpB,MAAM,SAAS,GAAG,MAAM,GAAG,CAAC,IAAI,CAAC,IAAI,uCAAsB,CAAC,EAAE,QAAQ,EAAE,QAAQ,EAAE,CAAC,CAAC,CAAC;gBACrF,MAAM,WAAW,GAAG,SAAS,CAAC,SAAS,EAAE,WAAW,CAAC;gBACrD,MAAM,SAAS,GAAG,SAAS,CAAC,SAAS,EAAE,eAAe,CAAC;gBAEvD,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;gBAChB,OAAO,CAAC,GAAG,CAAC,oCAAoC,CAAC,CAAC;gBAClD,OAAO,CAAC,GAAG,CAAC,oBAAoB,GAAG,WAAW,CAAC,CAAC;gBAChD,OAAO,CAAC,GAAG,CAAC,wBAAwB,GAAG,SAAS,CAAC,CAAC;gBAClD,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;gBAChB,OAAO,CAAC,GAAG,CAAC,wDAAwD,CAAC,CAAC;gBAEtE,OAAO,IAAI,CAAC;YACd,CAAC;YAAC,OAAO,CAAC,EAAE,CAAC;gBACX,OAAO,CAAC,GAAG,CAAC,qCAAqC,GAAG,CAAC,CAAC,YAAY,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;gBAClG,OAAO,KAAK,CAAC;YACf,CAAC;QACH,CAAC;QACD,SAAS,EAAE,wEAAwE;KACpF;CACF,CAAC"}
|
|
@@ -4,6 +4,7 @@
|
|
|
4
4
|
* Provisions RDS PostgreSQL 15 instance (db.t3.micro free tier).
|
|
5
5
|
* Creates DB subnet group from private subnets, launches instance with RDS SG.
|
|
6
6
|
* Stores DATABASE_URL in Ansible Vault.
|
|
7
|
+
* Uses AWS SDK v3.
|
|
7
8
|
*/
|
|
8
9
|
import type { Fix } from '../../../../types/index.js';
|
|
9
10
|
export declare const rdsFixes: Fix[];
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"rds.d.ts","sourceRoot":"","sources":["../../../../../src/plugins/pipelines/aws/scanfix/rds.ts"],"names":[],"mappings":"AAAA
|
|
1
|
+
{"version":3,"file":"rds.d.ts","sourceRoot":"","sources":["../../../../../src/plugins/pipelines/aws/scanfix/rds.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAEH,OAAO,KAAK,EAAiB,GAAG,EAAE,MAAM,4BAA4B,CAAC;AA6BrE,eAAO,MAAM,QAAQ,EAAE,GAAG,EA0KzB,CAAC"}
|
|
@@ -5,78 +5,11 @@
|
|
|
5
5
|
* Provisions RDS PostgreSQL 15 instance (db.t3.micro free tier).
|
|
6
6
|
* Creates DB subnet group from private subnets, launches instance with RDS SG.
|
|
7
7
|
* Stores DATABASE_URL in Ansible Vault.
|
|
8
|
+
* Uses AWS SDK v3.
|
|
8
9
|
*/
|
|
9
10
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
10
11
|
exports.rdsFixes = void 0;
|
|
11
12
|
const aws_helpers_js_1 = require("../utils/aws-helpers.js");
|
|
12
|
-
/**
|
|
13
|
-
* Find VPC by factiii:project tag
|
|
14
|
-
*/
|
|
15
|
-
function findVpc(projectName, region) {
|
|
16
|
-
const result = (0, aws_helpers_js_1.awsExecSafe)('aws ec2 describe-vpcs --filters "Name=tag:factiii:project,Values=' + projectName + '" --query "Vpcs[0].VpcId" --output text', region);
|
|
17
|
-
if (!result || result === 'None' || result === 'null')
|
|
18
|
-
return null;
|
|
19
|
-
return result.replace(/"/g, '');
|
|
20
|
-
}
|
|
21
|
-
/**
|
|
22
|
-
* Find all private subnets
|
|
23
|
-
*/
|
|
24
|
-
function findPrivateSubnets(projectName, region) {
|
|
25
|
-
const result = (0, aws_helpers_js_1.awsExecSafe)('aws ec2 describe-subnets --filters "Name=tag:factiii:project,Values=' + projectName + '" "Name=tag:factiii:subnet-type,Values=private" --query "Subnets[*].SubnetId" --output text', region);
|
|
26
|
-
if (!result || result === 'None' || result === 'null')
|
|
27
|
-
return [];
|
|
28
|
-
return result.split(/\s+/).filter(Boolean);
|
|
29
|
-
}
|
|
30
|
-
/**
|
|
31
|
-
* Find security group by name and VPC
|
|
32
|
-
*/
|
|
33
|
-
function findSecurityGroup(groupName, vpcId, region) {
|
|
34
|
-
const result = (0, aws_helpers_js_1.awsExecSafe)('aws ec2 describe-security-groups --filters "Name=group-name,Values=' + groupName + '" "Name=vpc-id,Values=' + vpcId + '" --query "SecurityGroups[0].GroupId" --output text', region);
|
|
35
|
-
if (!result || result === 'None' || result === 'null')
|
|
36
|
-
return null;
|
|
37
|
-
return result.replace(/"/g, '');
|
|
38
|
-
}
|
|
39
|
-
/**
|
|
40
|
-
* Check if DB subnet group exists
|
|
41
|
-
*/
|
|
42
|
-
function findDbSubnetGroup(groupName, region) {
|
|
43
|
-
const result = (0, aws_helpers_js_1.awsExecSafe)('aws rds describe-db-subnet-groups --db-subnet-group-name ' + groupName + ' --query "DBSubnetGroups[0].DBSubnetGroupName" --output text', region);
|
|
44
|
-
return !!result && result !== 'None' && result !== 'null';
|
|
45
|
-
}
|
|
46
|
-
/**
|
|
47
|
-
* Find RDS instance by identifier
|
|
48
|
-
*/
|
|
49
|
-
function findRdsInstance(dbInstanceId, region) {
|
|
50
|
-
const result = (0, aws_helpers_js_1.awsExecSafe)('aws rds describe-db-instances --db-instance-identifier ' + dbInstanceId, region);
|
|
51
|
-
if (!result)
|
|
52
|
-
return null;
|
|
53
|
-
try {
|
|
54
|
-
const parsed = JSON.parse(result);
|
|
55
|
-
const instance = parsed.DBInstances?.[0];
|
|
56
|
-
if (!instance)
|
|
57
|
-
return null;
|
|
58
|
-
return {
|
|
59
|
-
status: instance.DBInstanceStatus,
|
|
60
|
-
endpoint: instance.Endpoint?.Address ?? null,
|
|
61
|
-
};
|
|
62
|
-
}
|
|
63
|
-
catch {
|
|
64
|
-
return null;
|
|
65
|
-
}
|
|
66
|
-
}
|
|
67
|
-
/**
|
|
68
|
-
* Check if AWS is configured for this project
|
|
69
|
-
*/
|
|
70
|
-
function isAwsConfigured(config) {
|
|
71
|
-
if ((0, aws_helpers_js_1.isOnServer)())
|
|
72
|
-
return false;
|
|
73
|
-
if (config.aws)
|
|
74
|
-
return true;
|
|
75
|
-
// eslint-disable-next-line @typescript-eslint/no-require-imports
|
|
76
|
-
const { extractEnvironments } = require('../../../../utils/config-helpers.js');
|
|
77
|
-
const environments = extractEnvironments(config);
|
|
78
|
-
return Object.values(environments).some((e) => e.pipeline === 'aws');
|
|
79
|
-
}
|
|
80
13
|
/**
|
|
81
14
|
* Generate a random password for RDS
|
|
82
15
|
*/
|
|
@@ -97,29 +30,31 @@ exports.rdsFixes = [
|
|
|
97
30
|
severity: 'critical',
|
|
98
31
|
description: '🗃️ RDS DB subnet group not created (needs 2 AZs)',
|
|
99
32
|
scan: async (config) => {
|
|
100
|
-
if (!isAwsConfigured(config))
|
|
33
|
+
if (!(0, aws_helpers_js_1.isAwsConfigured)(config))
|
|
101
34
|
return false;
|
|
102
35
|
const { region } = (0, aws_helpers_js_1.getAwsConfig)(config);
|
|
103
36
|
const projectName = (0, aws_helpers_js_1.getProjectName)(config);
|
|
104
|
-
const privateSubnets = findPrivateSubnets(projectName, region);
|
|
37
|
+
const privateSubnets = await (0, aws_helpers_js_1.findPrivateSubnets)(projectName, region);
|
|
105
38
|
if (privateSubnets.length < 2)
|
|
106
|
-
return false;
|
|
107
|
-
return !findDbSubnetGroup('factiii-' + projectName, region);
|
|
39
|
+
return false;
|
|
40
|
+
return !(await (0, aws_helpers_js_1.findDbSubnetGroup)('factiii-' + projectName, region));
|
|
108
41
|
},
|
|
109
42
|
fix: async (config) => {
|
|
110
43
|
const { region } = (0, aws_helpers_js_1.getAwsConfig)(config);
|
|
111
44
|
const projectName = (0, aws_helpers_js_1.getProjectName)(config);
|
|
112
|
-
const privateSubnets = findPrivateSubnets(projectName, region);
|
|
45
|
+
const privateSubnets = await (0, aws_helpers_js_1.findPrivateSubnets)(projectName, region);
|
|
113
46
|
if (privateSubnets.length < 2) {
|
|
114
47
|
console.log(' Need at least 2 private subnets first');
|
|
115
48
|
return false;
|
|
116
49
|
}
|
|
117
50
|
try {
|
|
51
|
+
const rds = (0, aws_helpers_js_1.getRDSClient)(region);
|
|
118
52
|
const groupName = 'factiii-' + projectName;
|
|
119
|
-
(
|
|
120
|
-
|
|
121
|
-
'
|
|
122
|
-
|
|
53
|
+
await rds.send(new aws_helpers_js_1.CreateDBSubnetGroupCommand({
|
|
54
|
+
DBSubnetGroupName: groupName,
|
|
55
|
+
DBSubnetGroupDescription: 'Factiii DB subnet group for ' + projectName,
|
|
56
|
+
SubnetIds: privateSubnets,
|
|
57
|
+
}));
|
|
123
58
|
console.log(' Created DB subnet group: ' + groupName);
|
|
124
59
|
console.log(' Using subnets: ' + privateSubnets.join(', '));
|
|
125
60
|
return true;
|
|
@@ -137,50 +72,52 @@ exports.rdsFixes = [
|
|
|
137
72
|
severity: 'critical',
|
|
138
73
|
description: '🗃️ RDS PostgreSQL 15 instance not created (db.t3.micro)',
|
|
139
74
|
scan: async (config) => {
|
|
140
|
-
if (!isAwsConfigured(config))
|
|
75
|
+
if (!(0, aws_helpers_js_1.isAwsConfigured)(config))
|
|
141
76
|
return false;
|
|
142
77
|
const { region } = (0, aws_helpers_js_1.getAwsConfig)(config);
|
|
143
78
|
const projectName = (0, aws_helpers_js_1.getProjectName)(config);
|
|
144
79
|
const dbId = 'factiii-' + projectName + '-db';
|
|
145
|
-
return !findRdsInstance(dbId, region);
|
|
80
|
+
return !(await (0, aws_helpers_js_1.findRdsInstance)(dbId, region));
|
|
146
81
|
},
|
|
147
82
|
fix: async (config) => {
|
|
148
83
|
const { region } = (0, aws_helpers_js_1.getAwsConfig)(config);
|
|
149
84
|
const projectName = (0, aws_helpers_js_1.getProjectName)(config);
|
|
150
|
-
const vpcId = findVpc(projectName, region);
|
|
85
|
+
const vpcId = await (0, aws_helpers_js_1.findVpc)(projectName, region);
|
|
151
86
|
if (!vpcId) {
|
|
152
87
|
console.log(' VPC must be created first');
|
|
153
88
|
return false;
|
|
154
89
|
}
|
|
155
90
|
const subnetGroupName = 'factiii-' + projectName;
|
|
156
|
-
if (!findDbSubnetGroup(subnetGroupName, region)) {
|
|
91
|
+
if (!(await (0, aws_helpers_js_1.findDbSubnetGroup)(subnetGroupName, region))) {
|
|
157
92
|
console.log(' DB subnet group must be created first');
|
|
158
93
|
return false;
|
|
159
94
|
}
|
|
160
|
-
const rdsSgId = findSecurityGroup('factiii-' + projectName + '-rds', vpcId, region);
|
|
95
|
+
const rdsSgId = await (0, aws_helpers_js_1.findSecurityGroup)('factiii-' + projectName + '-rds', vpcId, region);
|
|
161
96
|
if (!rdsSgId) {
|
|
162
97
|
console.log(' RDS security group must be created first');
|
|
163
98
|
return false;
|
|
164
99
|
}
|
|
165
100
|
try {
|
|
101
|
+
const rds = (0, aws_helpers_js_1.getRDSClient)(region);
|
|
166
102
|
const dbId = 'factiii-' + projectName + '-db';
|
|
167
103
|
const dbName = projectName.replace(/[^a-zA-Z0-9]/g, '');
|
|
168
104
|
const masterUser = 'factiii';
|
|
169
105
|
const masterPassword = generateRdsPassword();
|
|
170
|
-
(
|
|
171
|
-
|
|
172
|
-
'
|
|
173
|
-
'
|
|
174
|
-
'
|
|
175
|
-
|
|
176
|
-
|
|
177
|
-
|
|
178
|
-
|
|
179
|
-
|
|
180
|
-
|
|
181
|
-
|
|
182
|
-
'
|
|
183
|
-
|
|
106
|
+
await rds.send(new aws_helpers_js_1.CreateDBInstanceCommand({
|
|
107
|
+
DBInstanceIdentifier: dbId,
|
|
108
|
+
DBInstanceClass: 'db.t3.micro',
|
|
109
|
+
Engine: 'postgres',
|
|
110
|
+
EngineVersion: '15',
|
|
111
|
+
AllocatedStorage: 20,
|
|
112
|
+
MasterUsername: masterUser,
|
|
113
|
+
MasterUserPassword: masterPassword,
|
|
114
|
+
DBName: dbName,
|
|
115
|
+
DBSubnetGroupName: subnetGroupName,
|
|
116
|
+
VpcSecurityGroupIds: [rdsSgId],
|
|
117
|
+
PubliclyAccessible: false,
|
|
118
|
+
StorageType: 'gp2',
|
|
119
|
+
BackupRetentionPeriod: 1,
|
|
120
|
+
}));
|
|
184
121
|
console.log(' Creating RDS instance: ' + dbId);
|
|
185
122
|
console.log(' Engine: PostgreSQL 15');
|
|
186
123
|
console.log(' Instance class: db.t3.micro (free tier eligible)');
|
|
@@ -211,14 +148,14 @@ exports.rdsFixes = [
|
|
|
211
148
|
severity: 'warning',
|
|
212
149
|
description: '⏳ RDS instance is not yet available (takes ~5-10 min)',
|
|
213
150
|
scan: async (config) => {
|
|
214
|
-
if (!isAwsConfigured(config))
|
|
151
|
+
if (!(0, aws_helpers_js_1.isAwsConfigured)(config))
|
|
215
152
|
return false;
|
|
216
153
|
const { region } = (0, aws_helpers_js_1.getAwsConfig)(config);
|
|
217
154
|
const projectName = (0, aws_helpers_js_1.getProjectName)(config);
|
|
218
155
|
const dbId = 'factiii-' + projectName + '-db';
|
|
219
|
-
const instance = findRdsInstance(dbId, region);
|
|
156
|
+
const instance = await (0, aws_helpers_js_1.findRdsInstance)(dbId, region);
|
|
220
157
|
if (!instance)
|
|
221
|
-
return false;
|
|
158
|
+
return false;
|
|
222
159
|
return instance.status !== 'available';
|
|
223
160
|
},
|
|
224
161
|
fix: null,
|
|
@@ -230,16 +167,14 @@ exports.rdsFixes = [
|
|
|
230
167
|
severity: 'info',
|
|
231
168
|
description: '🗃️ Cannot verify RDS connectivity from EC2 (pg_isready not found)',
|
|
232
169
|
scan: async (config) => {
|
|
233
|
-
if (!isAwsConfigured(config))
|
|
170
|
+
if (!(0, aws_helpers_js_1.isAwsConfigured)(config))
|
|
234
171
|
return false;
|
|
235
172
|
const { region } = (0, aws_helpers_js_1.getAwsConfig)(config);
|
|
236
173
|
const projectName = (0, aws_helpers_js_1.getProjectName)(config);
|
|
237
174
|
const dbId = 'factiii-' + projectName + '-db';
|
|
238
|
-
const instance = findRdsInstance(dbId, region);
|
|
175
|
+
const instance = await (0, aws_helpers_js_1.findRdsInstance)(dbId, region);
|
|
239
176
|
if (!instance || instance.status !== 'available' || !instance.endpoint)
|
|
240
177
|
return false;
|
|
241
|
-
// Check if pg_isready is available on EC2 via SSH
|
|
242
|
-
// This scan runs on the dev machine, so we check via SSH
|
|
243
178
|
// eslint-disable-next-line @typescript-eslint/no-require-imports
|
|
244
179
|
const { extractEnvironments } = require('../../../../utils/config-helpers.js');
|
|
245
180
|
const environments = extractEnvironments(config);
|
|
@@ -253,7 +188,7 @@ exports.rdsFixes = [
|
|
|
253
188
|
return result.includes('pg_isready not found') || result.includes('no response');
|
|
254
189
|
}
|
|
255
190
|
catch {
|
|
256
|
-
return false;
|
|
191
|
+
return false;
|
|
257
192
|
}
|
|
258
193
|
},
|
|
259
194
|
fix: null,
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"rds.js","sourceRoot":"","sources":["../../../../../src/plugins/pipelines/aws/scanfix/rds.ts"],"names":[],"mappings":";AAAA
|
|
1
|
+
{"version":3,"file":"rds.js","sourceRoot":"","sources":["../../../../../src/plugins/pipelines/aws/scanfix/rds.ts"],"names":[],"mappings":";AAAA;;;;;;;GAOG;;;AAGH,4DAYiC;AAEjC;;GAEG;AACH,SAAS,mBAAmB;IAC1B,MAAM,KAAK,GAAG,gEAAgE,CAAC;IAC/E,IAAI,QAAQ,GAAG,EAAE,CAAC;IAClB,MAAM,MAAM,GAAG,OAAO,CAAC,QAAQ,CAA4B,CAAC;IAC5D,MAAM,KAAK,GAAG,MAAM,CAAC,WAAW,CAAC,EAAE,CAAC,CAAC;IACrC,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,EAAE,EAAE,CAAC,EAAE,EAAE,CAAC;QAC5B,QAAQ,IAAI,KAAK,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,GAAG,KAAK,CAAC,MAAM,CAAC,CAAC;IACpD,CAAC;IACD,OAAO,QAAQ,CAAC;AAClB,CAAC;AAEY,QAAA,QAAQ,GAAU;IAC7B;QACE,EAAE,EAAE,8BAA8B;QAClC,KAAK,EAAE,MAAM;QACb,QAAQ,EAAE,UAAU;QACpB,WAAW,EAAE,mDAAmD;QAChE,IAAI,EAAE,KAAK,EAAE,MAAqB,EAAoB,EAAE;YACtD,IAAI,CAAC,IAAA,gCAAe,EAAC,MAAM,CAAC;gBAAE,OAAO,KAAK,CAAC;YAC3C,MAAM,EAAE,MAAM,EAAE,GAAG,IAAA,6BAAY,EAAC,MAAM,CAAC,CAAC;YACxC,MAAM,WAAW,GAAG,IAAA,+BAAc,EAAC,MAAM,CAAC,CAAC;YAC3C,MAAM,cAAc,GAAG,MAAM,IAAA,mCAAkB,EAAC,WAAW,EAAE,MAAM,CAAC,CAAC;YACrE,IAAI,cAAc,CAAC,MAAM,GAAG,CAAC;gBAAE,OAAO,KAAK,CAAC;YAC5C,OAAO,CAAC,CAAC,MAAM,IAAA,kCAAiB,EAAC,UAAU,GAAG,WAAW,EAAE,MAAM,CAAC,CAAC,CAAC;QACtE,CAAC;QACD,GAAG,EAAE,KAAK,EAAE,MAAqB,EAAoB,EAAE;YACrD,MAAM,EAAE,MAAM,EAAE,GAAG,IAAA,6BAAY,EAAC,MAAM,CAAC,CAAC;YACxC,MAAM,WAAW,GAAG,IAAA,+BAAc,EAAC,MAAM,CAAC,CAAC;YAC3C,MAAM,cAAc,GAAG,MAAM,IAAA,mCAAkB,EAAC,WAAW,EAAE,MAAM,CAAC,CAAC;YACrE,IAAI,cAAc,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;gBAC9B,OAAO,CAAC,GAAG,CAAC,0CAA0C,CAAC,CAAC;gBACxD,OAAO,KAAK,CAAC;YACf,CAAC;YAED,IAAI,CAAC;gBACH,MAAM,GAAG,GAAG,IAAA,6BAAY,EAAC,MAAM,CAAC,CAAC;gBACjC,MAAM,SAAS,GAAG,UAAU,GAAG,WAAW,CAAC;gBAE3C,MAAM,GAAG,CAAC,IAAI,CAAC,IAAI,2CAA0B,CAAC;oBAC5C,iBAAiB,EAAE,SAAS;oBAC5B,wBAAwB,EAAE,8BAA8B,GAAG,WAAW;oBACtE,SAAS,EAAE,cAAc;iBAC1B,CAAC,CAAC,CAAC;gBACJ,OAAO,CAAC,GAAG,CAAC,8BAA8B,GAAG,SAAS,CAAC,CAAC;gBACxD,OAAO,CAAC,GAAG,CAAC,oBAAoB,GAAG,cAAc,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC;gBAC9D,OAAO,IAAI,CAAC;YACd,CAAC;YAAC,OAAO,CAAC,EAAE,CAAC;gBACX,OAAO,CAAC,GAAG,CAAC,uCAAuC,GAAG,CAAC,CAAC,YAAY,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;gBACpG,OAAO,KAAK,CAAC;YACf,CAAC;QACH,CAAC;QACD,SAAS,EAAE,iEAAiE;KAC7E;IACD;QACE,EAAE,EAAE,0BAA0B;QAC9B,KAAK,EAAE,MAAM;QACb,QAAQ,EAAE,UAAU;QACpB,WAAW,EAAE,0DAA0D;QACvE,IAAI,EAAE,KAAK,EAAE,MAAqB,EAAoB,EAAE;YACtD,IAAI,CAAC,IAAA,gCAAe,EAAC,MAAM,CAAC;gBAAE,OAAO,KAAK,CAAC;YAC3C,MAAM,EAAE,MAAM,EAAE,GAAG,IAAA,6BAAY,EAAC,MAAM,CAAC,CAAC;YACxC,MAAM,WAAW,GAAG,IAAA,+BAAc,EAAC,MAAM,CAAC,CAAC;YAC3C,MAAM,IAAI,GAAG,UAAU,GAAG,WAAW,GAAG,KAAK,CAAC;YAC9C,OAAO,CAAC,CAAC,MAAM,IAAA,gCAAe,EAAC,IAAI,EAAE,MAAM,CAAC,CAAC,CAAC;QAChD,CAAC;QACD,GAAG,EAAE,KAAK,EAAE,MAAqB,EAAoB,EAAE;YACrD,MAAM,EAAE,MAAM,EAAE,GAAG,IAAA,6BAAY,EAAC,MAAM,CAAC,CAAC;YACxC,MAAM,WAAW,GAAG,IAAA,+BAAc,EAAC,MAAM,CAAC,CAAC;YAC3C,MAAM,KAAK,GAAG,MAAM,IAAA,wBAAO,EAAC,WAAW,EAAE,MAAM,CAAC,CAAC;YACjD,IAAI,CAAC,KAAK,EAAE,CAAC;gBACX,OAAO,CAAC,GAAG,CAAC,8BAA8B,CAAC,CAAC;gBAC5C,OAAO,KAAK,CAAC;YACf,CAAC;YAED,MAAM,eAAe,GAAG,UAAU,GAAG,WAAW,CAAC;YACjD,IAAI,CAAC,CAAC,MAAM,IAAA,kCAAiB,EAAC,eAAe,EAAE,MAAM,CAAC,CAAC,EAAE,CAAC;gBACxD,OAAO,CAAC,GAAG,CAAC,0CAA0C,CAAC,CAAC;gBACxD,OAAO,KAAK,CAAC;YACf,CAAC;YAED,MAAM,OAAO,GAAG,MAAM,IAAA,kCAAiB,EAAC,UAAU,GAAG,WAAW,GAAG,MAAM,EAAE,KAAK,EAAE,MAAM,CAAC,CAAC;YAC1F,IAAI,CAAC,OAAO,EAAE,CAAC;gBACb,OAAO,CAAC,GAAG,CAAC,6CAA6C,CAAC,CAAC;gBAC3D,OAAO,KAAK,CAAC;YACf,CAAC;YAED,IAAI,CAAC;gBACH,MAAM,GAAG,GAAG,IAAA,6BAAY,EAAC,MAAM,CAAC,CAAC;gBACjC,MAAM,IAAI,GAAG,UAAU,GAAG,WAAW,GAAG,KAAK,CAAC;gBAC9C,MAAM,MAAM,GAAG,WAAW,CAAC,OAAO,CAAC,eAAe,EAAE,EAAE,CAAC,CAAC;gBACxD,MAAM,UAAU,GAAG,SAAS,CAAC;gBAC7B,MAAM,cAAc,GAAG,mBAAmB,EAAE,CAAC;gBAE7C,MAAM,GAAG,CAAC,IAAI,CAAC,IAAI,wCAAuB,CAAC;oBACzC,oBAAoB,EAAE,IAAI;oBAC1B,eAAe,EAAE,aAAa;oBAC9B,MAAM,EAAE,UAAU;oBAClB,aAAa,EAAE,IAAI;oBACnB,gBAAgB,EAAE,EAAE;oBACpB,cAAc,EAAE,UAAU;oBAC1B,kBAAkB,EAAE,cAAc;oBAClC,MAAM,EAAE,MAAM;oBACd,iBAAiB,EAAE,eAAe;oBAClC,mBAAmB,EAAE,CAAC,OAAO,CAAC;oBAC9B,kBAAkB,EAAE,KAAK;oBACzB,WAAW,EAAE,KAAK;oBAClB,qBAAqB,EAAE,CAAC;iBACzB,CAAC,CAAC,CAAC;gBAEJ,OAAO,CAAC,GAAG,CAAC,4BAA4B,GAAG,IAAI,CAAC,CAAC;gBACjD,OAAO,CAAC,GAAG,CAAC,0BAA0B,CAAC,CAAC;gBACxC,OAAO,CAAC,GAAG,CAAC,qDAAqD,CAAC,CAAC;gBACnE,OAAO,CAAC,GAAG,CAAC,uBAAuB,CAAC,CAAC;gBACrC,OAAO,CAAC,GAAG,CAAC,oBAAoB,GAAG,MAAM,CAAC,CAAC;gBAC3C,OAAO,CAAC,GAAG,CAAC,kBAAkB,GAAG,UAAU,CAAC,CAAC;gBAC7C,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;gBAChB,OAAO,CAAC,GAAG,CAAC,uCAAuC,CAAC,CAAC;gBACrD,OAAO,CAAC,GAAG,CAAC,sBAAsB,GAAG,cAAc,CAAC,CAAC;gBACrD,OAAO,CAAC,GAAG,CAAC,gCAAgC,GAAG,UAAU,GAAG,GAAG,GAAG,cAAc,GAAG,mBAAmB,GAAG,MAAM,CAAC,CAAC;gBACjH,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;gBAChB,OAAO,CAAC,GAAG,CAAC,0DAA0D,CAAC,CAAC;gBACxE,OAAO,CAAC,GAAG,CAAC,iDAAiD,CAAC,CAAC;gBAC/D,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;gBAChB,OAAO,CAAC,GAAG,CAAC,oEAAoE,CAAC,CAAC;gBAElF,OAAO,IAAI,CAAC;YACd,CAAC;YAAC,OAAO,CAAC,EAAE,CAAC;gBACX,OAAO,CAAC,GAAG,CAAC,oCAAoC,GAAG,CAAC,CAAC,YAAY,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;gBACjG,OAAO,KAAK,CAAC;YACf,CAAC;QACH,CAAC;QACD,SAAS,EAAE,uHAAuH;KACnI;IACD;QACE,EAAE,EAAE,uBAAuB;QAC3B,KAAK,EAAE,MAAM;QACb,QAAQ,EAAE,SAAS;QACnB,WAAW,EAAE,uDAAuD;QACpE,IAAI,EAAE,KAAK,EAAE,MAAqB,EAAoB,EAAE;YACtD,IAAI,CAAC,IAAA,gCAAe,EAAC,MAAM,CAAC;gBAAE,OAAO,KAAK,CAAC;YAC3C,MAAM,EAAE,MAAM,EAAE,GAAG,IAAA,6BAAY,EAAC,MAAM,CAAC,CAAC;YACxC,MAAM,WAAW,GAAG,IAAA,+BAAc,EAAC,MAAM,CAAC,CAAC;YAC3C,MAAM,IAAI,GAAG,UAAU,GAAG,WAAW,GAAG,KAAK,CAAC;YAC9C,MAAM,QAAQ,GAAG,MAAM,IAAA,gCAAe,EAAC,IAAI,EAAE,MAAM,CAAC,CAAC;YACrD,IAAI,CAAC,QAAQ;gBAAE,OAAO,KAAK,CAAC;YAC5B,OAAO,QAAQ,CAAC,MAAM,KAAK,WAAW,CAAC;QACzC,CAAC;QACD,GAAG,EAAE,IAAI;QACT,SAAS,EAAE,wMAAwM;KACpN;IACD;QACE,EAAE,EAAE,yBAAyB;QAC7B,KAAK,EAAE,MAAM;QACb,QAAQ,EAAE,MAAM;QAChB,WAAW,EAAE,oEAAoE;QACjF,IAAI,EAAE,KAAK,EAAE,MAAqB,EAAoB,EAAE;YACtD,IAAI,CAAC,IAAA,gCAAe,EAAC,MAAM,CAAC;gBAAE,OAAO,KAAK,CAAC;YAC3C,MAAM,EAAE,MAAM,EAAE,GAAG,IAAA,6BAAY,EAAC,MAAM,CAAC,CAAC;YACxC,MAAM,WAAW,GAAG,IAAA,+BAAc,EAAC,MAAM,CAAC,CAAC;YAC3C,MAAM,IAAI,GAAG,UAAU,GAAG,WAAW,GAAG,KAAK,CAAC;YAC9C,MAAM,QAAQ,GAAG,MAAM,IAAA,gCAAe,EAAC,IAAI,EAAE,MAAM,CAAC,CAAC;YACrD,IAAI,CAAC,QAAQ,IAAI,QAAQ,CAAC,MAAM,KAAK,WAAW,IAAI,CAAC,QAAQ,CAAC,QAAQ;gBAAE,OAAO,KAAK,CAAC;YAErF,iEAAiE;YACjE,MAAM,EAAE,mBAAmB,EAAE,GAAG,OAAO,CAAC,qCAAqC,CAAC,CAAC;YAC/E,MAAM,YAAY,GAAG,mBAAmB,CAAC,MAAM,CAAC,CAAC;YACjD,MAAM,OAAO,GAAG,YAAY,CAAC,IAAI,IAAI,YAAY,CAAC,UAAU,CAAC;YAC7D,IAAI,CAAC,OAAO,EAAE,MAAM;gBAAE,OAAO,KAAK,CAAC;YAEnC,IAAI,CAAC;gBACH,iEAAiE;gBACjE,MAAM,EAAE,OAAO,EAAE,GAAG,OAAO,CAAC,iCAAiC,CAAC,CAAC;gBAC/D,MAAM,MAAM,GAAG,MAAM,OAAO,CAAC,OAAO,EAAE,gDAAgD,GAAG,QAAQ,CAAC,QAAQ,GAAG,8CAA8C,CAAC,CAAC;gBAC7J,OAAO,MAAM,CAAC,QAAQ,CAAC,sBAAsB,CAAC,IAAI,MAAM,CAAC,QAAQ,CAAC,aAAa,CAAC,CAAC;YACnF,CAAC;YAAC,MAAM,CAAC;gBACP,OAAO,KAAK,CAAC;YACf,CAAC;QACH,CAAC;QACD,GAAG,EAAE,IAAI;QACT,SAAS,EAAE,uIAAuI;KACnJ;CACF,CAAC"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"s3.d.ts","sourceRoot":"","sources":["../../../../../src/plugins/pipelines/aws/scanfix/s3.ts"],"names":[],"mappings":"AAAA
|
|
1
|
+
{"version":3,"file":"s3.d.ts","sourceRoot":"","sources":["../../../../../src/plugins/pipelines/aws/scanfix/s3.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH,OAAO,KAAK,EAAiB,GAAG,EAAE,MAAM,4BAA4B,CAAC;AAcrE,eAAO,MAAM,OAAO,EAAE,GAAG,EAqHxB,CAAC"}
|
|
@@ -4,38 +4,11 @@
|
|
|
4
4
|
*
|
|
5
5
|
* Provisions S3 bucket with encryption and blocked public access.
|
|
6
6
|
* Configures CORS for the production domain.
|
|
7
|
+
* Uses AWS SDK v3.
|
|
7
8
|
*/
|
|
8
9
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
9
10
|
exports.s3Fixes = void 0;
|
|
10
11
|
const aws_helpers_js_1 = require("../utils/aws-helpers.js");
|
|
11
|
-
/**
|
|
12
|
-
* Check if S3 bucket exists
|
|
13
|
-
*/
|
|
14
|
-
function findBucket(bucketName, region) {
|
|
15
|
-
const result = (0, aws_helpers_js_1.awsExecSafe)('aws s3api head-bucket --bucket ' + bucketName, region);
|
|
16
|
-
// head-bucket returns empty on success, throws on failure
|
|
17
|
-
return result !== null;
|
|
18
|
-
}
|
|
19
|
-
/**
|
|
20
|
-
* Check if CORS is configured on bucket
|
|
21
|
-
*/
|
|
22
|
-
function hasCors(bucketName, region) {
|
|
23
|
-
const result = (0, aws_helpers_js_1.awsExecSafe)('aws s3api get-bucket-cors --bucket ' + bucketName, region);
|
|
24
|
-
return !!result && result !== 'null';
|
|
25
|
-
}
|
|
26
|
-
/**
|
|
27
|
-
* Check if AWS is configured for this project
|
|
28
|
-
*/
|
|
29
|
-
function isAwsConfigured(config) {
|
|
30
|
-
if ((0, aws_helpers_js_1.isOnServer)())
|
|
31
|
-
return false;
|
|
32
|
-
if (config.aws)
|
|
33
|
-
return true;
|
|
34
|
-
// eslint-disable-next-line @typescript-eslint/no-require-imports
|
|
35
|
-
const { extractEnvironments } = require('../../../../utils/config-helpers.js');
|
|
36
|
-
const environments = extractEnvironments(config);
|
|
37
|
-
return Object.values(environments).some((e) => e.pipeline === 'aws');
|
|
38
|
-
}
|
|
39
12
|
exports.s3Fixes = [
|
|
40
13
|
{
|
|
41
14
|
id: 'aws-s3-bucket-missing',
|
|
@@ -43,35 +16,52 @@ exports.s3Fixes = [
|
|
|
43
16
|
severity: 'warning',
|
|
44
17
|
description: '🪣 S3 bucket not created for file storage',
|
|
45
18
|
scan: async (config) => {
|
|
46
|
-
if (!isAwsConfigured(config))
|
|
19
|
+
if (!(0, aws_helpers_js_1.isAwsConfigured)(config))
|
|
47
20
|
return false;
|
|
48
21
|
const { region } = (0, aws_helpers_js_1.getAwsConfig)(config);
|
|
49
22
|
const projectName = (0, aws_helpers_js_1.getProjectName)(config);
|
|
50
23
|
const bucketName = 'factiii-' + projectName;
|
|
51
|
-
return !findBucket(bucketName, region);
|
|
24
|
+
return !(await (0, aws_helpers_js_1.findBucket)(bucketName, region));
|
|
52
25
|
},
|
|
53
26
|
fix: async (config) => {
|
|
54
27
|
const { region } = (0, aws_helpers_js_1.getAwsConfig)(config);
|
|
55
28
|
const projectName = (0, aws_helpers_js_1.getProjectName)(config);
|
|
56
29
|
const bucketName = 'factiii-' + projectName;
|
|
57
30
|
try {
|
|
31
|
+
const s3 = (0, aws_helpers_js_1.getS3Client)(region);
|
|
58
32
|
// Create bucket (us-east-1 doesn't need LocationConstraint)
|
|
59
33
|
if (region === 'us-east-1') {
|
|
60
|
-
(
|
|
34
|
+
await s3.send(new aws_helpers_js_1.CreateBucketCommand({ Bucket: bucketName }));
|
|
61
35
|
}
|
|
62
36
|
else {
|
|
63
|
-
(
|
|
64
|
-
|
|
37
|
+
await s3.send(new aws_helpers_js_1.CreateBucketCommand({
|
|
38
|
+
Bucket: bucketName,
|
|
39
|
+
CreateBucketConfiguration: { LocationConstraint: region },
|
|
40
|
+
}));
|
|
65
41
|
}
|
|
66
42
|
console.log(' Created S3 bucket: ' + bucketName);
|
|
67
43
|
// Block all public access
|
|
68
|
-
(
|
|
69
|
-
|
|
44
|
+
await s3.send(new aws_helpers_js_1.PutPublicAccessBlockCommand({
|
|
45
|
+
Bucket: bucketName,
|
|
46
|
+
PublicAccessBlockConfiguration: {
|
|
47
|
+
BlockPublicAcls: true,
|
|
48
|
+
IgnorePublicAcls: true,
|
|
49
|
+
BlockPublicPolicy: true,
|
|
50
|
+
RestrictPublicBuckets: true,
|
|
51
|
+
},
|
|
52
|
+
}));
|
|
70
53
|
console.log(' Blocked all public access');
|
|
71
54
|
// Enable server-side encryption (AES-256)
|
|
72
|
-
(
|
|
73
|
-
|
|
74
|
-
|
|
55
|
+
await s3.send(new aws_helpers_js_1.PutBucketEncryptionCommand({
|
|
56
|
+
Bucket: bucketName,
|
|
57
|
+
ServerSideEncryptionConfiguration: {
|
|
58
|
+
Rules: [{
|
|
59
|
+
ApplyServerSideEncryptionByDefault: {
|
|
60
|
+
SSEAlgorithm: 'AES256',
|
|
61
|
+
},
|
|
62
|
+
}],
|
|
63
|
+
},
|
|
64
|
+
}));
|
|
75
65
|
console.log(' Enabled AES-256 encryption');
|
|
76
66
|
return true;
|
|
77
67
|
}
|
|
@@ -88,40 +78,41 @@ exports.s3Fixes = [
|
|
|
88
78
|
severity: 'info',
|
|
89
79
|
description: '🪣 S3 bucket CORS not configured for production domain',
|
|
90
80
|
scan: async (config) => {
|
|
91
|
-
if (!isAwsConfigured(config))
|
|
81
|
+
if (!(0, aws_helpers_js_1.isAwsConfigured)(config))
|
|
92
82
|
return false;
|
|
93
83
|
const { region } = (0, aws_helpers_js_1.getAwsConfig)(config);
|
|
94
84
|
const projectName = (0, aws_helpers_js_1.getProjectName)(config);
|
|
95
85
|
const bucketName = 'factiii-' + projectName;
|
|
96
|
-
if (!findBucket(bucketName, region))
|
|
86
|
+
if (!(await (0, aws_helpers_js_1.findBucket)(bucketName, region)))
|
|
97
87
|
return false;
|
|
98
|
-
return !hasCors(bucketName, region);
|
|
88
|
+
return !(await (0, aws_helpers_js_1.hasCors)(bucketName, region));
|
|
99
89
|
},
|
|
100
90
|
fix: async (config) => {
|
|
101
91
|
const { region } = (0, aws_helpers_js_1.getAwsConfig)(config);
|
|
102
92
|
const projectName = (0, aws_helpers_js_1.getProjectName)(config);
|
|
103
93
|
const bucketName = 'factiii-' + projectName;
|
|
104
|
-
// Get production domain for CORS
|
|
105
94
|
// eslint-disable-next-line @typescript-eslint/no-require-imports
|
|
106
95
|
const { extractEnvironments } = require('../../../../utils/config-helpers.js');
|
|
107
96
|
const environments = extractEnvironments(config);
|
|
108
97
|
const prodEnv = environments.prod ?? environments.production;
|
|
109
98
|
const domain = prodEnv?.domain;
|
|
110
|
-
if (!domain || domain.startsWith('
|
|
99
|
+
if (!domain || domain.startsWith('EXAMPLE_')) {
|
|
111
100
|
console.log(' Set production domain in stack.yml first');
|
|
112
101
|
return false;
|
|
113
102
|
}
|
|
114
103
|
try {
|
|
115
|
-
const
|
|
116
|
-
|
|
117
|
-
|
|
118
|
-
|
|
119
|
-
|
|
120
|
-
|
|
121
|
-
|
|
122
|
-
|
|
123
|
-
|
|
124
|
-
|
|
104
|
+
const s3 = (0, aws_helpers_js_1.getS3Client)(region);
|
|
105
|
+
await s3.send(new aws_helpers_js_1.PutBucketCorsCommand({
|
|
106
|
+
Bucket: bucketName,
|
|
107
|
+
CORSConfiguration: {
|
|
108
|
+
CORSRules: [{
|
|
109
|
+
AllowedHeaders: ['*'],
|
|
110
|
+
AllowedMethods: ['GET', 'PUT', 'POST', 'DELETE'],
|
|
111
|
+
AllowedOrigins: ['https://' + domain],
|
|
112
|
+
MaxAgeSeconds: 3600,
|
|
113
|
+
}],
|
|
114
|
+
},
|
|
115
|
+
}));
|
|
125
116
|
console.log(' Configured CORS for https://' + domain);
|
|
126
117
|
return true;
|
|
127
118
|
}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"s3.js","sourceRoot":"","sources":["../../../../../src/plugins/pipelines/aws/scanfix/s3.ts"],"names":[],"mappings":";AAAA
|
|
1
|
+
{"version":3,"file":"s3.js","sourceRoot":"","sources":["../../../../../src/plugins/pipelines/aws/scanfix/s3.ts"],"names":[],"mappings":";AAAA;;;;;;GAMG;;;AAGH,4DAWiC;AAEpB,QAAA,OAAO,GAAU;IAC5B;QACE,EAAE,EAAE,uBAAuB;QAC3B,KAAK,EAAE,MAAM;QACb,QAAQ,EAAE,SAAS;QACnB,WAAW,EAAE,2CAA2C;QACxD,IAAI,EAAE,KAAK,EAAE,MAAqB,EAAoB,EAAE;YACtD,IAAI,CAAC,IAAA,gCAAe,EAAC,MAAM,CAAC;gBAAE,OAAO,KAAK,CAAC;YAC3C,MAAM,EAAE,MAAM,EAAE,GAAG,IAAA,6BAAY,EAAC,MAAM,CAAC,CAAC;YACxC,MAAM,WAAW,GAAG,IAAA,+BAAc,EAAC,MAAM,CAAC,CAAC;YAC3C,MAAM,UAAU,GAAG,UAAU,GAAG,WAAW,CAAC;YAC5C,OAAO,CAAC,CAAC,MAAM,IAAA,2BAAU,EAAC,UAAU,EAAE,MAAM,CAAC,CAAC,CAAC;QACjD,CAAC;QACD,GAAG,EAAE,KAAK,EAAE,MAAqB,EAAoB,EAAE;YACrD,MAAM,EAAE,MAAM,EAAE,GAAG,IAAA,6BAAY,EAAC,MAAM,CAAC,CAAC;YACxC,MAAM,WAAW,GAAG,IAAA,+BAAc,EAAC,MAAM,CAAC,CAAC;YAC3C,MAAM,UAAU,GAAG,UAAU,GAAG,WAAW,CAAC;YAE5C,IAAI,CAAC;gBACH,MAAM,EAAE,GAAG,IAAA,4BAAW,EAAC,MAAM,CAAC,CAAC;gBAE/B,4DAA4D;gBAC5D,IAAI,MAAM,KAAK,WAAW,EAAE,CAAC;oBAC3B,MAAM,EAAE,CAAC,IAAI,CAAC,IAAI,oCAAmB,CAAC,EAAE,MAAM,EAAE,UAAU,EAAE,CAAC,CAAC,CAAC;gBACjE,CAAC;qBAAM,CAAC;oBACN,MAAM,EAAE,CAAC,IAAI,CAAC,IAAI,oCAAmB,CAAC;wBACpC,MAAM,EAAE,UAAU;wBAClB,yBAAyB,EAAE,EAAE,kBAAkB,EAAE,MAAa,EAAE;qBACjE,CAAC,CAAC,CAAC;gBACN,CAAC;gBACD,OAAO,CAAC,GAAG,CAAC,wBAAwB,GAAG,UAAU,CAAC,CAAC;gBAEnD,0BAA0B;gBAC1B,MAAM,EAAE,CAAC,IAAI,CAAC,IAAI,4CAA2B,CAAC;oBAC5C,MAAM,EAAE,UAAU;oBAClB,8BAA8B,EAAE;wBAC9B,eAAe,EAAE,IAAI;wBACrB,gBAAgB,EAAE,IAAI;wBACtB,iBAAiB,EAAE,IAAI;wBACvB,qBAAqB,EAAE,IAAI;qBAC5B;iBACF,CAAC,CAAC,CAAC;gBACJ,OAAO,CAAC,GAAG,CAAC,8BAA8B,CAAC,CAAC;gBAE5C,0CAA0C;gBAC1C,MAAM,EAAE,CAAC,IAAI,CAAC,IAAI,2CAA0B,CAAC;oBAC3C,MAAM,EAAE,UAAU;oBAClB,iCAAiC,EAAE;wBACjC,KAAK,EAAE,CAAC;gCACN,kCAAkC,EAAE;oCAClC,YAAY,EAAE,QAAQ;iCACvB;6BACF,CAAC;qBACH;iBACF,CAAC,CAAC,CAAC;gBACJ,OAAO,CAAC,GAAG,CAAC,+BAA+B,CAAC,CAAC;gBAE7C,OAAO,IAAI,CAAC;YACd,CAAC;YAAC,OAAO,CAAC,EAAE,CAAC;gBACX,OAAO,CAAC,GAAG,CAAC,iCAAiC,GAAG,CAAC,CAAC,YAAY,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;gBAC9F,OAAO,KAAK,CAAC;YACf,CAAC;QACH,CAAC;QACD,SAAS,EAAE,4DAA4D;KACxE;IACD;QACE,EAAE,EAAE,qBAAqB;QACzB,KAAK,EAAE,MAAM;QACb,QAAQ,EAAE,MAAM;QAChB,WAAW,EAAE,wDAAwD;QACrE,IAAI,EAAE,KAAK,EAAE,MAAqB,EAAoB,EAAE;YACtD,IAAI,CAAC,IAAA,gCAAe,EAAC,MAAM,CAAC;gBAAE,OAAO,KAAK,CAAC;YAC3C,MAAM,EAAE,MAAM,EAAE,GAAG,IAAA,6BAAY,EAAC,MAAM,CAAC,CAAC;YACxC,MAAM,WAAW,GAAG,IAAA,+BAAc,EAAC,MAAM,CAAC,CAAC;YAC3C,MAAM,UAAU,GAAG,UAAU,GAAG,WAAW,CAAC;YAC5C,IAAI,CAAC,CAAC,MAAM,IAAA,2BAAU,EAAC,UAAU,EAAE,MAAM,CAAC,CAAC;gBAAE,OAAO,KAAK,CAAC;YAC1D,OAAO,CAAC,CAAC,MAAM,IAAA,wBAAO,EAAC,UAAU,EAAE,MAAM,CAAC,CAAC,CAAC;QAC9C,CAAC;QACD,GAAG,EAAE,KAAK,EAAE,MAAqB,EAAoB,EAAE;YACrD,MAAM,EAAE,MAAM,EAAE,GAAG,IAAA,6BAAY,EAAC,MAAM,CAAC,CAAC;YACxC,MAAM,WAAW,GAAG,IAAA,+BAAc,EAAC,MAAM,CAAC,CAAC;YAC3C,MAAM,UAAU,GAAG,UAAU,GAAG,WAAW,CAAC;YAE5C,iEAAiE;YACjE,MAAM,EAAE,mBAAmB,EAAE,GAAG,OAAO,CAAC,qCAAqC,CAAC,CAAC;YAC/E,MAAM,YAAY,GAAG,mBAAmB,CAAC,MAAM,CAAC,CAAC;YACjD,MAAM,OAAO,GAAG,YAAY,CAAC,IAAI,IAAI,YAAY,CAAC,UAAU,CAAC;YAC7D,MAAM,MAAM,GAAG,OAAO,EAAE,MAAM,CAAC;YAE/B,IAAI,CAAC,MAAM,IAAI,MAAM,CAAC,UAAU,CAAC,UAAU,CAAC,EAAE,CAAC;gBAC7C,OAAO,CAAC,GAAG,CAAC,6CAA6C,CAAC,CAAC;gBAC3D,OAAO,KAAK,CAAC;YACf,CAAC;YAED,IAAI,CAAC;gBACH,MAAM,EAAE,GAAG,IAAA,4BAAW,EAAC,MAAM,CAAC,CAAC;gBAE/B,MAAM,EAAE,CAAC,IAAI,CAAC,IAAI,qCAAoB,CAAC;oBACrC,MAAM,EAAE,UAAU;oBAClB,iBAAiB,EAAE;wBACjB,SAAS,EAAE,CAAC;gCACV,cAAc,EAAE,CAAC,GAAG,CAAC;gCACrB,cAAc,EAAE,CAAC,KAAK,EAAE,KAAK,EAAE,MAAM,EAAE,QAAQ,CAAC;gCAChD,cAAc,EAAE,CAAC,UAAU,GAAG,MAAM,CAAC;gCACrC,aAAa,EAAE,IAAI;6BACpB,CAAC;qBACH;iBACF,CAAC,CAAC,CAAC;gBACJ,OAAO,CAAC,GAAG,CAAC,iCAAiC,GAAG,MAAM,CAAC,CAAC;gBACxD,OAAO,IAAI,CAAC;YACd,CAAC;YAAC,OAAO,CAAC,EAAE,CAAC;gBACX,OAAO,CAAC,GAAG,CAAC,+BAA+B,GAAG,CAAC,CAAC,YAAY,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;gBAC5F,OAAO,KAAK,CAAC;YACf,CAAC;QACH,CAAC;QACD,SAAS,EAAE,iEAAiE;KAC7E;CACF,CAAC"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"security-groups.d.ts","sourceRoot":"","sources":["../../../../../src/plugins/pipelines/aws/scanfix/security-groups.ts"],"names":[],"mappings":"AAAA
|
|
1
|
+
{"version":3,"file":"security-groups.d.ts","sourceRoot":"","sources":["../../../../../src/plugins/pipelines/aws/scanfix/security-groups.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAEH,OAAO,KAAK,EAAiB,GAAG,EAAE,MAAM,4BAA4B,CAAC;AAcrE,eAAO,MAAM,kBAAkB,EAAE,GAAG,EA6NnC,CAAC"}
|