Skip to content

Commit

Permalink
Enabled lint on Google (aquasecurity#874)
Browse files Browse the repository at this point in the history
  • Loading branch information
@AkhtarAmir
AkhtarAmir authored Aug 31, 2021
1 parent aabb629 commit 13261b5
Show file tree
Hide file tree
Showing 110 changed files with 272 additions and 296 deletions.
1 change: 0 additions & 1 deletion .eslintrc.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -20,7 +20,6 @@
"helpers/google/functions.js",
"helpers/oracle/functions.js",
"plugins/github/",
"plugins/google/",
"plugins/oracle/",
"*.spec.js"
],
Expand Down
2 changes: 1 addition & 1 deletion plugins/google/bigquery/datasetAllUsersPolicy.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -78,4 +78,4 @@ module.exports = {
callback(null, results, source);
});
}
}
};
2 changes: 1 addition & 1 deletion plugins/google/clb/clbCDNEnabled.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -69,4 +69,4 @@ module.exports = {
callback(null, results, source);
});
}
}
};
4 changes: 2 additions & 2 deletions plugins/google/clb/clbHttpsOnly.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -47,7 +47,7 @@ module.exports = {
});

if (non_https_listener.length) {
msg = "The following Load Balancers are not HTTPS-only: ";
let msg = 'The following Load Balancers are not HTTPS-only: ';
helpers.addResult(
results, 2, msg + non_https_listener.join(', '), region, null);
} else {
Expand All @@ -59,4 +59,4 @@ module.exports = {
callback(null, results, source);
});
}
}
};
2 changes: 1 addition & 1 deletion plugins/google/clb/clbNoInstances.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -40,4 +40,4 @@ module.exports = {
callback(null, results, source);
});
}
}
};
12 changes: 6 additions & 6 deletions plugins/google/compute/autoscaleEnabled.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -18,7 +18,7 @@ module.exports = {
let instanceGroupsObj = helpers.addSource(cache, source,
['instanceGroups', 'aggregatedList', ['global']]);

if (!instanceGroupsObj) return callback(null, results, source)
if (!instanceGroupsObj) return callback(null, results, source);

if (instanceGroupsObj.err || !instanceGroupsObj.data) {
helpers.addResult(results, 3, 'Unable to query instance groups', 'global', null, null, instanceGroupsObj.err);
Expand Down Expand Up @@ -48,7 +48,7 @@ module.exports = {
async.each(instanceGroups, function(instanceGroupsInLocation, rcb) {
instanceGroupsInLocation.instanceGroups.forEach(instanceGroup => {
if (instanceGroup.name) {
instanceGroupURLObj[instanceGroup.name] = instanceGroup
instanceGroupURLObj[instanceGroup.name] = instanceGroup;
}
});

Expand All @@ -72,8 +72,8 @@ module.exports = {
nodePool.instanceGroupUrls.length) {
nodePool.instanceGroupUrls.forEach(instanceGroupUrl => {
var instanceGroupUrlName = instanceGroupUrl.split('/')[10];
if (instanceGroupURLObj.hasOwnProperty(instanceGroupUrlName)) {
delete instanceGroupURLObj[instanceGroupUrlName]
if (instanceGroupURLObj[instanceGroupUrlName]) {
delete instanceGroupURLObj[instanceGroupUrlName];
}
});
}
Expand All @@ -97,8 +97,8 @@ module.exports = {
async.each(autoscalers, function(autoscalersInLocation, lcb) {
autoscalersInLocation.autoscalers.forEach(autoscaler => {
if (autoscaler.name) {
if (instanceGroupURLObj.hasOwnProperty(autoscaler.name)) {
delete instanceGroupURLObj[autoscaler.name]
if (instanceGroupURLObj[autoscaler.name]) {
delete instanceGroupURLObj[autoscaler.name];
}
}
});
Expand Down
8 changes: 4 additions & 4 deletions plugins/google/compute/csekEncryptionEnabled.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -73,9 +73,9 @@ module.exports = {
disk.diskEncryptionKey &&
Object.keys(disk.diskEncryptionKey) &&
Object.keys(disk.diskEncryptionKey).length) {
goodDisks.push(disk.id)
goodDisks.push(disk.id);
} else if (disk.creationTimestamp) {
badDisks.push(disk.id)
badDisks.push(disk.id);
}
});

Expand All @@ -87,7 +87,7 @@ module.exports = {
badDisks.forEach(disk=> {
let resource = helpers.createResourceName('disks', disk, project, 'zone', zone);
helpers.addResult(results, 2,
`CSEK Encryption is disabled for disk`, region, resource);
'CSEK Encryption is disabled for disk', region, resource);
});
}
}
Expand All @@ -99,7 +99,7 @@ module.exports = {
goodDisks.forEach(disk=> {
let resource = helpers.createResourceName('disks', disk, project, 'zone', zone);
helpers.addResult(results, 0,
`CSEK Encryption is enabled for disk`, region, resource);
'CSEK Encryption is enabled for disk', region, resource);
});
}
}
Expand Down
8 changes: 4 additions & 4 deletions plugins/google/compute/instanceDesiredMachineTypes.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -17,7 +17,7 @@ module.exports = {
default: ''
},
},
run: function (cache, settings, callback) {
run: function(cache, settings, callback) {
var results = [];
var source = {};
var regions = helpers.regions();
Expand All @@ -34,7 +34,7 @@ module.exports = {
async.each(regions.instances.compute, (region, rcb) => {
var noInstances = [];
var zones = regions.zones;
async.each(zones[region], function (zone, zcb) {
async.each(zones[region], function(zone, zcb) {
var instances = helpers.addSource(cache, source,
['instances', 'compute', 'list', zone]);

Expand All @@ -61,13 +61,13 @@ module.exports = {
}
});
zcb();
}, function () {
}, function() {
if (noInstances.length) {
helpers.addResult(results, 0, `No instances found in following zones: ${noInstances.join(', ')}`, region);
}
rcb();
});
}, function () {
}, function() {
callback(null, results, source);
});
}
Expand Down
2 changes: 1 addition & 1 deletion plugins/google/compute/instanceLeastPrivilege.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -63,7 +63,7 @@ module.exports = {

if (found) {
helpers.addResult(results, 2,
`Instance Service account has full access` , region, resource);
'Instance Service account has full access' , region, resource);
} else {
helpers.addResult(results, 0,
'Instance Service account follows least privilege' , region, resource);
Expand Down
28 changes: 14 additions & 14 deletions plugins/google/compute/instanceMaxCount.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -193,8 +193,8 @@ module.exports = {


};
for (c in config) {
if (settings.hasOwnProperty(c)) {
for (let c in config) {
if (settings[c]) {
config[c] = settings[c];
}
}
Expand Down Expand Up @@ -235,7 +235,7 @@ module.exports = {
return zcb();
}
instances.data.forEach(instance => {
if (instance.status && instance.status == "RUNNING") {
if (instance.status && instance.status == 'RUNNING') {
instanceCountGlobal +=1;
instanceCount +=1;
}
Expand Down Expand Up @@ -272,18 +272,18 @@ module.exports = {
rcb();
});
}, function() {
// Print global results
var globalThreshold = config.instance_count_global_threshold;

if (instanceCountGlobal > globalThreshold) {
helpers.addResult(results, 2,
instanceCountGlobal + ' instances running in all regions, exceeding limit of: ' + globalThreshold, null, null, custom);
} else {
helpers.addResult(results, 0,
instanceCountGlobal + ' instances in the account are within the global expected count of: ' + globalThreshold, null, null, custom);
}
// Print global results
var globalThreshold = config.instance_count_global_threshold;

if (instanceCountGlobal > globalThreshold) {
helpers.addResult(results, 2,
instanceCountGlobal + ' instances running in all regions, exceeding limit of: ' + globalThreshold, null, null, custom);
} else {
helpers.addResult(results, 0,
instanceCountGlobal + ' instances in the account are within the global expected count of: ' + globalThreshold, null, null, custom);
}

callback(null, results, source);
callback(null, results, source);
});
}
};
6 changes: 3 additions & 3 deletions plugins/google/compute/instanceTemplateMachineTypes.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -17,7 +17,7 @@ module.exports = {
default: ''
},
},
run: function (cache, settings, callback) {
run: function(cache, settings, callback) {
var results = [];
var source = {};
var regions = helpers.regions();
Expand All @@ -33,7 +33,7 @@ module.exports = {
'Unable to query for projects: ' + helpers.addError(projects), 'global', null, null, (projects) ? projects.err : null);
return callback(null, results, source);
}
async.each(regions.instanceTemplates, function (region, rcb) {
async.each(regions.instanceTemplates, function(region, rcb) {
let instanceTemplates = helpers.addSource(
cache, source, ['instanceTemplates', 'list', region]);
if (!instanceTemplates) return rcb();
Expand All @@ -58,7 +58,7 @@ module.exports = {
}
});
rcb();
}, function () {
}, function() {
callback(null, results, source);
});
}
Expand Down
10 changes: 5 additions & 5 deletions plugins/google/compute/instancesMultiAz.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -38,7 +38,7 @@ module.exports = {
return callback(null, results, source);
} else {
var groupName = [];
async.each(instanceGroups.data, function (instanceGroup, icb) {
async.each(instanceGroups.data, function(instanceGroup, icb) {
if (instanceGroup.instanceGroups) {
instanceGroup.instanceGroups.forEach(group => {
if (group.region) {
Expand All @@ -47,10 +47,10 @@ module.exports = {
});
}
icb();
}, function () {
async.each(regions.instances.compute, function (location, loccb) {
}, function() {
async.each(regions.instances.compute, function(location, loccb) {
var noInstances = [];
async.each(regions.zones[location], function (loc, lcb) {
async.each(regions.zones[location], function(loc, lcb) {
let instances = helpers.addSource(
cache, source, ['instances', 'compute', 'list', loc]);

Expand Down Expand Up @@ -86,7 +86,7 @@ module.exports = {
}, function() {
if (noInstances.length) {
helpers.addResult(results, 0,
`No instances found in following zones: ${noInstances.join(', ')}`, location)
`No instances found in following zones: ${noInstances.join(', ')}`, location);
}
loccb();
});
Expand Down
2 changes: 1 addition & 1 deletion plugins/google/compute/ipForwardingDisabled.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -68,4 +68,4 @@ module.exports = {
callback(null, results, source);
});
}
}
};
2 changes: 1 addition & 1 deletion plugins/google/compute/osLoginEnabled.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -61,4 +61,4 @@ module.exports = {
callback(null, results, source);
});
}
}
};
2 changes: 1 addition & 1 deletion plugins/google/cryptographickeys/keyProtectionLevel.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -79,4 +79,4 @@ module.exports = {
callback(null, results, source);
});
}
}
};
2 changes: 1 addition & 1 deletion plugins/google/cryptographickeys/keyRotation.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -70,4 +70,4 @@ module.exports = {
callback(null, results, source);
});
}
}
};
4 changes: 2 additions & 2 deletions plugins/google/dataflow/dataflowHangedJobs.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -51,7 +51,7 @@ module.exports = {

if (job.currentState && !['JOB_STATE_RUNNING', 'JOB_STATE_DRAINING', 'JOB_STATE_CANCELLING'].includes(job.currentState.toUpperCase())) {
helpers.addResult(results, 0,
`Dataflow job has completed`, region, resource);
'Dataflow job has completed', region, resource);
return cb();
}

Expand All @@ -73,4 +73,4 @@ module.exports = {
callback(null, results, source);
});
}
}
};
2 changes: 1 addition & 1 deletion plugins/google/dataflow/dataflowJobsEncryption.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -109,4 +109,4 @@ module.exports = {
callback(null, results, source);
});
}
}
};
2 changes: 1 addition & 1 deletion plugins/google/deploymentmanager/deleteExpiredDeployments.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -82,4 +82,4 @@ module.exports = {
callback(null, results, source);
});
}
}
};
4 changes: 2 additions & 2 deletions plugins/google/dns/dnsSecEnabled.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -50,7 +50,7 @@ module.exports = {
(managedZone.dnssecConfig.state &&
managedZone.dnssecConfig.state !== 'on')))) {
helpers.addResult(results, 2,
`The managed zone does not have DNS security enabled`, region, resource);
'The managed zone does not have DNS security enabled', region, resource);
} else {
helpers.addResult(results, 0, 'The managed zone has DNS security enabled', region, resource);
}
Expand All @@ -62,4 +62,4 @@ module.exports = {
callback(null, results, source);
});
}
}
};
2 changes: 1 addition & 1 deletion plugins/google/iam/corporateEmailsOnly.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -44,7 +44,7 @@ module.exports = {
gmailUsers.push(member);
}
}
})
});
}
});
}
Expand Down
10 changes: 5 additions & 5 deletions plugins/google/iam/kmsUserSeparation.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -47,25 +47,25 @@ module.exports = {
var notSeparated = [];
iamPolicy.bindings.forEach(roleBinding => {
if (roleBinding.role === 'roles/cloudkms.admin') {
serviceAccountUsers = serviceAccountUsers.concat(roleBinding.members)
serviceAccountUsers = serviceAccountUsers.concat(roleBinding.members);
}
});

iamPolicy.bindings.forEach(roleBinding => {
if (roleBinding.role === 'roles/cloudkms.cryptoKeyDecrypter' &&
roleBinding.members) {
notSeparated = roleBinding.members.filter(member => {
return (serviceAccountUsers.indexOf(member) > -1)
return (serviceAccountUsers.indexOf(member) > -1);
}).concat(notSeparated);
} else if (roleBinding.role === 'roles/cloudkms.cryptoKeyEncrypter' &&
roleBinding.members) {
notSeparated = roleBinding.members.filter(member => {
return (serviceAccountUsers.indexOf(member) > -1)
return (serviceAccountUsers.indexOf(member) > -1);
}).concat(notSeparated);
} else if (roleBinding.role === 'roles/cloudkms.cryptoKeyEncrypterDecrypter' &&
roleBinding.members) {
notSeparated = roleBinding.members.filter(member => {
return (serviceAccountUsers.indexOf(member) > -1)
return (serviceAccountUsers.indexOf(member) > -1);
}).concat(notSeparated);
}
});
Expand All @@ -76,7 +76,7 @@ module.exports = {
let accountName = (account.includes(':')) ? account.split(':')[1] : account;
let resource = helpers.createResourceName('serviceAccounts', accountName, project);
helpers.addResult(results, 2,
`Account has the KMS admin role and one or more CryptoKey roles`, region, resource);
'Account has the KMS admin role and one or more CryptoKey roles', region, resource);
});
} else {
helpers.addResult(results, 0, 'No accounts have a KMS admin role or a CryptoKey key role', region);
Expand Down
Loading

0 comments on commit 13261b5

Please sign in to comment.