cdk-insights 0.4.6 → 0.4.7-beta.0

package/dist/cli/entry.js

@@ -78757,6 +78757,107 @@ var recordCacheSet = () => {
   saveCacheStats();
 };
 
+// src/helpers/serviceSelection/serviceSelection.ts
+var SPECIFIC_SERVICE_NAMES = [
+  "IAM",
+  "S3",
+  "Lambda",
+  "DynamoDB",
+  "RDS",
+  "EC2",
+  "SNS",
+  "SQS",
+  "StepFunctions",
+  "CloudTrail",
+  "ApiGateway",
+  "SecretsManager",
+  "KMS",
+  "EventBridge"
+];
+var SERVICE_NAME_TO_CHECK_KEYS = {
+  IAM: ["iamPolicies"],
+  S3: ["s3Buckets", "s3IntelligentTiering"],
+  Lambda: ["lambdaEnvironmentVariables", "lambdaMemory"],
+  DynamoDB: ["dynamoDBAutoScaling", "dynamoDBStreams"],
+  RDS: ["rdsEncryption", "rdsMultiAZ"],
+  EC2: ["ec2InstanceType", "natGatewayUsage", "securityGroups", "ebsUnusedVolumes"],
+  SNS: ["sns"],
+  SQS: ["sqs"],
+  StepFunctions: ["stepFunctions"],
+  CloudTrail: ["cloudTrailLogging"],
+  ApiGateway: ["apiGateway"],
+  SecretsManager: ["secretsManager"],
+  KMS: ["kmsKeys"],
+  EventBridge: ["eventBridgeRules"]
+};
+var CHECK_KEY_TO_SERVICE_NAME = Object.entries(
+  SERVICE_NAME_TO_CHECK_KEYS
+).reduce((acc, [service, keys]) => {
+  for (const key of keys) {
+    acc[key] = service;
+  }
+  return acc;
+}, {});
+var dedupe = (items) => {
+  const seen = /* @__PURE__ */ new Set();
+  const result = [];
+  for (const item of items) {
+    if (seen.has(item)) {
+      continue;
+    }
+    seen.add(item);
+    result.push(item);
+  }
+  return result;
+};
+var normalizeServiceSelection = (services) => {
+  if (!services || services.length === 0) {
+    return {
+      services: ["All services"],
+      removedAllServices: false,
+      defaultedToAll: true
+    };
+  }
+  const uniqueServices = dedupe(services);
+  const hasAllServices = uniqueServices.includes("All services");
+  const specificServices = uniqueServices.filter(
+    (service) => service !== "All services"
+  );
+  if (hasAllServices && specificServices.length > 0) {
+    return {
+      services: specificServices,
+      removedAllServices: true,
+      defaultedToAll: false
+    };
+  }
+  return {
+    services: hasAllServices ? ["All services"] : uniqueServices,
+    removedAllServices: false,
+    defaultedToAll: false
+  };
+};
+var mapServicesToCheckKeys = (services, allCheckKeys) => {
+  if (services.length === 0 || services.includes("All services")) {
+    return dedupe(allCheckKeys);
+  }
+  const resolvedKeys = services.flatMap((service) => {
+    if (service === "All services") {
+      return allCheckKeys;
+    }
+    return SERVICE_NAME_TO_CHECK_KEYS[service] ?? [];
+  });
+  return dedupe(resolvedKeys);
+};
+var getServiceLabelForCheckKey = (checkKey) => {
+  return CHECK_KEY_TO_SERVICE_NAME[checkKey];
+};
+var isServiceName = (value) => {
+  if (value === "All services") {
+    return true;
+  }
+  return SPECIFIC_SERVICE_NAMES.includes(value);
+};
+
 // node_modules/axios/lib/helpers/bind.js
 function bind(fn, thisArg) {
   return function wrap2() {
@@ -90323,25 +90424,6 @@ var memoizedServiceChecks = memoize(createAWSServiceChecks, {
   // 10 minutes
   maxSize: 10
 });
-var getServiceCheckKeys = (serviceName) => {
-  const serviceMapping = {
-    "Lambda": ["lambdaEnvironmentVariables", "lambdaMemory"],
-    "S3": ["s3Buckets", "s3IntelligentTiering"],
-    "DynamoDB": ["dynamoDBAutoScaling", "dynamoDBStreams"],
-    "RDS": ["rdsEncryption", "rdsMultiAZ"],
-    "EC2": ["ec2InstanceType", "natGatewayUsage", "securityGroups", "ebsUnusedVolumes"],
-    "IAM": ["iamPolicies"],
-    "SNS": ["sns"],
-    "SQS": ["sqs"],
-    "StepFunctions": ["stepFunctions"],
-    "CloudTrail": ["cloudTrailLogging"],
-    "ApiGateway": ["apiGateway"],
-    "SecretsManager": ["secretsManager"],
-    "KMS": ["kmsKeys"],
-    "EventBridge": ["eventBridgeRules"]
-  };
-  return serviceMapping[serviceName] || [serviceName];
-};
 var createResourceFilter = (selectedServices) => {
   if (selectedServices.includes("All services")) {
     return (cloudFormationResource) => !cloudFormationResource.Type.startsWith("AWS::CDK::");
@@ -90358,13 +90440,16 @@ var createResourceFilter = (selectedServices) => {
 };
 var runStaticAnalysis = (cloudformationTemplate, createFinding2, selectedServices = [], solutionsRegistry = {}) => {
   const serviceChecks = memoizedServiceChecks();
-  const allServiceKeys = Object.keys(serviceChecks);
-  const servicesToAnalyze = selectedServices.length > 0 && !selectedServices.includes("All services") ? selectedServices : allServiceKeys.filter(
+  const allServiceKeys = Object.keys(serviceChecks).filter(
     (serviceKey) => serviceKey !== "solutionsPatterns"
   );
-  const isAllServices = selectedServices.includes("All services") || selectedServices.length === 0;
+  const { services: normalizedServices } = normalizeServiceSelection(selectedServices);
+  const servicesToAnalyze = mapServicesToCheckKeys(
+    normalizedServices,
+    allServiceKeys
+  );
   const analysisFindings = {};
-  const resourceFilter = createResourceFilter(selectedServices);
+  const resourceFilter = createResourceFilter(normalizedServices);
   const userResources = Object.entries(cloudformationTemplate.Resources || {}).filter(
     ([, cloudFormationResource]) => resourceFilter(cloudFormationResource)
   ).reduce(
@@ -90374,37 +90459,36 @@ var runStaticAnalysis = (cloudformationTemplate, createFinding2, selectedService
     },
     {}
   );
-  for (const serviceName of servicesToAnalyze) {
-    const checkKeys = isAllServices ? [serviceName] : getServiceCheckKeys(serviceName);
-    for (const checkKey of checkKeys) {
-      try {
-        const serviceCheckFunction = serviceChecks[checkKey];
-        if (typeof serviceCheckFunction !== "function") {
-          if (checkKeys.indexOf(checkKey) === checkKeys.length - 1) {
-            analysisLogger.warn(
-              `\u26A0\uFE0F Service check function for ${serviceName} is not available`
-            );
-          }
-          continue;
-        }
-        const typedServiceCheckFunction = serviceCheckFunction;
-        const serviceAnalysisResult = typedServiceCheckFunction(
-          { Resources: userResources },
-          createFinding2
+  for (const checkKey of servicesToAnalyze) {
+    try {
+      const serviceCheckFunction = serviceChecks[checkKey];
+      if (typeof serviceCheckFunction !== "function") {
+        const serviceLabel = getServiceLabelForCheckKey(checkKey) ?? checkKey;
+        analysisLogger.warn(
+          `\u26A0\uFE0F Service check function for ${serviceLabel} (${checkKey}) is not available`
         );
-        for (const [resourceName, resourceFindings] of Object.entries(
-          serviceAnalysisResult
-        )) {
-          if (!analysisFindings[resourceName]) {
-            analysisFindings[resourceName] = { issues: [] };
-          }
-          analysisFindings[resourceName].issues.push(...resourceFindings.issues);
-        }
-      } catch (analysisError) {
-        analysisLogger.warn(`\u26A0\uFE0F Error in ${serviceName} analysis (${checkKey})`, {
-          error: analysisError instanceof Error ? analysisError.message : String(analysisError)
-        });
+        continue;
       }
+      const serviceAnalysisResult = serviceCheckFunction(
+        { Resources: userResources },
+        createFinding2
+      );
+      for (const [resourceName, resourceFindings] of Object.entries(
+        serviceAnalysisResult
+      )) {
+        if (!analysisFindings[resourceName]) {
+          analysisFindings[resourceName] = { issues: [] };
+        }
+        analysisFindings[resourceName].issues.push(...resourceFindings.issues);
+      }
+    } catch (analysisError) {
+      const serviceLabel = getServiceLabelForCheckKey(checkKey) ?? checkKey;
+      analysisLogger.warn(
+        `\u26A0\uFE0F Error in ${serviceLabel} analysis (${checkKey})`,
+        {
+          error: analysisError instanceof Error ? analysisError.message : String(analysisError)
+        }
+      );
     }
   }
   if (Object.keys(solutionsRegistry).length > 0) {
@@ -94079,6 +94163,12 @@ var validateServices = (services) => {
   }
   return [];
 };
+var validateServiceNames = (services) => {
+  const parsed = validateServices(services);
+  return parsed.map((service) => service.trim()).filter(Boolean).map(
+    (service) => service.toLowerCase() === "all" ? "All services" : service
+  ).filter((service) => isServiceName(service));
+};
 var validateCacheConfig = (cache3) => {
   if (!cache3 || typeof cache3 !== "object" || Array.isArray(cache3)) {
     return DEFAULT_CONFIG.cache;
@@ -94132,7 +94222,7 @@ var mergeConfigWithArgs = (config2, cliArgs) => {
     output: validatedOutput,
     format: validatedOutput,
     // Keep format in sync with output
-    services: validateServices(
+    services: validateServiceNames(
       cliArgs.services ?? config2.services ?? DEFAULT_CONFIG.services
     ),
     withIssue,
@@ -94202,9 +94292,9 @@ var validateConfig = (config2) => {
     );
   }
   if (Array.isArray(raw.services)) {
-    validated.services = raw.services.filter(
-      (s3) => typeof s3 === "string"
-    );
+    validated.services = raw.services.filter((s3) => typeof s3 === "string").map(
+      (service) => service.toLowerCase() === "all" ? "All services" : service
+    ).filter((service) => isServiceName(service));
   }
   if (typeof raw.withIssue === "boolean") {
     validated.withIssue = raw.withIssue;
@@ -94571,12 +94661,14 @@ async function runStackAnalysis(finalConfig, fingerprint, authToken, licenseInfo
       throw refreshError;
     }
   } : void 0;
-  let selectedServices = finalConfig.services && finalConfig.services.length > 0 ? finalConfig.services : ["All services"];
-  const hasAllServices = selectedServices.includes("All services");
-  const hasOtherServices = selectedServices.some((s3) => s3 !== "All services");
-  if (hasAllServices && hasOtherServices) {
-    selectedServices = selectedServices.filter((s3) => s3 !== "All services");
-    cliLogger.debug(`Services normalization: removed "All services", using: ${selectedServices.join(", ")}`);
+  const serviceSelection = normalizeServiceSelection(finalConfig.services);
+  const selectedServices = serviceSelection.services;
+  if (serviceSelection.removedAllServices) {
+    cliLogger.debug(
+      `Services normalization: removed "All services", using: ${selectedServices.join(", ")}`
+    );
+  } else if (serviceSelection.defaultedToAll) {
+    cliLogger.debug('Services normalization: defaulting to "All services"');
   }
   const analysisConfig = {
     stacks,
@@ -94719,14 +94811,6 @@ var analyzeCommand = {
       if (isInteractive2 && !initialConfig.yes) {
         const answers = await promptForConfig(initialConfig, stackChoices);
         finalConfig = { ...initialConfig, ...answers };
-        if (finalConfig.services && finalConfig.services.length > 0) {
-          const hasAllServices = finalConfig.services.includes("All services");
-          const hasOtherServices = finalConfig.services.some((s3) => s3 !== "All services");
-          if (hasAllServices && hasOtherServices) {
-            finalConfig.services = finalConfig.services.filter((s3) => s3 !== "All services");
-            cliLogger.debug(`Normalized services: removed "All services", using specific services: ${finalConfig.services.join(", ")}`);
-          }
-        }
       }
       if (finalConfig.all) {
         finalConfig.stackName = "All stacks";
@@ -95107,7 +95191,14 @@ var handleConfigSetup = async () => {
       `Services to scan (comma-separated, or "all") [${cfg.services?.join(",") || "all"}]: `
     );
     if (services.trim()) {
-      cfg.services = services.trim().toLowerCase() === "all" ? [] : services.trim().split(",").map((s3) => s3.trim());
+      if (services.trim().toLowerCase() === "all") {
+        cfg.services = [];
+      } else {
+        const parsedServices = services.trim().split(",").map((s3) => s3.trim()).map(
+          (service) => service.toLowerCase() === "all" ? "All services" : service
+        ).filter((service) => isServiceName(service));
+        cfg.services = parsedServices;
+      }
     }
     console.log("\n\u{1F4BE} Cache configuration:");
     const cacheEnabled = await question(

package/dist/cli/types/cli.types.d.ts

@@ -6,7 +6,7 @@ export interface AnalyzeCommandArgs {
     withIssue?: boolean;
     output?: string;
     all?: boolean;
-    services?: string[];
+    services?: ServiceName[];
     format?: string;
     yes?: boolean;
     reset?: boolean;

package/dist/helpers/serviceSelection/serviceSelection.d.ts

@@ -0,0 +1,10 @@
+import type { ServiceCheckKey, ServiceName, SpecificServiceName } from '../../types/analysis.types';
+export declare const SPECIFIC_SERVICE_NAMES: readonly ["IAM", "S3", "Lambda", "DynamoDB", "RDS", "EC2", "SNS", "SQS", "StepFunctions", "CloudTrail", "ApiGateway", "SecretsManager", "KMS", "EventBridge"];
+export declare const normalizeServiceSelection: (services?: ServiceName[]) => {
+    services: ServiceName[];
+    removedAllServices: boolean;
+    defaultedToAll: boolean;
+};
+export declare const mapServicesToCheckKeys: (services: ServiceName[], allCheckKeys: ServiceCheckKey[]) => ServiceCheckKey[];
+export declare const getServiceLabelForCheckKey: (checkKey: ServiceCheckKey) => SpecificServiceName | undefined;
+export declare const isServiceName: (value: string) => value is ServiceName;

package/dist/helpers/serviceSelection/serviceSelection.test.d.ts

@@ -0,0 +1 @@
+export {};

package/dist/index.js

@@ -54682,6 +54682,85 @@ var memoize = (functionToMemoize, options = {}) => {
   };
 };
 
+// src/helpers/serviceSelection/serviceSelection.ts
+var SERVICE_NAME_TO_CHECK_KEYS = {
+  IAM: ["iamPolicies"],
+  S3: ["s3Buckets", "s3IntelligentTiering"],
+  Lambda: ["lambdaEnvironmentVariables", "lambdaMemory"],
+  DynamoDB: ["dynamoDBAutoScaling", "dynamoDBStreams"],
+  RDS: ["rdsEncryption", "rdsMultiAZ"],
+  EC2: ["ec2InstanceType", "natGatewayUsage", "securityGroups", "ebsUnusedVolumes"],
+  SNS: ["sns"],
+  SQS: ["sqs"],
+  StepFunctions: ["stepFunctions"],
+  CloudTrail: ["cloudTrailLogging"],
+  ApiGateway: ["apiGateway"],
+  SecretsManager: ["secretsManager"],
+  KMS: ["kmsKeys"],
+  EventBridge: ["eventBridgeRules"]
+};
+var CHECK_KEY_TO_SERVICE_NAME = Object.entries(
+  SERVICE_NAME_TO_CHECK_KEYS
+).reduce((acc, [service, keys]) => {
+  for (const key of keys) {
+    acc[key] = service;
+  }
+  return acc;
+}, {});
+var dedupe = (items) => {
+  const seen = /* @__PURE__ */ new Set();
+  const result = [];
+  for (const item of items) {
+    if (seen.has(item)) {
+      continue;
+    }
+    seen.add(item);
+    result.push(item);
+  }
+  return result;
+};
+var normalizeServiceSelection = (services) => {
+  if (!services || services.length === 0) {
+    return {
+      services: ["All services"],
+      removedAllServices: false,
+      defaultedToAll: true
+    };
+  }
+  const uniqueServices = dedupe(services);
+  const hasAllServices = uniqueServices.includes("All services");
+  const specificServices = uniqueServices.filter(
+    (service) => service !== "All services"
+  );
+  if (hasAllServices && specificServices.length > 0) {
+    return {
+      services: specificServices,
+      removedAllServices: true,
+      defaultedToAll: false
+    };
+  }
+  return {
+    services: hasAllServices ? ["All services"] : uniqueServices,
+    removedAllServices: false,
+    defaultedToAll: false
+  };
+};
+var mapServicesToCheckKeys = (services, allCheckKeys) => {
+  if (services.length === 0 || services.includes("All services")) {
+    return dedupe(allCheckKeys);
+  }
+  const resolvedKeys = services.flatMap((service) => {
+    if (service === "All services") {
+      return allCheckKeys;
+    }
+    return SERVICE_NAME_TO_CHECK_KEYS[service] ?? [];
+  });
+  return dedupe(resolvedKeys);
+};
+var getServiceLabelForCheckKey = (checkKey) => {
+  return CHECK_KEY_TO_SERVICE_NAME[checkKey];
+};
+
 // src/shared/logger.ts
 var import_strogger = __toESM(require_dist());
 var isDevelopment = process.env.NODE_ENV === "development";
@@ -54729,25 +54808,6 @@ var memoizedServiceChecks = memoize(createAWSServiceChecks, {
   // 10 minutes
   maxSize: 10
 });
-var getServiceCheckKeys = (serviceName) => {
-  const serviceMapping = {
-    "Lambda": ["lambdaEnvironmentVariables", "lambdaMemory"],
-    "S3": ["s3Buckets", "s3IntelligentTiering"],
-    "DynamoDB": ["dynamoDBAutoScaling", "dynamoDBStreams"],
-    "RDS": ["rdsEncryption", "rdsMultiAZ"],
-    "EC2": ["ec2InstanceType", "natGatewayUsage", "securityGroups", "ebsUnusedVolumes"],
-    "IAM": ["iamPolicies"],
-    "SNS": ["sns"],
-    "SQS": ["sqs"],
-    "StepFunctions": ["stepFunctions"],
-    "CloudTrail": ["cloudTrailLogging"],
-    "ApiGateway": ["apiGateway"],
-    "SecretsManager": ["secretsManager"],
-    "KMS": ["kmsKeys"],
-    "EventBridge": ["eventBridgeRules"]
-  };
-  return serviceMapping[serviceName] || [serviceName];
-};
 var createResourceFilter = (selectedServices) => {
   if (selectedServices.includes("All services")) {
     return (cloudFormationResource) => !cloudFormationResource.Type.startsWith("AWS::CDK::");
@@ -54764,13 +54824,16 @@ var createResourceFilter = (selectedServices) => {
 };
 var runStaticAnalysis = (cloudformationTemplate, createFinding2, selectedServices = [], solutionsRegistry = {}) => {
   const serviceChecks = memoizedServiceChecks();
-  const allServiceKeys = Object.keys(serviceChecks);
-  const servicesToAnalyze = selectedServices.length > 0 && !selectedServices.includes("All services") ? selectedServices : allServiceKeys.filter(
+  const allServiceKeys = Object.keys(serviceChecks).filter(
     (serviceKey) => serviceKey !== "solutionsPatterns"
   );
-  const isAllServices = selectedServices.includes("All services") || selectedServices.length === 0;
+  const { services: normalizedServices } = normalizeServiceSelection(selectedServices);
+  const servicesToAnalyze = mapServicesToCheckKeys(
+    normalizedServices,
+    allServiceKeys
+  );
   const analysisFindings = {};
-  const resourceFilter = createResourceFilter(selectedServices);
+  const resourceFilter = createResourceFilter(normalizedServices);
   const userResources = Object.entries(cloudformationTemplate.Resources || {}).filter(
     ([, cloudFormationResource]) => resourceFilter(cloudFormationResource)
   ).reduce(
@@ -54780,37 +54843,36 @@ var runStaticAnalysis = (cloudformationTemplate, createFinding2, selectedService
     },
     {}
   );
-  for (const serviceName of servicesToAnalyze) {
-    const checkKeys = isAllServices ? [serviceName] : getServiceCheckKeys(serviceName);
-    for (const checkKey of checkKeys) {
-      try {
-        const serviceCheckFunction = serviceChecks[checkKey];
-        if (typeof serviceCheckFunction !== "function") {
-          if (checkKeys.indexOf(checkKey) === checkKeys.length - 1) {
-            analysisLogger.warn(
-              `\u26A0\uFE0F Service check function for ${serviceName} is not available`
-            );
-          }
-          continue;
-        }
-        const typedServiceCheckFunction = serviceCheckFunction;
-        const serviceAnalysisResult = typedServiceCheckFunction(
-          { Resources: userResources },
-          createFinding2
+  for (const checkKey of servicesToAnalyze) {
+    try {
+      const serviceCheckFunction = serviceChecks[checkKey];
+      if (typeof serviceCheckFunction !== "function") {
+        const serviceLabel = getServiceLabelForCheckKey(checkKey) ?? checkKey;
+        analysisLogger.warn(
+          `\u26A0\uFE0F Service check function for ${serviceLabel} (${checkKey}) is not available`
         );
-        for (const [resourceName, resourceFindings] of Object.entries(
-          serviceAnalysisResult
-        )) {
-          if (!analysisFindings[resourceName]) {
-            analysisFindings[resourceName] = { issues: [] };
-          }
-          analysisFindings[resourceName].issues.push(...resourceFindings.issues);
-        }
-      } catch (analysisError) {
-        analysisLogger.warn(`\u26A0\uFE0F Error in ${serviceName} analysis (${checkKey})`, {
-          error: analysisError instanceof Error ? analysisError.message : String(analysisError)
-        });
+        continue;
       }
+      const serviceAnalysisResult = serviceCheckFunction(
+        { Resources: userResources },
+        createFinding2
+      );
+      for (const [resourceName, resourceFindings] of Object.entries(
+        serviceAnalysisResult
+      )) {
+        if (!analysisFindings[resourceName]) {
+          analysisFindings[resourceName] = { issues: [] };
+        }
+        analysisFindings[resourceName].issues.push(...resourceFindings.issues);
+      }
+    } catch (analysisError) {
+      const serviceLabel = getServiceLabelForCheckKey(checkKey) ?? checkKey;
+      analysisLogger.warn(
+        `\u26A0\uFE0F Error in ${serviceLabel} analysis (${checkKey})`,
+        {
+          error: analysisError instanceof Error ? analysisError.message : String(analysisError)
+        }
+      );
     }
   }
   if (Object.keys(solutionsRegistry).length > 0) {

package/dist/types/analysis.types.d.ts

@@ -1,6 +1,8 @@
 import type { ConstructMetadata } from '../analysis/static/solutionConstructs/loadConstructMetadata';
 import type { AWSServiceChecks } from '../functions/factories/awsServices';
-export type ServiceName = Exclude<keyof AWSServiceChecks, 'solutionsPatterns'> | 'All services';
+export type ServiceCheckKey = Exclude<keyof AWSServiceChecks, 'solutionsPatterns'>;
+export type SpecificServiceName = 'IAM' | 'S3' | 'Lambda' | 'DynamoDB' | 'RDS' | 'EC2' | 'SNS' | 'SQS' | 'StepFunctions' | 'CloudTrail' | 'ApiGateway' | 'SecretsManager' | 'KMS' | 'EventBridge';
+export type ServiceName = 'All services' | SpecificServiceName;
 export type RunAnalysisTypes = {
     stacks: Record<string, CloudFormationStack>;
     inlineFindings: Issue[];

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "cdk-insights",
-  "version": "0.4.6",
+  "version": "0.4.7-beta.0",
   "description": "AWS CDK security and cost analysis tool with AI-powered insights",
   "main": "dist/index.js",
   "types": "dist/index.d.ts",