Skip to content

Commit 64e08e8

Browse files
cuongquaycuongquay
authored
Update entrypoint.js
1 parent 4737b47 commit 64e08e8

File tree

1 file changed

+112
-107
lines changed

1 file changed

+112
-107
lines changed

entrypoint.js

Lines changed: 112 additions & 107 deletions
Original file line numberDiff line numberDiff line change
@@ -64,17 +64,6 @@ var files = []
6464
var headers = []
6565
var securityReports = {}
6666
var securityServerity = { critical: 0, high: 0, medium: 0, low: 0, info: 0 }
67-
try {
68-
var fileContent = require('fs').readFileSync(path.resolve(configInputFile), 'utf-8')
69-
if (fileFormat == 'CSV') {
70-
files = fileContent.split(/\r?\n/)
71-
headers = files[lineIndex++]
72-
} else if (fileFormat == 'JSON') {
73-
securityReports = JSON.parse(fileContent)
74-
}
75-
} catch (e) {
76-
console.log(e)
77-
}
7867

7968
function getSnapshotFromFile(snapshotPath) {
8069
simplify.consoleWithMessage(opName, `${cmdOPS} Snapshot from ${snapshotPath}`)
@@ -330,109 +319,125 @@ function printMetricTable(metrics, functionList) {
330319
table.printTable()
331320
}
332321

333-
try {
334-
var config = simplify.getInputConfig({
335-
Region: argv.region || 'eu-west-1',
336-
Profile: argv.profile || 'default',
337-
Bucket: { Name: 'default' }
338-
})
339-
provider.setConfig(config).then(function () {
340-
if (headers.startsWith('Region')) {
341-
secOpsFunctions(files, function (functionList) {
342-
if (cmdOPS === 'METRIC') {
343-
let startDate = new Date()
344-
const lastHours = parseInt(argv.hours || 3)
345-
startDate.setHours(startDate.getHours() - (lastHours))
346-
simplify.getFunctionMetricData({
347-
adaptor: provider.getMetrics(),
348-
functions: functionList.map(f => { return { FunctionName: f.functionInfo.FunctionName } }),
349-
periods: parseInt(argv.periods || 300),
350-
startDate: startDate,
351-
endDate: new Date()
352-
}).then(metrics => {
353-
if (typeof argv.plot === 'undefined') {
354-
printMetricTable(metrics, functionList)
355-
} else {
356-
const indexes = argv.plot.split(',')
357-
const pIndex = parseInt(indexes[0] || 1) - 1
358-
const mIndex = indexes.length > 0 ? parseInt(indexes[1]) - 1 : 0
359-
printMetricCharts(metrics, functionList, pIndex < 0 ? 0 : pIndex, mIndex < 0 ? 0 : mIndex)
322+
const processLambda = function () {
323+
try {
324+
var config = simplify.getInputConfig({
325+
Region: argv.region || 'eu-west-1',
326+
Profile: argv.profile || 'default',
327+
Bucket: { Name: 'default' }
328+
})
329+
provider.setConfig(config).then(function () {
330+
if (headers.startsWith('Region')) {
331+
secOpsFunctions(files, function (functionList) {
332+
if (cmdOPS === 'METRIC') {
333+
let startDate = new Date()
334+
const lastHours = parseInt(argv.hours || 3)
335+
startDate.setHours(startDate.getHours() - (lastHours))
336+
simplify.getFunctionMetricData({
337+
adaptor: provider.getMetrics(),
338+
functions: functionList.map(f => { return { FunctionName: f.functionInfo.FunctionName } }),
339+
periods: parseInt(argv.periods || 300),
340+
startDate: startDate,
341+
endDate: new Date()
342+
}).then(metrics => {
343+
if (typeof argv.plot === 'undefined') {
344+
printMetricTable(metrics, functionList)
345+
} else {
346+
const indexes = argv.plot.split(',')
347+
const pIndex = parseInt(indexes[0] || 1) - 1
348+
const mIndex = indexes.length > 0 ? parseInt(indexes[1]) - 1 : 0
349+
printMetricCharts(metrics, functionList, pIndex < 0 ? 0 : pIndex, mIndex < 0 ? 0 : mIndex)
350+
}
351+
}).catch(err => simplify.consoleWithMessage(opName, `${err}`))
352+
} else if (cmdOPS === 'VERIFY') {
353+
let isSimpleView = true
354+
if (typeof argv.extended !== 'undefined') {
355+
isSimpleView = false
360356
}
361-
}).catch(err => simplify.consoleWithMessage(opName, `${err}`))
362-
} else if (cmdOPS === 'VERIFY') {
363-
let isSimpleView = true
364-
if (typeof argv.extended !== 'undefined') {
365-
isSimpleView = false
366-
}
367-
const snapshotList = getSnapshotFromFile(path.resolve(argv.output, `${argv.baseline || '$LATEST'}.json`))
368-
const outputTable = functionList.map((func, idx) => {
369-
const snapshot = snapshotList ? snapshotList.find(f => f.FunctionName === func.functionInfo.FunctionName) : { Layers: [] }
370-
var areLayersValid = snapshotList ? true : false
371-
snapshot && snapshot.Layers.map(layer => {
372-
const layerInfo = func.Layers.find(info => info.LayerVersionArn === layer.LayerVersionArn)
373-
if (layerInfo && layerInfo.Content.CodeSha256 !== layer.CodeSha256) {
374-
areLayersValid = false
357+
const snapshotList = getSnapshotFromFile(path.resolve(argv.output, `${argv.baseline || '$LATEST'}.json`))
358+
const outputTable = functionList.map((func, idx) => {
359+
const snapshot = snapshotList ? snapshotList.find(f => f.FunctionName === func.functionInfo.FunctionName) : { Layers: [] }
360+
var areLayersValid = snapshotList ? true : false
361+
snapshot && snapshot.Layers.map(layer => {
362+
const layerInfo = func.Layers.find(info => info.LayerVersionArn === layer.LayerVersionArn)
363+
if (layerInfo && layerInfo.Content.CodeSha256 !== layer.CodeSha256) {
364+
areLayersValid = false
365+
}
366+
})
367+
func.LogGroup = func.LogGroup || {}
368+
func.functionInfo = func.functionInfo || {}
369+
const basicView = {
370+
Index: idx + 1,
371+
FunctionName: func.functionInfo.FunctionName.truncateLeft(50),
372+
CodeSha256: `${func.functionInfo.CodeSha256.truncateLeft(5, '')} (${func.functionInfo.CodeSha256 === (snapshot || {}).CodeSha256 ? 'OK' : 'NOK'})`,
373+
Layers: `${func.Layers.length} (${areLayersValid ? 'OK' : 'NOK'})`,
374+
LogRetention: `${func.LogGroup.retentionInDays || '-'} / ${func.logRetention || '-'} (${func.LogGroup.retentionInDays == func.logRetention ? 'OK' : 'PATCH'})`,
375+
EncryptionKey: (func.customKmsArn ? `KMS ${func.functionInfo.KMSKeyArn === func.customKmsArn ? '(OK)' : '(PATCH)'}` : `${func.functionInfo.KMSKeyArn ? 'KMS' : '-'} ${func.functionInfo.KMSKeyArn === func.customKmsArn ? '(OK)' : '(PATCH)'}`).truncateLeft(13),
376+
SecureFunction: func.secureFunction ? (func.functionInfo.KMSKeyArn ? 'YES (OK)' : 'YES (PATCH)') : (func.functionInfo.KMSKeyArn ? 'NO (PATCH)' : 'NO (OK)'),
377+
SecureLog: func.secureLog ? (func.LogGroup.kmsKeyId ? 'YES (OK)' : 'YES (PATCH)') : (func.LogGroup.kmsKeyId ? 'NO (PATCH)' : 'NO (OK)')
375378
}
379+
const extendedView = {
380+
Index: idx + 1,
381+
FunctionName: func.functionInfo.FunctionName.truncateLeft(50),
382+
LastModified: utilities.formatTimeSinceAgo(new Date(func.functionInfo.LastModified)),
383+
State: func.functionInfo.State,
384+
CodeSize: `${utilities.formatBytesToKBMB(parseInt(func.functionInfo.CodeSize))}`,
385+
MemorySize: `${utilities.formatBytesToKBMB(parseInt(func.functionInfo.MemorySize) * 1024 * 1024)}`,
386+
Timeout: `${func.functionInfo.Timeout} s`,
387+
Runtime: func.functionInfo.Runtime
388+
}
389+
return isSimpleView ? basicView : extendedView
376390
})
377-
func.LogGroup = func.LogGroup || {}
378-
func.functionInfo = func.functionInfo || {}
379-
const basicView = {
380-
Index: idx + 1,
381-
FunctionName: func.functionInfo.FunctionName.truncateLeft(50),
382-
CodeSha256: `${func.functionInfo.CodeSha256.truncateLeft(5, '')} (${func.functionInfo.CodeSha256 === (snapshot || {}).CodeSha256 ? 'OK' : 'NOK'})`,
383-
Layers: `${func.Layers.length} (${areLayersValid ? 'OK' : 'NOK'})`,
384-
LogRetention: `${func.LogGroup.retentionInDays || '-'} / ${func.logRetention || '-'} (${func.LogGroup.retentionInDays == func.logRetention ? 'OK' : 'PATCH'})`,
385-
EncryptionKey: (func.customKmsArn ? `KMS ${func.functionInfo.KMSKeyArn === func.customKmsArn ? '(OK)' : '(PATCH)'}` : `${func.functionInfo.KMSKeyArn ? 'KMS' : '-'} ${func.functionInfo.KMSKeyArn === func.customKmsArn ? '(OK)' : '(PATCH)'}`).truncateLeft(13),
386-
SecureFunction: func.secureFunction ? (func.functionInfo.KMSKeyArn ? 'YES (OK)' : 'YES (PATCH)') : (func.functionInfo.KMSKeyArn ? 'NO (PATCH)' : 'NO (OK)'),
387-
SecureLog: func.secureLog ? (func.LogGroup.kmsKeyId ? 'YES (OK)' : 'YES (PATCH)') : (func.LogGroup.kmsKeyId ? 'NO (PATCH)' : 'NO (OK)')
388-
}
389-
const extendedView = {
390-
Index: idx + 1,
391-
FunctionName: func.functionInfo.FunctionName.truncateLeft(50),
392-
LastModified: utilities.formatTimeSinceAgo(new Date(func.functionInfo.LastModified)),
393-
State: func.functionInfo.State,
394-
CodeSize: `${utilities.formatBytesToKBMB(parseInt(func.functionInfo.CodeSize))}`,
395-
MemorySize: `${utilities.formatBytesToKBMB(parseInt(func.functionInfo.MemorySize) * 1024 * 1024)}`,
396-
Timeout: `${func.functionInfo.Timeout} s`,
397-
Runtime: func.functionInfo.Runtime
398-
}
399-
return isSimpleView ? basicView : extendedView
400-
})
401-
utilities.printTableWithJSON(outputTable)
402-
} else if (cmdOPS === 'SNAPSHOT') {
403-
takeSnapshotToFile(functionList, path.resolve(argv.output, `${utilities.getDateToday()}.json`))
404-
takeSnapshotToFile(functionList, path.resolve(argv.output, `$LATEST.json`))
405-
} else {
391+
utilities.printTableWithJSON(outputTable)
392+
} else if (cmdOPS === 'SNAPSHOT') {
393+
takeSnapshotToFile(functionList, path.resolve(argv.output, `${utilities.getDateToday()}.json`))
394+
takeSnapshotToFile(functionList, path.resolve(argv.output, `$LATEST.json`))
395+
} else {
406396

407-
}
408-
})
409-
}
410-
})
411-
} catch (err) {
412-
simplify.finishWithErrors(`${opName}-Function`, err)
397+
}
398+
})
399+
}
400+
})
401+
} catch (err) {
402+
simplify.finishWithErrors(`${opName}-Function`, err)
403+
}
413404
}
414405

415-
try {
416-
if (cmdOPS === 'REPORT') {
417-
utilities.printTableWithJSON(securityReports.vulnerabilities.map((v, idx) => {
418-
securityServerity.critical += v.severity == 'Critical' ? 1 : 0
419-
securityServerity.high += v.severity == 'High' ? 1 : 0
420-
securityServerity.medium += v.severity == 'Medium' ? 1 : 0
421-
securityServerity.low += v.severity == 'Low' ? 1 : 0
422-
securityServerity.info += v.severity == 'Unknown' ? 1 : 0
423-
return {
424-
index: idx + 1,
425-
name: v.name.truncateLeft(30),
426-
severity: v.severity,
427-
category: v.category,
428-
identifier: v.identifiers.map(i => i.type == 'cwe' ? i.name : undefined).filter(o => o),
429-
location: v.location.file.truncateLeft(30)
406+
const processReport = function () {
407+
try {
408+
if (cmdOPS === 'REPORT') {
409+
utilities.printTableWithJSON(securityReports.vulnerabilities.map((v, idx) => {
410+
securityServerity.critical += v.severity == 'Critical' ? 1 : 0
411+
securityServerity.high += v.severity == 'High' ? 1 : 0
412+
securityServerity.medium += v.severity == 'Medium' ? 1 : 0
413+
securityServerity.low += v.severity == 'Low' ? 1 : 0
414+
securityServerity.info += v.severity == 'Unknown' ? 1 : 0
415+
return {
416+
index: idx + 1,
417+
name: v.name.truncateLeft(30),
418+
severity: v.severity,
419+
category: v.category,
420+
identifier: v.identifiers.map(i => i.type == 'cwe' ? i.name : undefined).filter(o => o),
421+
location: v.location.file.truncateLeft(30)
422+
}
423+
}))
424+
if (securityServerity.critical || securityServerity.high) {
425+
throw (`Analysed security report ${configInputFile} we had found (${securityServerity.critical}) in CRITICAL and (${securityServerity.high}) in HIGH severity that STOPPED you continuing your work.`)
430426
}
431-
}))
432-
if (securityServerity.critical || securityServerity.high) {
433-
throw (`Analysed security report ${configInputFile} we had found (${securityServerity.critical}) in CRITICAL and (${securityServerity.high}) in HIGH severity that STOPPED you continuing your work.`)
434427
}
428+
} catch (err) {
429+
simplify.finishWithErrors(`${opName}-Report`, err)
430+
}
431+
}
432+
433+
if (fs.existsSync(path.resolve(configInputFile))) {
434+
var fileContent = fs.readFileSync(path.resolve(configInputFile), 'utf-8')
435+
if (fileFormat == 'CSV') {
436+
files = fileContent.split(/\r?\n/)
437+
headers = files[lineIndex++]
438+
processLambda()
439+
} else if (fileFormat == 'JSON') {
440+
securityReports = JSON.parse(fileContent)
441+
processReport()
435442
}
436-
} catch (err) {
437-
simplify.finishWithErrors(`${opName}-Report`, err)
438443
}

0 commit comments

Comments
 (0)