Skip to content

Commit

Permalink
Merge branch 'alpha' into feature/CG-1114
Browse files Browse the repository at this point in the history
  • Loading branch information
m-pizarro committed May 2, 2022
2 parents e108773 + 1b0aeea commit 33cb620
Show file tree
Hide file tree
Showing 122 changed files with 13,125 additions and 17,038 deletions.
4 changes: 2 additions & 2 deletions .yarnrc.yml
Original file line number Diff line number Diff line change
@@ -1,9 +1,9 @@
npmScopes:
cloudgraph:
npmAlwaysAuth: true
npmAuthToken: $NPM_TOKEN
npmPublishRegistry: "https://registry.npmjs.com/"
npmRegistryServer: "https://registry.npmjs.com/"
npmAlwaysAuth: true
npmAuthToken: "$NPM_TOKEN"

plugins:
- path: .yarn/plugins/@yarnpkg/plugin-workspace-tools.cjs
Expand Down
21 changes: 18 additions & 3 deletions package.json
Original file line number Diff line number Diff line change
@@ -1,15 +1,22 @@
{
"name": "policy-packs",
"version": "0.0.0",
"description": "CloudGraph CSPM policy packs monorepo",
"packageManager": "[email protected]",
"private": true,
"repository": {
"type": "git",
"url": "git+https://github.com/cloudgraphdev/cloudgraph-policy-packs.git"
},
"workspaces": [
"src/**/*"
],
"devDependencies": {
"@qiwi/multi-semantic-release": "^6.0.2",
"@qiwi/multi-semantic-release": "^6.1.1",
"@semantic-release/changelog": "^6.0.1",
"@semantic-release/git": "^10.0.1",
"@semantic-release/gitlab": "^8.0.1",
"@semantic-release/github": "^8.0.1",
"@semantic-release/npm": "^9.0.1",
"@semrel-extra/npm": "^1.2.0",
"semantic-release": "^19.0.2"
},
Expand All @@ -24,6 +31,14 @@
"singleQuote": true
},
"scripts": {
"release": "multi-semantic-release"
"release": "NPM_CONFIG_IGNORE_SCRIPTS='true' NODE_JQ_SKIP_INSTALL_BINARY='true' multi-semantic-release",
"clean": "yarn workspaces foreach -p run clean",
"lint": "yarn workspaces foreach run lint",
"lint:fix": "yarn workspaces foreach run lint:fix",
"prebuild": "tsc -b",
"build": "yarn workspaces foreach run build"
},
"dependencies": {
"lodash": "^4.17.21"
}
}
32 changes: 17 additions & 15 deletions src/aws/cis-1.2.0/.releaserc.yml
Original file line number Diff line number Diff line change
@@ -1,35 +1,37 @@
---
branches:
- name: main
- name: beta
prerelease: true
- name: alpha
channel: alpha
prerelease: true
- name: beta
channel: beta
prerelease: true
- name: main

plugins:
- "@semantic-release/commit-analyzer"
- "@semantic-release/release-notes-generator"
- - "@semantic-release/changelog"
- changelogFile: CHANGELOG.md
- - "@semantic-release/git"
- assets:
- CHANGELOG.md
- package.json
- - "@semantic-release/npm"
- npmPublish: false
- "@semantic-release/gitlab"
- CHANGELOG.md
- package.json
- - "@semrel-extra/npm"
- npmPublish: true
- "@semantic-release/github"
verifyConditions:
- "@semantic-release/changelog"
- "@semantic-release/gitlab"
- "@semantic-release/github"
- "@semrel-extra/npm"
prepare:
- "@semantic-release/changelog"
- "@semantic-release/npm"
- "@semrel-extra/npm"
- - "@semantic-release/git"
- message: "chore(publish): ${nextRelease.version} \n\n${nextRelease.notes}"
- message: "chore(release): ${nextRelease.version} \n\n${nextRelease.notes}"
publish:
- "@semantic-release/gitlab"
release:
noCi: true
- "@semantic-release/github"
- "@semrel-extra/npm"
success: false
fail: false
repositoryUrl: https://gitlab.com/auto-cloud/cloudgraph/policy-packs.git
tagFormat: "${version}"
15 changes: 15 additions & 0 deletions src/aws/cis-1.2.0/CHANGELOG.md
Original file line number Diff line number Diff line change
@@ -1,3 +1,18 @@
# @cloudgraph/policy-pack-aws-cis-1.2.0 [0.11.0-alpha.1](https://github.com/cloudgraphdev/cloudgraph-policy-packs/compare/@cloudgraph/[email protected]...@cloudgraph/[email protected]) (2022-04-27)


### Features

* Included 6.x rules for aws nist 800-53 ([b51f652](https://github.com/cloudgraphdev/cloudgraph-policy-packs/commit/b51f6522e7721928ea8dc30d009ac5530f6e86eb))

## @cloudgraph/policy-pack-aws-cis-1.2.0 [0.10.1-alpha.1](https://github.com/cloudgraphdev/cloudgraph-policy-packs/compare/@cloudgraph/[email protected]...@cloudgraph/[email protected]) (2022-04-26)


### Bug Fixes

* rename vpc flowLogs connection to FlowLog ([c31e985](https://github.com/cloudgraphdev/cloudgraph-policy-packs/commit/c31e985b4a2623fb01f8a29a4c5897becb2e4905))
* Updated policy field for S3 schema ([dc3d6c8](https://github.com/cloudgraphdev/cloudgraph-policy-packs/commit/dc3d6c8b4b7e22ba58c1394d0b64e866ab3de519))

# @cloudgraph/policy-pack-aws-cis-1.2.0 [0.10.0](https://gitlab.com/auto-cloud/cloudgraph/policy-packs/compare/@cloudgraph/[email protected]...@cloudgraph/[email protected]) (2022-04-01)


Expand Down
10 changes: 5 additions & 5 deletions src/aws/cis-1.2.0/package.json
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
{
"name": "@cloudgraph/policy-pack-aws-cis-1.2.0",
"description": "Policy pack implementing CIS Amazon Web Services Foundations 1.2.0 Benchmark",
"version": "0.10.0",
"version": "0.11.0-alpha.1",
"author": "AutoCloud",
"license": "MPL-2.0",
"main": "dist/index.js",
Expand Down Expand Up @@ -43,7 +43,7 @@
"typescript": "^4.3.5"
},
"engines": {
"node": ">=14.0.0"
"node": ">=16.0.0"
},
"homepage": "https://www.cloudgraph.dev/",
"keywords": [
Expand All @@ -54,10 +54,10 @@
"singleQuote": true
},
"scripts": {
"build": "yarn prepublish",
"build": "yarn prepack",
"clean": "rm -rf dist",
"lint": "eslint",
"prepack": "rm -rf dist && tsc -b",
"prepublish": "rm -rf dist && tsc",
"prepack": "yarn clean && tsc -b",
"publish": "yarn npm publish",
"test": "NODE_ENV=test jest"
}
Expand Down
59 changes: 27 additions & 32 deletions src/aws/cis-1.2.0/rules/aws-cis-1.2.0-2.3.ts
Original file line number Diff line number Diff line change
Expand Up @@ -64,14 +64,12 @@ export default {
accountId
__typename
s3 {
bucketPolicies {
policy {
statement {
effect
principal {
key
value
}
policy {
statement {
effect
principal {
key
value
}
}
}
Expand All @@ -84,32 +82,29 @@ export default {
not: {
path: '@.s3',
array_any: {
path: '[*].bucketPolicies',
path: '[*].policy.statement',
array_any: {
path: '[*].policy.statement',
array_any: {
and: [
{
path: '[*].effect',
equal: 'Allow',
and: [
{
path: '[*].effect',
equal: 'Allow',
},
{
path: '[*].principal',
array_any: {
and: [
{
path: '[*].key',
in: ['', 'AWS'],
},
{
path: '[*].value',
contains: '*',
},
],
},
{
path: '[*].principal',
array_any: {
and: [
{
path: '[*].key',
in: ['', 'AWS'],
},
{
path: '[*].value',
contains: '*',
},
],
},
},
],
},
},
],
},
},
},
Expand Down
4 changes: 2 additions & 2 deletions src/aws/cis-1.2.0/rules/aws-cis-1.2.0-2.4.ts
Original file line number Diff line number Diff line change
Expand Up @@ -75,10 +75,10 @@ export default {
resource: 'queryawsCloudtrail[*]',
severity: 'medium',
conditions: {
or: [
and: [
{
path: '@.cloudWatchLogsLogGroupArn',
equal: null,
notEqual: null,
},
{
value: {
Expand Down
4 changes: 2 additions & 2 deletions src/aws/cis-1.2.0/rules/aws-cis-1.2.0-2.9.ts
Original file line number Diff line number Diff line change
Expand Up @@ -41,15 +41,15 @@ export default {
arn
accountId
__typename
flowLogs {
flowLog {
resourceId
}
}
}`,
resource: 'queryawsVpc[*]',
severity: 'medium',
conditions: {
path: '@.flowLogs',
path: '@.flowLog',
isEmpty: false,
},
}
74 changes: 31 additions & 43 deletions src/aws/cis-1.2.0/tests/aws-cis-1.2.0-2.x.test.ts
Original file line number Diff line number Diff line change
Expand Up @@ -210,23 +210,19 @@ describe('CIS Amazon Web Services Foundations: 1.2.0', () => {
id: cuid(),
s3: [
{
bucketPolicies: [
{
policy: {
statement: [
policy: {
statement: [
{
effect: 'Allow',
principal: [
{
effect: 'Allow',
principal: [
{
key: 'Service',
value: ['cloudtrail.amazonaws.com'],
},
],
key: 'Service',
value: ['cloudtrail.amazonaws.com'],
},
],
},
},
],
],
},
},
],
},
Expand All @@ -248,23 +244,19 @@ describe('CIS Amazon Web Services Foundations: 1.2.0', () => {
id: cuid(),
s3: [
{
bucketPolicies: [
{
policy: {
statement: [
policy: {
statement: [
{
effect: 'Allow',
principal: [
{
effect: 'Allow',
principal: [
{
key: '',
value: ['*'],
},
],
key: '',
value: ['*'],
},
],
},
},
],
],
},
},
],
},
Expand All @@ -286,23 +278,19 @@ describe('CIS Amazon Web Services Foundations: 1.2.0', () => {
id: cuid(),
s3: [
{
bucketPolicies: [
{
policy: {
statement: [
policy: {
statement: [
{
effect: 'Allow',
principal: [
{
effect: 'Allow',
principal: [
{
key: 'AWS',
value: ['*'],
},
],
key: 'AWS',
value: ['*'],
},
],
},
},
],
],
},
},
],
},
Expand Down Expand Up @@ -360,7 +348,7 @@ describe('CIS Amazon Web Services Foundations: 1.2.0', () => {

expect(processedRule.result).toBe(Result.FAIL)
})
test('Should pass when a trail does not have cloudwatch logs integrated', async () => {
test('Should fail when a trail does not have cloudwatch logs integrated', async () => {
const data = {
queryawsCloudtrail: [
{
Expand All @@ -375,7 +363,7 @@ describe('CIS Amazon Web Services Foundations: 1.2.0', () => {
{ ...data } as any
)

expect(processedRule.result).toBe(Result.PASS)
expect(processedRule.result).toBe(Result.FAIL)
})
})

Expand Down Expand Up @@ -712,7 +700,7 @@ describe('CIS Amazon Web Services Foundations: 1.2.0', () => {
queryawsVpc: [
{
id: cuid(),
flowLogs: [
flowLog: [
{
resourceId: cuid(),
},
Expand All @@ -734,7 +722,7 @@ describe('CIS Amazon Web Services Foundations: 1.2.0', () => {
queryawsVpc: [
{
id: cuid(),
flowLogs: [],
flowLog: [],
},
],
}
Expand Down
Loading

0 comments on commit 33cb620

Please sign in to comment.