Skip to content

Commit

Permalink
Updated Bug fix for route53 DTL Regions
Browse files Browse the repository at this point in the history
  • Loading branch information
AkhtarAmir authored and AkhtarAmir committed Sep 2, 2024
1 parent 7c4faed commit 6ca047a
Show file tree
Hide file tree
Showing 2 changed files with 164 additions and 185 deletions.
151 changes: 71 additions & 80 deletions plugins/aws/eks/eksKubernetesVersion.spec.js
View file
Original file line number Diff line number Diff line change
@@ -1,93 +1,84 @@
var assert = require('assert');
var expect = require('chai').expect;
var eks = require('./eksKubernetesVersion');
var assert = require("assert");
var expect = require("chai").expect;
var eks = require("./eksKubernetesVersion");

const createCache = (listData, descData) => {
return {
eks: {
listClusters: {
'us-east-1': {
err: null,
data: listData
}
},
describeCluster: {
'us-east-1': {
'mycluster': {
err: null,
data: descData
}
}
}
return {
eks: {
listClusters: {
"us-east-1": {
err: null,
data: listData,
},
sts: {
getCallerIdentity: {
data: '012345678911'
}
}
}
},
describeCluster: {
"us-east-1": {
mycluster: {
err: null,
data: descData,
},
},
},
},
sts: {
getCallerIdentity: {
data: "012345678911",
},
},
};
};

describe('eksKubernetesVersion', function () {
describe('run', function () {
it('should give passing result if no EKS clusters present', function (done) {
const callback = (err, results) => {
expect(results.length).to.equal(1)
expect(results[0].status).to.equal(0)
expect(results[0].message).to.include('No EKS clusters present')
done()
};
describe("eksKubernetesVersion", function () {
describe("run", function () {
it("should give passing result if no EKS clusters present", function (done) {
const callback = (err, results) => {
expect(results.length).to.equal(1);
expect(results[0].status).to.equal(0);
expect(results[0].message).to.include("No EKS clusters present");
done();
};

const cache = createCache(
[],
{}
);
const cache = createCache([], {});

eks.run(cache, {}, callback);
})
eks.run(cache, {}, callback);
});

it('should give error result if EKS cluster is deprecated', function (done) {
const callback = (err, results) => {
expect(results.length).to.equal(1)
expect(results[0].status).to.equal(2)
expect(results[0].message).to.include('which was deprecated')
done()
};
it("should give error result if EKS cluster is deprecated", function (done) {
const callback = (err, results) => {
expect(results.length).to.equal(1);
expect(results[0].status).to.equal(2);
expect(results[0].message).to.include("which was deprecated");
done();
};

const cache = createCache(
['mycluster'],
{
"cluster": {
"name": "mycluster",
"arn": "arn:aws:eks:us-east-1:012345678911:cluster/mycluster",
"version": "1.15",
}
}
);
const cache = createCache(["mycluster"], {
cluster: {
name: "mycluster",
arn: "arn:aws:eks:us-east-1:012345678911:cluster/mycluster",
version: "1.15",
},
});

eks.run(cache, {}, callback);
})
eks.run(cache, {}, callback);
});

it('should give passing result if EKS cluster is current', function (done) {
const callback = (err, results) => {
expect(results.length).to.equal(1)
expect(results[0].status).to.equal(0)
expect(results[0].message).to.include('current version of Kubernetes')
done()
};
it("should give passing result if EKS cluster is current", function (done) {
const callback = (err, results) => {
expect(results.length).to.equal(1);
expect(results[0].status).to.equal(0);
expect(results[0].message).to.include("current version of Kubernetes");
done();
};

const cache = createCache(
['mycluster'],
{
"cluster": {
"name": "mycluster",
"arn": "arn:aws:eks:us-east-1:012345678911:cluster/mycluster",
"version": "1.27",
}
}
);
const cache = createCache(["mycluster"], {
cluster: {
name: "mycluster",
arn: "arn:aws:eks:us-east-1:012345678911:cluster/mycluster",
version: "1.29",
},
});

eks.run(cache, {}, callback);
})
})
})
eks.run(cache, {}, callback);
});
});
});
198 changes: 93 additions & 105 deletions plugins/aws/route53/domainTransferLock.js
View file
Original file line number Diff line number Diff line change
@@ -1,116 +1,104 @@
/* eslint-disable space-before-function-paren */
/* eslint-disable quotes */
/* eslint-disable indent */
var helpers = require("../../../helpers/aws");
var helpers = require('../../../helpers/aws');

module.exports = {
title: "Domain Transfer Lock",
category: "Route53",
domain: "Content Delivery",
severity: "Medium",
description: "Ensures domains have the transfer lock set",
more_info:
"To avoid having a domain maliciously transferred to a third-party, all domains should enable the transfer lock unless actively being transferred.",
link: "http://docs.aws.amazon.com/Route53/latest/DeveloperGuide/domain-transfer-from-route-53.html",
recommended_action: "Enable the transfer lock for the domain",
apis: ["Route53Domains:listDomains"],
realtime_triggers: [
"route53domains:RegisterDomain",
"route53domain:EnableDomainTransferLock",
"route53domain:DisableDomainTransferLock",
"route53domians:DeleteDomain",
],
title: 'Domain Transfer Lock',
category: 'Route53',
domain: 'Content Delivery',
severity: 'Medium',
description: 'Ensures domains have the transfer lock set',
more_info:
'To avoid having a domain maliciously transferred to a third-party, all domains should enable the transfer lock unless actively being transferred.',
link: 'http://docs.aws.amazon.com/Route53/latest/DeveloperGuide/domain-transfer-from-route-53.html',
recommended_action: 'Enable the transfer lock for the domain',
apis: ['Route53Domains:listDomains'],
realtime_triggers: ['route53domains:RegisterDomain', 'route53domain:EnableDomainTransferLock', 'route53domain:DisableDomainTransferLock', 'route53domians:DeleteDomain',
],

run: function (cache, settings, callback) {
var results = [];
var source = {};
run: function(cache, settings, callback) {
var results = [];
var source = {};

var region = helpers.defaultRegion(settings);
var region = helpers.defaultRegion(settings);

var listDomains = helpers.addSource(cache, source, [
"route53domains",
"listDomains",
region,
]);
var listDomains = helpers.addSource(cache, source, [
'route53domains',
'listDomains',
region,
]);

if (!listDomains) return callback(null, results, source);
if (!listDomains) return callback(null, results, source);

if (listDomains.err || !listDomains.data) {
helpers.addResult(
results,
3,
"Unable to query for domains: " + helpers.addError(listDomains)
);
return callback(null, results, source);
}

if (!listDomains.data.length) {
helpers.addResult(results, 0, "No domains registered through Route53");
return callback(null, results, source);
}

// eslint-disable-next-line no-unused-vars
var dtlUnsupportedRegions = [
".za",
".cl",
".ar",
".au",
".nz",
".au",
".jp",
".qa",
".ru",
".ch",
".de",
".es",
".eu",
"fi",
".it",
".nl",
".se",
];
if (listDomains.err || !listDomains.data) {
helpers.addResult(
results,
3,
'Unable to query for domains: ' + helpers.addError(listDomains)
);
return callback(null, results, source);
}
if (!listDomains.data.length) {
helpers.addResult(results, 0, 'No domains registered through Route53');
return callback(null, results, source);
}
var dtlUnsupportedRegions = [
'.za',
'.cl',
'.ar',
'.au',
'.nz',
'.au',
'.jp',
'.qa',
'.ru',
'.ch',
'.de',
'.es',
'.eu',
'fi',
'.it',
'.nl',
'.se',
];

for (var i in listDomains.data) {
var domain = listDomains.data[i];
if (!domain.DomainName) continue;
for (var i in listDomains.data) {
var domain = listDomains.data[i];
if (!domain.DomainName) continue;

var unsupported = false;
dtlUnsupportedRegions.forEach((region) => {
if (domain.DomainName.includes(region)) {
unsupported = true;
//break;
var unsupported = false;
dtlUnsupportedRegions.forEach((region) => {
if (domain.DomainName.includes(region)) {
unsupported = true;
//break;
}
});
// Skip the unsupported domains
if (unsupported) {
helpers.addResult(
results,
0,
'Domain: ' + domain.DomainName + ' does not support transfer locks',
'global',
domain.DomainName
);
} else if (domain.TransferLock) {
helpers.addResult(
results,
0,
'Domain: ' + domain.DomainName + ' has the transfer lock enabled',
'global',
domain.DomainName
);
} else {
helpers.addResult(
results,
2,
'Domain: ' +
domain.DomainName +
' does not have the transfer lock enabled',
'global', domain.DomainName
);
}
}
});
// Skip the unsupported domains
if (unsupported) {
helpers.addResult(
results,
0,
"Domain: " + domain.DomainName + " does not support transfer locks",
"global",
domain.DomainName
);
} else if (domain.TransferLock) {
helpers.addResult(
results,
0,
"Domain: " + domain.DomainName + " has the transfer lock enabled",
"global",
domain.DomainName
);
} else {
helpers.addResult(
results,
2,
"Domain: " +
domain.DomainName +
" does not have the transfer lock enabled",
"global",
domain.DomainName
);
}
}

callback(null, results, source);
},
callback(null, results, source);
},
};

0 comments on commit 6ca047a

Please sign in to comment.