node-cloudwatch - npm Package Compare versions

Comparing version 0.0.5 to 0.0.6

index.js

 var crypto = require('crypto'),
-  querystring = require('querystring'),
   http = require('http');
 
-'use strict'
+'use strict';
 
 var AmazonCloudwatchClient = function () {};
-AmazonCloudwatchClient.prototype.configureHttp = function (requestMethod, query) {
+
+AmazonCloudwatchClient.prototype.configureHttp = function (requestMethod, query, host) {
+  // Use the user-specified AWS host, defaulting to us-east-1, if absent.
+  if (host)
+    var cloudwatchHost = host;
+  else if ( process.env['AWS_CLOUDWATCH_HOST'] != null )
+    var cloudwatchHost = process.env['AWS_CLOUDWATCH_HOST']
+  else
+    var cloudwatchHost = 'monitoring.us-east-1.amazonaws.com';
+
   var options = {
-    host: 'monitoring.amazonaws.com',
+    host: cloudwatchHost,
     port: 80,
@@ -15,3 +23,3 @@ path: query,
     headers: {
-      'Host': 'monitoring.us-east-1.amazonaws.com',
+      'Host': cloudwatchHost,
       'Content-Length': 0
@@ -22,2 +30,3 @@ }
 };
+
 AmazonCloudwatchClient.prototype.timestampBuilder = function () {
@@ -39,19 +48,35 @@ var pad = function (n) {
 };
+
 AmazonCloudwatchClient.prototype.queryBuilder = function (command, parameters) {
-  var map = {
-    AWSAccessKeyId: process.env['AWS_ACCESS_KEY_ID'],
-    Action: command,
-    SignatureMethod: 'HmacSHA256',
-    Timestamp: this.timestampBuilder(),
-    SignatureVersion: 2,
-    Version: '2010-08-01'
-  };
+  var secret_key = parameters.AWSSecretKey?
+        parameters.AWSSecretKey :
+        (process.env['AWS_SECRET_KEY']?
+            process.env['AWS_SECRET_KEY'] :
+            process.env['AWS_SECRET_ACCESS_KEY']
+        );
+  var cloudwatch_host = parameters.CloudwatchHost?
+        parameters.CloudwatchHost : 
+        (process.env['AWS_CLOUDWATCH_HOST']?
+            process.env['AWS_CLOUDWATCH_HOST'] :
+            'monitoring.us-east-1.amazonaws.com'
+        );
+  
+  // don't put the secret key in the request if it was passed as a parameter
+  delete parameters.AWSSecretKey;
+  delete parameters.CloudwatchHost;
 
-  Object.keys(map).forEach(
-      function(key) {
-         if(!parameters.hasOwnProperty(key)) {
-            parameters[key] = map[key];
-         }
-      }
-  );
+  if((!parameters.AWSAccessKeyId) && process.env['AWS_ACCESS_KEY_ID'])
+    parameters.AWSAccessKeyId = process.env['AWS_ACCESS_KEY_ID']; 
+  if((!parameters.SecurityToken) && process.env['AWS_SECURITY_TOKEN'])
+    parameters.SecurityToken = process.env['AWS_SECURITY_TOKEN']; 
+  if(!parameters.Timestamp)
+    parameters.Timestamp = this.timestampBuilder(); 
+  if(!parameters.Action)
+    parameters.Action = command; 
+  if(!parameters.Version) 
+    parameters.Version = '2010-08-01'
+  if(!parameters.SignatureVersion) 
+    parameters.SignatureVersion = 2;
+  if(!parameters.SignatureMethod) 
+    parameters.SignatureMethod = 'HmacSHA256'
 
@@ -63,14 +88,16 @@ var names = Object.keys(parameters);
     var name = names[_i];
-    query.push(querystring.escape(name) + '=' + querystring.escape(parameters[name]));
+    query.push(this.escape(name) + '=' + this.escape(parameters[name]));
   }
-  var toSign = 'GET\n' + ('monitoring.us-east-1.amazonaws.com\n') + '/\n' + query.join('&');
-  var hmac = crypto.createHmac('sha256', process.env['AWS_SECRET_ACCESS_KEY']);
+  var toSign = 'GET\n' + (cloudwatch_host + '\n') + '/\n' + query.join('&');
+  var hmac = crypto.createHmac('sha256', secret_key);
   hmac.update(toSign);
-  var digest = querystring.escape(hmac.digest('base64'));
+  var digest = this.escape(hmac.digest('base64'));
   query.push('Signature=' + digest);
   return query;
 };
+
 AmazonCloudwatchClient.prototype.request = function (action, requestParams, callback) {
+  var host = requestParams.CloudwatchHost;
   var query = this.queryBuilder(action, requestParams);
-  var options = this.configureHttp('GET', '/?' + query.join('&'));
+  var options = this.configureHttp('GET', '/?' + query.join('&'), host);
   this.makeRequest(options, function (response) {
@@ -80,2 +107,3 @@ callback(response);
 };
+
 AmazonCloudwatchClient.prototype.makeRequest = function (options, callback) {
@@ -96,2 +124,12 @@ var restRequest = http.request(options, function (response) {
 };
-exports.AmazonCloudwatchClient = AmazonCloudwatchClient;
+
+AmazonCloudwatchClient.prototype.escape = function (str) {
+
+    if (typeof str == 'string') {
+        return encodeURIComponent(str).replace("'",'%27');
+    }
+
+    return str;
+};
+
+exports.AmazonCloudwatchClient = AmazonCloudwatchClient;

package.json

 {
 	"name": "node-cloudwatch",
-	"version": "0.0.5",
+	"version": "0.0.6",
 	"description": "Simple wrapper for using Amazon CloudWatch API",
@@ -5,0 +5,0 @@ "keywords": ["amazon", "cloudwatch", "client", "node"],

New alerts

Environment variable access

Supply chain risk

Package accesses environment variables, which may be a sign of credential stuffing or data theft.

Found 3 instances in 1 package

Improved metrics

Total package byte prevSize

8410

increased by56.52%

Number of package files

7

increased by16.67%

Lines of code

183

increased by67.89%

Number of lines in readme file

44

increased by2.33%

Worsened metrics

Number of low supply chain risk alerts

14

increased by366.67%

No dependency changes