Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
aws-cf-checker
Advanced tools
Checks AWS CloudFormation templates for security, reliability and conformity
Checks can guarantee high security, reliability and conformity of your CloudFormation templates. We provide a set of default checks that you can use to validate your templates.
install the module globally
npm install aws-cf-checker -g
reading template from file
cf-checker --templateFile ./path/to/template.json
cf-checker --templateFile ./path/to/template.json --checksFile ./path/to/checks.json
reading template from stdin
cat ./path/to/template.json | cf-checker
cat ./path/to/template.json | cf-checker --checksFile ./path/to/checks.json
as long as the exit code is 0
your template is fine
install the module locally
npm install aws-cf-checker
reading template from file
var checker = require("aws-cf-checker")
checker.checkFile("./path/to/template.json", {"logicalID": {}}, function(err, findings) {
if (err) {
throw err;
} else {
if (findings.length > 0) {
console.error("findings", findings);
} else {
console.log("no findings");
}
}
});
using a template object
var checker = require("aws-cf-checker")
var template = {
"AWSTemplateFormatVersion": "2010-09-09",
"Description": "minimal template"
};
checker.checkTemplate(template, {"logicalID": {}}, function(err, findings) {
if (err) {
throw err;
} else {
if (findings.length > 0) {
console.error("findings", findings);
} else {
console.log("no findings");
}
}
});
as long as the findings
array is empty your template is fine
Checks are configured with a JSON file. Have a look at our default checks.
Checks logical ids of your template.
Options: (Object)
case
: Enum["pascal", "camel"] (default: "pascal")Checks if the resource types are allowed in the template.
If you deny
something, everything that is not denied is allowed.
If you allow
something, everything that is not allowed is denied.
Options: (Object)
deny
: Array[String]allow
: Array[String]Checks that only security groups attached to:
allow traffic from public ip addresses.
Security groups attached to:
should only allow inbound traffic from other security groups or private ip addresses.
Assumes that your account only supports the EC2 platform EC2-VPC.
Options: (Object)
none
Checks IAM Users, Groups and Roles for inline policies.
Options: (Boolean)
true
:= inline policies are allowed
false
:= inline policies are denied
Checks allowed actions and resources of IAM policy statements. Wildcard * is supported.
A statement with NotAction is a finding. A statement with Effect != Allow is skipped.
If you deny
something, everything that is not denied is allowed.
If you allow
something, everything that is not allowed is denied.
Options: (Object)
allow
: (Array[Object]) List of allowed actions & resources (whitelist)action
: (String) IAM action (wildcard * can be used)resource
: (String) IAM resource (wildcard * can be used)deny
: (Array[Object]) List of denied actions & resources (blacklist)action
: (String) IAM action (wildcard * can be used)resource
: (String) IAM resource (wildcard * can be used)FAQs
Checks AWS CloudFormation templates for security, reliability and conformity
We found that aws-cf-checker demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.