ice-client - npm Package Compare versions

Comparing version 0.6.4 to 0.6.5

index.js

@@ -43,8 +43,35 @@ "use strict";
 
+exports.checkACL = function(cb) {
+  var acl = {
+    access: false,
+    audit:  false,
+  }
+
+  exports.CWL().filterLogEvents({limit: 1}, function(err, data) {
+    if (!err) {
+      acl.access  = true;
+      acl.audit   = true;
+    }
+
+    switch(err && err.code) {
+      case "UnrecognizedClientException":
+        break;
+      case "AccessDeniedException":
+        acl.access = true;
+        break;
+    }
+
+    cb(acl);
+  })
+}
+
 exports.KMS = function () {
+  var c = {};
+
   var context = exports.Config.context;
-  var c = {};
-  var parts = context.split("=");
-  if (parts.length === 2) {
-    c[parts[0]] = parts[1];
+  if (context) {
+    var parts = context.split("=");
+    if (parts.length === 2) {
+      c[parts[0]] = parts[1];
+    }
   }
@@ -62,2 +89,4 @@
 exports.CWL = function () {
+  var key = exports.Config.key || "/undefined";
+
   return new AWS.CloudWatchLogs({
@@ -69,5 +98,5 @@ accessKeyId:      exports.Config.accessKeyId,
     params:           {
-      filterPattern:  '"' + exports.Config.context.split("=")[1] + '"',
+      filterPattern:  '"' + exports.Config.context + '"',
       interleaved:    true,
-      logGroupName:   exports.Config.key.split("/")[1],
+      logGroupName:   key.split("/")[1],
     }
@@ -74,0 +103,0 @@ })

package.json

 {
   "name": "ice-client",
-  "version": "0.6.4",
+  "version": "0.6.5",
   "description": "Encrypt sensitive data at rest",
@@ -5,0 +5,0 @@ "main": "index.js",

test/test.js

@@ -78,2 +78,40 @@ "use strict";
 
+describe("ACL", function() {
+  it("should report no access on bad config", function(done) {
+    ICE.configure(process.env["ICE_AWS_ACCESS_KEY_ID"], "bad", undefined, undefined, undefined)
+    ICE.checkACL(function(acl) {
+      assert.deepEqual({
+        access:   false,
+        audit:    false,
+      },
+      acl);
+      done();
+    });
+  })
+
+  it("should report access on good access key but bad kms key", function(done) {
+    ICE.configure(process.env["ICE_AWS_ACCESS_KEY_ID"], process.env["ICE_AWS_SECRET_ACCESS_KEY"], undefined, "arn:aws:kms:us-east-1:178540880712:key/e7eb068d-9b14-4b77-97c5-8cb38e71e210-BAD", undefined)
+    ICE.checkACL(function(acl) {
+      assert.deepEqual({
+        access:   true,
+        audit:    false,
+      },
+      acl);
+      done();
+    });
+  })
+
+  it("should report audit access on good access key and kms key", function(done) {
+    ICE.configureFromEnv()
+    ICE.checkACL(function(acl) {
+      assert.deepEqual({
+        access:   true,
+        audit:    true,
+      },
+      acl);
+      done();
+    })
+  })
+})
+
 describe("Encrypt/Decrypt", function() {
@@ -124,3 +162,3 @@ it("should encrypt an plaintext string", function(done) {
       assert.equal(logs[0].key, "arn:aws:kms:us-east-1:178540880712:key/e7eb068d-9b14-4b77-97c5-8cb38e71e210")
-      assert.equal(logs[0].Contexts[0], "c=cyber-chip-2533")
+      assert.equal(logs[0].contexts[0], "c=cyber-chip-2533")
 
@@ -127,0 +165,0 @@ done();

New alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Fixed alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Improved metrics

Total package byte prevSize

12536

increased by13.87%

Lines of code

283

increased by25.78%

Worsened metrics

Number of low supply chain risk alerts

16

increased by23.08%

No dependency changes