Fix some styling to match the existing decisions (aquasecurity#174)

willingbug · May 16, 2019 · eff147e · eff147e
1 parent d55b9ff
commit eff147e
Show file tree

Hide file tree

Showing 8 changed files with 105 additions and 89 deletions.
diff --git a/compliance/all.js b/compliance/all.js
@@ -1,12 +1,12 @@
 // Defines a way of filters that includes all rules. This is the default
 // compliance filter if there is no other defined filter.
 module.exports = {
-    describe: function(pluginId, plugin) {
-        return ''
+    describe: function (pluginId, plugin) {
+        return '';
     },
 
     includes: function (pluginId, plugin) {
         // We include all plugins, so just return true
-        return true
+        return true;
     }
-}
+};
diff --git a/compliance/cis.js b/compliance/cis.js
@@ -1,220 +1,233 @@
-// These rule mappings are based on CIS Amazon Web Services Foundation v1.2.0 - 05-23-2018
+// These rule mappings are based on CIS Amazon Web Services Foundation v1.2.0
+// dated 05-23-2018
 
 var controls = {
-    'rootAccountInUse': {
+    rootAccountInUse: {
         awsid: '1.1',
         profile: 1,
         scored: true,
         title: 'Avoid the use of the "root" account'
     },
 
-    'usersMfaEnabled': {
+    usersMfaEnabled: {
         awsid: '1.2',
         profile: 1,
         scored: true,
-        title: ' Ensure multi-factor authentication (MFA) is enabled for all IAM ' +
-                'users that have a console password'
+        title: ' Ensure multi-factor authentication (MFA) is enabled for all '
+               + 'IAM users that have a console password'
     },
 
-    'usersPasswordLastUsed': {
+    usersPasswordLastUsed: {
         awsid: '1.3',
         profile: 1,
         scored: true,
         title: 'Ensure credentials unused for 90 days or greater are disabled'
     },
 
-    'accessKeysLastUsed': {
+    accessKeysLastUsed: {
         awsid: '1.3',
         profile: 1,
         scored: true,
         title: 'Ensure credentials unused for 90 days or greater are disabled'
     },
 
-    'accessKeysRotated': {
+    accessKeysRotated: {
         awsid: '1.4',
         profile: 1,
         scored: true,
         title: 'Ensure access keys are rotated every 90 days or less'
     },
 
-    'passwordRequiresUppercase': {
+    passwordRequiresUppercase: {
         awsid: '1.5',
         profile: 1,
         scored: true,
-        title: 'Ensure IAM password policy requires at least one uppercase letter'
+        title: 'Ensure IAM password policy requires at least one uppercase '
+               + 'letter'
     },
 
-    'passwordRequiresLowercase': {
+    passwordRequiresLowercase: {
         awsid: '1.6',
         profile: 1,
         scored: true,
-        title: ' Ensure IAM password policy require at least one lowercase letter'
+        title: ' Ensure IAM password policy require at least one lowercase '
+               + 'letter'
     },
 
-    'passwordRequiresSymbols': {
+    passwordRequiresSymbols: {
         awsid: '1.7',
         profile: 1,
         scored: true,
         title: ' Ensure IAM password policy require at least one symbol'
     },
 
-    'passwordRequiresNumbers': {
+    passwordRequiresNumbers: {
         awsid: '1.8',
         profile: 1,
         scored: true,
         title: 'Ensure IAM password policy require at least one number'
     },
 
-    'minPasswordLength': {
+    minPasswordLength: {
         awsid: '1.9',
         profile: 1,
         scored: true,
-        title: 'Ensure IAM password policy requires minimum length of 14 or greater'
+        title: 'Ensure IAM password policy requires minimum length of 14 or '
+               + 'greater'
     },
 
-    'passwordReusePrevention': {
+    passwordReusePrevention: {
         awsid: '1.10',
         profile: 1,
         scored: true,
         title: 'Ensure IAM password policy prevents password reuse'
     },
 
-    'passwordExpiration': {
+    passwordExpiration: {
         awsid: '1.11',
         profile: 1,
         scored: true,
-        title: 'Ensure IAM password policy expires passwords within 90 days or less'
+        title: 'Ensure IAM password policy expires passwords within 90 days or '
+               + 'less'
     },
 
-    'rootAccessKeys': {
+    rootAccessKeys: {
         awsid: '1.12',
         profile: 1,
         scored: true,
         title: 'Ensure no root account access key exists'
     },
 
-    'rootMfaEnabled': {
+    rootMfaEnabled: {
         awsid: '1.13',
         profile: 1,
         scored: true,
         title: 'Ensure MFA is enabled for the "root" account'
     },
 
-    'noUserIamPolicies': {
+    noUserIamPolicies: {
         awsid: '1.16',
         profile: 1,
         scored: true,
         title: 'Ensure IAM policies are attached only to groups or roles'
     },
 
-    'cloudtrailEnabled': {
+    cloudtrailEnabled: {
         awsid: '2.1',
         profile: 1,
         scored: true,
         title: 'Ensure CloudTrail is enabled in all regions'
     },
 
-    'cloudtrailFileValidation': {
+    cloudtrailFileValidation: {
         awsid: '2.2',
         profile: 2,
         scored: true,
         title: 'Ensure CloudTrail log file validation is enabled'
     },
 
-    'cloudtrailBucketPrivate': {
+    cloudtrailBucketPrivate: {
         awsid: '2.3',
         profile: 1,
         scored: true,
-        title: 'Ensure the S3 bucket used to store CloudTrail logs is not publicly accessible'
+        title: 'Ensure the S3 bucket used to store CloudTrail logs is not '
+               + 'publicly accessible'
     },
 
-    'cloudtrailToCloudwatch': {
+    cloudtrailToCloudwatch: {
         awsid: '2.4',
         profile: 1,
         scored: true,
         title: 'Ensure CloudTrail trails are integrated with CloudWatch Logs'
     },
 
-    'configServiceEnabled': {
+    configServiceEnabled: {
         awsid: '2.5',
         profile: 1,
         scored: true,
         title: ' Ensure AWS Config is enabled in all regions'
     },
 
-    'cloudtrailBucketAccessLogging': {
+    cloudtrailBucketAccessLogging: {
         awsid: '2.6',
         profile: 1,
         scored: true,
         title: ' Ensure AWS Config is enabled in all regions'
     },
 
-    'cloudtrailEncryption' : {
+    cloudtrailEncryption: {
         awsid: '2.7',
         profile: 2,
         scored: true,
         title: 'Ensure CloudTrail logs are encrypted at rest using KMS CMKs'
     },
 
-    'kmsKeyRotation': {
+    kmsKeyRotation: {
         awsid: '2.8',
         profile: 2,
         scored: true,
         title: 'Ensure rotation for customer created CMKs is enabled'
     },
 
-    'flowLogsEnabled': {
+    flowLogsEnabled: {
         awsid: '2.8',
         profile: 2,
         scored: true,
         title: 'Ensure VPC flow logging is enabled in all VPCs'
     },
 
-
-    'monitoringMetrics': {
+    monitoringMetrics: {
         awsid: '3',
         profile: 1,
         scored: true,
         title: 'Monitoring'
     },
-    
-    'openSSH': {
+
+    openSSH: {
         awsid: '4.1',
         profile: 1,
         scored: true,
-        title: 'Ensure no security groups allow ingress from 0.0.0.0/0 to port 22'
+        title: 'Ensure no security groups allow ingress from 0.0.0.0/0 to '
+               + 'port 22'
     },
 
-    'openRDP': {
+    openRDP: {
         awsid: '4.2',
         profile: 1,
         scored: true,
-        title: 'Ensure no security groups allow ingress from 0.0.0.0/0 to port 3389'
+        title: 'Ensure no security groups allow ingress from 0.0.0.0/0 to '
+               + 'port 3389'
     },
 
-    'defaultSecurityGroup': {
+    defaultSecurityGroup: {
         awsid: '4.3',
         profile: 2,
         scored: true,
-        title: 'Ensure the default security group of every VPC restricts all traffic'
+        title: 'Ensure the default security group of every VPC restricts all '
+               + 'traffic'
     }
-}
+};
 
-var maxProfileLevel = -1
+var maxProfileLevel = -1;
 
 // Defines a way of filtering plugins for those plugins that are related to
 // PCI controls. The PCI information is defined inline, so this compliance
 // checks for that information on the plugin.
 module.exports = {
-    describe: function(pluginId, plugin) {
-        return controls[pluginId].title
+    describe: function (pluginId, plugin) {
+        return controls[pluginId].title;
     },
 
     includes: function (pluginId, plugin) {
-        return maxProfileLevel <= 0 ? controls.hasOwnProperty(pluginId) : (controls.hasOwnProperty(pluginId) && controls[pluginId].profile <= maxProfileLevel)
+        if (maxProfileLevel <= 0) {
+            return controls.hasOwnProperty(pluginId);
+        }
+
+        return controls.hasOwnProperty(pluginId)
+            && controls[pluginId].profile <= maxProfileLevel;
     },
 
     setMaxProfile: function (level) {
-        maxProfileLevel = level
+        maxProfileLevel = level;
     }
-}
+};
diff --git a/compliance/controls.js b/compliance/controls.js
@@ -1,7 +1,7 @@
 module.exports = {
     create: function (names) {
         // We we don't have a specified compliance, then include all plugins
-        if (names.length == 0) {
+        if (names.length === 0) {
             return require('./all.js');
         }
 
@@ -16,16 +16,16 @@ module.exports = {
             return require('./cis.js');
         } else if (names.includes('cis-1')) {
             console.log('INFO: Compliance mode: CIS Profile 1');
-            var cis = require('./cis.js');
-            cis.setMaxProfile(1);
-            return cis;
+            var cis1 = require('./cis.js');
+            cis1.setMaxProfile(1);
+            return cis1;
         } else if (names.includes('cis-2')) {
             console.log('INFO: Compliance mode: CIS Profile 2');
-            var cis = require('./cis.js');
-            cis.setMaxProfile(2);
-            return cis;
+            var cis2 = require('./cis.js');
+            cis2.setMaxProfile(2);
+            return cis2;
         }
 
         return null;
     }
-}
+};
diff --git a/compliance/hipaa.js b/compliance/hipaa.js
@@ -2,11 +2,11 @@
 // HIPAA controls. The HIPAA information is defined inline, so this compliance
 // checks for that information on the plugin.
 module.exports = {
-    describe: function(pluginId, plugin) {
-        return plugin.compliance && plugin.compliance.hipaa
+    describe: function (pluginId, plugin) {
+        return plugin.compliance && plugin.compliance.hipaa;
     },
 
     includes: function (pluginId, plugin) {
-        return plugin.compliance && plugin.compliance.hipaa
+        return plugin.compliance && plugin.compliance.hipaa;
     }
-}
+};
diff --git a/compliance/pci.js b/compliance/pci.js
@@ -2,11 +2,11 @@
 // PCI controls. The PCI information is defined inline, so this compliance
 // checks for that information on the plugin.
 module.exports = {
-    describe: function(pluginId, plugin) {
-        return plugin.compliance && plugin.compliance.pci
+    describe: function (pluginId, plugin) {
+        return plugin.compliance && plugin.compliance.pci;
     },
 
     includes: function (pluginId, plugin) {
-        return plugin.compliance && plugin.compliance.pci
+        return plugin.compliance && plugin.compliance.pci;
     }
-}
+};
diff --git a/postprocess/output.js b/postprocess/output.js
@@ -301,4 +301,4 @@ module.exports = {
             }
         }
     }
-}
+}
diff --git a/postprocess/suppress.js b/postprocess/suppress.js
@@ -16,16 +16,16 @@ module.exports = {
             .map(function (expr) {
                 return [
                     expr,
-                    new RegExp("^" + expr.split("*").join(".*") + "$")
+                    new RegExp('^' + expr.split('*').join('.*') + '$')
                 ];
             });
 
         return function (result) {
             var match = expressions.find(function (expression) {
                 return expression[1].test(result);
-            })
+            });
 
             return match && match[0];
-        }
+        };
     }
-}
+};
-Original file line number
+Diff line change
@@ Expand Up / @@ -301,4 +301,4 @@ module.exports = { @@
                 }
             }
         }
-    }
+    }