Huge News!Announcing our $40M Series B led by Abstract Ventures.Learn More
Socket
Sign inDemoInstall
Socket

aws-cf-checker

Package Overview
Dependencies
Maintainers
1
Versions
11
Alerts
File Explorer

Advanced tools

Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

aws-cf-checker - npm Package Compare versions

Comparing version 0.5.0 to 0.6.0

76

check/iamPolicy.js

@@ -13,7 +13,7 @@ /*

* `allow`: (Array[Object]) List of allowed actions & resources (whitelist)
* `action`: (String) IAM action (wildcard * can be used)
* `resource`: (String) IAM resource (wildcard * can be used)
* `action`: (String | Array[String]) IAM action (wildcard * can be used)
* `resource`: (String | Array[String]) IAM resource (wildcard * can be used)
* `deny`: (Array[Object]) List of denied actions & resources (blacklist)
* `action`: (String) IAM action (wildcard * can be used)
* `resource`: (String) IAM resource (wildcard * can be used)
* `action`: (String | Array[String]) IAM action (wildcard * can be used)
* `resource`: (String | Array[String]) IAM resource (wildcard * can be used)
*/

@@ -39,14 +39,2 @@

function extractAllowedActions(statements) {
"use strict";
return _.chain(statements)
.filter(filterEffectAllow)
.filter(function(statement) {
return statement.Action !== undefined;
})
.map("Action")
.flatten()
.value();
}
function extractNotActions(statements) {

@@ -63,14 +51,2 @@ "use strict";

function extractAllowedResources(statements) {
"use strict";
return _.chain(statements)
.filter(filterEffectAllow)
.filter(function(statement) {
return statement.Resource !== undefined;
})
.map("Resource")
.flatten()
.value();
}
function extractNotResources(statements) {

@@ -101,17 +77,25 @@ "use strict";

function cross(action, resource) {
function toWildcard(input) {
"use strict";
if (action === undefined) {
action = "*";
} else if (typeof action === "string") {
action = [action];
if (input === undefined) {
return "*";
} else {
return input;
}
if (resource === undefined) {
resource = "*";
} else if (typeof resource === "string") {
resource = [resource];
}
function toArray(input) {
"use strict";
if (Array.isArray(input) === false) {
return [input];
} else {
return input;
}
}
function cross(action, resource) {
"use strict";
var res = [];
_.each(action, function(a) {
_.each(resource, function(r) {
_.each(toArray(toWildcard(action)), function(a) {
_.each(toArray(toWildcard(resource)), function(r) {
res.push({"action": a, "resource": r});

@@ -160,3 +144,7 @@ });

if (options.allow !== undefined && _.some(options.allow, function(allow) {
return wildstring.match(allow.action, pair.action) && wildstring.match(allow.resource, pair.resource);
return _.some(toArray(toWildcard(allow.action)), function(action) {
return wildstring.match(action, pair.action);
}) && _.some(toArray(toWildcard(allow.resource)), function(resource) {
return wildstring.match(resource, pair.resource);
});
}) === false) {

@@ -169,3 +157,7 @@ findings.push({

if (options.deny !== undefined && _.some(options.deny, function(deny) {
return wildstring.match(deny.action, pair.action) && wildstring.match(deny.resource, pair.resource);
return _.some(toArray(toWildcard(deny.action)), function(action) {
return wildstring.match(action, pair.action);
}) && _.some(toArray(toWildcard(deny.resource)), function(resource) {
return wildstring.match(resource, pair.resource);
});
}) === true) {

@@ -179,4 +171,2 @@ findings.push({

}
}

@@ -183,0 +173,0 @@ _.chain(objects)

{
"name": "aws-cf-checker",
"version": "0.5.0",
"version": "0.6.0",
"description": "Checks AWS CloudFormation templates for security, reliability and conformity",

@@ -5,0 +5,0 @@ "keywords": [

@@ -162,6 +162,6 @@ [![Build Status](https://secure.travis-ci.org/widdix/aws-cf-checker.png)](http://travis-ci.org/widdix/aws-cf-checker)

* `allow`: (Array[Object]) List of allowed actions & resources (whitelist)
* `action`: (String) IAM action (wildcard * can be used)
* `resource`: (String) IAM resource (wildcard * can be used)
* `action`: (String | Array[String]) IAM action (wildcard * can be used)
* `resource`: (String | Array[String]) IAM resource (wildcard * can be used)
* `deny`: (Array[Object]) List of denied actions & resources (blacklist)
* `action`: (String) IAM action (wildcard * can be used)
* `resource`: (String) IAM resource (wildcard * can be used)
* `action`: (String | Array[String]) IAM action (wildcard * can be used)
* `resource`: (String | Array[String]) IAM resource (wildcard * can be used)

@@ -36,3 +36,3 @@ var checker = require("../index.js");

});
it("string", function(done) {
it("string in template", function(done) {
test(wrap({

@@ -49,3 +49,3 @@ "Version": "2012-10-17",

});
it("array", function(done) {
it("array in template", function(done) {
test(wrap({

@@ -64,2 +64,42 @@ "Version": "2012-10-17",

});
it("string in action", function(done) {
test(wrap({
"Version": "2012-10-17",
"Statement": [{
"Effect": "Allow",
"Action": "s3:PutObject",
"Resource": "arn:aws:s3:::name-of-bucket"
}]
}), {"iamPolicy": {"allow": [{"action": "s3:PutObject", "resource": "*"}]}}, 0, done);
});
it("array in action", function(done) {
test(wrap({
"Version": "2012-10-17",
"Statement": [{
"Effect": "Allow",
"Action": "s3:PutObject",
"Resource": "arn:aws:s3:::name-of-bucket"
}]
}), {"iamPolicy": {"allow": [{"action": ["s3:PutObject", "s3:DeleteObject"], "resource": "*"}]}}, 0, done);
});
it("string in resource", function(done) {
test(wrap({
"Version": "2012-10-17",
"Statement": [{
"Effect": "Allow",
"Action": "s3:PutObject",
"Resource": "arn:aws:s3:::name-of-bucket"
}]
}), {"iamPolicy": {"allow": [{"action": "*", "resource": "arn:aws:s3:::*"}]}}, 0, done);
});
it("array in resource", function(done) {
test(wrap({
"Version": "2012-10-17",
"Statement": [{
"Effect": "Allow",
"Action": "s3:PutObject",
"Resource": "arn:aws:s3:::name-of-bucket"
}]
}), {"iamPolicy": {"allow": [{"action": "*", "resource": ["arn:aws:s3:::*", "arn:aws:ec2:*:*"]}]}}, 0, done);
});
describe("allow", function() {

@@ -66,0 +106,0 @@ it("allow specific s3 bucket", function(done) {

SocketSocket SOC 2 Logo

Product

  • Package Alerts
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap
  • Changelog

Packages

npm

Stay in touch

Get open source security insights delivered straight into your inbox.


  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc