From 67dd49eea72148e851b7482f04944b9afc84cc3a Mon Sep 17 00:00:00 2001 From: abdullahaslam306 Date: Wed, 2 Aug 2023 15:11:29 +0500 Subject: [PATCH 01/18] acr log analytics --- exports.js | 1 + helpers/azure/api.js | 5 + .../acrLogAnalyticsEnabled.js | 68 ++++++++ .../acrLogAnalyticsEnabled.spec.js | 155 ++++++++++++++++++ 4 files changed, 229 insertions(+) create mode 100644 plugins/azure/containerregistry/acrLogAnalyticsEnabled.js create mode 100644 plugins/azure/containerregistry/acrLogAnalyticsEnabled.spec.js diff --git a/exports.js b/exports.js index dc043c2a53..c31e01ad8f 100644 --- a/exports.js +++ b/exports.js @@ -902,6 +902,7 @@ module.exports = { 'acrHasTags' : require(__dirname + '/plugins/azure/containerregistry/acrHasTags.js'), 'acrPublicAccess' : require(__dirname + '/plugins/azure/containerregistry/acrPublicAccess.js'), 'acrCMKEncryption' : require(__dirname + '/plugins/azure/containerregistry/acrCMKEncryption.js'), + 'acrLogAnalyticsEnabled' : require(__dirname + '/plugins/azure/containerregistry/acrLogAnalyticsEnabled.js'), 'endpointLoggingEnabled' : require(__dirname + '/plugins/azure/cdnprofiles/endpointLoggingEnabled.js'), 'detectInsecureCustomOrigin' : require(__dirname + '/plugins/azure/cdnprofiles/detectInsecureCustomOrigin.js'), diff --git a/helpers/azure/api.js b/helpers/azure/api.js index 4a656c8eb2..1cb27c6d6e 100644 --- a/helpers/azure/api.js +++ b/helpers/azure/api.js @@ -882,6 +882,11 @@ var tertiarycalls = { reliesOnPath: 'networkSecurityGroups.listAll', properties: ['id'], url: 'https://management.azure.com/{id}/providers/microsoft.insights/diagnosticSettings?api-version=2017-05-01-preview' + }, + listByContainerRegistries: { + reliesOnPath: 'registries.list', + properties: ['id'], + url: 'https://management.azure.com/{id}/providers/microsoft.insights/diagnosticSettings?api-version=2021-05-01-preview' } }, backupShortTermRetentionPolicies: { diff --git a/plugins/azure/containerregistry/acrLogAnalyticsEnabled.js b/plugins/azure/containerregistry/acrLogAnalyticsEnabled.js new file mode 100644 index 0000000000..64c8502569 --- /dev/null +++ b/plugins/azure/containerregistry/acrLogAnalyticsEnabled.js @@ -0,0 +1,68 @@ +const async = require('async'); +const helpers = require('../../../helpers/azure'); + +module.exports = { + title: 'ACR Log Analytics Enabled', + category: 'Container Registry', + domain: 'Containers', + description: 'Ensures that Azure Container registry logs are sent to the Log Analytics workspace.', + more_info: 'Access logs provide an audit trail of user activities and Azure management operations on the registry.', + recommended_action: 'Modify container registry and enable logs from diagnostic settings.', + link: 'https://learn.microsoft.com/en-us/azure/container-registry/monitor-service', + apis: ['registries:list', 'diagnosticSettings:listByContainerRegistries'], + + run: function(cache, settings, callback) { + const results = []; + const source = {}; + const locations = helpers.locations(settings.govcloud); + + async.each(locations.registries, (location, rcb) => { + const registries = helpers.addSource(cache, source, + ['registries', 'list', location]); + + if (!registries) return rcb(); + + if (registries.err || !registries.data) { + helpers.addResult(results, 3, + 'Unable to query for Container Registries: ' + helpers.addError(registries), location); + return rcb(); + } + + if (!registries.data.length) { + helpers.addResult(results, 0, 'No existing Container Registries found', location); + return rcb(); + } + + for (let registry of registries.data) { + const diagnosticSettings = helpers.addSource(cache, source, + ['diagnosticSettings', 'listByContainerRegistries', location, registry.id]); + + if (!diagnosticSettings || diagnosticSettings.err || !diagnosticSettings.data) { + helpers.addResult(results, 3, + 'Unable to query diagnostics settings: ' + helpers.addError(diagnosticSettings), location, registry.id); + continue; + } + + if (!diagnosticSettings.data.length) { + helpers.addResult(results, 2, 'No existing diagnostics settings', location, registry.id); + continue; + } + + var found = false; + diagnosticSettings.data.forEach(function(ds) { + if (ds.logs && ds.logs.length) found = true; + }); + + if (found) { + helpers.addResult(results, 0, 'Log Analytics enabled for ACR', location, registry.id); + } else { + helpers.addResult(results, 2, 'Log Analytics are not enabled for ACR', location, registry.id); + } + } + + rcb(); + }, function() { + callback(null, results, source); + }); + } +}; diff --git a/plugins/azure/containerregistry/acrLogAnalyticsEnabled.spec.js b/plugins/azure/containerregistry/acrLogAnalyticsEnabled.spec.js new file mode 100644 index 0000000000..a737cf8138 --- /dev/null +++ b/plugins/azure/containerregistry/acrLogAnalyticsEnabled.spec.js @@ -0,0 +1,155 @@ +var expect = require('chai').expect; +var acrLogAnalyticsEnabled = require('./acrLogAnalyticsEnabled'); + +const containerRegistries = [ + { + "id": "/subscriptions/ade0e01e-f9cd-49d3-bba7-d5a5362a3414/resourceGroups/devresourcegroup/providers/Microsoft.ContainerRegistry/registries/testregistry12543", + "name": "testregistry12543", + "type": "Microsoft.ContainerRegistry/registries", + "location": "eastus", + "tags": {}, + "sku": { + "name": "Basic", + "tier": "Basic" + }, + "loginServer": "testregistry12543.azurecr.io", + "creationDate": "2019-10-18T21:16:01.347Z", + "provisioningState": "Succeeded", + "adminUserEnabled": true, + "publicNetworkAccess": "Enabled" + } +]; + +const diagnosticSettings = [ + { + id: '/subscriptions/dce7d0ad-ebf6-437f-a3b0-28fc0d22117e/resourcegroups/devresourcegroup/providers/Microsoft.ContainerRegistry/registries/gio-test-events-1-nsg/providers/microsoft.insights/diagnosticSettings/gio-test-setting', + type: 'Microsoft.Insights/diagnosticSettings', + name: 'gio-test-setting', + location: 'eastus', + kind: null, + tags: null, + identity: null, + storageAccountId: null, + serviceBusRuleId: null, + workspaceId: '/subscriptions/dce7d0ad-ebf6-437f-a3b0-28fc0d22117e/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-dce7d0ad-ebf6-437f-a3b0-28fc0d22117e-eus', + eventHubAuthorizationRuleId: null, + eventHubName: null, + metrics: [], + logs: [ + { + category: 'NetworkSecurityGroupEvent', + categoryGroup: null, + enabled: true, + retentionPolicy: [Object] + }, + { + category: 'NetworkSecurityGroupRuleCounter', + categoryGroup: null, + enabled: true, + retentionPolicy: [Object] + } + ], + logAnalyticsDestinationType: null + }, + { + id: '/subscriptions/dce7d0ad-ebf6-437f-a3b0-28fc0d22117e/resourcegroups/deleteasap/providers/microsoft.network/networksecuritygroups/gio-test-events-1-nsg/providers/microsoft.insights/diagnosticSettings/gio-test-setting', + type: 'Microsoft.Insights/diagnosticSettings', + name: 'gio-test-setting', + location: 'eastus', + kind: null, + tags: null, + identity: null, + storageAccountId: null, + serviceBusRuleId: null, + workspaceId: '/subscriptions/dce7d0ad-ebf6-437f-a3b0-28fc0d22117e/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-dce7d0ad-ebf6-437f-a3b0-28fc0d22117e-eus', + eventHubAuthorizationRuleId: null, + eventHubName: null, + metrics: [], + logs: [], + logAnalyticsDestinationType: null + } +]; + + +const createCache = (listRegistries, diagnosticSetting) => { + let logs = {}; + if (listRegistries && listRegistries.length > 0) { + logs[listRegistries[0].id] = { + data: diagnosticSetting + }; + } + + return { + registries: { + list: { + 'eastus': { + data: listRegistries + } + } + }, + diagnosticSettings: { + listByContainerRegistries: { + 'eastus': logs + } + } + }; +}; + +describe('acrLogAnalyticsEnabled', function() { + describe('run', function() { + it('should give passing result if No existing container registry found', function(done) { + const cache = createCache([], []); + acrLogAnalyticsEnabled.run(cache, {}, (err, results) => { + expect(results.length).to.equal(1); + expect(results[0].status).to.equal(0); + expect(results[0].message).to.include('No existing Container Registries found'); + expect(results[0].region).to.equal('eastus'); + done(); + }); + }); + + it('should give Failing result if No existing diagnostics settings', function(done) { + const cache = createCache([containerRegistries[0]],[]); + acrLogAnalyticsEnabled.run(cache, {}, (err, results) => { + expect(results.length).to.equal(1); + expect(results[0].status).to.equal(2); + expect(results[0].message).to.include('No existing diagnostics settings'); + expect(results[0].region).to.equal('eastus'); + done(); + }); + }); + + it('should give unknown result if Unable to query for container registry Groups', function(done) { + const cache = createCache(null); + acrLogAnalyticsEnabled.run(cache, {}, (err, results) => { + expect(results.length).to.equal(1); + expect(results[0].status).to.equal(3); + expect(results[0].message).to.include('Unable to query for Container Registries:'); + expect(results[0].region).to.equal('eastus'); + done(); + }); + }); + + it('should give passing result if Log Analytics is enabled for ACR', function(done) { + const cache = createCache([containerRegistries[0]], [diagnosticSettings[0]]); + acrLogAnalyticsEnabled.run(cache, {}, (err, results) => { + expect(results.length).to.equal(1); + expect(results[0].status).to.equal(0); + expect(results[0].message).to.include('Log Analytics enabled for ACR'); + expect(results[0].region).to.equal('eastus'); + done(); + }); + }); + + it('should give failing result if Log Analytics is not enabled for ACR', function(done) { + const cache = createCache([containerRegistries[0]], [diagnosticSettings[1]]); + acrLogAnalyticsEnabled.run(cache, {}, (err, results) => { + expect(results.length).to.equal(1); + expect(results[0].status).to.equal(2); + expect(results[0].message).to.include('Log Analytics are not enabled for ACR'); + expect(results[0].region).to.equal('eastus'); + done(); + }); + }); + }); +}); \ No newline at end of file From 121104abf0dd2f65cc904fff92c2c0a4cbd067a9 Mon Sep 17 00:00:00 2001 From: abdullahaslam306 Date: Wed, 2 Aug 2023 15:12:44 +0500 Subject: [PATCH 02/18] info updated --- plugins/azure/containerregistry/acrLogAnalyticsEnabled.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/plugins/azure/containerregistry/acrLogAnalyticsEnabled.js b/plugins/azure/containerregistry/acrLogAnalyticsEnabled.js index 64c8502569..364fd5a1e4 100644 --- a/plugins/azure/containerregistry/acrLogAnalyticsEnabled.js +++ b/plugins/azure/containerregistry/acrLogAnalyticsEnabled.js @@ -6,7 +6,7 @@ module.exports = { category: 'Container Registry', domain: 'Containers', description: 'Ensures that Azure Container registry logs are sent to the Log Analytics workspace.', - more_info: 'Access logs provide an audit trail of user activities and Azure management operations on the registry.', + more_info: 'Enabling Log Analytics for Azure Container registry ensures that logs are shipped to a central repository that can be queried and audited.', recommended_action: 'Modify container registry and enable logs from diagnostic settings.', link: 'https://learn.microsoft.com/en-us/azure/container-registry/monitor-service', apis: ['registries:list', 'diagnosticSettings:listByContainerRegistries'], From 317f1b3013d880f0630a7cf76786efcfe4c7bb54 Mon Sep 17 00:00:00 2001 From: abdullahaslam306 Date: Wed, 2 Aug 2023 15:14:04 +0500 Subject: [PATCH 03/18] var to let --- plugins/azure/networksecuritygroups/nsgLogAnalyticsEnabled.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/plugins/azure/networksecuritygroups/nsgLogAnalyticsEnabled.js b/plugins/azure/networksecuritygroups/nsgLogAnalyticsEnabled.js index 3af30e7d8d..ea78dee471 100644 --- a/plugins/azure/networksecuritygroups/nsgLogAnalyticsEnabled.js +++ b/plugins/azure/networksecuritygroups/nsgLogAnalyticsEnabled.js @@ -51,7 +51,7 @@ module.exports = { } else if (!diagnosticSettings.data.length) { helpers.addResult(results, 2, 'No existing diagnostics settings', location, nsg.id); } else { - var found = false; + let found = false; diagnosticSettings.data.forEach(function(ds) { if (ds.logs && ds.logs.length) found = true; }); From c978ff0160dee7449dd7a3e551e3d2200eb55b53 Mon Sep 17 00:00:00 2001 From: AkhtarAmir <31914988+AkhtarAmir@users.noreply.github.com> Date: Thu, 3 Aug 2023 17:50:30 +0500 Subject: [PATCH 04/18] Update plugins/azure/containerregistry/acrLogAnalyticsEnabled.js Co-authored-by: alphadev4 <113519745+alphadev4@users.noreply.github.com> --- plugins/azure/containerregistry/acrLogAnalyticsEnabled.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/plugins/azure/containerregistry/acrLogAnalyticsEnabled.js b/plugins/azure/containerregistry/acrLogAnalyticsEnabled.js index 364fd5a1e4..d6c90ab0f2 100644 --- a/plugins/azure/containerregistry/acrLogAnalyticsEnabled.js +++ b/plugins/azure/containerregistry/acrLogAnalyticsEnabled.js @@ -5,7 +5,7 @@ module.exports = { title: 'ACR Log Analytics Enabled', category: 'Container Registry', domain: 'Containers', - description: 'Ensures that Azure Container registry logs are sent to the Log Analytics workspace.', + description: 'Ensure that Azure Container registry logs are sent to the Log Analytics workspace.', more_info: 'Enabling Log Analytics for Azure Container registry ensures that logs are shipped to a central repository that can be queried and audited.', recommended_action: 'Modify container registry and enable logs from diagnostic settings.', link: 'https://learn.microsoft.com/en-us/azure/container-registry/monitor-service', From 5a7e0a017d4350a6c41aecb141b513bbd874a92a Mon Sep 17 00:00:00 2001 From: alphadev4 <113519745+alphadev4@users.noreply.github.com> Date: Thu, 3 Aug 2023 17:54:01 +0500 Subject: [PATCH 05/18] Update plugins/azure/containerregistry/acrLogAnalyticsEnabled.js --- plugins/azure/containerregistry/acrLogAnalyticsEnabled.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/plugins/azure/containerregistry/acrLogAnalyticsEnabled.js b/plugins/azure/containerregistry/acrLogAnalyticsEnabled.js index d6c90ab0f2..d1db224098 100644 --- a/plugins/azure/containerregistry/acrLogAnalyticsEnabled.js +++ b/plugins/azure/containerregistry/acrLogAnalyticsEnabled.js @@ -7,7 +7,7 @@ module.exports = { domain: 'Containers', description: 'Ensure that Azure Container registry logs are sent to the Log Analytics workspace.', more_info: 'Enabling Log Analytics for Azure Container registry ensures that logs are shipped to a central repository that can be queried and audited.', - recommended_action: 'Modify container registry and enable logs from diagnostic settings.', + recommended_action: 'Modify container registry and enable Send to Log Analytics from diagnostic settings.', link: 'https://learn.microsoft.com/en-us/azure/container-registry/monitor-service', apis: ['registries:list', 'diagnosticSettings:listByContainerRegistries'], From 84c1152ac324230c17155e7fd9bcb08437ad6142 Mon Sep 17 00:00:00 2001 From: alphadev4 <113519745+alphadev4@users.noreply.github.com> Date: Thu, 3 Aug 2023 17:56:59 +0500 Subject: [PATCH 06/18] Update plugins/azure/containerregistry/acrLogAnalyticsEnabled.js --- .../acrLogAnalyticsEnabled.js | 26 ++++++++----------- 1 file changed, 11 insertions(+), 15 deletions(-) diff --git a/plugins/azure/containerregistry/acrLogAnalyticsEnabled.js b/plugins/azure/containerregistry/acrLogAnalyticsEnabled.js index d1db224098..712becb0ab 100644 --- a/plugins/azure/containerregistry/acrLogAnalyticsEnabled.js +++ b/plugins/azure/containerregistry/acrLogAnalyticsEnabled.js @@ -40,23 +40,19 @@ module.exports = { if (!diagnosticSettings || diagnosticSettings.err || !diagnosticSettings.data) { helpers.addResult(results, 3, 'Unable to query diagnostics settings: ' + helpers.addError(diagnosticSettings), location, registry.id); - continue; - } - - if (!diagnosticSettings.data.length) { + } else if (!diagnosticSettings.data.length) { helpers.addResult(results, 2, 'No existing diagnostics settings', location, registry.id); - continue; - } - - var found = false; - diagnosticSettings.data.forEach(function(ds) { - if (ds.logs && ds.logs.length) found = true; - }); + } else { + var found = false; + diagnosticSettings.data.forEach(function(ds) { + if (ds.logs && ds.logs.length) found = true; + }); - if (found) { - helpers.addResult(results, 0, 'Log Analytics enabled for ACR', location, registry.id); - } else { - helpers.addResult(results, 2, 'Log Analytics are not enabled for ACR', location, registry.id); + if (found) { + helpers.addResult(results, 0, 'Log Analytics enabled for ACR', location, registry.id); + } else { + helpers.addResult(results, 2, 'Log Analytics are not enabled for ACR', location, registry.id); + } } } From f2ec94ab2cf2e7bd95e0bf2c0e8902fe231c21b6 Mon Sep 17 00:00:00 2001 From: alphadev4 <113519745+alphadev4@users.noreply.github.com> Date: Thu, 3 Aug 2023 18:01:39 +0500 Subject: [PATCH 07/18] Apply suggestions from code review --- plugins/azure/containerregistry/acrLogAnalyticsEnabled.js | 4 ++-- .../azure/containerregistry/acrLogAnalyticsEnabled.spec.js | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/plugins/azure/containerregistry/acrLogAnalyticsEnabled.js b/plugins/azure/containerregistry/acrLogAnalyticsEnabled.js index 712becb0ab..56f2babb11 100644 --- a/plugins/azure/containerregistry/acrLogAnalyticsEnabled.js +++ b/plugins/azure/containerregistry/acrLogAnalyticsEnabled.js @@ -49,9 +49,9 @@ module.exports = { }); if (found) { - helpers.addResult(results, 0, 'Log Analytics enabled for ACR', location, registry.id); + helpers.addResult(results, 0, 'Log Analytics is enabled for container registry', location, registry.id); } else { - helpers.addResult(results, 2, 'Log Analytics are not enabled for ACR', location, registry.id); + helpers.addResult(results, 2, 'Log Analytics is not enabled for container registry', location, registry.id); } } } diff --git a/plugins/azure/containerregistry/acrLogAnalyticsEnabled.spec.js b/plugins/azure/containerregistry/acrLogAnalyticsEnabled.spec.js index a737cf8138..6342d1e9a9 100644 --- a/plugins/azure/containerregistry/acrLogAnalyticsEnabled.spec.js +++ b/plugins/azure/containerregistry/acrLogAnalyticsEnabled.spec.js @@ -135,7 +135,7 @@ describe('acrLogAnalyticsEnabled', function() { acrLogAnalyticsEnabled.run(cache, {}, (err, results) => { expect(results.length).to.equal(1); expect(results[0].status).to.equal(0); - expect(results[0].message).to.include('Log Analytics enabled for ACR'); + expect(results[0].message).to.include('Log Analytics is enabled for container registry'); expect(results[0].region).to.equal('eastus'); done(); }); @@ -146,7 +146,7 @@ describe('acrLogAnalyticsEnabled', function() { acrLogAnalyticsEnabled.run(cache, {}, (err, results) => { expect(results.length).to.equal(1); expect(results[0].status).to.equal(2); - expect(results[0].message).to.include('Log Analytics are not enabled for ACR'); + expect(results[0].message).to.include('Log Analytics is not enabled for container registry'); expect(results[0].region).to.equal('eastus'); done(); }); From 51e9a5c8494f067072f094af42b6a95c8cff5809 Mon Sep 17 00:00:00 2001 From: alphadev4 <113519745+alphadev4@users.noreply.github.com> Date: Thu, 3 Aug 2023 18:02:48 +0500 Subject: [PATCH 08/18] Update plugins/azure/networksecuritygroups/nsgLogAnalyticsEnabled.js --- plugins/azure/networksecuritygroups/nsgLogAnalyticsEnabled.js | 1 - 1 file changed, 1 deletion(-) diff --git a/plugins/azure/networksecuritygroups/nsgLogAnalyticsEnabled.js b/plugins/azure/networksecuritygroups/nsgLogAnalyticsEnabled.js index ea78dee471..f5df036da8 100644 --- a/plugins/azure/networksecuritygroups/nsgLogAnalyticsEnabled.js +++ b/plugins/azure/networksecuritygroups/nsgLogAnalyticsEnabled.js @@ -51,7 +51,6 @@ module.exports = { } else if (!diagnosticSettings.data.length) { helpers.addResult(results, 2, 'No existing diagnostics settings', location, nsg.id); } else { - let found = false; diagnosticSettings.data.forEach(function(ds) { if (ds.logs && ds.logs.length) found = true; }); From ca5711da1f925b429ac863468698a43c37187fb2 Mon Sep 17 00:00:00 2001 From: alphadev4 <113519745+alphadev4@users.noreply.github.com> Date: Thu, 3 Aug 2023 18:03:24 +0500 Subject: [PATCH 09/18] Update plugins/azure/networksecuritygroups/nsgLogAnalyticsEnabled.js --- plugins/azure/networksecuritygroups/nsgLogAnalyticsEnabled.js | 1 + 1 file changed, 1 insertion(+) diff --git a/plugins/azure/networksecuritygroups/nsgLogAnalyticsEnabled.js b/plugins/azure/networksecuritygroups/nsgLogAnalyticsEnabled.js index f5df036da8..30a6236825 100644 --- a/plugins/azure/networksecuritygroups/nsgLogAnalyticsEnabled.js +++ b/plugins/azure/networksecuritygroups/nsgLogAnalyticsEnabled.js @@ -51,6 +51,7 @@ module.exports = { } else if (!diagnosticSettings.data.length) { helpers.addResult(results, 2, 'No existing diagnostics settings', location, nsg.id); } else { + var found = false; diagnosticSettings.data.forEach(function(ds) { if (ds.logs && ds.logs.length) found = true; }); From 1537625a0853f8bb4a7c9c2c2a37502c7e84f6a3 Mon Sep 17 00:00:00 2001 From: alphadev4 <113519745+alphadev4@users.noreply.github.com> Date: Thu, 3 Aug 2023 18:03:46 +0500 Subject: [PATCH 10/18] Update plugins/azure/networksecuritygroups/nsgLogAnalyticsEnabled.js --- plugins/azure/networksecuritygroups/nsgLogAnalyticsEnabled.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/plugins/azure/networksecuritygroups/nsgLogAnalyticsEnabled.js b/plugins/azure/networksecuritygroups/nsgLogAnalyticsEnabled.js index 30a6236825..3af30e7d8d 100644 --- a/plugins/azure/networksecuritygroups/nsgLogAnalyticsEnabled.js +++ b/plugins/azure/networksecuritygroups/nsgLogAnalyticsEnabled.js @@ -51,7 +51,7 @@ module.exports = { } else if (!diagnosticSettings.data.length) { helpers.addResult(results, 2, 'No existing diagnostics settings', location, nsg.id); } else { - var found = false; + var found = false; diagnosticSettings.data.forEach(function(ds) { if (ds.logs && ds.logs.length) found = true; }); From 9540c8a44af9a7a8723db5e6a107d4f37bdef887 Mon Sep 17 00:00:00 2001 From: alphadev4 <113519745+alphadev4@users.noreply.github.com> Date: Thu, 3 Aug 2023 18:26:47 +0500 Subject: [PATCH 11/18] Update plugins/azure/containerregistry/acrLogAnalyticsEnabled.js --- plugins/azure/containerregistry/acrLogAnalyticsEnabled.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/plugins/azure/containerregistry/acrLogAnalyticsEnabled.js b/plugins/azure/containerregistry/acrLogAnalyticsEnabled.js index 56f2babb11..d2a401d54e 100644 --- a/plugins/azure/containerregistry/acrLogAnalyticsEnabled.js +++ b/plugins/azure/containerregistry/acrLogAnalyticsEnabled.js @@ -5,7 +5,7 @@ module.exports = { title: 'ACR Log Analytics Enabled', category: 'Container Registry', domain: 'Containers', - description: 'Ensure that Azure Container registry logs are sent to the Log Analytics workspace.', + description: 'Ensure that Azure container registry logs are sent to the Log Analytics workspace.', more_info: 'Enabling Log Analytics for Azure Container registry ensures that logs are shipped to a central repository that can be queried and audited.', recommended_action: 'Modify container registry and enable Send to Log Analytics from diagnostic settings.', link: 'https://learn.microsoft.com/en-us/azure/container-registry/monitor-service', From f0133482999a6539b9e66976b4f287fd010e2644 Mon Sep 17 00:00:00 2001 From: alphadev4 <113519745+alphadev4@users.noreply.github.com> Date: Thu, 3 Aug 2023 18:27:02 +0500 Subject: [PATCH 12/18] Update plugins/azure/containerregistry/acrLogAnalyticsEnabled.js --- plugins/azure/containerregistry/acrLogAnalyticsEnabled.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/plugins/azure/containerregistry/acrLogAnalyticsEnabled.js b/plugins/azure/containerregistry/acrLogAnalyticsEnabled.js index d2a401d54e..e3d50fd41e 100644 --- a/plugins/azure/containerregistry/acrLogAnalyticsEnabled.js +++ b/plugins/azure/containerregistry/acrLogAnalyticsEnabled.js @@ -6,7 +6,7 @@ module.exports = { category: 'Container Registry', domain: 'Containers', description: 'Ensure that Azure container registry logs are sent to the Log Analytics workspace.', - more_info: 'Enabling Log Analytics for Azure Container registry ensures that logs are shipped to a central repository that can be queried and audited.', + more_info: 'Enabling Log Analytics for Azure container registry ensures that logs are shipped to a central repository that can be queried and audited.', recommended_action: 'Modify container registry and enable Send to Log Analytics from diagnostic settings.', link: 'https://learn.microsoft.com/en-us/azure/container-registry/monitor-service', apis: ['registries:list', 'diagnosticSettings:listByContainerRegistries'], From 5acaaecf04a03180d47745bc57e6ad72a2b6cdfa Mon Sep 17 00:00:00 2001 From: alphadev4 <113519745+alphadev4@users.noreply.github.com> Date: Thu, 3 Aug 2023 18:29:48 +0500 Subject: [PATCH 13/18] Apply suggestions from code review --- plugins/azure/containerregistry/acrLogAnalyticsEnabled.js | 4 ++-- .../azure/containerregistry/acrLogAnalyticsEnabled.spec.js | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/plugins/azure/containerregistry/acrLogAnalyticsEnabled.js b/plugins/azure/containerregistry/acrLogAnalyticsEnabled.js index e3d50fd41e..936d547f72 100644 --- a/plugins/azure/containerregistry/acrLogAnalyticsEnabled.js +++ b/plugins/azure/containerregistry/acrLogAnalyticsEnabled.js @@ -24,12 +24,12 @@ module.exports = { if (registries.err || !registries.data) { helpers.addResult(results, 3, - 'Unable to query for Container Registries: ' + helpers.addError(registries), location); + 'Unable to query for container registries: ' + helpers.addError(registries), location); return rcb(); } if (!registries.data.length) { - helpers.addResult(results, 0, 'No existing Container Registries found', location); + helpers.addResult(results, 0, 'No existing container registries found', location); return rcb(); } diff --git a/plugins/azure/containerregistry/acrLogAnalyticsEnabled.spec.js b/plugins/azure/containerregistry/acrLogAnalyticsEnabled.spec.js index 6342d1e9a9..f28b20a9e3 100644 --- a/plugins/azure/containerregistry/acrLogAnalyticsEnabled.spec.js +++ b/plugins/azure/containerregistry/acrLogAnalyticsEnabled.spec.js @@ -102,7 +102,7 @@ describe('acrLogAnalyticsEnabled', function() { acrLogAnalyticsEnabled.run(cache, {}, (err, results) => { expect(results.length).to.equal(1); expect(results[0].status).to.equal(0); - expect(results[0].message).to.include('No existing Container Registries found'); + expect(results[0].message).to.include('No existing container registries found'); expect(results[0].region).to.equal('eastus'); done(); }); @@ -124,7 +124,7 @@ describe('acrLogAnalyticsEnabled', function() { acrLogAnalyticsEnabled.run(cache, {}, (err, results) => { expect(results.length).to.equal(1); expect(results[0].status).to.equal(3); - expect(results[0].message).to.include('Unable to query for Container Registries:'); + expect(results[0].message).to.include('Unable to query for container registries:'); expect(results[0].region).to.equal('eastus'); done(); }); From 8f00166c9a68c80c1167c2dbbd947ac7b31794fa Mon Sep 17 00:00:00 2001 From: AkhtarAmir <31914988+AkhtarAmir@users.noreply.github.com> Date: Thu, 3 Aug 2023 18:31:42 +0500 Subject: [PATCH 14/18] Update plugins/azure/containerregistry/acrLogAnalyticsEnabled.js --- plugins/azure/containerregistry/acrLogAnalyticsEnabled.js | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/plugins/azure/containerregistry/acrLogAnalyticsEnabled.js b/plugins/azure/containerregistry/acrLogAnalyticsEnabled.js index 936d547f72..cca6e7a87f 100644 --- a/plugins/azure/containerregistry/acrLogAnalyticsEnabled.js +++ b/plugins/azure/containerregistry/acrLogAnalyticsEnabled.js @@ -43,10 +43,7 @@ module.exports = { } else if (!diagnosticSettings.data.length) { helpers.addResult(results, 2, 'No existing diagnostics settings', location, registry.id); } else { - var found = false; - diagnosticSettings.data.forEach(function(ds) { - if (ds.logs && ds.logs.length) found = true; - }); + let found = diagnosticSettings.data.find(logs => logs.length); if (found) { helpers.addResult(results, 0, 'Log Analytics is enabled for container registry', location, registry.id); From be7b99a937377f59e3c8f03ca05fe456a8cae0c7 Mon Sep 17 00:00:00 2001 From: AkhtarAmir <31914988+AkhtarAmir@users.noreply.github.com> Date: Thu, 3 Aug 2023 18:32:00 +0500 Subject: [PATCH 15/18] Update exports.js --- exports.js | 1 - 1 file changed, 1 deletion(-) diff --git a/exports.js b/exports.js index e7aadfb561..29f2e50028 100644 --- a/exports.js +++ b/exports.js @@ -909,7 +909,6 @@ module.exports = { 'acrLogAnalyticsEnabled' : require(__dirname + '/plugins/azure/containerregistry/acrLogAnalyticsEnabled.js'), 'acrAnonymousPullAccessEnabled' : require(__dirname + '/plugins/azure/containerregistry/acrAnonymousPullAccessEnabled.js'), - 'endpointLoggingEnabled' : require(__dirname + '/plugins/azure/cdnprofiles/endpointLoggingEnabled.js'), 'detectInsecureCustomOrigin' : require(__dirname + '/plugins/azure/cdnprofiles/detectInsecureCustomOrigin.js'), From da6289670fedb0f4865e90d558b353ee1ec4b30a Mon Sep 17 00:00:00 2001 From: AkhtarAmir <31914988+AkhtarAmir@users.noreply.github.com> Date: Thu, 3 Aug 2023 18:34:05 +0500 Subject: [PATCH 16/18] Apply suggestions from code review --- plugins/azure/containerregistry/acrLogAnalyticsEnabled.js | 4 ++-- .../azure/containerregistry/acrLogAnalyticsEnabled.spec.js | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/plugins/azure/containerregistry/acrLogAnalyticsEnabled.js b/plugins/azure/containerregistry/acrLogAnalyticsEnabled.js index cca6e7a87f..72dc504ef3 100644 --- a/plugins/azure/containerregistry/acrLogAnalyticsEnabled.js +++ b/plugins/azure/containerregistry/acrLogAnalyticsEnabled.js @@ -46,9 +46,9 @@ module.exports = { let found = diagnosticSettings.data.find(logs => logs.length); if (found) { - helpers.addResult(results, 0, 'Log Analytics is enabled for container registry', location, registry.id); + helpers.addResult(results, 0, 'Logging is enabled for container registry', location, registry.id); } else { - helpers.addResult(results, 2, 'Log Analytics is not enabled for container registry', location, registry.id); + helpers.addResult(results, 2, 'Logging is not enabled for container registry', location, registry.id); } } } diff --git a/plugins/azure/containerregistry/acrLogAnalyticsEnabled.spec.js b/plugins/azure/containerregistry/acrLogAnalyticsEnabled.spec.js index f28b20a9e3..a517d1bf55 100644 --- a/plugins/azure/containerregistry/acrLogAnalyticsEnabled.spec.js +++ b/plugins/azure/containerregistry/acrLogAnalyticsEnabled.spec.js @@ -135,7 +135,7 @@ describe('acrLogAnalyticsEnabled', function() { acrLogAnalyticsEnabled.run(cache, {}, (err, results) => { expect(results.length).to.equal(1); expect(results[0].status).to.equal(0); - expect(results[0].message).to.include('Log Analytics is enabled for container registry'); + expect(results[0].message).to.include('Logging is enabled for container registry'); expect(results[0].region).to.equal('eastus'); done(); }); @@ -146,7 +146,7 @@ describe('acrLogAnalyticsEnabled', function() { acrLogAnalyticsEnabled.run(cache, {}, (err, results) => { expect(results.length).to.equal(1); expect(results[0].status).to.equal(2); - expect(results[0].message).to.include('Log Analytics is not enabled for container registry'); + expect(results[0].message).to.include('Logging is not enabled for container registry'); expect(results[0].region).to.equal('eastus'); done(); }); From b4f5b23971b810db95112e2d45d2266a7b4583e9 Mon Sep 17 00:00:00 2001 From: AkhtarAmir <31914988+AkhtarAmir@users.noreply.github.com> Date: Thu, 3 Aug 2023 18:37:08 +0500 Subject: [PATCH 17/18] Update plugins/azure/containerregistry/acrLogAnalyticsEnabled.js --- plugins/azure/containerregistry/acrLogAnalyticsEnabled.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/plugins/azure/containerregistry/acrLogAnalyticsEnabled.js b/plugins/azure/containerregistry/acrLogAnalyticsEnabled.js index 72dc504ef3..3d7432eb3b 100644 --- a/plugins/azure/containerregistry/acrLogAnalyticsEnabled.js +++ b/plugins/azure/containerregistry/acrLogAnalyticsEnabled.js @@ -43,7 +43,7 @@ module.exports = { } else if (!diagnosticSettings.data.length) { helpers.addResult(results, 2, 'No existing diagnostics settings', location, registry.id); } else { - let found = diagnosticSettings.data.find(logs => logs.length); + let found = diagnosticSettings.data.find(ds.logs => ds.logs.length); if (found) { helpers.addResult(results, 0, 'Logging is enabled for container registry', location, registry.id); From e842d08bb99e82e8fdbd6ca5a32c4ff8a0cb1276 Mon Sep 17 00:00:00 2001 From: AkhtarAmir <31914988+AkhtarAmir@users.noreply.github.com> Date: Thu, 3 Aug 2023 18:39:06 +0500 Subject: [PATCH 18/18] Update plugins/azure/containerregistry/acrLogAnalyticsEnabled.js --- plugins/azure/containerregistry/acrLogAnalyticsEnabled.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/plugins/azure/containerregistry/acrLogAnalyticsEnabled.js b/plugins/azure/containerregistry/acrLogAnalyticsEnabled.js index 3d7432eb3b..e5d5bcc70e 100644 --- a/plugins/azure/containerregistry/acrLogAnalyticsEnabled.js +++ b/plugins/azure/containerregistry/acrLogAnalyticsEnabled.js @@ -43,7 +43,7 @@ module.exports = { } else if (!diagnosticSettings.data.length) { helpers.addResult(results, 2, 'No existing diagnostics settings', location, registry.id); } else { - let found = diagnosticSettings.data.find(ds.logs => ds.logs.length); + let found = diagnosticSettings.data.find(ds => ds.logs && ds.logs.length); if (found) { helpers.addResult(results, 0, 'Logging is enabled for container registry', location, registry.id);