From 48c5978b9fb35f8e9a1b8908b8980a8a899932e9 Mon Sep 17 00:00:00 2001 From: Juan Ignacio Guimarey Date: Mon, 25 Apr 2022 17:14:20 -0300 Subject: [PATCH 01/30] feature: CG-962 feature: CG-962, added rule and tests for aws Nist 12.2 (Public network access) --- src/aws/nist-800-53-rev4/README.md | 4 + .../rules/aws-nist-800-53-rev4-12.1.ts | 52 ++++++ .../rules/aws-nist-800-53-rev4-12.2.ts | 67 ++++++++ .../tests/nist-800-53-rev4-12.x.test.ts | 158 ++++++++++++++++++ 4 files changed, 281 insertions(+) create mode 100644 src/aws/nist-800-53-rev4/rules/aws-nist-800-53-rev4-12.1.ts create mode 100644 src/aws/nist-800-53-rev4/rules/aws-nist-800-53-rev4-12.2.ts create mode 100644 src/aws/nist-800-53-rev4/tests/nist-800-53-rev4-12.x.test.ts diff --git a/src/aws/nist-800-53-rev4/README.md b/src/aws/nist-800-53-rev4/README.md index 0545cc26..39d3e8cc 100644 --- a/src/aws/nist-800-53-rev4/README.md +++ b/src/aws/nist-800-53-rev4/README.md @@ -86,3 +86,7 @@ Policy Pack based on the [800-53 Rev. 4](https://csrc.nist.gov/publications/deta | AWS NIS 6.9 | Load balancer access logging should be enabled | | AWS NIS 6.12 | S3 bucket object-level logging for read events should be enabled | | AWS NIS 6.13 | S3 bucket object-level logging for write events should be enabled | +| AWS NIS 11.1 | ECS task definitions should limit memory usage for containers | +| AWS NIS 11.2 | ECS task definitions should set CPU limit for containers | +| AWS NIS 12.1 | CloudFront distributions should have geo-restrictions specified | +| AWS NIS 12.2 | EC2 instances should not have a public IP association (IPv4) | \ No newline at end of file diff --git a/src/aws/nist-800-53-rev4/rules/aws-nist-800-53-rev4-12.1.ts b/src/aws/nist-800-53-rev4/rules/aws-nist-800-53-rev4-12.1.ts new file mode 100644 index 00000000..e564daea --- /dev/null +++ b/src/aws/nist-800-53-rev4/rules/aws-nist-800-53-rev4-12.1.ts @@ -0,0 +1,52 @@ +export default { + id: 'aws-nist-800-53-rev4-12.1', + title: 'CloudFront distributions should have geo-restrictions specified', + + description: `CloudFront distributions should enable geo-restriction when an organization needs to + prevent users in specific geographic locations from accessing content. For example, + if an organization has rights to distribute content in only one country, geo restriction should be + enabled to allow access only from users in the whitelisted country. Or if the organization cannot + distribute content in a particular country, geo restriction should deny access from users in the + blacklisted country.`, + + audit: '', + + rationale: '', + + remediation: `**AWS Console** + + - Navigate to CloudFront. + - Select the distribution that you want to update. + - In the Distribution Settings pane, select the Restrictions tab > Edit. + - Enter the applicable values. For more information, refer to Restrictions. + - Choose Yes, Edit. + + **AWS CLI** + - Submit a GetDistributionConfig request to get the current configuration and an Etag header for the distribution. + - > get-distribution-config --id + - Update the returned XML to include the CloudFront should have geo-restrictions specified. + - Submit an UpdateDistribution request to update the configuration for your distribution. Refer to here for more information.`, + + references: [ + 'https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/distribution-web-values-specify.html#DownloadDistValuesRestrictions', + 'https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/georestrictions.html', + 'https://docs.aws.amazon.com/cli/latest/reference/cloudfront/update-distribution.html', + ], + gql: `{ + queryawsCloudfront { + id + arn + accountId + __typename + geoRestrictions + } + }`, + resource: 'queryawsCloudfront[*]', + severity: 'medium', + conditions: { + path: '@.geoRestrictions', + isEmpty: false, + notIn: ['Blacklist'] + + }, +} \ No newline at end of file diff --git a/src/aws/nist-800-53-rev4/rules/aws-nist-800-53-rev4-12.2.ts b/src/aws/nist-800-53-rev4/rules/aws-nist-800-53-rev4-12.2.ts new file mode 100644 index 00000000..11d9dc4c --- /dev/null +++ b/src/aws/nist-800-53-rev4/rules/aws-nist-800-53-rev4-12.2.ts @@ -0,0 +1,67 @@ +export default { + id: 'aws-nist-800-53-rev4-12.2', + title: 'EC2 instances should not have a public IP association (IPv4)', + + description: `EC2 instances are reachable over the internet even if you have protections such as + NACLs or security groups if a public IP address is associated with an instance. To minimize the risk + of unauthorized access to your instances, do not allow public IP associations unless absolutely necessary.`, + + + audit: '', + + rationale: '', + + remediation: `**AWS Console** + + Modify the public IPv4 addressing attribute + - Navigate to the VPC console. + - In the navigation pane, choose Subnets. + - Select your subnet and choose Subnet Actions, Modify auto-assign IP settings. + - The Enable auto-assign public IPv4 address check box, if selected, requests a public IPv4 address for all instances launched into the selected subnet. Select or clear the check box as required, and then choose Save. + +Disable the public IP addressing feature + + - Navigate to EC2. + - Choose Launch Instance. + - Select an AMI and an instance type, and then choose Next: Configure Instance Details. + - On the Configure Instance Details page, for Network, select a VPC. The Auto-assign Public IP list is displayed. Choose Disable to override the default setting for the subnet. + + **AWS CLI** + + - Use the + > run-instances + - command with the + > --no-associate-public-ip-address, or + - Execute the + > modify-subnet-attribute + - command with + > --no-map-customer-owned-ip-on-launch`, + + references: [ + 'https://docs.aws.amazon.com/AmazonECS/latest/developerguide/update-service.html', + 'https://docs.aws.amazon.com/AmazonECS/latest/developerguide/update-task-definition.html', + 'https://awscli.amazonaws.com/v2/documentation/api/latest/reference/ecs/register-task-definition.html', + 'https://awscli.amazonaws.com/v2/documentation/api/latest/reference/ecs/update-service.html', + 'https://aws.amazon.com/blogs/containers/how-amazon-ecs-manages-cpu-and-memory-resources/', + ], + gql: `{ + queryawsEc2 { + id + arn + accountId + __typename + subnet { + autoAssignPublicIpv4Address + } + } + }`, + resource: 'queryawsEc2[*]', + severity: 'medium', + conditions: { + path: '@.subnet', + array_all: { + path: '[*].autoAssignPublicIpv4Address', + notEqual: 'Yes' + }, + }, +} \ No newline at end of file diff --git a/src/aws/nist-800-53-rev4/tests/nist-800-53-rev4-12.x.test.ts b/src/aws/nist-800-53-rev4/tests/nist-800-53-rev4-12.x.test.ts new file mode 100644 index 00000000..04d7e3a2 --- /dev/null +++ b/src/aws/nist-800-53-rev4/tests/nist-800-53-rev4-12.x.test.ts @@ -0,0 +1,158 @@ +import CloudGraph, { Rule, Result, Engine } from '@cloudgraph/sdk' +import cuid from 'cuid' + +import Aws_NIST_800_53_121 from '../rules/aws-nist-800-53-rev4-12.1' +import Aws_NIST_800_53_122 from '../rules/aws-nist-800-53-rev4-12.2' + + +export interface Logging { + enabled: boolean +} + +export interface DataResource { + type: string +} + +export interface EventSelector { + readWriteType?: string + includeManagementEvents?: boolean + dataResources?: DataResource[] +} + +export interface Cloudtrail { + isMultiRegionTrail?: string + eventSelectors?: EventSelector[] + includeGlobalServiceEvents?: string +} + +export interface QueryawsCloudfront { + id: string + logging: Logging +} + +export interface QueryawsAccount { + id: string + cloudtrail: Cloudtrail[] +} + +export interface QueryawsCloudtrail { + id: string + eventSelectors?: EventSelector[] +} + +export interface QueryawsAlb { + id: string + accessLogsEnabled: string +} + +export interface QueryawsElb { + id: string + accessLogs: string +} + +export interface NIS6xQueryResponse { + queryawsCloudfront?: QueryawsCloudfront[] + queryawsAccount?: QueryawsAccount[] + queryawsCloudtrail?: QueryawsCloudtrail[] + queryawsAlb?: QueryawsAlb[] + queryawsElb?: QueryawsElb[] +} + +describe('AWS NIST 800-53: Rev. 4', () => { + let rulesEngine: Engine + beforeAll(() => { + rulesEngine = new CloudGraph.RulesEngine({ + providerName: 'aws', + entityName: 'NIST', + }) + }) + + //12.X + describe.skip(' AWS 12.1 CloudFront distributions should have geo-restrictions specified', () => { + const getTestRuleFixture = (geoRestrictions: string): any => { + return { + queryawsCloudfront: [ + { + id: cuid(), + geoRestrictions + }, + ], + } + } + + // Act + const testRule = async ( + data: any, + expectedResult: Result + ): Promise => { + // Act + const [processedRule] = await rulesEngine.processRule( + Aws_NIST_800_53_121 as Rule, + { ...data } + ) + + // Asserts + expect(processedRule.result).toBe(expectedResult) + } + + test('Georestrictions allowed. Content is available', async () => { + const data: any = getTestRuleFixture('Whitelist') + await testRule(data, Result.PASS) + }) + + test('Georestrictions allowed. Content is available', async () => { + const data: any = getTestRuleFixture('None') + await testRule(data, Result.PASS) + }) + + test('Georestrictions allowed. Content is not available', async () => { + const data: any = getTestRuleFixture('Blacklist') + await testRule(data, Result.FAIL) + }) + + }) + + describe(' AWS 12.2 EC2 instances should not have a public IP association (IPv4)', () => { + const getTestRuleFixture = (autoAssignPublicIpv4Address: string): any => { + return { + queryawsEc2: [ + { + id: cuid(), + subnet: [ + { + autoAssignPublicIpv4Address, + }, + ], + }, + ], + } + } + + // Act + const testRule = async ( + data: any, + expectedResult: Result + ): Promise => { + // Act + const [processedRule] = await rulesEngine.processRule( + Aws_NIST_800_53_122 as Rule, + { ...data } + ) + + // Asserts + expect(processedRule.result).toBe(expectedResult) + } + + test('Subnet is Default and auto assign attribute is true', async () => { + const data: any = getTestRuleFixture('Yes') + await testRule(data, Result.FAIL) + }) + + test('Subnet is nonDefault and auto assign attribute cannot be false', async () => { + const data: any = getTestRuleFixture('No') + await testRule(data, Result.PASS) + }) + + }) + +}) From 693644f9c7790e06732552e960885dfcb9a9a63b Mon Sep 17 00:00:00 2001 From: Juan Ignacio Guimarey Date: Wed, 27 Apr 2022 22:55:04 -0300 Subject: [PATCH 02/30] feat: add aws 12.1 and tests Same branch has 12.1 and 12.2 with tests and readme update --- src/aws/nist-800-53-rev4/rules/aws-nist-800-53-rev4-12.1.ts | 1 - src/aws/nist-800-53-rev4/tests/nist-800-53-rev4-12.x.test.ts | 2 +- 2 files changed, 1 insertion(+), 2 deletions(-) diff --git a/src/aws/nist-800-53-rev4/rules/aws-nist-800-53-rev4-12.1.ts b/src/aws/nist-800-53-rev4/rules/aws-nist-800-53-rev4-12.1.ts index e564daea..685dcfa4 100644 --- a/src/aws/nist-800-53-rev4/rules/aws-nist-800-53-rev4-12.1.ts +++ b/src/aws/nist-800-53-rev4/rules/aws-nist-800-53-rev4-12.1.ts @@ -45,7 +45,6 @@ export default { severity: 'medium', conditions: { path: '@.geoRestrictions', - isEmpty: false, notIn: ['Blacklist'] }, diff --git a/src/aws/nist-800-53-rev4/tests/nist-800-53-rev4-12.x.test.ts b/src/aws/nist-800-53-rev4/tests/nist-800-53-rev4-12.x.test.ts index 04d7e3a2..ed569e54 100644 --- a/src/aws/nist-800-53-rev4/tests/nist-800-53-rev4-12.x.test.ts +++ b/src/aws/nist-800-53-rev4/tests/nist-800-53-rev4-12.x.test.ts @@ -68,7 +68,7 @@ describe('AWS NIST 800-53: Rev. 4', () => { }) //12.X - describe.skip(' AWS 12.1 CloudFront distributions should have geo-restrictions specified', () => { + describe(' AWS 12.1 CloudFront distributions should have geo-restrictions specified', () => { const getTestRuleFixture = (geoRestrictions: string): any => { return { queryawsCloudfront: [ From a609dafcc5e476252b7490e540ac75b958e35240 Mon Sep 17 00:00:00 2001 From: Juan Ignacio Guimarey Date: Thu, 28 Apr 2022 15:43:48 -0300 Subject: [PATCH 03/30] fix: updated index.ts with rules 12.1 and 12.2 Updated index.ts with rules 12.1 and 12.2 from last commit --- src/aws/nist-800-53-rev4/rules/index.ts | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/src/aws/nist-800-53-rev4/rules/index.ts b/src/aws/nist-800-53-rev4/rules/index.ts index 3940e9ee..62bc00f8 100644 --- a/src/aws/nist-800-53-rev4/rules/index.ts +++ b/src/aws/nist-800-53-rev4/rules/index.ts @@ -28,6 +28,11 @@ import Aws_NIST_800_53_69 from './aws-nist-800-53-rev4-6.9' import Aws_NIST_800_53_612 from './aws-nist-800-53-rev4-6.12' import Aws_NIST_800_53_613 from './aws-nist-800-53-rev4-6.13' + +import Aws_NIST_800_53_121 from './aws-nist-800-53-rev4-12.1' +import Aws_NIST_800_53_122 from './aws-nist-800-53-rev4-12.2' + + export default [ Aws_NIST_800_53_11, Aws_NIST_800_53_12, @@ -58,4 +63,8 @@ export default [ Aws_NIST_800_53_69, Aws_NIST_800_53_612, Aws_NIST_800_53_613, + + + Aws_NIST_800_53_121, + Aws_NIST_800_53_122, ] From 207ef74f79861ac84654365a274fa9722639dbeb Mon Sep 17 00:00:00 2001 From: Juan Ignacio Guimarey Date: Mon, 2 May 2022 22:37:15 -0300 Subject: [PATCH 04/30] fix: new geoRestriction object and improved logic updated geoRestriction object having the variable needed to do the logic. Rule is asking if georestrictions have been applied not if its blacklisted --- .../rules/aws-nist-800-53-rev4-12.1.ts | 12 ++++++++---- .../tests/nist-800-53-rev4-12.x.test.ts | 19 +++++++++---------- 2 files changed, 17 insertions(+), 14 deletions(-) diff --git a/src/aws/nist-800-53-rev4/rules/aws-nist-800-53-rev4-12.1.ts b/src/aws/nist-800-53-rev4/rules/aws-nist-800-53-rev4-12.1.ts index 685dcfa4..eee08823 100644 --- a/src/aws/nist-800-53-rev4/rules/aws-nist-800-53-rev4-12.1.ts +++ b/src/aws/nist-800-53-rev4/rules/aws-nist-800-53-rev4-12.1.ts @@ -38,14 +38,18 @@ export default { arn accountId __typename - geoRestrictions + geoRestriction { + restrictionType + } } }`, resource: 'queryawsCloudfront[*]', severity: 'medium', conditions: { - path: '@.geoRestrictions', - notIn: ['Blacklist'] - + path: '@.geoRestriction', + array_all: { + path: '[*].restrictionType', + notIn: 'none' + }, }, } \ No newline at end of file diff --git a/src/aws/nist-800-53-rev4/tests/nist-800-53-rev4-12.x.test.ts b/src/aws/nist-800-53-rev4/tests/nist-800-53-rev4-12.x.test.ts index ed569e54..01ae5010 100644 --- a/src/aws/nist-800-53-rev4/tests/nist-800-53-rev4-12.x.test.ts +++ b/src/aws/nist-800-53-rev4/tests/nist-800-53-rev4-12.x.test.ts @@ -69,12 +69,16 @@ describe('AWS NIST 800-53: Rev. 4', () => { //12.X describe(' AWS 12.1 CloudFront distributions should have geo-restrictions specified', () => { - const getTestRuleFixture = (geoRestrictions: string): any => { + const getTestRuleFixture = (restrictionType: string): any => { return { queryawsCloudfront: [ { id: cuid(), - geoRestrictions + geoRestriction: [ + { + restrictionType + }, + ], }, ], } @@ -96,17 +100,12 @@ describe('AWS NIST 800-53: Rev. 4', () => { } test('Georestrictions allowed. Content is available', async () => { - const data: any = getTestRuleFixture('Whitelist') - await testRule(data, Result.PASS) - }) - - test('Georestrictions allowed. Content is available', async () => { - const data: any = getTestRuleFixture('None') + const data: any = getTestRuleFixture('whitelist') await testRule(data, Result.PASS) }) - test('Georestrictions allowed. Content is not available', async () => { - const data: any = getTestRuleFixture('Blacklist') + test('Georestrictions not set. Content is not available', async () => { + const data: any = getTestRuleFixture('none') await testRule(data, Result.FAIL) }) From 15c00a01f52b93dd0319c7adac9d0c08ba72868a Mon Sep 17 00:00:00 2001 From: "mariano.pizarro" Date: Fri, 6 May 2022 10:29:59 -0300 Subject: [PATCH 05/30] feat: Included 1.x rules for aws cis 1.3.0 --- src/aws/cis-1.3.0/README.md | 26 ++++++++++++++++++-------- 1 file changed, 18 insertions(+), 8 deletions(-) diff --git a/src/aws/cis-1.3.0/README.md b/src/aws/cis-1.3.0/README.md index d3f8bdb0..a759cf08 100644 --- a/src/aws/cis-1.3.0/README.md +++ b/src/aws/cis-1.3.0/README.md @@ -53,11 +53,21 @@ Policy Pack based on the [AWS Foundations 1.3.0](https://docs.aws.amazon.com/aud } ``` - +| Rule | Description | +| ------------- | --------------------------------------------------------------------------------------------------------------------------- | +| AWS CIS 1.4 | Ensure no 'root' user account access key exists | +| AWS CIS 1.5 | Ensure MFA is enabled for the 'root user' account | +| AWS CIS 1.6 | Ensure hardware MFA is enabled for the 'root' user account | +| AWS CIS 1.7 | Eliminate use of the root user for administrative and daily tasks | +| AWS CIS 1.8 | Ensure IAM password policy requires minimum length of 14 or greater | +| AWS CIS 1.9 | Ensure IAM password policy prevents password reuse | +| AWS CIS 1.10 | Ensure multi-factor authentication (MFA) is enabled for all IAM users that have a console password | +| AWS CIS 1.12 | Ensure credentials unused for 90 days or greater are disabled | +| AWS CIS 1.13 | Ensure there is only one active access key available for any single IAM user | +| AWS CIS 1.14 | Ensure access keys are rotated every 90 days or less | +| AWS CIS 1.15 | Ensure IAM Users Receive Permissions Only Through Groups | +| AWS CIS 1.16 | Ensure IAM policies that allow full "*:*" administrative privileges are not attached | +| AWS CIS 1.17 | Ensure a support role has been created to manage incidents with AWS Support | +| AWS CIS 1.19 | Ensure that all the expired SSL/TLS certificates stored in AWS IAM are removed | +| AWS CIS 1.20 | Ensure that S3 Buckets are configured with 'Block public access (bucket settings)' | +| AWS CIS 1.21 | Ensure that IAM Access analyzer is enabled | From 6ba595ff827880f95650e367214a1e89fdf7aaab Mon Sep 17 00:00:00 2001 From: "mariano.pizarro" Date: Fri, 6 May 2022 10:30:07 -0300 Subject: [PATCH 06/30] feat: Included 1.x rules for aws cis 1.3.0 --- src/aws/cis-1.3.0/rules/aws-cis-1.3.0-1.10.ts | 94 ++ src/aws/cis-1.3.0/rules/aws-cis-1.3.0-1.12.ts | 124 ++ src/aws/cis-1.3.0/rules/aws-cis-1.3.0-1.13.ts | 92 ++ src/aws/cis-1.3.0/rules/aws-cis-1.3.0-1.14.ts | 116 ++ src/aws/cis-1.3.0/rules/aws-cis-1.3.0-1.15.ts | 83 ++ src/aws/cis-1.3.0/rules/aws-cis-1.3.0-1.16.ts | 102 ++ src/aws/cis-1.3.0/rules/aws-cis-1.3.0-1.17.ts | 105 ++ src/aws/cis-1.3.0/rules/aws-cis-1.3.0-1.19.ts | 69 ++ src/aws/cis-1.3.0/rules/aws-cis-1.3.0-1.20.ts | 140 +++ src/aws/cis-1.3.0/rules/aws-cis-1.3.0-1.21.ts | 81 ++ src/aws/cis-1.3.0/rules/aws-cis-1.3.0-1.4.ts | 59 + src/aws/cis-1.3.0/rules/aws-cis-1.3.0-1.5.ts | 66 ++ src/aws/cis-1.3.0/rules/aws-cis-1.3.0-1.6.ts | 82 ++ src/aws/cis-1.3.0/rules/aws-cis-1.3.0-1.7.ts | 101 ++ src/aws/cis-1.3.0/rules/aws-cis-1.3.0-1.8.ts | 62 + src/aws/cis-1.3.0/rules/aws-cis-1.3.0-1.9.ts | 61 + src/aws/cis-1.3.0/rules/index.ts | 33 +- .../cis-1.3.0/tests/aws-cis-1.3.0-1.x.test.ts | 1055 +++++++++++++++++ src/aws/cis-1.3.0/tests/aws-cis-1.3.0.test.ts | 19 - 19 files changed, 2524 insertions(+), 20 deletions(-) create mode 100644 src/aws/cis-1.3.0/rules/aws-cis-1.3.0-1.10.ts create mode 100644 src/aws/cis-1.3.0/rules/aws-cis-1.3.0-1.12.ts create mode 100644 src/aws/cis-1.3.0/rules/aws-cis-1.3.0-1.13.ts create mode 100644 src/aws/cis-1.3.0/rules/aws-cis-1.3.0-1.14.ts create mode 100644 src/aws/cis-1.3.0/rules/aws-cis-1.3.0-1.15.ts create mode 100644 src/aws/cis-1.3.0/rules/aws-cis-1.3.0-1.16.ts create mode 100644 src/aws/cis-1.3.0/rules/aws-cis-1.3.0-1.17.ts create mode 100644 src/aws/cis-1.3.0/rules/aws-cis-1.3.0-1.19.ts create mode 100644 src/aws/cis-1.3.0/rules/aws-cis-1.3.0-1.20.ts create mode 100644 src/aws/cis-1.3.0/rules/aws-cis-1.3.0-1.21.ts create mode 100644 src/aws/cis-1.3.0/rules/aws-cis-1.3.0-1.4.ts create mode 100644 src/aws/cis-1.3.0/rules/aws-cis-1.3.0-1.5.ts create mode 100644 src/aws/cis-1.3.0/rules/aws-cis-1.3.0-1.6.ts create mode 100644 src/aws/cis-1.3.0/rules/aws-cis-1.3.0-1.7.ts create mode 100644 src/aws/cis-1.3.0/rules/aws-cis-1.3.0-1.8.ts create mode 100644 src/aws/cis-1.3.0/rules/aws-cis-1.3.0-1.9.ts create mode 100644 src/aws/cis-1.3.0/tests/aws-cis-1.3.0-1.x.test.ts delete mode 100644 src/aws/cis-1.3.0/tests/aws-cis-1.3.0.test.ts diff --git a/src/aws/cis-1.3.0/rules/aws-cis-1.3.0-1.10.ts b/src/aws/cis-1.3.0/rules/aws-cis-1.3.0-1.10.ts new file mode 100644 index 00000000..dca712e1 --- /dev/null +++ b/src/aws/cis-1.3.0/rules/aws-cis-1.3.0-1.10.ts @@ -0,0 +1,94 @@ +// AWS CIS 1.2.0 Rule equivalent 1.2 +export default { + id: 'aws-cis-1.3.0-1.10', + title: 'AWS CIS 1.10 Ensure multi-factor authentication (MFA) is enabled for all IAM users that have a console password', + + description: 'Multi-Factor Authentication (MFA) adds an extra layer of authentication assurance beyond traditional credentials. With MFA enabled, when a user signs in to the AWS Console, they will be prompted for their user name and password as well as for an authentication code from their physical or virtual MFA token. It is recommended that MFA be enabled for all accounts that have a console password.', + + audit: `Perform the following to determine if a MFA device is enabled for all IAM users having a console password: + + **From Console:** + + 1. Open the IAM console at https://console.aws.amazon.com/iam/. + 2. In the left pane, select *Users* + 3. If the *MFA* or *Password age* columns are not visible in the table, click the gear icon at the upper right corner of the table and ensure a checkmark is next to both, then click *Close*. + 4. Ensure that for each user where the *Password age* column shows a password age, the MFA column shows *Virtual*, *U2F Security Key*, or *Hardware*. + + **From Command Line:** + + 1. Run the following command (OSX/Linux/UNIX) to generate a list of all IAM users along with their password and MFA status: + + aws iam generate-credential-report + + aws iam get-credential-report --query 'Content' --output text | base64 -d | cut -d, -f1,4,8 + + 2. The output of this command will produce a table similar to the following: + + user,password_enabled,mfa_active + elise,false,false + brandon,true,true + rakesh,false,false + helene,false,false + paras,true,true + anitha,false,false + + 3. For any column having *password_enabled* set to *true*, ensure *mfa_active* is also set to *true*.`, + + rationale: 'Enabling MFA provides increased security for console access as it requires the authenticating principal to possess a device that displays a time-sensitive key and have knowledge of a credential.', + + remediation: `Perform the following to enable MFA: + + **From Console:** + + 1. Sign in to the AWS Management Console and open the IAM console at 'https://console.aws.amazon.com/iam/' + 2. In the left pane, select *Users*. + 3. In the *User Name* list, choose the name of the intended MFA user. + 4. Choose the *Security Credentials* tab, and then choose *Manage MFA Device*. + 5. In the *Manage MFA Device wizard*, choose *Virtual MFA* device, and then choose *Continue*. + + IAM generates and displays configuration information for the virtual MFA device, including a QR code graphic. The graphic is a representation of the 'secret configuration key' that is available for manual entry on devices that do not support QR codes. + + 6. Open your virtual MFA application. (For a list of apps that you can use for hosting virtual MFA devices, see Virtual MFA Applications at https://aws.amazon.com/iam/details/mfa/#Virtual_MFA_Applications). If the virtual MFA application supports multiple accounts (multiple virtual MFA devices), choose the option to create a new account (a new virtual MFA device). + 7. Determine whether the MFA app supports QR codes, and then do one of the following: + + - Use the app to scan the QR code. For example, you might choose the camera icon or choose an option similar to Scan code, and then use the device's camera to scan the code. + - In the Manage MFA Device wizard, choose Show secret key for manual configuration, and then type the secret configuration key into your MFA application. + + When you are finished, the virtual MFA device starts generating one-time passwords. + + 8. In the *Manage MFA Device wizard*, in the *MFA Code 1 box*, type the *one-time password* that currently appears in the virtual MFA device. Wait up to 30 seconds for the device to generate a new one-time password. Then type the second *one-time password* into the *MFA Code 2 box*. + 9. Click *Assign MFA*.`, + + references: [ + 'https://tools.ietf.org/html/rfc6238', + 'https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_mfa.html', + 'https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html#enable-mfa-for-privileged-users', + 'https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_mfa_enable_virtual.html', + 'CCE-78901-6', + 'https://blogs.aws.amazon.com/security/post/Tx2SJJYE082KBUK/How-to-Delegate-Management-of-Multi-Factor-Authentication-to-AWS-IAM-Users', + ], + gql: `{ + queryawsIamUser { + id + arn + accountId + __typename + passwordEnabled + mfaActive + } + }`, + resource: 'queryawsIamUser[*]', + severity: 'high', + conditions: { + or: [ + { + path: '@.passwordEnabled', + equal: false, + }, + { + path: '@.mfaActive', + equal: true, + } + ] + }, +} \ No newline at end of file diff --git a/src/aws/cis-1.3.0/rules/aws-cis-1.3.0-1.12.ts b/src/aws/cis-1.3.0/rules/aws-cis-1.3.0-1.12.ts new file mode 100644 index 00000000..fc53fe66 --- /dev/null +++ b/src/aws/cis-1.3.0/rules/aws-cis-1.3.0-1.12.ts @@ -0,0 +1,124 @@ +// AWS CIS 1.2.0 Rule equivalent 1.3 +export default { + id: 'aws-cis-1.3.0-1.12', + title: 'AWS CIS 1.12 Ensure credentials unused for 90 days or greater are disabled', + + description: 'AWS IAM users can access AWS resources using different types of credentials, such as passwords or access keys. It is recommended that all credentials that have been unused in 90 or greater days be deactivated or removed.', + + audit: `Perform the following to determine if unused credentials exist: + + **From Console:** + + 1. Login to the AWS Management Console + 2. Click *Services* + 3. Click *IAM* + 4. Click on *Users* + 5. Click the *Settings* (gear) icon. + 6. Select *Console last sign-in*, *Access key last used*, and *Access Key Id* + 7. Click on *Close* + 8. Check and ensure that *Console last sign-in* is less than 90 days ago. + + **Note** - *Never* means the user has never logged in. + + 9. Check and ensure that *Access key age* is less than 90 days and that *Access key last used* does not say *None* + + If the user hasn't signed into the Console in the last 90 days or Access keys are over 90 days old refer to the remediation. + + **From Command Line:** + **Download Credential Report:** + + 1. Run the following commands: + + aws iam generate-credential-report + + aws iam get-credential-report --query 'Content' --output text | base64 -d | cut -d, -f1,4,5,6,9,10,11,14,15,16 + + **Ensure unused credentials do not exist:** + + 2. For each user having *password_enabled* set to *TRUE*, ensure *password_last_used_date* is less than *90* days ago. + + - When *password_enabled* is set to *TRUE* and password_last_used is set to No_Information , ensure *password_last_changed* is less than *90* days ago. + + 3. For each user having an *access_key_1_active* or *access_key_2_active* to *TRUE* , ensure the corresponding *access_key_n_last_used_date* is less than *90* days ago. + + - When a user having an *access_key_x_active* (where x is 1 or 2) to *TRUE* and corresponding access_key_x_last_used_date is set to *N/A*', *ensure* access_key_x_last_rotated is less than 90 days ago.`, + + rationale: 'Disabling or removing unnecessary credentials will reduce the window of opportunity for credentials associated with a compromised or abandoned account to be used.', + + remediation: `**From Console:** + Perform the following to manage Unused Password (IAM user console access) + + 1. Login to the AWS Management Console: + 2. Click *Services* + 3. Click *IAM* + 4. Click on *Users* + 5. Click on *Security Credentials* + 6. Select user whose *Console last sign-in* is greater than 90 days + 7. Click *Security credentials* + 8. In section *Sign-in credentials*, *Console password* click *Manage* + 9. Under Console Access select *Disable* + 10. Click *Apply* + + Perform the following to deactivate Access Keys: + + 1. Login to the AWS Management Console: + 2. Click *Services* + 3. Click *IAM* + 4. Click on *Users* + 5. Click on *Security Credentials* + 6. Select any access keys that are over 90 days old and that have been used and + - Click on *Make Inactive* + 7. Select any access keys that are over 90 days old and that have not been used and + - Click the X to *Delete*`, + + references: [ + 'CCE-78900-8', + 'https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html#remove-credentials', + 'https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_finding-unused.html', + 'https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_passwords_admin-change-user.html', + 'https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_access-keys.html', + ], + gql: `{ + queryawsIamUser { + id + arn + accountId + __typename + passwordLastUsed + accessKeyData { + lastUsedDate + } + } + }`, + resource: 'queryawsIamUser[*]', + severity: 'medium', + conditions: { + or: [ + { + and: [ + { + path: '@.accessKeyData', + isEmpty: true + }, + { + not: { + path: '@.passwordLastUsed', + notIn: [null, 'N/A', ''] + } + } + ] + }, + { + value: { daysAgo: {}, path: '@.passwordLastUsed' }, + lessThanInclusive: 90, + }, + { + path: '@.accessKeyData', + array_any: { + value: { daysAgo: {}, path: '[*].lastUsedDate' }, + lessThanInclusive: 90, + }, + }, + ], + }, +} \ No newline at end of file diff --git a/src/aws/cis-1.3.0/rules/aws-cis-1.3.0-1.13.ts b/src/aws/cis-1.3.0/rules/aws-cis-1.3.0-1.13.ts new file mode 100644 index 00000000..61eb33bb --- /dev/null +++ b/src/aws/cis-1.3.0/rules/aws-cis-1.3.0-1.13.ts @@ -0,0 +1,92 @@ +export default { + id: 'aws-cis-1.3.0-1.13', + title: 'AWS CIS 1.13 Ensure there is only one active access key available for any single IAM user', + + description: 'Access keys are long-term credentials for an IAM user or the AWS account \'root\' user. You can use access keys to sign programmatic requests to the AWS CLI or AWS API (directly or using the AWS SDK)', + + audit: `**From Console:** + + 1. Sign in to the AWS Management Console and navigate to IAM dashboard at https://console.aws.amazon.com/iam/. + 2. In the left navigation panel, choose Users. + 3. Click on the IAM user name that you want to examine. + 4. On the IAM user configuration page, select Security Credentials tab. + 5. Under Access Keys section, in the Status column, check the current status for each access key associated with the IAM user. If the selected IAM user has more than one access key activated then the users access configuration does not adhere to security best practices and the risk of accidental exposures increases. + + - Repeat steps no. 3 – 5 for each IAM user in your AWS account. + + **From Command Line:** + + 1. Run list-users command to list all IAM users within your account: + + aws iam list-users --query "Users[*].UserName + + 2. Run list-access-keys command using the IAM user name list to return the current status of each access key associated with the selected IAM user: + + aws iam list-access-keys --user-name + + The command output should expose the metadata ("Username", "AccessKeyId", "Status", "CreateDate") for each access key on that user account. + + 3. Check the Status property value for each key returned to determine each keys current state. If the Status property value for more than one IAM access key is set to Active, the user access configuration does not adhere to this recommendation, refer to the remediation below. + + - Repeat steps no. 2 and 3 for each IAM user in your AWS account." + + The command output should return an array that contains all your IAM user names.`, + + rationale: 'Access keys are long-term credentials for an IAM user or the AWS account \'root\' user. You can use access keys to sign programmatic requests to the AWS CLI or AWS API. One of the best ways to protect your account is to not allow users to have multiple access keys.', + + remediation: `**From Console:** + + 1. Sign in to the AWS Management Console and navigate to IAM dashboard at https://console.aws.amazon.com/iam/. + 2. In the left navigation panel, choose Users. + 3. Click on the IAM user name that you want to examine. + 4. On the IAM user configuration page, select Security Credentials tab. + 5. In Access Keys section, choose one access key that is less than 90 days old. This should be the only active key used by this IAM user to access AWS resources programmatically. Test your application(s) to make sure that the chosen access key is working. + 6. In the same Access Keys section, identify your non-operational access keys (other than the chosen one) and deactivate it by clicking the Make Inactive link. + 7. If you receive the Change Key Status confirmation box, click Deactivate to switch off the selected key. + 8. Repeat steps no. 3 – 7 for each IAM user in your AWS account. + + **From Command Line:** + + 1. Using the IAM user and access key information provided in the Audit CLI, choose one access key that is less than 90 days old. This should be the only active key used by this IAM user to access AWS resources programmatically. Test your application(s) to make sure that the chosen access key is working. + 2. Run the update-access-key command below using the IAM user name and the non-operational access key IDs to deactivate the unnecessary key(s). Refer to the Audit section to identify the unnecessary access key ID for the selected IAM user + + **Note** - the command does not return any output: + + aws iam update-access-key --access-key-id --status Inactive --user-name + + 3. To confirm that the selected access key pair has been successfully deactivated run the list-access-keys audit command again for that IAM User: + + aws iam list-access-keys --user-name + + - The command output should expose the metadata for each access key associated with the IAM user. If the non-operational key pair(s) Status is set to Inactive, the key has been successfully deactivated and the IAM user access configuration adheres now to this recommendation. + + 4. Repeat steps no. 1 – 3 for each IAM user in your AWS account.`, + + references: [ + 'https://docs.aws.amazon.com/general/latest/gr/aws-access-keys-best-practices.html', + 'https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_access-keys.html', + ], + gql: `{ + queryawsIamUser { + id + arn + accountId + __typename + accessKeyData { + status + } + } + }`, + resource: 'queryawsIamUser[*]', + severity: 'medium', + conditions: { + jq: '.accessKeyData | map(select(.status == "Active")) | { "oneOrLess" : (length <= 1) }', + path: '@', + and: [ + { + path: '@.oneOrLess', + equal: true, + }, + ], + }, +} \ No newline at end of file diff --git a/src/aws/cis-1.3.0/rules/aws-cis-1.3.0-1.14.ts b/src/aws/cis-1.3.0/rules/aws-cis-1.3.0-1.14.ts new file mode 100644 index 00000000..c8549537 --- /dev/null +++ b/src/aws/cis-1.3.0/rules/aws-cis-1.3.0-1.14.ts @@ -0,0 +1,116 @@ +// AWS CIS 1.2.0 Rule equivalent 1.4 +export default { + id: 'aws-cis-1.3.0-1.14', + title: 'AWS CIS 1.14 Ensure access keys are rotated every 90 days or less', + + description: 'Access keys consist of an access key ID and secret access key, which are used to sign programmatic requests that you make to AWS. AWS users need their own access keys to make programmatic calls to AWS from the AWS Command Line Interface (AWS CLI), Tools for Windows PowerShell, the AWS SDKs, or direct HTTP calls using the APIs for individual AWS services. It is recommended that all access keys be regularly rotated.', + + audit: `Perform the following to determine if access keys are rotated as prescribed: + + **From Console:** + + 1. Go to Management Console (https://console.aws.amazon.com/iam) + 2. Click on Users + 3. Click setting icon + 4. Select “Console last sign-in” + 5. Click Close + 6. Ensure that “Access key age” is less than 90 days ago. + + **Note:** "None" in the "Access key age" means the user has not used the access key. + + **From Command Line:** + + aws iam generate-credential-report + + aws iam get-credential-report --query 'Content' --output text | base64 -d + + The access_key_1_last_rotated field in this file notes The date and time, in ISO 8601 date-time format, when the user's access key was created or last changed. If the user does not have an active access key, the value in this field is N/A (not applicable).`, + + rationale: `Rotating access keys will reduce the window of opportunity for an access key that is associated with a compromised or terminated account to be used. + + Access keys should be rotated to ensure that data cannot be accessed with an old key which might have been lost, cracked, or stolen.`, + + remediation: `Perform the following to rotate access keys: + + **From Console:** + + 1. Go to Management Console (https://console.aws.amazon.com/iam) + 2. Click on Users + 3. Click on Security Credentials + 4. As an Administrator + - Click on Make Inactive for keys that have not been rotated in 90 Days + 5. As an IAM User + - Click on Make Inactive or Delete for keys which have not been rotated or used in 90 Days + 6. Click on Create Access Key + 7. Update programmatic call with new Access Key credentials + + **From Command Line:** + + 1. While the first access key is still active, create a second access key, which is active by default. Run the following command: + + aws iam create-access-key + + At this point, the user has two active access keys. + + 2. Update all applications and tools to use the new access key. + 3. Determine whether the first access key is still in use by using this command: + + aws iam get-access-key-last-used + + 4. One approach is to wait several days and then check the old access key for any use before proceeding. + + Even if step Step 3 indicates no use of the old key, it is recommended that you do not immediately delete the first access key. Instead, change the state of the first access key to Inactive using this command: + + aws iam update-access-key + + 5. Use only the new access key to confirm that your applications are working. Any applications and tools that still use the original access key will stop working at this point because they no longer have access to AWS resources. If you find such an application or tool, you can switch its state back to Active to reenable the first access key. Then return to step Step 2 and update this application to use the new key. + + 6. After you wait some period of time to ensure that all applications and tools have been updated, you can delete the first access key with this command: + + aws iam delete-access-key`, + + references: [ + 'CCE-78902-4', + 'https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html#rotate-credentials', + 'https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_finding-unused.html', + 'https://docs.aws.amazon.com/general/latest/gr/managing-aws-access-keys.html', + 'https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_access-keys.html', + ], + gql: `{ + queryawsIamUser { + id + arn + accountId + __typename + accessKeyData { + status + lastRotated + } + } + }`, + resource: 'queryawsIamUser[*]', + severity: 'medium', + conditions: { + or: [ + { + path: '@.accessKeyData', + isEmpty: true + }, + { + path: '@.accessKeyData', + array_any: { + and: [ + { + value: { daysAgo: {}, path: '[*].lastRotated' }, + lessThanInclusive: 90, + }, + { + path: '[*].status', + equal: 'Active', + }, + ], + }, + }, + ], + }, +} \ No newline at end of file diff --git a/src/aws/cis-1.3.0/rules/aws-cis-1.3.0-1.15.ts b/src/aws/cis-1.3.0/rules/aws-cis-1.3.0-1.15.ts new file mode 100644 index 00000000..2c2cff75 --- /dev/null +++ b/src/aws/cis-1.3.0/rules/aws-cis-1.3.0-1.15.ts @@ -0,0 +1,83 @@ +// AWS CIS 1.2.0 Rule equivalent 1.16 +export default { + id: 'aws-cis-1.3.0-1.15', + title: 'AWS CIS 1.15 Ensure IAM Users Receive Permissions Only Through Groups', + + description: `IAM users are granted access to services, functions, and data through IAM policies. There are three ways to define policies for a user: 1) Edit the user policy directly, aka an inline, or user, policy; 2) attach a policy directly to a user; 3) add the user to an IAM group that has an attached policy. + + Only the third implementation is recommended.`, + + audit: `Perform the following to determine if an inline policy is set or a policy is directly attached to users: + + 1. Run the following to get a list of IAM users: + + aws iam list-users --query 'Users[*].UserName' --output text + + 2. For each user returned, run the following command to determine if any policies are attached to them: + + aws iam list-attached-user-policies --user-name + aws iam list-user-policies --user-name + + 3. If any policies are returned, the user has an inline policy or direct policy attachment.`, + + rationale: 'Assigning IAM policy only through groups unifies permissions management to a single, flexible layer consistent with organizational functional roles. By unifying permissions management, the likelihood of excessive permissions is reduced.', + + remediation: `Perform the following to create an IAM group and assign a policy to it: + + 1. Sign in to the AWS Management Console and open the IAM console at https://console.aws.amazon.com/iam/. + 2. In the navigation pane, click Groups and then click Create New Group . + 3. In the Group Name box, type the name of the group and then click Next Step . + 4. In the list of policies, select the check box for each policy that you want to apply to all members of the group. Then click Next Step . + 5. Click Create Group + + Perform the following to add a user to a given group: + + 1. Sign in to the AWS Management Console and open the IAM console at https://console.aws.amazon.com/iam/. + 2. In the navigation pane, click Groups + 3. Select the group to add a user to + 4. Click Add Users To Group + 5. Select the users to be added to the group + 6. Click Add Users + + Perform the following to remove a direct association between a user and policy: + + 1. Sign in to the AWS Management Console and open the IAM console at https://console.aws.amazon.com/iam/. + 2. In the left navigation pane, click on Users + 3. For each user: + - Select the user + - Click on the Permissions tab + - Expand Permissions policies + - Click X for each policy; then click Detach or Remove (depending on policy type)`, + + references: [ + 'http://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html', + 'http://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_managed-vs-inline.html', + 'CCE-78912-3', + ], + gql: `{ + queryawsIamUser { + id + arn + accountId + __typename + iamAttachedPolicies { + name + }, + inlinePolicies + } + }`, + resource: 'queryawsIamUser[*]', + severity: 'medium', + conditions: { + and: [ + { + path: '@.iamAttachedPolicies', + isEmpty: true, + }, + { + path: '@.inlinePolicies', + isEmpty: true, + }, + ], + }, +} \ No newline at end of file diff --git a/src/aws/cis-1.3.0/rules/aws-cis-1.3.0-1.16.ts b/src/aws/cis-1.3.0/rules/aws-cis-1.3.0-1.16.ts new file mode 100644 index 00000000..49aa3f0b --- /dev/null +++ b/src/aws/cis-1.3.0/rules/aws-cis-1.3.0-1.16.ts @@ -0,0 +1,102 @@ +// AWS CIS 1.2.0 Rule equivalent 1.22 +export default { + id: 'aws-cis-1.3.0-1.16', + title: 'AWS CIS 1.16 Ensure IAM policies that allow full "*:*" administrative privileges are not attached', + + description: 'IAM policies are the means by which privileges are granted to users, groups, or roles. It is recommended and considered a standard security advice to grant least privilege -that is, granting only the permissions required to perform a task. Determine what users need to do and then craft policies for them that let the users perform only those tasks, instead of allowing full administrative privileges.', + + audit: `Perform the following to determine what policies are created: + + **From Command Line:** + + 1. Run the following to get a list of IAM policies: + + aws iam list-policies --only-attached --output text + + 2. For each policy returned, run the following command to determine if any policies is allowing full administrative privileges on the account: + + aws iam get-policy-version --policy-arn --version-id + + 3. In output ensure policy should not have any Statement block with "Effect": "Allow" and Action set to "*" and Resource set to "*"`, + + rationale: `It's more secure to start with a minimum set of permissions and grant additional permissions as necessary, rather than starting with permissions that are too lenient and then trying to tighten them later. + + Providing full administrative privileges instead of restricting to the minimum set of permissions that the user is required to do exposes the resources to potentially unwanted actions. + + IAM policies that have a statement with "Effect": "Allow" with "Action": "*" over "Resource": "*" should be removed.`, + + remediation: `**From Console:** + Perform the following to detach the policy that has full administrative privileges: + + 1. Sign in to the AWS Management Console and open the IAM console at https://console.aws.amazon.com/iam/. + 2. In the navigation pane, click Policies and then search for the policy name found in the audit step. + 3. Select the policy that needs to be deleted. + 4. In the policy action menu, select first Detach + 5. Select all Users, Groups, Roles that have this policy attached + 6. Click Detach Policy + 7. In the policy action menu, select Detach + + **From Command Line:** + Perform the following to detach the policy that has full administrative privileges as found in the audit step: + + 1. Lists all IAM users, groups, and roles that the specified managed policy is attached to. + + aws iam list-entities-for-policy --policy-arn + + 2. Detach the policy from all IAM Users: + + aws iam detach-user-policy --user-name --policy-arn + + 3. Detach the policy from all IAM Groups: + + aws iam detach-group-policy --group-name --policy-arn + + 4. Detach the policy from all IAM Roles: + + aws iam detach-role-policy --role-name --policy-arn `, + + references: [ + 'https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html', + 'https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_managed-vs-inline.html', + 'CCE-78912-3', + 'https://docs.aws.amazon.com/cli/latest/reference/iam/index.html#cli-aws-iam', + ], + gql: `{ + queryawsIamPolicy { + id + arn + accountId + __typename + policyContent { + statement { + effect + action + resource + } + } + } + }`, + resource: 'queryawsIamPolicy[*]', + severity: 'high', + conditions: { + not: { + path: '@.policyContent.statement', + array_any: { + and: [ + { + path: '[*].effect', + equal: 'Allow', + }, + { + path: '[*].action', + contains: '*', + }, + { + path: '[*].resource', + contains: '*', + }, + ], + }, + }, + }, +} \ No newline at end of file diff --git a/src/aws/cis-1.3.0/rules/aws-cis-1.3.0-1.17.ts b/src/aws/cis-1.3.0/rules/aws-cis-1.3.0-1.17.ts new file mode 100644 index 00000000..06f672b9 --- /dev/null +++ b/src/aws/cis-1.3.0/rules/aws-cis-1.3.0-1.17.ts @@ -0,0 +1,105 @@ +// AWS CIS 1.2.0 Rule equivalent 1.20 +export default { + id: 'aws-cis-1.3.0-1.17', + title: 'AWS CIS 1.17 Ensure a support role has been created to manage incidents with AWS Support', + + description: 'AWS provides a support center that can be used for incident notification and response, as well as technical support and customer services. Create an IAM Role to allow authorized users to manage incidents with AWS Support.', + + audit: `**From Command Line:** + + 1. List IAM policies, filter for the 'AWSSupportAccess' managed policy, and note the "Arn" element value: + + aws iam list-policies --query "Policies[?PolicyName == 'AWSSupportAccess']" + + 2. Check if the 'AWSSupportAccess' policy is attached to any role: + + aws iam list-entities-for-policy --policy-arn arn:aws:iam::aws:policy/AWSSupportAccess + + 3. In Output, Ensure PolicyRoles does not return empty. 'Example: Example: PolicyRoles: [ ]' + + If it returns empty refer to the remediation below.`, + + rationale: 'By implementing least privilege for access control, an IAM Role will require an appropriate IAM Policy to allow Support Center Access in order to manage Incidents with AWS Support.', + + remediation: `**From Command Line:** + + 1. Create an IAM role for managing incidents with AWS: + + - Create a trust relationship policy document that allows to manage AWS incidents, and save it locally as /tmp/TrustPolicy.json: + + { + "Version": "2012-10-17", + "Statement": [ + { + "Effect": "Allow", + "Principal": { + "AWS": "" + }, + "Action": "sts:AssumeRole" + } + ] + } + + 2. Create the IAM role using the above trust policy: + + aws iam create-role --role-name --assume-role-policy-document file:///tmp/TrustPolicy.json + + 3. Attach 'AWSSupportAccess' managed policy to the created IAM role: + + aws iam attach-role-policy --policy-arn arn:aws:iam::aws:policy/AWSSupportAccess --role-name `, + + references: [ + 'https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_managed-vs-inline.html', + 'https://aws.amazon.com/premiumsupport/pricing/', + 'https://docs.aws.amazon.com/cli/latest/reference/iam/list-policies.html', + 'https://docs.aws.amazon.com/cli/latest/reference/iam/attach-role-policy.html', + 'https://docs.aws.amazon.com/cli/latest/reference/iam/list-entities-for-policy.html', + ], + gql: `{ + queryawsAccount { + id + __typename + iamPolicies { + name + iamUsers { + arn + } + iamGroups { + arn + } + iamRoles { + arn + } + } + } + }`, + resource: 'queryawsAccount[*]', + severity: 'medium', + conditions: { + path: '@.iamPolicies', + array_any: { + and: [ + { + path: '[*].name', + equal: 'AWSSupportAccess', + }, + { + or: [ + { + path: '[*].iamUsers', + isEmpty: false, + }, + { + path: '[*].iamGroups', + isEmpty: false, + }, + { + path: '[*].iamRoles', + isEmpty: false, + }, + ], + }, + ], + }, + }, +} \ No newline at end of file diff --git a/src/aws/cis-1.3.0/rules/aws-cis-1.3.0-1.19.ts b/src/aws/cis-1.3.0/rules/aws-cis-1.3.0-1.19.ts new file mode 100644 index 00000000..e76a171d --- /dev/null +++ b/src/aws/cis-1.3.0/rules/aws-cis-1.3.0-1.19.ts @@ -0,0 +1,69 @@ +// AWS CIS 1.4.0 Rule equivalent 1.19 +export default { + id: 'aws-cis-1.3.0-1.19', + title: 'AWS CIS 1.19 Ensure that all the expired SSL/TLS certificates stored in AWS IAM are removed', + + description: 'To enable HTTPS connections to your website or application in AWS, you need an SSL/TLS server certificate. You can use ACM or IAM to store and deploy server certificates. Use IAM as a certificate manager only when you must support HTTPS connections in a region that is not supported by ACM. IAM securely encrypts your private keys and stores the encrypted version in IAM SSL certificate storage. IAM supports deploying server certificates in all regions, but you must obtain your certificate from an external provider for use with AWS. You cannot upload an ACM certificate to IAM. Additionally, you cannot manage your certificates from the IAM Console.', + + audit: `**From Console:** + Getting the certificates expiration information via AWS Management Console is not currently supported. + To request information about the SSL/TLS certificates stored in IAM via the AWS API use the Command Line Interface (CLI). + + **From Command Line:** + Run list-server-certificates command to list all the IAM-stored server certificates: + + aws iam list-server-certificates + + The command output should return an array that contains all the SSL/TLS certificates currently stored in IAM and their metadata (name, ID, expiration date, etc): + + { + "ServerCertificateMetadataList": [ + { + "ServerCertificateId": "EHDGFRW7EJFYTE88D", + "ServerCertificateName": "MyServerCertificate", + "Expiration": "2018-07-10T23:59:59Z", + "Path": "/", + "Arn": "arn:aws:iam::012345678910:server-certificate/MySSLCertificate", + "UploadDate": "2018-06-10T11:56:08Z" + } + ] + } + + Verify the ServerCertificateName and Expiration parameter value (expiration date) for each SSL/TLS certificate returned by the list-server-certificates command and determine if there are any expired server certificates currently stored in AWS IAM. If so, use the AWS API to remove them. + If this command returns: + + { { "ServerCertificateMetadataList": [] } + + This means that there are no expired certificates, It DOES NOT mean that no certificates exist.`, + + rationale: 'Removing expired SSL/TLS certificates eliminates the risk that an invalid certificate will be deployed accidentally to a resource such as AWS Elastic Load Balancer (ELB), which can damage the credibility of the application/website behind the ELB. As a best practice, it is recommended to delete expired certificates.', + + remediation: `**From Console:** + Removing expired certificates via AWS Management Console is not currently supported. To delete SSL/TLS certificates stored in IAM via the AWS API use the Command Line Interface (CLI). + **From Command Line:** + To delete Expired Certificate run following command by replacing with the name of the certificate to delete: + + aws iam delete-server-certificate --server-certificate-name + + When the preceding command is successful, it does not return any output.`, + + references: [ + 'https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_server-certs.html', + 'https://docs.aws.amazon.com/cli/latest/reference/iam/delete-server-certificate.html', + ], + gql: `{ + queryawsIamServerCertificate { + id + arn + accountId + __typename + expiration + } + }`, + resource: 'queryawsIamServerCertificate[*]', + severity: 'high', + conditions: { + value: { daysDiff: {}, path: '@.expiration' }, + greaterThanInclusive: 1, + }, +} \ No newline at end of file diff --git a/src/aws/cis-1.3.0/rules/aws-cis-1.3.0-1.20.ts b/src/aws/cis-1.3.0/rules/aws-cis-1.3.0-1.20.ts new file mode 100644 index 00000000..e9365bad --- /dev/null +++ b/src/aws/cis-1.3.0/rules/aws-cis-1.3.0-1.20.ts @@ -0,0 +1,140 @@ +// AWS CIS 1.4.0 Rule equivalent 2.1.5 +export default { + id: 'aws-cis-1.3.0-1.20', + title: 'AWS CIS 1.20 Ensure that S3 Buckets are configured with \'Block public access (bucket settings)\'', + + description: 'Amazon S3 provides Block public access (bucket settings) and Block public access (account settings) to help you manage public access to Amazon S3 resources. By default, S3 buckets and objects are created with public access disabled. However, an IAM principal with sufficient S3 permissions can enable public access at the bucket and/or object level. While enabled, Block public access (bucket settings) prevents an individual bucket, and its contained objects, from becoming publicly accessible. Similarly, Block public access (account settings) prevents all buckets, and contained objects, from becoming publicly accessible across the entire account.', + + audit: `**If utilizing Block Public Access (bucket settings)** + **From Console:** + + 1. Login to AWS Management Console and open the Amazon S3 console using https://console.aws.amazon.com/s3/ + 2. Select the Check box next to the Bucket. + 3. Click on 'Edit public access settings'. + 4. Ensure that block public access settings are set appropriately for this bucket + 5. Repeat for all the buckets in your AWS account. + + **From Command Line:** + + 1. List all of the S3 Buckets + + aws s3 ls + + 2. Find the public access setting on that bucket + + aws s3api get-public-access-block --bucket + + Output if Block Public access is enabled: + + { + "PublicAccessBlockConfiguration": { + "BlockPublicAcls": true, + "IgnorePublicAcls": true, + "BlockPublicPolicy": true, + "RestrictPublicBuckets": true + } + } + + If the output reads false for the separate configuration settings then proceed to the remediation. + + **If utilizing Block Public Access (account settings)** + **From Console:** + + 1. Login to AWS Management Console and open the Amazon S3 console using https://console.aws.amazon.com/s3/ + 2. Choose Block public access (account settings) + 3. Ensure that block public access settings are set appropriately for your AWS account. + + **From Command Line:** + To check Public access settings for this account status, run the following command, + + aws s3control get-public-access-block --account-id --region + + Output if Block Public access is enabled: + + { + "PublicAccessBlockConfiguration": { + "IgnorePublicAcls": true, + "BlockPublicPolicy": true, + "BlockPublicAcls": true, + "RestrictPublicBuckets": true + } + } + + If the output reads *false* for the separate configuration settings then proceed to the remediation.`, + + rationale: `Amazon S3 Block public access (bucket settings) prevents the accidental or malicious public exposure of data contained within the respective bucket(s). + + Amazon S3 Block public access (account settings) prevents the accidental or malicious public exposure of data contained within all buckets of the respective AWS account. + + Whether blocking public access to all or some buckets is an organizational decision that should be based on data sensitivity, least privilege, and use case.`, + + remediation: `**If utilizing Block Public Access (bucket settings)** + **From Console:** + + 1. Login to AWS Management Console and open the Amazon S3 console using https://console.aws.amazon.com/s3/ + 2. Select the Check box next to the Bucket. + 3. Click on 'Edit public access settings'. + 4. Click 'Block all public access' + 5. Repeat for all the buckets in your AWS account that contain sensitive data. + + **From Command Line:** + + 1. List all of the S3 Buckets + + aws s3 ls + + 2. Set the Block Public Access to true on that bucket + + aws s3api put-public-access-block --bucket --public-access-block-configuration "BlockPublicAcls=true,IgnorePublicAcls=true,BlockPublicPolicy=true,RestrictPublicBuckets=true" + + **If utilizing Block Public Access (account settings)** + **From Console:** + If the output reads *true* for the separate configuration settings then it is set on the account. + + 1. Login to AWS Management Console and open the Amazon S3 console using https://console.aws.amazon.com/s3/ + 2. Choose Block Public Access (account settings) + 3. Choose Edit to change the block public access settings for all the buckets in your AWS account + 4. Choose the settings you want to change, and then choose Save. For details about each setting, pause on the i icons. + 5. When you're asked for confirmation, enter confirm. Then Click Confirm to save your changes. + + **From Command Line:** + To set Block Public access settings for this account, run the following command: + + aws s3control put-public-access-block --public-access-block-configuration BlockPublicAcls=true, IgnorePublicAcls=true, BlockPublicPolicy=true, RestrictPublicBuckets=true --account-id `, + + references: ['https://docs.aws.amazon.com/AmazonS3/latest/user-guide/block-public-access-account.html'], + gql: `{ + queryawsS3 { + id + arn + accountId + __typename + blockPublicAcls + ignorePublicAcls + blockPublicPolicy + restrictPublicBuckets + } + }`, + resource: 'queryawsS3[*]', + severity: 'high', + conditions: { + and: [ + { + path: '@.blockPublicAcls', + equal: 'Yes', + }, + { + path: '@.ignorePublicAcls', + equal: 'Yes', + }, + { + path: '@.blockPublicPolicy', + equal: 'Yes', + }, + { + path: '@.restrictPublicBuckets', + equal: 'Yes', + }, + ], + }, +} \ No newline at end of file diff --git a/src/aws/cis-1.3.0/rules/aws-cis-1.3.0-1.21.ts b/src/aws/cis-1.3.0/rules/aws-cis-1.3.0-1.21.ts new file mode 100644 index 00000000..40459f5c --- /dev/null +++ b/src/aws/cis-1.3.0/rules/aws-cis-1.3.0-1.21.ts @@ -0,0 +1,81 @@ +// AWS CIS 1.4.0 Rule equivalent 1.20 +export default { + id: 'aws-cis-1.3.0-1.21', + title: 'AWS CIS 1.21 Ensure that IAM Access analyzer is enabled', + + description: `Enable IAM Access analyzer for IAM policies about all resources. + + IAM Access Analyzer is a technology introduced at AWS reinvent 2019. After the Analyzer is enabled in IAM, scan results are displayed on the console showing the accessible resources. Scans show resources that other accounts and federated users can access, such as KMS keys and IAM roles. So the results allow you to determine if an unintended user is allowed, making it easier for administrators to monitor least privileges access.`, + + audit: `**From Console:** + + 1. Open the IAM console at https://console.aws.amazon.com/iam/ + 2. Choose Access analyzer + 3. Ensure that the STATUS is set to Active + + **From Command Line:** + + 1. Run the following command: + + aws accessanalyzer get-analyzer --analyzer-name | grep status + + 2. Ensure that the "status" is set to "ACTIVE"`, + + rationale: 'AWS IAM Access Analyzer helps you identify the resources in your organization and accounts, such as Amazon S3 buckets or IAM roles, that are shared with an external entity. This lets you identify unintended access to your resources and data. Access Analyzer identifies resources that are shared with external principals by using logic-based reasoning to analyze the resource-based policies in your AWS environment. IAM Access Analyzer continuously monitors all policies for S3 bucket, IAM roles, KMS(Key Management Service) keys, AWS Lambda functions, and Amazon SQS(Simple Queue Service) queues.', + + remediation: `**From Console:** + Perform the following to enable IAM Access analyzer for IAM policies: + + 1. Open the IAM console at https://console.aws.amazon.com/iam/. + 2. Choose *Access analyzer*. + 3. Choose *Create analyzer*. + 4. On the *Create analyzer* page, confirm that the Region displayed is the *Region* where you want to enable Access Analyzer. + 5. Enter a name for the analyzer. + 6. Optional. Add any tags that you want to apply to the analyzer. + 7. Choose Create Analyzer. + + **From Command Line:** + Run the following command: + + aws accessanalyzer create-analyzer --analyzer-name --type + + **Note:** The IAM Access Analyzer is successfully configured only when the account you use has the necessary permissions.`, + + references: [ + 'https://docs.aws.amazon.com/IAM/latest/UserGuide/what-is-access-analyzer.html', + 'https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-getting-started.html', + 'https://docs.aws.amazon.com/cli/latest/reference/accessanalyzer/get-analyzer.html', + 'https://docs.aws.amazon.com/cli/latest/reference/accessanalyzer/create-analyzer.html', + ], + gql: `{ + queryawsAccount { + id + arn + accountId + __typename + regions + iamAccessAnalyzers { + region + status + } + } + }`, + resource: 'queryawsAccount[*]', + severity: 'high', + conditions: { + and: [ + { + path: '@.iamAccessAnalyzers', + isEmpty: false, + }, + { + path: '@', + jq: '[.regions[] as $scanned | { scannedRegion: $scanned, analyzers: [.iamAccessAnalyzers[] | select(.region == $scanned )] }]', + array_all: { + path: '[*].analyzers[0].status', + equal: 'ACTIVE', + }, + }, + ], + }, +} \ No newline at end of file diff --git a/src/aws/cis-1.3.0/rules/aws-cis-1.3.0-1.4.ts b/src/aws/cis-1.3.0/rules/aws-cis-1.3.0-1.4.ts new file mode 100644 index 00000000..4dd389a1 --- /dev/null +++ b/src/aws/cis-1.3.0/rules/aws-cis-1.3.0-1.4.ts @@ -0,0 +1,59 @@ +// AWS CIS 1.2.0 Rule equivalent 1.12 +export default { + id: 'aws-cis-1.3.0-1.4', + title: 'AWS CIS 1.4 Ensure no root account access key exists', + description: `The root account is the most privileged user in an AWS account. AWS Access Keys provide + programmatic access to a given AWS account. It is recommended that all access keys + associated with the root account be removed.`, + audit: `Perform the following to determine if the root account has access keys: + Via the AWS Console + + 1. Login to the AWS Management Console + 2. Click *Services* + 3. Click *IAM* + 4. Click on *Credential Report* + 5. This will download an *.xls* file that contains credential usage for all IAM users within an AWS Account - open this file + 6. For the ** user, ensure the *access_key_1_active* and *access_key_2_active* fields are set to *FALSE*. + + Via CLI + + 1. Run the following commands: + + aws iam generate-credential-report + aws iam get-credential-report --query 'Content' --output text | base64 -d | cut -d, -f1,9,14 | grep -B1 '' + + 2. For the ** user, ensure the *access_key_1_active* and *access_key_2_active* fields are set to *FALSE*.`, + rationale: 'Removing access keys associated with the root account limits vectors by which the account can be compromised. Additionally, removing the root access keys encourages the creation and use of role-based accounts that are least privileged.', + remediation: `Perform the following to delete or disable active root access keys being + Via the AWS Console + + 1. Sign in to the AWS Management Console as Root and open the IAM console at https://console.aws.amazon.com/iam/. + 2. Click on ** at the top right and select *Security Credentials* from the drop-down list + 3. On the pop-out screen Click on *Continue to Security Credentials* + 4. Click on *Access Keys* *(Access Key ID and Secret Access Key)* + 5. Under the *Status* column if there are any Keys that are Active + 1. Click on *Make Inactive* - (Temporarily disable Key - may be needed again) + 2. Click *Delete* - (Deleted keys cannot be recovered)`, + references: [ + 'http://docs.aws.amazon.com/general/latest/gr/aws-access-keys-best-practices.html', + 'http://docs.aws.amazon.com/general/latest/gr/managing-aws-access-keys.html', + 'http://docs.aws.amazon.com/IAM/latest/APIReference/API_GetAccountSummary.html', + 'CCE-78910-7', + 'CIS CSC v6.0 #5.1', + ], + gql: `{ + queryawsIamUser(filter: { name: { eq: "root" } }) { + id + arn + accountId + __typename + accessKeysActive + } + }`, + resource: 'queryawsIamUser[*]', + severity: 'high', + conditions: { + path: '@.accessKeysActive', + equal: false, + }, +} diff --git a/src/aws/cis-1.3.0/rules/aws-cis-1.3.0-1.5.ts b/src/aws/cis-1.3.0/rules/aws-cis-1.3.0-1.5.ts new file mode 100644 index 00000000..280a4f26 --- /dev/null +++ b/src/aws/cis-1.3.0/rules/aws-cis-1.3.0-1.5.ts @@ -0,0 +1,66 @@ +// AWS CIS 1.2.0 Rule equivalent 1.13 +export default { + id: 'aws-cis-1.3.0-1.5', + title: 'AWS CIS 1.5 Ensure MFA is enabled for the "root user" account', + description: `The root account is the most privileged user in an AWS account. MFA adds an extra layer of + protection on top of a user name and password. With MFA enabled, when a user signs in to + an AWS website, they will be prompted for their user name and password as well as for an + authentication code from their AWS MFA device. + + **Note:** When virtual MFA is used for root accounts, it is recommended that the device used + is NOT a personal device, but rather a dedicated mobile device (tablet or phone) that is + managed to be kept charged and secured independent of any individual personal devices. + ("non-personal virtual MFA") This lessens the risks of losing access to the MFA due to + device loss, device trade-in or if the individual owning the device is no longer employed at + the company.`, + audit: `Perform the following to determine if the root account has MFA setup: + + 1. Run the following command: + + aws iam get-account-summary | grep "AccountMFAEnabled" + + 2. Ensure the AccountMFAEnabled property is set to 1`, + rationale: 'Enabling MFA provides increased security for console access as it requires the authenticating principal to possess a device that emits a time-sensitive key and have knowledge of a credential.', + remediation: `Perform the following to establish MFA for the root account: + + 1. Sign in to the AWS Management Console and open the IAM console at https://console.aws.amazon.com/iam/. + + + Note: to manage MFA devices for the root AWS account, you must use your root account credentials to sign in to AWS. You cannot manage MFA devices for the root account using other credentials. + + 2. Choose *Dashboard*, and under *Security Status*, expand *Activate MFA* on your root account. + 3. Choose *Activate MFA* + 4. In the wizard, choose *A virtual MFA* device and then choose *Next Step*. + 5. IAM generates and displays configuration information for the virtual MFA device, including a QR code graphic. The graphic is a representation of the 'secret configuration key' that is available for manual entry on devices that do not support QR codes. + 6. Open your virtual MFA application. (For a list of apps that you can use for hosting virtual MFA devices, see Virtual MFA Applications.) If the virtual MFA application supports multiple accounts (multiple virtual MFA devices), choose the option to create a new account (a new virtual MFA device). + 7. Determine whether the MFA app supports QR codes, and then do one of the following: + + + - Use the app to scan the QR code. For example, you might choose the camera icon or choose an option similar to Scan code, and then use the device's camera to scan the code. + - In the Manage MFA Device wizard, choose Show secret key for manual configuration, and then type the secret configuration key into your MFA application. + + When you are finished, the virtual MFA device starts generating one-time passwords. + + 1. In the Manage MFA Device wizard, in the Authentication Code 1 box, type the one-time password that currently appears in the virtual MFA device. Wait up to 30 seconds for the device to generate a new one-time password. Then type the second one-time password into the Authentication Code 2 box. Choose Active Virtual MFA.`, + references: [ + 'CCE-78911-5', + 'https://docs.aws.amazon.com/IAM/latest/UserGuide/id_root-user.html#id_root-user_manage_mfa', + 'https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_mfa_enable_virtual.html#enable-virt-mfa-for-root', + ], + gql: `{ + queryawsIamUser(filter: { name: { eq: "root" } }) { + id + arn + accountId + __typename + name + mfaActive + } + }`, + resource: 'queryawsIamUser[*]', + severity: 'high', + conditions: { + path: '@.mfaActive', + equal: true, + }, +} diff --git a/src/aws/cis-1.3.0/rules/aws-cis-1.3.0-1.6.ts b/src/aws/cis-1.3.0/rules/aws-cis-1.3.0-1.6.ts new file mode 100644 index 00000000..fabf135a --- /dev/null +++ b/src/aws/cis-1.3.0/rules/aws-cis-1.3.0-1.6.ts @@ -0,0 +1,82 @@ +// AWS CIS 1.2.0 Rule equivalent 1.14 +export default { + id: 'aws-cis-1.3.0-1.6', + title: 'AWS CIS 1.6 Ensure hardware MFA is enabled for the "root user" account', + description: `The root account is the most privileged user in an AWS account. MFA adds an extra layer of + protection on top of a user name and password. With MFA enabled, when a user signs in to + an AWS website, they will be prompted for their user name and password as well as for an + authentication code from their AWS MFA device. For Level 2, it is recommended that the + root account be protected with a hardware MFA.`, + audit: `Perform the following to determine if the root account has a hardware MFA setup: + + 1. Run the following command to determine if the root account has MFA setup: + + aws iam get-account-summary | grep "AccountMFAEnabled" + + The *AccountMFAEnabled* property is set to 1 will ensure that the root account has MFA (Virtual or Hardware) Enabled. + If *AccountMFAEnabled* property is set to 0 the account is not compliant with this recommendation. + +
+ + 2. If *AccountMFAEnabled* property is set to 1, determine root account has Hardware MFA enabled. Run the following command to list all virtual MFA devices: + + aws iam list-virtual-mfa-devices + + If the output contains one MFA with the following Serial Number, it means the MFA is virtual, not hardware and the account is not compliant with this recommendation: *"SerialNumber": "arn:aws:iam::__:mfa/root-account-mfa-device"*`, + rationale: `A hardware MFA has a smaller attack surface than a virtual MFA. For example, a hardware MFA does not suffer the attack surface introduced by the mobile smartphone on which a virtual MFA resides. + + **Note**: Using hardware MFA for many, many AWS accounts may create a logistical device management issue. If this is the case, consider implementing this Level 2 recommendation selectively to the highest security AWS accounts and the Level 1 recommendation applied to the remaining accounts. + + Link to order AWS compatible hardware MFA device: [http://onlinenoram.gemalto.com/](http://onlinenoram.gemalto.com/)`, + remediation: `Perform the following to establish a hardware MFA for the root account: + + 1. Sign in to the AWS Management Console and open the IAM console at https://console.aws.amazon.com/iam/. + + Note: to manage MFA devices for the root AWS account, you must use your root account credentials to sign in to AWS. You cannot manage MFA devices for the root account using other credentials. + + 2. Choose *Dashboard* , and under *Security Status* , expand *Activate MFA* on your root account. + 3. Choose *Activate MFA* + 4. In the wizard, choose *A hardware MFA* device and then choose *Next Step*. + 5. In the *Serial Number* box, enter the serial number that is found on the back of the MFA device. + 6. In the *Authentication Code 1* box, enter the six-digit number displayed by the MFA device. You might need to press the button on the front of the device to display the number. + 7. Wait 30 seconds while the device refreshes the code, and then enter the next six-digit number into the *Authentication Code 2* box. You might need to press the button on the front of the device again to display the second number. + 8. Choose *Next Step*. The MFA device is now associated with the AWS account. The next time you use your AWS account credentials to sign in, you must type a code from the hardware MFA device.`, + references: [ + 'CCE-78911-5', + 'https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_mfa_enable_virtual.html', + 'https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_mfa_enable_physical.html#enable-hw-mfa-for-root', + ], + gql: `{ + queryawsIamUser(filter: { name: { eq: "root" } }) { + id + arn + accountId + __typename + name + mfaActive + virtualMfaDevices { + serialNumber + } + } + }`, + resource: 'queryawsIamUser[*]', + severity: 'high', + conditions: { + and: [ + { + path: '@.mfaActive', + equal: true, + }, + { + jq: '[select("arn:aws:iam::" + .accountId + ":mfa/root-account-mfa-device" == .virtualMfaDevices[].serialNumber)] | { "match" : (length > 0) }', + path: '@', + and: [ + { + path: '@.match', + notEqual: true, + }, + ], + }, + ], + }, +} diff --git a/src/aws/cis-1.3.0/rules/aws-cis-1.3.0-1.7.ts b/src/aws/cis-1.3.0/rules/aws-cis-1.3.0-1.7.ts new file mode 100644 index 00000000..3c7eb1f9 --- /dev/null +++ b/src/aws/cis-1.3.0/rules/aws-cis-1.3.0-1.7.ts @@ -0,0 +1,101 @@ +export default { + id: 'aws-cis-1.3.0-1.7', + title: 'AWS CIS 1.7 Eliminate use of the root user for administrative and daily tasks', + + description: 'With the creation of an AWS account, a \'root user\' is created that cannot be disabled or deleted. That user has unrestricted access to and control over all resources in the AWS account. It is highly recommended that the use of this account be avoided for everyday tasks.', + + audit: `**From Console:** + + 1. Login to the AWS Management Console at https://console.aws.amazon.com/iam/ + 2. In the left pane, click *Credential Report* + 3. Click on *Download Report* + 4. Open of Save the file locally + 5. Locate the ** under the user column + 6. Review *password_last_used*, *access_key_1_last_used_date*, *access_key_2_last_used_date* to determine when the 'root user' was last used. + + **From Command Line:** + Run the following CLI commands to provide a credential report for determining the last time the 'root user' was used: + + aws iam generate-credential-report + + aws iam get-credential-report --query 'Content' --output text | base64 -d | cut -d, -f1,5,11,16 | grep -B1 '' + + Review *password_last_used*, *access_key_1_last_used_date*, *access_key_2_last_used_date* to determine when the root user was last used. + + **Note:** There are a few conditions under which the use of the 'root' user account is required. Please see the reference links for all of the tasks that require use of the 'root' user.`, + + rationale: 'The \'root user\' has unrestricted access to and control over all account resources. Use of it is inconsistent with the principles of least privilege and separation of duties, and can lead to unnecessary harm due to error or account compromise.', + + remediation: `Remediation: + + If you find that the 'root' user account is being used for daily activity to include administrative tasks that do not require the 'root' user: + + 1. Change the 'root' user password. + 2. Deactivate or delete any access keys associate with the 'root' user. + + **Remember, anyone who has 'root' user credentials for your AWS account has unrestricted access to and control of all the resources in your account, including billing information.`, + + references: [ + 'https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html', + 'https://docs.aws.amazon.com/IAM/latest/UserGuide/id_root-user.html', + 'https://docs.aws.amazon.com/general/latest/gr/aws_tasks-that-require-root.html', + ], + gql: `{ + queryawsIamUser(filter: { name: { eq: "root" } }) { + id + arn + accountId + __typename + passwordLastUsed + passwordEnabled + accessKeysActive + accessKeyData { + lastUsedDate + status + } + } + }`, + resource: 'queryawsIamUser[*]', + severity: 'high', + conditions: { + not: { + or: [ + { + and: [ + { + path: '@.passwordEnabled', + equal: true, + }, + { + value: { daysAgo: {}, path: '@.passwordLastUsed' }, + lessThanInclusive: 90, + }, + ], + }, + { + and: [ + { + path: '@.accessKeysActive', + equal: true, + }, + { + path: '@.accessKeyData', + array_any: { + and: [ + { + path: '[*].status', + equal: 'Active', + }, + { + value: { daysAgo: {}, path: '[*].lastUsedDate' }, + lessThanInclusive: 90, + }, + ], + }, + }, + ], + } + ] + }, + }, +} \ No newline at end of file diff --git a/src/aws/cis-1.3.0/rules/aws-cis-1.3.0-1.8.ts b/src/aws/cis-1.3.0/rules/aws-cis-1.3.0-1.8.ts new file mode 100644 index 00000000..43ae8ac2 --- /dev/null +++ b/src/aws/cis-1.3.0/rules/aws-cis-1.3.0-1.8.ts @@ -0,0 +1,62 @@ +// AWS CIS 1.2.0 Rule equivalent 1.9 +export default { + id: 'aws-cis-1.3.0-1.8', + title: 'AWS CIS 1.8 Ensure IAM password policy requires minimum length of 14 or greater', + + description: `Password policies are, in part, used to enforce password complexity requirements. IAM + password policies can be used to ensure password are at least a given length. It is + recommended that the password policy require a minimum password length 14.`, + + audit: `Perform the following to ensure the password policy is configured as prescribed: + + **From Console:** + + 1. Login to AWS Console (with appropriate permissions to View Identity Access Management Account Settings) + 2. Go to IAM Service on the AWS Console + 3. Click on Account Settings on the Left Pane + 4. Ensure "Minimum password length" is set to 14 or greater. + + **From Command Line:** + + aws iam get-account-password-policy + + Ensure the output of the above command includes "MinimumPasswordLength": 14 (or higher)`, + + rationale: 'Setting a password complexity policy increases account resiliency against brute force login attempts.', + + remediation: `Perform the following to set the password policy as prescribed: + + **From Console:** + + 1. Login to AWS Console (with appropriate permissions to View Identity Access Management Account Settings) + 2. Go to IAM Service on the AWS Console + 3. Click on Account Settings on the Left Pane + 4. Set "Minimum password length" to 14 or greater. + 5. Click "Apply password policy" + + **From Command Line:** + + aws iam update-account-password-policy --minimum-password-length 14 + + Note: All commands starting with "aws iam update-account-password-policy" can be combined into a single command.`, + + references: [ + 'CCE-78907-3', + 'https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_passwords_account-policy.html', + 'https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html#configure-strong-password-policy', + ], + gql: `{ + queryawsIamPasswordPolicy { + id + accountId + __typename + minimumPasswordLength + } + }`, + resource: 'queryawsIamPasswordPolicy[*]', + severity: 'medium', + conditions: { + path: '@.minimumPasswordLength', + greaterThanInclusive: 14, + }, +} \ No newline at end of file diff --git a/src/aws/cis-1.3.0/rules/aws-cis-1.3.0-1.9.ts b/src/aws/cis-1.3.0/rules/aws-cis-1.3.0-1.9.ts new file mode 100644 index 00000000..34c02dc8 --- /dev/null +++ b/src/aws/cis-1.3.0/rules/aws-cis-1.3.0-1.9.ts @@ -0,0 +1,61 @@ +// AWS CIS 1.2.0 Rule equivalent 1.10 +export default { + id: 'aws-cis-1.3.0-1.9', + title: 'AWS CIS 1.9 Ensure IAM password policy prevents password reuse', + description: `IAM password policies can prevent the reuse of a given password by the same user. It is + recommended that the password policy prevent the reuse of passwords.`, + + audit: `Perform the following to ensure the password policy is configured as prescribed: + + **From Console:** + + 1. Login to AWS Console (with appropriate permissions to View Identity Access Management Account Settings) + 2. Go to IAM Service on the AWS Console + 3. Click on Account Settings on the Left Pane + 4. Ensure "Prevent password reuse" is checked + 5. Ensure "Number of passwords to remember" is set to 24 + + **From Command Line:** + + aws iam get-account-password-policy + + Ensure the output of the above command includes "PasswordReusePrevention": 24`, + + rationale: 'Preventing password reuse increases account resiliency against brute force login attempts.', + + remediation: `Perform the following to set the password policy as prescribed: + + **From Console:** + + 1. Login to AWS Console (with appropriate permissions to View Identity Access Management Account Settings) + 2. Go to IAM Service on the AWS Console + 3. Click on Account Settings on the Left Pane + 4. Check "Prevent password reuse" + 5. Set "Number of passwords to remember" is set to 24 + + **From Command Line:** + + aws iam update-account-password-policy --password-reuse-prevention 24 + + Note: All commands starting with "aws iam update-account-password-policy" can be combined into a single command.`, + + references: [ + 'CCE-78908-1', + 'https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_passwords_account-policy.html', + 'https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html#configure-strong-password-policy', + ], + gql: `{ + queryawsIamPasswordPolicy { + id + accountId + __typename + passwordReusePrevention + } + }`, + resource: 'queryawsIamPasswordPolicy[*]', + severity: 'high', + conditions: { + path: '@.passwordReusePrevention', + greaterThanInclusive: 24, + }, +} \ No newline at end of file diff --git a/src/aws/cis-1.3.0/rules/index.ts b/src/aws/cis-1.3.0/rules/index.ts index c7468a33..c61d4a14 100644 --- a/src/aws/cis-1.3.0/rules/index.ts +++ b/src/aws/cis-1.3.0/rules/index.ts @@ -1,4 +1,35 @@ +import Aws_CIS_130_14 from './aws-cis-1.3.0-1.4' +import Aws_CIS_130_15 from './aws-cis-1.3.0-1.5' +import Aws_CIS_130_16 from './aws-cis-1.3.0-1.6' +import Aws_CIS_130_17 from './aws-cis-1.3.0-1.7' +import Aws_CIS_130_18 from './aws-cis-1.3.0-1.8' +import Aws_CIS_130_19 from './aws-cis-1.3.0-1.9' +import Aws_CIS_130_110 from './aws-cis-1.3.0-1.10' +import Aws_CIS_130_112 from './aws-cis-1.3.0-1.12' +import Aws_CIS_130_113 from './aws-cis-1.3.0-1.13' +import Aws_CIS_130_114 from './aws-cis-1.3.0-1.14' +import Aws_CIS_130_115 from './aws-cis-1.3.0-1.15' +import Aws_CIS_130_116 from './aws-cis-1.3.0-1.16' +import Aws_CIS_130_117 from './aws-cis-1.3.0-1.17' +import Aws_CIS_130_119 from './aws-cis-1.3.0-1.19' +import Aws_CIS_130_120 from './aws-cis-1.3.0-1.20' +import Aws_CIS_130_121 from './aws-cis-1.3.0-1.21' export default [ - // TODO: Add rules to export + Aws_CIS_130_14, + Aws_CIS_130_15, + Aws_CIS_130_16, + Aws_CIS_130_17, + Aws_CIS_130_18, + Aws_CIS_130_19, + Aws_CIS_130_110, + Aws_CIS_130_112, + Aws_CIS_130_113, + Aws_CIS_130_114, + Aws_CIS_130_115, + Aws_CIS_130_116, + Aws_CIS_130_117, + Aws_CIS_130_119, + Aws_CIS_130_120, + Aws_CIS_130_121, ] diff --git a/src/aws/cis-1.3.0/tests/aws-cis-1.3.0-1.x.test.ts b/src/aws/cis-1.3.0/tests/aws-cis-1.3.0-1.x.test.ts new file mode 100644 index 00000000..022d43a9 --- /dev/null +++ b/src/aws/cis-1.3.0/tests/aws-cis-1.3.0-1.x.test.ts @@ -0,0 +1,1055 @@ +import CloudGraph, { Rule, Result, Engine } from '@cloudgraph/sdk' +import cuid from 'cuid' + +import Aws_CIS_130_14 from '../rules/aws-cis-1.3.0-1.4' +import Aws_CIS_130_15 from '../rules/aws-cis-1.3.0-1.5' +import Aws_CIS_130_16 from '../rules/aws-cis-1.3.0-1.6' +import Aws_CIS_130_17 from '../rules/aws-cis-1.3.0-1.7' +import Aws_CIS_130_18 from '../rules/aws-cis-1.3.0-1.8' +import Aws_CIS_130_19 from '../rules/aws-cis-1.3.0-1.9' +import Aws_CIS_130_110 from '../rules/aws-cis-1.3.0-1.10' +import Aws_CIS_130_112 from '../rules/aws-cis-1.3.0-1.12' +import Aws_CIS_130_113 from '../rules/aws-cis-1.3.0-1.13' +import Aws_CIS_130_114 from '../rules/aws-cis-1.3.0-1.14' +import Aws_CIS_130_115 from '../rules/aws-cis-1.3.0-1.15' +import Aws_CIS_130_116 from '../rules/aws-cis-1.3.0-1.16' +import Aws_CIS_130_117 from '../rules/aws-cis-1.3.0-1.17' +import Aws_CIS_130_119 from '../rules/aws-cis-1.3.0-1.19' +import Aws_CIS_130_120 from '../rules/aws-cis-1.3.0-1.20' +import Aws_CIS_130_121 from '../rules/aws-cis-1.3.0-1.21' + +export interface VirtualMfaDevice { + serialNumber: string +} + +export interface AccessKeyData { + lastUsedDate?: string + status?: string + lastRotated?: string +} + +export interface IamAttachedPolicy { + arn?: string + name?: string +} + +export interface Statement { + effect?: string + action?: string[] + resource?: string[] +} + +export interface AssumeRolePolicy { + statement: Statement[] +} + +export interface PolicyContent { + statement: Statement[] +} +export interface QueryawsIamPolicy { + id: string + policyContent: PolicyContent +} + +export interface QueryawsIamUser { + id: string + name?: string + accessKeysActive?: boolean + mfaActive?: boolean + accountId?:string + virtualMfaDevices?: VirtualMfaDevice[] + passwordEnabled?: boolean + passwordLastUsed?: string + accessKeyData?: AccessKeyData[] + iamAttachedPolicies?: IamAttachedPolicy[] + inlinePolicies?: string[] + +} + +export interface QueryawsIamPasswordPolicy { + id: string + minimumPasswordLength?: number + requireNumbers?: boolean + passwordReusePrevention?: number + requireLowercaseCharacters?: boolean + requireSymbols?: boolean + requireUppercaseCharacters?: boolean + expirePasswords?: boolean + maxPasswordAge?: number +} + +export interface iamRole { + arn: string +} + +export interface iamGroup { + arn: string +} + +export interface IamUser { + arn: string +} + +export interface IamPolicy { + name: string + iamUsers: IamUser[] + iamGroups: iamGroup[] + iamRoles: iamRole[] +} + +export interface IamAccessAnalyzer { + status: string + region: string +} + +export interface QueryawsIamServerCertificate { + id: string + expiration: string +} + +export interface QueryawsAccount { + id: string + regions?: string[] + iamPolicies?: IamPolicy[] + iamAccessAnalyzers?: IamAccessAnalyzer[] +} + +export interface QueryawsS3 { + id: string + versioning?: string + mfa?: string + blockPublicAcls?: string + ignorePublicAcls?: string + blockPublicPolicy?: string + restrictPublicBuckets?: string +} + +export interface CIS1xQueryResponse { + queryawsIamUser?: QueryawsIamUser[] + queryawsIamPasswordPolicy?: QueryawsIamPasswordPolicy[] + queryawsIamPolicy?: QueryawsIamPolicy[] + queryawsAccount?: QueryawsAccount[] + queryawsIamServerCertificate?: QueryawsIamServerCertificate[] + queryawsS3?: QueryawsS3[] +} + +describe('CIS Amazon Web Services Foundations: 1.4.0', () => { + let rulesEngine: Engine + beforeAll(() => { + rulesEngine = new CloudGraph.RulesEngine({ + providerName: 'aws', + entityName: 'CIS', + }) + }) + + describe('AWS CIS 1.4 Ensure no root user account access key exists', () => { + const getTestRuleFixture = ( + accessKeysActive: boolean + ): CIS1xQueryResponse => { + return { + queryawsIamUser: [ + { + id: cuid(), + accessKeysActive, + }, + ] + } + } + + // Act + const testRule = async ( + data: CIS1xQueryResponse, + expectedResult: Result + ): Promise => { + // Act + const [processedRule] = await rulesEngine.processRule( + Aws_CIS_130_14 as Rule, + { ...data } + ) + + // Asserts + expect(processedRule.result).toBe(expectedResult) + } + + test('No Security Issue when a root account does not have any access key active', async () => { + const data: CIS1xQueryResponse = getTestRuleFixture(false) + await testRule(data, Result.PASS) + }) + + test('Security Issue when a root account has at least one access key active', async () => { + const data: CIS1xQueryResponse = getTestRuleFixture(true) + await testRule(data, Result.FAIL) + }) + }) + + describe('AWS CIS 1.5 Ensure MFA is enabled for the root user account', () => { + const getTestRuleFixture = ( + mfaActive: boolean + ): CIS1xQueryResponse => { + return { + queryawsIamUser: [ + { + id: cuid(), + name: 'root', + mfaActive, + }, + ], + } + } + + // Act + const testRule = async ( + data: CIS1xQueryResponse, + expectedResult: Result + ): Promise => { + // Act + const [processedRule] = await rulesEngine.processRule( + Aws_CIS_130_15 as Rule, + { ...data } + ) + + // Asserts + expect(processedRule.result).toBe(expectedResult) + } + + test('No Security Issue when a root account has a mfa device active', async () => { + const data: CIS1xQueryResponse = getTestRuleFixture(true) + await testRule(data, Result.PASS) + }) + + test('Security Issue when a root account has not a mfa device active', async () => { + const data: CIS1xQueryResponse = getTestRuleFixture(false) + await testRule(data, Result.FAIL) + }) + }) + + describe('AWS CIS 1.6 Ensure hardware MFA is enabled for the root user account', () => { + const getTestRuleFixture = ( + mfaActive: boolean + ): CIS1xQueryResponse => { + return { + queryawsIamUser: [ + { + id: cuid(), + name: 'root', + mfaActive, + accountId: '123456', + virtualMfaDevices: [ + { + serialNumber: 'arn:aws:iam::123456:mfa/some-account-mfa-device', + }, + ], + }, + ], + } + } + + // Act + const testRule = async ( + data: CIS1xQueryResponse, + expectedResult: Result + ): Promise => { + // Act + const [processedRule] = await rulesEngine.processRule( + Aws_CIS_130_16 as Rule, + { ...data } + ) + + // Asserts + expect(processedRule.result).toBe(expectedResult) + } + + test('No Security Issue when a root account has a mfa hardware device active', async () => { + const data: CIS1xQueryResponse = getTestRuleFixture(true) + await testRule(data, Result.PASS) + }) + + test('Security Issue when a root account has a mfa hardware device deactivate', async () => { + const data: CIS1xQueryResponse = getTestRuleFixture(false) + await testRule(data, Result.FAIL) + }) + }) + + describe('AWS CIS 1.6 Eliminate use of the root user for administrative and daily tasks', () => { + const getTestRuleFixture = ( + mfaActive: boolean + ): CIS1xQueryResponse => { + return { + queryawsIamUser: [ + { + id: cuid(), + name: 'root', + mfaActive, + accountId: '123456', + virtualMfaDevices: [ + { + serialNumber: 'arn:aws:iam::123456:mfa/some-account-mfa-device', + }, + ], + }, + ], + } + } + + // Act + const testRule = async ( + data: CIS1xQueryResponse, + expectedResult: Result + ): Promise => { + // Act + const [processedRule] = await rulesEngine.processRule( + Aws_CIS_130_16 as Rule, + { ...data } + ) + + // Asserts + expect(processedRule.result).toBe(expectedResult) + } + + test('No Security Issue when a root account has a mfa hardware device active', async () => { + const data: CIS1xQueryResponse = getTestRuleFixture(true) + await testRule(data, Result.PASS) + }) + + test('Security Issue when a root account has a mfa hardware device deactivate', async () => { + const data: CIS1xQueryResponse = getTestRuleFixture(false) + await testRule(data, Result.FAIL) + }) + }) + + describe('AWS CIS 1.7 Eliminate use of the root user for administrative and daily tasks', () => { + const getTestRuleFixture = ( + passwordLastUsed: string, + status: string, + lastUsedDate: string + ): CIS1xQueryResponse => { + return { + queryawsIamUser: [ + { + id: cuid(), + passwordEnabled: true, + passwordLastUsed, + accessKeysActive: true, + accessKeyData: [ + { + status, + lastUsedDate, + }, + { + status: 'Active', + lastUsedDate: '2022-01-01T17:20:19.000Z', + } + ], + }, + ], + } + } + + // Act + const testRule = async ( + data: CIS1xQueryResponse, + expectedResult: Result + ): Promise => { + // Act + const [processedRule] = await rulesEngine.processRule( + Aws_CIS_130_17 as Rule, + { ...data } + ) + + // Asserts + expect(processedRule.result).toBe(expectedResult) + } + + test('No Security Issue when when a root account does not uses his password in the last 90 days', async () => { + const data: CIS1xQueryResponse = getTestRuleFixture('2021-04-08T17:20:19.000Z', 'Active', '2021-10-08T17:20:19.000Z') + await testRule(data, Result.PASS) + }) + + test('No Security Issue when when a root account does not uses his password in the last 90 days and not have access Keys', async () => { + const data: CIS1xQueryResponse = getTestRuleFixture('2021-04-08T17:20:19.000Z', '', '') + const user = data.queryawsIamUser?.[0] as QueryawsIamUser + user.accessKeyData = [] + await testRule(data, Result.PASS) + }) + + test('Security Issue when a root account uses his password in the last 90 days', async () => { + const data: CIS1xQueryResponse = getTestRuleFixture(new Date().toISOString(), 'Active', '2021-10-08T17:20:19.000Z') + await testRule(data, Result.FAIL) + }) + + test('Security Issue when a root account uses his access Keys in the last 90 days', async () => { + const data: CIS1xQueryResponse = getTestRuleFixture('2021-04-08T17:20:19.000Z', 'Active', new Date().toISOString()) + await testRule(data, Result.FAIL) + }) + }) + + describe('AWS CIS 1.8 Ensure IAM password policy requires minimum length of 14 or greater', () => { + const getTestRuleFixture = ( + minimumPasswordLength: number + ): CIS1xQueryResponse => { + return { + queryawsIamPasswordPolicy: [ + { + id: cuid(), + minimumPasswordLength, + }, + ] + } + } + + // Act + const testRule = async ( + data: CIS1xQueryResponse, + expectedResult: Result + ): Promise => { + // Act + const [processedRule] = await rulesEngine.processRule( + Aws_CIS_130_18 as Rule, + { ...data } + ) + + // Asserts + expect(processedRule.result).toBe(expectedResult) + } + + test('No Security Issue when password policy minimum length is greater than or equal to 14', async () => { + const data: CIS1xQueryResponse = getTestRuleFixture(14) + await testRule(data, Result.PASS) + }) + + test('Security Issue when password policy minimum length is less than 14', async () => { + const data: CIS1xQueryResponse = getTestRuleFixture(13) + await testRule(data, Result.FAIL) + }) + + }) + + describe('AWS CIS 1.9 Ensure IAM password policy prevents password reuse', () => { + const getTestRuleFixture = ( + passwordReusePrevention: number + ): CIS1xQueryResponse => { + return { + queryawsIamPasswordPolicy: [ + { + id: cuid(), + passwordReusePrevention, + }, + ] + } + } + + // Act + const testRule = async ( + data: CIS1xQueryResponse, + expectedResult: Result + ): Promise => { + // Act + const [processedRule] = await rulesEngine.processRule( + Aws_CIS_130_19 as Rule, + { ...data } + ) + + // Asserts + expect(processedRule.result).toBe(expectedResult) + } + + test('No Security Issue if the number of previous passwords is more than 24', async () => { + const data: CIS1xQueryResponse = getTestRuleFixture(25) + await testRule(data, Result.PASS) + }) + + test('Security Issue if the number of previous passwords is less than 24', async () => { + const data: CIS1xQueryResponse = getTestRuleFixture(23) + await testRule(data, Result.FAIL) + }) + + }) + + describe('AWS CIS 1.10 Ensure multi-factor authentication (MFA) is enabled for all IAM users that have a console password', () => { + const getTestRuleFixture = ( + passwordEnabled: boolean, + mfaActive: boolean + ): CIS1xQueryResponse => { + return { + queryawsIamUser: [ + { + id: cuid(), + passwordEnabled, + mfaActive, + }, + ] + } + } + + // Act + const testRule = async ( + data: CIS1xQueryResponse, + expectedResult: Result + ): Promise => { + // Act + const [processedRule] = await rulesEngine.processRule( + Aws_CIS_130_110 as Rule, + { ...data } + ) + + // Asserts + expect(processedRule.result).toBe(expectedResult) + } + + test('No Security Issue when a user has no active password', async () => { + const data: CIS1xQueryResponse = getTestRuleFixture(false, true) + await testRule(data, Result.PASS) + }) + + test('No Security Issue when a user has an active password with an mfa device register', async () => { + const data: CIS1xQueryResponse = getTestRuleFixture(true, true) + await testRule(data, Result.PASS) + }) + + test('Security Issue when a user has an active password without an mfa device register', async () => { + const data: CIS1xQueryResponse = getTestRuleFixture(true, false) + await testRule(data, Result.FAIL) + }) + + }) + + describe('AWS CIS 1.12 Ensure credentials unused for 90 days or greater are disabled', () => { + const getTestRuleFixture = ( + passwordLastUsed: string, + lastUsedDate: string + ): CIS1xQueryResponse => { + return { + queryawsIamUser: [ + { + id: cuid(), + passwordLastUsed, + accessKeyData: [ + { + lastUsedDate, + } + ], + }, + ], + } + } + + // Act + const testRule = async ( + data: CIS1xQueryResponse, + expectedResult: Result + ): Promise => { + // Act + const [processedRule] = await rulesEngine.processRule( + Aws_CIS_130_112 as Rule, + { ...data } + ) + + // Asserts + expect(processedRule.result).toBe(expectedResult) + } + + test('No Security Issue when there are an access key unused for less than 90 days', async () => { + const data: CIS1xQueryResponse = getTestRuleFixture('', new Date().toISOString()) + await testRule(data, Result.PASS) + }) + + test('No Security Issue when no password last used AND no access key data', async () => { + const data: CIS1xQueryResponse = getTestRuleFixture('', '') + const queryawsIamUser = data.queryawsIamUser?.[0] as QueryawsIamUser + queryawsIamUser.accessKeyData = [] + await testRule(data, Result.PASS) + }) + + test('Security Issue when there are an access key unused for more than 90 days', async () => { + const data: CIS1xQueryResponse = getTestRuleFixture('', '2021-05-27T20:29:00.000Z') + await testRule(data, Result.FAIL) + }) + + test('Security Issue when there are a passwoord unused for more than 90 days', async () => { + const data: CIS1xQueryResponse = getTestRuleFixture('2021-05-27T20:29:00.000Z', '') + const queryawsIamUser = data.queryawsIamUser?.[0] as QueryawsIamUser + queryawsIamUser.accessKeyData = [] + await testRule(data, Result.FAIL) + }) + + }) + + describe('AWS CIS 1.13 Ensure there is only one active access key available for any single IAM user', () => { + const getTestRuleFixture = ( + status: string + ): CIS1xQueryResponse => { + return { + queryawsIamUser: [ + { + id: cuid(), + accessKeyData: [ + { + status, + }, + { + status: 'Active', + } + ], + }, + ], + } + } + + // Act + const testRule = async ( + data: CIS1xQueryResponse, + expectedResult: Result + ): Promise => { + // Act + const [processedRule] = await rulesEngine.processRule( + Aws_CIS_130_113 as Rule, + { ...data } + ) + + // Asserts + expect(processedRule.result).toBe(expectedResult) + } + + test('No Security Issue when there is only one active access key available for any single IAM user', async () => { + const data: CIS1xQueryResponse = getTestRuleFixture('Inactive') + await testRule(data, Result.PASS) + }) + + test('Security Issue when there are more than one active access key available for any single IAM user', async () => { + const data: CIS1xQueryResponse = getTestRuleFixture('Active') + await testRule(data, Result.FAIL) + }) + }) + + describe('AWS CIS 1.14 Ensure access keys are rotated every 90 days or less', () => { + const getTestRuleFixture = ( + status: string, + lastRotated: string + ): CIS1xQueryResponse => { + return { + queryawsIamUser: [ + { + id: cuid(), + accessKeyData: [ + { + status, + lastRotated, + }, + { + status: 'Active', + lastRotated: '2021-08-27T15:00:44.000Z', + } + ], + }, + ], + } + } + + // Act + const testRule = async ( + data: CIS1xQueryResponse, + expectedResult: Result + ): Promise => { + // Act + const [processedRule] = await rulesEngine.processRule( + Aws_CIS_130_114 as Rule, + { ...data } + ) + + // Asserts + expect(processedRule.result).toBe(expectedResult) + } + + test('No Security Issue when users have an active access key created for less than 90 days', async () => { + const data: CIS1xQueryResponse = getTestRuleFixture('Active', new Date().toISOString()) + await testRule(data, Result.PASS) + }) + + test('Security Issue when users have an active access key created for more than 90 days', async () => { + const data: CIS1xQueryResponse = getTestRuleFixture('Active', '2021-09-23T15:56:01.000Z') + await testRule(data, Result.FAIL) + }) + }) + + describe('AWS CIS 1.15 Ensure IAM Users Receive Permissions Only Through Groups', () => { + const getTestRuleFixture = ( + iamAttachedPolicies: IamAttachedPolicy[], + inlinePolicies: string[] + ): CIS1xQueryResponse => { + return { + queryawsIamUser: [ + { + id: cuid(), + iamAttachedPolicies, + inlinePolicies, + }, + ], + } + } + + // Act + const testRule = async ( + data: CIS1xQueryResponse, + expectedResult: Result + ): Promise => { + // Act + const [processedRule] = await rulesEngine.processRule( + Aws_CIS_130_115 as Rule, + { ...data } + ) + + // Asserts + expect(processedRule.result).toBe(expectedResult) + } + + test('No Security Issue when users does not have attached policies directly', async () => { + const data: CIS1xQueryResponse = getTestRuleFixture([],[]) + await testRule(data, Result.PASS) + }) + + test('Security Issue when users have attached policies directly', async () => { + const data: CIS1xQueryResponse = getTestRuleFixture([{ arn: cuid() }], ['inline_test']) + await testRule(data, Result.FAIL) + }) + }) + + describe('AWS CIS 1.16 Ensure IAM policies that allow full "*:*" administrative privileges are not attached', () => { + const getTestRuleFixture = ( + effect: string, + action: string[], + resource: string[] + ): CIS1xQueryResponse => { + return { + queryawsIamPolicy: [ + { + id: cuid(), + policyContent: { + statement: [ + { + effect, + action, + resource + } + ] + } + }, + ], + } + } + + // Act + const testRule = async ( + data: CIS1xQueryResponse, + expectedResult: Result + ): Promise => { + // Act + const [processedRule] = await rulesEngine.processRule( + Aws_CIS_130_116 as Rule, + { ...data } + ) + + // Asserts + expect(processedRule.result).toBe(expectedResult) + } + + test('No Security Issue when IAM policies not allow full "*:*" administrative privileges', async () => { + const data: CIS1xQueryResponse = getTestRuleFixture('Allow', [ + 'secretsmanager:DeleteSecret', + 'secretsmanager:GetSecretValue', + 'secretsmanager:UpdateSecret', + ], ['arn:aws:secretsmanager:*:*:secret:A4B*']) + await testRule(data, Result.PASS) + }) + + test('No Security Issue when IAM policies that have a statement with "Effect": "Allow" with "Action": "*" over restricted "Resource"', async () => { + const data: CIS1xQueryResponse = getTestRuleFixture('Allow', ['*'], ['arn:aws:secretsmanager:*:*:secret:A4B*']) + await testRule(data, Result.PASS) + }) + + test('No Security Issue when IAM policies that have a statement with "Effect": "Allow" with restricted "Action" over "Resource": "*"', async () => { + const data: CIS1xQueryResponse = getTestRuleFixture('Allow', [ + 'secretsmanager:DeleteSecret', + 'secretsmanager:GetSecretValue', + 'secretsmanager:UpdateSecret', + ], ['*']) + await testRule(data, Result.PASS) + }) + + test('No Security Issue when IAM policies that allow full "*:*" administrative privileges', async () => { + const data: CIS1xQueryResponse = getTestRuleFixture('Allow', ['*'], ['*']) + await testRule(data, Result.FAIL) + }) + }) + + describe('AWS CIS 1.17 Ensure a support role has been created to manage incidents with AWS Support', () => { + const getTestRuleFixture = ( + name: string, + iamUsers: IamUser[], + iamGroups: iamGroup[], + iamRoles: iamRole[] + ): CIS1xQueryResponse => { + return { + queryawsAccount: [ + { + id: cuid(), + iamPolicies: [ + { + name, + iamUsers, + iamGroups, + iamRoles + } + ] + }, + ], + } + } + + // Act + const testRule = async ( + data: CIS1xQueryResponse, + expectedResult: Result + ): Promise => { + // Act + const [processedRule] = await rulesEngine.processRule( + Aws_CIS_130_117 as Rule, + { ...data } + ) + + // Asserts + expect(processedRule.result).toBe(expectedResult) + } + + test('No Security Issue when AWSSupportAccess is attached to IAM users', async () => { + const data: CIS1xQueryResponse = getTestRuleFixture('AWSSupportAccess', [{arn: 'arn:aws:iam::632941798677:user/test'}], [], []) + await testRule(data, Result.PASS) + }) + + test('No Security Issue when AWSSupportAccess is attached to any IAM groups', async () => { + const data: CIS1xQueryResponse = getTestRuleFixture('AWSSupportAccess', [], [{arn: 'arn:aws:iam::632941798677:user/test'}], []) + await testRule(data, Result.PASS) + }) + + test('No Security Issue when AWSSupportAccess is attached to any IAM roles', async () => { + const data: CIS1xQueryResponse = getTestRuleFixture('AWSSupportAccess', [], [], [{arn: 'arn:aws:iam::632941798677:user/test'}]) + await testRule(data, Result.PASS) + }) + + test('Security Issue when AWSSupportAccess is not attached to any IAM user, group or role', async () => { + const data: CIS1xQueryResponse = getTestRuleFixture('AWSSupportAccess', [], [], []) + await testRule(data, Result.FAIL) + }) + + test('Security Issue when AWSSupportAccess does not exists', async () => { + const data: CIS1xQueryResponse = getTestRuleFixture('PolicyTest', [], [], [{arn: 'arn:aws:iam::632941798677:user/test'}]) + await testRule(data, Result.FAIL) + }) + + test('Security Issue when there are no IAM policies', async () => { + const data: CIS1xQueryResponse = getTestRuleFixture('', [], [], []) + const account = data.queryawsAccount?.[0] as QueryawsAccount + account.iamPolicies = [] + await testRule(data, Result.FAIL) + }) + }) + + describe('AWS CIS 1.19 Ensure that all the expired SSL/TLS certificates stored in AWS IAM are removed', () => { + const getTestRuleFixture = ( + expiration: string, + ): CIS1xQueryResponse => { + return { + queryawsIamServerCertificate: [ + { + id: cuid(), + expiration + }, + ], + } + } + + // Act + const testRule = async ( + data: CIS1xQueryResponse, + expectedResult: Result + ): Promise => { + // Act + const [processedRule] = await rulesEngine.processRule( + Aws_CIS_130_119 as Rule, + { ...data } + ) + + // Asserts + expect(processedRule.result).toBe(expectedResult) + } + + test('No Security Issue when thre not are expired SSL/TLS certificates', async () => { + const day = 1000 * 60 * 60 * 24 + const data: CIS1xQueryResponse = getTestRuleFixture(new Date(Date.now() + 30 * day).toISOString()) + await testRule(data, Result.PASS) + }) + + test('Security Issue when thre are expired SSL/TLS certificates', async () => { + const data: CIS1xQueryResponse = getTestRuleFixture(new Date().toISOString()) + await testRule(data, Result.FAIL) + }) + }) + + describe('AWS CIS 1.20 Ensure that S3 Buckets are configured with Block public access (bucket settings)', () => { + const getTestRuleFixture = ( + blockPublicAcls: string, + ignorePublicAcls: string, + blockPublicPolicy: string, + restrictPublicBuckets: string + ): CIS1xQueryResponse => { + return { + queryawsS3: [ + { + id: cuid(), + blockPublicAcls, + ignorePublicAcls, + blockPublicPolicy, + restrictPublicBuckets, + }, + ], + } + } + + // Act + const testRule = async ( + data: CIS1xQueryResponse, + expectedResult: Result + ): Promise => { + // Act + const [processedRule] = await rulesEngine.processRule( + Aws_CIS_130_120 as Rule, + { ...data } + ) + + // Asserts + expect(processedRule.result).toBe(expectedResult) + } + + test('No Security Issue when S3 Buckets are configured with Block public access', async () => { + const data: CIS1xQueryResponse = getTestRuleFixture( + 'Yes', + 'Yes', + 'Yes', + 'Yes' + ) + await testRule(data, Result.PASS) + }) + + test('Security Issue when S3 Buckets are not configured with Block public access', async () => { + const data: CIS1xQueryResponse = getTestRuleFixture( + 'No', + 'No', + 'No', + 'No' + ) + await testRule(data, Result.FAIL) + }) + + test('Security Issue when S3 Buckets have a Block public access with blockPublicAcls set to No', async () => { + const data: CIS1xQueryResponse = getTestRuleFixture( + 'No', + 'Yes', + 'Yes', + 'Yes' + ) + await testRule(data, Result.FAIL) + }) + + test('Security Issue when S3 Buckets have a Block public access with ignorePublicAcls set to No', async () => { + const data: CIS1xQueryResponse = getTestRuleFixture( + 'Yes', + 'No', + 'Yes', + 'Yes' + ) + await testRule(data, Result.FAIL) + }) + + test('Security Issue when S3 Buckets have a Block public access with blockPublicPolicy set to No', async () => { + const data: CIS1xQueryResponse = getTestRuleFixture( + 'Yes', + 'Yes', + 'No', + 'Yes' + ) + await testRule(data, Result.FAIL) + }) + + test('Security Issue when S3 Buckets have a Block public access with restrictPublicBuckets set to No', async () => { + const data: CIS1xQueryResponse = getTestRuleFixture( + 'Yes', + 'Yes', + 'Yes', + 'No' + ) + await testRule(data, Result.FAIL) + }) + }) + + describe('AWS CIS 1.21 Ensure that IAM Access analyzer is enabled', () => { + const getTestRuleFixture = ( + statusRegion1: string, + statusRegion2: string, + ): CIS1xQueryResponse => { + return { + queryawsAccount: [ + { + id: cuid(), + regions: ['us-east-1', 'us-east-2'], + iamAccessAnalyzers: [ + { + region: 'us-east-1', + status: statusRegion1, + }, + { + region: 'us-east-2', + status: statusRegion2, + } + ] + }, + ], + } + } + + // Act + const testRule = async ( + data: CIS1xQueryResponse, + expectedResult: Result + ): Promise => { + // Act + const [processedRule] = await rulesEngine.processRule( + Aws_CIS_130_121 as Rule, + { ...data } + ) + + // Asserts + expect(processedRule.result).toBe(expectedResult) + } + + test('No Security Issue when at least one analyzer is enabled for all regions', async () => { + const data: CIS1xQueryResponse = getTestRuleFixture('ACTIVE','ACTIVE') + await testRule(data, Result.PASS) + }) + + test('Security Issue when there are an analyzer disabled for some region', async () => { + const data: CIS1xQueryResponse = getTestRuleFixture('ACTIVE', 'INACTIVE') + await testRule(data, Result.FAIL) + }) + + test('Security Issue when no analyzer enabled for any region', async () => { + const data: CIS1xQueryResponse = getTestRuleFixture('INACTIVE', 'INACTIVE') + await testRule(data, Result.FAIL) + }) + + test('Security Issue when when no analyzer is configured', async () => { + const data: CIS1xQueryResponse = getTestRuleFixture('','') + const account = data.queryawsAccount?.[0] as QueryawsAccount + account.iamAccessAnalyzers = [] + await testRule(data, Result.FAIL) + }) + }) +}) \ No newline at end of file diff --git a/src/aws/cis-1.3.0/tests/aws-cis-1.3.0.test.ts b/src/aws/cis-1.3.0/tests/aws-cis-1.3.0.test.ts deleted file mode 100644 index 42728eac..00000000 --- a/src/aws/cis-1.3.0/tests/aws-cis-1.3.0.test.ts +++ /dev/null @@ -1,19 +0,0 @@ -import CloudGraph, { Rule, Result, Engine } from '@cloudgraph/sdk' - - -describe('CIS Amazon Web Services Foundations: 1.3.0', () => { - let rulesEngine: Engine - beforeAll(() => { - rulesEngine = new CloudGraph.RulesEngine({ - providerName: 'aws', - entityName: 'CIS', - }) - }) - - // TODO: Change once we have real checks - describe("Dummy Check", () => { - test('Dummy Test', async () => { - expect('PASS').toBe(Result.PASS) - }) - }) -}) From 4e263f23d08dcdcf97adf56ce0d72f9123249c9b Mon Sep 17 00:00:00 2001 From: "mariano.pizarro" Date: Fri, 6 May 2022 12:36:53 -0300 Subject: [PATCH 07/30] feat: Included 3.x rules for aws cis 1.3.0 --- src/aws/cis-1.3.0/README.md | 21 +- src/aws/cis-1.3.0/rules/aws-cis-1.3.0-3.1.ts | 118 +++ src/aws/cis-1.3.0/rules/aws-cis-1.3.0-3.10.ts | 93 +++ src/aws/cis-1.3.0/rules/aws-cis-1.3.0-3.11.ts | 94 +++ src/aws/cis-1.3.0/rules/aws-cis-1.3.0-3.2.ts | 64 ++ src/aws/cis-1.3.0/rules/aws-cis-1.3.0-3.3.ts | 111 +++ src/aws/cis-1.3.0/rules/aws-cis-1.3.0-3.4.ts | 92 +++ src/aws/cis-1.3.0/rules/aws-cis-1.3.0-3.5.ts | 121 +++ src/aws/cis-1.3.0/rules/aws-cis-1.3.0-3.6.ts | 80 ++ src/aws/cis-1.3.0/rules/aws-cis-1.3.0-3.7.ts | 72 ++ src/aws/cis-1.3.0/rules/aws-cis-1.3.0-3.8.ts | 90 +++ src/aws/cis-1.3.0/rules/aws-cis-1.3.0-3.9.ts | 55 ++ src/aws/cis-1.3.0/rules/index.ts | 23 +- .../cis-1.3.0/tests/aws-cis-1.3.0-3.x.test.ts | 709 ++++++++++++++++++ src/aws/cis-1.3.0/tests/aws-cis-1.3.0.test.ts | 19 - 15 files changed, 1734 insertions(+), 28 deletions(-) create mode 100644 src/aws/cis-1.3.0/rules/aws-cis-1.3.0-3.1.ts create mode 100644 src/aws/cis-1.3.0/rules/aws-cis-1.3.0-3.10.ts create mode 100644 src/aws/cis-1.3.0/rules/aws-cis-1.3.0-3.11.ts create mode 100644 src/aws/cis-1.3.0/rules/aws-cis-1.3.0-3.2.ts create mode 100644 src/aws/cis-1.3.0/rules/aws-cis-1.3.0-3.3.ts create mode 100644 src/aws/cis-1.3.0/rules/aws-cis-1.3.0-3.4.ts create mode 100644 src/aws/cis-1.3.0/rules/aws-cis-1.3.0-3.5.ts create mode 100644 src/aws/cis-1.3.0/rules/aws-cis-1.3.0-3.6.ts create mode 100644 src/aws/cis-1.3.0/rules/aws-cis-1.3.0-3.7.ts create mode 100644 src/aws/cis-1.3.0/rules/aws-cis-1.3.0-3.8.ts create mode 100644 src/aws/cis-1.3.0/rules/aws-cis-1.3.0-3.9.ts create mode 100644 src/aws/cis-1.3.0/tests/aws-cis-1.3.0-3.x.test.ts delete mode 100644 src/aws/cis-1.3.0/tests/aws-cis-1.3.0.test.ts diff --git a/src/aws/cis-1.3.0/README.md b/src/aws/cis-1.3.0/README.md index d3f8bdb0..cea8a182 100644 --- a/src/aws/cis-1.3.0/README.md +++ b/src/aws/cis-1.3.0/README.md @@ -53,11 +53,16 @@ Policy Pack based on the [AWS Foundations 1.3.0](https://docs.aws.amazon.com/aud } ``` - +| Rule | Description | +| ------------ | --------------------------------------------------------------------------------------------------------------------------- | +| AWS CIS 3.1 | Ensure CloudTrail is enabled in all regions | +| AWS CIS 3.2 | Ensure CloudTrail log file validation is enabled | +| AWS CIS 3.3 | Ensure the S3 bucket used to store CloudTrail logs is not publicly accessible | +| AWS CIS 3.4 | Ensure CloudTrail trails are integrated with CloudWatch Logs | +| AWS CIS 3.5 | Ensure AWS Config is enabled in all regions | +| AWS CIS 3.6 | Ensure S3 bucket access logging is enabled on the CloudTrail S3 bucket | +| AWS CIS 3.7 | Ensure CloudTrail logs are encrypted at rest using KMS CMKs | +| AWS CIS 3.8 | Ensure rotation for customer created CMKs is enabled | +| AWS CIS 3.9 | Ensure VPC flow logging is enabled in all VPCs | +| AWS CIS 3.10 | Ensure that Object-level logging for write events is enabled for S3 bucket | +| AWS CIS 3.11 | Ensure that Object-level logging for read events is enabled for S3 bucket | \ No newline at end of file diff --git a/src/aws/cis-1.3.0/rules/aws-cis-1.3.0-3.1.ts b/src/aws/cis-1.3.0/rules/aws-cis-1.3.0-3.1.ts new file mode 100644 index 00000000..6e407726 --- /dev/null +++ b/src/aws/cis-1.3.0/rules/aws-cis-1.3.0-3.1.ts @@ -0,0 +1,118 @@ +// AWS CIS 1.2.0 Rule equivalent 2.1 +export default { + id: 'aws-cis-1.3.0-3.1', + title: 'AWS CIS 3.1 Ensure CloudTrail is enabled in all regions', + description: `AWS CloudTrail is a web service that records AWS API calls for your account and delivers + log files to you. The recorded information includes the identity of the API caller, the time of + the API call, the source IP address of the API caller, the request parameters, and the + response elements returned by the AWS service. CloudTrail provides a history of AWS API + calls for an account, including API calls made via the Management Console, SDKs, command + line tools, and higher-level AWS services (such as CloudFormation).`, + audit: `Perform the following to determine if CloudTrail is enabled for all regions: + Via the management Console + + 1. Sign in to the AWS Management Console and open the CloudTrail console at https://console.aws.amazon.com/cloudtrail + 2. Click on *Trails* on the left navigation pane + + - You will be presented with a list of trails across all regions + + 3. Ensure at least one Trail has *All* specified in the *Region* column + 4. Click on a trail via the link in the *Name* column + 5. Ensure *Logging* is set to *ON* + 6. Ensure *Apply trail to all regions* is set to *Yes* + 7. In section *Management Events* ensure *Read/Write Events* set to *ALL* + + Via CLI + + aws cloudtrail describe-trails + + Ensure *IsMultiRegionTrail* is set to *true* + + aws cloudtrail get-trail-status --name + + Ensure *IsLogging* is set to *true* + + aws cloudtrail get-event-selectors --trail-name + + Ensure there is at least one Event Selector for a Trail with *IncludeManagementEvents* set to *true* and *ReadWriteType* set to *All*`, + rationale: `The AWS API call history produced by CloudTrail enables security analysis, resource change tracking, and compliance auditing. Additionally, + + - ensuring that a multi-regions trail exists will ensure that unexpected activity occurring in otherwise unused regions is detected + - ensuring that a multi-regions trail exists will ensure that Global Service Logging is enabled for a trail by default to capture recording of events generated on AWS global services + - for a multi-regions trail, ensuring that management events configured for all type of Read/Writes ensures recording of management operations that are performed on all resources in an AWS account`, + remediation: `Perform the following to enable global (Multi-region) CloudTrail logging: + Via the management Console + + 1. Sign in to the AWS Management Console and open the IAM console at https://console.aws.amazon.com/cloudtrail + 2. Click on *Trails* on the left navigation pane + 3. Click *Get Started Now*, if presented + + + - Click *Add new trail* + - Enter a trail name in the *Trail* name box + - Set the *Apply trail to all regions* option to Yes + - Specify an S3 bucket name in the *S3 bucket* box + - Click *Create* + + 4. If 1 or more trails already exist, select the target trail to enable for global logging + 5. Click the edit icon (pencil) next to *Apply trail to all regions* , Click *Yes* and Click *Save*. + 6. Click the edit icon (pencil) next to *Management Events* click All for setting Read/Write Events and Click *Save*. + + Via CLI + + aws cloudtrail create-trail --name --bucket-name --is-multi-region-trail + aws cloudtrail update-trail --name --is-multi-region-trail + + Note: Creating CloudTrail via CLI without providing any overriding options configures *Management Events* to set *All* type of *Read/Writes* by default.`, + references: [ + 'CCE-78913-1', + 'https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-concepts.html#cloudtrail-concepts-management-events', + 'https://docs.aws.amazon.com/awscloudtrail/latest/userguide/logging-management-and-data-events-with-cloudtrail.html?icmpid=docs_cloudtrail_console#logging-management-events', + 'https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-supported-services.html#cloud-trail-supported-services-data-events', + ], + gql: `{ + queryawsAccount { + id + __typename + cloudtrail { + isMultiRegionTrail + status { + isLogging + } + eventSelectors { + readWriteType + includeManagementEvents + } + } + } + }`, + resource: 'queryawsAccount[*]', + severity: 'medium', + conditions: { + path: '@.cloudtrail', + array_any: { + and: [ + { + path: '[*].isMultiRegionTrail', + equal: 'Yes', + }, + { + path: '[*].status.isLogging', + equal: true, + }, + { + path: '[*].eventSelectors', + array_any: { + and: [ + { path: '[*].readWriteType', equal: 'All' }, + { + path: '[*].includeManagementEvents', + equal: true, + }, + ], + }, + }, + ], + }, + }, +} diff --git a/src/aws/cis-1.3.0/rules/aws-cis-1.3.0-3.10.ts b/src/aws/cis-1.3.0/rules/aws-cis-1.3.0-3.10.ts new file mode 100644 index 00000000..4005cc2f --- /dev/null +++ b/src/aws/cis-1.3.0/rules/aws-cis-1.3.0-3.10.ts @@ -0,0 +1,93 @@ +// NIST 800-53 rev4 Rule equivalent 6.13 +export default { + id: 'aws-cis-1.3.0-3.10', + title: 'AWS CIS 3.10 Ensure that Object-level logging for write events is enabled for S3 bucket', + + description: 'S3 object-level API operations such as GetObject, DeleteObject, and PutObject are called data events. By default, CloudTrail trails don\'t log data events and so it is recommended to enable Object-level logging for S3 buckets.', + + audit: `**From Console:** + + 1. Login to the AWS Management Console and navigate to S3 dashboard at https://console.aws.amazon.com/s3/ + 2. In the left navigation panel, click *buckets* and then click on the S3 Bucket Name that you want to examine. + 3. Click *Properties* tab to see in detail bucket configuration. + 4. If the current status for *Object-level* logging is set to Disabled, then object-level logging of write events for the selected s3 bucket is not set. + 5. Repeat steps 2 to 4 to verify object level logging status of other S3 buckets. + + **From Command Line:** + + 1. Run *list-trails* command to list the names of all Amazon CloudTrail trails currently available in the selected AWS region: + + aws cloudtrail list-trails --region --query Trails[*].Name + + 2. The command output will be a list of the requested trail names. + 3. Run *get-event-selectors* command using the name of the trail returned at the previous step and custom query filters to determine if Data events logging feature is enabled within the selected CloudTrail trail configuration for s3bucket resources: + + aws cloudtrail get-event-selectors --region --trail-name --query EventSelectors[*].DataResources[] + + 4. The command output should be an array that contains the configuration of the AWS resource(S3 bucket) defined for the Data events selector. + 5. If the *get-event-selectors* command returns an empty array '[]', the Data events are not included into the selected AWS Cloudtrail trail logging configuration, therefore the S3 object-level API operations performed within your AWS account are not recorded. + 6. Repeat steps 1 to 5 for auditing each s3 bucket to identify other trails that are missing the capability to log Data events. + 7. Change the AWS region by updating the *--region* command parameter and perform the audit process for other regions.`, + + rationale: 'Enabling object-level logging will help you meet data compliance requirements within your organization, perform comprehensive security analysis, monitor specific patterns of user behavior in your AWS account or take immediate actions on any object-level API activity within your S3 Buckets using Amazon CloudWatch Events.', + + remediation: `**From Console:** + + 1. Login to the AWS Management Console and navigate to S3 dashboard at https://console.aws.amazon.com/s3/ + 2. In the left navigation panel, click *buckets* and then click on the S3 Bucket Name that you want to examine. + 3. Click *Properties* tab to see in detail bucket configuration. + 4. Click on the *Object-level* logging setting, enter the CloudTrail name for the recording activity. You can choose an existing Cloudtrail or create a new one by navigating to the Cloudtrail console link https://console.aws.amazon.com/cloudtrail/ + 5. Once the Cloudtrail is selected, check the *Write* event checkbox, so that *object-level* logging for Write events is enabled. + 6. Repeat steps 2 to 5 to enable object-level logging of write events for other S3 buckets. + + **From Command Line:** + + 1. To enable *object-level* data events logging for S3 buckets within your AWS account, run *put-event-selectors* command using the name of the trail that you want to reconfigure as identifier: + + aws cloudtrail put-event-selectors --region --trail-name --event-selectors '[{ "ReadWriteType": "WriteOnly", "IncludeManagementEvents":true, "DataResources": [{ "Type": "AWS::S3::Object", "Values": ["arn:aws:s3:::/"] }] }]' + + 2. The command output will be *object-level* event trail configuration. + 3. If you want to enable it for all buckets at once then change Values parameter to *["arn:aws:s3"]* in command given above. + 4. Repeat step 1 for each s3 bucket to update *object-level* logging of write events. + 5. Change the AWS region by updating the *--region* command parameter and perform the process for other regions.`, + + references: ['https://docs.aws.amazon.com/AmazonS3/latest/user-guide/enable-cloudtrail-events.html'], + gql: `{ + queryawsAccount { + id + __typename + cloudtrail { + eventSelectors { + readWriteType + dataResources { + type + } + } + } + } + }`, + resource: 'queryawsAccount[*]', + severity: 'high', + conditions: { + path: '@.cloudtrail', + array_any: { + path: '[*].eventSelectors', + array_any: { + and: [ + { + path: '[*].includeManagementEvents', + equal: true, + }, + { + path: '[*].readWriteType', + in: ['WriteOnly', 'All'], + }, + { + path: '[*].dataResources', + isEmpty: false, + }, + ], + }, + } + }, +} diff --git a/src/aws/cis-1.3.0/rules/aws-cis-1.3.0-3.11.ts b/src/aws/cis-1.3.0/rules/aws-cis-1.3.0-3.11.ts new file mode 100644 index 00000000..ac4771d6 --- /dev/null +++ b/src/aws/cis-1.3.0/rules/aws-cis-1.3.0-3.11.ts @@ -0,0 +1,94 @@ +// NIST 800-53 rev4 Rule equivalent 6.12 +export default { + id: 'aws-cis-1.3.0-3.11', + title: 'AWS CIS 3.11 Ensure that Object-level logging for read events is enabled for S3 bucket', + + description: 'S3 object-level API operations such as GetObject, DeleteObject, and PutObject are called data events. By default, CloudTrail trails don\'t log data events and so it is recommended to enable Object-level logging for S3 buckets.', + + audit: `**From Console:** + + 1. Login to the AWS Management Console and navigate to S3 dashboard at https://console.aws.amazon.com/s3/ + 2. In the left navigation panel, click buckets and then click on the S3 Bucket Name that you want to examine. + 3. Click *Properties* tab to see in detail bucket configuration. + 4. If the current status for *Object-level* logging is set to *Disabled*, then object-level logging of read events for the selected s3 bucket is not set. + 5. If the current status for *Object-level* logging is set to *Enabled*, but the Read event check-box is unchecked, then object-level logging of read events for the selected s3 bucket is not set. + 6. Repeat steps 2 to 5 to verify *object-level* logging for *read* events of your other S3 buckets. + + **From Command Line:** + + 1. Run *describe-trails* command to list the names of all Amazon CloudTrail trails currently available in the selected AWS region: + + aws cloudtrail describe-trails --region --output table --query trailList[*].Name + + 2. The command output will be table of the requested trail names. + 3. Run *get-event-selectors* command using the name of the trail returned at the previous step and custom query filters to determine if Data events logging feature is enabled within the selected CloudTrail trail configuration for s3 bucket resources: + + aws cloudtrail get-event-selectors --region --trail-name --query EventSelectors[*].DataResources[] + + 4. The command output should be an array that contains the configuration of the AWS resource(S3 bucket) defined for the Data events selector. + 5. If the *get-event-selectors* command returns an empty array, the Data events are not included into the selected AWS Cloudtrail trail logging configuration, therefore the S3 object-level API operations performed within your AWS account are not recorded. + 6. Repeat steps 1 to 5 for auditing each s3 bucket to identify other trails that are missing the capability to log Data events. + 7. Change the AWS region by updating the *--region* command parameter and perform the audit process for other regions.`, + + rationale: 'Enabling object-level logging will help you meet data compliance requirements within your organization, perform comprehensive security analysis, monitor specific patterns of user behavior in your AWS account or take immediate actions on any object-level API activity using Amazon CloudWatch Events.', + + remediation: `**From Console:** + + 1. Login to the AWS Management Console and navigate to S3 dashboard at https://console.aws.amazon.com/s3/ + 2. In the left navigation panel, click buckets and then click on the S3 Bucket Name that you want to examine. + 3. Click *Properties* tab to see in detail bucket configuration. + 4. Click on the *Object-level* logging setting, enter the CloudTrail name for the recording activity. You can choose an existing Cloudtrail or create a new one by navigating to the Cloudtrail console link https://console.aws.amazon.com/cloudtrail/ + 5. Once the Cloudtrail is selected, check the Read event checkbox, so that *object-level* logging for *Read* events is enabled. + 6. Repeat steps 2 to 5 to enable *object-level* logging of read events for other S3 buckets. + + **From Command Line:** + + 1. To enable object-level data events logging for S3 buckets within your AWS account, run put-event-selectors command using the name of the trail that you want to reconfigure as identifier: + + aws cloudtrail put-event-selectors --region --trail-name --event-selectors '[{ "ReadWriteType": "ReadOnly", "IncludeManagementEvents":true, "DataResources": [{ "Type": "AWS::S3::Object", "Values": ["arn:aws:s3:::/"] }] }]' + + 2. The command output will be *object-level* event trail configuration. + 3. If you want to enable it for all buckets at ones then change Values parameter to *["arn:aws:s3"]* in command given above. + 4. Repeat step 1 for each s3 bucket to update *object-level* logging of read events. + 5. Change the AWS region by updating the *--region* command parameter and perform the process for other regions.`, + + references: ['https://docs.aws.amazon.com/AmazonS3/latest/user-guide/enable-cloudtrail-events.html'], + gql: `{ + queryawsAccount { + id + __typename + cloudtrail { + eventSelectors { + readWriteType + dataResources { + type + } + } + } + } + }`, + resource: 'queryawsAccount[*]', + severity: 'high', + conditions: { + path: '@.cloudtrail', + array_any: { + path: '[*].eventSelectors', + array_any: { + and: [ + { + path: '[*].includeManagementEvents', + equal: true, + }, + { + path: '[*].readWriteType', + in: ['ReadOnly', 'All'], + }, + { + path: '[*].dataResources', + isEmpty: false, + }, + ], + }, + } + }, +} diff --git a/src/aws/cis-1.3.0/rules/aws-cis-1.3.0-3.2.ts b/src/aws/cis-1.3.0/rules/aws-cis-1.3.0-3.2.ts new file mode 100644 index 00000000..99e7f709 --- /dev/null +++ b/src/aws/cis-1.3.0/rules/aws-cis-1.3.0-3.2.ts @@ -0,0 +1,64 @@ +// AWS CIS 1.2.0 Rule equivalent 2.2 +export default { + id: 'aws-cis-1.3.0-3.2', + title: 'AWS CIS 3.2 Ensure CloudTrail log file validation is enabled', + description: `CloudTrail log file validation creates a digitally signed digest file containing a hash of each + log that CloudTrail writes to S3. These digest files can be used to determine whether a log + file was changed, deleted, or unchanged after CloudTrail delivered the log. It is + recommended that file validation be enabled on all CloudTrails.`, + audit: `Perform the following on each trail to determine if log file validation is enabled: + Via the management Console + + 1. Sign in to the AWS Management Console and open the IAM console at https://console.aws.amazon.com/cloudtrail + 2. Click on *Trails* on the left navigation pane + 3. For Every Trail: + + + - Click on a trail via the link in the Name column + - Under the *S3* section, ensure *Enable log file validation* is set to *Yes* + + Via CLI + + aws cloudtrail describe-trails + + Ensure *LogFileValidationEnabled* is set to *true* for each trail`, + rationale: 'Enabling log file validation will provide additional integrity checking of CloudTrail logs.', + remediation: `Perform the following to enable log file validation on a given trail: + Via the management Console + + 1. Sign in to the AWS Management Console and open the IAM console at https://console.aws.amazon.com/cloudtrail + 2. Click on *Trails* on the left navigation pane + 3. Click on target trail + 4. Within the *S3* section click on the edit icon (pencil) + 5. Click *Advanced* + 6. Click on the *Yes* radio button in section *Enable log file validation* + 7. Click *Save* + + Via CLI + + aws cloudtrail update-trail --name --enable-log-file-validation + + Note that periodic validation of logs using these digests can be performed by running the following command: + + aws cloudtrail validate-logs --trail-arn --start-time --end-time +`, + references: [ + 'http://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-log-file-validation-enabling.html', + 'CCE-78914-9', + ], + gql: `{ + queryawsCloudtrail { + id + arn + accountId + __typename + logFileValidationEnabled + } + }`, + resource: 'queryawsCloudtrail[*]', + severity: 'medium', + conditions: { + path: '@.logFileValidationEnabled', + equal: 'Yes', + }, +} diff --git a/src/aws/cis-1.3.0/rules/aws-cis-1.3.0-3.3.ts b/src/aws/cis-1.3.0/rules/aws-cis-1.3.0-3.3.ts new file mode 100644 index 00000000..2ff66717 --- /dev/null +++ b/src/aws/cis-1.3.0/rules/aws-cis-1.3.0-3.3.ts @@ -0,0 +1,111 @@ +// AWS CIS 1.2.0 Rule equivalent 2.3 +export default { + id: 'aws-cis-1.3.0-3.3', + title: + 'AWS CIS 3.3 Ensure the S3 bucket used to store CloudTrail logs is not publicly accessible', + description: + 'CloudTrail logs a record of every API call made in your AWS account. These logs file are stored in an S3 bucket. It is recommended that the bucket policy, or access control list (ACL), applied to the S3 bucket that CloudTrail logs to prevents public access to the CloudTrail logs.', + audit: `Perform the following to determine if any public access is granted to an S3 bucket via an ACL or S3 bucket policy: Via the Management Console + + 1. Go to the Amazon CloudTrail console at https://console.aws.amazon.com/cloudtrail/home + 2. In the API activity history pane on the left, click Trails + 3. In the Trails pane, note the bucket names in the S3 bucket column + 4. Go to Amazon S3 console at https://console.aws.amazon.com/s3/home + 5. For each bucket noted in step 3, right-click on the bucket and click Properties + 6. In the Properties pane, click the Permissions tab. + 7. The tab shows a list of grants, one row per grant, in the bucket ACL. Each row identifies the grantee and the permissions granted. + 8. Ensure no rows exists that have the Grantee set to Everyone or the Grantee set to Any Authenticated User. + 9. If the Edit bucket policy button is present, click it to review the bucket policy. + 10. Ensure the policy does not contain a Statement having an Effect set to Allow and a Principal set to "*" or {"AWS" : "*"} + + Via CLI: + + 1. Get the name of the S3 bucket that CloudTrail is logging to: + + aws cloudtrail describe-trails --query 'trailList[*].S3BucketName' + + 2. Ensure the AllUsers principal is not granted privileges to that : + + aws s3api get-bucket-acl --bucket --query 'Grants[?Grantee.URI== http://acs.amazonaws.com/groups/global/AllUsers ]' + + 3. Ensure the AuthenticatedUsers principal is not granted privileges to that : + + aws s3api get-bucket-acl --bucket --query 'Grants[?Grantee.URI== http://acs.amazonaws.com/groups/global/Authenticated Users ]' + + 4. Get the S3 Bucket Policy + + aws s3api get-bucket-policy --bucket + + 5. Ensure the policy does not contain a Statement having an Effect set to Allow and a Principal set to "*" or {"AWS" : "*"} + + Note: Principal set to "*" or {"AWS" : "*"} allows anonymous access.`, + rationale: + 'Allowing public access to CloudTrail log content may aid an adversary in identifying weaknesses in the affected account`s use or configuration.', + remediation: `Perform the following to remove any public access that has been granted to the bucket via an ACL or S3 bucket policy: + + 1. Go to Amazon S3 console at https://console.aws.amazon.com/s3/home + 2. Right-click on the bucket and click Properties + 3. In the Properties pane, click the Permissions tab. + 4. The tab shows a list of grants, one row per grant, in the bucket ACL. Each row identifies the grantee and the permissions granted. + 5. Select the row that grants permission to Everyone or Any Authenticated User + 6. Uncheck all the permissions granted to Everyone or Any Authenticated User (click x to delete the row). + 7. Click Save to save the ACL. + 8. If the Edit bucket policy button is present, click it. + 9. Remove any Statement having an Effect set to Allow and a Principal set to "*" or {"AWS" : "*"}.`, + references: [ + 'CCE-78915-6', + 'https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_principal.html', + ], + gql: `{ + queryawsCloudtrail { + id + arn + accountId + __typename + s3 { + policy { + statement { + effect + principal { + key + value + } + } + } + } + } + }`, + resource: 'queryawsCloudtrail[*]', + severity: 'medium', + conditions: { + not: { + path: '@.s3', + array_any: { + path: '[*].policy.statement', + array_any: { + and: [ + { + path: '[*].effect', + equal: 'Allow', + }, + { + path: '[*].principal', + array_any: { + and: [ + { + path: '[*].key', + in: ['', 'AWS'], + }, + { + path: '[*].value', + contains: '*', + }, + ], + }, + }, + ], + }, + }, + }, + }, +} diff --git a/src/aws/cis-1.3.0/rules/aws-cis-1.3.0-3.4.ts b/src/aws/cis-1.3.0/rules/aws-cis-1.3.0-3.4.ts new file mode 100644 index 00000000..59f0c385 --- /dev/null +++ b/src/aws/cis-1.3.0/rules/aws-cis-1.3.0-3.4.ts @@ -0,0 +1,92 @@ +// AWS CIS 1.2.0 Rule equivalent 2.4 +export default { + id: 'aws-cis-1.3.0-3.4', + title: + 'AWS CIS 3.4 Ensure CloudTrail trails are integrated with CloudWatch Logs', + description: `AWS CloudTrail is a web service that records AWS API calls made in a given AWS account. + The recorded information includes the identity of the API caller, the time of the API call, the + source IP address of the API caller, the request parameters, and the response elements + returned by the AWS service. CloudTrail uses Amazon S3 for log file storage and delivery, + so log files are stored durably. In addition to capturing CloudTrail logs within a specified S3 + bucket for long term analysis, realtime analysis can be performed by configuring CloudTrail + to send logs to CloudWatch Logs. For a trail that is enabled in all regions in an account, + CloudTrail sends log files from all those regions to a CloudWatch Logs log group. It is + recommended that CloudTrail logs be sent to CloudWatch Logs. + + Note: The intent of this recommendation is to ensure AWS account activity is being + captured, monitored, and appropriately alarmed on. CloudWatch Logs is a native way to + accomplish this using AWS services but does not preclude the use of an alternate solution.`, + audit: `Perform the following to ensure CloudTrail is configured as prescribed: + Via the AWS management Console + + 1. Sign in to the AWS Management Console and open the CloudTrail console at https://console.aws.amazon.com/cloudtrail/ + 2. Under *All Buckets* , click on the target bucket you wish to evaluate + 3. Click *Properties* on the top right of the console + 4. Click *Trails* in the left menu + 5. Ensure a *CloudWatch Logs* log group is configured and has a recent (~one day old) *Last log file delivered* timestamp. + + Via CLI + 1. Run the following command to get a listing of existing trails: + + aws cloudtrail describe-trails + + 2. Ensure *CloudWatchLogsLogGroupArn* is not empty and note the value of the Name property. + 3. Using the noted value of the *Name* property, run the following command: + + aws cloudtrail get-trail-status --name + + 4. Ensure the *LatestcloudwatchLogdDeliveryTime* property is set to a recent (~one day old) timestamp.`, + rationale: 'Sending CloudTrail logs to CloudWatch Logs will facilitate real-time and historic activity logging based on user, API, resource, and IP address, and provides the opportunity to establish alarms and notifications for anomalous or sensitivity account activity.', + remediation: `Perform the following to establish the prescribed state: + Via the AWS management Console + + 1. Sign in to the AWS Management Console and open the CloudTrail console at https://console.aws.amazon.com/cloudtrail/ + 2. Under All Buckets, click on the target bucket you wish to evaluate + 3. Click Properties on the top right of the console + 4. Click *Trails* in the left menu + 5. Click on each trail where no *CloudWatch Logs* are defined + 6. Go to the *CloudWatch Logs* section and click on *Configure* + 7. Define a new or select an existing log group + 8. Click on *Continue* + 9. Configure IAM Role which will deliver CloudTrail events to CloudWatch Logs + o Create/Select an *IAM Role* and *Policy Name* + o Click *Allow* to continue + + Via CLI + + aws cloudtrail update-trail --name --cloudwatch-logs-log-group- + arn --cloudwatch-logs-role-arn `, + references: [ + 'https://aws.amazon.com/cloudtrail/', + 'CCE-78916-4', + ], + gql: `{ + queryawsCloudtrail { + id + arn + accountId + __typename + cloudWatchLogsLogGroupArn + status { + latestCloudWatchLogsDeliveryTime + } + } + }`, + resource: 'queryawsCloudtrail[*]', + severity: 'medium', + conditions: { + and: [ + { + path: '@.cloudWatchLogsLogGroupArn', + notEqual: null, + }, + { + value: { + daysAgo: {}, + path: '@.status.latestCloudWatchLogsDeliveryTime', + }, + lessThanInclusive: 1, + }, + ], + }, +} diff --git a/src/aws/cis-1.3.0/rules/aws-cis-1.3.0-3.5.ts b/src/aws/cis-1.3.0/rules/aws-cis-1.3.0-3.5.ts new file mode 100644 index 00000000..8d979bac --- /dev/null +++ b/src/aws/cis-1.3.0/rules/aws-cis-1.3.0-3.5.ts @@ -0,0 +1,121 @@ +// AWS CIS 1.2.0 Rule equivalent 2.5 +export default { + id: 'aws-cis-1.3.0-3.5', + title: 'AWS CIS 3.5 Ensure AWS Config is enabled in all regions', + description: + 'AWS Config is a web service that performs configuration management of supported AWS resources within your account and delivers log files to you. The recorded information includes the configuration item (AWS resource), relationships between configuration items (AWS resources), any configuration changes between resources. It is recommended to enable AWS Config be enabled in all regions.', + + audit: `Process to evaluate AWS Config configuration per region Via AWS Management Console: + + 1. Sign in to the AWS Management Console and open the AWS Config console at https://console.aws.amazon.com/config/. + 2. On the top right of the console select target Region. + 3. If presented with Setup AWS Config - follow remediation procedure: + 4. On the Resource inventory page, Click on edit (the gear icon). The Set Up AWS Config page appears. + 5. Ensure 1 or both check-boxes under "All Resources" is checked. + - Include global resources related to IAM resources - which needs to be enabled in 1 region only + 6. Ensure the correct S3 bucket has been defined. + 7. Ensure the correct SNS topic has been defined. + 8. Repeat steps 2 to 7 for each region. + + Via AWS Command Line Interface: + + 1. Run this command to show all AWS Config recorders and their properties: + + aws configservice describe-configuration-recorders + + 2. Evaluate the output to ensure that there's at least one recorder for which recordingGroup object includes "allSupported": true AND "includeGlobalResourceTypes": true + + Note: There is one more parameter "ResourceTypes" in recordingGroup object. We don't need to check the same as whenever we set "allSupported": true, AWS enforces resource types to be empty ("ResourceTypes":[]) Sample Output: + + { + "ConfigurationRecorders": [ + { + "recordingGroup": { + "allSupported": true, + "resourceTypes": [], + "includeGlobalResourceTypes": true + }, + "roleARN": "arn:aws:iam:::role/service-role/", + "name": "default" + } + ] + } + + 3. Run this command to show the status for all AWS Config recorders: + + aws configservice describe-configuration-recorder-status + + 4. In the output, find recorders with name key matching the recorders that met criteria in step 2. Ensure that at least one of them includes "recording": true and "lastStatus": "SUCCESS"`, + + rationale: + 'The AWS configuration item history captured by AWS Config enables security analysis, resource change tracking, and compliance auditing.', + + remediation: `To implement AWS Config configuration: + Via AWS Management Console: + + 1. Select the region you want to focus on in the top right of the console + 2. Click Services + 3. Click Config + 4. Define which resources you want to record in the selected region + 5. Choose to include global resources (IAM resources) + 6. Specify an S3 bucket in the same account or in another managed AWS account + 7. Create an SNS Topic from the same AWS account or another managed AWS account + + Via AWS Command Line Interface: + + 1. Ensure there is an appropriate S3 bucket, SNS topic, and IAM role per the [AWS Config Service prerequisites](https://docs.aws.amazon.com/config/latest/developerguide/gs-cli-prereq.html). + 2. Run this command to set up the configuration recorder + + aws configservice subscribe --s3-bucket my-config-bucket --sns-topic arn:aws:sns:us-east-1:012345678912:my-config-notice --iam-role arn:aws:iam::012345678912:role/myConfigRole + + 3. Run this command to start the configuration recorder: + + start-configuration-recorder --configuration-recorder-name `, + + references: [ + 'CCE-78917-2', + 'CIS CSC v6.0 #1.1, #1.3, #1.4, #5.2, #11.1 - #11.3, #14.6', + 'http://docs.aws.amazon.com/cli/latest/reference/configservice/describe-configuration-recorder-status.html', + ], + gql: `{ + queryawsAccount { + id + __typename + configurationRecorders { + recordingGroup { + allSupported + includeGlobalResourceTypes + } + status { + recording + lastStatus + } + } + } + }`, + resource: 'queryawsAccount[*]', + severity: 'medium', + conditions: { + path: '@.configurationRecorders', + array_any: { + and: [ + { + path: '[*].recordingGroup.allSupported', + equal: true, + }, + { + path: '[*].recordingGroup.includeGlobalResourceTypes', + equal: true, + }, + { + path: '[*].status.recording', + equal: true, + }, + { + path: '[*].status.lastStatus', + equal: 'SUCCESS', + }, + ], + }, + }, +} diff --git a/src/aws/cis-1.3.0/rules/aws-cis-1.3.0-3.6.ts b/src/aws/cis-1.3.0/rules/aws-cis-1.3.0-3.6.ts new file mode 100644 index 00000000..7cf6ce08 --- /dev/null +++ b/src/aws/cis-1.3.0/rules/aws-cis-1.3.0-3.6.ts @@ -0,0 +1,80 @@ +// AWS CIS 1.2.0 Rule equivalent 2.6 +export default { + id: 'aws-cis-1.3.0-3.6', + title: + 'AWS CIS 3.6 Ensure S3 bucket access logging is enabled on the CloudTrail S3 bucket', + description: `S3 Bucket Access Logging generates a log that contains access records for each request + made to your S3 bucket. An access log record contains details about the request, such as the + request type, the resources specified in the request worked, and the time and date the + request was processed. It is recommended that bucket access logging be enabled on the + CloudTrail S3 bucket.`, + audit: `Perform the following ensure the CloudTrail S3 bucket has access logging is enabled: + Via the management Console + + 1. Go to the Amazon CloudTrail console at https://console.aws.amazon.com/cloudtrail/home + 2. In the API activity history pane on the left, click Trails + 3. In the Trails pane, note the bucket names in the S3 bucket column + 4. Sign in to the AWS Management Console and open the S3 console at https://console.aws.amazon.com/s3. + 5. Under *All Buckets* click on a target S3 bucket + 6. Click on *Properties* in the top right of the console + 7. Under *Bucket: * click on *Logging* + 8. Ensure *Enabled* is checked. + + Via CLI + + 1. Get the name of the S3 bucket that CloudTrail is logging to: + + aws cloudtrail describe-trails --query 'trailList[*].S3BucketName' + + 2. Ensure Bucket Logging is enabled: + + aws s3api get-bucket-logging --bucket + + Ensure command does not return empty output. + Sample Output for a bucket with logging enabled: + + + { + "LoggingEnabled": { + "TargetPrefix": "", + "TargetBucket": "" + } + }`, + rationale: 'By enabling S3 bucket logging on target S3 buckets, it is possible to capture all events which may affect objects within target buckets. Configuring logs to be placed in a separate bucket allows access to log information which can be useful in security and incident response workflows.', + remediation: `Perform the following to enable S3 bucket logging: + Via the Management Console + + 1. Sign in to the AWS Management Console and open the S3 console at https://console.aws.amazon.com/s3 + 2. Under *All Buckets* click on the target S3 bucket + 3. Click on *Properties* in the top right of the console + 4. Under *Bucket: * click on *Logging* + 5. Configure bucket logging + 1. Click on *Enabled* checkbox + 2. Select Target Bucket from list + 3. Enter a Target Prefix + 6. Click *Save*`, + references: [ + 'CCE-78918-0', + 'https://docs.aws.amazon.com/AmazonS3/latest/dev/ServerLogs.html', + ], + gql: `{ + queryawsCloudtrail { + id + arn + accountId + __typename + s3 { + logging + } + } + }`, + resource: 'queryawsCloudtrail[*]', + severity: 'medium', + conditions: { + path: '@.s3', + array_any: { + path: '[*].logging', + equal: 'Enabled', + }, + }, +} diff --git a/src/aws/cis-1.3.0/rules/aws-cis-1.3.0-3.7.ts b/src/aws/cis-1.3.0/rules/aws-cis-1.3.0-3.7.ts new file mode 100644 index 00000000..ac15073d --- /dev/null +++ b/src/aws/cis-1.3.0/rules/aws-cis-1.3.0-3.7.ts @@ -0,0 +1,72 @@ +// AWS CIS 1.2.0 Rule equivalent 2.7 +export default { + id: 'aws-cis-1.3.0-3.7', + title: + 'AWS CIS 3.7 Ensure CloudTrail logs are encrypted at rest using KMS CMKs', + description: `AWS CloudTrail is a web service that records AWS API calls for an account and makes those + logs available to users and resources in accordance with IAM policies. AWS Key + Management Service (KMS) is a managed service that helps create and control the + encryption keys used to encrypt account data, and uses Hardware Security Modules + (HSMs) to protect the security of encryption keys. CloudTrail logs can be configured to + leverage server side encryption (SSE) and KMS customer created master keys (CMK) to + further protect CloudTrail logs. It is recommended that CloudTrail be configured to use + SSE-KMS.`, + audit: `Perform the following to determine if CloudTrail is configured to use SSE-KMS: + Via the Management Console + + 1. Sign in to the AWS Management Console and open the CloudTrail console at https://console.aws.amazon.com/cloudtrail + 2. In the left navigation pane, choose *Trails*. + 3. Select a Trail + 4. Under the *S3* section, ensure *Encrypt log files* is set to *Yes* and a KMS key ID is specified in the *KSM Key Id* field. + + Via CLI + + 1. Run the following command: + + aws cloudtrail describe-trails + + 2. For each trail listed, SSE-KMS is enabled if the trail has a *KmsKeyId* property defined.`, + rationale: 'Configuring CloudTrail to use SSE-KMS provides additional confidentiality controls on log data as a given user must have S3 read permission on the corresponding log bucket and must be granted decrypt permission by the CMK policy.', + remediation: `Perform the following to configure CloudTrail to use SSE-KMS: + Via the Management Console + + 1. Sign in to the AWS Management Console and open the CloudTrail console at https://console.aws.amazon.com/cloudtrail + 2. In the left navigation pane, choose *Trails*. + 3. Click on a Trail + 4. Under the *S3* section click on the edit button (pencil icon) + 5. Click *Advanced* + 6. Select an existing CMK from the *KMS key Id* drop-down menu + + - Note: Ensure the CMK is located in the same region as the S3 bucket + - Note: You will need to apply a KMS Key policy on the selected CMK in order for CloudTrail as a service to encrypt and decrypt log files using the CMK provided. Steps are provided [here](https://docs.aws.amazon.com/awscloudtrail/latest/userguide/create-kms-key-policy-for-cloudtrail.html) for editing the selected CMK Key policy. + + 7. Click *Save* + 8. You will see a notification message stating that you need to have decrypt + permissions on the specified KMS key to decrypt log files. + 9. Click *Yes* + + Via CLI + + aws cloudtrail update-trail --name --kms-id + aws kms put-key-policy --key-id --policy `, + references: [ + 'https://docs.aws.amazon.com/awscloudtrail/latest/userguide/encrypting-cloudtrail-log-files-with-aws-kms.html', + 'https://docs.aws.amazon.com/kms/latest/developerguide/create-keys.html', + 'CCE-78919-8', + ], + gql: `{ + queryawsCloudtrail { + id + arn + accountId + __typename + kmsKeyId + } + }`, + resource: 'queryawsCloudtrail[*]', + severity: 'medium', + conditions: { + path: '@.kmsKeyId', + notEqual: null, + }, +} diff --git a/src/aws/cis-1.3.0/rules/aws-cis-1.3.0-3.8.ts b/src/aws/cis-1.3.0/rules/aws-cis-1.3.0-3.8.ts new file mode 100644 index 00000000..246f4cbb --- /dev/null +++ b/src/aws/cis-1.3.0/rules/aws-cis-1.3.0-3.8.ts @@ -0,0 +1,90 @@ +// this rule is also in PCI kms check 1 and AWS CIS 1.2.0 2.8 +export default { + id: 'aws-cis-1.3.0-3.8', + title: + 'AWS CIS 3.8 Ensure rotation for customer created CMKs is enabled', + description: `AWS Key Management Service (KMS) allows customers to rotate the backing key which is + key material stored within the KMS which is tied to the key ID of the Customer Created + customer master key (CMK). It is the backing key that is used to perform cryptographic + operations such as encryption and decryption. Automated key rotation currently retains all + prior backing keys so that decryption of encrypted data can take place transparently. It is + recommended that CMK key rotation be enabled.`, + audit: `Via the Management Console: + + 1. Sign in to the AWS Management Console and open the IAM console at https://console.aws.amazon.com/iam. + 2. In the left navigation pane, choose E*ncryption Keys*. + 3. Select a customer created master key (CMK) + 4. Under the *Key Policy* section, move down to *Key Rotation*. + 5. Ensure the *Rotate this key every year* checkbox is checked. + + Via CLI + + 1. Run the following command to get a list of all keys and their associated *KeyIds* + + aws kms list-keys + + 2. For each key, note the KeyId and run the following command + + aws kms get-key-rotation-status --key-id + + 3. Ensure *KeyRotationEnabled* is set to *true*`, + rationale: 'Rotating encryption keys helps reduce the potential impact of a compromised key as data encrypted with a new key cannot be accessed with a previous key that may have been exposed.', + remediation: `Via the Management Console: + + 1. Sign in to the AWS Management Console and open the IAM console at https://console.aws.amazon.com/iam. + 2. In the left navigation pane, choose *Encryption Keys*. + 3. Select a customer created master key (CMK) + 4. Under the *Key Policy* section, move down to *Key Rotation*. + 5. Check the *Rotate this key every year* checkbox. + + Via CLI + + 1. Run the following command to enable key rotation: + + aws kms enable-key-rotation --key-id `, + references: [ + 'https://aws.amazon.com/kms/pricing/', + 'https://csrc.nist.gov/publications/detail/sp/800-57-part-1/rev-5/final', + 'CCE-78920-6', + ], + gql: `{ + queryawsKms { + id + arn + accountId + __typename + keyManager + keyRotationEnabled + } + }`, + resource: 'queryawsKms[*]', + severity: 'medium', + conditions: { + or: [ + { + and: [ + { + path: '@.keyManager', + equal: 'AWS', + }, + { + path: '@.keyRotationEnabled', + equal: true, + }, + ], + }, + { + and: [ + { + path: '@.keyManager', + equal: 'CUSTOMER', + }, + { + path: '@.keyRotationEnabled', + equal: true, + }, + ], + }, + ], + }, +} diff --git a/src/aws/cis-1.3.0/rules/aws-cis-1.3.0-3.9.ts b/src/aws/cis-1.3.0/rules/aws-cis-1.3.0-3.9.ts new file mode 100644 index 00000000..999bd437 --- /dev/null +++ b/src/aws/cis-1.3.0/rules/aws-cis-1.3.0-3.9.ts @@ -0,0 +1,55 @@ +// AWS CIS 1.2.0 Rule equivalent 2.9 +export default { + id: 'aws-cis-1.3.0-3.9', + title: 'AWS CIS 3.9 Ensure VPC flow logging is enabled in all VPCs', + description: `VPC Flow Logs is a feature that enables you to capture information about the IP traffic + going to and from network interfaces in your VPC. After you've created a flow log, you can + view and retrieve its data in Amazon CloudWatch Logs. It is recommended that VPC Flow + Logs be enabled for packet "Rejects" for VPCs.`, + audit: `Perform the following to determine if VPC Flow logs is enabled: + Via the Management Console: + + 1. Sign into the management console + 2. Select *Services* then *VPC* + 3. In the left navigation pane, select *Your VPCs* + 4. Select a VPC + 5. In the right pane, select the *Flow Logs* tab. + 6. Ensure a Log Flow exists that has *Active* in the *Status* column.`, + rationale: 'VPC Flow Logs provide visibility into network traffic that traverses the VPC and can be used to detect anomalous traffic or insight during security workflows.', + remediation: `Perform the following to determine if VPC Flow logs is enabled: + Via the Management Console: + + 1. Sign into the management console + 2. Select *Services* then *VPC* + 3. In the left navigation pane, select *Your VPCs* + 4. Select a VPC + 5. In the right pane, select the *Flow Logs* tab. + 6. If no Flow Log exists, click *Create Flow Log* + 7. For Filter, select *Reject* + 8. Enter in a *Role* and *Destination Log Group* + 9. Click *Create Log Flow* + 10. Click on *CloudWatch Logs Group* + + **Note:** Setting the filter to "Reject" will dramatically reduce the logging data accumulation for this recommendation and provide sufficient information for the purposes of breach detection, research, and remediation. However, during periods of least privilege security group engineering, setting this filter to "All" can be very helpful in discovering existing traffic flows required for the proper operation of an already running environment.`, + references: [ + 'CCE-79202-8', + 'https://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/flow-logs.html', + ], + gql: `{ + queryawsVpc { + id + arn + accountId + __typename + flowLog { + resourceId + } + } + }`, + resource: 'queryawsVpc[*]', + severity: 'medium', + conditions: { + path: '@.flowLog', + isEmpty: false, + }, +} diff --git a/src/aws/cis-1.3.0/rules/index.ts b/src/aws/cis-1.3.0/rules/index.ts index c7468a33..0e0b9fd1 100644 --- a/src/aws/cis-1.3.0/rules/index.ts +++ b/src/aws/cis-1.3.0/rules/index.ts @@ -1,4 +1,25 @@ +import Aws_CIS_130_31 from './aws-cis-1.3.0-3.1' +import Aws_CIS_130_32 from './aws-cis-1.3.0-3.2' +import Aws_CIS_130_33 from './aws-cis-1.3.0-3.3' +import Aws_CIS_130_34 from './aws-cis-1.3.0-3.4' +import Aws_CIS_130_35 from './aws-cis-1.3.0-3.5' +import Aws_CIS_130_36 from './aws-cis-1.3.0-3.6' +import Aws_CIS_130_37 from './aws-cis-1.3.0-3.7' +import Aws_CIS_130_38 from './aws-cis-1.3.0-3.8' +import Aws_CIS_130_39 from './aws-cis-1.3.0-3.9' +import Aws_CIS_130_310 from './aws-cis-1.3.0-3.10' +import Aws_CIS_130_311 from './aws-cis-1.3.0-3.11' export default [ - // TODO: Add rules to export + Aws_CIS_130_31, + Aws_CIS_130_32, + Aws_CIS_130_33, + Aws_CIS_130_34, + Aws_CIS_130_35, + Aws_CIS_130_36, + Aws_CIS_130_37, + Aws_CIS_130_38, + Aws_CIS_130_39, + Aws_CIS_130_310, + Aws_CIS_130_311, ] diff --git a/src/aws/cis-1.3.0/tests/aws-cis-1.3.0-3.x.test.ts b/src/aws/cis-1.3.0/tests/aws-cis-1.3.0-3.x.test.ts new file mode 100644 index 00000000..510ab147 --- /dev/null +++ b/src/aws/cis-1.3.0/tests/aws-cis-1.3.0-3.x.test.ts @@ -0,0 +1,709 @@ +import CloudGraph, { Rule, Result, Engine } from '@cloudgraph/sdk' +import cuid from 'cuid' + +import Aws_CIS_130_31 from '../rules/aws-cis-1.3.0-3.1' +import Aws_CIS_130_32 from '../rules/aws-cis-1.3.0-3.2' +import Aws_CIS_130_33 from '../rules/aws-cis-1.3.0-3.3' +import Aws_CIS_130_34 from '../rules/aws-cis-1.3.0-3.4' +import Aws_CIS_130_35 from '../rules/aws-cis-1.3.0-3.5' +import Aws_CIS_130_36 from '../rules/aws-cis-1.3.0-3.6' +import Aws_CIS_130_37 from '../rules/aws-cis-1.3.0-3.7' +import Aws_CIS_130_38 from '../rules/aws-cis-1.3.0-3.8' +import Aws_CIS_130_39 from '../rules/aws-cis-1.3.0-3.9' +import Aws_CIS_130_310 from '../rules/aws-cis-1.3.0-3.10' +import Aws_CIS_130_311 from '../rules/aws-cis-1.3.0-3.11' + +export interface DataResource { + type: string +} + +export interface EventSelector { + readWriteType?: string + includeManagementEvents?: boolean + dataResources?: DataResource[] +} + +export interface Status { + isLogging?: boolean + latestCloudWatchLogsDeliveryTime?: string | null + recording?: boolean + lastStatus?: string +} + +export interface Cloudtrail { + isMultiRegionTrail?: string + status?: Status + eventSelectors?: EventSelector[] +} + +export interface Principal { + key?: string + value?: string[] +} + +export interface Statement { + effect?: string + principal?: Principal[] +} + +export interface Policy { + statement?: Statement[] +} + +export interface S3 { + policy?: Policy + logging?: string +} + +export interface RecordingGroup { + allSupported?: boolean + includeGlobalResourceTypes?: boolean +} + +export interface ConfigurationRecorder { + status?: Status + recordingGroup?: RecordingGroup +} + +export interface FlowLog { + resourceId?: string +} + +export interface QueryawsAccount { + id: string + cloudtrail?: Cloudtrail[] + configurationRecorders?: ConfigurationRecorder[] +} + +export interface QueryawsCloudtrail { + id: string + logFileValidationEnabled?: string + cloudWatchLogsLogGroupArn?: string | null + s3?: S3[] + status?: Status + kmsKeyId?: string | null +} + +export interface QueryawsKms { + id: string + keyManager: string + keyRotationEnabled: boolean +} + +export interface QueryawsVpc { + id: string + flowLog: FlowLog[] +} + +export interface CIS3xQueryResponse { + queryawsAccount?: QueryawsAccount[] + queryawsCloudtrail?: QueryawsCloudtrail[] + queryawsKms?: QueryawsKms[] + queryawsVpc?: QueryawsVpc[] +} + +describe('CIS Amazon Web Services Foundations: 1.3.0', () => { + let rulesEngine: Engine + beforeAll(() => { + rulesEngine = new CloudGraph.RulesEngine({ + providerName: 'aws', + entityName: 'CIS', + }) + }) + + describe('AWS CIS 3.1 Ensure CloudTrail is enabled in all regions', () => { + const getTestRuleFixture = ( + isMultiRegionTrail: string, + isLogging: boolean, + readWriteType: string, + includeManagementEvents: boolean + ): CIS3xQueryResponse => { + return { + queryawsAccount: [ + { + id: cuid(), + cloudtrail: [ + { + isMultiRegionTrail, + status: { + isLogging, + }, + eventSelectors: [ + { + readWriteType, + includeManagementEvents, + }, + ], + }, + ], + }, + ], + } + } + + // Act + const testRule = async ( + data: CIS3xQueryResponse, + expectedResult: Result + ): Promise => { + // Act + const [processedRule] = await rulesEngine.processRule( + Aws_CIS_130_31 as Rule, + { ...data } + ) + + // Asserts + expect(processedRule.result).toBe(expectedResult) + } + + test('No Security Issue when a trail has set IsMultiRegionTrail and isLogging as true with at least one Event Selector with IncludeManagementEvents set to true and ReadWriteType set to All', async () => { + const data: CIS3xQueryResponse = getTestRuleFixture( + 'Yes', + true, + 'All', + true + ) + await testRule(data, Result.PASS) + }) + + test('Security Issue when a trail has set IsMultiRegionTrail is set to false', async () => { + const data: CIS3xQueryResponse = getTestRuleFixture( + 'No', + true, + 'All', + true + ) + await testRule(data, Result.FAIL) + }) + + test('Security Issue when a trail has set isLogging is set to false', async () => { + const data: CIS3xQueryResponse = getTestRuleFixture( + 'Yes', + false, + 'All', + true + ) + await testRule(data, Result.FAIL) + }) + + test('Security Issue when a trail has set multi region as true with all read-write type and include management events false', async () => { + const data: CIS3xQueryResponse = getTestRuleFixture( + 'Yes', + true, + 'All', + false + ) + await testRule(data, Result.FAIL) + }) + + test('Security Issue when there not are any trail', async () => { + const data: CIS3xQueryResponse = getTestRuleFixture('', true, '', true) + const account = data.queryawsAccount?.[0] as QueryawsAccount + account.cloudtrail = [] + await testRule(data, Result.FAIL) + }) + }) + + describe('AWS CIS 3.2 Ensure CloudTrail log file validation is enabled', () => { + const getTestRuleFixture = ( + logFileValidationEnabled: string + ): CIS3xQueryResponse => { + return { + queryawsCloudtrail: [ + { + id: cuid(), + logFileValidationEnabled, + }, + ], + } + } + + // Act + const testRule = async ( + data: CIS3xQueryResponse, + expectedResult: Result + ): Promise => { + // Act + const [processedRule] = await rulesEngine.processRule( + Aws_CIS_130_32 as Rule, + { ...data } + ) + + // Asserts + expect(processedRule.result).toBe(expectedResult) + } + + test('No Security Issue when a trail has log file validation enabled', async () => { + const data: CIS3xQueryResponse = getTestRuleFixture('Yes') + await testRule(data, Result.PASS) + }) + test('Security Issue when a trail has log file validation disabled', async () => { + const data: CIS3xQueryResponse = getTestRuleFixture('No') + await testRule(data, Result.FAIL) + }) + }) + + describe('AWS CIS 3.3 Ensure the S3 bucket used to store CloudTrail logs is not publicly accessible', () => { + const getTestRuleFixture = ( + effect: string, + key: string, + value: string[] + ): CIS3xQueryResponse => { + return { + queryawsCloudtrail: [ + { + id: cuid(), + s3: [ + { + policy: { + statement: [ + { + effect, + principal: [ + { + key, + value, + }, + ], + }, + ], + }, + }, + ], + }, + ], + } + } + + // Act + const testRule = async ( + data: CIS3xQueryResponse, + expectedResult: Result + ): Promise => { + // Act + const [processedRule] = await rulesEngine.processRule( + Aws_CIS_130_33 as Rule, + { ...data } + ) + + // Asserts + expect(processedRule.result).toBe(expectedResult) + } + + test('No Security Issue when a policy contains a statement having an Effect set to Allow and a Principal not set to "*" or {"AWS" : "*"}', async () => { + const data: CIS3xQueryResponse = getTestRuleFixture('Allow', 'Service', [ + 'cloudtrail.amazonaws.com', + ]) + await testRule(data, Result.PASS) + }) + + test('Security Issue when a policy contains a statement having an Effect set to Allow and a Principal set to "*"', async () => { + const data: CIS3xQueryResponse = getTestRuleFixture('Allow', '', ['*']) + await testRule(data, Result.FAIL) + }) + + test('Security Issue when a policy contains a statement having an Effect set to Allow and a Principal set to {"AWS" : "*"}', async () => { + const data: CIS3xQueryResponse = getTestRuleFixture('Allow', 'AWS', ['*']) + await testRule(data, Result.FAIL) + }) + }) + + describe('AWS CIS 3.4 Ensure CloudTrail trails are integrated with CloudWatch Logs', () => { + const getTestRuleFixture = ( + cloudWatchLogsLogGroupArn: string | null, + latestCloudWatchLogsDeliveryTime: string | null + ): CIS3xQueryResponse => { + return { + queryawsCloudtrail: [ + { + id: cuid(), + cloudWatchLogsLogGroupArn, + status: { + latestCloudWatchLogsDeliveryTime, + }, + }, + ], + } + } + + // Act + const testRule = async ( + data: CIS3xQueryResponse, + expectedResult: Result + ): Promise => { + // Act + const [processedRule] = await rulesEngine.processRule( + Aws_CIS_130_34 as Rule, + { ...data } + ) + + // Asserts + expect(processedRule.result).toBe(expectedResult) + } + + test('No Security Issue when a trail has cloudwatch logs integrated with a delivery date no more than a day', async () => { + const data: CIS3xQueryResponse = getTestRuleFixture(cuid(), new Date().toISOString()) + await testRule(data, Result.PASS) + }) + + test('Security Issue when a trail has cloudwatch logs integrated with a delivery date more than a day', async () => { + const data: CIS3xQueryResponse = getTestRuleFixture(cuid(), '2021-11-20T16:18:21.724Z') + await testRule(data, Result.FAIL) + }) + + test('Security Issue when a trail does not have cloudwatch logs integrated', async () => { + const data: CIS3xQueryResponse = getTestRuleFixture(null, null) + await testRule(data, Result.FAIL) + }) + }) + + describe('AWS CIS 3.5 Ensure AWS Config is enabled in all regions', () => { + const getTestRuleFixture = ( + allSupported: boolean, + includeGlobalResourceTypes: boolean, + recording: boolean, + lastStatus: string + ): CIS3xQueryResponse => { + return { + queryawsAccount: [ + { + id: cuid(), + configurationRecorders: [ + { + recordingGroup: { + allSupported, + includeGlobalResourceTypes, + }, + status: { + recording, + lastStatus, + }, + }, + ], + }, + ], + } + } + + // Act + const testRule = async ( + data: CIS3xQueryResponse, + expectedResult: Result + ): Promise => { + // Act + const [processedRule] = await rulesEngine.processRule( + Aws_CIS_130_35 as Rule, + { ...data } + ) + + // Asserts + expect(processedRule.result).toBe(expectedResult) + } + + test('No Security Issue when a configuration recorder is enabled in all regions', async () => { + const data: CIS3xQueryResponse = getTestRuleFixture(true, true, true, 'SUCCESS') + await testRule(data, Result.PASS) + }) + + test('Security Issue when a configuration recorder has recordingGroup object includes "allSupported": false', async () => { + const data: CIS3xQueryResponse = getTestRuleFixture(false, true, true, 'SUCCESS') + await testRule(data, Result.FAIL) + }) + + test('Security Issue when a configuration recorder has recordingGroup object includes "includeGlobalResourceTypes": false', async () => { + const data: CIS3xQueryResponse = getTestRuleFixture(true, false, true, 'SUCCESS') + await testRule(data, Result.FAIL) + }) + + test('Security Issue when a configuration recorder has status object includes "lastStatus" not "SUCCESS"', async () => { + const data: CIS3xQueryResponse = getTestRuleFixture(true, true, true, 'FAILED') + await testRule(data, Result.FAIL) + }) + + test('Security Issue when there not are any configurationRecorder', async () => { + const data: CIS3xQueryResponse = getTestRuleFixture(true, true, true, 'SUCCESS') + const account = data.queryawsAccount?.[0] as QueryawsAccount + account.configurationRecorders = [] + await testRule(data, Result.FAIL) + }) + }) + + describe('AWS CIS 3.6 Ensure S3 bucket access logging is enabled on the CloudTrail S3 bucket', () => { + const getTestRuleFixture = ( + logging: string + ): CIS3xQueryResponse => { + return { + queryawsCloudtrail: [ + { + id: cuid(), + s3: [ + { + logging, + }, + ], + }, + ], + } + } + + // Act + const testRule = async ( + data: CIS3xQueryResponse, + expectedResult: Result + ): Promise => { + // Act + const [processedRule] = await rulesEngine.processRule( + Aws_CIS_130_36 as Rule, + { ...data } + ) + + // Asserts + expect(processedRule.result).toBe(expectedResult) + } + + test('No Security Issue when a trails bucket has access logging enabled', async () => { + const data: CIS3xQueryResponse = getTestRuleFixture('Enabled') + await testRule(data, Result.PASS) + }) + + test('Security Issue when a trails bucket has access logging disabled', async () => { + const data: CIS3xQueryResponse = getTestRuleFixture('Disabled') + await testRule(data, Result.FAIL) + }) + }) + + describe('AWS CIS 3.7 Ensure CloudTrail logs are encrypted at rest using KMS CMKs', () => { + const getTestRuleFixture = ( + kmsKeyId: string | null + ): CIS3xQueryResponse => { + return { + queryawsCloudtrail: [ + { + id: cuid(), + kmsKeyId, + }, + ], + } + } + + // Act + const testRule = async ( + data: CIS3xQueryResponse, + expectedResult: Result + ): Promise => { + // Act + const [processedRule] = await rulesEngine.processRule( + Aws_CIS_130_37 as Rule, + { ...data } + ) + + // Asserts + expect(processedRule.result).toBe(expectedResult) + } + + test('No Security Issue when cloudtrail logs are encrypted using a KMS key', async () => { + const data: CIS3xQueryResponse = getTestRuleFixture(cuid()) + await testRule(data, Result.PASS) + }) + + test('Security Issue when cloudtrail logs are not encrypted', async () => { + const data: CIS3xQueryResponse = getTestRuleFixture(null) + await testRule(data, Result.FAIL) + }) + }) + + describe('AWS CIS 3.8 Ensure rotation for customer created CMKs is enabled', () => { + const getTestRuleFixture = ( + keyManager: string, + keyRotationEnabled: boolean + ): CIS3xQueryResponse => { + return { + queryawsKms: [ + { + id: cuid(), + keyManager, + keyRotationEnabled + }, + ], + } + } + + // Act + const testRule = async ( + data: CIS3xQueryResponse, + expectedResult: Result + ): Promise => { + // Act + const [processedRule] = await rulesEngine.processRule( + Aws_CIS_130_38 as Rule, + { ...data } + ) + + // Asserts + expect(processedRule.result).toBe(expectedResult) + } + + test('No Security Issue when rotation is enabled with AWS as a manager', async () => { + const data: CIS3xQueryResponse = getTestRuleFixture('AWS', true) + await testRule(data, Result.PASS) + }) + + test('Security Issue when rotation is disabled with customer as a manager', async () => { + const data: CIS3xQueryResponse = getTestRuleFixture('CUSTOMER', false) + await testRule(data, Result.FAIL) + }) + + test('Security Issue when rotation is disabled with AWS as a manager', async () => { + const data: CIS3xQueryResponse = getTestRuleFixture('AWS', false) + await testRule(data, Result.FAIL) + }) + }) + + describe('AWS CIS 3.9 Ensure VPC flow logging is enabled in all VPCs', () => { + const getTestRuleFixture = ( + flowLog: FlowLog[], + ): CIS3xQueryResponse => { + return { + queryawsVpc: [ + { + id: cuid(), + flowLog + }, + ], + } + } + + // Act + const testRule = async ( + data: CIS3xQueryResponse, + expectedResult: Result + ): Promise => { + // Act + const [processedRule] = await rulesEngine.processRule( + Aws_CIS_130_39 as Rule, + { ...data } + ) + + // Asserts + expect(processedRule.result).toBe(expectedResult) + } + + test('No Security Issue when flow logging is enabled for each VPC', async () => { + const data: CIS3xQueryResponse = getTestRuleFixture([{resourceId: cuid()}]) + await testRule(data, Result.PASS) + }) + + test('Security Issue when flow logging is disabled on one VPC', async () => { + const data: CIS3xQueryResponse = getTestRuleFixture([]) + await testRule(data, Result.FAIL) + }) + }) + + describe('AWS CIS 3.10 Ensure that Object-level logging for write events is enabled for S3 bucket', () => { + const getTestRuleFixture = ( + includeManagementEvents: boolean, + readWriteType: string, + dataResources: DataResource[] + ): CIS3xQueryResponse => { + return { + queryawsAccount: [ + { + id: cuid(), + cloudtrail: [ + { + eventSelectors: [ + { + includeManagementEvents, + readWriteType, + dataResources, + }, + ], + }, + ], + }, + ], + } + } + + // Act + const testRule = async ( + data: CIS3xQueryResponse, + expectedResult: Result + ): Promise => { + // Act + const [processedRule] = await rulesEngine.processRule( + Aws_CIS_130_310 as Rule, + { ...data } + ) + + // Asserts + expect(processedRule.result).toBe(expectedResult) + } + + test('No Security Issue when S3 bucket object-level logging for write events is enabled', async () => { + const data: CIS3xQueryResponse = getTestRuleFixture(true, 'WriteOnly', [ + { type: 'AWS::S3::Object' }, + ]) + await testRule(data, Result.PASS) + }) + + test('Security Issue when S3 bucket object-level logging for write events is not enabled', async () => { + const data: CIS3xQueryResponse = getTestRuleFixture(true, 'WriteOnly', []) + await testRule(data, Result.FAIL) + }) + }) + + describe('AWS CIS 3.11 Ensure that Object-level logging for read events is enabled for S3 bucket', () => { + const getTestRuleFixture = ( + includeManagementEvents: boolean, + readWriteType: string, + dataResources: DataResource[] + ): CIS3xQueryResponse => { + return { + queryawsAccount: [ + { + id: cuid(), + cloudtrail: [ + { + eventSelectors: [ + { + includeManagementEvents, + readWriteType, + dataResources, + }, + ], + }, + ], + }, + ], + } + } + + // Act + const testRule = async ( + data: CIS3xQueryResponse, + expectedResult: Result + ): Promise => { + // Act + const [processedRule] = await rulesEngine.processRule( + Aws_CIS_130_311 as Rule, + { ...data } + ) + + // Asserts + expect(processedRule.result).toBe(expectedResult) + } + + test('No Security Issue when S3 bucket object-level logging for read events is enabled', async () => { + const data: CIS3xQueryResponse = getTestRuleFixture(true, 'ReadOnly', [ + { type: 'AWS::S3::Object' }, + ]) + await testRule(data, Result.PASS) + }) + + test('Security Issue when S3 bucket object-level logging for read events is not enabled', async () => { + const data: CIS3xQueryResponse = getTestRuleFixture(true, 'ReadOnly', []) + await testRule(data, Result.FAIL) + }) + }) +}) diff --git a/src/aws/cis-1.3.0/tests/aws-cis-1.3.0.test.ts b/src/aws/cis-1.3.0/tests/aws-cis-1.3.0.test.ts deleted file mode 100644 index 42728eac..00000000 --- a/src/aws/cis-1.3.0/tests/aws-cis-1.3.0.test.ts +++ /dev/null @@ -1,19 +0,0 @@ -import CloudGraph, { Rule, Result, Engine } from '@cloudgraph/sdk' - - -describe('CIS Amazon Web Services Foundations: 1.3.0', () => { - let rulesEngine: Engine - beforeAll(() => { - rulesEngine = new CloudGraph.RulesEngine({ - providerName: 'aws', - entityName: 'CIS', - }) - }) - - // TODO: Change once we have real checks - describe("Dummy Check", () => { - test('Dummy Test', async () => { - expect('PASS').toBe(Result.PASS) - }) - }) -}) From 2c156515a964eb8fe5715c9181ef905bb0dffc4f Mon Sep 17 00:00:00 2001 From: "mariano.pizarro" Date: Fri, 6 May 2022 15:59:29 -0300 Subject: [PATCH 08/30] feat: Included 5.1, 5.2, 5.3 rules for aws cis 1.3.0 --- src/aws/cis-1.3.0/README.md | 13 +- src/aws/cis-1.3.0/rules/aws-cis-1.3.0-5.1.ts | 114 +++++ src/aws/cis-1.3.0/rules/aws-cis-1.3.0-5.2.ts | 105 +++++ src/aws/cis-1.3.0/rules/aws-cis-1.3.0-5.3.ts | 111 +++++ src/aws/cis-1.3.0/rules/index.ts | 7 +- .../cis-1.3.0/tests/aws-cis-1.3.0-5.x.test.ts | 427 ++++++++++++++++++ src/aws/cis-1.3.0/tests/aws-cis-1.3.0.test.ts | 19 - 7 files changed, 768 insertions(+), 28 deletions(-) create mode 100644 src/aws/cis-1.3.0/rules/aws-cis-1.3.0-5.1.ts create mode 100644 src/aws/cis-1.3.0/rules/aws-cis-1.3.0-5.2.ts create mode 100644 src/aws/cis-1.3.0/rules/aws-cis-1.3.0-5.3.ts create mode 100644 src/aws/cis-1.3.0/tests/aws-cis-1.3.0-5.x.test.ts delete mode 100644 src/aws/cis-1.3.0/tests/aws-cis-1.3.0.test.ts diff --git a/src/aws/cis-1.3.0/README.md b/src/aws/cis-1.3.0/README.md index d3f8bdb0..5b1e42d0 100644 --- a/src/aws/cis-1.3.0/README.md +++ b/src/aws/cis-1.3.0/README.md @@ -53,11 +53,8 @@ Policy Pack based on the [AWS Foundations 1.3.0](https://docs.aws.amazon.com/aud } ``` - +| Rule | Description | +| ------------ | --------------------------------------------------------------------------------------------------------------------------- | +| AWS CIS 5.1 | Ensure no Network ACLs allow ingress from 0.0.0.0/0 to remote server administration ports | +| AWS CIS 5.2 | Ensure no security groups allow ingress from 0.0.0.0/0 to remote server administration ports | +| AWS CIS 5.3 | Ensure the default security group of every VPC restricts all traffic | diff --git a/src/aws/cis-1.3.0/rules/aws-cis-1.3.0-5.1.ts b/src/aws/cis-1.3.0/rules/aws-cis-1.3.0-5.1.ts new file mode 100644 index 00000000..ff44a19f --- /dev/null +++ b/src/aws/cis-1.3.0/rules/aws-cis-1.3.0-5.1.ts @@ -0,0 +1,114 @@ +export default { + id: 'aws-cis-1.3.0-5.1', + title: 'AWS CIS 5.1 Ensure no Network ACLs allow ingress from 0.0.0.0/0 to remote server administration ports', + + description: 'The Network Access Control List (NACL) function provide stateless filtering of ingress and egress network traffic to AWS resources. It is recommended that no NACL allows unrestricted ingress access to remote server administration ports, such as SSH to port 22 and RDP to port 3389.', + + audit: `**From Console:** + Perform the following to determine if the account is configured as prescribed: + + 1. Login to the AWS Management Console at https://console.aws.amazon.com/vpc/home + 2. In the left pane, click *Network ACLs* + 3. For each network ACL, perform the following: + - Select the network ACL + - Click the *Inbound Rules* tab + - Ensure no rule exists that has a port range that includes port *22*, *3389*, or other remote server administration ports for your environment and has a *Source* of *0.0.0.0/0* and shows *ALLOW* + + **Note:** A Port value of *ALL* or a port range such as *0-1024* are inclusive of port *22*, *3389*, and other remote server administration ports`, + + rationale: 'Public access to remote server administration ports, such as 22 and 3389, increases resource attack surface and unnecessarily raises the risk of resource compromise.', + + remediation: `**From Console:** + Perform the following: + + 1. Login to the AWS Management Console at https://console.aws.amazon.com/vpc/home + 2. In the left pane, click *Network ACLs* + 3. For each network ACL to remediate, perform the following: + - Select the network ACL + - Click the *Inbound Rules* tab + - Click *Edit inbound rules* + - Either A) update the Source field to a range other than 0.0.0.0/0, or, B) Click *Delete* to remove the offending inbound rule + - Click *Save*`, + + references: [ + 'https://docs.aws.amazon.com/vpc/latest/userguide/vpc-network-acls.html', + 'https://docs.aws.amazon.com/vpc/latest/userguide/VPC_Security.html#VPC_Security_Comparison', + ], + gql: `{ + queryawsNetworkAcl { + id + arn + accountId + __typename + inboundRules { + source + fromPort + toPort + allowOrDeny + } + } + }`, + resource: 'queryawsNetworkAcl[*]', + severity: 'high', + conditions: { + not: { + path: '@.inboundRules', + array_any: { + and: [ + { + path: '[*].source', + in: ['0.0.0.0/0', '::/0'], + }, + { + path: '[*].allowOrDeny', + equal: 'allow', + }, + { + or: [ + { + and: [ + { + path: '[*].fromPort', + equal: null, + }, + { + path: '[*].toPort', + equal: null, + }, + ], + }, + { + or: [ + { + and: [ + { + path: '[*].fromPort', + lessThanInclusive: 22, + }, + { + path: '[*].toPort', + greaterThanInclusive: 22, + }, + ], + }, + { + and: [ + { + path: '[*].fromPort', + lessThanInclusive: 3389, + }, + { + path: '[*].toPort', + greaterThanInclusive: 3389, + }, + ], + }, + ] + }, + ], + }, + ], + }, + }, + }, +} diff --git a/src/aws/cis-1.3.0/rules/aws-cis-1.3.0-5.2.ts b/src/aws/cis-1.3.0/rules/aws-cis-1.3.0-5.2.ts new file mode 100644 index 00000000..f09484bd --- /dev/null +++ b/src/aws/cis-1.3.0/rules/aws-cis-1.3.0-5.2.ts @@ -0,0 +1,105 @@ +export default { + id: 'aws-cis-1.3.0-5.2', + title: 'AWS CIS 5.2 Ensure no security groups allow ingress from 0.0.0.0/0 to remote server administration ports', + + description: 'Security groups provide stateful filtering of ingress and egress network traffic to AWS resources. It is recommended that no security group allows unrestricted ingress access to remote server administration ports, such as SSH to port 22 and RDP to port 3389.', + + audit: `Perform the following to determine if the account is configured as prescribed: + + 1. Login to the AWS Management Console at https://console.aws.amazon.com/vpc/home + 2. In the left pane, click *Security Groups* + 3. For each security group, perform the following: + 4. Select the security group + 5. Click the *Inbound Rules* tab + 6. Ensure no rule exists that has a port range that includes port *22*, *3389*, or other remote server administration ports for your environment and has a *Source* of *0.0.0.0/0* + + **Note:** A Port value of *ALL* or a port range such as *0-1024* are inclusive of port *22*, *3389*, and other remote server administration ports.`, + + rationale: 'Public access to remote server administration ports, such as 22 and 3389, increases resource attack surface and unnecessarily raises the risk of resource compromise.', + + remediation: `Perform the following to implement the prescribed state: + + 1. Login to the AWS Management Console at https://console.aws.amazon.com/vpc/home + 2. In the left pane, click *Security Groups* + 3. For each security group, perform the following: + 4. Select the security group + 5. Click the *Inbound Rules* tab + 6. Click the *Edit inbound rules* button + 7. Identify the rules to be edited or removed + 8. Either A) update the Source field to a range other than 0.0.0.0/0, or, B) Click *Delete* to remove the offending inbound rule + 9. Click *Save rules*`, + + references: ['https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-security-groups.html#deleting-security-group-rule'], + gql: `{ + queryawsSecurityGroup{ + id + arn + accountId + __typename + inboundRules{ + source + toPort + fromPort + } + } + }`, + resource: 'queryawsSecurityGroup[*]', + severity: 'high', + conditions: { + not: { + path: '@.inboundRules', + array_any: { + and: [ + { + path: '[*].source', + in: ['0.0.0.0/0', '::/0'], + }, + { + or: [ + { + and: [ + { + path: '[*].fromPort', + equal: null, + }, + { + path: '[*].toPort', + equal: null, + }, + ], + }, + { + or: [ + { + and: [ + { + path: '[*].fromPort', + lessThanInclusive: 22, + }, + { + path: '[*].toPort', + greaterThanInclusive: 22, + }, + ], + }, + { + and: [ + { + path: '[*].fromPort', + lessThanInclusive: 3389, + }, + { + path: '[*].toPort', + greaterThanInclusive: 3389, + }, + ], + }, + ] + }, + ], + }, + ], + }, + }, + }, +} diff --git a/src/aws/cis-1.3.0/rules/aws-cis-1.3.0-5.3.ts b/src/aws/cis-1.3.0/rules/aws-cis-1.3.0-5.3.ts new file mode 100644 index 00000000..0b792377 --- /dev/null +++ b/src/aws/cis-1.3.0/rules/aws-cis-1.3.0-5.3.ts @@ -0,0 +1,111 @@ +// AWS CIS 1.2.0 Rule equivalent 4.3 +export default { + id: 'aws-cis-1.3.0-5.3', + title: + 'AWS CIS 5.3 Ensure the default security group of every VPC restricts all traffic', + description: `A VPC comes with a default security group whose initial settings deny all inbound traffic, + allow all outbound traffic, and allow all traffic between instances assigned to the security + group. If you don't specify a security group when you launch an instance, the instance is + automatically assigned to this default security group. Security groups provide stateful + filtering of ingress/egress network traffic to AWS resources. It is recommended that the + default security group restrict all traffic. + + The default VPC in every region should have its default security group updated to comply. + Any newly created VPCs will automatically contain a default security group that will need + remediation to comply with this recommendation. + + **NOTE:** When implementing this recommendation, VPC flow logging is invaluable in + determining the least privilege port access required by systems to work properly because it + can log all packet acceptances and rejections occurring under the current security groups. + This dramatically reduces the primary barrier to least privilege engineering - discovering + the minimum ports required by systems in the environment. Even if the VPC flow logging + recommendation in this benchmark is not adopted as a permanent security measure, it + should be used during any period of discovery and engineering for least privileged security + groups.`, + audit: `Perform the following to determine if the account is configured as prescribed: + Security Group State + + 1. Login to the AWS Management Console at https://console.aws.amazon.com/vpc/home + 2. Repeat the next steps for all VPCs - including the default VPC in each AWS region: + 3. In the left pane, click *Security Groups* + 4. For each default security group, perform the following: + 5. Select the *default* security group + 6. Click the *Inbound Rules* tab + 7. Ensure no rule exist + 8. Click the *Outbound Rules* tab + 9. Ensure no rules exist + + Security Group Members + + 1. Login to the AWS Management Console at https://console.aws.amazon.com/vpc/home + 2. Repeat the next steps for all default groups in all VPCs - including the default VPC in each AWS region: + 3. In the left pane, click *Security Groups* + 4. Copy the id of the default security group. + 5. Change to the EC2 Management Console at https://console.aws.amazon.com/ec2/v2/home + 6. In the filter column type 'Security Group ID : < security group id from #4 >`, + rationale: 'Configuring all VPC default security groups to restrict all traffic will encourage least privilege security group development and mindful placement of AWS resources into security groups which will, in turn, reduce the exposure of those resources.', + remediation: `Security Group Members + Perform the following to implement the prescribed state: + + 1. Identify AWS resources that exist within the default security group + 2. Create a set of least privilege security groups for those resources + 3. Place the resources in those security groups + 4. Remove the resources noted in #1 from the default security group + + Security Group State + + 1. Login to the AWS Management Console at https://console.aws.amazon.com/vpc/home + 2. Repeat the next steps for all VPCs - including the default VPC in each AWS region: + 3. In the left pane, click *Security Groups* + 4. For each default security group, perform the following: + 5. Select the *default* security group + 6. Click the *Inbound Rules* tab + 7. Remove any inbound rules + 8. Click the *Outbound Rules* tab + 9. Remove any inbound rules + + Recommended: + IAM groups allow you to edit the "name" field. After remediating default groups rules for all VPCs in all regions, edit this field to add text similar to "DO NOT USE. DO NOT ADD RULES"`, + references: [ + 'CCE-79201-0', + 'http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-network-security.html', + 'CIS CSC v6.0 #9.2', + ], + gql: `{ + queryawsSecurityGroup(filter: { name: { eq: "default" } }) { + id + name + arn + accountId + __typename + inboundRules{ + source + } + outboundRules{ + destination + } + } + }`, + resource: 'queryawsSecurityGroup[*]', + severity: 'high', + conditions: { + not: { + or: [ + { + path: '@.inboundRules', + array_any: { + path: '[*].source', + in: ['0.0.0.0/0', '::/0'], + }, + }, + { + path: '@.outboundRules', + array_any: { + path: '[*].destination', + in: ['0.0.0.0/0', '::/0'], + }, + }, + ], + }, + }, +} diff --git a/src/aws/cis-1.3.0/rules/index.ts b/src/aws/cis-1.3.0/rules/index.ts index c7468a33..4a7abf26 100644 --- a/src/aws/cis-1.3.0/rules/index.ts +++ b/src/aws/cis-1.3.0/rules/index.ts @@ -1,4 +1,9 @@ +import Aws_CIS_130_51 from './aws-cis-1.3.0-5.1' +import Aws_CIS_130_52 from './aws-cis-1.3.0-5.2' +import Aws_CIS_130_53 from './aws-cis-1.3.0-5.3' export default [ - // TODO: Add rules to export + Aws_CIS_130_51, + Aws_CIS_130_52, + Aws_CIS_130_53, ] diff --git a/src/aws/cis-1.3.0/tests/aws-cis-1.3.0-5.x.test.ts b/src/aws/cis-1.3.0/tests/aws-cis-1.3.0-5.x.test.ts new file mode 100644 index 00000000..d28106b2 --- /dev/null +++ b/src/aws/cis-1.3.0/tests/aws-cis-1.3.0-5.x.test.ts @@ -0,0 +1,427 @@ +import CloudGraph, { Rule, Result, Engine } from '@cloudgraph/sdk' +import cuid from 'cuid' + +import Aws_CIS_130_51 from '../rules/aws-cis-1.3.0-5.1' +import Aws_CIS_130_52 from '../rules/aws-cis-1.3.0-5.2' +import Aws_CIS_130_53 from '../rules/aws-cis-1.3.0-5.3' + +const ipV4WildcardAddress = '0.0.0.0/0' +const ipV6WildcardAddress = '::/0' + +export interface InboundRule { + source?: string + toPort?: number | null + fromPort?: number | null + protocol?: string + allowOrDeny?: string +} + +export interface OutboundRule { + destination?: string + toPort?: number | null + fromPort?: number | null + protocol?: string +} + +export interface QueryawsSecurityGroup { + id: string + inboundRules?: InboundRule[] + outboundRules?: OutboundRule[] +} + +export interface QueryawsNetworkAcl { + id: string + inboundRules?: InboundRule[] + outboundRules?: OutboundRule[] +} + +export interface QueryResponse { + queryawsNetworkAcl?: QueryawsNetworkAcl[] + queryawsSecurityGroup: QueryawsSecurityGroup[] +} + +describe('CIS Amazon Web Services Foundations: 1.3.0', () => { + let rulesEngine: Engine + beforeAll(() => { + rulesEngine = new CloudGraph.RulesEngine({ + providerName: 'aws', + entityName: 'CIS', + }) + }) + + describe('AWS CIS 5.1 Ensure no Network ACLs allow ingress from 0.0.0.0/0 to remote server administration ports', () => { + const test51Rule = async ( + fromPort: number | undefined, + toPort: number | undefined, + sourceAddress: string, + expectedResult: Result, + includeRandomValidData = false + ): Promise => { + // Arrange + const validInboundRule = { + toPort: 123, + fromPort: 456, + source: '10.10.10.10/16', + allowOrDeny: 'allow' + } + + const data: QueryResponse = { + queryawsSecurityGroup: [], + queryawsNetworkAcl: [ + { + id: cuid(), + inboundRules: [ + { + toPort, + fromPort, + source: sourceAddress, + allowOrDeny: 'allow' + }, + ], + }, + ], + } + + if (includeRandomValidData) { + data.queryawsNetworkAcl?.[0].inboundRules?.push(validInboundRule) + data.queryawsNetworkAcl?.push({ + id: cuid(), + inboundRules: [validInboundRule, validInboundRule], + }) + } + + // Act + const [processedRule] = await rulesEngine.processRule(Aws_CIS_130_51 as Rule, { ...data }) + + // Asserts + expect(processedRule.result).toBe(expectedResult) + } + + test('No Security Issue when there is an inbound rule with a random IPv4 address and port 22', async () => { + await test51Rule(22, 22, '10.10.10.10/16', Result.PASS) + }) + + test('No Security Issue when there is an inbound rule with a random IPv4 address and port 3389', async () => { + await test51Rule(3389, 3389, '10.10.10.10/16', Result.PASS) + }) + + test('No Security Issue when there is an inbound rule with IPv4 wildcard address and port 80', async () => { + await test51Rule(80, 80, ipV4WildcardAddress, Result.PASS) + }) + + test('No Security Issue when there is an inbound rule with IPv6 wildcard address and port 80', async () => { + await test51Rule(80, 80, ipV6WildcardAddress, Result.PASS) + }) + + test('No Security Issue when there is an inbound rule with a random IPv4 and a port range not including the port 22', async () => { + await test51Rule( + 100, + 200, + '10.10.10.10/16', + Result.PASS + ) + }) + + test('No Security Issue when there is an inbound rule with IPv4 wildcard address and a port range not including the port 3389', async () => { + await test51Rule( + 1000, + 2000, + ipV4WildcardAddress, + Result.PASS + ) + }) + + test('No Security Issue when there is an inbound rule with IPv6 wildcard address and a port range not including the port 22', async () => { + await test51Rule( + 100, + 200, + ipV6WildcardAddress, + Result.PASS + ) + }) + + test('No Security Issue when there is an inbound rule with IPv6 wildcard address and a port range not including the port 3389 (multiple values)', async () => { + await test51Rule( + 1000, + 2000, + ipV6WildcardAddress, + Result.PASS, + true + ) + }) + + test('Security Issue when IPv4 wildcard address and port 22', async () => { + await test51Rule(22, 22, ipV4WildcardAddress, Result.FAIL) + }) + + test('Security Issue when IPv6 wildcard address and port 3389', async () => { + await test51Rule(3389, 3389, ipV6WildcardAddress, Result.FAIL) + }) + + test('Security Issue when IPv4 wildcard address and port 22 (multiple values)', async () => { + await test51Rule( + 22, + 22, + ipV4WildcardAddress, + Result.FAIL, + true + ) + }) + + test('Security Issue when there is an inbound rule with IPv4 wildcard address and no port range is specified', async () => { + await test51Rule( + undefined, + undefined, + ipV4WildcardAddress, + Result.FAIL + ) + }) + + test('Security Issue when there is an inbound rule with IPv6 wildcard address and no port range is specified', async () => { + await test51Rule( + undefined, + undefined, + ipV6WildcardAddress, + Result.FAIL + ) + }) + + test('Security Issue when there is an inbound rule with IPv4 wildcard address and port range includes the port 22', async () => { + await test51Rule(0, 100, ipV4WildcardAddress, Result.FAIL) + }) + + test('Security Issue when there is an inbound rule with IPv6 wildcard address and port range includes the port 22', async () => { + await test51Rule(0, 100, ipV6WildcardAddress, Result.FAIL) + }) + + test('Security Issue when there is an inbound rule with IPv4 wildcard address and port range includes the port 3389', async () => { + await test51Rule(3000, 4000, ipV4WildcardAddress, Result.FAIL) + }) + + test('Security Issue when there is an inbound rule with IPv6 wildcard address and port range includes the port 3389', async () => { + await test51Rule(3000, 4000, ipV6WildcardAddress, Result.FAIL) + }) + }) + + describe('AWS CIS 5.2 Ensure no security groups allow ingress from 0.0.0.0/0 to remote server administration ports', () => { + const testRule = async ( + fromPort: number | null , + toPort: number | null, + sourceAddress: string, + expectedResult: Result, + includeRandomValidData = false + ): Promise => { + // Arrange + const validInboundRule = { + toPort: 123, + fromPort: 456, + source: '10.10.10.10/16', + } + + const data: QueryResponse = { + queryawsSecurityGroup: [ + { + id: cuid(), + inboundRules: [ + { + toPort, + fromPort, + source: sourceAddress, + }, + ], + }, + ], + } + + if (includeRandomValidData) { + data.queryawsSecurityGroup?.[0].inboundRules?.push(validInboundRule) + data.queryawsSecurityGroup?.push({ + id: cuid(), + inboundRules: [validInboundRule, validInboundRule], + }) + } + + // Act + const [processedRule] = await rulesEngine.processRule(Aws_CIS_130_52 as Rule, { ...data }) + + // Asserts + expect(processedRule.result).toBe(expectedResult) + } + + test('No Security Issue when there is an inbound rule with a random IPv4 address and port 22', async () => { + await testRule(22, 22, '10.10.10.10/16', Result.PASS) + }) + + test('No Security Issue when there is an inbound rule with a random IPv4 address and port 3389', async () => { + await testRule(3389, 3389, '10.10.10.10/16', Result.PASS) + }) + + test('No Security Issue when there is an inbound rule with IPv6 wildcard address and port 80', async () => { + await testRule(80, 80, ipV6WildcardAddress, Result.PASS) + }) + + test('No Security Issue when there is an inbound rule with a random IPv4 and a port range not including the port 22', async () => { + await testRule( + 100, + 200, + '10.10.10.10/16', + Result.PASS + ) + }) + + test('No Security Issue when there is an inbound rule with IPv4 wildcard address and a port range not including the port 3389', async () => { + await testRule( + 1000, + 2000, + ipV4WildcardAddress, + Result.PASS + ) + }) + + test('No Security Issue when there is an inbound rule with IPv6 wildcard address and a port range not including the port 22', async () => { + await testRule( + 100, + 200, + ipV6WildcardAddress, + Result.PASS + ) + }) + + test('No Security Issue when there is an inbound rule with IPv6 wildcard address and a port range not including the port 3389 (multiple values)', async () => { + await testRule( + 1000, + 2000, + ipV6WildcardAddress, + Result.PASS, + true + ) + }) + + test('Security Issue when IPv4 wildcard address and port 22', async () => { + await testRule(22, 22, ipV4WildcardAddress, Result.FAIL) + }) + + test('Security Issue when IPv6 wildcard address and port 3389', async () => { + await testRule(3389, 3389, ipV6WildcardAddress, Result.FAIL) + }) + + test('Security Issue when IPv4 wildcard address and port 22 (multiple values)', async () => { + await testRule( + 22, + 22, + ipV4WildcardAddress, + Result.FAIL, + true + ) + }) + + test('Security Issue when IPv4 wildcard address and port 3389 (multiple values)', async () => { + await testRule( + 3389, + 3389, + ipV4WildcardAddress, + Result.FAIL, + true + ) + }) + + test('Security Issue when there is an inbound rule with IPv4 wildcard address and no port range is specified', async () => { + await testRule( + null, + null, + ipV4WildcardAddress, + Result.FAIL + ) + }) + + test('Security Issue when there is an inbound rule with IPv6 wildcard address and no port range is specified', async () => { + await testRule( + null, + null, + ipV6WildcardAddress, + Result.FAIL + ) + }) + + test('Security Issue when there is an inbound rule with IPv4 wildcard address and port range includes the port 22', async () => { + await testRule(0, 100, ipV4WildcardAddress, Result.FAIL) + }) + + test('Security Issue when there is an inbound rule with IPv6 wildcard address and port range includes the port 3389', async () => { + await testRule(3000, 4000, ipV6WildcardAddress, Result.FAIL) + }) + }) + + describe('AWS CIS 5.3 Ensure the default security group of every VPC restricts all traffic', () => { + const test53Rule = async ( + ingressSource: string, + egressDestination: string, + expectedResult: Result + ): Promise => { + // Arrange + const data: QueryResponse = { + queryawsSecurityGroup: [ + { + id: cuid(), + inboundRules: [], + outboundRules: [], + }, + ], + } + if (ingressSource) { + data.queryawsSecurityGroup[0].inboundRules?.push({ + source: ingressSource as string, + }) + } + if (egressDestination) { + data.queryawsSecurityGroup[0].outboundRules?.push({ + destination: egressDestination as string, + }) + } + + // Act + const [processedRule] = await rulesEngine.processRule( + Aws_CIS_130_53 as Rule, + { ...data } + ) + + // Asserts + expect(processedRule.result).toBe(expectedResult) + } + + test('No Security Issue when there is not an inbound/outbound rules with the wildcard addresses', async () => { + await test53Rule( + '10.10.10.10/16', + '2001:db8:3333:4444:5555:6666:7777:8888', + Result.PASS + ) + }) + + test('Security Issue when there is an inbound rule with a IPv4 wilcard address', async () => { + await test53Rule(ipV4WildcardAddress, '', Result.FAIL) + }) + test('Security Issue when there is an inbound rule with a IPv6 wilcard address', async () => { + await test53Rule(ipV6WildcardAddress, '', Result.FAIL) + }) + test('Security Issue when there is an outbound rule with a IPv4 wilcard address', async () => { + await test53Rule('', ipV4WildcardAddress, Result.FAIL) + }) + test('Security Issue when there is an outbound rule with a IPv6 wilcard address', async () => { + await test53Rule('', ipV6WildcardAddress, Result.FAIL) + }) + test('Security Issue when there is an inbound and an outbound rule with a IPv4 wilcard address', async () => { + await test53Rule( + ipV4WildcardAddress, + ipV4WildcardAddress, + Result.FAIL + ) + }) + test('Security Issue when there is an inbound and an outbound rule with a IPv6 wilcard address', async () => { + await test53Rule( + ipV6WildcardAddress, + ipV6WildcardAddress, + Result.FAIL + ) + }) + }) +}) diff --git a/src/aws/cis-1.3.0/tests/aws-cis-1.3.0.test.ts b/src/aws/cis-1.3.0/tests/aws-cis-1.3.0.test.ts deleted file mode 100644 index 42728eac..00000000 --- a/src/aws/cis-1.3.0/tests/aws-cis-1.3.0.test.ts +++ /dev/null @@ -1,19 +0,0 @@ -import CloudGraph, { Rule, Result, Engine } from '@cloudgraph/sdk' - - -describe('CIS Amazon Web Services Foundations: 1.3.0', () => { - let rulesEngine: Engine - beforeAll(() => { - rulesEngine = new CloudGraph.RulesEngine({ - providerName: 'aws', - entityName: 'CIS', - }) - }) - - // TODO: Change once we have real checks - describe("Dummy Check", () => { - test('Dummy Test', async () => { - expect('PASS').toBe(Result.PASS) - }) - }) -}) From a15d17596c09cd02bdc1aa7cad5947014509eadd Mon Sep 17 00:00:00 2001 From: "mariano.pizarro" Date: Mon, 9 May 2022 11:41:10 -0300 Subject: [PATCH 09/30] feat: Initial boilerplate for GCP NIST 800-53 rev4 benchmark --- src/gcp/nist-800-53-rev4/.npmignore | 8 + src/gcp/nist-800-53-rev4/.releaserc.yml | 37 + src/gcp/nist-800-53-rev4/README.md | 60 + src/gcp/nist-800-53-rev4/index.ts | 7 + src/gcp/nist-800-53-rev4/jest.config.js | 7 + src/gcp/nist-800-53-rev4/package.json | 64 + src/gcp/nist-800-53-rev4/rules/index.ts | 3 + .../tests/nist-800-53-rev4.test.ts | 18 + src/gcp/nist-800-53-rev4/tsconfig.json | 20 + yarn.lock | 1827 +++++++++-------- 10 files changed, 1156 insertions(+), 895 deletions(-) create mode 100644 src/gcp/nist-800-53-rev4/.npmignore create mode 100644 src/gcp/nist-800-53-rev4/.releaserc.yml create mode 100644 src/gcp/nist-800-53-rev4/README.md create mode 100644 src/gcp/nist-800-53-rev4/index.ts create mode 100644 src/gcp/nist-800-53-rev4/jest.config.js create mode 100644 src/gcp/nist-800-53-rev4/package.json create mode 100644 src/gcp/nist-800-53-rev4/rules/index.ts create mode 100644 src/gcp/nist-800-53-rev4/tests/nist-800-53-rev4.test.ts create mode 100644 src/gcp/nist-800-53-rev4/tsconfig.json diff --git a/src/gcp/nist-800-53-rev4/.npmignore b/src/gcp/nist-800-53-rev4/.npmignore new file mode 100644 index 00000000..f3dc48f6 --- /dev/null +++ b/src/gcp/nist-800-53-rev4/.npmignore @@ -0,0 +1,8 @@ +rules/ +tests/ +*.bak +.* +jest.config.js +tsconfig.json +**/*.ts +!dist/index.d.ts diff --git a/src/gcp/nist-800-53-rev4/.releaserc.yml b/src/gcp/nist-800-53-rev4/.releaserc.yml new file mode 100644 index 00000000..cba7db8c --- /dev/null +++ b/src/gcp/nist-800-53-rev4/.releaserc.yml @@ -0,0 +1,37 @@ +--- +branches: + - name: alpha + channel: alpha + prerelease: true + - name: beta + channel: beta + prerelease: true + - name: main + +plugins: + - "@semantic-release/commit-analyzer" + - "@semantic-release/release-notes-generator" + - - "@semantic-release/changelog" + - changelogFile: CHANGELOG.md + - - "@semantic-release/git" + - assets: + - CHANGELOG.md + - package.json + - - "@semrel-extra/npm" + - npmPublish: true + - "@semantic-release/github" +verifyConditions: + - "@semantic-release/changelog" + - "@semantic-release/github" + - "@semrel-extra/npm" +prepare: + - "@semantic-release/changelog" + - "@semrel-extra/npm" + - - "@semantic-release/git" + - message: "chore(release): ${nextRelease.version} \n\n${nextRelease.notes}" +publish: + - "@semantic-release/github" + - "@semrel-extra/npm" +success: false +fail: false +tagFormat: "${version}" diff --git a/src/gcp/nist-800-53-rev4/README.md b/src/gcp/nist-800-53-rev4/README.md new file mode 100644 index 00000000..e784b489 --- /dev/null +++ b/src/gcp/nist-800-53-rev4/README.md @@ -0,0 +1,60 @@ +# NIST 800-53 Rev. 4 for Google Cloud Services + +Policy Pack based on the [800-53 Rev. 4](https://csrc.nist.gov/publications/detail/sp/800-53/rev-4/archive/2015-01-22) benchmark provided by the [The National Institute of Standards and Technology (NIST)](https://www.nist.gov) + +## First Steps + +1. Install [Cloud Graph CLI](https://docs.cloudgraph.dev/quick-start). +2. Set up the [GCP Provider](https://www.npmjs.com/package/@cloudgraph/cg-provider-gcp) for CG with the `cg init gcp` command. +3. Add Policy Pack NIST 800-53 Rev. 4 for Google Cloud Services benchmark using `cg policy add gcp-nist-800-53-rev4` command. +4. Execute the ruleset using the scan command `cg scan gcp`. +5. Query the findings using the different options: + + 5a. Querying findings by provider: + + ```graphql + query { + querygcpFindings { + NISTFindings { + id + resourceId + result + } + } + } + ``` + + 5b. Querying findings by specific benchmark: + + ```graphql + query { + querygcpNISTFindings { + id + resourceId + result + } + } + ``` + + 5c. Querying findings by resource: + + ```graphql + query { + querygcpIamPolicy { + id + NISTFindings { + id + resourceId + result + } + } + } + ``` + + diff --git a/src/gcp/nist-800-53-rev4/index.ts b/src/gcp/nist-800-53-rev4/index.ts new file mode 100644 index 00000000..84d5e14f --- /dev/null +++ b/src/gcp/nist-800-53-rev4/index.ts @@ -0,0 +1,7 @@ +import PolicyPacksRules from './rules' + +export default { + provider: 'gcp', + entity: 'NIST', + rules: PolicyPacksRules, +} diff --git a/src/gcp/nist-800-53-rev4/jest.config.js b/src/gcp/nist-800-53-rev4/jest.config.js new file mode 100644 index 00000000..42987aab --- /dev/null +++ b/src/gcp/nist-800-53-rev4/jest.config.js @@ -0,0 +1,7 @@ +/** @type {import('@ts-jest/dist/types').InitialOptionsTsJest} */ +module.exports = { + preset: 'ts-jest', + testEnvironment: 'node', + testMatch: ['/tests/**/*.test.ts'], + testPathIgnorePatterns: ['/lib/', '/node_modules/'], +} diff --git a/src/gcp/nist-800-53-rev4/package.json b/src/gcp/nist-800-53-rev4/package.json new file mode 100644 index 00000000..3a46daff --- /dev/null +++ b/src/gcp/nist-800-53-rev4/package.json @@ -0,0 +1,64 @@ +{ + "name": "@cloudgraph/policy-pack-gcp-nist-800-53-rev4", + "description": "Policy pack implementing The National Institute of Standards and Technology 800-53 Rev. 4 Benchmark for Google Cloud services", + "version": "0.0.1", + "author": "AutoCloud", + "license": "MPL-2.0", + "main": "dist/index.js", + "types": "dist/index.d.ts", + "repository": { + "type": "git", + "url": "git+https://github.com/cloudgraphdev/cloudgraph-policy-packs.git", + "directory": "src/gcp/nist-800-53-rev4" + }, + "bugs": { + "url": "https://github.com/cloudgraphdev/cloudgraph-policy-packs/issues" + }, + "publishConfig": { + "access": "public" + }, + "directories": { + "test": "tests" + }, + "devDependencies": { + "@autocloud/eslint-config": "^0.1.0", + "@cloudgraph/sdk": "^0.18.1", + "@types/jest": "^27.4.0", + "@types/node": "^15.12.4", + "@types/pino": "^6.3.11", + "@typescript-eslint/eslint-plugin": "^4.28.5", + "@typescript-eslint/parser": "^4.28.5", + "cpx": "^1.5.0", + "cuid": "^2.1.8", + "eslint": "^7.25.0", + "eslint-config-airbnb-base": "14.2.1", + "eslint-config-prettier": "^6.11.0", + "eslint-plugin-import": "^2.22.1", + "eslint-plugin-prettier": "^3.4.0", + "jest": "^27.0.6", + "prettier": "^2.4.1", + "shx": "^0.3.3", + "ts-jest": "^27.0.4", + "tslib": "^1", + "typescript": "^4.3.5" + }, + "engines": { + "node": ">=16.0.0" + }, + "homepage": "https://www.cloudgraph.dev/", + "keywords": [ + "cloudgraph" + ], + "prettier": { + "semi": false, + "singleQuote": true + }, + "scripts": { + "build": "yarn prepack", + "clean": "rm -rf dist", + "lint": "eslint", + "prepack": "rm -rf dist && tsc -b", + "publish": "yarn npm publish", + "test": "NODE_ENV=test jest" + } +} diff --git a/src/gcp/nist-800-53-rev4/rules/index.ts b/src/gcp/nist-800-53-rev4/rules/index.ts new file mode 100644 index 00000000..44842b4f --- /dev/null +++ b/src/gcp/nist-800-53-rev4/rules/index.ts @@ -0,0 +1,3 @@ +export default [ + // TODO: Add rules to export +] \ No newline at end of file diff --git a/src/gcp/nist-800-53-rev4/tests/nist-800-53-rev4.test.ts b/src/gcp/nist-800-53-rev4/tests/nist-800-53-rev4.test.ts new file mode 100644 index 00000000..03166c72 --- /dev/null +++ b/src/gcp/nist-800-53-rev4/tests/nist-800-53-rev4.test.ts @@ -0,0 +1,18 @@ +import CloudGraph, { Rule, Result, Engine } from '@cloudgraph/sdk' + +describe('GCP NIST 800-53: Rev. 4', () => { + let rulesEngine: Engine + beforeAll(() => { + rulesEngine = new CloudGraph.RulesEngine({ + providerName: 'gcp', + entityName: 'NIST', + }) + }) + + // TODO: Change once we have real checks + describe('Dummy Check', () => { + test('Dummy Test', async () => { + expect('PASS').toBe(Result.PASS) + }) + }) +}) diff --git a/src/gcp/nist-800-53-rev4/tsconfig.json b/src/gcp/nist-800-53-rev4/tsconfig.json new file mode 100644 index 00000000..5ade62cc --- /dev/null +++ b/src/gcp/nist-800-53-rev4/tsconfig.json @@ -0,0 +1,20 @@ +{ + "compilerOptions": { + "declaration": true, + "importHelpers": true, + "module": "commonjs", + "outDir": "dist", + "rootDir": "./", + "strict": true, + "target": "es2020", + "lib": ["esnext.array", "ES2020.Promise"], + "allowSyntheticDefaultImports": true, + "esModuleInterop": true, + "skipLibCheck": true, + "forceConsistentCasingInFileNames": true + }, + "include": [ + "**/*" + ], + "exclude": ["dist", "./tests"] +} diff --git a/yarn.lock b/yarn.lock index abe6a705..418112c8 100644 --- a/yarn.lock +++ b/yarn.lock @@ -5,15 +5,6 @@ __metadata: version: 6 cacheKey: 8 -"@ampproject/remapping@npm:^2.1.0": - version: 2.1.2 - resolution: "@ampproject/remapping@npm:2.1.2" - dependencies: - "@jridgewell/trace-mapping": ^0.3.0 - checksum: e023f92cdd9723f3042cde3b4d922adfeef0e198aa73486b0b6c034ad36af5f96e5c0cc72b335b30b2eb9852d907efc92af6bfcd3f4b4d286177ee32a189cf92 - languageName: node - linkType: hard - "@autocloud/eslint-config@npm:^0.1.0": version: 0.1.0 resolution: "@autocloud/eslint-config@npm:0.1.0" @@ -49,58 +40,58 @@ __metadata: languageName: node linkType: hard -"@babel/compat-data@npm:^7.17.7": - version: 7.17.7 - resolution: "@babel/compat-data@npm:7.17.7" - checksum: bf13476676884ce9afc199747ff82f3bcd6d42a9cfb01ce91bdb762b83ea11ec619b6ec532d1a80469ab14f191f33b5d4b9f8796fa8be3bc728d42b0c5e737e3 +"@babel/compat-data@npm:^7.16.4": + version: 7.16.4 + resolution: "@babel/compat-data@npm:7.16.4" + checksum: 4949ce54eafc4b38d5623696a872acaaced1a523605708d81c2c483253941917d90dae0de40fc01e152ae56075dadd89c23014da5a632b09c001a716fa689cae languageName: node linkType: hard "@babel/core@npm:^7.1.0, @babel/core@npm:^7.12.3, @babel/core@npm:^7.7.2, @babel/core@npm:^7.8.0": - version: 7.17.9 - resolution: "@babel/core@npm:7.17.9" + version: 7.16.7 + resolution: "@babel/core@npm:7.16.7" dependencies: - "@ampproject/remapping": ^2.1.0 "@babel/code-frame": ^7.16.7 - "@babel/generator": ^7.17.9 - "@babel/helper-compilation-targets": ^7.17.7 - "@babel/helper-module-transforms": ^7.17.7 - "@babel/helpers": ^7.17.9 - "@babel/parser": ^7.17.9 + "@babel/generator": ^7.16.7 + "@babel/helper-compilation-targets": ^7.16.7 + "@babel/helper-module-transforms": ^7.16.7 + "@babel/helpers": ^7.16.7 + "@babel/parser": ^7.16.7 "@babel/template": ^7.16.7 - "@babel/traverse": ^7.17.9 - "@babel/types": ^7.17.0 + "@babel/traverse": ^7.16.7 + "@babel/types": ^7.16.7 convert-source-map: ^1.7.0 debug: ^4.1.0 gensync: ^1.0.0-beta.2 - json5: ^2.2.1 + json5: ^2.1.2 semver: ^6.3.0 - checksum: 2d301e4561a170bb584a735ec412de8fdc40b2052e12380d4a5e36781be5af1fd2a60552e7f0764b0a491a242f20105265bd2a10ff57b30c2842684f02dbb5a2 + source-map: ^0.5.0 + checksum: 3206e077e76db189726c4da19a5296eae11c6c1f5abea7013e74f18708bb91616914717ff8d8ca466cc0ba9d2d2147e9a84c3c357b9ad4cba601da14107838ed languageName: node linkType: hard -"@babel/generator@npm:^7.17.9, @babel/generator@npm:^7.7.2": - version: 7.17.9 - resolution: "@babel/generator@npm:7.17.9" +"@babel/generator@npm:^7.16.7, @babel/generator@npm:^7.7.2": + version: 7.16.7 + resolution: "@babel/generator@npm:7.16.7" dependencies: - "@babel/types": ^7.17.0 + "@babel/types": ^7.16.7 jsesc: ^2.5.1 source-map: ^0.5.0 - checksum: afbdd4afbf731ba0a17e7e2d9a2291e6461259af887f88f1178f63514a86e9c18cec462ae8f9cd6df9ba15a18296f47b0e151202bb4f834f7338ac0c07ec8dc8 + checksum: 20c6a7c5e372a66ec2900c074b2ec3634d3f615cafccbb416770f4b419251c6dc27a0a137b71407e218463fe059a3a6a5afb734f35089d94bdb66e01fe8a9e6f languageName: node linkType: hard -"@babel/helper-compilation-targets@npm:^7.17.7": - version: 7.17.7 - resolution: "@babel/helper-compilation-targets@npm:7.17.7" +"@babel/helper-compilation-targets@npm:^7.16.7": + version: 7.16.7 + resolution: "@babel/helper-compilation-targets@npm:7.16.7" dependencies: - "@babel/compat-data": ^7.17.7 + "@babel/compat-data": ^7.16.4 "@babel/helper-validator-option": ^7.16.7 browserslist: ^4.17.5 semver: ^6.3.0 peerDependencies: "@babel/core": ^7.0.0 - checksum: 24bf851539d5ec8e73779304b5d1ad5b0be09a74459ecc7d9baee9a0fa38ad016e9eaf4b5704504ae8da32f91ce0e31857bbbd9686854caeffd38f58226d3760 + checksum: 7238aaee78c011a42fb5ca92e5eff098752f7b314c2111d7bb9cdd58792fcab1b9c819b59f6a0851dc210dc09dc06b30d130a23982753e70eb3111bc65204842 languageName: node linkType: hard @@ -113,13 +104,23 @@ __metadata: languageName: node linkType: hard -"@babel/helper-function-name@npm:^7.17.9": - version: 7.17.9 - resolution: "@babel/helper-function-name@npm:7.17.9" +"@babel/helper-function-name@npm:^7.16.7": + version: 7.16.7 + resolution: "@babel/helper-function-name@npm:7.16.7" dependencies: + "@babel/helper-get-function-arity": ^7.16.7 "@babel/template": ^7.16.7 - "@babel/types": ^7.17.0 - checksum: a59b2e5af56d8f43b9b0019939a43774754beb7cb01a211809ca8031c71890999d07739e955343135ec566c4d8ff725435f1f60fb0af3bb546837c1f9f84f496 + "@babel/types": ^7.16.7 + checksum: fc77cbe7b10cfa2a262d7a37dca575c037f20419dfe0c5d9317f589599ca24beb5f5c1057748011159149eaec47fe32338c6c6412376fcded68200df470161e1 + languageName: node + linkType: hard + +"@babel/helper-get-function-arity@npm:^7.16.7": + version: 7.16.7 + resolution: "@babel/helper-get-function-arity@npm:7.16.7" + dependencies: + "@babel/types": ^7.16.7 + checksum: 25d969fb207ff2ad5f57a90d118f6c42d56a0171022e200aaa919ba7dc95ae7f92ec71cdea6c63ef3629a0dc962ab4c78e09ca2b437185ab44539193f796e0c3 languageName: node linkType: hard @@ -141,19 +142,19 @@ __metadata: languageName: node linkType: hard -"@babel/helper-module-transforms@npm:^7.17.7": - version: 7.17.7 - resolution: "@babel/helper-module-transforms@npm:7.17.7" +"@babel/helper-module-transforms@npm:^7.16.7": + version: 7.16.7 + resolution: "@babel/helper-module-transforms@npm:7.16.7" dependencies: "@babel/helper-environment-visitor": ^7.16.7 "@babel/helper-module-imports": ^7.16.7 - "@babel/helper-simple-access": ^7.17.7 + "@babel/helper-simple-access": ^7.16.7 "@babel/helper-split-export-declaration": ^7.16.7 "@babel/helper-validator-identifier": ^7.16.7 "@babel/template": ^7.16.7 - "@babel/traverse": ^7.17.3 - "@babel/types": ^7.17.0 - checksum: 0b8f023aa7ff82dc4864349d54c4557865ad8ba54d78f6d78a86b05ca40f65c2d60acb4a54c5c309e7a4356beb9a89b876e54af4b3c4801ad25f62ec3721f0ae + "@babel/traverse": ^7.16.7 + "@babel/types": ^7.16.7 + checksum: 6e930ce776c979f299cdbeaf80187f4ab086d75287b96ecc1c6896d392fcb561065f0d6219fc06fa79b4ceb4bbdc1a9847da8099aba9b077d0a9e583500fb673 languageName: node linkType: hard @@ -164,12 +165,12 @@ __metadata: languageName: node linkType: hard -"@babel/helper-simple-access@npm:^7.17.7": - version: 7.17.7 - resolution: "@babel/helper-simple-access@npm:7.17.7" +"@babel/helper-simple-access@npm:^7.16.7": + version: 7.16.7 + resolution: "@babel/helper-simple-access@npm:7.16.7" dependencies: - "@babel/types": ^7.17.0 - checksum: 58a9bfd054720024f6ff47fbb113c96061dc2bd31a5e5285756bd3c2e83918c6926900e00150d0fb175d899494fe7d69bf2a8b278c32ef6f6bea8d032e6a3831 + "@babel/types": ^7.16.7 + checksum: 8d22c46c5ec2ead0686c4d5a3d1d12b5190c59be676bfe0d9d89df62b437b51d1a3df2ccfb8a77dded2e585176ebf12986accb6d45a18cff229eef3b10344f4b languageName: node linkType: hard @@ -196,34 +197,34 @@ __metadata: languageName: node linkType: hard -"@babel/helpers@npm:^7.17.9": - version: 7.17.9 - resolution: "@babel/helpers@npm:7.17.9" +"@babel/helpers@npm:^7.16.7": + version: 7.16.7 + resolution: "@babel/helpers@npm:7.16.7" dependencies: "@babel/template": ^7.16.7 - "@babel/traverse": ^7.17.9 - "@babel/types": ^7.17.0 - checksum: 3c6db861e4c82fff2de3efb4ad12e32658c50c29920597cd0979390659b202e5849acd9542e0e2453167a52ccc30156ee4455d64d0e330f020d991d7551566f8 + "@babel/traverse": ^7.16.7 + "@babel/types": ^7.16.7 + checksum: 75504c76b66a29b91f954fcc0867dfe275a4cfba5b44df6d64405df74ea72f967fccfa63d62c31c423c5502d113290000c581e0e4858a214f0303d7ecf55c29f languageName: node linkType: hard "@babel/highlight@npm:^7.10.4, @babel/highlight@npm:^7.16.7": - version: 7.17.9 - resolution: "@babel/highlight@npm:7.17.9" + version: 7.16.7 + resolution: "@babel/highlight@npm:7.16.7" dependencies: "@babel/helper-validator-identifier": ^7.16.7 chalk: ^2.0.0 js-tokens: ^4.0.0 - checksum: 7bdf10228f2e4d18f48f114411ed584380d356e7c168d7582c14abd8df9909b2fc09e0a7cd334f47c3eb0bc17e639e0c8d9688c6afd5d09a2bdbf0ac193b11fd + checksum: f7e04e7e03b83c2cca984f4d3e180c9b018784f45d03367e94daf983861229ddc47264045f3b58dfeb0007f9c67bc2a76c4de1693bad90e5394876ef55ece5bb languageName: node linkType: hard -"@babel/parser@npm:^7.1.0, @babel/parser@npm:^7.14.7, @babel/parser@npm:^7.16.7, @babel/parser@npm:^7.17.9": - version: 7.17.9 - resolution: "@babel/parser@npm:7.17.9" +"@babel/parser@npm:^7.1.0, @babel/parser@npm:^7.14.7, @babel/parser@npm:^7.16.7": + version: 7.16.7 + resolution: "@babel/parser@npm:7.16.7" bin: parser: ./bin/babel-parser.js - checksum: ea59c985ebfae7c0299c8ea63ed34903202f51665db8d59c55b4366e20270b74d7367a2c211fdd2db20f25750df89adcc85ab6c8692061c6459a88efb79f43e6 + checksum: e664ff1edda164ab3f3c97fc1dd1a8930b0fba9981cbf873d3f25a22d16d50e2efcfaf81daeefa978bff2c4f268d34832f6817c8bc4e03594c3f43beba92fb68 languageName: node linkType: hard @@ -371,11 +372,11 @@ __metadata: linkType: hard "@babel/runtime@npm:^7.5.5": - version: 7.17.9 - resolution: "@babel/runtime@npm:7.17.9" + version: 7.16.7 + resolution: "@babel/runtime@npm:7.16.7" dependencies: regenerator-runtime: ^0.13.4 - checksum: 4d56bdb82890f386d5a57c40ef985a0ed7f0a78f789377a2d0c3e8826819e0f7f16ba0fe906d9b2241c5f7ca56630ef0653f5bb99f03771f7b87ff8af4bf5fe3 + checksum: 47912f0aaacd1cab2e2552aaf3e6eaffbcaf2d5ac9b07a89a12ac0d42029cb92c070b0d16f825e4277c4a34677c54d8ffe85e1f7c6feb57de58f700eec67ce2f languageName: node linkType: hard @@ -390,31 +391,41 @@ __metadata: languageName: node linkType: hard -"@babel/traverse@npm:^7.17.3, @babel/traverse@npm:^7.17.9, @babel/traverse@npm:^7.7.2": - version: 7.17.9 - resolution: "@babel/traverse@npm:7.17.9" +"@babel/traverse@npm:^7.16.7, @babel/traverse@npm:^7.7.2": + version: 7.16.7 + resolution: "@babel/traverse@npm:7.16.7" dependencies: "@babel/code-frame": ^7.16.7 - "@babel/generator": ^7.17.9 + "@babel/generator": ^7.16.7 "@babel/helper-environment-visitor": ^7.16.7 - "@babel/helper-function-name": ^7.17.9 + "@babel/helper-function-name": ^7.16.7 "@babel/helper-hoist-variables": ^7.16.7 "@babel/helper-split-export-declaration": ^7.16.7 - "@babel/parser": ^7.17.9 - "@babel/types": ^7.17.0 + "@babel/parser": ^7.16.7 + "@babel/types": ^7.16.7 debug: ^4.1.0 globals: ^11.1.0 - checksum: d907c71d1617589cc0cddc9837cb27bcb9b8f2117c379e13e72653745abe01da24e8c072bd0c91b9db33323ddb1086722756fbc50b487b2608733baf9dd6fd2c + checksum: 65261f7a5bf257c10a9415b6c227fb555ace359ad786645d9cf22f0e3fc8dc8e38895269f3b93cc39eccd8ed992e7bacc358b4cb7d3496fe54f91cda49220834 + languageName: node + linkType: hard + +"@babel/types@npm:^7.0.0, @babel/types@npm:^7.16.7, @babel/types@npm:^7.3.0, @babel/types@npm:^7.3.3": + version: 7.16.7 + resolution: "@babel/types@npm:7.16.7" + dependencies: + "@babel/helper-validator-identifier": ^7.16.7 + to-fast-properties: ^2.0.0 + checksum: df9210723259df9faea8c7e5674a59e57ead82664aab9f54daae887db5a50a956f30f57ed77a2d6cbb89b908d520cf8d883267c4e9098e31bc74649f2f714654 languageName: node linkType: hard -"@babel/types@npm:^7.0.0, @babel/types@npm:^7.16.7, @babel/types@npm:^7.17.0, @babel/types@npm:^7.3.0, @babel/types@npm:^7.3.3, @babel/types@npm:^7.8.3": - version: 7.17.0 - resolution: "@babel/types@npm:7.17.0" +"@babel/types@npm:^7.8.3": + version: 7.17.10 + resolution: "@babel/types@npm:7.17.10" dependencies: "@babel/helper-validator-identifier": ^7.16.7 to-fast-properties: ^2.0.0 - checksum: 12e5a287986fe557188e87b2c5202223f1dc83d9239a196ab936fdb9f8c1eb0be717ff19f934b5fad4e29a75586d5798f74bed209bccea1c20376b9952056f0e + checksum: 40cfc3f43a3ab7374df8ee6844793f804c65e7bea0fd1b090886b425106ba26e16e8fa698ae4b2caf2746083fe3e62f03f12997a5982e0d131700f17cbdcfca1 languageName: node linkType: hard @@ -426,9 +437,9 @@ __metadata: linkType: hard "@changesets/types@npm:^4.0.1": - version: 4.1.0 - resolution: "@changesets/types@npm:4.1.0" - checksum: 72c1f58044178ca867dd9349ecc4b7c233ce3781bb03b5b72a70c3166fbbab54a2f2cb19a81f96b4649ba004442c8734569fba238be4dd737fb4624a135c6098 + version: 4.0.2 + resolution: "@changesets/types@npm:4.0.2" + checksum: 098ed02b44ac70dbe341ca3560acdd0ae46c54edb8a1134f743d5fa56bf983b5f4ea085b8c5187314c23ac51e51e1ca6c735aaaa3ee17d79f0395b23baf042a0 languageName: node linkType: hard @@ -567,9 +578,36 @@ __metadata: languageName: unknown linkType: soft +"@cloudgraph/policy-pack-gcp-nist-800-53-rev4@workspace:src/gcp/nist-800-53-rev4": + version: 0.0.0-use.local + resolution: "@cloudgraph/policy-pack-gcp-nist-800-53-rev4@workspace:src/gcp/nist-800-53-rev4" + dependencies: + "@autocloud/eslint-config": ^0.1.0 + "@cloudgraph/sdk": ^0.18.1 + "@types/jest": ^27.4.0 + "@types/node": ^15.12.4 + "@types/pino": ^6.3.11 + "@typescript-eslint/eslint-plugin": ^4.28.5 + "@typescript-eslint/parser": ^4.28.5 + cpx: ^1.5.0 + cuid: ^2.1.8 + eslint: ^7.25.0 + eslint-config-airbnb-base: 14.2.1 + eslint-config-prettier: ^6.11.0 + eslint-plugin-import: ^2.22.1 + eslint-plugin-prettier: ^3.4.0 + jest: ^27.0.6 + prettier: ^2.4.1 + shx: ^0.3.3 + ts-jest: ^27.0.4 + tslib: ^1 + typescript: ^4.3.5 + languageName: unknown + linkType: soft + "@cloudgraph/sdk@npm:^0.14.0": - version: 0.14.3 - resolution: "@cloudgraph/sdk@npm:0.14.3::__archiveUrl=https%3A%2F%2Fregistry.npmjs.org%2F%40cloudgraph%2Fsdk%2F-%2Fsdk-0.14.3.tgz" + version: 0.14.0 + resolution: "@cloudgraph/sdk@npm:0.14.0::__archiveUrl=https%3A%2F%2Fregistry.npmjs.org%2F%40cloudgraph%2Fsdk%2F-%2Fsdk-0.14.0.tgz" dependencies: "@graphql-tools/load-files": ^6.5.3 "@graphql-tools/merge": ^8.2.1 @@ -581,7 +619,7 @@ __metadata: lodash: ^4.17.21 node-jq: ^2.1.0 ora: ^5.4.1 - checksum: 2fad60e44410b82b2b2cd6b4de75bcb469819a0bd74774f5a521c5609f2318d7e408120b7ae4ff99e6208d452d30fb9b7bfdfd6b56abd48c87d2e58e581e5cc0 + checksum: d46f8e7542273edcf3514f6707e13e3082e26bb4255c4de7606427a1f70030974022f4632a27df7a49f33d6d3490d6d60e09b63db34cf4f824d0bcdc1359b787 languageName: node linkType: hard @@ -621,13 +659,6 @@ __metadata: languageName: node linkType: hard -"@colors/colors@npm:1.5.0": - version: 1.5.0 - resolution: "@colors/colors@npm:1.5.0" - checksum: d64d5260bed1d5012ae3fc617d38d1afc0329fec05342f4e6b838f46998855ba56e0a73833f4a80fa8378c84810da254f76a8a19c39d038260dc06dc4e007425 - languageName: node - linkType: hard - "@eslint/eslintrc@npm:^0.4.3": version: 0.4.3 resolution: "@eslint/eslintrc@npm:0.4.3" @@ -666,25 +697,25 @@ __metadata: linkType: hard "@graphql-tools/merge@npm:^8.2.1": - version: 8.2.10 - resolution: "@graphql-tools/merge@npm:8.2.10" + version: 8.2.1 + resolution: "@graphql-tools/merge@npm:8.2.1" dependencies: - "@graphql-tools/utils": 8.6.9 + "@graphql-tools/utils": ^8.5.1 tslib: ~2.3.0 peerDependencies: graphql: ^14.0.0 || ^15.0.0 || ^16.0.0 - checksum: 7059d9f68cfb9b7c04d6024f528e5638fab165e681b3307877a6bad0fc461686595d19375350875bb5f4f7572b21d10272a1e4b08a8af5b6a67950a4a950012b + checksum: b2c126fc697ad1cf0fb2c09d3766d791ba6243a318edfa24932b558628244f822b9454bd47cd98f5a7eee90caca264573695c582e10730b7a67785fea21c346c languageName: node linkType: hard -"@graphql-tools/utils@npm:8.6.9": - version: 8.6.9 - resolution: "@graphql-tools/utils@npm:8.6.9" +"@graphql-tools/utils@npm:^8.5.1": + version: 8.6.0 + resolution: "@graphql-tools/utils@npm:8.6.0" dependencies: tslib: ~2.3.0 peerDependencies: graphql: ^14.0.0 || ^15.0.0 || ^16.0.0 - checksum: 73b9569a9c2409f86a6a9005f19026cfab6d136bf884dfbff436996a47fb0561ae24d3f6bb2abcfd600197aab85d6dfc177b9a0cbaba23905ba0c7591ef12110 + checksum: ef6fef40d4568606059f77dc8839f18c75a4330096ec89a21f0965bd58c749d80087830551c618fd040fdbcdcb9be35c949b2d96c495a1f1dbfba943b124bc3b languageName: node linkType: hard @@ -749,48 +780,48 @@ __metadata: languageName: node linkType: hard -"@jest/console@npm:^27.5.1": - version: 27.5.1 - resolution: "@jest/console@npm:27.5.1" +"@jest/console@npm:^27.4.6": + version: 27.4.6 + resolution: "@jest/console@npm:27.4.6" dependencies: - "@jest/types": ^27.5.1 + "@jest/types": ^27.4.2 "@types/node": "*" chalk: ^4.0.0 - jest-message-util: ^27.5.1 - jest-util: ^27.5.1 + jest-message-util: ^27.4.6 + jest-util: ^27.4.2 slash: ^3.0.0 - checksum: 7cb20f06a34b09734c0342685ec53aa4c401fe3757c13a9c58fce76b971a322eb884f6de1068ef96f746e5398e067371b89515a07c268d4440a867c87748a706 + checksum: 603408498d2fd7fa6cfb85cc18a5823747c824be2f88be526ed4db83df65db7a9d3a93056eeaddd32ea1517d581b94862e532ccde081e0ecf9d82ac743ec6ac2 languageName: node linkType: hard -"@jest/core@npm:^27.5.1": - version: 27.5.1 - resolution: "@jest/core@npm:27.5.1" +"@jest/core@npm:^27.4.7": + version: 27.4.7 + resolution: "@jest/core@npm:27.4.7" dependencies: - "@jest/console": ^27.5.1 - "@jest/reporters": ^27.5.1 - "@jest/test-result": ^27.5.1 - "@jest/transform": ^27.5.1 - "@jest/types": ^27.5.1 + "@jest/console": ^27.4.6 + "@jest/reporters": ^27.4.6 + "@jest/test-result": ^27.4.6 + "@jest/transform": ^27.4.6 + "@jest/types": ^27.4.2 "@types/node": "*" ansi-escapes: ^4.2.1 chalk: ^4.0.0 emittery: ^0.8.1 exit: ^0.1.2 - graceful-fs: ^4.2.9 - jest-changed-files: ^27.5.1 - jest-config: ^27.5.1 - jest-haste-map: ^27.5.1 - jest-message-util: ^27.5.1 - jest-regex-util: ^27.5.1 - jest-resolve: ^27.5.1 - jest-resolve-dependencies: ^27.5.1 - jest-runner: ^27.5.1 - jest-runtime: ^27.5.1 - jest-snapshot: ^27.5.1 - jest-util: ^27.5.1 - jest-validate: ^27.5.1 - jest-watcher: ^27.5.1 + graceful-fs: ^4.2.4 + jest-changed-files: ^27.4.2 + jest-config: ^27.4.7 + jest-haste-map: ^27.4.6 + jest-message-util: ^27.4.6 + jest-regex-util: ^27.4.0 + jest-resolve: ^27.4.6 + jest-resolve-dependencies: ^27.4.6 + jest-runner: ^27.4.6 + jest-runtime: ^27.4.6 + jest-snapshot: ^27.4.6 + jest-util: ^27.4.2 + jest-validate: ^27.4.6 + jest-watcher: ^27.4.6 micromatch: ^4.0.4 rimraf: ^3.0.0 slash: ^3.0.0 @@ -800,71 +831,71 @@ __metadata: peerDependenciesMeta: node-notifier: optional: true - checksum: 904a94ad8f1b43cd6b48de3b0226659bff3696150ff8cf7680fc2faffdc8a115203bb9ab6e817c1f79f9d6a81f67953053cbc64d8a4604f2e0c42a04c28cf126 + checksum: 24ed123ef1819fa8c6069706760efac9904ee8824b22c346259be2017d820b5e578a4d444339448a576a0158e6fec91d18fdedb201bc97d7390b105d665f3642 languageName: node linkType: hard -"@jest/environment@npm:^27.5.1": - version: 27.5.1 - resolution: "@jest/environment@npm:27.5.1" +"@jest/environment@npm:^27.4.6": + version: 27.4.6 + resolution: "@jest/environment@npm:27.4.6" dependencies: - "@jest/fake-timers": ^27.5.1 - "@jest/types": ^27.5.1 + "@jest/fake-timers": ^27.4.6 + "@jest/types": ^27.4.2 "@types/node": "*" - jest-mock: ^27.5.1 - checksum: 2a9e18c35a015508dbec5b90b21c150230fa6c1c8cb8fabe029d46ee2ca4c40eb832fb636157da14c66590d0a4c8a2c053226b041f54a44507d6f6a89abefd66 + jest-mock: ^27.4.6 + checksum: c3aadcf6d42e55e35d8020f7cf5054c445775608e466fcfc37348359e54f2f79e0e39d029281836ae9082dc50eac81d1cf6b4fc3899adfb58afc68a7c72f8e3d languageName: node linkType: hard -"@jest/fake-timers@npm:^27.5.1": - version: 27.5.1 - resolution: "@jest/fake-timers@npm:27.5.1" +"@jest/fake-timers@npm:^27.4.6": + version: 27.4.6 + resolution: "@jest/fake-timers@npm:27.4.6" dependencies: - "@jest/types": ^27.5.1 + "@jest/types": ^27.4.2 "@sinonjs/fake-timers": ^8.0.1 "@types/node": "*" - jest-message-util: ^27.5.1 - jest-mock: ^27.5.1 - jest-util: ^27.5.1 - checksum: 02a0561ed2f4586093facd4ae500b74694f187ac24d4a00e949a39a1c5325bca8932b4fcb0388a2c5ed0656506fc1cf51fd3e32cdd48cea7497ad9c6e028aba8 + jest-message-util: ^27.4.6 + jest-mock: ^27.4.6 + jest-util: ^27.4.2 + checksum: 389f655d39f13fdd0448b554260cd41810cf824b99e9de057600869a708d34cfa74e7fdaba5fcd6e3295e7bfed08f1b3fc0735ca86f7c0b2281b25e534032876 languageName: node linkType: hard -"@jest/globals@npm:^27.5.1": - version: 27.5.1 - resolution: "@jest/globals@npm:27.5.1" +"@jest/globals@npm:^27.4.6": + version: 27.4.6 + resolution: "@jest/globals@npm:27.4.6" dependencies: - "@jest/environment": ^27.5.1 - "@jest/types": ^27.5.1 - expect: ^27.5.1 - checksum: 087f97047e9dcf555f76fe2ce54aee681e005eaa837a0c0c2d251df6b6412c892c9df54cb871b180342114389a5ff895a4e52e6e6d3d0015bf83c02a54f64c3c + "@jest/environment": ^27.4.6 + "@jest/types": ^27.4.2 + expect: ^27.4.6 + checksum: a438645771f45557b3af6e371e65c88e109d7433d3d4ee5db908177f29be6d6d12b4cfe9279ae6475bc033b5ff2a97235659a75f2718855041dd3ed805ed2edd languageName: node linkType: hard -"@jest/reporters@npm:^27.5.1": - version: 27.5.1 - resolution: "@jest/reporters@npm:27.5.1" +"@jest/reporters@npm:^27.4.6": + version: 27.4.6 + resolution: "@jest/reporters@npm:27.4.6" dependencies: "@bcoe/v8-coverage": ^0.2.3 - "@jest/console": ^27.5.1 - "@jest/test-result": ^27.5.1 - "@jest/transform": ^27.5.1 - "@jest/types": ^27.5.1 + "@jest/console": ^27.4.6 + "@jest/test-result": ^27.4.6 + "@jest/transform": ^27.4.6 + "@jest/types": ^27.4.2 "@types/node": "*" chalk: ^4.0.0 collect-v8-coverage: ^1.0.0 exit: ^0.1.2 glob: ^7.1.2 - graceful-fs: ^4.2.9 + graceful-fs: ^4.2.4 istanbul-lib-coverage: ^3.0.0 istanbul-lib-instrument: ^5.1.0 istanbul-lib-report: ^3.0.0 istanbul-lib-source-maps: ^4.0.0 istanbul-reports: ^3.1.3 - jest-haste-map: ^27.5.1 - jest-resolve: ^27.5.1 - jest-util: ^27.5.1 - jest-worker: ^27.5.1 + jest-haste-map: ^27.4.6 + jest-resolve: ^27.4.6 + jest-util: ^27.4.2 + jest-worker: ^27.4.6 slash: ^3.0.0 source-map: ^0.6.0 string-length: ^4.0.1 @@ -875,102 +906,78 @@ __metadata: peerDependenciesMeta: node-notifier: optional: true - checksum: faba5eafb86e62b62e152cafc8812d56308f9d1e8b77f3a7dcae4a8803a20a60a0909cc43ed73363ef649bf558e4fb181c7a336d144c89f7998279d1882bb69e + checksum: 4c14b2cf6c9b624977f9ad519e9ce2f5ead4a3c9a3fa0b9c68097b7bc78b598ceb5402566417d81e16489dbd6bb6e97e58f04c22099013897dd6010c0549b169 languageName: node linkType: hard -"@jest/source-map@npm:^27.5.1": - version: 27.5.1 - resolution: "@jest/source-map@npm:27.5.1" +"@jest/source-map@npm:^27.4.0": + version: 27.4.0 + resolution: "@jest/source-map@npm:27.4.0" dependencies: callsites: ^3.0.0 - graceful-fs: ^4.2.9 + graceful-fs: ^4.2.4 source-map: ^0.6.0 - checksum: 4fb1e743b602841babf7e22bd84eca34676cb05d4eb3b604cae57fc59e406099f5ac759ac1a0d04d901237d143f0f4f234417306e823bde732a1d19982230862 + checksum: cf87ac3dd1c2d210b0637060710d64417bcd88d670cbb26af7367ded99fd7d64d431c1718054351f0236c14659bc17a8deff6ee3d9f52902299911231bbaf0c8 languageName: node linkType: hard -"@jest/test-result@npm:^27.5.1": - version: 27.5.1 - resolution: "@jest/test-result@npm:27.5.1" +"@jest/test-result@npm:^27.4.6": + version: 27.4.6 + resolution: "@jest/test-result@npm:27.4.6" dependencies: - "@jest/console": ^27.5.1 - "@jest/types": ^27.5.1 + "@jest/console": ^27.4.6 + "@jest/types": ^27.4.2 "@types/istanbul-lib-coverage": ^2.0.0 collect-v8-coverage: ^1.0.0 - checksum: 338f7c509d6a3bc6d7dd7388c8f6f548b87638e171dc1fddfedcacb4e8950583288832223ba688058cbcf874b937d22bdc0fa88f79f5fc666f77957e465c06a5 + checksum: ddfc5783f2025ba979df395ddead7f76aac91df9a8a4ab15d5b1210a58e523932bb9ea9e1e97229c09cab81fdb2611292fdc8e56e2c5b44ed452ac11db7f79f0 languageName: node linkType: hard -"@jest/test-sequencer@npm:^27.5.1": - version: 27.5.1 - resolution: "@jest/test-sequencer@npm:27.5.1" +"@jest/test-sequencer@npm:^27.4.6": + version: 27.4.6 + resolution: "@jest/test-sequencer@npm:27.4.6" dependencies: - "@jest/test-result": ^27.5.1 - graceful-fs: ^4.2.9 - jest-haste-map: ^27.5.1 - jest-runtime: ^27.5.1 - checksum: f21f9c8bb746847f7f89accfd29d6046eec1446f0b54e4694444feaa4df379791f76ef0f5a4360aafcbc73b50bc979f68b8a7620de404019d3de166be6720cb0 + "@jest/test-result": ^27.4.6 + graceful-fs: ^4.2.4 + jest-haste-map: ^27.4.6 + jest-runtime: ^27.4.6 + checksum: 8d761fd81f5cf4845a09844a8a16717fc148137f364916165ce5e1ebfc5dfd89160d4b98e7e947c97f8707500050863606d0becb8c388997efcc31cafa6f5e31 languageName: node linkType: hard -"@jest/transform@npm:^27.5.1": - version: 27.5.1 - resolution: "@jest/transform@npm:27.5.1" +"@jest/transform@npm:^27.4.6": + version: 27.4.6 + resolution: "@jest/transform@npm:27.4.6" dependencies: "@babel/core": ^7.1.0 - "@jest/types": ^27.5.1 + "@jest/types": ^27.4.2 babel-plugin-istanbul: ^6.1.1 chalk: ^4.0.0 convert-source-map: ^1.4.0 fast-json-stable-stringify: ^2.0.0 - graceful-fs: ^4.2.9 - jest-haste-map: ^27.5.1 - jest-regex-util: ^27.5.1 - jest-util: ^27.5.1 + graceful-fs: ^4.2.4 + jest-haste-map: ^27.4.6 + jest-regex-util: ^27.4.0 + jest-util: ^27.4.2 micromatch: ^4.0.4 pirates: ^4.0.4 slash: ^3.0.0 source-map: ^0.6.1 write-file-atomic: ^3.0.0 - checksum: a22079121aedea0f20a03a9c026be971f7b92adbfb4d5fd1fb67be315741deac4f056936d7c72a53b24aa5a1071bc942c003925fd453bf3f6a0ae5da6384e137 + checksum: b2500fc5a7e7cad34547acdb8930797f021cda6b811ed0626564999bfd9ca856f52cc3a9b2ced5d037f3bd06a49b8b30cb7c10259318dc67bd11a564854d2ca6 languageName: node linkType: hard -"@jest/types@npm:^27.5.1": - version: 27.5.1 - resolution: "@jest/types@npm:27.5.1" +"@jest/types@npm:^27.4.2": + version: 27.4.2 + resolution: "@jest/types@npm:27.4.2" dependencies: "@types/istanbul-lib-coverage": ^2.0.0 "@types/istanbul-reports": ^3.0.0 "@types/node": "*" "@types/yargs": ^16.0.0 chalk: ^4.0.0 - checksum: d1f43cc946d87543ddd79d49547aab2399481d34025d5c5f2025d3d99c573e1d9832fa83cef25e9d9b07a8583500229d15bbb07b8e233d127d911d133e2f14b1 - languageName: node - linkType: hard - -"@jridgewell/resolve-uri@npm:^3.0.3": - version: 3.0.6 - resolution: "@jridgewell/resolve-uri@npm:3.0.6" - checksum: e57cc08d2aaea6bd55e77e7a124beb2fcca87be28c0db6c2d69b7cb2cb4e14109bbef1d57ae6250bf5f4a4ad950f094ed99c8925adaf82336b66dab0ad6906e6 - languageName: node - linkType: hard - -"@jridgewell/sourcemap-codec@npm:^1.4.10": - version: 1.4.11 - resolution: "@jridgewell/sourcemap-codec@npm:1.4.11" - checksum: 3b2afaf8400fb07a36db60e901fcce6a746cdec587310ee9035939d89878e57b2dec8173b0b8f63176f647efa352294049a53c49739098eb907ff81fec2547c8 - languageName: node - linkType: hard - -"@jridgewell/trace-mapping@npm:^0.3.0": - version: 0.3.9 - resolution: "@jridgewell/trace-mapping@npm:0.3.9" - dependencies: - "@jridgewell/resolve-uri": ^3.0.3 - "@jridgewell/sourcemap-codec": ^1.4.10 - checksum: d89597752fd88d3f3480845691a05a44bd21faac18e2185b6f436c3b0fd0c5a859fbbd9aaa92050c4052caf325ad3e10e2e1d1b64327517471b7d51babc0ddef + checksum: 1191022023e32763063cc1c8b1143fa316fb05db2f9698280a7bdbafcabd989e5fd64f8eb875b8a2e54c53f25dba45ed2eea8ced394d9e484da0fda674cd17a5 languageName: node linkType: hard @@ -1027,7 +1034,7 @@ __metadata: languageName: node linkType: hard -"@npmcli/arborist@npm:^5.0.0, @npmcli/arborist@npm:^5.0.4": +"@npmcli/arborist@npm:^5.0.0, @npmcli/arborist@npm:^5.0.3": version: 5.1.1 resolution: "@npmcli/arborist@npm:5.1.1" dependencies: @@ -1078,7 +1085,7 @@ __metadata: languageName: node linkType: hard -"@npmcli/config@npm:^4.1.0": +"@npmcli/config@npm:^4.0.1": version: 4.1.0 resolution: "@npmcli/config@npm:4.1.0" dependencies: @@ -1190,6 +1197,15 @@ __metadata: languageName: node linkType: hard +"@npmcli/package-json@npm:^1.0.1": + version: 1.0.1 + resolution: "@npmcli/package-json@npm:1.0.1" + dependencies: + json-parse-even-better-errors: ^2.3.1 + checksum: 08b66c8ddb1d6b678975a83006d2fe5070b3013bcb68ea9d54c0142538a614596ddfd1143183fbb8f82c5cecf477d98f3c4e473ef34df3bbf3814e97e37e18d3 + languageName: node + linkType: hard + "@npmcli/package-json@npm:^2.0.0": version: 2.0.0 resolution: "@npmcli/package-json@npm:2.0.0" @@ -1230,17 +1246,17 @@ __metadata: linkType: hard "@octokit/core@npm:^3.5.1": - version: 3.6.0 - resolution: "@octokit/core@npm:3.6.0" + version: 3.5.1 + resolution: "@octokit/core@npm:3.5.1" dependencies: "@octokit/auth-token": ^2.4.4 "@octokit/graphql": ^4.5.8 - "@octokit/request": ^5.6.3 + "@octokit/request": ^5.6.0 "@octokit/request-error": ^2.0.5 "@octokit/types": ^6.0.3 before-after-hook: ^2.2.0 universal-user-agent: ^6.0.0 - checksum: f81160129037bd8555d47db60cd5381637b7e3602ad70735a7bdf8f3d250c7b7114a666bb12ef7a8746a326a5d72ed30a1b8f8a5a170007f7285c8e217bef1f0 + checksum: 67179739fc9712b201f2400f132287a2c56a18506e00900bc9d2a3f742b74f1ba69ad998e42f28f3964c0bd1d5478232c1ec7b485c97702b821fbe22b76afa90 languageName: node linkType: hard @@ -1316,17 +1332,17 @@ __metadata: languageName: node linkType: hard -"@octokit/request@npm:^5.6.0, @octokit/request@npm:^5.6.3": - version: 5.6.3 - resolution: "@octokit/request@npm:5.6.3" +"@octokit/request@npm:^5.6.0": + version: 5.6.2 + resolution: "@octokit/request@npm:5.6.2" dependencies: "@octokit/endpoint": ^6.0.1 "@octokit/request-error": ^2.1.0 "@octokit/types": ^6.16.1 is-plain-object: ^5.0.0 - node-fetch: ^2.6.7 + node-fetch: ^2.6.1 universal-user-agent: ^6.0.0 - checksum: c0b4542eb4baaf880d673c758d3e0b5c4a625a4ae30abf40df5548b35f1ff540edaac74625192b1aff42a79ac661e774da4ab7d5505f1cb4ef81239b1e8510c5 + checksum: 51ef3ad244b3d89ffd6d997fa0ed3e13a7a93b4c868ce5c53b0fcc93a654965135528e62d0720ebfeb7dfd586448a4a45d08fd75ba2e170cfa19d37834e49f1f languageName: node linkType: hard @@ -1514,9 +1530,9 @@ __metadata: linkType: hard "@semrel-extra/npm@npm:^1.2.0": - version: 1.2.2 - resolution: "@semrel-extra/npm@npm:1.2.2" - checksum: 39fd8c6af5f70fffb2584a02c71d326d0b2a2e2caf4d779c1d6b23df40625baf15b8701b893844e9545cfa689b26ef161033cd822c9a7b6bf890b3dc34d5a7b7 + version: 1.2.0 + resolution: "@semrel-extra/npm@npm:1.2.0" + checksum: ce899b2976323833695c1adba88bcc0698042a6234e0ce0742a081db23bc444215d6703d949c975beb796dad9112762b0c65d289aa6f7e0a872301fda0a9d4dd languageName: node linkType: hard @@ -1533,11 +1549,11 @@ __metadata: linkType: hard "@sideway/address@npm:^4.1.3": - version: 4.1.4 - resolution: "@sideway/address@npm:4.1.4" + version: 4.1.3 + resolution: "@sideway/address@npm:4.1.3" dependencies: "@hapi/hoek": ^9.0.0 - checksum: b9fca2a93ac2c975ba12e0a6d97853832fb1f4fb02393015e012b47fa916a75ca95102d77214b2a29a2784740df2407951af8c5dde054824c65577fd293c4cdb + checksum: 3c1faf6ef37a0b59b62ce42b59c012c00ef1fc4194ad6776c65c2f9a6dd6c1710c6f6362b3ca3fa582fdb93984f0cb64ca44f9f5e02940634805f5e561279c22 languageName: node linkType: hard @@ -1595,15 +1611,15 @@ __metadata: linkType: hard "@types/babel__core@npm:^7.0.0, @types/babel__core@npm:^7.1.14": - version: 7.1.19 - resolution: "@types/babel__core@npm:7.1.19" + version: 7.1.18 + resolution: "@types/babel__core@npm:7.1.18" dependencies: "@babel/parser": ^7.1.0 "@babel/types": ^7.0.0 "@types/babel__generator": "*" "@types/babel__template": "*" "@types/babel__traverse": "*" - checksum: 8c9fa87a1c2224cbec251683a58bebb0d74c497118034166aaa0491a4e2627998a6621fc71f8a60ffd27d9c0c52097defedf7637adc6618d0331c15adb302338 + checksum: 2e5b5d7c84f347d3789575486e58b0df5c91613abc3d27e716274aba3048518e07e1f068250ba829e2ed58532ccc88da595ce95ba2688e7bbcd7c25a3c6627ed languageName: node linkType: hard @@ -1627,11 +1643,11 @@ __metadata: linkType: hard "@types/babel__traverse@npm:*, @types/babel__traverse@npm:^7.0.4, @types/babel__traverse@npm:^7.0.6": - version: 7.17.0 - resolution: "@types/babel__traverse@npm:7.17.0" + version: 7.14.2 + resolution: "@types/babel__traverse@npm:7.14.2" dependencies: "@babel/types": ^7.3.0 - checksum: b9a4acfc260179168d840c7f17e6b8b3ab4e7ebbce47b3308dd748683136518ab8636e2dcbf8d619fece0db7e561e08def9ede29269b7210a761763a26ece66a + checksum: a797ea09c72307569e3ee08aa3900ca744ce3091114084f2dc59b67a45ee7d01df7865252790dbfa787a7915ce892cdc820c9b920f3683292765fc656b08dc63 languageName: node linkType: hard @@ -1670,19 +1686,19 @@ __metadata: linkType: hard "@types/jest@npm:^27.0.3, @types/jest@npm:^27.4.0": - version: 27.4.1 - resolution: "@types/jest@npm:27.4.1" + version: 27.4.0 + resolution: "@types/jest@npm:27.4.0" dependencies: - jest-matcher-utils: ^27.0.0 + jest-diff: ^27.0.0 pretty-format: ^27.0.0 - checksum: 5184f3eef4832d01ee8f59bed15eec45ccc8e29c724a5e6ce37bf74396b37bdf04f557000f45ba4fc38ae6075cf9cfcce3d7a75abc981023c61ceb27230a93e4 + checksum: d2350267f954f9a2e4a15e5f02fbf19a77abfb9fd9e57a954de1fb0e9a0d3d5f8d3646ac7d9c42aeb4b4d828d2e70624ec149c85bb50a48634a54eed8429e1f8 languageName: node linkType: hard "@types/json-schema@npm:^7.0.7": - version: 7.0.11 - resolution: "@types/json-schema@npm:7.0.11" - checksum: 527bddfe62db9012fccd7627794bd4c71beb77601861055d87e3ee464f2217c85fca7a4b56ae677478367bbd248dbde13553312b7d4dbc702a2f2bbf60c4018d + version: 7.0.9 + resolution: "@types/json-schema@npm:7.0.9" + checksum: 259d0e25f11a21ba5c708f7ea47196bd396e379fddb79c76f9f4f62c945879dc21657904914313ec2754e443c5018ea8372362f323f30e0792897fdb2098a705 languageName: node linkType: hard @@ -1709,24 +1725,17 @@ __metadata: languageName: node linkType: hard -"@types/node@npm:*, @types/node@npm:^12.7.1": - version: 12.20.49 - resolution: "@types/node@npm:12.20.49" - checksum: 08d77520d1bb35a4adee97e753134f9671fada882717b4f0511de37259b379cdd6982fdef89104316c191fee758e4f50922b0136f114159a22ef9e3bcac32fda - languageName: node - linkType: hard - -"@types/node@npm:^15.12.4": - version: 15.14.9 - resolution: "@types/node@npm:15.14.9" - checksum: 49f7f0522a3af4b8389aee660e88426490cd54b86356672a1fedb49919a8797c00d090ec2dcc4a5df34edc2099d57fc2203d796c4e7fbd382f2022ccd789eee7 +"@types/node@npm:*, @types/node@npm:^12.7.1, @types/node@npm:^15.12.4": + version: 12.20.41 + resolution: "@types/node@npm:12.20.41" + checksum: ff90d10f9831e86abf1f17581a70a81e5b6c3be97ec0b02972e6c3201fd19a40f6b230d4346ef7aaf023f24fef07a2131aeb68773ef3b14c3a17da8fbe05e439 languageName: node linkType: hard "@types/node@npm:^17.0.8": - version: 17.0.27 - resolution: "@types/node@npm:17.0.27" - checksum: 6645ca813c24dcb9893729ed6f87a9e415d6df03cb3e1ececa3a03ca845d3324c3808b4dc79c08a4b3c7d1ccd515e6d7e004db9c9123c9333e963675238e39fc + version: 17.0.8 + resolution: "@types/node@npm:17.0.8" + checksum: f4cadeb9e602027520abc88c77142697e33cf6ac98bb02f8b595a398603cbd33df1f94d01c055c9f13cde0c8eaafc5e396ca72645458d42b4318b845bc7f1d0f languageName: node linkType: hard @@ -1745,12 +1754,12 @@ __metadata: linkType: hard "@types/pino-pretty@npm:*": - version: 4.7.5 - resolution: "@types/pino-pretty@npm:4.7.5" + version: 4.7.4 + resolution: "@types/pino-pretty@npm:4.7.4" dependencies: "@types/node": "*" "@types/pino": 6.3 - checksum: 80b3e80d1d9b52f015382bbd544206228d0c35eed1a0e1443245568eee01191b5fe916e7821de2922846f267e5d0693f4796562d3bcf24266156d1abc9e2e673 + checksum: 1fc6e73de3ffc23eacb69070212e4dd838dd3a353326072aaf68bf5a4418f919c535cc4719a0c51ec6832f298f1d8da9d97376c748166c61369b77ffde858aec languageName: node linkType: hard @@ -1776,9 +1785,9 @@ __metadata: linkType: hard "@types/prettier@npm:^2.1.5": - version: 2.6.0 - resolution: "@types/prettier@npm:2.6.0" - checksum: 946f1f82ce6f31664e023a5d65931c31b7d677b454f528f67dce851d72e7fcfe713076f4251b16c3646eecf1545f5f5b909b4962966341ed9ddf5b80113b3674 + version: 2.4.2 + resolution: "@types/prettier@npm:2.4.2" + checksum: 76e230b2d11028af11fe12e09b2d5b10b03738e9abf819ae6ebb0f78cac13d39f860755ce05ac3855b608222518d956628f5d00322dc206cc6d1f2d8d1519f1e languageName: node linkType: hard @@ -1813,9 +1822,9 @@ __metadata: linkType: hard "@types/yargs-parser@npm:*": - version: 21.0.0 - resolution: "@types/yargs-parser@npm:21.0.0" - checksum: b2f4c8d12ac18a567440379909127cf2cec393daffb73f246d0a25df36ea983b93b7e9e824251f959e9f928cbc7c1aab6728d0a0ff15d6145f66cec2be67d9a2 + version: 20.2.1 + resolution: "@types/yargs-parser@npm:20.2.1" + checksum: 1d039e64494a7a61ddd278349a3dc60b19f99ff0517425696e796f794e4252452b9d62178e69755ad03f439f9dc0c8c3d7b3a1201b3a24e134bac1a09fa11eaa languageName: node linkType: hard @@ -1941,9 +1950,9 @@ __metadata: linkType: hard "abab@npm:^2.0.3, abab@npm:^2.0.5": - version: 2.0.6 - resolution: "abab@npm:2.0.6" - checksum: 6ffc1af4ff315066c62600123990d87551ceb0aafa01e6539da77b0f5987ac7019466780bf480f1787576d4385e3690c81ccc37cfda12819bf510b8ab47e5a3e + version: 2.0.5 + resolution: "abab@npm:2.0.5" + checksum: 0ec951b46d5418c2c2f923021ec193eaebdb4e802ffd5506286781b454be722a13a8430f98085cd3e204918401d9130ec6cc8f5ae19be315b3a0e857d83196e1 languageName: node linkType: hard @@ -1990,11 +1999,11 @@ __metadata: linkType: hard "acorn@npm:^8.2.4": - version: 8.7.1 - resolution: "acorn@npm:8.7.1" + version: 8.7.0 + resolution: "acorn@npm:8.7.0" bin: acorn: bin/acorn - checksum: aca0aabf98826717920ac2583fdcad0a6fbe4e583fdb6e843af2594e907455aeafe30b1e14f1757cd83ce1776773cf8296ffc3a4acf13f0bd3dfebcf1db6ae80 + checksum: e0f79409d68923fbf1aa6d4166f3eedc47955320d25c89a20cc822e6ba7c48c5963d5bc657bc242d68f7a4ac9faf96eef033e8f73656da6c640d4219935fdfd0 languageName: node linkType: hard @@ -2041,14 +2050,14 @@ __metadata: linkType: hard "ajv@npm:^8.0.1": - version: 8.11.0 - resolution: "ajv@npm:8.11.0" + version: 8.8.2 + resolution: "ajv@npm:8.8.2" dependencies: fast-deep-equal: ^3.1.1 json-schema-traverse: ^1.0.0 require-from-string: ^2.0.2 uri-js: ^4.2.2 - checksum: 5e0ff226806763be73e93dd7805b634f6f5921e3e90ca04acdf8db81eed9d8d3f0d4c5f1213047f45ebbf8047ffe0c840fa1ef2ec42c3a644899f69aa72b5bef + checksum: 90849ef03c4f4f7051d15f655120137b89e3205537d683beebd39d95f40c0ca00ea8476cd999602d2f433863e7e4bf1b81d1869d1e07f4dcf56d71b6430a605c languageName: node linkType: hard @@ -2107,6 +2116,13 @@ __metadata: languageName: node linkType: hard +"ansistyles@npm:~0.1.3": + version: 0.1.3 + resolution: "ansistyles@npm:0.1.3" + checksum: 0072507f97e46cc3cb71439f1c0935ceec5c8bca812ebb5034b9f8f6a9ee7d65cdc150c375b8d56643fc8305a08542f6df3a1cd6c80e32eba0b27c4e72da4efd + languageName: node + linkType: hard + "anymatch@npm:^1.3.0": version: 1.3.2 resolution: "anymatch@npm:1.3.2" @@ -2248,14 +2264,13 @@ __metadata: linkType: hard "array.prototype.flat@npm:^1.2.5": - version: 1.3.0 - resolution: "array.prototype.flat@npm:1.3.0" + version: 1.2.5 + resolution: "array.prototype.flat@npm:1.2.5" dependencies: call-bind: ^1.0.2 define-properties: ^1.1.3 - es-abstract: ^1.19.2 - es-shim-unscopables: ^1.0.0 - checksum: 2a652b3e8dc0bebb6117e42a5ab5738af0203a14c27341d7bb2431467bdb4b348e2c5dc555dfcda8af0a5e4075c400b85311ded73861c87290a71a17c3e0a257 + es-abstract: ^1.19.0 + checksum: 9cc6414b111abfc7717e39546e4887b1e5ec74df8f1618d83425deaa95752bf05d475d1d241253b4d88d4a01f8e1bc84845ad5b7cc2047f8db2f614512acd40e languageName: node linkType: hard @@ -2324,21 +2339,21 @@ __metadata: languageName: node linkType: hard -"babel-jest@npm:^27.5.1": - version: 27.5.1 - resolution: "babel-jest@npm:27.5.1" +"babel-jest@npm:^27.4.6": + version: 27.4.6 + resolution: "babel-jest@npm:27.4.6" dependencies: - "@jest/transform": ^27.5.1 - "@jest/types": ^27.5.1 + "@jest/transform": ^27.4.6 + "@jest/types": ^27.4.2 "@types/babel__core": ^7.1.14 babel-plugin-istanbul: ^6.1.1 - babel-preset-jest: ^27.5.1 + babel-preset-jest: ^27.4.0 chalk: ^4.0.0 - graceful-fs: ^4.2.9 + graceful-fs: ^4.2.4 slash: ^3.0.0 peerDependencies: "@babel/core": ^7.8.0 - checksum: 4e93e6e9fb996cc5f1505e924eb8e8cc7b25c294ba9629762a2715390f48af6a4c14dbb84cd9730013ac0e03267a5a9aa2fb6318c544489cda7f50f4e506def4 + checksum: fc839d5e8788170e68c8cbde9466fdf1c4fc740a947ba0728e1933ade7ad6fe744c9276d86207f093b64e9cf72a1fdd756fbc44c21034282f01832338e7a8a80 languageName: node linkType: hard @@ -2355,15 +2370,15 @@ __metadata: languageName: node linkType: hard -"babel-plugin-jest-hoist@npm:^27.5.1": - version: 27.5.1 - resolution: "babel-plugin-jest-hoist@npm:27.5.1" +"babel-plugin-jest-hoist@npm:^27.4.0": + version: 27.4.0 + resolution: "babel-plugin-jest-hoist@npm:27.4.0" dependencies: "@babel/template": ^7.3.3 "@babel/types": ^7.3.3 "@types/babel__core": ^7.0.0 "@types/babel__traverse": ^7.0.6 - checksum: 709c17727aa8fd3be755d256fb514bf945a5c2ea6017f037d80280fc44ae5fe7dfeebf63d8412df53796455c2c216119d628d8cc90b099434fd819005943d058 + checksum: 48f216f286f2fb3b1d571b4ba4ccffdb0c11a2fb1117e4c355b26c8cef09603abd96a5c1f8442866830a7da5accdd9ae4805f3e977b606a596b4a259f2ff5a67 languageName: node linkType: hard @@ -2389,15 +2404,15 @@ __metadata: languageName: node linkType: hard -"babel-preset-jest@npm:^27.5.1": - version: 27.5.1 - resolution: "babel-preset-jest@npm:27.5.1" +"babel-preset-jest@npm:^27.4.0": + version: 27.4.0 + resolution: "babel-preset-jest@npm:27.4.0" dependencies: - babel-plugin-jest-hoist: ^27.5.1 + babel-plugin-jest-hoist: ^27.4.0 babel-preset-current-node-syntax: ^1.0.0 peerDependencies: "@babel/core": ^7.0.0 - checksum: 251bcea11c18fd9672fec104eadb45b43f117ceeb326fa7345ced778d4c1feab29343cd7a87a1dcfae4997d6c851a8b386d7f7213792da6e23b74f4443a8976d + checksum: 744449cc63283116e8268c088a714d9c26d93af8d6051523b900517b665e0122239fc6a326de206657d423f4cccfaf2437ef099fcdfbfd91c4cdde6b1c55c11f languageName: node linkType: hard @@ -2580,7 +2595,7 @@ __metadata: languageName: node linkType: hard -"braces@npm:^3.0.2": +"braces@npm:^3.0.1": version: 3.0.2 resolution: "braces@npm:3.0.2" dependencies: @@ -2597,17 +2612,17 @@ __metadata: linkType: hard "browserslist@npm:^4.17.5": - version: 4.20.3 - resolution: "browserslist@npm:4.20.3" + version: 4.19.1 + resolution: "browserslist@npm:4.19.1" dependencies: - caniuse-lite: ^1.0.30001332 - electron-to-chromium: ^1.4.118 + caniuse-lite: ^1.0.30001286 + electron-to-chromium: ^1.4.17 escalade: ^3.1.1 - node-releases: ^2.0.3 + node-releases: ^2.0.1 picocolors: ^1.0.0 bin: browserslist: cli.js - checksum: 1e4b719ac2ca0fe235218a606e8b8ef16b8809e0973b924158c39fbc435a0b0fe43437ea52dd6ef5ad2efcb83fcb07431244e472270177814217f7c563651f7d + checksum: c0777fd483691638fd6801e16c9d809e1d65f6d2b06db2e806654be51045cbab1452a89841a2c5caea2cbe19d621b4f1d391cffbb24512aa33280039ab345875 languageName: node linkType: hard @@ -2677,6 +2692,13 @@ __metadata: languageName: node linkType: hard +"builtins@npm:^1.0.3": + version: 1.0.3 + resolution: "builtins@npm:1.0.3" + checksum: 47ce94f7eee0e644969da1f1a28e5f29bd2e48b25b2bbb61164c345881086e29464ccb1fb88dbc155ea26e8b1f5fc8a923b26c8c1ed0935b67b644d410674513 + languageName: node + linkType: hard + "builtins@npm:^5.0.0": version: 5.0.1 resolution: "builtins@npm:5.0.1" @@ -2686,9 +2708,9 @@ __metadata: languageName: node linkType: hard -"cacache@npm:^16.0.0, cacache@npm:^16.0.2, cacache@npm:^16.0.4, cacache@npm:^16.0.6": - version: 16.0.6 - resolution: "cacache@npm:16.0.6" +"cacache@npm:^16.0.0, cacache@npm:^16.0.2, cacache@npm:^16.0.6": + version: 16.0.7 + resolution: "cacache@npm:16.0.7" dependencies: "@npmcli/fs": ^2.1.0 "@npmcli/move-file": ^2.0.0 @@ -2708,7 +2730,7 @@ __metadata: ssri: ^9.0.0 tar: ^6.1.11 unique-filename: ^1.1.1 - checksum: c9813d4aa0452ecfdb7f796d931d0b8068fc921a3575fb858c26ab12ed41634a995135dbd56afd64ec4de141bd78c7021ce5aeabce83453c7342d3ed126815df + checksum: 2155b099b7e0f0369fb1155ca4673532ca7efe2ebdbec63acca8743580b8446b5d4fd7184626b1cb059001af77b981cdc67035c7855544d365d4f048eafca2ca languageName: node linkType: hard @@ -2798,10 +2820,10 @@ __metadata: languageName: node linkType: hard -"caniuse-lite@npm:^1.0.30001332": - version: 1.0.30001332 - resolution: "caniuse-lite@npm:1.0.30001332" - checksum: e54182ea42ab3d2ff1440f9a6480292f7ab23c00c188df7ad65586312e4da567e8bedd5cb5fb8f0ff4193dc027a54e17e0b3c0b6db5d5a3fb61c7726ff9c45b3 +"caniuse-lite@npm:^1.0.30001286": + version: 1.0.30001297 + resolution: "caniuse-lite@npm:1.0.30001297" + checksum: 4f0d298cf32c050aa1d8a7bb33ef6ff5f289e6dd6dad48b364bc2db91e03b5f0089ffa9950d6228dbd43446695cecd1990601b432a8d03c1d5b2e945cb67bade languageName: node linkType: hard @@ -2949,15 +2971,15 @@ __metadata: linkType: hard "cli-table3@npm:^0.6.1": - version: 0.6.2 - resolution: "cli-table3@npm:0.6.2" + version: 0.6.1 + resolution: "cli-table3@npm:0.6.1" dependencies: - "@colors/colors": 1.5.0 + colors: 1.4.0 string-width: ^4.2.0 dependenciesMeta: - "@colors/colors": + colors: optional: true - checksum: 2f82391698b8a2a2a5e45d2adcfea5d93e557207f90455a8d4c1aac688e9b18a204d9eb4ba1d322fa123b17d64ea3dc5e11de8b005529f3c3e7dbeb27cb4d9be + checksum: 956e175f8eb019c26465b9f1e51121c08d8978e2aab04be7f8520ea8a4e67906fcbd8516dfb77e386ae3730ef0281aa21a65613dffbfa3d62969263252bd25a9 languageName: node linkType: hard @@ -3053,6 +3075,13 @@ __metadata: languageName: node linkType: hard +"colors@npm:1.4.0": + version: 1.4.0 + resolution: "colors@npm:1.4.0" + checksum: 98aa2c2418ad87dedf25d781be69dc5fc5908e279d9d30c34d8b702e586a0474605b3a189511482b9d5ed0d20c867515d22749537f7bc546256c6014f3ebdcec + languageName: node + linkType: hard + "columnify@npm:^1.6.0": version: 1.6.0 resolution: "columnify@npm:1.6.0" @@ -3222,9 +3251,9 @@ __metadata: linkType: hard "core-util-is@npm:~1.0.0": - version: 1.0.3 - resolution: "core-util-is@npm:1.0.3" - checksum: 9de8597363a8e9b9952491ebe18167e3b36e7707569eed0ebf14f8bba773611376466ae34575bca8cfe3c767890c859c74056084738f09d4e4a6f902b2ad7d99 + version: 1.0.2 + resolution: "core-util-is@npm:1.0.2" + checksum: 7a4c925b497a2c91421e25bf76d6d8190f0b2359a9200dbeed136e63b2931d6294d3b1893eda378883ed363cd950f44a12a401384c609839ea616befb7927dab languageName: node linkType: hard @@ -3540,12 +3569,11 @@ __metadata: linkType: hard "define-properties@npm:^1.1.3": - version: 1.1.4 - resolution: "define-properties@npm:1.1.4" + version: 1.1.3 + resolution: "define-properties@npm:1.1.3" dependencies: - has-property-descriptors: ^1.0.0 - object-keys: ^1.1.1 - checksum: ce0aef3f9eb193562b5cfb79b2d2c86b6a109dfc9fdcb5f45d680631a1a908c06824ddcdb72b7573b54e26ace07f0a23420aaba0d5c627b34d2c1de8ef527e2b + object-keys: ^1.0.12 + checksum: da80dba55d0cd76a5a7ab71ef6ea0ebcb7b941f803793e4e0257b384cb772038faa0c31659d244e82c4342edef841c1a1212580006a05a5068ee48223d787317 languageName: node linkType: hard @@ -3652,10 +3680,10 @@ __metadata: languageName: node linkType: hard -"diff-sequences@npm:^27.5.1": - version: 27.5.1 - resolution: "diff-sequences@npm:27.5.1" - checksum: a00db5554c9da7da225db2d2638d85f8e41124eccbd56cbaefb3b276dcbb1c1c2ad851c32defe2055a54a4806f030656cbf6638105fd6ce97bb87b90b32a33ca +"diff-sequences@npm:^27.4.0": + version: 27.4.0 + resolution: "diff-sequences@npm:27.4.0" + checksum: 66d04033e8632eeacdd029b4ecaf87d233d475e4b0cd1cee035eda99e70e1a7f803507d72f2677990ef526f28a2f6e5709af8d94dcdc0682b8884a3a646190a1 languageName: node linkType: hard @@ -3772,10 +3800,10 @@ __metadata: languageName: node linkType: hard -"electron-to-chromium@npm:^1.4.118": - version: 1.4.122 - resolution: "electron-to-chromium@npm:1.4.122" - checksum: 8af3e4ec8d7429a301bd3e2df42c5899d590dc93b750ef74aa3244c5343b01bd3048e98bd6f13073bf3d053c6931ccda6827d8f47ba8022d7ba3c74003321cae +"electron-to-chromium@npm:^1.4.17": + version: 1.4.37 + resolution: "electron-to-chromium@npm:1.4.37" + checksum: d5da221e456bdbd23d554d1362c3e544fb3d384680a8a9fe5027e855f4a16986e7ccfa2924ba8b24f40b47eadd81738db8d2cc6388b5b6386dfadee7bada2155 languageName: node linkType: hard @@ -3854,9 +3882,9 @@ __metadata: languageName: node linkType: hard -"es-abstract@npm:^1.19.1, es-abstract@npm:^1.19.2": - version: 1.19.5 - resolution: "es-abstract@npm:1.19.5" +"es-abstract@npm:^1.19.0, es-abstract@npm:^1.19.1": + version: 1.19.1 + resolution: "es-abstract@npm:1.19.1" dependencies: call-bind: ^1.0.2 es-to-primitive: ^1.2.1 @@ -3864,30 +3892,21 @@ __metadata: get-intrinsic: ^1.1.1 get-symbol-description: ^1.0.0 has: ^1.0.3 - has-symbols: ^1.0.3 + has-symbols: ^1.0.2 internal-slot: ^1.0.3 is-callable: ^1.2.4 - is-negative-zero: ^2.0.2 + is-negative-zero: ^2.0.1 is-regex: ^1.1.4 - is-shared-array-buffer: ^1.0.2 + is-shared-array-buffer: ^1.0.1 is-string: ^1.0.7 - is-weakref: ^1.0.2 - object-inspect: ^1.12.0 + is-weakref: ^1.0.1 + object-inspect: ^1.11.0 object-keys: ^1.1.1 object.assign: ^4.1.2 string.prototype.trimend: ^1.0.4 string.prototype.trimstart: ^1.0.4 unbox-primitive: ^1.0.1 - checksum: 55199b0f179a12b3b0ec9c9f2e3a27a7561686e4f88d46f9ef32c836448a336e367c14d8f792612fc83a64113896e478259e4dffbbcffb3efdd06650f6360324 - languageName: node - linkType: hard - -"es-shim-unscopables@npm:^1.0.0": - version: 1.0.0 - resolution: "es-shim-unscopables@npm:1.0.0" - dependencies: - has: ^1.0.3 - checksum: 83e95cadbb6ee44d3644dfad60dcad7929edbc42c85e66c3e99aefd68a3a5c5665f2686885cddb47dfeabfd77bd5ea5a7060f2092a955a729bbd8834f0d86fa1 + checksum: b6be8410672c5364db3fb01eb786e30c7b4bb32b4af63d381c08840f4382c4a168e7855cd338bf59d4f1a1a1138f4d748d1fd40ec65aaa071876f9e9fbfed949 languageName: node linkType: hard @@ -4005,36 +4024,36 @@ __metadata: languageName: node linkType: hard -"eslint-module-utils@npm:^2.7.3": - version: 2.7.3 - resolution: "eslint-module-utils@npm:2.7.3" +"eslint-module-utils@npm:^2.7.2": + version: 2.7.2 + resolution: "eslint-module-utils@npm:2.7.2" dependencies: debug: ^3.2.7 find-up: ^2.1.0 - checksum: 77048263f309167a1e6a1e1b896bfb5ddd1d3859b2e2abbd9c32c432aee13d610d46e6820b1ca81b37fba437cf423a404bc6649be64ace9148a3062d1886a678 + checksum: 3e6407461d12b1568556fc9a84668415693ecce92d17d7407353defcfcafec5d3d8dfa2d9eda3743b3b53ef04101d8aa69072b3d634d92e766c3dfa10505542d languageName: node linkType: hard "eslint-plugin-import@npm:^2.22.1": - version: 2.26.0 - resolution: "eslint-plugin-import@npm:2.26.0" + version: 2.25.4 + resolution: "eslint-plugin-import@npm:2.25.4" dependencies: array-includes: ^3.1.4 array.prototype.flat: ^1.2.5 debug: ^2.6.9 doctrine: ^2.1.0 eslint-import-resolver-node: ^0.3.6 - eslint-module-utils: ^2.7.3 + eslint-module-utils: ^2.7.2 has: ^1.0.3 - is-core-module: ^2.8.1 + is-core-module: ^2.8.0 is-glob: ^4.0.3 - minimatch: ^3.1.2 + minimatch: ^3.0.4 object.values: ^1.1.5 - resolve: ^1.22.0 - tsconfig-paths: ^3.14.1 + resolve: ^1.20.0 + tsconfig-paths: ^3.12.0 peerDependencies: eslint: ^2 || ^3 || ^4 || ^5 || ^6 || ^7.2.0 || ^8 - checksum: 0bf77ad80339554481eafa2b1967449e1f816b94c7a6f9614ce33fb4083c4e6c050f10d241dd50b4975d47922880a34de1e42ea9d8e6fd663ebb768baa67e655 + checksum: 0af24f5c7c6ca692f42e3947127f0ae7dfe44f1e02740f7cbe988b510a9c52bab0065d7df04e2d953dcc88a4595a00cbdcf14018acf8cd75cfd47b72efcbb734 languageName: node linkType: hard @@ -4306,15 +4325,15 @@ __metadata: languageName: node linkType: hard -"expect@npm:^27.5.1": - version: 27.5.1 - resolution: "expect@npm:27.5.1" +"expect@npm:^27.4.6": + version: 27.4.6 + resolution: "expect@npm:27.4.6" dependencies: - "@jest/types": ^27.5.1 - jest-get-type: ^27.5.1 - jest-matcher-utils: ^27.5.1 - jest-message-util: ^27.5.1 - checksum: b2c66beb52de53ef1872165aace40224e722bca3c2274c54cfa74b6d617d55cf0ccdbf36783ccd64dbea501b280098ed33fd0b207d4f15bc03cd3c7a24364a6a + "@jest/types": ^27.4.2 + jest-get-type: ^27.4.0 + jest-matcher-utils: ^27.4.6 + jest-message-util: ^27.4.6 + checksum: 593eaa8ff34320f9a70f961bc25eeae932df4f48ebcc5ecc1033f1cddffd286fc42a2f312929222541cec1077de2604ff4fc6e97012afcbd36b333bfaba82f7f languageName: node linkType: hard @@ -4406,7 +4425,7 @@ __metadata: languageName: node linkType: hard -"fast-glob@npm:^3.1.1, fast-glob@npm:^3.2.11, fast-glob@npm:^3.2.7, fast-glob@npm:^3.2.9": +"fast-glob@npm:^3.1.1, fast-glob@npm:^3.2.11, fast-glob@npm:^3.2.7": version: 3.2.11 resolution: "fast-glob@npm:3.2.11" dependencies: @@ -4662,9 +4681,9 @@ __metadata: linkType: hard "flatted@npm:^3.1.0": - version: 3.2.5 - resolution: "flatted@npm:3.2.5" - checksum: 3c436e9695ccca29620b4be5671dd72e5dd0a7500e0856611b7ca9bd8169f177f408c3b9abfa78dfe1493ee2d873e2c119080a8a9bee4e1a186a9e60ca6c89f1 + version: 3.2.4 + resolution: "flatted@npm:3.2.4" + checksum: 7d33846428ab337ec81ef9b8b9103894c1c81f5f67feb32bd4ed106fbc47da60d56edb42efd36c9f1f30a010272aeccd34ec1ffacfe9dfdff19673b1d4df481b languageName: node linkType: hard @@ -4729,13 +4748,13 @@ __metadata: linkType: hard "fs-extra@npm:^10.0.0": - version: 10.1.0 - resolution: "fs-extra@npm:10.1.0" + version: 10.0.1 + resolution: "fs-extra@npm:10.0.1" dependencies: graceful-fs: ^4.2.0 jsonfile: ^6.0.1 universalify: ^2.0.0 - checksum: dc94ab37096f813cc3ca12f0f1b5ad6744dfed9ed21e953d72530d103cea193c2f81584a39e9dee1bea36de5ee66805678c0dddc048e8af1427ac19c00fffc50 + checksum: c1faaa5eb9e1c5c7c7ff09f966e93922ecb068ae1b04801cfc983ef05fcc1f66bfbb8d8d0b745c910014c7a2e7317fb6cf3bfe7390450c1157e3cc1a218f221d languageName: node linkType: hard @@ -5033,15 +5052,15 @@ __metadata: linkType: hard "globals@npm:^13.6.0, globals@npm:^13.9.0": - version: 13.13.0 - resolution: "globals@npm:13.13.0" + version: 13.12.0 + resolution: "globals@npm:13.12.0" dependencies: type-fest: ^0.20.2 - checksum: c55ea8fd3afecb72567bac41605577e19e68476993dfb0ca4c49b86075af5f0ae3f0f5502525f69010f7c5ea5db6a1c540a80a4f80ebdfb2f686d87b0f05d7e9 + checksum: 1f959abb11117916468a1afcba527eead152900cad652c8383c4e8976daea7ec55e1ee30c086f48d1b8655719f214e9d92eca083c3a43b5543bc4056e7e5fccf languageName: node linkType: hard -"globby@npm:11.0.4": +"globby@npm:11.0.4, globby@npm:^11.0.0, globby@npm:^11.0.1, globby@npm:^11.0.3": version: 11.0.4 resolution: "globby@npm:11.0.4" dependencies: @@ -5068,20 +5087,6 @@ __metadata: languageName: node linkType: hard -"globby@npm:^11.0.0, globby@npm:^11.0.1, globby@npm:^11.0.3": - version: 11.1.0 - resolution: "globby@npm:11.1.0" - dependencies: - array-union: ^2.1.0 - dir-glob: ^3.0.1 - fast-glob: ^3.2.9 - ignore: ^5.2.0 - merge2: ^1.4.1 - slash: ^3.0.0 - checksum: b4be8885e0cfa018fc783792942d53926c35c50b3aefd3fdcfb9d22c627639dc26bd2327a40a0b74b074100ce95bb7187bfeae2f236856aa3de183af7a02aea6 - languageName: node - linkType: hard - "got@npm:^7.0.0": version: 7.1.0 resolution: "got@npm:7.1.0" @@ -5129,17 +5134,17 @@ __metadata: languageName: node linkType: hard -"graceful-fs@npm:^4.1.10, graceful-fs@npm:^4.1.11, graceful-fs@npm:^4.1.2, graceful-fs@npm:^4.1.5, graceful-fs@npm:^4.1.6, graceful-fs@npm:^4.2.0, graceful-fs@npm:^4.2.10, graceful-fs@npm:^4.2.4, graceful-fs@npm:^4.2.6, graceful-fs@npm:^4.2.9": - version: 4.2.10 - resolution: "graceful-fs@npm:4.2.10" - checksum: 3f109d70ae123951905d85032ebeae3c2a5a7a997430df00ea30df0e3a6c60cf6689b109654d6fdacd28810a053348c4d14642da1d075049e6be1ba5216218da +"graceful-fs@npm:^4.1.10, graceful-fs@npm:^4.1.11, graceful-fs@npm:^4.1.2, graceful-fs@npm:^4.1.5, graceful-fs@npm:^4.1.6, graceful-fs@npm:^4.2.0, graceful-fs@npm:^4.2.4, graceful-fs@npm:^4.2.6, graceful-fs@npm:^4.2.9": + version: 4.2.9 + resolution: "graceful-fs@npm:4.2.9" + checksum: 68ea4e07ff2c041ada184f9278b830375f8e0b75154e3f080af6b70f66172fabb4108d19b3863a96b53fc068a310b9b6493d86d1291acc5f3861eb4b79d26ad6 languageName: node linkType: hard "graphql@npm:^16.2.0": - version: 16.4.0 - resolution: "graphql@npm:16.4.0" - checksum: 8cac2c466891b6c6ace2fa3807f93815dea53cbec372998c139e796a321a6882c2324cc605e5f9aa45356890239aa9e731a04d8c59ec524db82bd18fb48aafee + version: 16.2.0 + resolution: "graphql@npm:16.2.0" + checksum: 204b5c9991b82561651a28b13dbb2e0e67514171a6a8c045ca4a527b944087344a14519d0426d661b49f2305584b390591abadc82b942f7b65e64e05cb31a584 languageName: node linkType: hard @@ -5168,10 +5173,10 @@ __metadata: languageName: node linkType: hard -"has-bigints@npm:^1.0.1, has-bigints@npm:^1.0.2": - version: 1.0.2 - resolution: "has-bigints@npm:1.0.2" - checksum: 390e31e7be7e5c6fe68b81babb73dfc35d413604d7ee5f56da101417027a4b4ce6a27e46eff97ad040c835b5d228676eae99a9b5c3bc0e23c8e81a49241ff45b +"has-bigints@npm:^1.0.1": + version: 1.0.1 + resolution: "has-bigints@npm:1.0.1" + checksum: 44ab55868174470065d2e0f8f6def1c990d12b82162a8803c679699fa8a39f966e336f2a33c185092fe8aea7e8bf2e85f1c26add5f29d98f2318bd270096b183 languageName: node linkType: hard @@ -5182,15 +5187,6 @@ __metadata: languageName: node linkType: hard -"has-property-descriptors@npm:^1.0.0": - version: 1.0.0 - resolution: "has-property-descriptors@npm:1.0.0" - dependencies: - get-intrinsic: ^1.1.1 - checksum: a6d3f0a266d0294d972e354782e872e2fe1b6495b321e6ef678c9b7a06a40408a6891817350c62e752adced73a94ac903c54734fee05bf65b1905ee1368194bb - languageName: node - linkType: hard - "has-symbol-support-x@npm:^1.4.1": version: 1.4.2 resolution: "has-symbol-support-x@npm:1.4.2" @@ -5198,10 +5194,10 @@ __metadata: languageName: node linkType: hard -"has-symbols@npm:^1.0.1, has-symbols@npm:^1.0.2, has-symbols@npm:^1.0.3": - version: 1.0.3 - resolution: "has-symbols@npm:1.0.3" - checksum: a054c40c631c0d5741a8285010a0777ea0c068f99ed43e5d6eb12972da223f8af553a455132fdb0801bdcfa0e0f443c0c03a68d8555aa529b3144b446c3f2410 +"has-symbols@npm:^1.0.1, has-symbols@npm:^1.0.2": + version: 1.0.2 + resolution: "has-symbols@npm:1.0.2" + checksum: 2309c426071731be792b5be43b3da6fb4ed7cbe8a9a6bcfca1862587709f01b33d575ce8f5c264c1eaad09fca2f9a8208c0a2be156232629daa2dd0c0740976b languageName: node linkType: hard @@ -5363,12 +5359,12 @@ __metadata: linkType: hard "https-proxy-agent@npm:^5.0.0": - version: 5.0.1 - resolution: "https-proxy-agent@npm:5.0.1" + version: 5.0.0 + resolution: "https-proxy-agent@npm:5.0.0" dependencies: agent-base: 6 debug: 4 - checksum: 571fccdf38184f05943e12d37d6ce38197becdd69e58d03f43637f7fa1269cf303a7d228aa27e5b27bbd3af8f09fd938e1c91dcfefff2df7ba77c20ed8dfc765 + checksum: 165bfb090bd26d47693597661298006841ab733d0c7383a8cb2f17373387a94c903a3ac687090aa739de05e379ab6f868bae84ab4eac288ad85c328cd1ec9e53 languageName: node linkType: hard @@ -5524,6 +5520,13 @@ __metadata: languageName: node linkType: hard +"ini@npm:^2.0.0": + version: 2.0.0 + resolution: "ini@npm:2.0.0" + checksum: e7aadc5fb2e4aefc666d74ee2160c073995a4061556b1b5b4241ecb19ad609243b9cceafe91bae49c219519394bbd31512516cb22a3b1ca6e66d869e0447e84e + languageName: node + linkType: hard + "ini@npm:^3.0.0": version: 3.0.0 resolution: "ini@npm:3.0.0" @@ -5531,7 +5534,7 @@ __metadata: languageName: node linkType: hard -"init-package-json@npm:^3.0.2": +"init-package-json@npm:^3.0.1": version: 3.0.2 resolution: "init-package-json@npm:3.0.2" dependencies: @@ -5547,8 +5550,8 @@ __metadata: linkType: hard "inquirer@npm:^8.1.2": - version: 8.2.2 - resolution: "inquirer@npm:8.2.2" + version: 8.2.0 + resolution: "inquirer@npm:8.2.0" dependencies: ansi-escapes: ^4.2.1 chalk: ^4.1.1 @@ -5560,11 +5563,11 @@ __metadata: mute-stream: 0.0.8 ora: ^5.4.1 run-async: ^2.4.0 - rxjs: ^7.5.5 + rxjs: ^7.2.0 string-width: ^4.1.0 strip-ansi: ^6.0.0 through: ^2.3.6 - checksum: 69a2cf32f51af0e94dd66c597fdca42b890ff521b537dbfe1fd532c19a751d54893b7896523691ec30357f6212a80a2417fec7bf34411f369bbf151bdbc95ae9 + checksum: 861d1a9324ae933b49126b3541d94e4d6a2f2a25411b3f3cc00c34bf1bdab34146362d702cf289efe6d8034900dc5905bcf2ea716092a02b6fc390e5986dd236 languageName: node linkType: hard @@ -5696,7 +5699,16 @@ __metadata: languageName: node linkType: hard -"is-core-module@npm:^2.5.0, is-core-module@npm:^2.8.1": +"is-core-module@npm:^2.5.0, is-core-module@npm:^2.8.0": + version: 2.8.1 + resolution: "is-core-module@npm:2.8.1" + dependencies: + has: ^1.0.3 + checksum: 418b7bc10768a73c41c7ef497e293719604007f88934a6ffc5f7c78702791b8528102fb4c9e56d006d69361549b3d9519440214a74aefc7e0b79e5e4411d377f + languageName: node + linkType: hard + +"is-core-module@npm:^2.8.1": version: 2.9.0 resolution: "is-core-module@npm:2.9.0" dependencies: @@ -5862,7 +5874,7 @@ __metadata: languageName: node linkType: hard -"is-negative-zero@npm:^2.0.2": +"is-negative-zero@npm:^2.0.1": version: 2.0.2 resolution: "is-negative-zero@npm:2.0.2" checksum: f3232194c47a549da60c3d509c9a09be442507616b69454716692e37ae9f37c4dea264fb208ad0c9f3efd15a796a46b79df07c7e53c6227c32170608b809149a @@ -5870,11 +5882,11 @@ __metadata: linkType: hard "is-number-object@npm:^1.0.4": - version: 1.0.7 - resolution: "is-number-object@npm:1.0.7" + version: 1.0.6 + resolution: "is-number-object@npm:1.0.6" dependencies: has-tostringtag: ^1.0.0 - checksum: d1e8d01bb0a7134c74649c4e62da0c6118a0bfc6771ea3c560914d52a627873e6920dd0fd0ebc0e12ad2ff4687eac4c308f7e80320b973b2c8a2c8f97a7524f7 + checksum: c697704e8fc2027fc41cb81d29805de4e8b6dc9c3efee93741dbf126a8ecc8443fef85adbc581415ae7e55d325e51d0a942324ae35c829131748cce39cba55f3 languageName: node linkType: hard @@ -5999,12 +6011,10 @@ __metadata: languageName: node linkType: hard -"is-shared-array-buffer@npm:^1.0.2": - version: 1.0.2 - resolution: "is-shared-array-buffer@npm:1.0.2" - dependencies: - call-bind: ^1.0.2 - checksum: 9508929cf14fdc1afc9d61d723c6e8d34f5e117f0bffda4d97e7a5d88c3a8681f633a74f8e3ad1fe92d5113f9b921dc5ca44356492079612f9a247efbce7032a +"is-shared-array-buffer@npm:^1.0.1": + version: 1.0.1 + resolution: "is-shared-array-buffer@npm:1.0.1" + checksum: 2ffb92533e64e2876e6cfe6906871d28400b6f1a53130fe652ec8007bc0e5044d05e7af8e31bdc992fbba520bd92938cfbeedd0f286be92f250c7c76191c4d90 languageName: node linkType: hard @@ -6079,7 +6089,7 @@ __metadata: languageName: node linkType: hard -"is-weakref@npm:^1.0.2": +"is-weakref@npm:^1.0.1": version: 1.0.2 resolution: "is-weakref@npm:1.0.2" dependencies: @@ -6146,15 +6156,15 @@ __metadata: linkType: hard "istanbul-lib-instrument@npm:^5.0.4, istanbul-lib-instrument@npm:^5.1.0": - version: 5.2.0 - resolution: "istanbul-lib-instrument@npm:5.2.0" + version: 5.1.0 + resolution: "istanbul-lib-instrument@npm:5.1.0" dependencies: "@babel/core": ^7.12.3 "@babel/parser": ^7.14.7 "@istanbuljs/schema": ^0.1.2 istanbul-lib-coverage: ^3.2.0 semver: ^6.3.0 - checksum: 7c242ed782b6bf7b655656576afae8b6bd23dcc020e5fdc1472cca3dfb6ddb196a478385206d0df5219b9babf46ac4f21fea5d8ea9a431848b6cca6007012353 + checksum: 8b82e733c69fe9f94d2e21f3e5760c9bedb110329aa75df4bd40df95f1cac3bf38767e43f35b125cc547ceca7376b72ce7d95cc5238b7e9088345c7b589233d3 languageName: node linkType: hard @@ -6181,12 +6191,12 @@ __metadata: linkType: hard "istanbul-reports@npm:^3.1.3": - version: 3.1.4 - resolution: "istanbul-reports@npm:3.1.4" + version: 3.1.3 + resolution: "istanbul-reports@npm:3.1.3" dependencies: html-escaper: ^2.0.0 istanbul-lib-report: ^3.0.0 - checksum: 2132983355710c522f6b26808015cab9a0ee8b9f5ae0db0d3edeff40b886dd83cb670fb123cb7b32dbe59473d7c00cdde2ba6136bc0acdb20a865fccea64dfe1 + checksum: ef6e0d9ed05ecab1974c6eb46cc2a12d8570911934192db4ed40cf1978449240ea80aae32c4dd5555b67407cdf860212d1a9e415443af69641aa57ed1da5ebbb languageName: node linkType: hard @@ -6207,58 +6217,58 @@ __metadata: languageName: node linkType: hard -"jest-changed-files@npm:^27.5.1": - version: 27.5.1 - resolution: "jest-changed-files@npm:27.5.1" +"jest-changed-files@npm:^27.4.2": + version: 27.4.2 + resolution: "jest-changed-files@npm:27.4.2" dependencies: - "@jest/types": ^27.5.1 + "@jest/types": ^27.4.2 execa: ^5.0.0 throat: ^6.0.1 - checksum: 95e9dc74c3ca688ef85cfeab270f43f8902721a6c8ade6ac2459459a77890c85977f537d6fb809056deaa6d9c3f075fa7d2699ff5f3bf7d3fda17c3760b79b15 + checksum: 4df8dff39882995d4852756686357e0629cf8029ea5c35dcf25f63fba4febe15b564b9222f7d18a7546fcd48d3414345bf3c363a1d13af61d8d66e662a035420 languageName: node linkType: hard -"jest-circus@npm:^27.5.1": - version: 27.5.1 - resolution: "jest-circus@npm:27.5.1" +"jest-circus@npm:^27.4.6": + version: 27.4.6 + resolution: "jest-circus@npm:27.4.6" dependencies: - "@jest/environment": ^27.5.1 - "@jest/test-result": ^27.5.1 - "@jest/types": ^27.5.1 + "@jest/environment": ^27.4.6 + "@jest/test-result": ^27.4.6 + "@jest/types": ^27.4.2 "@types/node": "*" chalk: ^4.0.0 co: ^4.6.0 dedent: ^0.7.0 - expect: ^27.5.1 + expect: ^27.4.6 is-generator-fn: ^2.0.0 - jest-each: ^27.5.1 - jest-matcher-utils: ^27.5.1 - jest-message-util: ^27.5.1 - jest-runtime: ^27.5.1 - jest-snapshot: ^27.5.1 - jest-util: ^27.5.1 - pretty-format: ^27.5.1 + jest-each: ^27.4.6 + jest-matcher-utils: ^27.4.6 + jest-message-util: ^27.4.6 + jest-runtime: ^27.4.6 + jest-snapshot: ^27.4.6 + jest-util: ^27.4.2 + pretty-format: ^27.4.6 slash: ^3.0.0 stack-utils: ^2.0.3 throat: ^6.0.1 - checksum: 6192dccbccb3a6acfa361cbb97bdbabe94864ccf3d885932cfd41f19534329d40698078cf9be1489415e8234255d6ea9f9aff5396b79ad842a6fca6e6fc08fd0 + checksum: 00aae02bc4de4afa2144b073c4158a322cb37924d5583ef5caa5cb4badcc8f32474da3a01dd5672e85eda088b92d2b769986b46e36c2c88df0dd6ec0c72bd8c1 languageName: node linkType: hard -"jest-cli@npm:^27.5.1": - version: 27.5.1 - resolution: "jest-cli@npm:27.5.1" +"jest-cli@npm:^27.4.7": + version: 27.4.7 + resolution: "jest-cli@npm:27.4.7" dependencies: - "@jest/core": ^27.5.1 - "@jest/test-result": ^27.5.1 - "@jest/types": ^27.5.1 + "@jest/core": ^27.4.7 + "@jest/test-result": ^27.4.6 + "@jest/types": ^27.4.2 chalk: ^4.0.0 exit: ^0.1.2 - graceful-fs: ^4.2.9 + graceful-fs: ^4.2.4 import-local: ^3.0.2 - jest-config: ^27.5.1 - jest-util: ^27.5.1 - jest-validate: ^27.5.1 + jest-config: ^27.4.7 + jest-util: ^27.4.2 + jest-validate: ^27.4.6 prompts: ^2.0.1 yargs: ^16.2.0 peerDependencies: @@ -6268,212 +6278,210 @@ __metadata: optional: true bin: jest: bin/jest.js - checksum: 6c0a69fb48e500241409e09ff743ed72bc6578d7769e2c994724e7ef1e5587f6c1f85dc429e93b98ae38a365222993ee70f0acc2199358992120900984f349e5 + checksum: bf301039f1c14ef3fa2b7699b7b94328faa5549e34cb1573610c894bedd036ad36e31e6af436e11b3aa85e22e409a05d1fef1624bebc2da7ed416ce969b87307 languageName: node linkType: hard -"jest-config@npm:^27.5.1": - version: 27.5.1 - resolution: "jest-config@npm:27.5.1" +"jest-config@npm:^27.4.7": + version: 27.4.7 + resolution: "jest-config@npm:27.4.7" dependencies: "@babel/core": ^7.8.0 - "@jest/test-sequencer": ^27.5.1 - "@jest/types": ^27.5.1 - babel-jest: ^27.5.1 + "@jest/test-sequencer": ^27.4.6 + "@jest/types": ^27.4.2 + babel-jest: ^27.4.6 chalk: ^4.0.0 ci-info: ^3.2.0 deepmerge: ^4.2.2 glob: ^7.1.1 - graceful-fs: ^4.2.9 - jest-circus: ^27.5.1 - jest-environment-jsdom: ^27.5.1 - jest-environment-node: ^27.5.1 - jest-get-type: ^27.5.1 - jest-jasmine2: ^27.5.1 - jest-regex-util: ^27.5.1 - jest-resolve: ^27.5.1 - jest-runner: ^27.5.1 - jest-util: ^27.5.1 - jest-validate: ^27.5.1 + graceful-fs: ^4.2.4 + jest-circus: ^27.4.6 + jest-environment-jsdom: ^27.4.6 + jest-environment-node: ^27.4.6 + jest-get-type: ^27.4.0 + jest-jasmine2: ^27.4.6 + jest-regex-util: ^27.4.0 + jest-resolve: ^27.4.6 + jest-runner: ^27.4.6 + jest-util: ^27.4.2 + jest-validate: ^27.4.6 micromatch: ^4.0.4 - parse-json: ^5.2.0 - pretty-format: ^27.5.1 + pretty-format: ^27.4.6 slash: ^3.0.0 - strip-json-comments: ^3.1.1 peerDependencies: ts-node: ">=9.0.0" peerDependenciesMeta: ts-node: optional: true - checksum: 1188fd46c0ed78cbe3175eb9ad6712ccf74a74be33d9f0d748e147c107f0889f8b701fbff1567f31836ae18597dacdc43d6a8fc30dd34ade6c9229cc6c7cb82d + checksum: 23d5bacc483b2674d6efcd6bfc66bcde7c2b428511b50d17a22a2750d85bfc23753f9e41f504411e411e848e34ec61244bdae9da8782df4ada6e284106f71a4d languageName: node linkType: hard -"jest-diff@npm:^27.5.1": - version: 27.5.1 - resolution: "jest-diff@npm:27.5.1" +"jest-diff@npm:^27.0.0, jest-diff@npm:^27.4.6": + version: 27.4.6 + resolution: "jest-diff@npm:27.4.6" dependencies: chalk: ^4.0.0 - diff-sequences: ^27.5.1 - jest-get-type: ^27.5.1 - pretty-format: ^27.5.1 - checksum: 8be27c1e1ee57b2bb2bef9c0b233c19621b4c43d53a3c26e2c00a4e805eb4ea11fe1694a06a9fb0e80ffdcfdc0d2b1cb0b85920b3f5c892327ecd1e7bd96b865 + diff-sequences: ^27.4.0 + jest-get-type: ^27.4.0 + pretty-format: ^27.4.6 + checksum: cf6b7e80e3c64a7c71ab209c0325bbda175991aed985ecee7652df9d6540e4959089038e208c04ab05391c9ddf07adc72f0c8c26cc4cee6fa17f76f500e2bf43 languageName: node linkType: hard -"jest-docblock@npm:^27.5.1": - version: 27.5.1 - resolution: "jest-docblock@npm:27.5.1" +"jest-docblock@npm:^27.4.0": + version: 27.4.0 + resolution: "jest-docblock@npm:27.4.0" dependencies: detect-newline: ^3.0.0 - checksum: c0fed6d55b229d8bffdd8d03f121dd1a3be77c88f50552d374f9e1ea3bde57bf6bea017a0add04628d98abcb1bfb48b456438eeca8a74ef0053f4dae3b95d29c + checksum: 4b7639ceb7808280562166c87c49746d9e9cc13f8315ea05a0a400d2f7b11f4491b4ad50935e5976db6509f26004fa2b187dc19eea5e09c445eed2648eb1e927 languageName: node linkType: hard -"jest-each@npm:^27.5.1": - version: 27.5.1 - resolution: "jest-each@npm:27.5.1" +"jest-each@npm:^27.4.6": + version: 27.4.6 + resolution: "jest-each@npm:27.4.6" dependencies: - "@jest/types": ^27.5.1 + "@jest/types": ^27.4.2 chalk: ^4.0.0 - jest-get-type: ^27.5.1 - jest-util: ^27.5.1 - pretty-format: ^27.5.1 - checksum: b5a6d8730fd938982569c9e0b42bdf3c242f97b957ed8155a6473b5f7b540970f8685524e7f53963dc1805319f4b6602abfc56605590ca19d55bd7a87e467e63 + jest-get-type: ^27.4.0 + jest-util: ^27.4.2 + pretty-format: ^27.4.6 + checksum: cce85a14a4c3a37733e75da2352e767c6eef923181e0c884eb9f86253ed417de0454da5117ebfbc1fcabdf109a305b1dbbf9b71a5712da8b6d79fde1f73a9b75 languageName: node linkType: hard -"jest-environment-jsdom@npm:^27.5.1": - version: 27.5.1 - resolution: "jest-environment-jsdom@npm:27.5.1" +"jest-environment-jsdom@npm:^27.4.6": + version: 27.4.6 + resolution: "jest-environment-jsdom@npm:27.4.6" dependencies: - "@jest/environment": ^27.5.1 - "@jest/fake-timers": ^27.5.1 - "@jest/types": ^27.5.1 + "@jest/environment": ^27.4.6 + "@jest/fake-timers": ^27.4.6 + "@jest/types": ^27.4.2 "@types/node": "*" - jest-mock: ^27.5.1 - jest-util: ^27.5.1 + jest-mock: ^27.4.6 + jest-util: ^27.4.2 jsdom: ^16.6.0 - checksum: bc104aef7d7530d0740402aa84ac812138b6d1e51fe58adecce679f82b99340ddab73e5ec68fa079f33f50c9ddec9728fc9f0ddcca2ad6f0b351eed2762cc555 + checksum: bdf5f349a3e96b029fd0c442c8ba86dd7beb8d14922b6a53f0c52f9ab7b34521ef8deedfaba13ce81ca01e9074032eb8dc506d9035941348e129d0b76671d6bc languageName: node linkType: hard -"jest-environment-node@npm:^27.5.1": - version: 27.5.1 - resolution: "jest-environment-node@npm:27.5.1" +"jest-environment-node@npm:^27.4.6": + version: 27.4.6 + resolution: "jest-environment-node@npm:27.4.6" dependencies: - "@jest/environment": ^27.5.1 - "@jest/fake-timers": ^27.5.1 - "@jest/types": ^27.5.1 + "@jest/environment": ^27.4.6 + "@jest/fake-timers": ^27.4.6 + "@jest/types": ^27.4.2 "@types/node": "*" - jest-mock: ^27.5.1 - jest-util: ^27.5.1 - checksum: 0f988330c4f3eec092e3fb37ea753b0c6f702e83cd8f4d770af9c2bf964a70bc45fbd34ec6fdb6d71ce98a778d9f54afd673e63f222e4667fff289e8069dba39 + jest-mock: ^27.4.6 + jest-util: ^27.4.2 + checksum: 3f146e7819f65b1dc0252573cddadc8c565a566ddf7c06c93eded51cccfc55f4765373fb2aaafeb4d8b76ec62b062e1bd4f1da6b9f57429af6789ef8bbada3cb languageName: node linkType: hard -"jest-get-type@npm:^27.5.1": - version: 27.5.1 - resolution: "jest-get-type@npm:27.5.1" - checksum: 63064ab70195c21007d897c1157bf88ff94a790824a10f8c890392e7d17eda9c3900513cb291ca1c8d5722cad79169764e9a1279f7c8a9c4cd6e9109ff04bbc0 +"jest-get-type@npm:^27.4.0": + version: 27.4.0 + resolution: "jest-get-type@npm:27.4.0" + checksum: bb9b70e420009fdaed3026d5bccd01569f92c7500f9f544d862796d4f4efa93ced5484864b2f272c7748bfb5bfd3268d48868b169c51ab45fe5b45b9519b6e46 languageName: node linkType: hard -"jest-haste-map@npm:^27.5.1": - version: 27.5.1 - resolution: "jest-haste-map@npm:27.5.1" +"jest-haste-map@npm:^27.4.6": + version: 27.4.6 + resolution: "jest-haste-map@npm:27.4.6" dependencies: - "@jest/types": ^27.5.1 + "@jest/types": ^27.4.2 "@types/graceful-fs": ^4.1.2 "@types/node": "*" anymatch: ^3.0.3 fb-watchman: ^2.0.0 fsevents: ^2.3.2 - graceful-fs: ^4.2.9 - jest-regex-util: ^27.5.1 - jest-serializer: ^27.5.1 - jest-util: ^27.5.1 - jest-worker: ^27.5.1 + graceful-fs: ^4.2.4 + jest-regex-util: ^27.4.0 + jest-serializer: ^27.4.0 + jest-util: ^27.4.2 + jest-worker: ^27.4.6 micromatch: ^4.0.4 walker: ^1.0.7 dependenciesMeta: fsevents: optional: true - checksum: e092a1412829a9254b4725531ee72926de530f77fda7b0d9ea18008fb7623c16f72e772d8e93be71cac9e591b2c6843a669610887dd2c89bd9eb528856e3ab47 + checksum: 07a336e9dba9e7308f16c8b8e037dcc80eb346b0f68cbb6bd1badf97abb104da12c305b411549a5ac0bd4e634b61f9d12e0b5ac2ae8e8bea08952a5fe1a6e82e languageName: node linkType: hard -"jest-jasmine2@npm:^27.5.1": - version: 27.5.1 - resolution: "jest-jasmine2@npm:27.5.1" +"jest-jasmine2@npm:^27.4.6": + version: 27.4.6 + resolution: "jest-jasmine2@npm:27.4.6" dependencies: - "@jest/environment": ^27.5.1 - "@jest/source-map": ^27.5.1 - "@jest/test-result": ^27.5.1 - "@jest/types": ^27.5.1 + "@jest/environment": ^27.4.6 + "@jest/source-map": ^27.4.0 + "@jest/test-result": ^27.4.6 + "@jest/types": ^27.4.2 "@types/node": "*" chalk: ^4.0.0 co: ^4.6.0 - expect: ^27.5.1 + expect: ^27.4.6 is-generator-fn: ^2.0.0 - jest-each: ^27.5.1 - jest-matcher-utils: ^27.5.1 - jest-message-util: ^27.5.1 - jest-runtime: ^27.5.1 - jest-snapshot: ^27.5.1 - jest-util: ^27.5.1 - pretty-format: ^27.5.1 + jest-each: ^27.4.6 + jest-matcher-utils: ^27.4.6 + jest-message-util: ^27.4.6 + jest-runtime: ^27.4.6 + jest-snapshot: ^27.4.6 + jest-util: ^27.4.2 + pretty-format: ^27.4.6 throat: ^6.0.1 - checksum: b716adf253ceb73db661936153394ab90d7f3a8ba56d6189b7cd4df8e4e2a4153b4e63ebb5d36e29ceb0f4c211d5a6f36ab7048c6abbd881c8646567e2ab8e6d + checksum: d9b05405708161b90c2e9add00ee3c62b154b0f839bc50f034ae8369921956bb16cec428e46ae3b8074a3aeded6cb02f770161d7453f1a183b1abac17dae43f7 languageName: node linkType: hard -"jest-leak-detector@npm:^27.5.1": - version: 27.5.1 - resolution: "jest-leak-detector@npm:27.5.1" +"jest-leak-detector@npm:^27.4.6": + version: 27.4.6 + resolution: "jest-leak-detector@npm:27.4.6" dependencies: - jest-get-type: ^27.5.1 - pretty-format: ^27.5.1 - checksum: 5c9689060960567ddaf16c570d87afa760a461885765d2c71ef4f4857bbc3af1482c34e3cce88e50beefde1bf35e33530b020480752057a7e3dbb1ca0bae359f + jest-get-type: ^27.4.0 + pretty-format: ^27.4.6 + checksum: 4259400403d51b1297b9ab05c1342345c4a93a77c99447b061192ed81b56efcbdd28a03914c9f97670d2f3498bdc368712575d6218b02e3af1656b7db507d3bf languageName: node linkType: hard -"jest-matcher-utils@npm:^27.0.0, jest-matcher-utils@npm:^27.5.1": - version: 27.5.1 - resolution: "jest-matcher-utils@npm:27.5.1" +"jest-matcher-utils@npm:^27.4.6": + version: 27.4.6 + resolution: "jest-matcher-utils@npm:27.4.6" dependencies: chalk: ^4.0.0 - jest-diff: ^27.5.1 - jest-get-type: ^27.5.1 - pretty-format: ^27.5.1 - checksum: bb2135fc48889ff3fe73888f6cc7168ddab9de28b51b3148f820c89fdfd2effdcad005f18be67d0b9be80eda208ad47290f62f03d0a33f848db2dd0273c8217a + jest-diff: ^27.4.6 + jest-get-type: ^27.4.0 + pretty-format: ^27.4.6 + checksum: 445a8cc9eaa7cb08653a10cfc4f109eca76a97d1b1d3a01067bd77efa9cb3a554b74c7402a4c9d5083b21e11218e1515ef538faa47fa47c282072b4825f6b307 languageName: node linkType: hard -"jest-message-util@npm:^27.5.1": - version: 27.5.1 - resolution: "jest-message-util@npm:27.5.1" +"jest-message-util@npm:^27.4.6": + version: 27.4.6 + resolution: "jest-message-util@npm:27.4.6" dependencies: "@babel/code-frame": ^7.12.13 - "@jest/types": ^27.5.1 + "@jest/types": ^27.4.2 "@types/stack-utils": ^2.0.0 chalk: ^4.0.0 - graceful-fs: ^4.2.9 + graceful-fs: ^4.2.4 micromatch: ^4.0.4 - pretty-format: ^27.5.1 + pretty-format: ^27.4.6 slash: ^3.0.0 stack-utils: ^2.0.3 - checksum: eb6d637d1411c71646de578c49826b6da8e33dd293e501967011de9d1916d53d845afbfb52a5b661ff1c495be7c13f751c48c7f30781fd94fbd64842e8195796 + checksum: 1fdd542d091dbf7aa63a484feead97a921e3c4d6db3784fe2e6d83e9110ac06de5691fdc043da991ca1d0ce5d179ea8266c8d93b388f4bba7d80a267fdd946df languageName: node linkType: hard -"jest-mock@npm:^27.5.1": - version: 27.5.1 - resolution: "jest-mock@npm:27.5.1" +"jest-mock@npm:^27.4.6": + version: 27.4.6 + resolution: "jest-mock@npm:27.4.6" dependencies: - "@jest/types": ^27.5.1 + "@jest/types": ^27.4.2 "@types/node": "*" - checksum: f5b5904bb1741b4a1687a5f492535b7b1758dc26534c72a5423305f8711292e96a601dec966df81bb313269fb52d47227e29f9c2e08324d79529172f67311be0 + checksum: 34df5ec502fa0db5ef36e2b2e96a522de730e7be907c6df5d4ec8ab1292d9be71f1e269e8bcdafd020239edaf3ca6f9c464eb0b4aca6986420a1f392976fc0ab languageName: node linkType: hard @@ -6489,202 +6497,203 @@ __metadata: languageName: node linkType: hard -"jest-regex-util@npm:^27.5.1": - version: 27.5.1 - resolution: "jest-regex-util@npm:27.5.1" - checksum: d45ca7a9543616a34f7f3079337439cf07566e677a096472baa2810e274b9808b76767c97b0a4029b8a5b82b9d256dee28ef9ad4138b2b9e5933f6fac106c418 +"jest-regex-util@npm:^27.4.0": + version: 27.4.0 + resolution: "jest-regex-util@npm:27.4.0" + checksum: 222e4aacec601fd2cfdfee74adb8d324fef672f77577a7c2220893ec1a62031a2640388fce8d0bd8be2e4537da1ab40aa74dba60ac531a23b2643b15c65014ac languageName: node linkType: hard -"jest-resolve-dependencies@npm:^27.5.1": - version: 27.5.1 - resolution: "jest-resolve-dependencies@npm:27.5.1" +"jest-resolve-dependencies@npm:^27.4.6": + version: 27.4.6 + resolution: "jest-resolve-dependencies@npm:27.4.6" dependencies: - "@jest/types": ^27.5.1 - jest-regex-util: ^27.5.1 - jest-snapshot: ^27.5.1 - checksum: c67af97afad1da88f5530317c732bbd1262d1225f6cd7f4e4740a5db48f90ab0bd8564738ac70d1a43934894f9aef62205c1b8f8ee89e5c7a737e6a121ee4c25 + "@jest/types": ^27.4.2 + jest-regex-util: ^27.4.0 + jest-snapshot: ^27.4.6 + checksum: c644adb74a602c8c08f90256c9a5c519434cd213a02a6f427425003f9ab026c12860527eb67cf624aa6717c410fa92aee66662d212c0ffbb73f80e2711ffb7a4 languageName: node linkType: hard -"jest-resolve@npm:^27.5.1": - version: 27.5.1 - resolution: "jest-resolve@npm:27.5.1" +"jest-resolve@npm:^27.4.6": + version: 27.4.6 + resolution: "jest-resolve@npm:27.4.6" dependencies: - "@jest/types": ^27.5.1 + "@jest/types": ^27.4.2 chalk: ^4.0.0 - graceful-fs: ^4.2.9 - jest-haste-map: ^27.5.1 + graceful-fs: ^4.2.4 + jest-haste-map: ^27.4.6 jest-pnp-resolver: ^1.2.2 - jest-util: ^27.5.1 - jest-validate: ^27.5.1 + jest-util: ^27.4.2 + jest-validate: ^27.4.6 resolve: ^1.20.0 resolve.exports: ^1.1.0 slash: ^3.0.0 - checksum: 735830e7265b20a348029738680bb2f6e37f80ecea86cda869a4c318ba3a45d39c7a3a873a22f7f746d86258c50ead6e7f501de043e201c095d7ba628a1c440f + checksum: 69b765660ee2dd71542953fbe5f6fc9ee3590a4829376e00d955f7566d47049ec5e300832bee1530ac85d2946e341558993ab381d3023363058ae6f9d4c10025 languageName: node linkType: hard -"jest-runner@npm:^27.5.1": - version: 27.5.1 - resolution: "jest-runner@npm:27.5.1" +"jest-runner@npm:^27.4.6": + version: 27.4.6 + resolution: "jest-runner@npm:27.4.6" dependencies: - "@jest/console": ^27.5.1 - "@jest/environment": ^27.5.1 - "@jest/test-result": ^27.5.1 - "@jest/transform": ^27.5.1 - "@jest/types": ^27.5.1 + "@jest/console": ^27.4.6 + "@jest/environment": ^27.4.6 + "@jest/test-result": ^27.4.6 + "@jest/transform": ^27.4.6 + "@jest/types": ^27.4.2 "@types/node": "*" chalk: ^4.0.0 emittery: ^0.8.1 - graceful-fs: ^4.2.9 - jest-docblock: ^27.5.1 - jest-environment-jsdom: ^27.5.1 - jest-environment-node: ^27.5.1 - jest-haste-map: ^27.5.1 - jest-leak-detector: ^27.5.1 - jest-message-util: ^27.5.1 - jest-resolve: ^27.5.1 - jest-runtime: ^27.5.1 - jest-util: ^27.5.1 - jest-worker: ^27.5.1 + exit: ^0.1.2 + graceful-fs: ^4.2.4 + jest-docblock: ^27.4.0 + jest-environment-jsdom: ^27.4.6 + jest-environment-node: ^27.4.6 + jest-haste-map: ^27.4.6 + jest-leak-detector: ^27.4.6 + jest-message-util: ^27.4.6 + jest-resolve: ^27.4.6 + jest-runtime: ^27.4.6 + jest-util: ^27.4.2 + jest-worker: ^27.4.6 source-map-support: ^0.5.6 throat: ^6.0.1 - checksum: 5bbe6cf847dd322b3332ec9d6977b54f91bd5f72ff620bc1a0192f0f129deda8aa7ca74c98922187a7aa87d8e0ce4f6c50e99a7ccb2a310bf4d94be2e0c3ce8e + checksum: 4e76117e5373b6eb51c7113f848dbc92bc1e1d2f1302f9530ef9cb6c967eb364836f4a5790f65a437f47debc917bfb696bbc647831292fa8b1b4321f292e721f languageName: node linkType: hard -"jest-runtime@npm:^27.5.1": - version: 27.5.1 - resolution: "jest-runtime@npm:27.5.1" +"jest-runtime@npm:^27.4.6": + version: 27.4.6 + resolution: "jest-runtime@npm:27.4.6" dependencies: - "@jest/environment": ^27.5.1 - "@jest/fake-timers": ^27.5.1 - "@jest/globals": ^27.5.1 - "@jest/source-map": ^27.5.1 - "@jest/test-result": ^27.5.1 - "@jest/transform": ^27.5.1 - "@jest/types": ^27.5.1 + "@jest/environment": ^27.4.6 + "@jest/fake-timers": ^27.4.6 + "@jest/globals": ^27.4.6 + "@jest/source-map": ^27.4.0 + "@jest/test-result": ^27.4.6 + "@jest/transform": ^27.4.6 + "@jest/types": ^27.4.2 chalk: ^4.0.0 cjs-module-lexer: ^1.0.0 collect-v8-coverage: ^1.0.0 execa: ^5.0.0 glob: ^7.1.3 - graceful-fs: ^4.2.9 - jest-haste-map: ^27.5.1 - jest-message-util: ^27.5.1 - jest-mock: ^27.5.1 - jest-regex-util: ^27.5.1 - jest-resolve: ^27.5.1 - jest-snapshot: ^27.5.1 - jest-util: ^27.5.1 + graceful-fs: ^4.2.4 + jest-haste-map: ^27.4.6 + jest-message-util: ^27.4.6 + jest-mock: ^27.4.6 + jest-regex-util: ^27.4.0 + jest-resolve: ^27.4.6 + jest-snapshot: ^27.4.6 + jest-util: ^27.4.2 slash: ^3.0.0 strip-bom: ^4.0.0 - checksum: 929e3df0c53dab43f831f2af4e2996b22aa8cb2d6d483919d6b0426cbc100098fd5b777b998c6568b77f8c4d860b2e83127514292ff61416064f5ef926492386 + checksum: 64d833c7d7b1d67b53932dc9fd9332aaf43ea1777fc61c3f143515968f066438b3247e4f1a71a7f127b1bedbc7c3124bfc53cb4f026fff5b26e2feda8d35535c languageName: node linkType: hard -"jest-serializer@npm:^27.5.1": - version: 27.5.1 - resolution: "jest-serializer@npm:27.5.1" +"jest-serializer@npm:^27.4.0": + version: 27.4.0 + resolution: "jest-serializer@npm:27.4.0" dependencies: "@types/node": "*" - graceful-fs: ^4.2.9 - checksum: 803e03a552278610edc6753c0dd9fa5bb5cd3ca47414a7b2918106efb62b79fd5e9ae785d0a21f12a299fa599fea8acc1fa6dd41283328cee43962cf7df9bb44 + graceful-fs: ^4.2.4 + checksum: 1ed5f38e88010f258bd9557d7842a89741ff15bfc578328e8ae1985933406350b817cf5e3127773e3dbc755dbe2522195378f8b98284bcc32111a723294ebbea languageName: node linkType: hard -"jest-snapshot@npm:^27.5.1": - version: 27.5.1 - resolution: "jest-snapshot@npm:27.5.1" +"jest-snapshot@npm:^27.4.6": + version: 27.4.6 + resolution: "jest-snapshot@npm:27.4.6" dependencies: "@babel/core": ^7.7.2 "@babel/generator": ^7.7.2 "@babel/plugin-syntax-typescript": ^7.7.2 "@babel/traverse": ^7.7.2 "@babel/types": ^7.0.0 - "@jest/transform": ^27.5.1 - "@jest/types": ^27.5.1 + "@jest/transform": ^27.4.6 + "@jest/types": ^27.4.2 "@types/babel__traverse": ^7.0.4 "@types/prettier": ^2.1.5 babel-preset-current-node-syntax: ^1.0.0 chalk: ^4.0.0 - expect: ^27.5.1 - graceful-fs: ^4.2.9 - jest-diff: ^27.5.1 - jest-get-type: ^27.5.1 - jest-haste-map: ^27.5.1 - jest-matcher-utils: ^27.5.1 - jest-message-util: ^27.5.1 - jest-util: ^27.5.1 + expect: ^27.4.6 + graceful-fs: ^4.2.4 + jest-diff: ^27.4.6 + jest-get-type: ^27.4.0 + jest-haste-map: ^27.4.6 + jest-matcher-utils: ^27.4.6 + jest-message-util: ^27.4.6 + jest-util: ^27.4.2 natural-compare: ^1.4.0 - pretty-format: ^27.5.1 + pretty-format: ^27.4.6 semver: ^7.3.2 - checksum: a5cfadf0d21cd76063925d1434bc076443ed6d87847d0e248f0b245f11db3d98ff13e45cc03b15404027dabecd712d925f47b6eae4f64986f688640a7d362514 + checksum: c7a1ae993ae7334277c61e6d645efedefce53ca212498ae766ea28efa46287559a56d2bd2edaaead8476191a45adbb1354df5367dfd223763b5a66751bfbda14 languageName: node linkType: hard -"jest-util@npm:^27.0.0, jest-util@npm:^27.5.1": - version: 27.5.1 - resolution: "jest-util@npm:27.5.1" +"jest-util@npm:^27.0.0, jest-util@npm:^27.4.2": + version: 27.4.2 + resolution: "jest-util@npm:27.4.2" dependencies: - "@jest/types": ^27.5.1 + "@jest/types": ^27.4.2 "@types/node": "*" chalk: ^4.0.0 ci-info: ^3.2.0 - graceful-fs: ^4.2.9 + graceful-fs: ^4.2.4 picomatch: ^2.2.3 - checksum: ac8d122f6daf7a035dcea156641fd3701aeba245417c40836a77e35b3341b9c02ddc5d904cfcd4ddbaa00ab854da76d3b911870cafdcdbaff90ea471de26c7d7 + checksum: bcf16881aff1421c5f7c2df2ef9492cf8cd92fcd0a2a99bec5ab16f7185ee19aea48eda41d9dfa7b5bf4354bdc21628f5931cd2e7281741e6d2983965efb631e languageName: node linkType: hard -"jest-validate@npm:^27.5.1": - version: 27.5.1 - resolution: "jest-validate@npm:27.5.1" +"jest-validate@npm:^27.4.6": + version: 27.4.6 + resolution: "jest-validate@npm:27.4.6" dependencies: - "@jest/types": ^27.5.1 + "@jest/types": ^27.4.2 camelcase: ^6.2.0 chalk: ^4.0.0 - jest-get-type: ^27.5.1 + jest-get-type: ^27.4.0 leven: ^3.1.0 - pretty-format: ^27.5.1 - checksum: 82e870f8ee7e4fb949652711b1567f05ae31c54be346b0899e8353e5c20fad7692b511905b37966945e90af8dc0383eb41a74f3ffefb16140ea4f9164d841412 + pretty-format: ^27.4.6 + checksum: d3578030eadd872b99e65dac24d9ca755f2a2483f8344d9e575ea6034c6cb5ed5bcf7a4aa4f1050ab0080d5a8d0b0efd31c911514f27820b871a636a97dc196c languageName: node linkType: hard -"jest-watcher@npm:^27.5.1": - version: 27.5.1 - resolution: "jest-watcher@npm:27.5.1" +"jest-watcher@npm:^27.4.6": + version: 27.4.6 + resolution: "jest-watcher@npm:27.4.6" dependencies: - "@jest/test-result": ^27.5.1 - "@jest/types": ^27.5.1 + "@jest/test-result": ^27.4.6 + "@jest/types": ^27.4.2 "@types/node": "*" ansi-escapes: ^4.2.1 chalk: ^4.0.0 - jest-util: ^27.5.1 + jest-util: ^27.4.2 string-length: ^4.0.1 - checksum: 191c4e9c278c0902ade1a8a80883ac244963ba3e6e78607a3d5f729ccca9c6e71fb3b316f87883658132641c5d818aa84202585c76752e03c539e6cbecb820bd + checksum: bb9c0a34dcc690cef6430c275e81213620bc4ba6337e42302efa51666ac06781e9f6f50c930332396e4e8cd8cc47de8fb2e8de57da0f7e35a246b0206dde1cd3 languageName: node linkType: hard -"jest-worker@npm:^27.5.1": - version: 27.5.1 - resolution: "jest-worker@npm:27.5.1" +"jest-worker@npm:^27.4.6": + version: 27.4.6 + resolution: "jest-worker@npm:27.4.6" dependencies: "@types/node": "*" merge-stream: ^2.0.0 supports-color: ^8.0.0 - checksum: 98cd68b696781caed61c983a3ee30bf880b5bd021c01d98f47b143d4362b85d0737f8523761e2713d45e18b4f9a2b98af1eaee77afade4111bb65c77d6f7c980 + checksum: 105bcdf5c66700bbfe352bc09476629ca0858cfa819fcc1a37ea76660f0168d586c6e77aee8ea91eded5a20f40f331a0a81e503b5ba19f7b566204406b239466 languageName: node linkType: hard "jest@npm:^27.0.6": - version: 27.5.1 - resolution: "jest@npm:27.5.1" + version: 27.4.7 + resolution: "jest@npm:27.4.7" dependencies: - "@jest/core": ^27.5.1 + "@jest/core": ^27.4.7 import-local: ^3.0.2 - jest-cli: ^27.5.1 + jest-cli: ^27.4.7 peerDependencies: node-notifier: ^8.0.1 || ^9.0.0 || ^10.0.0 peerDependenciesMeta: @@ -6692,20 +6701,20 @@ __metadata: optional: true bin: jest: bin/jest.js - checksum: 96f1d69042b3c6dfc695f2a4e4b0db38af6fb78582ad1a02beaa57cfcd77cbd31567d7d865c1c85709b7c3e176eefa3b2035ffecd646005f15d8ef528eccf205 + checksum: 28ce948b30c074907393f37553acac4422d0f60190776e62b3403e4c742d33dd6012e3a20748254a43e38b5b4ce52d813b13a3a5be1d43d6d12429bd08ce1a23 languageName: node linkType: hard "joi@npm:^17.4.0": - version: 17.6.0 - resolution: "joi@npm:17.6.0" + version: 17.5.0 + resolution: "joi@npm:17.5.0" dependencies: "@hapi/hoek": ^9.0.0 "@hapi/topo": ^5.0.0 "@sideway/address": ^4.1.3 "@sideway/formula": ^3.0.0 "@sideway/pinpoint": ^2.0.0 - checksum: eaf62f6c02f2edb1042f1ab04fc23a5918a2cb8f54bec84c6e1033624d8a462c10ae9518af55a3ba84f1793960450d58094eda308e7ef93c17edd4e3c8ef31d5 + checksum: 6a20d009d2fa8a72dbfd9bc739d240f678b09d3a16c05b4bfb4e2d0503e60f7d7914250f0bfc52fb79a537490739ba36a1ace00a05b8ddecaaacfcedafc5c8b9 languageName: node linkType: hard @@ -6833,12 +6842,14 @@ __metadata: languageName: node linkType: hard -"json5@npm:2.x, json5@npm:^2.2.1": - version: 2.2.1 - resolution: "json5@npm:2.2.1" +"json5@npm:2.x, json5@npm:^2.1.2": + version: 2.2.0 + resolution: "json5@npm:2.2.0" + dependencies: + minimist: ^1.2.5 bin: json5: lib/cli.js - checksum: 74b8a23b102a6f2bf2d224797ae553a75488b5adbaee9c9b6e5ab8b510a2fc6e38f876d4c77dea672d4014a44b2399e15f2051ac2b37b87f74c0c7602003543b + checksum: e88fc5274bb58fc99547baa777886b069d2dd96d9cfc4490b305fd16d711dabd5979e35a4f90873cefbeb552e216b041a304fe56702bedba76e19bc7845f208d languageName: node linkType: hard @@ -6904,9 +6915,9 @@ __metadata: linkType: hard "just-diff@npm:^5.0.1": - version: 5.0.1 - resolution: "just-diff@npm:5.0.1" - checksum: efbdb652987ca109839dba385904ea152cc73ef4c165eebb4be0af261734cf91387e529fcd52aea5ba9567b4ef76c584ee6254ccf0030dc5d0ccdab3b890a085 + version: 5.0.2 + resolution: "just-diff@npm:5.0.2" + checksum: 1c7408432f53ff67ea4ce41adb5579c08a39f990956ddbf2e94f4161f3802a41179d7412538573972433ce9f50e371afdca019964e51cf500577bf1aa732b842 languageName: node linkType: hard @@ -7286,9 +7297,9 @@ __metadata: linkType: hard "lru-cache@npm:^7.4.4, lru-cache@npm:^7.5.1, lru-cache@npm:^7.7.1": - version: 7.8.1 - resolution: "lru-cache@npm:7.8.1" - checksum: 31ea67388c9774300331d70f4affd5a433869bcf0fae5405f967d19d7b447930b713b0566a2e95362c9082034a8b496f3671ccf8f0c061d8e8048412663f9432 + version: 7.9.0 + resolution: "lru-cache@npm:7.9.0" + checksum: c91a293a103d11ea4f07de4122ba4f73d8203d0de51852fb612b1764296aebf623a3e11dddef1b3aefdc8d71af97d52b222dad5459dcb967713bbab9a19fed7d languageName: node linkType: hard @@ -7327,7 +7338,7 @@ __metadata: languageName: node linkType: hard -"make-fetch-happen@npm:^10.0.3, make-fetch-happen@npm:^10.0.6, make-fetch-happen@npm:^10.1.2": +"make-fetch-happen@npm:^10.0.3, make-fetch-happen@npm:^10.0.6": version: 10.1.2 resolution: "make-fetch-happen@npm:10.1.2" dependencies: @@ -7407,11 +7418,11 @@ __metadata: linkType: hard "marked@npm:^4.0.10": - version: 4.0.14 - resolution: "marked@npm:4.0.14" + version: 4.0.12 + resolution: "marked@npm:4.0.12" bin: marked: bin/marked.js - checksum: 778bc2fc94c51ae4fbafe5a08bc1f3917799c4dd39e9fccd972a97df4e5bc5aa78664b7143d12d4b4969608fb90c6a2de3f19811a2f9ccf6b7f207022f2842ba + checksum: 7575117f85a8986652f3ac8b8a7b95056c4c5fce01a1fc76dc4c7960412cb4c9bd9da8133487159b6b3ff84f52b543dfe9a36f826a5f358892b5ec4b6824f192 languageName: node linkType: hard @@ -7518,28 +7529,28 @@ __metadata: linkType: hard "micromatch@npm:^4.0.0, micromatch@npm:^4.0.2, micromatch@npm:^4.0.4": - version: 4.0.5 - resolution: "micromatch@npm:4.0.5" + version: 4.0.4 + resolution: "micromatch@npm:4.0.4" dependencies: - braces: ^3.0.2 - picomatch: ^2.3.1 - checksum: 02a17b671c06e8fefeeb6ef996119c1e597c942e632a21ef589154f23898c9c6a9858526246abb14f8bca6e77734aa9dcf65476fca47cedfb80d9577d52843fc + braces: ^3.0.1 + picomatch: ^2.2.3 + checksum: ef3d1c88e79e0a68b0e94a03137676f3324ac18a908c245a9e5936f838079fcc108ac7170a5fadc265a9c2596963462e402841406bda1a4bb7b68805601d631c languageName: node linkType: hard -"mime-db@npm:1.52.0, mime-db@npm:^1.28.0": - version: 1.52.0 - resolution: "mime-db@npm:1.52.0" - checksum: 0d99a03585f8b39d68182803b12ac601d9c01abfa28ec56204fa330bc9f3d1c5e14beb049bafadb3dbdf646dfb94b87e24d4ec7b31b7279ef906a8ea9b6a513f +"mime-db@npm:1.51.0, mime-db@npm:^1.28.0": + version: 1.51.0 + resolution: "mime-db@npm:1.51.0" + checksum: 613b1ac9d6e725cc24444600b124a7f1ce6c60b1baa654f39a3e260d0995a6dffc5693190217e271af7e2a5612dae19f2a73f3e316707d797a7391165f7ef423 languageName: node linkType: hard "mime-types@npm:^2.1.12": - version: 2.1.35 - resolution: "mime-types@npm:2.1.35" + version: 2.1.34 + resolution: "mime-types@npm:2.1.34" dependencies: - mime-db: 1.52.0 - checksum: 89a5b7f1def9f3af5dad6496c5ed50191ae4331cc5389d7c521c8ad28d5fdad2d06fd81baf38fed813dc4e46bb55c8145bb0ff406330818c9cf712fb2e9b3836 + mime-db: 1.51.0 + checksum: 67013de9e9d6799bde6d669d18785b7e18bcd212e710d3e04a4727f92f67a8ad4e74aee24be28b685adb794944814bde649119b58ee3282ffdbee58f9278d9f3 languageName: node linkType: hard @@ -7580,12 +7591,12 @@ __metadata: languageName: node linkType: hard -"minimatch@npm:^3.0.2, minimatch@npm:^3.0.4, minimatch@npm:^3.1.2": - version: 3.1.2 - resolution: "minimatch@npm:3.1.2" +"minimatch@npm:^3.0.2, minimatch@npm:^3.0.4": + version: 3.0.4 + resolution: "minimatch@npm:3.0.4" dependencies: brace-expansion: ^1.1.7 - checksum: c154e566406683e7bcb746e000b84d74465b3a832c45d59912b9b55cd50dee66e5c4b1e5566dba26154040e51672f9aa450a9aef0c97cfc7336b78b7afb9540a + checksum: 66ac295f8a7b59788000ea3749938b0970344c841750abd96694f80269b926ebcafad3deeb3f1da2522978b119e6ae3a5869b63b13a7859a456b3408bd18a078 languageName: node linkType: hard @@ -7609,10 +7620,10 @@ __metadata: languageName: node linkType: hard -"minimist@npm:^1.1.0, minimist@npm:^1.2.0, minimist@npm:^1.2.3, minimist@npm:^1.2.5, minimist@npm:^1.2.6": - version: 1.2.6 - resolution: "minimist@npm:1.2.6" - checksum: d15428cd1e11eb14e1233bcfb88ae07ed7a147de251441d61158619dfb32c4d7e9061d09cab4825fdee18ecd6fce323228c8c47b5ba7cd20af378ca4048fb3fb +"minimist@npm:^1.1.0, minimist@npm:^1.2.0, minimist@npm:^1.2.3, minimist@npm:^1.2.5": + version: 1.2.5 + resolution: "minimist@npm:1.2.5" + checksum: 86706ce5b36c16bfc35c5fe3dbb01d5acdc9a22f2b6cc810b6680656a1d2c0e44a0159c9a3ba51fb072bb5c203e49e10b51dcd0eec39c481f4c42086719bae52 languageName: node linkType: hard @@ -7718,13 +7729,13 @@ __metadata: linkType: hard "mkdirp@npm:^0.5.1": - version: 0.5.6 - resolution: "mkdirp@npm:0.5.6" + version: 0.5.5 + resolution: "mkdirp@npm:0.5.5" dependencies: - minimist: ^1.2.6 + minimist: ^1.2.5 bin: mkdirp: bin/cmd.js - checksum: 0c91b721bb12c3f9af4b77ebf73604baf350e64d80df91754dc509491ae93bf238581e59c7188360cec7cb62fc4100959245a42cfe01834efedc5e9d068376c2 + checksum: 3bce20ea525f9477befe458ab85284b0b66c8dc3812f94155af07c827175948cdd8114852ac6c6d82009b13c1048c37f6d98743eb019651ee25c39acc8aabe7d languageName: node linkType: hard @@ -7837,17 +7848,12 @@ __metadata: languageName: node linkType: hard -"node-fetch@npm:^2.6.7": - version: 2.6.7 - resolution: "node-fetch@npm:2.6.7" +"node-fetch@npm:^2.6.1": + version: 2.6.6 + resolution: "node-fetch@npm:2.6.6" dependencies: whatwg-url: ^5.0.0 - peerDependencies: - encoding: ^0.1.0 - peerDependenciesMeta: - encoding: - optional: true - checksum: 8d816ffd1ee22cab8301c7756ef04f3437f18dace86a1dae22cf81db8ef29c0bf6655f3215cb0cdb22b420b6fe141e64b26905e7f33f9377a7fa59135ea3e10b + checksum: ee8290626bdb73629c59722b75dcf4b9b6a67c1ed7eb9102e368479c4a13b56a48c2bb3ad71571e378e98c8b2c64c820e11f9cd39e4b8557dd138ad571ef9a42 languageName: node linkType: hard @@ -7878,7 +7884,7 @@ __metadata: languageName: node linkType: hard -"node-jq@npm:2.1.0": +"node-jq@npm:2.1.0, node-jq@npm:^2.1.0": version: 2.1.0 resolution: "node-jq@npm:2.1.0" dependencies: @@ -7895,24 +7901,10 @@ __metadata: languageName: node linkType: hard -"node-jq@npm:^2.1.0": - version: 2.3.3 - resolution: "node-jq@npm:2.3.3" - dependencies: - bin-build: ^3.0.0 - download: ^8.0.0 - is-valid-path: ^0.1.1 - joi: ^17.4.0 - strip-final-newline: ^2.0.0 - tempfile: ^3.0.0 - checksum: df757de694ed0b8991c34974c9785c7d0d0b36e497975613a665afc00a3e63386ec2432a95c25ad02756e9c5d3ba06b50c9fcb45126c4c0310e182097e807540 - languageName: node - linkType: hard - -"node-releases@npm:^2.0.3": - version: 2.0.3 - resolution: "node-releases@npm:2.0.3" - checksum: 5e555fbbebb3343a5d1e5f4e10e1737998bedc57472a35027410d17b2678ed9bc0e5fae008f513798a960eb8687159331b1f46f82a3210d39bd7c40d3c9dcead +"node-releases@npm:^2.0.1": + version: 2.0.1 + resolution: "node-releases@npm:2.0.1" + checksum: b20dd8d4bced11f75060f0387e05e76b9dc4a0451f7bb3516eade6f50499ea7768ba95d8a60d520c193402df1e58cb3fe301510cc1c1ad68949c3d57b5149866 languageName: node linkType: hard @@ -7997,12 +7989,12 @@ __metadata: languageName: node linkType: hard -"npm-audit-report@npm:^3.0.0": - version: 3.0.0 - resolution: "npm-audit-report@npm:3.0.0" +"npm-audit-report@npm:^2.1.5": + version: 2.1.5 + resolution: "npm-audit-report@npm:2.1.5" dependencies: chalk: ^4.0.0 - checksum: 3927972c14e1d9fd21a6ab2d3c2d651e20346ff9a784ea2fcdc2b1e3b3e23994fc0e8961c3c9f4aea857e3a995a556a77f4f0250dbaf6238c481c609ed912a92 + checksum: 9199c4331a29b478b7adbafe1bf463943f65cfd840f62ffe9e6263f0ae64d77725ea102126b3892ef3379a6770a6fe11e1f68ab4cb196c0045db2e1aeafc593d languageName: node linkType: hard @@ -8025,6 +8017,15 @@ __metadata: languageName: node linkType: hard +"npm-install-checks@npm:^4.0.0": + version: 4.0.0 + resolution: "npm-install-checks@npm:4.0.0" + dependencies: + semver: ^7.1.1 + checksum: 8308ff48e61e0863d7f148f62543e1f6c832525a7d8002ea742d5e478efa8b29bf65a87f9fb82786e15232e4b3d0362b126c45afdceed4c051c0d3c227dd0ace + languageName: node + linkType: hard + "npm-install-checks@npm:^5.0.0": version: 5.0.0 resolution: "npm-install-checks@npm:5.0.0" @@ -8041,7 +8042,7 @@ __metadata: languageName: node linkType: hard -"npm-package-arg@npm:^9.0.0, npm-package-arg@npm:^9.0.1, npm-package-arg@npm:^9.0.2": +"npm-package-arg@npm:^9.0.0, npm-package-arg@npm:^9.0.1": version: 9.0.2 resolution: "npm-package-arg@npm:9.0.2" dependencies: @@ -8053,8 +8054,8 @@ __metadata: linkType: hard "npm-packlist@npm:^5.0.0": - version: 5.0.2 - resolution: "npm-packlist@npm:5.0.2" + version: 5.0.3 + resolution: "npm-packlist@npm:5.0.3" dependencies: glob: ^8.0.1 ignore-walk: ^5.0.1 @@ -8062,11 +8063,11 @@ __metadata: npm-normalize-package-bin: ^1.0.1 bin: npm-packlist: bin/index.js - checksum: ff2c295dea161c800c5c2d4254d6b864126333786edec7e56387a9184e966864e8e46a77aa8121db13f210232b6439c7425098ead377fe2fc287ac316c888f4d + checksum: ab8444928518e652e2d4f3de75dd979b695170c9c9c96882c601dfc5f9e47eca6af65a6599cd45f5ea4e77ee66254fd4cc91a6f34ec8cd7754af258cb99fbb61 languageName: node linkType: hard -"npm-pick-manifest@npm:^7.0.0, npm-pick-manifest@npm:^7.0.1": +"npm-pick-manifest@npm:^7.0.0": version: 7.0.1 resolution: "npm-pick-manifest@npm:7.0.1" dependencies: @@ -8088,7 +8089,7 @@ __metadata: languageName: node linkType: hard -"npm-registry-fetch@npm:^13.0.0, npm-registry-fetch@npm:^13.0.1, npm-registry-fetch@npm:^13.1.0": +"npm-registry-fetch@npm:^13.0.0, npm-registry-fetch@npm:^13.0.1": version: 13.1.1 resolution: "npm-registry-fetch@npm:13.1.1" dependencies: @@ -8138,20 +8139,21 @@ __metadata: linkType: hard "npm@npm:^8.3.0": - version: 8.7.0 - resolution: "npm@npm:8.7.0" + version: 8.5.5 + resolution: "npm@npm:8.5.5" dependencies: "@isaacs/string-locale-compare": ^1.1.0 - "@npmcli/arborist": ^5.0.4 + "@npmcli/arborist": ^5.0.3 "@npmcli/ci-detect": ^2.0.0 - "@npmcli/config": ^4.1.0 - "@npmcli/fs": ^2.1.0 + "@npmcli/config": ^4.0.1 "@npmcli/map-workspaces": ^2.0.2 - "@npmcli/package-json": ^2.0.0 + "@npmcli/package-json": ^1.0.1 "@npmcli/run-script": ^3.0.1 abbrev: ~1.1.1 + ansicolors: ~0.3.2 + ansistyles: ~0.1.3 archy: ~1.0.0 - cacache: ^16.0.4 + cacache: ^16.0.2 chalk: ^4.1.2 chownr: ^2.0.0 cli-columns: ^4.0.0 @@ -8159,10 +8161,10 @@ __metadata: columnify: ^1.6.0 fastest-levenshtein: ^1.0.12 glob: ^7.2.0 - graceful-fs: ^4.2.10 + graceful-fs: ^4.2.9 hosted-git-info: ^5.0.0 - ini: ^3.0.0 - init-package-json: ^3.0.2 + ini: ^2.0.0 + init-package-json: ^3.0.1 is-cidr: ^4.0.2 json-parse-even-better-errors: ^2.3.1 libnpmaccess: ^6.0.2 @@ -8176,7 +8178,7 @@ __metadata: libnpmsearch: ^5.0.2 libnpmteam: ^4.0.2 libnpmversion: ^3.0.1 - make-fetch-happen: ^10.1.2 + make-fetch-happen: ^10.0.6 minipass: ^3.1.6 minipass-pipeline: ^1.2.4 mkdirp: ^1.0.4 @@ -8184,37 +8186,37 @@ __metadata: ms: ^2.1.2 node-gyp: ^9.0.0 nopt: ^5.0.0 - npm-audit-report: ^3.0.0 - npm-install-checks: ^5.0.0 - npm-package-arg: ^9.0.2 - npm-pick-manifest: ^7.0.1 + npm-audit-report: ^2.1.5 + npm-install-checks: ^4.0.0 + npm-package-arg: ^9.0.1 + npm-pick-manifest: ^7.0.0 npm-profile: ^6.0.2 - npm-registry-fetch: ^13.1.0 + npm-registry-fetch: ^13.0.1 npm-user-validate: ^1.0.1 npmlog: ^6.0.1 opener: ^1.5.2 - pacote: ^13.1.1 - parse-conflict-json: ^2.0.2 - proc-log: ^2.0.1 + pacote: ^13.0.5 + parse-conflict-json: ^2.0.1 + proc-log: ^2.0.0 qrcode-terminal: ^0.12.0 read: ~1.0.7 read-package-json: ^5.0.0 read-package-json-fast: ^2.0.3 readdir-scoped-modules: ^1.1.0 rimraf: ^3.0.2 - semver: ^7.3.6 - ssri: ^9.0.0 + semver: ^7.3.5 + ssri: ^8.0.1 tar: ^6.1.11 text-table: ~0.2.0 tiny-relative-date: ^1.3.0 - treeverse: ^2.0.0 - validate-npm-package-name: ^4.0.0 + treeverse: ^1.0.4 + validate-npm-package-name: ~3.0.0 which: ^2.0.2 write-file-atomic: ^4.0.1 bin: npm: bin/npm-cli.js npx: bin/npx-cli.js - checksum: fd2334914e671986a92c78eadc1cb38d6f7c1b69db8ac9200848c958d0c9b5921194bc1b6ced658a9b2f36fa2c7aa41ad85a7f86a0c83a125abb6d29d8dcf9f1 + checksum: f48fbac8c76a0afa709aaeb3ffeb2d6886b88577f6f7f54e91bc0d6169f6ec90f402bbd6ab7e643347970d95d43860f35b0dc0343664222def47cc6042ccf74a languageName: node linkType: hard @@ -8255,14 +8257,14 @@ __metadata: languageName: node linkType: hard -"object-inspect@npm:^1.12.0, object-inspect@npm:^1.9.0": +"object-inspect@npm:^1.11.0, object-inspect@npm:^1.9.0": version: 1.12.0 resolution: "object-inspect@npm:1.12.0" checksum: 2b36d4001a9c921c6b342e2965734519c9c58c355822243c3207fbf0aac271f8d44d30d2d570d450b2cc6f0f00b72bcdba515c37827d2560e5f22b1899a31cf4 languageName: node linkType: hard -"object-keys@npm:^1.1.1": +"object-keys@npm:^1.0.12, object-keys@npm:^1.1.1": version: 1.1.1 resolution: "object-keys@npm:1.1.1" checksum: b363c5e7644b1e1b04aa507e88dcb8e3a2f52b6ffd0ea801e4c7a62d5aa559affe21c55a07fd4b1fd55fc03a33c610d73426664b20032405d7b92a1414c34d6a @@ -8623,9 +8625,9 @@ __metadata: languageName: node linkType: hard -"pacote@npm:^13.0.3, pacote@npm:^13.0.5, pacote@npm:^13.1.1": - version: 13.1.1 - resolution: "pacote@npm:13.1.1" +"pacote@npm:^13.0.3, pacote@npm:^13.0.5": + version: 13.3.0 + resolution: "pacote@npm:13.3.0" dependencies: "@npmcli/git": ^3.0.0 "@npmcli/installed-package-contents": ^1.0.7 @@ -8650,7 +8652,7 @@ __metadata: tar: ^6.1.11 bin: pacote: lib/bin.js - checksum: e8309d80cef6299f120311fe5f82a493b1deae8f0a1985e102aec859bbffa087fc68f6fe73141f12427e297fd25e3ca9eef67633d477c392e1dc4bb0f8d1d33b + checksum: 49badbafac64e7cd9c87aa14342424ee90946e0ac729faeffb489a94ed6cdab815bd7ffec7673b4863e20e113ee678b8038ace95ee2fc1f58206bc4482ff0bf5 languageName: node linkType: hard @@ -8663,7 +8665,7 @@ __metadata: languageName: node linkType: hard -"parse-conflict-json@npm:^2.0.1, parse-conflict-json@npm:^2.0.2": +"parse-conflict-json@npm:^2.0.1": version: 2.0.2 resolution: "parse-conflict-json@npm:2.0.2" dependencies: @@ -8792,7 +8794,7 @@ __metadata: languageName: node linkType: hard -"picomatch@npm:^2.0.4, picomatch@npm:^2.2.3, picomatch@npm:^2.3.1": +"picomatch@npm:^2.0.4, picomatch@npm:^2.2.3": version: 2.3.1 resolution: "picomatch@npm:2.3.1" checksum: 050c865ce81119c4822c45d3c84f1ced46f93a0126febae20737bd05ca20589c564d6e9226977df859ed5e03dc73f02584a2b0faad36e896936238238b0446cf @@ -8837,9 +8839,9 @@ __metadata: linkType: hard "pirates@npm:^4.0.4": - version: 4.0.5 - resolution: "pirates@npm:4.0.5" - checksum: c9994e61b85260bec6c4fc0307016340d9b0c4f4b6550a957afaaff0c9b1ad58fbbea5cfcf083860a25cb27a375442e2b0edf52e2e1e40e69934e08dcc52d227 + version: 4.0.4 + resolution: "pirates@npm:4.0.4" + checksum: 6b7187d526fd025a2b91e8fd289c78d88c4adc3ea947b9facbe9cb300a896b0ec00f3e77b36a043001695312a8debbf714453495283bd8a4eaad3bc0c38df425 languageName: node linkType: hard @@ -8929,26 +8931,26 @@ __metadata: linkType: hard "prettier@npm:^2.4.1, prettier@npm:^2.5.1": - version: 2.6.2 - resolution: "prettier@npm:2.6.2" + version: 2.5.1 + resolution: "prettier@npm:2.5.1" bin: prettier: bin-prettier.js - checksum: 48d08dde8e9fb1f5bccdd205baa7f192e9fc8bc98f86e1b97d919de804e28c806b0e6cc685e4a88211aa7987fa9668f30baae19580d87ced3ed0f2ec6572106f + checksum: 21b9408476ea1c544b0e45d51ceb94a84789ff92095abb710942d780c862d0daebdb29972d47f6b4d0f7ebbfb0ffbf56cc2cfa3e3e9d1cca54864af185b15b66 languageName: node linkType: hard -"pretty-format@npm:^27.0.0, pretty-format@npm:^27.5.1": - version: 27.5.1 - resolution: "pretty-format@npm:27.5.1" +"pretty-format@npm:^27.0.0, pretty-format@npm:^27.4.6": + version: 27.4.6 + resolution: "pretty-format@npm:27.4.6" dependencies: ansi-regex: ^5.0.1 ansi-styles: ^5.0.0 react-is: ^17.0.1 - checksum: cf610cffcb793885d16f184a62162f2dd0df31642d9a18edf4ca298e909a8fe80bdbf556d5c9573992c102ce8bf948691da91bf9739bee0ffb6e79c8a8a6e088 + checksum: 5eda32e4e47ddd1a9e8fe9ebef519b217ba403eb8bcb804ba551dfb37f87e674472013fcf78480ab535844fdddcc706fac94511eba349bfb94a138a02d1a7a59 languageName: node linkType: hard -"proc-log@npm:^2.0.0, proc-log@npm:^2.0.1": +"proc-log@npm:^2.0.0": version: 2.0.1 resolution: "proc-log@npm:2.0.1" checksum: f6f23564ff759097db37443e6e2765af84979a703d2c52c1b9df506ee9f87caa101ba49d8fdc115c1a313ec78e37e8134704e9069e6a870f3499d98bb24c436f @@ -9448,29 +9450,29 @@ __metadata: languageName: node linkType: hard -"resolve@npm:^1.1.6, resolve@npm:^1.1.7, resolve@npm:^1.10.0, resolve@npm:^1.20.0, resolve@npm:^1.22.0": - version: 1.22.0 - resolution: "resolve@npm:1.22.0" +"resolve@npm:^1.1.6, resolve@npm:^1.1.7, resolve@npm:^1.10.0, resolve@npm:^1.20.0": + version: 1.21.0 + resolution: "resolve@npm:1.21.0" dependencies: - is-core-module: ^2.8.1 + is-core-module: ^2.8.0 path-parse: ^1.0.7 supports-preserve-symlinks-flag: ^1.0.0 bin: resolve: bin/resolve - checksum: a2d14cc437b3a23996f8c7367eee5c7cf8149c586b07ca2ae00e96581ce59455555a1190be9aa92154785cf9f2042646c200d0e00e0bbd2b8a995a93a0ed3e4e + checksum: d7d9092a5c04a048bea16c7e5a2eb605ac3e8363a0cc5644de1fde17d5028e8d5f4343aab1d99bd327b98e91a66ea83e242718150c64dfedcb96e5e7aad6c4f5 languageName: node linkType: hard -"resolve@patch:resolve@^1.1.6#~builtin, resolve@patch:resolve@^1.1.7#~builtin, resolve@patch:resolve@^1.10.0#~builtin, resolve@patch:resolve@^1.20.0#~builtin, resolve@patch:resolve@^1.22.0#~builtin": - version: 1.22.0 - resolution: "resolve@patch:resolve@npm%3A1.22.0#~builtin::version=1.22.0&hash=07638b" +"resolve@patch:resolve@^1.1.6#~builtin, resolve@patch:resolve@^1.1.7#~builtin, resolve@patch:resolve@^1.10.0#~builtin, resolve@patch:resolve@^1.20.0#~builtin": + version: 1.21.0 + resolution: "resolve@patch:resolve@npm%3A1.21.0#~builtin::version=1.21.0&hash=07638b" dependencies: - is-core-module: ^2.8.1 + is-core-module: ^2.8.0 path-parse: ^1.0.7 supports-preserve-symlinks-flag: ^1.0.0 bin: resolve: bin/resolve - checksum: c79ecaea36c872ee4a79e3db0d3d4160b593f2ca16e031d8283735acd01715a203607e9ded3f91f68899c2937fa0d49390cddbe0fb2852629212f3cda283f4a7 + checksum: a0a4d1f7409e73190f31f901f8a619960bb3bd4ae38ba3a54c7ea7e1c87758d28a73256bb8d6a35996a903d1bf14f53883f0dcac6c571c063cb8162d813ad26e languageName: node linkType: hard @@ -9548,16 +9550,16 @@ __metadata: languageName: node linkType: hard -"rxjs@npm:^7.5.5": - version: 7.5.5 - resolution: "rxjs@npm:7.5.5" +"rxjs@npm:^7.2.0": + version: 7.5.1 + resolution: "rxjs@npm:7.5.1" dependencies: tslib: ^2.1.0 - checksum: e034f60805210cce756dd2f49664a8108780b117cf5d0e2281506e9e6387f7b4f1532d974a8c8b09314fa7a16dd2f6cff3462072a5789672b5dcb45c4173f3c6 + checksum: 78e3eecb1644dd83adabc8d956f879dca62eb19c8afcd6acac71cf6d94534c33ea201e65387494fdeb1332395cba081e194f5a9699d58a5d48e416b8b52372aa languageName: node linkType: hard -"safe-buffer@npm:5.2.1, safe-buffer@npm:^5.0.1, safe-buffer@npm:^5.1.1": +"safe-buffer@npm:5.2.1, safe-buffer@npm:^5.0.1, safe-buffer@npm:^5.1.1, safe-buffer@npm:~5.2.0": version: 5.2.1 resolution: "safe-buffer@npm:5.2.1" checksum: b99c4b41fdd67a6aaf280fcd05e9ffb0813654894223afb78a31f14a19ad220bba8aba1cb14eddce1fcfb037155fe6de4e861784eb434f7d11ed58d1e70dd491 @@ -9749,7 +9751,7 @@ __metadata: languageName: node linkType: hard -"shelljs@npm:^0.8.5": +"shelljs@npm:^0.8.4": version: 0.8.5 resolution: "shelljs@npm:0.8.5" dependencies: @@ -9763,14 +9765,14 @@ __metadata: linkType: hard "shx@npm:^0.3.3": - version: 0.3.4 - resolution: "shx@npm:0.3.4" + version: 0.3.3 + resolution: "shx@npm:0.3.3" dependencies: minimist: ^1.2.3 - shelljs: ^0.8.5 + shelljs: ^0.8.4 bin: shx: lib/cli.js - checksum: 0aa168bfddc11e3fe8943cce2e0d2d8514a560bd58cf2b835b4351ba03f46068f7d88286c2627f4b85604e81952154c43746369fb3f0d60df0e3b511f465e5b8 + checksum: 2e408a79c680cef4d719a56563217031ef20d5c2c18fdfe28933e22d833adabd995ad6fa6be087a141832cb17010facfc0288e90a6743c0276b478759fd393e0 languageName: node linkType: hard @@ -9900,11 +9902,11 @@ __metadata: linkType: hard "sonic-boom@npm:^2.1.0": - version: 2.7.0 - resolution: "sonic-boom@npm:2.7.0" + version: 2.4.2 + resolution: "sonic-boom@npm:2.4.2" dependencies: atomic-sleep: ^1.0.0 - checksum: 00dfa56fe9f3b9989fed08809c48645b1ea33759d81a22319ab87211a64e6834c33909dbfa75aa0ec6f6a7502290342a79ce7ba460d137a58579a2acb8ebe835 + checksum: 2f63eb28f95e742f2d1f022cf0e3e9df427d0d5c2fd4d24185ac983f60dfd2b45a2d8631e7a88e4d2c21a141cd2890af5aa3ed642ad8edb8716f8f3e017131b6 languageName: node linkType: hard @@ -10070,6 +10072,15 @@ __metadata: languageName: node linkType: hard +"ssri@npm:^8.0.1": + version: 8.0.1 + resolution: "ssri@npm:8.0.1" + dependencies: + minipass: ^3.1.1 + checksum: bc447f5af814fa9713aa201ec2522208ae0f4d8f3bda7a1f445a797c7b929a02720436ff7c478fb5edc4045adb02b1b88d2341b436a80798734e2494f1067b36 + languageName: node + linkType: hard + "ssri@npm:^9.0.0": version: 9.0.0 resolution: "ssri@npm:9.0.0" @@ -10172,7 +10183,16 @@ __metadata: languageName: node linkType: hard -"string_decoder@npm:^1.1.1, string_decoder@npm:~1.1.1": +"string_decoder@npm:^1.1.1": + version: 1.3.0 + resolution: "string_decoder@npm:1.3.0" + dependencies: + safe-buffer: ~5.2.0 + checksum: 8417646695a66e73aefc4420eb3b84cc9ffd89572861fe004e6aeb13c7bc00e2f616247505d2dbbef24247c372f70268f594af7126f43548565c68c117bdeb56 + languageName: node + linkType: hard + +"string_decoder@npm:~1.1.1": version: 1.1.1 resolution: "string_decoder@npm:1.1.1" dependencies: @@ -10628,6 +10648,13 @@ __metadata: languageName: node linkType: hard +"treeverse@npm:^1.0.4": + version: 1.0.4 + resolution: "treeverse@npm:1.0.4" + checksum: 712640acd811060ff552a3c761f700d18d22a4da544d31b4e290817ac4bbbfcfe33b58f85e7a5787e6ff7351d3a9100670721a289ca14eb87b36ad8a0c20ebd8 + languageName: node + linkType: hard + "treeverse@npm:^2.0.0": version: 2.0.0 resolution: "treeverse@npm:2.0.0" @@ -10659,8 +10686,8 @@ __metadata: linkType: hard "ts-jest@npm:^27.0.4": - version: 27.1.4 - resolution: "ts-jest@npm:27.1.4" + version: 27.1.2 + resolution: "ts-jest@npm:27.1.2" dependencies: bs-logger: 0.x fast-json-stable-stringify: 2.x @@ -10674,6 +10701,7 @@ __metadata: "@babel/core": ">=7.0.0-beta.0 <8" "@types/jest": ^27.0.0 babel-jest: ">=27.0.0 <28" + esbuild: ~0.14.0 jest: ^27.0.0 typescript: ">=3.8 <5.0" peerDependenciesMeta: @@ -10687,19 +10715,19 @@ __metadata: optional: true bin: ts-jest: cli.js - checksum: d2cc2719ed2884a880ab50d2c14c311834be9c88bc79d0064fa0189afce5c296d7676314d26cc3f7e82ddd52df272c2d4137a832c89616f30cbe8f43e30f9a29 + checksum: 2e7275f8a3545ec1340b37c458ace9244b5903e86861eb108beffff97d433f296c1254f76a41b573b1fe6245110b21bb62150bb88d55159f1dc7a929886535cb languageName: node linkType: hard -"tsconfig-paths@npm:^3.14.1": - version: 3.14.1 - resolution: "tsconfig-paths@npm:3.14.1" +"tsconfig-paths@npm:^3.12.0": + version: 3.12.0 + resolution: "tsconfig-paths@npm:3.12.0" dependencies: "@types/json5": ^0.0.29 json5: ^1.0.1 - minimist: ^1.2.6 + minimist: ^1.2.0 strip-bom: ^3.0.0 - checksum: 8afa01c673ebb4782ba53d3a12df97fa837ce524f8ad38ee4e2b2fd57f5ac79abc21c574e9e9eb014d93efe7fe8214001b96233b5c6ea75bd1ea82afe17a4c6d + checksum: 4999ec6cd1c7cc06750a460dbc0d39fe3595a4308cb5f1d0d0a8283009cf9c0a30d5a156508c28fe3a47760508af5263ab288fc23d71e9762779674257a95d3b languageName: node linkType: hard @@ -10710,14 +10738,7 @@ __metadata: languageName: node linkType: hard -"tslib@npm:^2.1.0, tslib@npm:^2.3.1": - version: 2.4.0 - resolution: "tslib@npm:2.4.0" - checksum: 8c4aa6a3c5a754bf76aefc38026134180c053b7bd2f81338cb5e5ebf96fefa0f417bff221592bf801077f5bf990562f6264fecbc42cd3309b33872cb6fc3b113 - languageName: node - linkType: hard - -"tslib@npm:~2.3.0": +"tslib@npm:^2.1.0, tslib@npm:^2.3.1, tslib@npm:~2.3.0": version: 2.3.1 resolution: "tslib@npm:2.3.1" checksum: de17a98d4614481f7fcb5cd53ffc1aaf8654313be0291e1bfaee4b4bb31a20494b7d218ff2e15017883e8ea9626599b3b0e0229c18383ba9dce89da2adf15cb9 @@ -10819,9 +10840,9 @@ __metadata: linkType: hard "type-fest@npm:^2.0.0": - version: 2.12.2 - resolution: "type-fest@npm:2.12.2" - checksum: ee69676da1f69d2b14bbec28c7b95220a3221ab14093f54bde179c59e185a80470859553eada535ec35d8637a245c2f0efe9d7c99cc46a43f3b4c7ef64db7957 + version: 2.12.1 + resolution: "type-fest@npm:2.12.1" + checksum: faac07668190b7709c16ba4696e42b6cc83b702fa11e8936ce94d9ed1415eb9034b157ae25bba23e222d755e031787f7b92552710704d55e39aadcc27f0ee1da languageName: node linkType: hard @@ -10835,43 +10856,43 @@ __metadata: linkType: hard "typescript@npm:^4.3.5": - version: 4.6.3 - resolution: "typescript@npm:4.6.3" + version: 4.5.4 + resolution: "typescript@npm:4.5.4" bin: tsc: bin/tsc tsserver: bin/tsserver - checksum: 255bb26c8cb846ca689dd1c3a56587af4f69055907aa2c154796ea28ee0dea871535b1c78f85a6212c77f2657843a269c3a742d09d81495b97b914bf7920415b + checksum: 59f3243f9cd6fe3161e6150ff6bf795fc843b4234a655dbd938a310515e0d61afd1ac942799e7415e4334255e41c2c49b7dd5d9fd38a17acd25a6779ca7e0961 languageName: node linkType: hard "typescript@patch:typescript@^4.3.5#~builtin": - version: 4.6.3 - resolution: "typescript@patch:typescript@npm%3A4.6.3#~builtin::version=4.6.3&hash=bda367" + version: 4.5.4 + resolution: "typescript@patch:typescript@npm%3A4.5.4#~builtin::version=4.5.4&hash=bda367" bin: tsc: bin/tsc tsserver: bin/tsserver - checksum: 6bf45caf847062420592e711bc9c28bf5f9a9a7fa8245343b81493e4ededae33f1774009d1234d911422d1646a2c839f44e1a23ecb111b40a60ac2ea4c1482a8 + checksum: eda87927f9cfb94aca9b5e47842daf37347ad3073133e17f556fbb6c18f3493c5b551eedab0f4b26774235ddb7acbe0087250d5285f72ce6819a0891dd5a74ed languageName: node linkType: hard "uglify-js@npm:^3.1.4": - version: 3.15.4 - resolution: "uglify-js@npm:3.15.4" + version: 3.14.5 + resolution: "uglify-js@npm:3.14.5" bin: uglifyjs: bin/uglifyjs - checksum: 5f673c5dd7f3b3dd15d1d26aebfe29bccbb1b896c4b5423ec70a2e8b9506c70b6fb6a53dec83df5ad65a717ec9a850adf08e0aedf9b1711eac5eb080216615fa + checksum: 0330eb11a36f4181b6d9a00336355989bfad9dd2203049fc63a59454b0d12337612272ad011bc571b9a382bf74d829ca20409ebfe089e38edb26cfc06bfa2cc9 languageName: node linkType: hard "unbox-primitive@npm:^1.0.1": - version: 1.0.2 - resolution: "unbox-primitive@npm:1.0.2" + version: 1.0.1 + resolution: "unbox-primitive@npm:1.0.1" dependencies: - call-bind: ^1.0.2 - has-bigints: ^1.0.2 - has-symbols: ^1.0.3 + function-bind: ^1.1.1 + has-bigints: ^1.0.1 + has-symbols: ^1.0.2 which-boxed-primitive: ^1.0.2 - checksum: b7a1cf5862b5e4b5deb091672ffa579aa274f648410009c81cca63fed3b62b610c4f3b773f912ce545bb4e31edc3138975b5bc777fc6e4817dca51affb6380e9 + checksum: 89d950e18fb45672bc6b3c961f1e72c07beb9640c7ceed847b571ba6f7d2af570ae1a2584cfee268b9d9ea1e3293f7e33e0bc29eaeb9f8e8a0bab057ff9e6bba languageName: node linkType: hard @@ -11059,13 +11080,13 @@ __metadata: linkType: hard "v8-to-istanbul@npm:^8.1.0": - version: 8.1.1 - resolution: "v8-to-istanbul@npm:8.1.1" + version: 8.1.0 + resolution: "v8-to-istanbul@npm:8.1.0" dependencies: "@types/istanbul-lib-coverage": ^2.0.1 convert-source-map: ^1.6.0 source-map: ^0.7.3 - checksum: 54ce92bec2727879626f623d02c8d193f0c7e919941fa373ec135189a8382265117f5316ea317a1e12a5f9c13d84d8449052a731fe3306fa4beaafbfa4cab229 + checksum: c7dabf9567e0c210b24d0720e553803cbe1ff81edb1ec7f2080eb4be01ed081a40286cc9f4aaa86d1bf8d57840cefae8fdf326b7cb8faa316ba50c7b948030d4 languageName: node linkType: hard @@ -11088,6 +11109,15 @@ __metadata: languageName: node linkType: hard +"validate-npm-package-name@npm:~3.0.0": + version: 3.0.0 + resolution: "validate-npm-package-name@npm:3.0.0" + dependencies: + builtins: ^1.0.3 + checksum: ce4c68207abfb22c05eedb09ff97adbcedc80304a235a0844f5344f1fd5086aa80e4dbec5684d6094e26e35065277b765c1caef68bcea66b9056761eddb22967 + languageName: node + linkType: hard + "w3c-hr-time@npm:^1.0.2": version: 1.0.2 resolution: "w3c-hr-time@npm:1.0.2" @@ -11288,8 +11318,8 @@ __metadata: linkType: hard "ws@npm:^7.4.6": - version: 7.5.7 - resolution: "ws@npm:7.5.7" + version: 7.5.6 + resolution: "ws@npm:7.5.6" peerDependencies: bufferutil: ^4.0.1 utf-8-validate: ^5.0.2 @@ -11298,7 +11328,7 @@ __metadata: optional: true utf-8-validate: optional: true - checksum: 5c1f669a166fb57560b4e07f201375137fa31d9186afde78b1508926345ce546332f109081574ddc4e38cc474c5406b5fc71c18d71eb75f6e2d2245576976cba + checksum: 0c2ffc9a539dd61dd2b00ff6cc5c98a3371e2521011fe23da4b3578bb7ac26cbdf7ca8a68e8e08023c122ae247013216dde2a20c908de415a6bcc87bdef68c87 languageName: node linkType: hard @@ -11351,7 +11381,14 @@ __metadata: languageName: node linkType: hard -"yargs-parser@npm:20.x, yargs-parser@npm:^20.2.2, yargs-parser@npm:^20.2.3, yargs-parser@npm:^20.2.9": +"yargs-parser@npm:20.x, yargs-parser@npm:^20.2.2, yargs-parser@npm:^20.2.3": + version: 20.2.4 + resolution: "yargs-parser@npm:20.2.4" + checksum: d251998a374b2743a20271c2fd752b9fbef24eb881d53a3b99a7caa5e8227fcafd9abf1f345ac5de46435821be25ec12189a11030c12ee6481fef6863ed8b924 + languageName: node + linkType: hard + +"yargs-parser@npm:^20.2.9": version: 20.2.9 resolution: "yargs-parser@npm:20.2.9" checksum: 8bb69015f2b0ff9e17b2c8e6bfe224ab463dd00ca211eece72a4cd8a906224d2703fb8a326d36fdd0e68701e201b2a60ed7cf81ce0fd9b3799f9fe7745977ae3 From 7b4bb3b793327112ad15af5ddd1876de6d5d8051 Mon Sep 17 00:00:00 2001 From: "mariano.pizarro" Date: Thu, 12 May 2022 09:52:17 -0300 Subject: [PATCH 10/30] feat: Included 16.x rules for aws nist 800-53 rev4 --- README.md | 9 +- src/aws/nist-800-53-rev4/README.md | 10 +- .../rules/aws-nist-800-53-rev4-16.1.ts | 71 +++ .../rules/aws-nist-800-53-rev4-16.2.ts | 71 +++ .../rules/aws-nist-800-53-rev4-16.3.ts | 65 +++ .../rules/aws-nist-800-53-rev4-16.4.ts | 57 +++ .../rules/aws-nist-800-53-rev4-16.5.ts | 74 ++++ .../rules/aws-nist-800-53-rev4-16.6.ts | 81 ++++ src/aws/nist-800-53-rev4/rules/index.ts | 12 + .../tests/nist-800-53-rev4-16.x.test.ts | 406 ++++++++++++++++++ 10 files changed, 850 insertions(+), 6 deletions(-) create mode 100644 src/aws/nist-800-53-rev4/rules/aws-nist-800-53-rev4-16.1.ts create mode 100644 src/aws/nist-800-53-rev4/rules/aws-nist-800-53-rev4-16.2.ts create mode 100644 src/aws/nist-800-53-rev4/rules/aws-nist-800-53-rev4-16.3.ts create mode 100644 src/aws/nist-800-53-rev4/rules/aws-nist-800-53-rev4-16.4.ts create mode 100644 src/aws/nist-800-53-rev4/rules/aws-nist-800-53-rev4-16.5.ts create mode 100644 src/aws/nist-800-53-rev4/rules/aws-nist-800-53-rev4-16.6.ts create mode 100644 src/aws/nist-800-53-rev4/tests/nist-800-53-rev4-16.x.test.ts diff --git a/README.md b/README.md index 3cb36c9e..609de506 100644 --- a/README.md +++ b/README.md @@ -26,7 +26,8 @@ cg scan aws gcp azure | Benchmark | | --------------------------- -| [CIS Amazon Web Services Foundations 1.2.0](https://www.npmjs.com/package/@cloudgraph/policy-pack-aws-cis-1.2.0) | -| [CIS Google Cloud Platform Foundations 1.2.0](https://www.npmjs.com/package/@cloudgraph/policy-pack-gcp-cis-1.2.0) | -| [CIS Microsoft Azure Foundations 1.3.1](https://www.npmjs.com/package/@cloudgraph/policy-pack-azure-cis-1.3.1) | -| [PCI Data Security Standard version 3.2.1](https://www.npmjs.com/package/@cloudgraph/policy-pack-aws-pci-dss-3.2.1) | +| [CIS Amazon Web Services Foundations 1.2.0](https://www.npmjs.com/package/@cloudgraph/policy-pack-aws-cis-1.2.0) | +| [CIS Google Cloud Platform Foundations 1.2.0](https://www.npmjs.com/package/@cloudgraph/policy-pack-gcp-cis-1.2.0) | +| [CIS Microsoft Azure Foundations 1.3.1](https://www.npmjs.com/package/@cloudgraph/policy-pack-azure-cis-1.3.1) | +| [PCI Data Security Standard version 3.2.1](https://www.npmjs.com/package/@cloudgraph/policy-pack-aws-pci-dss-3.2.1) | +| [NIST 800-53 Rev. 4 for Amazon Web Services](https://www.npmjs.com/package/@cloudgraph/policy-pack-aws-nist-800-53-rev4) | diff --git a/src/aws/nist-800-53-rev4/README.md b/src/aws/nist-800-53-rev4/README.md index 0a87aff0..11c2a2aa 100644 --- a/src/aws/nist-800-53-rev4/README.md +++ b/src/aws/nist-800-53-rev4/README.md @@ -163,8 +163,8 @@ Policy Pack based on the [800-53 Rev. 4](https://csrc.nist.gov/publications/deta | AWS NIST 10.6 | IAM password policies should require at least one number | | AWS NIST 10.7 | IAM password policies should require at least one symbol | | AWS NIST 10.8 | IAM password policies should require at least one uppercase character | -| AWS NIS 11.1 | ECS task definitions should limit memory usage for containers | -| AWS NIS 11.2 | ECS task definitions should set CPU limit for containers | +| AWS NIST 11.1 | ECS task definitions should limit memory usage for containers | +| AWS NIST 11.2 | ECS task definitions should set CPU limit for containers | | AWS NIST 13.1 | IAM multi-factor authentication should be enabled for all IAM users that have a console password | | AWS NIST 13.2 | IAM should have hardware MFA enabled for the root account | | AWS NIST 13.3 | IAM should have MFA enabled for the root account | @@ -174,3 +174,9 @@ Policy Pack based on the [800-53 Rev. 4](https://csrc.nist.gov/publications/deta | AWS NIST 15.2 | IAM roles used for trust relationships should have MFA or external IDs | | AWS NIST 15.3 | IAM root user access key should not exist | | AWS NIST 15.4 | IAM root user should not be used | +| AWS NIST 16.1 | API Gateway classic custom domains should use secure TLS protocol versions (1.2 and above) | +| AWS NIST 16.2 | API Gateway v2 custom domains should use secure TLS protocol versions (1.2 and above) | +| AWS NIST 16.3 | CloudFront distribution custom origins should use secure TLS protocol versions (1.2 and above) | +| AWS NIST 16.4 | CloudFront distribution viewer certificate should use secure TLS protocol versions (1.2 and above) | +| AWS NIST 16.5 | ELB HTTPS listeners should use secure TLS protocol versions (1.2 and above) | +| AWS NIST 16.6 | ELBv2 HTTPS listeners should use secure TLS protocol versions (1.2 and above) | diff --git a/src/aws/nist-800-53-rev4/rules/aws-nist-800-53-rev4-16.1.ts b/src/aws/nist-800-53-rev4/rules/aws-nist-800-53-rev4-16.1.ts new file mode 100644 index 00000000..a0a59388 --- /dev/null +++ b/src/aws/nist-800-53-rev4/rules/aws-nist-800-53-rev4-16.1.ts @@ -0,0 +1,71 @@ +export default { + id: 'aws-nist-800-53-rev4-16.1', + title: + 'AWS NIST 16.1 API Gateway classic custom domains should use secure TLS protocol versions (1.2 and above)', + + description: + 'The TLS (Transport Layer Security) protocol secures transmission of data over the internet using standard encryption technology. Encryption should be set with the latest version of TLS where possible. Versions prior to TLS 1.2 are deprecated and usage may pose security risks.', + + audit: '', + + rationale: '', + + remediation: `**AWS Console** + + - Navigate to API Gateway. + - In the left navigation, select Custom Domain Names. + - Select the domain name to update. + - In Domain details, select Edit. + - In Minimum TLS version, select TLS 1.2 (recommended). + - Select Save. + + **AWS CLI** + + To update the API Gateway classic custom domains to use secure TLS protocol versions (1.2 and above): + + > aws apigateway update-domain-name \ + > --domain-name \ + > --patch-operations op='replace',path='/securityPolicy',value='TLS_1_2'`, + + references: [ + 'https://docs.aws.amazon.com/apigateway/latest/developerguide/apigateway-custom-domain-tls-version.html#apigateway-custom-domain-tls-version-how-to', + 'https://docs.aws.amazon.com/apigateway/latest/developerguide/apigateway-custom-domain-tls-version.html', + 'https://docs.aws.amazon.com/cli/latest/reference/apigateway/update-domain-name.html', + 'https://docs.aws.amazon.com/apigateway/api-reference/link-relation/domainname-update/', + ], + gql: `{ + queryawsApiGatewayRestApi { + id + arn + accountId + __typename + domainNames { + configurations { + securityPolicy + } + } + } + }`, + resource: 'queryawsApiGatewayRestApi[*]', + severity: 'medium', + conditions: { + or: [ + { + path: '@.domainNames', + isEmpty: true, + }, + { + not: { + path: '@.domainNames', + array_any: { + path: '[*].configurations', + array_any: { + path: '[*].securityPolicy', + equal: 'TLS_1_0', // The valid values are TLS_1_0 and TLS_1_2 + }, + }, + }, + }, + ], + }, +} diff --git a/src/aws/nist-800-53-rev4/rules/aws-nist-800-53-rev4-16.2.ts b/src/aws/nist-800-53-rev4/rules/aws-nist-800-53-rev4-16.2.ts new file mode 100644 index 00000000..24d686e7 --- /dev/null +++ b/src/aws/nist-800-53-rev4/rules/aws-nist-800-53-rev4-16.2.ts @@ -0,0 +1,71 @@ +export default { + id: 'aws-nist-800-53-rev4-16.2', + title: + 'AWS NIST 16.2 API Gateway v2 custom domains should use secure TLS protocol versions (1.2 and above)', + + description: + 'The TLS (Transport Layer Security) protocol secures transmission of data over the internet using standard encryption technology. Encryption should be set with the latest version of TLS where possible. Versions prior to TLS 1.2 are deprecated and usage may pose security risks.', + + audit: '', + + rationale: '', + + remediation: `**AWS Console** + + - Navigate to API Gateway. + - In the left navigation, select Custom Domain Names. + - Select the domain name to update. + - In Domain details, select Edit. + - In Minimum TLS version, select TLS 1.2 (recommended). + - Select Save. + + **AWS CLI** + + To update the API Gateway v2 custom domains to use secure TLS protocol versions (1.2 and above): + + > aws apigatewayv2 update-domain-name \ + > --domain-name \ + > --domain-name-configurations SecurityPolicy=TLS_1_2`, + + references: [ + 'https://docs.aws.amazon.com/apigateway/latest/developerguide/apigateway-custom-domain-tls-version.html#apigateway-custom-domain-tls-version-how-to', + 'https://docs.aws.amazon.com/apigateway/latest/developerguide/apigateway-custom-domain-tls-version.html', + 'https://docs.aws.amazon.com/cli/latest/reference/apigatewayv2/update-domain-name.html', + 'https://docs.aws.amazon.com/apigatewayv2/latest/api-reference/domainnames-domainname.html#domainnames-domainnamepatch', + ], + gql: `{ + queryawsApiGatewayHttpApi { + id + arn + accountId + __typename + domainNames { + configurations { + securityPolicy + } + } + } + }`, + resource: 'queryawsApiGatewayHttpApi[*]', + severity: 'medium', + conditions: { + or: [ + { + path: '@.domainNames', + isEmpty: true, + }, + { + not: { + path: '@.domainNames', + array_any: { + path: '[*].configurations', + array_any: { + path: '[*].securityPolicy', + equal: 'TLS_1_0', // The valid values are TLS_1_0 and TLS_1_2 + }, + }, + }, + }, + ], + }, +} diff --git a/src/aws/nist-800-53-rev4/rules/aws-nist-800-53-rev4-16.3.ts b/src/aws/nist-800-53-rev4/rules/aws-nist-800-53-rev4-16.3.ts new file mode 100644 index 00000000..261ad4e9 --- /dev/null +++ b/src/aws/nist-800-53-rev4/rules/aws-nist-800-53-rev4-16.3.ts @@ -0,0 +1,65 @@ +export default { + id: 'aws-nist-800-53-rev4-16.3', + title: + 'AWS NIST 16.3 CloudFront distribution custom origins should use secure TLS protocol versions (1.2 and above)', + + description: + 'The TLS (Transport Layer Security) protocol secures transmission of data over the internet using standard encryption technology. Encryption should be set with the latest version of TLS where possible. Versions prior to TLS 1.2 are deprecated and usage may pose security risks.', + + audit: '', + + rationale: '', + + remediation: `**AWS Console** + + - Navigate to AWS CloudFront. + - Select the Distribution. + - Select the Origins and Origin Groups tab. + - Select the checkbox for the Origin and select Edit. + - In the Minimum Origin SSL Protocol, select TLS protocol version TLSv1.2. + - Click Yes, Edit. + + **AWS CLI** + + To update your CloudFront distribution custom origins to use secure TLS protocol versions (1.2 and above): + + > aws cloudfront update-distribution \ + > [--distribution-config ] \ + > --id \ + > [--if-match ] \ + > [--default-root-object ] \ + > [--cli-input-json ] \ + > [--generate-cli-skeleton ]`, + + references: [ + 'https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/distribution-web-values-specify.html#DownloadDistValues-security-policy', + 'https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/using-https-cloudfront-to-custom-origin.html#using-https-cloudfront-to-origin-certificate', + 'https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/distribution-web-values-specify.html', + 'https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/secure-connections-supported-viewer-protocols-ciphers.html', + 'https://docs.aws.amazon.com/cli/latest/reference/cloudfront/update-distribution.html', + ], + gql: `{ + queryawsCloudfront { + id + arn + accountId + __typename + origins { + customOriginConfig { + originSslProtocols { + items + } + } + } + } + }`, + resource: 'queryawsCloudfront[*]', + severity: 'medium', + conditions: { + path: '@.origins', + array_all: { + path: '[*].customOriginConfig.originSslProtocols.items', + contains: 'TLSv1.2', + }, + }, +} diff --git a/src/aws/nist-800-53-rev4/rules/aws-nist-800-53-rev4-16.4.ts b/src/aws/nist-800-53-rev4/rules/aws-nist-800-53-rev4-16.4.ts new file mode 100644 index 00000000..0b94eb60 --- /dev/null +++ b/src/aws/nist-800-53-rev4/rules/aws-nist-800-53-rev4-16.4.ts @@ -0,0 +1,57 @@ +export default { + id: 'aws-nist-800-53-rev4-16.4', + title: + 'AWS NIST 16.4 CloudFront distribution viewer certificate should use secure TLS protocol versions (1.2 and above)', + + description: + 'The TLS (Transport Layer Security) protocol secures transmission of data over the internet using standard encryption technology. Encryption should be set with the latest version of TLS where possible. Versions prior to TLS 1.2 are deprecated and usage may pose security risks.', + + audit: '', + + rationale: '', + + remediation: `**AWS Console** + + - Navigate to AWS CloudFront. + - Select the Distribution. + - On the General tab, click Edit. + - In the Security Policy, select TLS protocol version TLSv1.2_2018 or TLSv1.2_2019 (recommended). + - Click Yes, Edit. + + **AWS CLI** + + To update your CloudFront viewer certificate to use secure TLS protocol versions (1.2 and above): + + > aws cloudfront update-distribution \ + > [--distribution-config ] \ + > --id \ + > [--if-match ] \ + > [--default-root-object ] \ + > [--cli-input-json ] \ + > [--generate-cli-skeleton ]`, + + references: [ + 'https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/distribution-web-values-specify.html#DownloadDistValues-security-policy', + 'https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/secure-connections-supported-viewer-protocols-ciphers.html', + 'https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/distribution-web-values-specify.html#DownloadDistValuesViewerProtocolPolicy', + 'https://docs.aws.amazon.com/cli/latest/reference/cloudfront/update-distribution.html', + 'https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/secure-connections-supported-viewer-protocols-ciphers.html#secure-connections-supported-ciphers', + ], + gql: `{ + queryawsCloudfront { + id + arn + accountId + __typename + viewerCertificate { + minimumProtocolVersion + } + } + }`, + resource: 'queryawsCloudfront[*]', + severity: 'medium', + conditions: { + path: '@.viewerCertificate.minimumProtocolVersion', + in: ['TLSv1.2_2018', 'TLSv1.2_2019', 'TLSv1.2_2021'], + }, +} diff --git a/src/aws/nist-800-53-rev4/rules/aws-nist-800-53-rev4-16.5.ts b/src/aws/nist-800-53-rev4/rules/aws-nist-800-53-rev4-16.5.ts new file mode 100644 index 00000000..e97c2cfb --- /dev/null +++ b/src/aws/nist-800-53-rev4/rules/aws-nist-800-53-rev4-16.5.ts @@ -0,0 +1,74 @@ +export default { + id: 'aws-nist-800-53-rev4-16.5', + title: + 'AWS NIST 16.5 ELB HTTPS listeners should use secure TLS protocol versions (1.2 and above)', + + description: + 'The TLS (Transport Layer Security) protocol secures transmission of data over the internet using standard encryption technology. Encryption should be set with the latest version of TLS where possible. Versions prior to TLS 1.2 are deprecated and usage may pose security risks.', + + audit: '', + + rationale: '', + + remediation: `**AWS Console** + - Navigate to AWS EC2. + - In the left navigation, select Load Balancers. + - Select the load balancer > select Listeners. + - Under SSL Certificate, select Change. + - Select your Certificate type from the following: + - Choose a certificate from ACM. Refer to What Is AWS Certificate Manager? for more information. + - Choose a certificate from IAM. Refer to Managing server certificates in IAM for more information. + - Upload a certificate to IAM. Refer to How can I upload and import an SSL certificate to AWS Identity and Access Management (IAM)? + - Click Save. + + **AWS CLI** + + Select your Certificate type from the following: + **To replace an SSL certificate with a certificate provided by ACM:** + - Use the following request-certificate command to request a new certificate: + > aws acm request-certificate --domain-name www.example.com + - Use the following set-load-balancer-listener-ssl-certificate command to set the certificate: + > aws elb set-load-balancer-listener-ssl-certificate --load-balancer-name my-load-balancer --load-balancer-port 443 --ssl-certificate-id arn:aws:acm:region:123456789012:certificate/12345678-1234-1234-1234-123456789012 + **To replace an SSL certificate with a certificate uploaded to IAM:** + - If you have an SSL certificate but have not uploaded it, refer to Uploading a server certificate in the IAM User Guide. + - Use the following get-server-certificate command to get the ARN of the certificate: + > aws iam get-server-certificate --server-certificate-name my-new-certificate + - Use the following set-load-balancer-listener-ssl-certificate command to set the certificate: + > aws elb set-load-balancer-listener-ssl-certificate --load-balancer-name my-load-balancer --load-balancer-port 443 --ssl-certificate-id arn:aws:iam::123456789012:server-certificate/my-new-certificate`, + + references: [ + 'https://docs.aws.amazon.com/elasticloadbalancing/latest/classic/elb-update-ssl-cert.html#us-update-lb-SSLcert-console', + 'https://docs.aws.amazon.com/elasticloadbalancing/latest/classic/elb-update-ssl-cert.html#us-update-lb-SSLcert-cli', + ], + gql: `{ + queryawsElb { + id + arn + accountId + __typename + listeners { + loadBalancerProtocol + sslCertificateId + } + } + }`, + resource: 'queryawsElb[*]', + severity: 'medium', + conditions: { + not: { + path: '@.listeners', + array_any: { + and: [ + { + path: '[*].loadBalancerProtocol', + equal: 'HTTPS', + }, + { + path: '[*].sslCertificateId', + in: [null, ''], + }, + ], + }, + }, + }, +} diff --git a/src/aws/nist-800-53-rev4/rules/aws-nist-800-53-rev4-16.6.ts b/src/aws/nist-800-53-rev4/rules/aws-nist-800-53-rev4-16.6.ts new file mode 100644 index 00000000..5fc5b437 --- /dev/null +++ b/src/aws/nist-800-53-rev4/rules/aws-nist-800-53-rev4-16.6.ts @@ -0,0 +1,81 @@ +export default { + id: 'aws-nist-800-53-rev4-16.6', + title: + 'AWS NIST 16.6 ELBv2 HTTPS listeners should use secure TLS protocol versions (1.2 and above)', + + description: + 'The TLS (Transport Layer Security) protocol secures transmission of data over the internet using standard encryption technology. Encryption should be set with the latest version of TLS where possible. Versions prior to TLS 1.2 are deprecated and usage may pose security risks.', + + audit: '', + + rationale: '', + + remediation: `**AWS Console** + + - Navigate to AWS EC2. + - In the left navigation, select Load Balancers. + - Select the load balancer > select Listeners. + - Select the checkbox for the HTTPS listener and select Edit. + - For Security policy, choose a security policy. See Security Policies for more information. + - Click Update. + + **AWS CLI** + + - To update ELBv2 HTTPS listeners to use secure TLS protocol versions (1.2 and above): + > aws elbv2 modify-listener \ + > --listener-arn \ + > --protocol (string) \ + > --ssl-policy (string) \ + > --certificates (list)`, + + references: [ + 'https://docs.aws.amazon.com/elasticloadbalancing/latest/application/listener-update-certificates.html#update-security-policy', + 'https://docs.aws.amazon.com/elasticloadbalancing/latest/application/create-https-listener.html#describe-ssl-policies', + 'https://docs.aws.amazon.com/cli/latest/reference/elbv2/modify-listener.html', + ], + gql: `{ + queryawsAlb { + id + arn + accountId + __typename + listeners { + settings { + protocol + sslPolicy + } + } + } + }`, + resource: 'queryawsAlb[*]', + severity: 'medium', + conditions: { + not: { + path: '@.listeners', + array_any: { + and: [ + { + path: '[*].settings.protocol', + match: /^HTTPS.*$/, + }, + { + path: '[*].settings.sslPolicy', + notIn: [ + 'ELBSecurityPolicy-2016-08', + 'ELBSecurityPolicy-TLS-1-0-2015-04', + 'ELBSecurityPolicy-TLS-1-1-2017-01', + 'ELBSecurityPolicy-TLS-1-2-2017-01', + 'ELBSecurityPolicy-TLS-1-2-Ext-2018-06', + 'ELBSecurityPolicy-FS-2018-06', + 'ELBSecurityPolicy-FS-1-1-2019-08', + 'ELBSecurityPolicy-FS-1-2-2019-08', + 'ELBSecurityPolicy-FS-1-2-Res-2019-08', + 'ELBSecurityPolicy-2015-05', + 'ELBSecurityPolicy-FS-1-2-Res-2020-10', + ], + }, + ], + }, + }, + }, +} diff --git a/src/aws/nist-800-53-rev4/rules/index.ts b/src/aws/nist-800-53-rev4/rules/index.ts index 72e8db32..88f14d6e 100644 --- a/src/aws/nist-800-53-rev4/rules/index.ts +++ b/src/aws/nist-800-53-rev4/rules/index.ts @@ -114,6 +114,12 @@ import Aws_NIST_800_53_151 from './aws-nist-800-53-rev4-15.1' import Aws_NIST_800_53_152 from './aws-nist-800-53-rev4-15.2' import Aws_NIST_800_53_153 from './aws-nist-800-53-rev4-15.3' import Aws_NIST_800_53_154 from './aws-nist-800-53-rev4-15.4' +import Aws_NIST_800_53_161 from './aws-nist-800-53-rev4-16.1' +import Aws_NIST_800_53_162 from './aws-nist-800-53-rev4-16.2' +import Aws_NIST_800_53_163 from './aws-nist-800-53-rev4-16.3' +import Aws_NIST_800_53_164 from './aws-nist-800-53-rev4-16.4' +import Aws_NIST_800_53_165 from './aws-nist-800-53-rev4-16.5' +import Aws_NIST_800_53_166 from './aws-nist-800-53-rev4-16.6' export default [ Aws_NIST_800_53_11, @@ -232,4 +238,10 @@ export default [ Aws_NIST_800_53_152, Aws_NIST_800_53_153, Aws_NIST_800_53_154, + Aws_NIST_800_53_161, + Aws_NIST_800_53_162, + Aws_NIST_800_53_163, + Aws_NIST_800_53_164, + Aws_NIST_800_53_165, + Aws_NIST_800_53_166, ] diff --git a/src/aws/nist-800-53-rev4/tests/nist-800-53-rev4-16.x.test.ts b/src/aws/nist-800-53-rev4/tests/nist-800-53-rev4-16.x.test.ts new file mode 100644 index 00000000..649f6e9c --- /dev/null +++ b/src/aws/nist-800-53-rev4/tests/nist-800-53-rev4-16.x.test.ts @@ -0,0 +1,406 @@ +import CloudGraph, { Rule, Result, Engine } from '@cloudgraph/sdk' +import cuid from 'cuid' + +import Aws_NIST_800_53_161 from '../rules/aws-nist-800-53-rev4-16.1' +import Aws_NIST_800_53_162 from '../rules/aws-nist-800-53-rev4-16.2' +import Aws_NIST_800_53_163 from '../rules/aws-nist-800-53-rev4-16.3' +import Aws_NIST_800_53_164 from '../rules/aws-nist-800-53-rev4-16.4' +import Aws_NIST_800_53_165 from '../rules/aws-nist-800-53-rev4-16.5' +import Aws_NIST_800_53_166 from '../rules/aws-nist-800-53-rev4-16.6' + +export interface ViewerCertificate { + minimumProtocolVersion: string +} + +export interface OriginSslProtocols { + items: string[] +} + +export interface CustomOriginConfig { + originSslProtocols: OriginSslProtocols +} +export interface Origin { + customOriginConfig: CustomOriginConfig +} + +export interface QueryawsCloudfront { + id: string + origins?: Origin[] + viewerCertificate?: ViewerCertificate +} + +export interface Configuration { + securityPolicy: string +} + +export interface DomainName { + configurations: Configuration[] +} + +export interface QueryawsApiGatewayRestApi { + id: string + domainNames: DomainName[] +} + +export interface QueryawsApiGatewayHttpApi { + id: string + domainNames: DomainName[] +} + +export interface Settings { + protocol: string + sslPolicy: string +} +export interface Listener { + settings?: Settings + loadBalancerProtocol?: string + sslCertificateId?: string | null +} + +export interface QueryawsAlb { + id: string + listeners: Listener[] +} + +export interface QueryawsElb { + id: string + listeners: Listener[] +} +export interface NIST16xQueryResponse { + queryawsCloudfront?: QueryawsCloudfront[] + queryawsApiGatewayRestApi?: QueryawsApiGatewayRestApi[] + queryawsApiGatewayHttpApi?: QueryawsApiGatewayHttpApi[] + queryawsElb?: QueryawsElb[] + queryawsAlb?: QueryawsAlb[] +} + +describe('AWS NIST 800-53: Rev. 4', () => { + let rulesEngine: Engine + beforeAll(() => { + rulesEngine = new CloudGraph.RulesEngine({ + providerName: 'aws', + entityName: 'NIST', + }) + }) + + describe('AWS NIST 16.1 API Gateway classic custom domains should use secure TLS protocol versions (1.2 and above)', () => { + const getTestRuleFixture = ( + securityPolicy: string + ): NIST16xQueryResponse => { + return { + queryawsApiGatewayRestApi: [ + { + id: cuid(), + domainNames: [ + { + configurations: [ + { + securityPolicy, + }, + ], + }, + ], + }, + ], + } + } + + // Act + const testRule = async ( + data: NIST16xQueryResponse, + expectedResult: Result + ): Promise => { + // Act + const [processedRule] = await rulesEngine.processRule( + Aws_NIST_800_53_161 as Rule, + { ...data } + ) + + // Asserts + expect(processedRule.result).toBe(expectedResult) + } + + test('No Security Issue when API Gateway classic custom domains use secure TLS protocol versions 1.2 and above', async () => { + const data: NIST16xQueryResponse = getTestRuleFixture('TLS_1_2') + await testRule(data, Result.PASS) + }) + + test('No Security Issue when API Gateway classic custom domains is not set', async () => { + const data: NIST16xQueryResponse = getTestRuleFixture('') + const restApi = data + .queryawsApiGatewayRestApi?.[0] as QueryawsApiGatewayRestApi + restApi.domainNames = [] + await testRule(data, Result.PASS) + }) + + test('Security Issue when API Gateway classic custom domains use secure TLS protocol versions older than 1.2', async () => { + const data: NIST16xQueryResponse = getTestRuleFixture('TLS_1_0') + await testRule(data, Result.FAIL) + }) + }) + + describe('AWS NIST 16.2 API Gateway v2 custom domains should use secure TLS protocol versions (1.2 and above)', () => { + const getTestRuleFixture = ( + securityPolicy: string + ): NIST16xQueryResponse => { + return { + queryawsApiGatewayHttpApi: [ + { + id: cuid(), + domainNames: [ + { + configurations: [ + { + securityPolicy, + }, + ], + }, + ], + }, + ], + } + } + + // Act + const testRule = async ( + data: NIST16xQueryResponse, + expectedResult: Result + ): Promise => { + // Act + const [processedRule] = await rulesEngine.processRule( + Aws_NIST_800_53_162 as Rule, + { ...data } + ) + + // Asserts + expect(processedRule.result).toBe(expectedResult) + } + + test('No Security Issue when API Gateway v2 custom domains use secure TLS protocol versions 1.2 and above', async () => { + const data: NIST16xQueryResponse = getTestRuleFixture('TLS_1_2') + await testRule(data, Result.PASS) + }) + + test('No Security Issue when API Gateway v2 custom domains is not set', async () => { + const data: NIST16xQueryResponse = getTestRuleFixture('') + const httpApi = data + .queryawsApiGatewayHttpApi?.[0] as QueryawsApiGatewayHttpApi + httpApi.domainNames = [] + await testRule(data, Result.PASS) + }) + + test('Security Issue when API Gateway v2 custom domains use secure TLS protocol versions older than 1.2', async () => { + const data: NIST16xQueryResponse = getTestRuleFixture('TLS_1_0') + await testRule(data, Result.FAIL) + }) + }) + + describe('AWS NIST 16.3 CloudFront distribution custom origins should use secure TLS protocol versions (1.2 and above)', () => { + const getTestRuleFixture = (items: string[]): NIST16xQueryResponse => { + return { + queryawsCloudfront: [ + { + id: cuid(), + origins: [ + { + customOriginConfig: { + originSslProtocols: { + items, + }, + }, + }, + ], + }, + ], + } + } + + // Act + const testRule = async ( + data: NIST16xQueryResponse, + expectedResult: Result + ): Promise => { + // Act + const [processedRule] = await rulesEngine.processRule( + Aws_NIST_800_53_163 as Rule, + { ...data } + ) + + // Asserts + expect(processedRule.result).toBe(expectedResult) + } + + test('No Security Issue when CloudFront distribution custom origins use secure TLS protocol versions 1.2 and above', async () => { + const data: NIST16xQueryResponse = getTestRuleFixture(['TLSv1.2']) + await testRule(data, Result.PASS) + }) + + test('Security Issue when CloudFront distribution custom origins use secure TLS protocol versions older than 1.2', async () => { + const data: NIST16xQueryResponse = getTestRuleFixture(['TLSv1.1']) + await testRule(data, Result.FAIL) + }) + }) + + describe('AWS NIST 16.4 CloudFront distribution viewer certificate should use secure TLS protocol versions (1.2 and above)', () => { + const getTestRuleFixture = ( + minimumProtocolVersion: string + ): NIST16xQueryResponse => { + return { + queryawsCloudfront: [ + { + id: cuid(), + viewerCertificate: { + minimumProtocolVersion, + }, + }, + ], + } + } + + // Act + const testRule = async ( + data: NIST16xQueryResponse, + expectedResult: Result + ): Promise => { + // Act + const [processedRule] = await rulesEngine.processRule( + Aws_NIST_800_53_164 as Rule, + { ...data } + ) + + // Asserts + expect(processedRule.result).toBe(expectedResult) + } + + test('No Security Issue when CloudFront distribution viewer certificate use secure TLS protocol versions TLSv1.2_2021 and above', async () => { + const data: NIST16xQueryResponse = getTestRuleFixture('TLSv1.2_2021') + await testRule(data, Result.PASS) + }) + + test('No Security Issue when CloudFront distribution viewer certificate use secure TLS protocol versions TLSv1.2_2021 and above', async () => { + const data: NIST16xQueryResponse = getTestRuleFixture('TLSv1.2_2019') + await testRule(data, Result.PASS) + }) + + test('Security Issue when CloudFront distribution viewer certificate use secure TLS protocol versions older than 1.2', async () => { + const data: NIST16xQueryResponse = getTestRuleFixture('TLSv1.1_2016') + await testRule(data, Result.FAIL) + }) + }) + + describe('AWS NIST 16.5 ELB HTTPS listeners should use secure TLS protocol versions (1.2 and above)', () => { + const getTestRuleFixture = ( + loadBalancerProtocol: string, + sslCertificateId: string | null + ): NIST16xQueryResponse => { + return { + queryawsElb: [ + { + id: cuid(), + listeners: [ + { + loadBalancerProtocol, + sslCertificateId, + }, + ], + }, + ], + } + } + + // Act + const testRule = async ( + data: NIST16xQueryResponse, + expectedResult: Result + ): Promise => { + // Act + const [processedRule] = await rulesEngine.processRule( + Aws_NIST_800_53_165 as Rule, + { ...data } + ) + + // Asserts + expect(processedRule.result).toBe(expectedResult) + } + + test('No Security Issue when ELB HTTPS listeners have an SSL certificate configured', async () => { + const data: NIST16xQueryResponse = getTestRuleFixture( + 'HTTPS', + 'arn:aws:acm:us-east-1:632941798677:certificate/add09e29-e7ea-4b4b-a8ca-706fb1e97d29' + ) + await testRule(data, Result.PASS) + }) + + test('No Security Issue when for ELB HTTP listeners', async () => { + const data: NIST16xQueryResponse = getTestRuleFixture('HTTP', null) + await testRule(data, Result.PASS) + }) + + test('Security Issue when ELB HTTPS listeners not have a SSL certificate configured', async () => { + const data: NIST16xQueryResponse = getTestRuleFixture('HTTPS', null) + await testRule(data, Result.FAIL) + }) + }) + + describe('AWS NIST 16.6 ELBv2 HTTPS listeners should use secure TLS protocol versions (1.2 and above)', () => { + const getTestRuleFixture = ( + protocol: string, + sslPolicy: string + ): NIST16xQueryResponse => { + return { + queryawsAlb: [ + { + id: cuid(), + listeners: [ + { + settings: { + protocol, + sslPolicy, + }, + }, + ], + }, + ], + } + } + + // Act + const testRule = async ( + data: NIST16xQueryResponse, + expectedResult: Result + ): Promise => { + // Act + const [processedRule] = await rulesEngine.processRule( + Aws_NIST_800_53_166 as Rule, + { ...data } + ) + + // Asserts + expect(processedRule.result).toBe(expectedResult) + } + + test('No Security Issue when ELBv2 HTTPS listeners use secure TLS protocol versions 1.2 and above', async () => { + const data: NIST16xQueryResponse = getTestRuleFixture( + 'HTTPS:443 arn:aws:elasticloadbalancing:us-east-1:632941798677:listener/app/autocloud-sandbox-ecs-alb/6abb1980e6ded2ce/e720d4895ea6678d', + 'ELBSecurityPolicy-2016-08' + ) + await testRule(data, Result.PASS) + }) + + test('No Security Issue when ELBv2 HTTP listeners use secure TLS protocol versions 1.2 and above', async () => { + const data: NIST16xQueryResponse = getTestRuleFixture( + 'HTTP:80 arn:aws:elasticloadbalancing:us-east-1:632941798677:listener/app/autocloud-sandbox-ecs-alb/6abb1980e6ded2ce/e720d4895ea6678d', + 'ELBSecurityPolicy-2016-08' + ) + await testRule(data, Result.PASS) + }) + + test('Security Issue when ELBv2 HTTPS listeners use a secure TLS protocol versions older than 1.2', async () => { + const data: NIST16xQueryResponse = getTestRuleFixture( + 'HTTPS:443 arn:aws:elasticloadbalancing:us-east-1:632941798677:listener/app/autocloud-sandbox-ecs-alb/6abb1980e6ded2ce/e720d4895ea6678d', + 'ELBSecurityPolicy-2010-08' + ) + await testRule(data, Result.FAIL) + }) + }) +}) From 990f8df2aecac94e4ca705d5f020415cd6687684 Mon Sep 17 00:00:00 2001 From: Christopher Koning Date: Thu, 12 May 2022 11:10:16 -0700 Subject: [PATCH 11/30] chore: update releaserc files for new AWS CIS packages --- src/aws/cis-1.3.0/.releaserc.yml | 32 +++++++++++++++++--------------- src/aws/cis-1.4.0/.releaserc.yml | 32 +++++++++++++++++--------------- 2 files changed, 34 insertions(+), 30 deletions(-) diff --git a/src/aws/cis-1.3.0/.releaserc.yml b/src/aws/cis-1.3.0/.releaserc.yml index 70788a7a..cba7db8c 100644 --- a/src/aws/cis-1.3.0/.releaserc.yml +++ b/src/aws/cis-1.3.0/.releaserc.yml @@ -1,10 +1,13 @@ --- branches: - - name: main - - name: beta - prerelease: true - name: alpha + channel: alpha prerelease: true + - name: beta + channel: beta + prerelease: true + - name: main + plugins: - "@semantic-release/commit-analyzer" - "@semantic-release/release-notes-generator" @@ -12,24 +15,23 @@ plugins: - changelogFile: CHANGELOG.md - - "@semantic-release/git" - assets: - - CHANGELOG.md - - package.json - - - "@semantic-release/npm" - - npmPublish: false - - "@semantic-release/gitlab" + - CHANGELOG.md + - package.json + - - "@semrel-extra/npm" + - npmPublish: true + - "@semantic-release/github" verifyConditions: - "@semantic-release/changelog" - - "@semantic-release/gitlab" + - "@semantic-release/github" + - "@semrel-extra/npm" prepare: - "@semantic-release/changelog" - - "@semantic-release/npm" + - "@semrel-extra/npm" - - "@semantic-release/git" - - message: "chore(publish): ${nextRelease.version} \n\n${nextRelease.notes}" + - message: "chore(release): ${nextRelease.version} \n\n${nextRelease.notes}" publish: - - "@semantic-release/gitlab" -release: - noCi: true + - "@semantic-release/github" + - "@semrel-extra/npm" success: false fail: false -repositoryUrl: https://gitlab.com/auto-cloud/cloudgraph/policy-packs.git tagFormat: "${version}" diff --git a/src/aws/cis-1.4.0/.releaserc.yml b/src/aws/cis-1.4.0/.releaserc.yml index 70788a7a..cba7db8c 100644 --- a/src/aws/cis-1.4.0/.releaserc.yml +++ b/src/aws/cis-1.4.0/.releaserc.yml @@ -1,10 +1,13 @@ --- branches: - - name: main - - name: beta - prerelease: true - name: alpha + channel: alpha prerelease: true + - name: beta + channel: beta + prerelease: true + - name: main + plugins: - "@semantic-release/commit-analyzer" - "@semantic-release/release-notes-generator" @@ -12,24 +15,23 @@ plugins: - changelogFile: CHANGELOG.md - - "@semantic-release/git" - assets: - - CHANGELOG.md - - package.json - - - "@semantic-release/npm" - - npmPublish: false - - "@semantic-release/gitlab" + - CHANGELOG.md + - package.json + - - "@semrel-extra/npm" + - npmPublish: true + - "@semantic-release/github" verifyConditions: - "@semantic-release/changelog" - - "@semantic-release/gitlab" + - "@semantic-release/github" + - "@semrel-extra/npm" prepare: - "@semantic-release/changelog" - - "@semantic-release/npm" + - "@semrel-extra/npm" - - "@semantic-release/git" - - message: "chore(publish): ${nextRelease.version} \n\n${nextRelease.notes}" + - message: "chore(release): ${nextRelease.version} \n\n${nextRelease.notes}" publish: - - "@semantic-release/gitlab" -release: - noCi: true + - "@semantic-release/github" + - "@semrel-extra/npm" success: false fail: false -repositoryUrl: https://gitlab.com/auto-cloud/cloudgraph/policy-packs.git tagFormat: "${version}" From 5cc5c022f1d05f7b90d01d16ca2d2a14b95c30af Mon Sep 17 00:00:00 2001 From: Christopher Koning Date: Thu, 12 May 2022 11:10:45 -0700 Subject: [PATCH 12/30] fix: fix linting error for AWS CIS 1.4.0 1.1 control --- src/aws/cis-1.4.0/rules/aws-cis-1.4.0-1.1.ts | 22 ++++++++++---------- 1 file changed, 11 insertions(+), 11 deletions(-) diff --git a/src/aws/cis-1.4.0/rules/aws-cis-1.4.0-1.1.ts b/src/aws/cis-1.4.0/rules/aws-cis-1.4.0-1.1.ts index 3ffa67b5..fa86b663 100644 --- a/src/aws/cis-1.4.0/rules/aws-cis-1.4.0-1.1.ts +++ b/src/aws/cis-1.4.0/rules/aws-cis-1.4.0-1.1.ts @@ -1,22 +1,22 @@ export default { - id: 'aws-cis-1.4.0-1.', + id: 'aws-cis-1.4.0-1.', title: 'AWS CIS 1.1 Maintain current contact details', - + description: `Ensure contact email and telephone details for AWS accounts are current and map to more than one individual in your organization. - + An AWS account supports a number of contact details, and AWS will use these to contact the account owner if activity judged to be in breach of Acceptable Use Policy or indicative of likely security compromise is observed by the AWS Abuse team. Contact details should not be for a single individual, as circumstances may arise where that individual is unavailable. Email contact details should point to a mail alias which forwards email to multiple individuals within the organization; where feasible, phone contact details should point to a PABX hunt group or other call-forwarding system.`, - + audit: `This activity can only be performed via the AWS Console, with a user who has permission to read and write Billing information (aws-portal:*Billing ) - + 1. Sign in to the AWS Management Console and open the Billing and Cost Management console at https://console.aws.amazon.com/billing/home#/. 2. On the navigation bar, choose your account name, and then choose My Account. 3. On the Account Settings page, review and verify the current details. 4. Under Contact Information, review and verify the current details.`, - - rationale: 'If an AWS account is observed to be behaving in a prohibited or suspicious manner, AWS will attempt to contact the account owner by email and phone using the contact details listed. If this is unsuccessful and the account behavior needs urgent mitigation, proactive measures may be taken, including throttling of traffic between the account exhibiting suspicious behavior and the AWS API endpoints and the Internet. This will result in impaired service to and from the account in question, so it is in both the customers' and AWS' best interests that prompt contact can be established. This is best achieved by setting AWS account contact details to point to resources which have multiple individuals as recipients, such as email aliases and PABX hunt groups.', - + + rationale: 'If an AWS account is observed to be behaving in a prohibited or suspicious manner, AWS will attempt to contact the account owner by email and phone using the contact details listed. If this is unsuccessful and the account behavior needs urgent mitigation, proactive measures may be taken, including throttling of traffic between the account exhibiting suspicious behavior and the AWS API endpoints and the Internet. This will result in impaired service to and from the account in question, so it is in both the customers\' and AWS\' best interests that prompt contact can be established. This is best achieved by setting AWS account contact details to point to resources which have multiple individuals as recipients, such as email aliases and PABX hunt groups.', + remediation: `This activity can only be performed via the AWS Console, with a user who has permission to read and write Billing information (aws-portal:*Billing ). - + 1. Sign in to the AWS Management Console and open the Billing and Cost Management console at https://console.aws.amazon.com/billing/home#/. 2. On the navigation bar, choose your account name, and then choose My Account. 3. On the Account Settings page, next to Account Settings, choose Edit. @@ -25,8 +25,8 @@ export default { 6. After you have made your changes, choose Done. 7. To edit your contact information, under Contact Information, choose Edit. 8. For the fields that you want to change, type your updated information, and then choose Update.`, - + references: ['https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/manage-account-payment.html#contact-info'], - + severity: 'high', } From 3ce4070f0d3e721f3709bef7bfa73421f1f96fe2 Mon Sep 17 00:00:00 2001 From: Christopher Koning Date: Thu, 12 May 2022 11:10:58 -0700 Subject: [PATCH 13/30] chore: move to node linker for yarn --- .yarnrc.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.yarnrc.yml b/.yarnrc.yml index 69bbd873..d5ccf9d2 100644 --- a/.yarnrc.yml +++ b/.yarnrc.yml @@ -1,3 +1,5 @@ +nodeLinker: node-modules + npmScopes: cloudgraph: npmAlwaysAuth: true From b633346d88dd1f209f66603a886e292084dabfe6 Mon Sep 17 00:00:00 2001 From: Christopher Koning Date: Thu, 12 May 2022 11:11:18 -0700 Subject: [PATCH 14/30] chore: require NPM 8.8+ for workspace support --- package.json | 1 + 1 file changed, 1 insertion(+) diff --git a/package.json b/package.json index 89e60658..27225c82 100644 --- a/package.json +++ b/package.json @@ -18,6 +18,7 @@ "@semantic-release/github": "^8.0.1", "@semantic-release/npm": "^9.0.1", "@semrel-extra/npm": "^1.2.0", + "npm": "^8.8.0", "semantic-release": "^19.0.2" }, "resolutions": { From 4ccb4670d65435e1e963ee2805c36a9ab757c8aa Mon Sep 17 00:00:00 2001 From: Christopher Koning Date: Thu, 12 May 2022 11:11:36 -0700 Subject: [PATCH 15/30] chore: add npmrc for publish authentication --- .npmrc | 2 ++ 1 file changed, 2 insertions(+) create mode 100644 .npmrc diff --git a/.npmrc b/.npmrc new file mode 100644 index 00000000..8938bf04 --- /dev/null +++ b/.npmrc @@ -0,0 +1,2 @@ +//registry.npmjs.org/:_authToken=${NPM_TOKEN} + From ed37b7477014d02ac2e1070b99cb6c88f639f940 Mon Sep 17 00:00:00 2001 From: Christopher Koning Date: Thu, 12 May 2022 11:15:11 -0700 Subject: [PATCH 16/30] chore: update multi semantic release command - update authentication token - disable install scripts --- package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/package.json b/package.json index 27225c82..640c88cb 100644 --- a/package.json +++ b/package.json @@ -32,7 +32,7 @@ "singleQuote": true }, "scripts": { - "release": "NPM_CONFIG_IGNORE_SCRIPTS='true' NODE_JQ_SKIP_INSTALL_BINARY='true' multi-semantic-release", + "release": "NODE_AUTH_TOKEN=$NPM_TOKEN NPM_CONFIG_IGNORE_SCRIPTS='true' NODE_JQ_SKIP_INSTALL_BINARY='true' multi-semantic-release --ignore-scripts", "clean": "yarn workspaces foreach -p run clean", "lint": "yarn workspaces foreach run lint", "lint:fix": "yarn workspaces foreach run lint:fix", From 3b0206b6ca94b12b989a59ac65638e7e8fb4f91e Mon Sep 17 00:00:00 2001 From: Christopher Koning Date: Thu, 12 May 2022 11:15:21 -0700 Subject: [PATCH 17/30] chore: update yarn lock file --- yarn.lock | 18153 +++++++++++++++++++--------------------------------- 1 file changed, 6664 insertions(+), 11489 deletions(-) diff --git a/yarn.lock b/yarn.lock index 247b937b..c848bac1 100644 --- a/yarn.lock +++ b/yarn.lock @@ -1,11489 +1,6664 @@ -# This file is generated by running "yarn install" inside your project. -# Manual changes might be lost - proceed with caution! - -__metadata: - version: 6 - cacheKey: 8 - -"@autocloud/eslint-config@npm:^0.1.0": - version: 0.1.0 - resolution: "@autocloud/eslint-config@npm:0.1.0" - dependencies: - "@typescript-eslint/eslint-plugin": ^4.28.5 - "@typescript-eslint/parser": ^4.28.5 - eslint: ^7.2.0 - eslint-config-airbnb-base: 14.2.1 - eslint-config-prettier: ^6.11.0 - eslint-plugin-import: ^2.22.1 - eslint-plugin-prettier: ^3.4.0 - peerDependencies: - eslint: ">= 7" - checksum: e6ce8f7fde79c5f14ba38904b2a28f618b2b9ecf5b449ab23c5ad6edc7ef5cae03b2aaa5682fd97fd20d9b9802ace8499c772bd80628f03311dd53fbe0e46ec7 - languageName: node - linkType: hard - -"@babel/code-frame@npm:7.12.11, @babel/code-frame@npm:^7.0.0": - version: 7.12.11 - resolution: "@babel/code-frame@npm:7.12.11" - dependencies: - "@babel/highlight": ^7.10.4 - checksum: 3963eff3ebfb0e091c7e6f99596ef4b258683e4ba8a134e4e95f77afe85be5c931e184fff6435fb4885d12eba04a5e25532f7fbc292ca13b48e7da943474e2f3 - languageName: node - linkType: hard - -"@babel/code-frame@npm:^7.12.13, @babel/code-frame@npm:^7.16.7": - version: 7.16.7 - resolution: "@babel/code-frame@npm:7.16.7" - dependencies: - "@babel/highlight": ^7.16.7 - checksum: db2f7faa31bc2c9cf63197b481b30ea57147a5fc1a6fab60e5d6c02cdfbf6de8e17b5121f99917b3dabb5eeb572da078312e70697415940383efc140d4e0808b - languageName: node - linkType: hard - -"@babel/compat-data@npm:^7.16.4": - version: 7.16.4 - resolution: "@babel/compat-data@npm:7.16.4" - checksum: 4949ce54eafc4b38d5623696a872acaaced1a523605708d81c2c483253941917d90dae0de40fc01e152ae56075dadd89c23014da5a632b09c001a716fa689cae - languageName: node - linkType: hard - -"@babel/core@npm:^7.1.0, @babel/core@npm:^7.12.3, @babel/core@npm:^7.7.2, @babel/core@npm:^7.8.0": - version: 7.16.7 - resolution: "@babel/core@npm:7.16.7" - dependencies: - "@babel/code-frame": ^7.16.7 - "@babel/generator": ^7.16.7 - "@babel/helper-compilation-targets": ^7.16.7 - "@babel/helper-module-transforms": ^7.16.7 - "@babel/helpers": ^7.16.7 - "@babel/parser": ^7.16.7 - "@babel/template": ^7.16.7 - "@babel/traverse": ^7.16.7 - "@babel/types": ^7.16.7 - convert-source-map: ^1.7.0 - debug: ^4.1.0 - gensync: ^1.0.0-beta.2 - json5: ^2.1.2 - semver: ^6.3.0 - source-map: ^0.5.0 - checksum: 3206e077e76db189726c4da19a5296eae11c6c1f5abea7013e74f18708bb91616914717ff8d8ca466cc0ba9d2d2147e9a84c3c357b9ad4cba601da14107838ed - languageName: node - linkType: hard - -"@babel/generator@npm:^7.16.7, @babel/generator@npm:^7.7.2": - version: 7.16.7 - resolution: "@babel/generator@npm:7.16.7" - dependencies: - "@babel/types": ^7.16.7 - jsesc: ^2.5.1 - source-map: ^0.5.0 - checksum: 20c6a7c5e372a66ec2900c074b2ec3634d3f615cafccbb416770f4b419251c6dc27a0a137b71407e218463fe059a3a6a5afb734f35089d94bdb66e01fe8a9e6f - languageName: node - linkType: hard - -"@babel/helper-compilation-targets@npm:^7.16.7": - version: 7.16.7 - resolution: "@babel/helper-compilation-targets@npm:7.16.7" - dependencies: - "@babel/compat-data": ^7.16.4 - "@babel/helper-validator-option": ^7.16.7 - browserslist: ^4.17.5 - semver: ^6.3.0 - peerDependencies: - "@babel/core": ^7.0.0 - checksum: 7238aaee78c011a42fb5ca92e5eff098752f7b314c2111d7bb9cdd58792fcab1b9c819b59f6a0851dc210dc09dc06b30d130a23982753e70eb3111bc65204842 - languageName: node - linkType: hard - -"@babel/helper-environment-visitor@npm:^7.16.7": - version: 7.16.7 - resolution: "@babel/helper-environment-visitor@npm:7.16.7" - dependencies: - "@babel/types": ^7.16.7 - checksum: c03a10105d9ebd1fe632a77356b2e6e2f3c44edba9a93b0dc3591b6a66bd7a2e323dd9502f9ce96fc6401234abff1907aa877b6674f7826b61c953f7c8204bbe - languageName: node - linkType: hard - -"@babel/helper-function-name@npm:^7.16.7": - version: 7.16.7 - resolution: "@babel/helper-function-name@npm:7.16.7" - dependencies: - "@babel/helper-get-function-arity": ^7.16.7 - "@babel/template": ^7.16.7 - "@babel/types": ^7.16.7 - checksum: fc77cbe7b10cfa2a262d7a37dca575c037f20419dfe0c5d9317f589599ca24beb5f5c1057748011159149eaec47fe32338c6c6412376fcded68200df470161e1 - languageName: node - linkType: hard - -"@babel/helper-get-function-arity@npm:^7.16.7": - version: 7.16.7 - resolution: "@babel/helper-get-function-arity@npm:7.16.7" - dependencies: - "@babel/types": ^7.16.7 - checksum: 25d969fb207ff2ad5f57a90d118f6c42d56a0171022e200aaa919ba7dc95ae7f92ec71cdea6c63ef3629a0dc962ab4c78e09ca2b437185ab44539193f796e0c3 - languageName: node - linkType: hard - -"@babel/helper-hoist-variables@npm:^7.16.7": - version: 7.16.7 - resolution: "@babel/helper-hoist-variables@npm:7.16.7" - dependencies: - "@babel/types": ^7.16.7 - checksum: 6ae1641f4a751cd9045346e3f61c3d9ec1312fd779ab6d6fecfe2a96e59a481ad5d7e40d2a840894c13b3fd6114345b157f9e3062fc5f1580f284636e722de60 - languageName: node - linkType: hard - -"@babel/helper-module-imports@npm:^7.16.7": - version: 7.16.7 - resolution: "@babel/helper-module-imports@npm:7.16.7" - dependencies: - "@babel/types": ^7.16.7 - checksum: ddd2c4a600a2e9a4fee192ab92bf35a627c5461dbab4af31b903d9ba4d6b6e59e0ff3499fde4e2e9a0eebe24906f00b636f8b4d9bd72ff24d50e6618215c3212 - languageName: node - linkType: hard - -"@babel/helper-module-transforms@npm:^7.16.7": - version: 7.16.7 - resolution: "@babel/helper-module-transforms@npm:7.16.7" - dependencies: - "@babel/helper-environment-visitor": ^7.16.7 - "@babel/helper-module-imports": ^7.16.7 - "@babel/helper-simple-access": ^7.16.7 - "@babel/helper-split-export-declaration": ^7.16.7 - "@babel/helper-validator-identifier": ^7.16.7 - "@babel/template": ^7.16.7 - "@babel/traverse": ^7.16.7 - "@babel/types": ^7.16.7 - checksum: 6e930ce776c979f299cdbeaf80187f4ab086d75287b96ecc1c6896d392fcb561065f0d6219fc06fa79b4ceb4bbdc1a9847da8099aba9b077d0a9e583500fb673 - languageName: node - linkType: hard - -"@babel/helper-plugin-utils@npm:^7.0.0, @babel/helper-plugin-utils@npm:^7.10.4, @babel/helper-plugin-utils@npm:^7.12.13, @babel/helper-plugin-utils@npm:^7.14.5, @babel/helper-plugin-utils@npm:^7.16.7, @babel/helper-plugin-utils@npm:^7.8.0": - version: 7.16.7 - resolution: "@babel/helper-plugin-utils@npm:7.16.7" - checksum: d08dd86554a186c2538547cd537552e4029f704994a9201d41d82015c10ed7f58f9036e8d1527c3760f042409163269d308b0b3706589039c5f1884619c6d4ce - languageName: node - linkType: hard - -"@babel/helper-simple-access@npm:^7.16.7": - version: 7.16.7 - resolution: "@babel/helper-simple-access@npm:7.16.7" - dependencies: - "@babel/types": ^7.16.7 - checksum: 8d22c46c5ec2ead0686c4d5a3d1d12b5190c59be676bfe0d9d89df62b437b51d1a3df2ccfb8a77dded2e585176ebf12986accb6d45a18cff229eef3b10344f4b - languageName: node - linkType: hard - -"@babel/helper-split-export-declaration@npm:^7.16.7": - version: 7.16.7 - resolution: "@babel/helper-split-export-declaration@npm:7.16.7" - dependencies: - "@babel/types": ^7.16.7 - checksum: e10aaf135465c55114627951b79115f24bc7af72ecbb58d541d66daf1edaee5dde7cae3ec8c3639afaf74526c03ae3ce723444e3b5b3dc77140c456cd84bcaa1 - languageName: node - linkType: hard - -"@babel/helper-validator-identifier@npm:^7.16.7": - version: 7.16.7 - resolution: "@babel/helper-validator-identifier@npm:7.16.7" - checksum: dbb3db9d184343152520a209b5684f5e0ed416109cde82b428ca9c759c29b10c7450657785a8b5c5256aa74acc6da491c1f0cf6b784939f7931ef82982051b69 - languageName: node - linkType: hard - -"@babel/helper-validator-option@npm:^7.16.7": - version: 7.16.7 - resolution: "@babel/helper-validator-option@npm:7.16.7" - checksum: c5ccc451911883cc9f12125d47be69434f28094475c1b9d2ada7c3452e6ac98a1ee8ddd364ca9e3f9855fcdee96cdeafa32543ebd9d17fee7a1062c202e80570 - languageName: node - linkType: hard - -"@babel/helpers@npm:^7.16.7": - version: 7.16.7 - resolution: "@babel/helpers@npm:7.16.7" - dependencies: - "@babel/template": ^7.16.7 - "@babel/traverse": ^7.16.7 - "@babel/types": ^7.16.7 - checksum: 75504c76b66a29b91f954fcc0867dfe275a4cfba5b44df6d64405df74ea72f967fccfa63d62c31c423c5502d113290000c581e0e4858a214f0303d7ecf55c29f - languageName: node - linkType: hard - -"@babel/highlight@npm:^7.10.4, @babel/highlight@npm:^7.16.7": - version: 7.16.7 - resolution: "@babel/highlight@npm:7.16.7" - dependencies: - "@babel/helper-validator-identifier": ^7.16.7 - chalk: ^2.0.0 - js-tokens: ^4.0.0 - checksum: f7e04e7e03b83c2cca984f4d3e180c9b018784f45d03367e94daf983861229ddc47264045f3b58dfeb0007f9c67bc2a76c4de1693bad90e5394876ef55ece5bb - languageName: node - linkType: hard - -"@babel/parser@npm:^7.1.0, @babel/parser@npm:^7.14.7, @babel/parser@npm:^7.16.7": - version: 7.16.7 - resolution: "@babel/parser@npm:7.16.7" - bin: - parser: ./bin/babel-parser.js - checksum: e664ff1edda164ab3f3c97fc1dd1a8930b0fba9981cbf873d3f25a22d16d50e2efcfaf81daeefa978bff2c4f268d34832f6817c8bc4e03594c3f43beba92fb68 - languageName: node - linkType: hard - -"@babel/plugin-syntax-async-generators@npm:^7.8.4": - version: 7.8.4 - resolution: "@babel/plugin-syntax-async-generators@npm:7.8.4" - dependencies: - "@babel/helper-plugin-utils": ^7.8.0 - peerDependencies: - "@babel/core": ^7.0.0-0 - checksum: 7ed1c1d9b9e5b64ef028ea5e755c0be2d4e5e4e3d6cf7df757b9a8c4cfa4193d268176d0f1f7fbecdda6fe722885c7fda681f480f3741d8a2d26854736f05367 - languageName: node - linkType: hard - -"@babel/plugin-syntax-bigint@npm:^7.8.3": - version: 7.8.3 - resolution: "@babel/plugin-syntax-bigint@npm:7.8.3" - dependencies: - "@babel/helper-plugin-utils": ^7.8.0 - peerDependencies: - "@babel/core": ^7.0.0-0 - checksum: 3a10849d83e47aec50f367a9e56a6b22d662ddce643334b087f9828f4c3dd73bdc5909aaeabe123fed78515767f9ca43498a0e621c438d1cd2802d7fae3c9648 - languageName: node - linkType: hard - -"@babel/plugin-syntax-class-properties@npm:^7.8.3": - version: 7.12.13 - resolution: "@babel/plugin-syntax-class-properties@npm:7.12.13" - dependencies: - "@babel/helper-plugin-utils": ^7.12.13 - peerDependencies: - "@babel/core": ^7.0.0-0 - checksum: 24f34b196d6342f28d4bad303612d7ff566ab0a013ce89e775d98d6f832969462e7235f3e7eaf17678a533d4be0ba45d3ae34ab4e5a9dcbda5d98d49e5efa2fc - languageName: node - linkType: hard - -"@babel/plugin-syntax-import-meta@npm:^7.8.3": - version: 7.10.4 - resolution: "@babel/plugin-syntax-import-meta@npm:7.10.4" - dependencies: - "@babel/helper-plugin-utils": ^7.10.4 - peerDependencies: - "@babel/core": ^7.0.0-0 - checksum: 166ac1125d10b9c0c430e4156249a13858c0366d38844883d75d27389621ebe651115cb2ceb6dc011534d5055719fa1727b59f39e1ab3ca97820eef3dcab5b9b - languageName: node - linkType: hard - -"@babel/plugin-syntax-json-strings@npm:^7.8.3": - version: 7.8.3 - resolution: "@babel/plugin-syntax-json-strings@npm:7.8.3" - dependencies: - "@babel/helper-plugin-utils": ^7.8.0 - peerDependencies: - "@babel/core": ^7.0.0-0 - checksum: bf5aea1f3188c9a507e16efe030efb996853ca3cadd6512c51db7233cc58f3ac89ff8c6bdfb01d30843b161cfe7d321e1bf28da82f7ab8d7e6bc5464666f354a - languageName: node - linkType: hard - -"@babel/plugin-syntax-logical-assignment-operators@npm:^7.8.3": - version: 7.10.4 - resolution: "@babel/plugin-syntax-logical-assignment-operators@npm:7.10.4" - dependencies: - "@babel/helper-plugin-utils": ^7.10.4 - peerDependencies: - "@babel/core": ^7.0.0-0 - checksum: aff33577037e34e515911255cdbb1fd39efee33658aa00b8a5fd3a4b903585112d037cce1cc9e4632f0487dc554486106b79ccd5ea63a2e00df4363f6d4ff886 - languageName: node - linkType: hard - -"@babel/plugin-syntax-nullish-coalescing-operator@npm:^7.8.3": - version: 7.8.3 - resolution: "@babel/plugin-syntax-nullish-coalescing-operator@npm:7.8.3" - dependencies: - "@babel/helper-plugin-utils": ^7.8.0 - peerDependencies: - "@babel/core": ^7.0.0-0 - checksum: 87aca4918916020d1fedba54c0e232de408df2644a425d153be368313fdde40d96088feed6c4e5ab72aac89be5d07fef2ddf329a15109c5eb65df006bf2580d1 - languageName: node - linkType: hard - -"@babel/plugin-syntax-numeric-separator@npm:^7.8.3": - version: 7.10.4 - resolution: "@babel/plugin-syntax-numeric-separator@npm:7.10.4" - dependencies: - "@babel/helper-plugin-utils": ^7.10.4 - peerDependencies: - "@babel/core": ^7.0.0-0 - checksum: 01ec5547bd0497f76cc903ff4d6b02abc8c05f301c88d2622b6d834e33a5651aa7c7a3d80d8d57656a4588f7276eba357f6b7e006482f5b564b7a6488de493a1 - languageName: node - linkType: hard - -"@babel/plugin-syntax-object-rest-spread@npm:^7.8.3": - version: 7.8.3 - resolution: "@babel/plugin-syntax-object-rest-spread@npm:7.8.3" - dependencies: - "@babel/helper-plugin-utils": ^7.8.0 - peerDependencies: - "@babel/core": ^7.0.0-0 - checksum: fddcf581a57f77e80eb6b981b10658421bc321ba5f0a5b754118c6a92a5448f12a0c336f77b8abf734841e102e5126d69110a306eadb03ca3e1547cab31f5cbf - languageName: node - linkType: hard - -"@babel/plugin-syntax-optional-catch-binding@npm:^7.8.3": - version: 7.8.3 - resolution: "@babel/plugin-syntax-optional-catch-binding@npm:7.8.3" - dependencies: - "@babel/helper-plugin-utils": ^7.8.0 - peerDependencies: - "@babel/core": ^7.0.0-0 - checksum: 910d90e72bc90ea1ce698e89c1027fed8845212d5ab588e35ef91f13b93143845f94e2539d831dc8d8ededc14ec02f04f7bd6a8179edd43a326c784e7ed7f0b9 - languageName: node - linkType: hard - -"@babel/plugin-syntax-optional-chaining@npm:^7.8.3": - version: 7.8.3 - resolution: "@babel/plugin-syntax-optional-chaining@npm:7.8.3" - dependencies: - "@babel/helper-plugin-utils": ^7.8.0 - peerDependencies: - "@babel/core": ^7.0.0-0 - checksum: eef94d53a1453361553c1f98b68d17782861a04a392840341bc91780838dd4e695209c783631cf0de14c635758beafb6a3a65399846ffa4386bff90639347f30 - languageName: node - linkType: hard - -"@babel/plugin-syntax-top-level-await@npm:^7.8.3": - version: 7.14.5 - resolution: "@babel/plugin-syntax-top-level-await@npm:7.14.5" - dependencies: - "@babel/helper-plugin-utils": ^7.14.5 - peerDependencies: - "@babel/core": ^7.0.0-0 - checksum: bbd1a56b095be7820029b209677b194db9b1d26691fe999856462e66b25b281f031f3dfd91b1619e9dcf95bebe336211833b854d0fb8780d618e35667c2d0d7e - languageName: node - linkType: hard - -"@babel/plugin-syntax-typescript@npm:^7.7.2": - version: 7.16.7 - resolution: "@babel/plugin-syntax-typescript@npm:7.16.7" - dependencies: - "@babel/helper-plugin-utils": ^7.16.7 - peerDependencies: - "@babel/core": ^7.0.0-0 - checksum: 661e636060609ede9a402e22603b01784c21fabb0a637e65f561c8159351fe0130bbc11fdefe31902107885e3332fc34d95eb652ac61d3f61f2d61f5da20609e - languageName: node - linkType: hard - -"@babel/runtime@npm:^7.5.5": - version: 7.16.7 - resolution: "@babel/runtime@npm:7.16.7" - dependencies: - regenerator-runtime: ^0.13.4 - checksum: 47912f0aaacd1cab2e2552aaf3e6eaffbcaf2d5ac9b07a89a12ac0d42029cb92c070b0d16f825e4277c4a34677c54d8ffe85e1f7c6feb57de58f700eec67ce2f - languageName: node - linkType: hard - -"@babel/template@npm:^7.16.7, @babel/template@npm:^7.3.3": - version: 7.16.7 - resolution: "@babel/template@npm:7.16.7" - dependencies: - "@babel/code-frame": ^7.16.7 - "@babel/parser": ^7.16.7 - "@babel/types": ^7.16.7 - checksum: 10cd112e89276e00f8b11b55a51c8b2f1262c318283a980f4d6cdb0286dc05734b9aaeeb9f3ad3311900b09bc913e02343fcaa9d4a4f413964aaab04eb84ac4a - languageName: node - linkType: hard - -"@babel/traverse@npm:^7.16.7, @babel/traverse@npm:^7.7.2": - version: 7.16.7 - resolution: "@babel/traverse@npm:7.16.7" - dependencies: - "@babel/code-frame": ^7.16.7 - "@babel/generator": ^7.16.7 - "@babel/helper-environment-visitor": ^7.16.7 - "@babel/helper-function-name": ^7.16.7 - "@babel/helper-hoist-variables": ^7.16.7 - "@babel/helper-split-export-declaration": ^7.16.7 - "@babel/parser": ^7.16.7 - "@babel/types": ^7.16.7 - debug: ^4.1.0 - globals: ^11.1.0 - checksum: 65261f7a5bf257c10a9415b6c227fb555ace359ad786645d9cf22f0e3fc8dc8e38895269f3b93cc39eccd8ed992e7bacc358b4cb7d3496fe54f91cda49220834 - languageName: node - linkType: hard - -"@babel/types@npm:^7.0.0, @babel/types@npm:^7.16.7, @babel/types@npm:^7.3.0, @babel/types@npm:^7.3.3": - version: 7.16.7 - resolution: "@babel/types@npm:7.16.7" - dependencies: - "@babel/helper-validator-identifier": ^7.16.7 - to-fast-properties: ^2.0.0 - checksum: df9210723259df9faea8c7e5674a59e57ead82664aab9f54daae887db5a50a956f30f57ed77a2d6cbb89b908d520cf8d883267c4e9098e31bc74649f2f714654 - languageName: node - linkType: hard - -"@babel/types@npm:^7.8.3": - version: 7.17.10 - resolution: "@babel/types@npm:7.17.10" - dependencies: - "@babel/helper-validator-identifier": ^7.16.7 - to-fast-properties: ^2.0.0 - checksum: 40cfc3f43a3ab7374df8ee6844793f804c65e7bea0fd1b090886b425106ba26e16e8fa698ae4b2caf2746083fe3e62f03f12997a5982e0d131700f17cbdcfca1 - languageName: node - linkType: hard - -"@bcoe/v8-coverage@npm:^0.2.3": - version: 0.2.3 - resolution: "@bcoe/v8-coverage@npm:0.2.3" - checksum: 850f9305536d0f2bd13e9e0881cb5f02e4f93fad1189f7b2d4bebf694e3206924eadee1068130d43c11b750efcc9405f88a8e42ef098b6d75239c0f047de1a27 - languageName: node - linkType: hard - -"@changesets/types@npm:^4.0.1": - version: 4.0.2 - resolution: "@changesets/types@npm:4.0.2" - checksum: 098ed02b44ac70dbe341ca3560acdd0ae46c54edb8a1134f743d5fa56bf983b5f4ea085b8c5187314c23ac51e51e1ca6c735aaaa3ee17d79f0395b23baf042a0 - languageName: node - linkType: hard - -"@cloudgraph/policy-pack-aws-cis-1.2.0@workspace:src/aws/cis-1.2.0": - version: 0.0.0-use.local - resolution: "@cloudgraph/policy-pack-aws-cis-1.2.0@workspace:src/aws/cis-1.2.0" - dependencies: - "@autocloud/eslint-config": ^0.1.0 - "@cloudgraph/sdk": ^0.14.0 - "@types/jest": ^27.0.3 - "@types/node": ^15.12.4 - "@types/pino": ^6.3.11 - "@typescript-eslint/eslint-plugin": ^4.28.5 - "@typescript-eslint/parser": ^4.28.5 - cpx: ^1.5.0 - cuid: ^2.1.8 - eslint: ^7.25.0 - eslint-config-airbnb-base: 14.2.1 - eslint-config-prettier: ^6.11.0 - eslint-plugin-import: ^2.22.1 - eslint-plugin-prettier: ^3.4.0 - jest: ^27.0.6 - prettier: ^2.4.1 - shx: ^0.3.3 - ts-jest: ^27.0.4 - tslib: ^1 - typescript: ^4.3.5 - languageName: unknown - linkType: soft - -"@cloudgraph/policy-pack-aws-cis-1.3.0@workspace:src/aws/cis-1.3.0": - version: 0.0.0-use.local - resolution: "@cloudgraph/policy-pack-aws-cis-1.3.0@workspace:src/aws/cis-1.3.0" - dependencies: - "@autocloud/eslint-config": ^0.1.0 - "@cloudgraph/sdk": ^0.18.1 - "@types/jest": ^27.0.3 - "@types/node": ^15.12.4 - "@types/pino": ^6.3.11 - "@typescript-eslint/eslint-plugin": ^4.28.5 - "@typescript-eslint/parser": ^4.28.5 - cpx: ^1.5.0 - cuid: ^2.1.8 - eslint: ^7.25.0 - eslint-config-airbnb-base: 14.2.1 - eslint-config-prettier: ^6.11.0 - eslint-plugin-import: ^2.22.1 - eslint-plugin-prettier: ^3.4.0 - jest: ^27.0.6 - prettier: ^2.4.1 - shx: ^0.3.3 - ts-jest: ^27.0.4 - tslib: ^1 - typescript: ^4.3.5 - languageName: unknown - linkType: soft - -"@cloudgraph/policy-pack-aws-cis-1.4.0@workspace:src/aws/cis-1.4.0": - version: 0.0.0-use.local - resolution: "@cloudgraph/policy-pack-aws-cis-1.4.0@workspace:src/aws/cis-1.4.0" - dependencies: - "@autocloud/eslint-config": ^0.1.0 - "@cloudgraph/sdk": ^0.18.1 - "@types/jest": ^27.0.3 - "@types/node": ^15.12.4 - "@types/pino": ^6.3.11 - "@typescript-eslint/eslint-plugin": ^4.28.5 - "@typescript-eslint/parser": ^4.28.5 - cpx: ^1.5.0 - cuid: ^2.1.8 - eslint: ^7.25.0 - eslint-config-airbnb-base: 14.2.1 - eslint-config-prettier: ^6.11.0 - eslint-plugin-import: ^2.22.1 - eslint-plugin-prettier: ^3.4.0 - jest: ^27.0.6 - prettier: ^2.4.1 - shx: ^0.3.3 - ts-jest: ^27.0.4 - tslib: ^1 - typescript: ^4.3.5 - languageName: unknown - linkType: soft - -"@cloudgraph/policy-pack-aws-nist-800-53-rev4@workspace:src/aws/nist-800-53-rev4": - version: 0.0.0-use.local - resolution: "@cloudgraph/policy-pack-aws-nist-800-53-rev4@workspace:src/aws/nist-800-53-rev4" - dependencies: - "@autocloud/eslint-config": ^0.1.0 - "@cloudgraph/sdk": ^0.18.1 - "@types/jest": ^27.4.0 - "@types/node": ^15.12.4 - "@types/pino": ^6.3.11 - "@typescript-eslint/eslint-plugin": ^4.28.5 - "@typescript-eslint/parser": ^4.28.5 - cpx: ^1.5.0 - cuid: ^2.1.8 - eslint: ^7.25.0 - eslint-config-airbnb-base: 14.2.1 - eslint-config-prettier: ^6.11.0 - eslint-plugin-import: ^2.22.1 - eslint-plugin-prettier: ^3.4.0 - jest: ^27.0.6 - prettier: ^2.4.1 - shx: ^0.3.3 - ts-jest: ^27.0.4 - tslib: ^1 - typescript: ^4.3.5 - languageName: unknown - linkType: soft - -"@cloudgraph/policy-pack-aws-pci-dss-3.2.1@workspace:src/aws/pci-dss-3.2.1": - version: 0.0.0-use.local - resolution: "@cloudgraph/policy-pack-aws-pci-dss-3.2.1@workspace:src/aws/pci-dss-3.2.1" - dependencies: - "@autocloud/eslint-config": ^0.1.0 - "@cloudgraph/sdk": ^0.15.0 - "@types/jest": ^27.4.0 - "@types/node": ^15.12.4 - "@types/pino": ^6.3.11 - "@typescript-eslint/eslint-plugin": ^4.28.5 - "@typescript-eslint/parser": ^4.28.5 - cpx: ^1.5.0 - cuid: ^2.1.8 - eslint: ^7.25.0 - eslint-config-airbnb-base: 14.2.1 - eslint-config-prettier: ^6.11.0 - eslint-plugin-import: ^2.22.1 - eslint-plugin-prettier: ^3.4.0 - jest: ^27.0.6 - prettier: ^2.4.1 - shx: ^0.3.3 - ts-jest: ^27.0.4 - tslib: ^1 - typescript: ^4.3.5 - languageName: unknown - linkType: soft - -"@cloudgraph/policy-pack-azure-cis-1.3.1@workspace:src/azure/cis-1.3.1": - version: 0.0.0-use.local - resolution: "@cloudgraph/policy-pack-azure-cis-1.3.1@workspace:src/azure/cis-1.3.1" - dependencies: - "@autocloud/eslint-config": ^0.1.0 - "@cloudgraph/sdk": ^0.14.0 - "@types/jest": ^27.4.0 - "@types/node": ^17.0.8 - "@types/pino": ^6.3.11 - "@typescript-eslint/eslint-plugin": ^4.28.5 - "@typescript-eslint/parser": ^4.28.5 - cpx: ^1.5.0 - cuid: ^2.1.8 - eslint: ^7.25.0 - eslint-config-airbnb-base: 14.2.1 - eslint-config-prettier: ^6.11.0 - eslint-plugin-import: ^2.22.1 - eslint-plugin-prettier: ^3.4.0 - jest: ^27.0.6 - prettier: ^2.5.1 - shx: ^0.3.3 - ts-jest: ^27.0.4 - tslib: ^1 - typescript: ^4.3.5 - languageName: unknown - linkType: soft - -"@cloudgraph/policy-pack-gcp-cis-1.2.0@workspace:src/gcp/cis-1.2.0": - version: 0.0.0-use.local - resolution: "@cloudgraph/policy-pack-gcp-cis-1.2.0@workspace:src/gcp/cis-1.2.0" - dependencies: - "@autocloud/eslint-config": ^0.1.0 - "@cloudgraph/sdk": ^0.14.0 - "@types/jest": ^27.4.0 - "@types/node": ^17.0.8 - "@types/pino": ^6.3.11 - "@typescript-eslint/eslint-plugin": ^4.28.5 - "@typescript-eslint/parser": ^4.28.5 - cpx: ^1.5.0 - cuid: ^2.1.8 - eslint: ^7.25.0 - eslint-config-airbnb-base: 14.2.1 - eslint-config-prettier: ^6.11.0 - eslint-plugin-import: ^2.22.1 - eslint-plugin-prettier: ^3.4.0 - jest: ^27.0.6 - prettier: ^2.5.1 - shx: ^0.3.3 - ts-jest: ^27.0.4 - tslib: ^1 - typescript: ^4.3.5 - languageName: unknown - linkType: soft - -"@cloudgraph/policy-pack-gcp-pci-dss-3.2.1@workspace:src/gcp/pci-dss-3.2.1": - version: 0.0.0-use.local - resolution: "@cloudgraph/policy-pack-gcp-pci-dss-3.2.1@workspace:src/gcp/pci-dss-3.2.1" - dependencies: - "@autocloud/eslint-config": ^0.1.0 - "@cloudgraph/sdk": ^0.18.1 - "@types/jest": ^27.4.0 - "@types/node": ^15.12.4 - "@types/pino": ^6.3.11 - "@typescript-eslint/eslint-plugin": ^4.28.5 - "@typescript-eslint/parser": ^4.28.5 - cpx: ^1.5.0 - cuid: ^2.1.8 - eslint: ^7.25.0 - eslint-config-airbnb-base: 14.2.1 - eslint-config-prettier: ^6.11.0 - eslint-plugin-import: ^2.22.1 - eslint-plugin-prettier: ^3.4.0 - jest: ^27.0.6 - prettier: ^2.4.1 - shx: ^0.3.3 - ts-jest: ^27.0.4 - tslib: ^1 - typescript: ^4.3.5 - languageName: unknown - linkType: soft - -"@cloudgraph/sdk@npm:^0.14.0": - version: 0.14.0 - resolution: "@cloudgraph/sdk@npm:0.14.0::__archiveUrl=https%3A%2F%2Fregistry.npmjs.org%2F%40cloudgraph%2Fsdk%2F-%2Fsdk-0.14.0.tgz" - dependencies: - "@graphql-tools/load-files": ^6.5.3 - "@graphql-tools/merge": ^8.2.1 - chalk: ^4.1.1 - date-fns: ^2.25.0 - graphql: ^16.2.0 - inquirer: ^8.1.2 - jsonpath: ^1.1.1 - lodash: ^4.17.21 - node-jq: ^2.1.0 - ora: ^5.4.1 - checksum: d46f8e7542273edcf3514f6707e13e3082e26bb4255c4de7606427a1f70030974022f4632a27df7a49f33d6d3490d6d60e09b63db34cf4f824d0bcdc1359b787 - languageName: node - linkType: hard - -"@cloudgraph/sdk@npm:^0.15.0": - version: 0.15.0 - resolution: "@cloudgraph/sdk@npm:0.15.0::__archiveUrl=https%3A%2F%2Fregistry.npmjs.org%2F%40cloudgraph%2Fsdk%2F-%2Fsdk-0.15.0.tgz" - dependencies: - "@graphql-tools/load-files": ^6.5.3 - "@graphql-tools/merge": ^8.2.1 - chalk: ^4.1.1 - date-fns: ^2.25.0 - graphql: ^16.2.0 - inquirer: ^8.1.2 - jsonpath: ^1.1.1 - lodash: ^4.17.21 - node-jq: ^2.1.0 - ora: ^5.4.1 - checksum: 6a8033d98aa74943be6af40513d423c632b34a2bffc37fec169bbcaf206aef2dd0525a0cb7fcbb3851461da8e2526fe1e33186a2b115c6029229e75337c6a9bb - languageName: node - linkType: hard - -"@cloudgraph/sdk@npm:^0.18.1": - version: 0.18.1 - resolution: "@cloudgraph/sdk@npm:0.18.1::__archiveUrl=https%3A%2F%2Fregistry.npmjs.org%2F%40cloudgraph%2Fsdk%2F-%2Fsdk-0.18.1.tgz" - dependencies: - "@graphql-tools/load-files": ^6.5.3 - "@graphql-tools/merge": ^8.2.1 - chalk: ^4.1.1 - date-fns: ^2.25.0 - graphql: ^16.2.0 - inquirer: ^8.1.2 - jsonpath: ^1.1.1 - lodash: ^4.17.21 - node-jq: 2.1.0 - ora: ^5.4.1 - checksum: 7c1b7a14ca9ee00809f8bc2374eae9d673c95d8b92c06acc2d3ce340d0b9daf9b7985a9fb2a8d731e828a6eb8db221b1c789ab7516c9d4e4a3254901b85144ec - languageName: node - linkType: hard - -"@eslint/eslintrc@npm:^0.4.3": - version: 0.4.3 - resolution: "@eslint/eslintrc@npm:0.4.3" - dependencies: - ajv: ^6.12.4 - debug: ^4.1.1 - espree: ^7.3.0 - globals: ^13.9.0 - ignore: ^4.0.6 - import-fresh: ^3.2.1 - js-yaml: ^3.13.1 - minimatch: ^3.0.4 - strip-json-comments: ^3.1.1 - checksum: 03a7704150b868c318aab6a94d87a33d30dc2ec579d27374575014f06237ba1370ae11178db772f985ef680d469dc237e7b16a1c5d8edaaeb8c3733e7a95a6d3 - languageName: node - linkType: hard - -"@gar/promisify@npm:^1.1.3": - version: 1.1.3 - resolution: "@gar/promisify@npm:1.1.3" - checksum: 4059f790e2d07bf3c3ff3e0fec0daa8144fe35c1f6e0111c9921bd32106adaa97a4ab096ad7dab1e28ee6a9060083c4d1a4ada42a7f5f3f7a96b8812e2b757c1 - languageName: node - linkType: hard - -"@graphql-tools/load-files@npm:^6.5.3": - version: 6.5.3 - resolution: "@graphql-tools/load-files@npm:6.5.3" - dependencies: - globby: 11.0.4 - tslib: ~2.3.0 - unixify: 1.0.0 - peerDependencies: - graphql: ^14.0.0 || ^15.0.0 || ^16.0.0 - checksum: 4eb7997ce17e9f01d11dbb054aea084e7ad77ccd3c260a6b6147e24287c86366f9e4bd56b66988d875b4bc40f3f1b67a7be8ae9a51f7196087797ed22d697d07 - languageName: node - linkType: hard - -"@graphql-tools/merge@npm:^8.2.1": - version: 8.2.1 - resolution: "@graphql-tools/merge@npm:8.2.1" - dependencies: - "@graphql-tools/utils": ^8.5.1 - tslib: ~2.3.0 - peerDependencies: - graphql: ^14.0.0 || ^15.0.0 || ^16.0.0 - checksum: b2c126fc697ad1cf0fb2c09d3766d791ba6243a318edfa24932b558628244f822b9454bd47cd98f5a7eee90caca264573695c582e10730b7a67785fea21c346c - languageName: node - linkType: hard - -"@graphql-tools/utils@npm:^8.5.1": - version: 8.6.0 - resolution: "@graphql-tools/utils@npm:8.6.0" - dependencies: - tslib: ~2.3.0 - peerDependencies: - graphql: ^14.0.0 || ^15.0.0 || ^16.0.0 - checksum: ef6fef40d4568606059f77dc8839f18c75a4330096ec89a21f0965bd58c749d80087830551c618fd040fdbcdcb9be35c949b2d96c495a1f1dbfba943b124bc3b - languageName: node - linkType: hard - -"@hapi/hoek@npm:^9.0.0": - version: 9.2.1 - resolution: "@hapi/hoek@npm:9.2.1" - checksum: 6a439f672df5f12f1d08d56967b4cb364ce05d81e95e3c3c1b88c5a98b917ca91c70e78cc0b2b4219a760cceec1f22d6658bfc93a83670cecc1ce9ca2247ebd8 - languageName: node - linkType: hard - -"@hapi/topo@npm:^5.0.0": - version: 5.1.0 - resolution: "@hapi/topo@npm:5.1.0" - dependencies: - "@hapi/hoek": ^9.0.0 - checksum: 604dfd5dde76d5c334bd03f9001fce69c7ce529883acf92da96f4fe7e51221bf5e5110e964caca287a6a616ba027c071748ab636ff178ad750547fba611d6014 - languageName: node - linkType: hard - -"@humanwhocodes/config-array@npm:^0.5.0": - version: 0.5.0 - resolution: "@humanwhocodes/config-array@npm:0.5.0" - dependencies: - "@humanwhocodes/object-schema": ^1.2.0 - debug: ^4.1.1 - minimatch: ^3.0.4 - checksum: 44ee6a9f05d93dd9d5935a006b17572328ba9caff8002442f601736cbda79c580cc0f5a49ce9eb88fbacc5c3a6b62098357c2e95326cd17bb9f1a6c61d6e95e7 - languageName: node - linkType: hard - -"@humanwhocodes/object-schema@npm:^1.2.0": - version: 1.2.1 - resolution: "@humanwhocodes/object-schema@npm:1.2.1" - checksum: a824a1ec31591231e4bad5787641f59e9633827d0a2eaae131a288d33c9ef0290bd16fda8da6f7c0fcb014147865d12118df10db57f27f41e20da92369fcb3f1 - languageName: node - linkType: hard - -"@isaacs/string-locale-compare@npm:^1.1.0": - version: 1.1.0 - resolution: "@isaacs/string-locale-compare@npm:1.1.0" - checksum: 7287da5d11497b82c542d3c2abe534808015be4f4883e71c26853277b5456f6bbe4108535db847a29f385ad6dc9318ffb0f55ee79bb5f39993233d7dccf8751d - languageName: node - linkType: hard - -"@istanbuljs/load-nyc-config@npm:^1.0.0": - version: 1.1.0 - resolution: "@istanbuljs/load-nyc-config@npm:1.1.0" - dependencies: - camelcase: ^5.3.1 - find-up: ^4.1.0 - get-package-type: ^0.1.0 - js-yaml: ^3.13.1 - resolve-from: ^5.0.0 - checksum: d578da5e2e804d5c93228450a1380e1a3c691de4953acc162f387b717258512a3e07b83510a936d9fab03eac90817473917e24f5d16297af3867f59328d58568 - languageName: node - linkType: hard - -"@istanbuljs/schema@npm:^0.1.2": - version: 0.1.3 - resolution: "@istanbuljs/schema@npm:0.1.3" - checksum: 5282759d961d61350f33d9118d16bcaed914ebf8061a52f4fa474b2cb08720c9c81d165e13b82f2e5a8a212cc5af482f0c6fc1ac27b9e067e5394c9a6ed186c9 - languageName: node - linkType: hard - -"@jest/console@npm:^27.4.6": - version: 27.4.6 - resolution: "@jest/console@npm:27.4.6" - dependencies: - "@jest/types": ^27.4.2 - "@types/node": "*" - chalk: ^4.0.0 - jest-message-util: ^27.4.6 - jest-util: ^27.4.2 - slash: ^3.0.0 - checksum: 603408498d2fd7fa6cfb85cc18a5823747c824be2f88be526ed4db83df65db7a9d3a93056eeaddd32ea1517d581b94862e532ccde081e0ecf9d82ac743ec6ac2 - languageName: node - linkType: hard - -"@jest/core@npm:^27.4.7": - version: 27.4.7 - resolution: "@jest/core@npm:27.4.7" - dependencies: - "@jest/console": ^27.4.6 - "@jest/reporters": ^27.4.6 - "@jest/test-result": ^27.4.6 - "@jest/transform": ^27.4.6 - "@jest/types": ^27.4.2 - "@types/node": "*" - ansi-escapes: ^4.2.1 - chalk: ^4.0.0 - emittery: ^0.8.1 - exit: ^0.1.2 - graceful-fs: ^4.2.4 - jest-changed-files: ^27.4.2 - jest-config: ^27.4.7 - jest-haste-map: ^27.4.6 - jest-message-util: ^27.4.6 - jest-regex-util: ^27.4.0 - jest-resolve: ^27.4.6 - jest-resolve-dependencies: ^27.4.6 - jest-runner: ^27.4.6 - jest-runtime: ^27.4.6 - jest-snapshot: ^27.4.6 - jest-util: ^27.4.2 - jest-validate: ^27.4.6 - jest-watcher: ^27.4.6 - micromatch: ^4.0.4 - rimraf: ^3.0.0 - slash: ^3.0.0 - strip-ansi: ^6.0.0 - peerDependencies: - node-notifier: ^8.0.1 || ^9.0.0 || ^10.0.0 - peerDependenciesMeta: - node-notifier: - optional: true - checksum: 24ed123ef1819fa8c6069706760efac9904ee8824b22c346259be2017d820b5e578a4d444339448a576a0158e6fec91d18fdedb201bc97d7390b105d665f3642 - languageName: node - linkType: hard - -"@jest/environment@npm:^27.4.6": - version: 27.4.6 - resolution: "@jest/environment@npm:27.4.6" - dependencies: - "@jest/fake-timers": ^27.4.6 - "@jest/types": ^27.4.2 - "@types/node": "*" - jest-mock: ^27.4.6 - checksum: c3aadcf6d42e55e35d8020f7cf5054c445775608e466fcfc37348359e54f2f79e0e39d029281836ae9082dc50eac81d1cf6b4fc3899adfb58afc68a7c72f8e3d - languageName: node - linkType: hard - -"@jest/fake-timers@npm:^27.4.6": - version: 27.4.6 - resolution: "@jest/fake-timers@npm:27.4.6" - dependencies: - "@jest/types": ^27.4.2 - "@sinonjs/fake-timers": ^8.0.1 - "@types/node": "*" - jest-message-util: ^27.4.6 - jest-mock: ^27.4.6 - jest-util: ^27.4.2 - checksum: 389f655d39f13fdd0448b554260cd41810cf824b99e9de057600869a708d34cfa74e7fdaba5fcd6e3295e7bfed08f1b3fc0735ca86f7c0b2281b25e534032876 - languageName: node - linkType: hard - -"@jest/globals@npm:^27.4.6": - version: 27.4.6 - resolution: "@jest/globals@npm:27.4.6" - dependencies: - "@jest/environment": ^27.4.6 - "@jest/types": ^27.4.2 - expect: ^27.4.6 - checksum: a438645771f45557b3af6e371e65c88e109d7433d3d4ee5db908177f29be6d6d12b4cfe9279ae6475bc033b5ff2a97235659a75f2718855041dd3ed805ed2edd - languageName: node - linkType: hard - -"@jest/reporters@npm:^27.4.6": - version: 27.4.6 - resolution: "@jest/reporters@npm:27.4.6" - dependencies: - "@bcoe/v8-coverage": ^0.2.3 - "@jest/console": ^27.4.6 - "@jest/test-result": ^27.4.6 - "@jest/transform": ^27.4.6 - "@jest/types": ^27.4.2 - "@types/node": "*" - chalk: ^4.0.0 - collect-v8-coverage: ^1.0.0 - exit: ^0.1.2 - glob: ^7.1.2 - graceful-fs: ^4.2.4 - istanbul-lib-coverage: ^3.0.0 - istanbul-lib-instrument: ^5.1.0 - istanbul-lib-report: ^3.0.0 - istanbul-lib-source-maps: ^4.0.0 - istanbul-reports: ^3.1.3 - jest-haste-map: ^27.4.6 - jest-resolve: ^27.4.6 - jest-util: ^27.4.2 - jest-worker: ^27.4.6 - slash: ^3.0.0 - source-map: ^0.6.0 - string-length: ^4.0.1 - terminal-link: ^2.0.0 - v8-to-istanbul: ^8.1.0 - peerDependencies: - node-notifier: ^8.0.1 || ^9.0.0 || ^10.0.0 - peerDependenciesMeta: - node-notifier: - optional: true - checksum: 4c14b2cf6c9b624977f9ad519e9ce2f5ead4a3c9a3fa0b9c68097b7bc78b598ceb5402566417d81e16489dbd6bb6e97e58f04c22099013897dd6010c0549b169 - languageName: node - linkType: hard - -"@jest/source-map@npm:^27.4.0": - version: 27.4.0 - resolution: "@jest/source-map@npm:27.4.0" - dependencies: - callsites: ^3.0.0 - graceful-fs: ^4.2.4 - source-map: ^0.6.0 - checksum: cf87ac3dd1c2d210b0637060710d64417bcd88d670cbb26af7367ded99fd7d64d431c1718054351f0236c14659bc17a8deff6ee3d9f52902299911231bbaf0c8 - languageName: node - linkType: hard - -"@jest/test-result@npm:^27.4.6": - version: 27.4.6 - resolution: "@jest/test-result@npm:27.4.6" - dependencies: - "@jest/console": ^27.4.6 - "@jest/types": ^27.4.2 - "@types/istanbul-lib-coverage": ^2.0.0 - collect-v8-coverage: ^1.0.0 - checksum: ddfc5783f2025ba979df395ddead7f76aac91df9a8a4ab15d5b1210a58e523932bb9ea9e1e97229c09cab81fdb2611292fdc8e56e2c5b44ed452ac11db7f79f0 - languageName: node - linkType: hard - -"@jest/test-sequencer@npm:^27.4.6": - version: 27.4.6 - resolution: "@jest/test-sequencer@npm:27.4.6" - dependencies: - "@jest/test-result": ^27.4.6 - graceful-fs: ^4.2.4 - jest-haste-map: ^27.4.6 - jest-runtime: ^27.4.6 - checksum: 8d761fd81f5cf4845a09844a8a16717fc148137f364916165ce5e1ebfc5dfd89160d4b98e7e947c97f8707500050863606d0becb8c388997efcc31cafa6f5e31 - languageName: node - linkType: hard - -"@jest/transform@npm:^27.4.6": - version: 27.4.6 - resolution: "@jest/transform@npm:27.4.6" - dependencies: - "@babel/core": ^7.1.0 - "@jest/types": ^27.4.2 - babel-plugin-istanbul: ^6.1.1 - chalk: ^4.0.0 - convert-source-map: ^1.4.0 - fast-json-stable-stringify: ^2.0.0 - graceful-fs: ^4.2.4 - jest-haste-map: ^27.4.6 - jest-regex-util: ^27.4.0 - jest-util: ^27.4.2 - micromatch: ^4.0.4 - pirates: ^4.0.4 - slash: ^3.0.0 - source-map: ^0.6.1 - write-file-atomic: ^3.0.0 - checksum: b2500fc5a7e7cad34547acdb8930797f021cda6b811ed0626564999bfd9ca856f52cc3a9b2ced5d037f3bd06a49b8b30cb7c10259318dc67bd11a564854d2ca6 - languageName: node - linkType: hard - -"@jest/types@npm:^27.4.2": - version: 27.4.2 - resolution: "@jest/types@npm:27.4.2" - dependencies: - "@types/istanbul-lib-coverage": ^2.0.0 - "@types/istanbul-reports": ^3.0.0 - "@types/node": "*" - "@types/yargs": ^16.0.0 - chalk: ^4.0.0 - checksum: 1191022023e32763063cc1c8b1143fa316fb05db2f9698280a7bdbafcabd989e5fd64f8eb875b8a2e54c53f25dba45ed2eea8ced394d9e484da0fda674cd17a5 - languageName: node - linkType: hard - -"@manypkg/find-root@npm:^1.1.0": - version: 1.1.0 - resolution: "@manypkg/find-root@npm:1.1.0" - dependencies: - "@babel/runtime": ^7.5.5 - "@types/node": ^12.7.1 - find-up: ^4.1.0 - fs-extra: ^8.1.0 - checksum: f0fd881a5a81a351cb6561cd24117e8ee9481bbf3b6d1c7d9d10bef1f4744ca2ba3d064713e83c0a0574416d1e5b4a4c6c414aad91913c4a1c6040d87283ac50 - languageName: node - linkType: hard - -"@manypkg/get-packages@npm:^1.1.3": - version: 1.1.3 - resolution: "@manypkg/get-packages@npm:1.1.3" - dependencies: - "@babel/runtime": ^7.5.5 - "@changesets/types": ^4.0.1 - "@manypkg/find-root": ^1.1.0 - fs-extra: ^8.1.0 - globby: ^11.0.0 - read-yaml-file: ^1.1.0 - checksum: f5a756e5a659e0e1c33f48852d56826d170d5b10a3cdea89ce4fcaa77678d8799aa4004b30e1985c87b73dbc390b95bb6411b78336dd1e0db87c08c74b5c0e74 - languageName: node - linkType: hard - -"@nodelib/fs.scandir@npm:2.1.5": - version: 2.1.5 - resolution: "@nodelib/fs.scandir@npm:2.1.5" - dependencies: - "@nodelib/fs.stat": 2.0.5 - run-parallel: ^1.1.9 - checksum: a970d595bd23c66c880e0ef1817791432dbb7acbb8d44b7e7d0e7a22f4521260d4a83f7f9fd61d44fda4610105577f8f58a60718105fb38352baed612fd79e59 - languageName: node - linkType: hard - -"@nodelib/fs.stat@npm:2.0.5, @nodelib/fs.stat@npm:^2.0.2": - version: 2.0.5 - resolution: "@nodelib/fs.stat@npm:2.0.5" - checksum: 012480b5ca9d97bff9261571dbbec7bbc6033f69cc92908bc1ecfad0792361a5a1994bc48674b9ef76419d056a03efadfce5a6cf6dbc0a36559571a7a483f6f0 - languageName: node - linkType: hard - -"@nodelib/fs.walk@npm:^1.2.3": - version: 1.2.8 - resolution: "@nodelib/fs.walk@npm:1.2.8" - dependencies: - "@nodelib/fs.scandir": 2.1.5 - fastq: ^1.6.0 - checksum: 190c643f156d8f8f277bf2a6078af1ffde1fd43f498f187c2db24d35b4b4b5785c02c7dc52e356497b9a1b65b13edc996de08de0b961c32844364da02986dc53 - languageName: node - linkType: hard - -"@npmcli/arborist@npm:^5.0.0, @npmcli/arborist@npm:^5.0.3": - version: 5.1.1 - resolution: "@npmcli/arborist@npm:5.1.1" - dependencies: - "@isaacs/string-locale-compare": ^1.1.0 - "@npmcli/installed-package-contents": ^1.0.7 - "@npmcli/map-workspaces": ^2.0.3 - "@npmcli/metavuln-calculator": ^3.0.1 - "@npmcli/move-file": ^2.0.0 - "@npmcli/name-from-folder": ^1.0.1 - "@npmcli/node-gyp": ^2.0.0 - "@npmcli/package-json": ^2.0.0 - "@npmcli/run-script": ^3.0.0 - bin-links: ^3.0.0 - cacache: ^16.0.6 - common-ancestor-path: ^1.0.1 - json-parse-even-better-errors: ^2.3.1 - json-stringify-nice: ^1.1.4 - mkdirp: ^1.0.4 - mkdirp-infer-owner: ^2.0.0 - nopt: ^5.0.0 - npm-install-checks: ^5.0.0 - npm-package-arg: ^9.0.0 - npm-pick-manifest: ^7.0.0 - npm-registry-fetch: ^13.0.0 - npmlog: ^6.0.2 - pacote: ^13.0.5 - parse-conflict-json: ^2.0.1 - proc-log: ^2.0.0 - promise-all-reject-late: ^1.0.0 - promise-call-limit: ^1.0.1 - read-package-json-fast: ^2.0.2 - readdir-scoped-modules: ^1.1.0 - rimraf: ^3.0.2 - semver: ^7.3.7 - ssri: ^9.0.0 - treeverse: ^2.0.0 - walk-up-path: ^1.0.0 - bin: - arborist: bin/index.js - checksum: e6a989d3743d47444405aad943abcbb87d075184afd394cd968cc1abfe59ab0fad737f2c2417ceebf40b98d640309e8eb94c1e0fb72a6db88a52c4ff5c123ca7 - languageName: node - linkType: hard - -"@npmcli/ci-detect@npm:^2.0.0": - version: 2.0.0 - resolution: "@npmcli/ci-detect@npm:2.0.0" - checksum: 26e964eca908706c1a612915cbc5614860ac7dbfacbb07870396c82b1377794f123a7aaa821c4a68575b67ff7e3ad170e296d3aa6a5e03dbab9b3f1e61491812 - languageName: node - linkType: hard - -"@npmcli/config@npm:^4.0.1": - version: 4.1.0 - resolution: "@npmcli/config@npm:4.1.0" - dependencies: - "@npmcli/map-workspaces": ^2.0.2 - ini: ^3.0.0 - mkdirp-infer-owner: ^2.0.0 - nopt: ^5.0.0 - proc-log: ^2.0.0 - read-package-json-fast: ^2.0.3 - semver: ^7.3.5 - walk-up-path: ^1.0.0 - checksum: ec0f8947e7695d246dafde2fb5bb0cb20c3cab55bbee4326468f51a3a811bfb3677517bf5f66185a10cca258938d15be0c7f30ae69f45ca6e62c938d5e309843 - languageName: node - linkType: hard - -"@npmcli/disparity-colors@npm:^2.0.0": - version: 2.0.0 - resolution: "@npmcli/disparity-colors@npm:2.0.0" - dependencies: - ansi-styles: ^4.3.0 - checksum: 2e85d371bb2a705c119b0eb350beab0a67ff84f13097719f20bacae7fe6d3187b9aec33b7f27553d0774a209937c5f587f049e1a5274b3288a8456357fd2a795 - languageName: node - linkType: hard - -"@npmcli/fs@npm:^2.1.0": - version: 2.1.0 - resolution: "@npmcli/fs@npm:2.1.0" - dependencies: - "@gar/promisify": ^1.1.3 - semver: ^7.3.5 - checksum: 6ec6d678af6da49f9dac50cd882d7f661934dd278972ffbaacde40d9eaa2871292d634000a0cca9510f6fc29855fbd4af433e1adbff90a524ec3eaf140f1219b - languageName: node - linkType: hard - -"@npmcli/git@npm:^3.0.0": - version: 3.0.1 - resolution: "@npmcli/git@npm:3.0.1" - dependencies: - "@npmcli/promise-spawn": ^3.0.0 - lru-cache: ^7.4.4 - mkdirp: ^1.0.4 - npm-pick-manifest: ^7.0.0 - proc-log: ^2.0.0 - promise-inflight: ^1.0.1 - promise-retry: ^2.0.1 - semver: ^7.3.5 - which: ^2.0.2 - checksum: 0e289d11e2d6034652993f2d05f68396d8377603a1c1f983b2d0893e7591a22bcf3896a43c7dfbcc43f03c308a110f0b9ec37e0191e48b0bd1d236e0f57a3ec6 - languageName: node - linkType: hard - -"@npmcli/installed-package-contents@npm:^1.0.7": - version: 1.0.7 - resolution: "@npmcli/installed-package-contents@npm:1.0.7" - dependencies: - npm-bundled: ^1.1.1 - npm-normalize-package-bin: ^1.0.1 - bin: - installed-package-contents: index.js - checksum: a4a29b99d439827ce2e7817c1f61b56be160e640696e31dc513a2c8a37c792f75cdb6258ec15a1e22904f20df0a8a3019dd3766de5e6619f259834cf64233538 - languageName: node - linkType: hard - -"@npmcli/map-workspaces@npm:^2.0.2, @npmcli/map-workspaces@npm:^2.0.3": - version: 2.0.3 - resolution: "@npmcli/map-workspaces@npm:2.0.3" - dependencies: - "@npmcli/name-from-folder": ^1.0.1 - glob: ^8.0.1 - minimatch: ^5.0.1 - read-package-json-fast: ^2.0.3 - checksum: c9878a22168d3f2d8df9e339ed0799628db3ea8502bd623b5bbe7b0dfcac065b3310e4093df94667a4a28ef2c54c02ce6956467a8aaa2e150305f2fe1cd64f9d - languageName: node - linkType: hard - -"@npmcli/metavuln-calculator@npm:^3.0.1": - version: 3.1.0 - resolution: "@npmcli/metavuln-calculator@npm:3.1.0" - dependencies: - cacache: ^16.0.0 - json-parse-even-better-errors: ^2.3.1 - pacote: ^13.0.3 - semver: ^7.3.5 - checksum: 39fb474e239d3f221178f0c2f6089cd4a2fce8183343b7f52f8f9fe0b3cb0a98b386b15c9afe63a0b0dc2ae5302497d00eb2de2f4b3431953dbf05e69d613c9a - languageName: node - linkType: hard - -"@npmcli/move-file@npm:^2.0.0": - version: 2.0.0 - resolution: "@npmcli/move-file@npm:2.0.0" - dependencies: - mkdirp: ^1.0.4 - rimraf: ^3.0.2 - checksum: 1388777b507b0c592d53f41b9d182e1a8de7763bc625fc07999b8edbc22325f074e5b3ec90af79c89d6987fdb2325bc66d59f483258543c14a43661621f841b0 - languageName: node - linkType: hard - -"@npmcli/name-from-folder@npm:^1.0.1": - version: 1.0.1 - resolution: "@npmcli/name-from-folder@npm:1.0.1" - checksum: 67339f4096e32b712d2df0250cc95c087569f09e657d7f81a1760fa2cc5123e29c3c3e1524388832310ba2d96ec4679985b643b44627f6a51f4a00c3b0075de9 - languageName: node - linkType: hard - -"@npmcli/node-gyp@npm:^2.0.0": - version: 2.0.0 - resolution: "@npmcli/node-gyp@npm:2.0.0" - checksum: b6bbf0015000f9b64d31aefdc30f244b0348c57adb64017667e0304e96c38644d83da46a4581252652f5d606268df49118f9c9993b41d8020f62b7b15dd2c8d8 - languageName: node - linkType: hard - -"@npmcli/package-json@npm:^1.0.1": - version: 1.0.1 - resolution: "@npmcli/package-json@npm:1.0.1" - dependencies: - json-parse-even-better-errors: ^2.3.1 - checksum: 08b66c8ddb1d6b678975a83006d2fe5070b3013bcb68ea9d54c0142538a614596ddfd1143183fbb8f82c5cecf477d98f3c4e473ef34df3bbf3814e97e37e18d3 - languageName: node - linkType: hard - -"@npmcli/package-json@npm:^2.0.0": - version: 2.0.0 - resolution: "@npmcli/package-json@npm:2.0.0" - dependencies: - json-parse-even-better-errors: ^2.3.1 - checksum: 7a598e42d2778654ec87438ebfafbcbafbe5a5f5e89ed2ca1db6ca3f94ef14655e304aa41f77632a2a3f5c66b6bd5960bd9370e0ceb4902ea09346720364f9e4 - languageName: node - linkType: hard - -"@npmcli/promise-spawn@npm:^3.0.0": - version: 3.0.0 - resolution: "@npmcli/promise-spawn@npm:3.0.0" - dependencies: - infer-owner: ^1.0.4 - checksum: 3454465a2731cea5875ba51f80873e2205e5bd878c31517286b0ede4ea931c7bf3de895382287e906d03710fff6f9e44186bd0eee068ce578901c5d3b58e7692 - languageName: node - linkType: hard - -"@npmcli/run-script@npm:^3.0.0, @npmcli/run-script@npm:^3.0.1": - version: 3.0.2 - resolution: "@npmcli/run-script@npm:3.0.2" - dependencies: - "@npmcli/node-gyp": ^2.0.0 - "@npmcli/promise-spawn": ^3.0.0 - node-gyp: ^9.0.0 - read-package-json-fast: ^2.0.3 - checksum: b874637640b6a025611eb46de45f0df6b599bb97925370b81430a3fc0f900e1b0d31510b6d75a4b3821d41a6915912be1102afe7fef5028f15a35a447e9d2005 - languageName: node - linkType: hard - -"@octokit/auth-token@npm:^2.4.4": - version: 2.5.0 - resolution: "@octokit/auth-token@npm:2.5.0" - dependencies: - "@octokit/types": ^6.0.3 - checksum: 45949296c09abcd6beb4c3f69d45b0c1f265f9581d2a9683cf4d1800c4cf8259c2f58d58e44c16c20bffb85a0282a176c0d51f4af300e428b863f27b910e6297 - languageName: node - linkType: hard - -"@octokit/core@npm:^3.5.1": - version: 3.5.1 - resolution: "@octokit/core@npm:3.5.1" - dependencies: - "@octokit/auth-token": ^2.4.4 - "@octokit/graphql": ^4.5.8 - "@octokit/request": ^5.6.0 - "@octokit/request-error": ^2.0.5 - "@octokit/types": ^6.0.3 - before-after-hook: ^2.2.0 - universal-user-agent: ^6.0.0 - checksum: 67179739fc9712b201f2400f132287a2c56a18506e00900bc9d2a3f742b74f1ba69ad998e42f28f3964c0bd1d5478232c1ec7b485c97702b821fbe22b76afa90 - languageName: node - linkType: hard - -"@octokit/endpoint@npm:^6.0.1": - version: 6.0.12 - resolution: "@octokit/endpoint@npm:6.0.12" - dependencies: - "@octokit/types": ^6.0.3 - is-plain-object: ^5.0.0 - universal-user-agent: ^6.0.0 - checksum: b48b29940af11c4b9bca41cf56809754bb8385d4e3a6122671799d27f0238ba575b3fde86d2d30a84f4dbbc14430940de821e56ecc6a9a92d47fc2b29a31479d - languageName: node - linkType: hard - -"@octokit/graphql@npm:^4.5.8": - version: 4.8.0 - resolution: "@octokit/graphql@npm:4.8.0" - dependencies: - "@octokit/request": ^5.6.0 - "@octokit/types": ^6.0.3 - universal-user-agent: ^6.0.0 - checksum: f68afe53f63900d4a16a0a733f2f500df2695b731f8ed32edb728d50edead7f5011437f71d069c2d2f6d656227703d0c832a3c8af58ecf82bd5dcc051f2d2d74 - languageName: node - linkType: hard - -"@octokit/openapi-types@npm:^11.2.0": - version: 11.2.0 - resolution: "@octokit/openapi-types@npm:11.2.0" - checksum: eb373ea496bc96bf0233505a0916eb38cb193d1829cab935e1cf1fd21839c402a1d835d3c0326290c756c0ed980a64d0ae73ad3c5d5decde9000f0828aa7ff52 - languageName: node - linkType: hard - -"@octokit/plugin-paginate-rest@npm:^2.16.8": - version: 2.17.0 - resolution: "@octokit/plugin-paginate-rest@npm:2.17.0" - dependencies: - "@octokit/types": ^6.34.0 - peerDependencies: - "@octokit/core": ">=2" - checksum: c8753cda6f7ede79d0e9df43a54e56020aa1c9c6887684e0e0d45cb6ee0dcabf460c3e4b8a18edabef711bb269fd826616e99e78dc29fb30d47c210c562603a0 - languageName: node - linkType: hard - -"@octokit/plugin-request-log@npm:^1.0.4": - version: 1.0.4 - resolution: "@octokit/plugin-request-log@npm:1.0.4" - peerDependencies: - "@octokit/core": ">=3" - checksum: 2086db00056aee0f8ebd79797b5b57149ae1014e757ea08985b71eec8c3d85dbb54533f4fd34b6b9ecaa760904ae6a7536be27d71e50a3782ab47809094bfc0c - languageName: node - linkType: hard - -"@octokit/plugin-rest-endpoint-methods@npm:^5.12.0": - version: 5.13.0 - resolution: "@octokit/plugin-rest-endpoint-methods@npm:5.13.0" - dependencies: - "@octokit/types": ^6.34.0 - deprecation: ^2.3.1 - peerDependencies: - "@octokit/core": ">=3" - checksum: f331457e4317130adb456b27df2a99609fb54a4dc2da6f87009e567c7325680c901abf18ad08483535bab4ec1c892e4236f4135a2804603aebb12c0698c678c8 - languageName: node - linkType: hard - -"@octokit/request-error@npm:^2.0.5, @octokit/request-error@npm:^2.1.0": - version: 2.1.0 - resolution: "@octokit/request-error@npm:2.1.0" - dependencies: - "@octokit/types": ^6.0.3 - deprecation: ^2.0.0 - once: ^1.4.0 - checksum: baec2b5700498be01b4d958f9472cb776b3f3b0ea52924323a07e7a88572e24cac2cdf7eb04a0614031ba346043558b47bea2d346e98f0e8385b4261f138ef18 - languageName: node - linkType: hard - -"@octokit/request@npm:^5.6.0": - version: 5.6.2 - resolution: "@octokit/request@npm:5.6.2" - dependencies: - "@octokit/endpoint": ^6.0.1 - "@octokit/request-error": ^2.1.0 - "@octokit/types": ^6.16.1 - is-plain-object: ^5.0.0 - node-fetch: ^2.6.1 - universal-user-agent: ^6.0.0 - checksum: 51ef3ad244b3d89ffd6d997fa0ed3e13a7a93b4c868ce5c53b0fcc93a654965135528e62d0720ebfeb7dfd586448a4a45d08fd75ba2e170cfa19d37834e49f1f - languageName: node - linkType: hard - -"@octokit/rest@npm:^18.0.0": - version: 18.12.0 - resolution: "@octokit/rest@npm:18.12.0" - dependencies: - "@octokit/core": ^3.5.1 - "@octokit/plugin-paginate-rest": ^2.16.8 - "@octokit/plugin-request-log": ^1.0.4 - "@octokit/plugin-rest-endpoint-methods": ^5.12.0 - checksum: c18bd6676a60b66819b016b0f969fcd04d8dfa04d01b7af9af9a7410ff028c621c995185e29454c23c47906da506c1e01620711259989a964ebbfd9106f5b715 - languageName: node - linkType: hard - -"@octokit/types@npm:^6.0.3, @octokit/types@npm:^6.16.1, @octokit/types@npm:^6.34.0": - version: 6.34.0 - resolution: "@octokit/types@npm:6.34.0" - dependencies: - "@octokit/openapi-types": ^11.2.0 - checksum: f122b9aee8f6baddd515e34a0913e73b21d4bc82d6ee59d77a8aaf01b4a02c10867dd013003d087a83dc96db23511893669015af6d30c27cece185e21cf1df89 - languageName: node - linkType: hard - -"@qiwi/multi-semantic-release@npm:^6.1.1": - version: 6.1.1 - resolution: "@qiwi/multi-semantic-release@npm:6.1.1" - dependencies: - "@manypkg/get-packages": ^1.1.3 - "@semrel-extra/topo": ^1.3.0 - blork: ^9.3.0 - cosmiconfig: ^7.0.1 - debug: ^4.3.4 - detect-indent: ^7.0.0 - detect-newline: ^4.0.0 - execa: ^6.1.0 - get-stream: ^6.0.1 - git-log-parser: ^1.2.0 - globby: 13.1.1 - lodash: ^4.17.21 - lodash-es: ^4.17.21 - meow: ^10.1.2 - promise-events: ^0.2.4 - semantic-release: ^19.0.2 - semver: ^7.3.6 - signale: ^1.4.0 - stream-buffers: ^3.0.2 - tempy: ^2.0.0 - bin: - multi-semantic-release: bin/cli.js - checksum: c70d85066fab083cacd5cbd09d85315f22b45212a05148ee1e214dcba488e27cd1d139d428fcbf4173f68b7fea8e79dbf8e25f6597185fbdbe516f9c0a28d489 - languageName: node - linkType: hard - -"@semantic-release/changelog@npm:^6.0.1": - version: 6.0.1 - resolution: "@semantic-release/changelog@npm:6.0.1" - dependencies: - "@semantic-release/error": ^3.0.0 - aggregate-error: ^3.0.0 - fs-extra: ^9.0.0 - lodash: ^4.17.4 - peerDependencies: - semantic-release: ">=18.0.0" - checksum: a7c999f20297f229ebb32dc65f56c3aee237d941b478a1c75f5e904382c66fc4054bf3da93b1f5382e0b689147a825665500332f70807bfed952d312d2f501ac - languageName: node - linkType: hard - -"@semantic-release/commit-analyzer@npm:^9.0.2": - version: 9.0.2 - resolution: "@semantic-release/commit-analyzer@npm:9.0.2" - dependencies: - conventional-changelog-angular: ^5.0.0 - conventional-commits-filter: ^2.0.0 - conventional-commits-parser: ^3.2.3 - debug: ^4.0.0 - import-from: ^4.0.0 - lodash: ^4.17.4 - micromatch: ^4.0.2 - peerDependencies: - semantic-release: ">=18.0.0-beta.1" - checksum: f7f759e608c0c044ba8ec1b3aabad4305ac057cc45156b60a2f8dc355f5193b84ff7c661aefd4522659172f4d6ecf80219b8b28714bd76e4eb32e734b2e6ead9 - languageName: node - linkType: hard - -"@semantic-release/error@npm:^2.2.0": - version: 2.2.0 - resolution: "@semantic-release/error@npm:2.2.0" - checksum: a264a8e16a89e5fcb104ffb2c4339fde3135b90a6d8fe4497a95fe0776a2bf77771d4c702343c47324aefee2e2a2af72f48b5310c84e8a0902fadb631272700f - languageName: node - linkType: hard - -"@semantic-release/error@npm:^3.0.0": - version: 3.0.0 - resolution: "@semantic-release/error@npm:3.0.0" - checksum: 29c4391ecbefd9ea991f8fdf5ab3ceb9c4830281da56d9dbacd945c476cb86f10c3b55cd4a6597098c0ea3a59f1ec4752132abeea633e15972f49f4704e61d35 - languageName: node - linkType: hard - -"@semantic-release/git@npm:^10.0.1": - version: 10.0.1 - resolution: "@semantic-release/git@npm:10.0.1" - dependencies: - "@semantic-release/error": ^3.0.0 - aggregate-error: ^3.0.0 - debug: ^4.0.0 - dir-glob: ^3.0.0 - execa: ^5.0.0 - lodash: ^4.17.4 - micromatch: ^4.0.0 - p-reduce: ^2.0.0 - peerDependencies: - semantic-release: ">=18.0.0" - checksum: b0a346acaf13d1bbd8d8d895bb0dee025dd6d4742769b5dd875018fff8fcfe0f5414299dbe1ed026e53b8f8b04eeceef49a3d56c5f6506016c656df95d2ced04 - languageName: node - linkType: hard - -"@semantic-release/github@npm:^8.0.0, @semantic-release/github@npm:^8.0.1": - version: 8.0.4 - resolution: "@semantic-release/github@npm:8.0.4" - dependencies: - "@octokit/rest": ^18.0.0 - "@semantic-release/error": ^2.2.0 - aggregate-error: ^3.0.0 - bottleneck: ^2.18.1 - debug: ^4.0.0 - dir-glob: ^3.0.0 - fs-extra: ^10.0.0 - globby: ^11.0.0 - http-proxy-agent: ^5.0.0 - https-proxy-agent: ^5.0.0 - issue-parser: ^6.0.0 - lodash: ^4.17.4 - mime: ^3.0.0 - p-filter: ^2.0.0 - p-retry: ^4.0.0 - url-join: ^4.0.0 - peerDependencies: - semantic-release: ">=18.0.0-beta.1" - checksum: e344b26f12891fe7ba157473d1c9c4ceebe2165cc0ba64fef36e20bc857694afe5e9c4bf196301b7b6fea2686c6a995949dc30d35d52120a8b6fef6016d76714 - languageName: node - linkType: hard - -"@semantic-release/npm@npm:^9.0.0, @semantic-release/npm@npm:^9.0.1": - version: 9.0.1 - resolution: "@semantic-release/npm@npm:9.0.1" - dependencies: - "@semantic-release/error": ^3.0.0 - aggregate-error: ^3.0.0 - execa: ^5.0.0 - fs-extra: ^10.0.0 - lodash: ^4.17.15 - nerf-dart: ^1.0.0 - normalize-url: ^6.0.0 - npm: ^8.3.0 - rc: ^1.2.8 - read-pkg: ^5.0.0 - registry-auth-token: ^4.0.0 - semver: ^7.1.2 - tempy: ^1.0.0 - peerDependencies: - semantic-release: ">=19.0.0" - checksum: cd18eab713521566ba9aacaa63c2cf76ba1796d00e3f94579c56a591b21e050340a9021127685d10d55419a6eb0b545842a7a3b785ad10a94449ea32d588ee10 - languageName: node - linkType: hard - -"@semantic-release/release-notes-generator@npm:^10.0.0": - version: 10.0.3 - resolution: "@semantic-release/release-notes-generator@npm:10.0.3" - dependencies: - conventional-changelog-angular: ^5.0.0 - conventional-changelog-writer: ^5.0.0 - conventional-commits-filter: ^2.0.0 - conventional-commits-parser: ^3.2.3 - debug: ^4.0.0 - get-stream: ^6.0.0 - import-from: ^4.0.0 - into-stream: ^6.0.0 - lodash: ^4.17.4 - read-pkg-up: ^7.0.0 - peerDependencies: - semantic-release: ">=18.0.0-beta.1" - checksum: 0237e7e6ebf41b7c6a72eea704b007442cfd05910ded7059235a5684a0e4a233b2ca3c3e39923901131e7f0a4dcb5e95737af469081529acc393223c04715505 - languageName: node - linkType: hard - -"@semrel-extra/npm@npm:^1.2.0": - version: 1.2.0 - resolution: "@semrel-extra/npm@npm:1.2.0" - checksum: ce899b2976323833695c1adba88bcc0698042a6234e0ce0742a081db23bc444215d6703d949c975beb796dad9112762b0c65d289aa6f7e0a872301fda0a9d4dd - languageName: node - linkType: hard - -"@semrel-extra/topo@npm:^1.3.0": - version: 1.3.0 - resolution: "@semrel-extra/topo@npm:1.3.0" - dependencies: - "@types/toposort": ^2.0.3 - fast-glob: ^3.2.7 - toposort: ^2.0.2 - tslib: ^2.3.1 - checksum: 34b46f0b321966ca55a618d6bd8d29764740ed5db97f510c9f3dea2c46524705d130091a132259ab22f14cac25cfdc30d3a9cab37f217cc60c8ebf60f387afb4 - languageName: node - linkType: hard - -"@sideway/address@npm:^4.1.3": - version: 4.1.3 - resolution: "@sideway/address@npm:4.1.3" - dependencies: - "@hapi/hoek": ^9.0.0 - checksum: 3c1faf6ef37a0b59b62ce42b59c012c00ef1fc4194ad6776c65c2f9a6dd6c1710c6f6362b3ca3fa582fdb93984f0cb64ca44f9f5e02940634805f5e561279c22 - languageName: node - linkType: hard - -"@sideway/formula@npm:^3.0.0": - version: 3.0.0 - resolution: "@sideway/formula@npm:3.0.0" - checksum: 8ae26a0ed6bc84f7310be6aae6eb9d81e97f382619fc69025d346871a707eaab0fa38b8c857e3f0c35a19923de129f42d35c50b8010c928d64aab41578580ec4 - languageName: node - linkType: hard - -"@sideway/pinpoint@npm:^2.0.0": - version: 2.0.0 - resolution: "@sideway/pinpoint@npm:2.0.0" - checksum: 0f4491e5897fcf5bf02c46f5c359c56a314e90ba243f42f0c100437935daa2488f20482f0f77186bd6bf43345095a95d8143ecf8b1f4d876a7bc0806aba9c3d2 - languageName: node - linkType: hard - -"@sindresorhus/is@npm:^0.7.0": - version: 0.7.0 - resolution: "@sindresorhus/is@npm:0.7.0" - checksum: decc50f6fe80b75c981bcff0a585c05259f5e04424a46a653ac9a7e065194145c463ca81001e3a229bd203f59474afadb5b1fa0af5507723f87f2dd45bd3897c - languageName: node - linkType: hard - -"@sinonjs/commons@npm:^1.7.0": - version: 1.8.3 - resolution: "@sinonjs/commons@npm:1.8.3" - dependencies: - type-detect: 4.0.8 - checksum: 6159726db5ce6bf9f2297f8427f7ca5b3dff45b31e5cee23496f1fa6ef0bb4eab878b23fb2c5e6446381f6a66aba4968ef2fc255c1180d753d4b8c271636a2e5 - languageName: node - linkType: hard - -"@sinonjs/fake-timers@npm:^8.0.1": - version: 8.1.0 - resolution: "@sinonjs/fake-timers@npm:8.1.0" - dependencies: - "@sinonjs/commons": ^1.7.0 - checksum: 09b5a158ce013a6c37613258bad79ca4efeb99b1f59c41c73cca36cac00b258aefcf46eeea970fccf06b989414d86fe9f54c1102272c0c3bdd51a313cea80949 - languageName: node - linkType: hard - -"@tootallnate/once@npm:1": - version: 1.1.2 - resolution: "@tootallnate/once@npm:1.1.2" - checksum: e1fb1bbbc12089a0cb9433dc290f97bddd062deadb6178ce9bcb93bb7c1aecde5e60184bc7065aec42fe1663622a213493c48bbd4972d931aae48315f18e1be9 - languageName: node - linkType: hard - -"@tootallnate/once@npm:2": - version: 2.0.0 - resolution: "@tootallnate/once@npm:2.0.0" - checksum: ad87447820dd3f24825d2d947ebc03072b20a42bfc96cbafec16bff8bbda6c1a81fcb0be56d5b21968560c5359a0af4038a68ba150c3e1694fe4c109a063bed8 - languageName: node - linkType: hard - -"@types/babel__core@npm:^7.0.0, @types/babel__core@npm:^7.1.14": - version: 7.1.18 - resolution: "@types/babel__core@npm:7.1.18" - dependencies: - "@babel/parser": ^7.1.0 - "@babel/types": ^7.0.0 - "@types/babel__generator": "*" - "@types/babel__template": "*" - "@types/babel__traverse": "*" - checksum: 2e5b5d7c84f347d3789575486e58b0df5c91613abc3d27e716274aba3048518e07e1f068250ba829e2ed58532ccc88da595ce95ba2688e7bbcd7c25a3c6627ed - languageName: node - linkType: hard - -"@types/babel__generator@npm:*": - version: 7.6.4 - resolution: "@types/babel__generator@npm:7.6.4" - dependencies: - "@babel/types": ^7.0.0 - checksum: 20effbbb5f8a3a0211e95959d06ae70c097fb6191011b73b38fe86deebefad8e09ee014605e0fd3cdaedc73d158be555866810e9166e1f09e4cfd880b874dcb0 - languageName: node - linkType: hard - -"@types/babel__template@npm:*": - version: 7.4.1 - resolution: "@types/babel__template@npm:7.4.1" - dependencies: - "@babel/parser": ^7.1.0 - "@babel/types": ^7.0.0 - checksum: 649fe8b42c2876be1fd28c6ed9b276f78152d5904ec290b6c861d9ef324206e0a5c242e8305c421ac52ecf6358fa7e32ab7a692f55370484825c1df29b1596ee - languageName: node - linkType: hard - -"@types/babel__traverse@npm:*, @types/babel__traverse@npm:^7.0.4, @types/babel__traverse@npm:^7.0.6": - version: 7.14.2 - resolution: "@types/babel__traverse@npm:7.14.2" - dependencies: - "@babel/types": ^7.3.0 - checksum: a797ea09c72307569e3ee08aa3900ca744ce3091114084f2dc59b67a45ee7d01df7865252790dbfa787a7915ce892cdc820c9b920f3683292765fc656b08dc63 - languageName: node - linkType: hard - -"@types/graceful-fs@npm:^4.1.2": - version: 4.1.5 - resolution: "@types/graceful-fs@npm:4.1.5" - dependencies: - "@types/node": "*" - checksum: d076bb61f45d0fc42dee496ef8b1c2f8742e15d5e47e90e20d0243386e426c04d4efd408a48875ab432f7960b4ce3414db20ed0fbbfc7bcc89d84e574f6e045a - languageName: node - linkType: hard - -"@types/istanbul-lib-coverage@npm:*, @types/istanbul-lib-coverage@npm:^2.0.0, @types/istanbul-lib-coverage@npm:^2.0.1": - version: 2.0.4 - resolution: "@types/istanbul-lib-coverage@npm:2.0.4" - checksum: a25d7589ee65c94d31464c16b72a9dc81dfa0bea9d3e105ae03882d616e2a0712a9c101a599ec482d297c3591e16336962878cb3eb1a0a62d5b76d277a890ce7 - languageName: node - linkType: hard - -"@types/istanbul-lib-report@npm:*": - version: 3.0.0 - resolution: "@types/istanbul-lib-report@npm:3.0.0" - dependencies: - "@types/istanbul-lib-coverage": "*" - checksum: 656398b62dc288e1b5226f8880af98087233cdb90100655c989a09f3052b5775bf98ba58a16c5ae642fb66c61aba402e07a9f2bff1d1569e3b306026c59f3f36 - languageName: node - linkType: hard - -"@types/istanbul-reports@npm:^3.0.0": - version: 3.0.1 - resolution: "@types/istanbul-reports@npm:3.0.1" - dependencies: - "@types/istanbul-lib-report": "*" - checksum: f1ad54bc68f37f60b30c7915886b92f86b847033e597f9b34f2415acdbe5ed742fa559a0a40050d74cdba3b6a63c342cac1f3a64dba5b68b66a6941f4abd7903 - languageName: node - linkType: hard - -"@types/jest@npm:^27.0.3, @types/jest@npm:^27.4.0": - version: 27.4.0 - resolution: "@types/jest@npm:27.4.0" - dependencies: - jest-diff: ^27.0.0 - pretty-format: ^27.0.0 - checksum: d2350267f954f9a2e4a15e5f02fbf19a77abfb9fd9e57a954de1fb0e9a0d3d5f8d3646ac7d9c42aeb4b4d828d2e70624ec149c85bb50a48634a54eed8429e1f8 - languageName: node - linkType: hard - -"@types/json-schema@npm:^7.0.7": - version: 7.0.9 - resolution: "@types/json-schema@npm:7.0.9" - checksum: 259d0e25f11a21ba5c708f7ea47196bd396e379fddb79c76f9f4f62c945879dc21657904914313ec2754e443c5018ea8372362f323f30e0792897fdb2098a705 - languageName: node - linkType: hard - -"@types/json5@npm:^0.0.29": - version: 0.0.29 - resolution: "@types/json5@npm:0.0.29" - checksum: e60b153664572116dfea673c5bda7778dbff150498f44f998e34b5886d8afc47f16799280e4b6e241c0472aef1bc36add771c569c68fc5125fc2ae519a3eb9ac - languageName: node - linkType: hard - -"@types/keyv@npm:^3.1.1": - version: 3.1.4 - resolution: "@types/keyv@npm:3.1.4" - dependencies: - "@types/node": "*" - checksum: e009a2bfb50e90ca9b7c6e8f648f8464067271fd99116f881073fa6fa76dc8d0133181dd65e6614d5fb1220d671d67b0124aef7d97dc02d7e342ab143a47779d - languageName: node - linkType: hard - -"@types/minimist@npm:^1.2.0, @types/minimist@npm:^1.2.2": - version: 1.2.2 - resolution: "@types/minimist@npm:1.2.2" - checksum: b8da83c66eb4aac0440e64674b19564d9d86c80ae273144db9681e5eeff66f238ade9515f5006ffbfa955ceff8b89ad2bd8ec577d7caee74ba101431fb07045d - languageName: node - linkType: hard - -"@types/node@npm:*, @types/node@npm:^12.7.1": - version: 12.20.41 - resolution: "@types/node@npm:12.20.41" - checksum: ff90d10f9831e86abf1f17581a70a81e5b6c3be97ec0b02972e6c3201fd19a40f6b230d4346ef7aaf023f24fef07a2131aeb68773ef3b14c3a17da8fbe05e439 - languageName: node - linkType: hard - -"@types/node@npm:^15.12.4": - version: 15.14.9 - resolution: "@types/node@npm:15.14.9" - checksum: 49f7f0522a3af4b8389aee660e88426490cd54b86356672a1fedb49919a8797c00d090ec2dcc4a5df34edc2099d57fc2203d796c4e7fbd382f2022ccd789eee7 - languageName: node - linkType: hard - -"@types/node@npm:^17.0.8": - version: 17.0.8 - resolution: "@types/node@npm:17.0.8" - checksum: f4cadeb9e602027520abc88c77142697e33cf6ac98bb02f8b595a398603cbd33df1f94d01c055c9f13cde0c8eaafc5e396ca72645458d42b4318b845bc7f1d0f - languageName: node - linkType: hard - -"@types/normalize-package-data@npm:^2.4.0": - version: 2.4.1 - resolution: "@types/normalize-package-data@npm:2.4.1" - checksum: e87bccbf11f95035c89a132b52b79ce69a1e3652fe55962363063c9c0dae0fe2477ebc585e03a9652adc6f381d24ba5589cc5e51849df4ced3d3e004a7d40ed5 - languageName: node - linkType: hard - -"@types/parse-json@npm:^4.0.0": - version: 4.0.0 - resolution: "@types/parse-json@npm:4.0.0" - checksum: fd6bce2b674b6efc3db4c7c3d336bd70c90838e8439de639b909ce22f3720d21344f52427f1d9e57b265fcb7f6c018699b99e5e0c208a1a4823014269a6bf35b - languageName: node - linkType: hard - -"@types/pino-pretty@npm:*": - version: 4.7.4 - resolution: "@types/pino-pretty@npm:4.7.4" - dependencies: - "@types/node": "*" - "@types/pino": 6.3 - checksum: 1fc6e73de3ffc23eacb69070212e4dd838dd3a353326072aaf68bf5a4418f919c535cc4719a0c51ec6832f298f1d8da9d97376c748166c61369b77ffde858aec - languageName: node - linkType: hard - -"@types/pino-std-serializers@npm:*": - version: 2.4.1 - resolution: "@types/pino-std-serializers@npm:2.4.1" - dependencies: - "@types/node": "*" - checksum: a156e25882db9aade2576dbe6414379efcdd4fad24211d3f22f20e0cd4bee569215799ee5cd9b2b15282f18461a8a54573ff42bf6bee5d35b72513be2f78bdec - languageName: node - linkType: hard - -"@types/pino@npm:6.3, @types/pino@npm:^6.3.11": - version: 6.3.12 - resolution: "@types/pino@npm:6.3.12" - dependencies: - "@types/node": "*" - "@types/pino-pretty": "*" - "@types/pino-std-serializers": "*" - sonic-boom: ^2.1.0 - checksum: 801735146669312d02459781e5180220630eaef643da36dc5a9a97520e7ecc3da7270f31a86fcdcb1dc835073c9143fc628024ba5e3a0ea7cbb86aada4897709 - languageName: node - linkType: hard - -"@types/prettier@npm:^2.1.5": - version: 2.4.2 - resolution: "@types/prettier@npm:2.4.2" - checksum: 76e230b2d11028af11fe12e09b2d5b10b03738e9abf819ae6ebb0f78cac13d39f860755ce05ac3855b608222518d956628f5d00322dc206cc6d1f2d8d1519f1e - languageName: node - linkType: hard - -"@types/responselike@npm:^1.0.0": - version: 1.0.0 - resolution: "@types/responselike@npm:1.0.0" - dependencies: - "@types/node": "*" - checksum: e99fc7cc6265407987b30deda54c1c24bb1478803faf6037557a774b2f034c5b097ffd65847daa87e82a61a250d919f35c3588654b0fdaa816906650f596d1b0 - languageName: node - linkType: hard - -"@types/retry@npm:^0.12.0": - version: 0.12.1 - resolution: "@types/retry@npm:0.12.1" - checksum: 5f46b2556053655f78262bb33040dc58417c900457cc63ff37d6c35349814471453ef511af0cec76a540c601296cd2b22f64bab1ab649c0dacc0223765ba876c - languageName: node - linkType: hard - -"@types/stack-utils@npm:^2.0.0": - version: 2.0.1 - resolution: "@types/stack-utils@npm:2.0.1" - checksum: 205fdbe3326b7046d7eaf5e494d8084f2659086a266f3f9cf00bccc549c8e36e407f88168ad4383c8b07099957ad669f75f2532ed4bc70be2b037330f7bae019 - languageName: node - linkType: hard - -"@types/toposort@npm:^2.0.3": - version: 2.0.3 - resolution: "@types/toposort@npm:2.0.3" - checksum: 018a372a899fd417d67ed85cb98bd3f15915020b865257b9e795e443bcfa0df79c6c44693ba88cbdd9e54ca872cecb91bf46764ec03c5b63968b2234804d14d2 - languageName: node - linkType: hard - -"@types/yargs-parser@npm:*": - version: 20.2.1 - resolution: "@types/yargs-parser@npm:20.2.1" - checksum: 1d039e64494a7a61ddd278349a3dc60b19f99ff0517425696e796f794e4252452b9d62178e69755ad03f439f9dc0c8c3d7b3a1201b3a24e134bac1a09fa11eaa - languageName: node - linkType: hard - -"@types/yargs@npm:^16.0.0": - version: 16.0.4 - resolution: "@types/yargs@npm:16.0.4" - dependencies: - "@types/yargs-parser": "*" - checksum: caa21d2c957592fe2184a8368c8cbe5a82a6c2e2f2893722e489f842dc5963293d2f3120bc06fe3933d60a3a0d1e2eb269649fd6b1947fe1820f8841ba611dd9 - languageName: node - linkType: hard - -"@typescript-eslint/eslint-plugin@npm:^4.28.5": - version: 4.33.0 - resolution: "@typescript-eslint/eslint-plugin@npm:4.33.0" - dependencies: - "@typescript-eslint/experimental-utils": 4.33.0 - "@typescript-eslint/scope-manager": 4.33.0 - debug: ^4.3.1 - functional-red-black-tree: ^1.0.1 - ignore: ^5.1.8 - regexpp: ^3.1.0 - semver: ^7.3.5 - tsutils: ^3.21.0 - peerDependencies: - "@typescript-eslint/parser": ^4.0.0 - eslint: ^5.0.0 || ^6.0.0 || ^7.0.0 - peerDependenciesMeta: - typescript: - optional: true - checksum: d74855d0a5ffe0b2f362ec02fcd9301d39a53fb4155b9bd0cb15a0a31d065143129ebf98df9d86af4b6f74de1d423a4c0d8c0095520844068117453afda5bc4f - languageName: node - linkType: hard - -"@typescript-eslint/experimental-utils@npm:4.33.0": - version: 4.33.0 - resolution: "@typescript-eslint/experimental-utils@npm:4.33.0" - dependencies: - "@types/json-schema": ^7.0.7 - "@typescript-eslint/scope-manager": 4.33.0 - "@typescript-eslint/types": 4.33.0 - "@typescript-eslint/typescript-estree": 4.33.0 - eslint-scope: ^5.1.1 - eslint-utils: ^3.0.0 - peerDependencies: - eslint: "*" - checksum: f859800ada0884f92db6856f24efcb1d073ac9883ddc2b1aa9339f392215487895bed8447ebce3741e8141bb32e545244abef62b73193ba9a8a0527c523aabae - languageName: node - linkType: hard - -"@typescript-eslint/parser@npm:^4.28.5": - version: 4.33.0 - resolution: "@typescript-eslint/parser@npm:4.33.0" - dependencies: - "@typescript-eslint/scope-manager": 4.33.0 - "@typescript-eslint/types": 4.33.0 - "@typescript-eslint/typescript-estree": 4.33.0 - debug: ^4.3.1 - peerDependencies: - eslint: ^5.0.0 || ^6.0.0 || ^7.0.0 - peerDependenciesMeta: - typescript: - optional: true - checksum: 102457eae1acd516211098fea081c8a2ed728522bbda7f5a557b6ef23d88970514f9a0f6285d53fca134d3d4d7d17822b5d5e12438d5918df4d1f89cc9e67d57 - languageName: node - linkType: hard - -"@typescript-eslint/scope-manager@npm:4.33.0": - version: 4.33.0 - resolution: "@typescript-eslint/scope-manager@npm:4.33.0" - dependencies: - "@typescript-eslint/types": 4.33.0 - "@typescript-eslint/visitor-keys": 4.33.0 - checksum: 9a25fb7ba7c725ea7227a24d315b0f6aacbad002e2549a049edf723c1d3615c22f5c301f0d7d615b377f2cdf2f3519d97e79af0c459de6ef8d2aaf0906dff13e - languageName: node - linkType: hard - -"@typescript-eslint/types@npm:4.33.0": - version: 4.33.0 - resolution: "@typescript-eslint/types@npm:4.33.0" - checksum: 3baae1ca35872421b4eb60f5d3f3f32dc1d513f2ae0a67dee28c7d159fd7a43ed0d11a8a5a0f0c2d38507ffa036fc7c511cb0f18a5e8ac524b3ebde77390ec53 - languageName: node - linkType: hard - -"@typescript-eslint/typescript-estree@npm:4.33.0": - version: 4.33.0 - resolution: "@typescript-eslint/typescript-estree@npm:4.33.0" - dependencies: - "@typescript-eslint/types": 4.33.0 - "@typescript-eslint/visitor-keys": 4.33.0 - debug: ^4.3.1 - globby: ^11.0.3 - is-glob: ^4.0.1 - semver: ^7.3.5 - tsutils: ^3.21.0 - peerDependenciesMeta: - typescript: - optional: true - checksum: 2566984390c76bd95f43240057215c068c69769e406e27aba41e9f21fd300074d6772e4983fa58fe61e80eb5550af1548d2e31e80550d92ba1d051bb00fe6f5c - languageName: node - linkType: hard - -"@typescript-eslint/visitor-keys@npm:4.33.0": - version: 4.33.0 - resolution: "@typescript-eslint/visitor-keys@npm:4.33.0" - dependencies: - "@typescript-eslint/types": 4.33.0 - eslint-visitor-keys: ^2.0.0 - checksum: 59953e474ad4610c1aa23b2b1a964445e2c6201521da6367752f37939d854352bbfced5c04ea539274065e012b1337ba3ffa49c2647a240a4e87155378ba9873 - languageName: node - linkType: hard - -"JSONStream@npm:^1.0.4": - version: 1.3.5 - resolution: "JSONStream@npm:1.3.5" - dependencies: - jsonparse: ^1.2.0 - through: ">=2.2.7 <3" - bin: - JSONStream: ./bin.js - checksum: 2605fa124260c61bad38bb65eba30d2f72216a78e94d0ab19b11b4e0327d572b8d530c0c9cc3b0764f727ad26d39e00bf7ebad57781ca6368394d73169c59e46 - languageName: node - linkType: hard - -"abab@npm:^2.0.3, abab@npm:^2.0.5": - version: 2.0.5 - resolution: "abab@npm:2.0.5" - checksum: 0ec951b46d5418c2c2f923021ec193eaebdb4e802ffd5506286781b454be722a13a8430f98085cd3e204918401d9130ec6cc8f5ae19be315b3a0e857d83196e1 - languageName: node - linkType: hard - -"abbrev@npm:1, abbrev@npm:~1.1.1": - version: 1.1.1 - resolution: "abbrev@npm:1.1.1" - checksum: a4a97ec07d7ea112c517036882b2ac22f3109b7b19077dc656316d07d308438aac28e4d9746dc4d84bf6b1e75b4a7b0a5f3cb30592419f128ca9a8cee3bcfa17 - languageName: node - linkType: hard - -"acorn-globals@npm:^6.0.0": - version: 6.0.0 - resolution: "acorn-globals@npm:6.0.0" - dependencies: - acorn: ^7.1.1 - acorn-walk: ^7.1.1 - checksum: 72d95e5b5e585f9acd019b993ab8bbba68bb3cbc9d9b5c1ebb3c2f1fe5981f11deababfb4949f48e6262f9c57878837f5958c0cca396f81023814680ca878042 - languageName: node - linkType: hard - -"acorn-jsx@npm:^5.3.1": - version: 5.3.2 - resolution: "acorn-jsx@npm:5.3.2" - peerDependencies: - acorn: ^6.0.0 || ^7.0.0 || ^8.0.0 - checksum: c3d3b2a89c9a056b205b69530a37b972b404ee46ec8e5b341666f9513d3163e2a4f214a71f4dfc7370f5a9c07472d2fd1c11c91c3f03d093e37637d95da98950 - languageName: node - linkType: hard - -"acorn-walk@npm:^7.1.1": - version: 7.2.0 - resolution: "acorn-walk@npm:7.2.0" - checksum: 9252158a79b9d92f1bc0dd6acc0fcfb87a67339e84bcc301bb33d6078936d27e35d606b4d35626d2962cd43c256d6f27717e70cbe15c04fff999ab0b2260b21f - languageName: node - linkType: hard - -"acorn@npm:^7.1.1, acorn@npm:^7.4.0": - version: 7.4.1 - resolution: "acorn@npm:7.4.1" - bin: - acorn: bin/acorn - checksum: 1860f23c2107c910c6177b7b7be71be350db9e1080d814493fae143ae37605189504152d1ba8743ba3178d0b37269ce1ffc42b101547fdc1827078f82671e407 - languageName: node - linkType: hard - -"acorn@npm:^8.2.4": - version: 8.7.0 - resolution: "acorn@npm:8.7.0" - bin: - acorn: bin/acorn - checksum: e0f79409d68923fbf1aa6d4166f3eedc47955320d25c89a20cc822e6ba7c48c5963d5bc657bc242d68f7a4ac9faf96eef033e8f73656da6c640d4219935fdfd0 - languageName: node - linkType: hard - -"agent-base@npm:6, agent-base@npm:^6.0.2": - version: 6.0.2 - resolution: "agent-base@npm:6.0.2" - dependencies: - debug: 4 - checksum: f52b6872cc96fd5f622071b71ef200e01c7c4c454ee68bc9accca90c98cfb39f2810e3e9aa330435835eedc8c23f4f8a15267f67c6e245d2b33757575bdac49d - languageName: node - linkType: hard - -"agentkeepalive@npm:^4.2.1": - version: 4.2.1 - resolution: "agentkeepalive@npm:4.2.1" - dependencies: - debug: ^4.1.0 - depd: ^1.1.2 - humanize-ms: ^1.2.1 - checksum: 39cb49ed8cf217fd6da058a92828a0a84e0b74c35550f82ee0a10e1ee403c4b78ade7948be2279b188b7a7303f5d396ea2738b134731e464bf28de00a4f72a18 - languageName: node - linkType: hard - -"aggregate-error@npm:^3.0.0": - version: 3.1.0 - resolution: "aggregate-error@npm:3.1.0" - dependencies: - clean-stack: ^2.0.0 - indent-string: ^4.0.0 - checksum: 1101a33f21baa27a2fa8e04b698271e64616b886795fd43c31068c07533c7b3facfcaf4e9e0cab3624bd88f729a592f1c901a1a229c9e490eafce411a8644b79 - languageName: node - linkType: hard - -"ajv@npm:^6.10.0, ajv@npm:^6.12.4": - version: 6.12.6 - resolution: "ajv@npm:6.12.6" - dependencies: - fast-deep-equal: ^3.1.1 - fast-json-stable-stringify: ^2.0.0 - json-schema-traverse: ^0.4.1 - uri-js: ^4.2.2 - checksum: 874972efe5c4202ab0a68379481fbd3d1b5d0a7bd6d3cc21d40d3536ebff3352a2a1fabb632d4fd2cc7fe4cbdcd5ed6782084c9bbf7f32a1536d18f9da5007d4 - languageName: node - linkType: hard - -"ajv@npm:^8.0.1": - version: 8.8.2 - resolution: "ajv@npm:8.8.2" - dependencies: - fast-deep-equal: ^3.1.1 - json-schema-traverse: ^1.0.0 - require-from-string: ^2.0.2 - uri-js: ^4.2.2 - checksum: 90849ef03c4f4f7051d15f655120137b89e3205537d683beebd39d95f40c0ca00ea8476cd999602d2f433863e7e4bf1b81d1869d1e07f4dcf56d71b6430a605c - languageName: node - linkType: hard - -"ansi-colors@npm:^4.1.1": - version: 4.1.1 - resolution: "ansi-colors@npm:4.1.1" - checksum: 138d04a51076cb085da0a7e2d000c5c0bb09f6e772ed5c65c53cb118d37f6c5f1637506d7155fb5f330f0abcf6f12fa2e489ac3f8cdab9da393bf1bb4f9a32b0 - languageName: node - linkType: hard - -"ansi-escapes@npm:^4.2.1": - version: 4.3.2 - resolution: "ansi-escapes@npm:4.3.2" - dependencies: - type-fest: ^0.21.3 - checksum: 93111c42189c0a6bed9cdb4d7f2829548e943827ee8479c74d6e0b22ee127b2a21d3f8b5ca57723b8ef78ce011fbfc2784350eb2bde3ccfccf2f575fa8489815 - languageName: node - linkType: hard - -"ansi-escapes@npm:^5.0.0": - version: 5.0.0 - resolution: "ansi-escapes@npm:5.0.0" - dependencies: - type-fest: ^1.0.2 - checksum: d4b5eb8207df38367945f5dd2ef41e08c28edc192dc766ef18af6b53736682f49d8bfcfa4e4d6ecbc2e2f97c258fda084fb29a9e43b69170b71090f771afccac - languageName: node - linkType: hard - -"ansi-regex@npm:^5.0.1": - version: 5.0.1 - resolution: "ansi-regex@npm:5.0.1" - checksum: 2aa4bb54caf2d622f1afdad09441695af2a83aa3fe8b8afa581d205e57ed4261c183c4d3877cee25794443fde5876417d859c108078ab788d6af7e4fe52eb66b - languageName: node - linkType: hard - -"ansi-styles@npm:^4.0.0, ansi-styles@npm:^4.1.0, ansi-styles@npm:^4.3.0": - version: 4.3.0 - resolution: "ansi-styles@npm:4.3.0" - dependencies: - color-convert: ^2.0.1 - checksum: 513b44c3b2105dd14cc42a19271e80f386466c4be574bccf60b627432f9198571ebf4ab1e4c3ba17347658f4ee1711c163d574248c0c1cdc2d5917a0ad582ec4 - languageName: node - linkType: hard - -"ansi-styles@npm:^5.0.0": - version: 5.2.0 - resolution: "ansi-styles@npm:5.2.0" - checksum: d7f4e97ce0623aea6bc0d90dcd28881ee04cba06c570b97fd3391bd7a268eedfd9d5e2dd4fdcbdd82b8105df5faf6f24aaedc08eaf3da898e702db5948f63469 - languageName: node - linkType: hard - -"ansicolors@npm:~0.3.2": - version: 0.3.2 - resolution: "ansicolors@npm:0.3.2" - checksum: e84fae7ebc27ac96d9dbb57f35f078cd6dde1b7046b0f03f73dcefc9fbb1f2e82e3685d083466aded8faf038f9fa9ebb408d215282bcd7aaa301d5ac3c486815 - languageName: node - linkType: hard - -"ansistyles@npm:~0.1.3": - version: 0.1.3 - resolution: "ansistyles@npm:0.1.3" - checksum: 0072507f97e46cc3cb71439f1c0935ceec5c8bca812ebb5034b9f8f6a9ee7d65cdc150c375b8d56643fc8305a08542f6df3a1cd6c80e32eba0b27c4e72da4efd - languageName: node - linkType: hard - -"anymatch@npm:^1.3.0": - version: 1.3.2 - resolution: "anymatch@npm:1.3.2" - dependencies: - micromatch: ^2.1.5 - normalize-path: ^2.0.0 - checksum: b197f2adb8217d73da7691be10ca508dae86b20cba34c0fe022fe20caad94cf48be56d600d57554916aaf4f03d0cfadda58fe99676e4450749a9c284c9d4975e - languageName: node - linkType: hard - -"anymatch@npm:^3.0.3": - version: 3.1.2 - resolution: "anymatch@npm:3.1.2" - dependencies: - normalize-path: ^3.0.0 - picomatch: ^2.0.4 - checksum: 985163db2292fac9e5a1e072bf99f1b5baccf196e4de25a0b0b81865ebddeb3b3eb4480734ef0a2ac8c002845396b91aa89121f5b84f93981a4658164a9ec6e9 - languageName: node - linkType: hard - -"aproba@npm:^1.0.3 || ^2.0.0, aproba@npm:^2.0.0": - version: 2.0.0 - resolution: "aproba@npm:2.0.0" - checksum: 5615cadcfb45289eea63f8afd064ab656006361020e1735112e346593856f87435e02d8dcc7ff0d11928bc7d425f27bc7c2a84f6c0b35ab0ff659c814c138a24 - languageName: node - linkType: hard - -"archive-type@npm:^4.0.0": - version: 4.0.0 - resolution: "archive-type@npm:4.0.0" - dependencies: - file-type: ^4.2.0 - checksum: 271f0d118294dd0305831f0700b635e8a9475f97693212d548eee48017f917e14349a25ad578f8e13486ba4b7cde1972d53e613d980e8738cfccea5fc626c76f - languageName: node - linkType: hard - -"archy@npm:~1.0.0": - version: 1.0.0 - resolution: "archy@npm:1.0.0" - checksum: 504ae7af655130bab9f471343cfdb054feaec7d8e300e13348bc9fe9e660f83d422e473069584f73233c701ae37d1c8452ff2522f2a20c38849e0f406f1732ac - languageName: node - linkType: hard - -"are-we-there-yet@npm:^3.0.0": - version: 3.0.0 - resolution: "are-we-there-yet@npm:3.0.0" - dependencies: - delegates: ^1.0.0 - readable-stream: ^3.6.0 - checksum: 348edfdd931b0b50868b55402c01c3f64df1d4c229ab6f063539a5025fd6c5f5bb8a0cab409bbed8d75d34762d22aa91b7c20b4204eb8177063158d9ba792981 - languageName: node - linkType: hard - -"argparse@npm:^1.0.7": - version: 1.0.10 - resolution: "argparse@npm:1.0.10" - dependencies: - sprintf-js: ~1.0.2 - checksum: 7ca6e45583a28de7258e39e13d81e925cfa25d7d4aacbf806a382d3c02fcb13403a07fb8aeef949f10a7cfe4a62da0e2e807b348a5980554cc28ee573ef95945 - languageName: node - linkType: hard - -"argv-formatter@npm:~1.0.0": - version: 1.0.0 - resolution: "argv-formatter@npm:1.0.0" - checksum: cf95ea091f4eb0fefdbbc595dbe2e307afee16fc87aad48d72e5e45d5b0b59566dbaa77e45d515242289670904838a501313efffb48ff02f49c6de0c03536a54 - languageName: node - linkType: hard - -"arr-diff@npm:^2.0.0": - version: 2.0.0 - resolution: "arr-diff@npm:2.0.0" - dependencies: - arr-flatten: ^1.0.1 - checksum: b56e8d34e8c8d8dba40de3235c61e3ef4e3626486d6d1c83c34fba4fe6187eff96ffde872100e834e8931e724a96ab9dbd71b0bf0068ba5a3deb7d19cb596892 - languageName: node - linkType: hard - -"arr-diff@npm:^4.0.0": - version: 4.0.0 - resolution: "arr-diff@npm:4.0.0" - checksum: ea7c8834842ad3869297f7915689bef3494fd5b102ac678c13ffccab672d3d1f35802b79e90c4cfec2f424af3392e44112d1ccf65da34562ed75e049597276a0 - languageName: node - linkType: hard - -"arr-flatten@npm:^1.0.1, arr-flatten@npm:^1.1.0": - version: 1.1.0 - resolution: "arr-flatten@npm:1.1.0" - checksum: 963fe12564fca2f72c055f3f6c206b9e031f7c433a0c66ca9858b484821f248c5b1e5d53c8e4989d80d764cd776cf6d9b160ad05f47bdc63022bfd63b5455e22 - languageName: node - linkType: hard - -"arr-union@npm:^3.1.0": - version: 3.1.0 - resolution: "arr-union@npm:3.1.0" - checksum: b5b0408c6eb7591143c394f3be082fee690ddd21f0fdde0a0a01106799e847f67fcae1b7e56b0a0c173290e29c6aca9562e82b300708a268bc8f88f3d6613cb9 - languageName: node - linkType: hard - -"array-ify@npm:^1.0.0": - version: 1.0.0 - resolution: "array-ify@npm:1.0.0" - checksum: c0502015b319c93dd4484f18036bcc4b654eb76a4aa1f04afbcef11ac918859bb1f5d71ba1f0f1141770db9eef1a4f40f1761753650873068010bbf7bcdae4a4 - languageName: node - linkType: hard - -"array-includes@npm:^3.1.4": - version: 3.1.4 - resolution: "array-includes@npm:3.1.4" - dependencies: - call-bind: ^1.0.2 - define-properties: ^1.1.3 - es-abstract: ^1.19.1 - get-intrinsic: ^1.1.1 - is-string: ^1.0.7 - checksum: 69967c38c52698f84b50a7aed5554aadc89c6ac6399b6d92ad061a5952f8423b4bba054c51d40963f791dfa294d7247cdd7988b6b1f2c5861477031c6386e1c0 - languageName: node - linkType: hard - -"array-union@npm:^2.1.0": - version: 2.1.0 - resolution: "array-union@npm:2.1.0" - checksum: 5bee12395cba82da674931df6d0fea23c4aa4660cb3b338ced9f828782a65caa232573e6bf3968f23e0c5eb301764a382cef2f128b170a9dc59de0e36c39f98d - languageName: node - linkType: hard - -"array-unique@npm:^0.2.1": - version: 0.2.1 - resolution: "array-unique@npm:0.2.1" - checksum: 899deaf07abedf17ee89a757c7bcc9253fb248a7f6c394a1fec9ec3f3ac244314feb3048efee80ed7fdcb047960e32d7c234291bfd26b78ced668c346d9f4e3c - languageName: node - linkType: hard - -"array-unique@npm:^0.3.2": - version: 0.3.2 - resolution: "array-unique@npm:0.3.2" - checksum: da344b89cfa6b0a5c221f965c21638bfb76b57b45184a01135382186924f55973cd9b171d4dad6bf606c6d9d36b0d721d091afdc9791535ead97ccbe78f8a888 - languageName: node - linkType: hard - -"array.prototype.flat@npm:^1.2.5": - version: 1.2.5 - resolution: "array.prototype.flat@npm:1.2.5" - dependencies: - call-bind: ^1.0.2 - define-properties: ^1.1.3 - es-abstract: ^1.19.0 - checksum: 9cc6414b111abfc7717e39546e4887b1e5ec74df8f1618d83425deaa95752bf05d475d1d241253b4d88d4a01f8e1bc84845ad5b7cc2047f8db2f614512acd40e - languageName: node - linkType: hard - -"arrify@npm:^1.0.1": - version: 1.0.1 - resolution: "arrify@npm:1.0.1" - checksum: 745075dd4a4624ff0225c331dacb99be501a515d39bcb7c84d24660314a6ec28e68131b137e6f7e16318170842ce97538cd298fc4cd6b2cc798e0b957f2747e7 - languageName: node - linkType: hard - -"asap@npm:^2.0.0": - version: 2.0.6 - resolution: "asap@npm:2.0.6" - checksum: b296c92c4b969e973260e47523207cd5769abd27c245a68c26dc7a0fe8053c55bb04360237cb51cab1df52be939da77150ace99ad331fb7fb13b3423ed73ff3d - languageName: node - linkType: hard - -"assign-symbols@npm:^1.0.0": - version: 1.0.0 - resolution: "assign-symbols@npm:1.0.0" - checksum: c0eb895911d05b6b2d245154f70461c5e42c107457972e5ebba38d48967870dee53bcdf6c7047990586daa80fab8dab3cc6300800fbd47b454247fdedd859a2c - languageName: node - linkType: hard - -"astral-regex@npm:^2.0.0": - version: 2.0.0 - resolution: "astral-regex@npm:2.0.0" - checksum: 876231688c66400473ba505731df37ea436e574dd524520294cc3bbc54ea40334865e01fa0d074d74d036ee874ee7e62f486ea38bc421ee8e6a871c06f011766 - languageName: node - linkType: hard - -"async-each@npm:^1.0.0": - version: 1.0.3 - resolution: "async-each@npm:1.0.3" - checksum: 868651cfeb209970b367fbb96df1e1c8dc0b22c681cda7238417005ab2a5fbd944ee524b43f2692977259a57b7cc2547e03ff68f2b5113dbdf953d48cc078dc3 - languageName: node - linkType: hard - -"asynckit@npm:^0.4.0": - version: 0.4.0 - resolution: "asynckit@npm:0.4.0" - checksum: 7b78c451df768adba04e2d02e63e2d0bf3b07adcd6e42b4cf665cb7ce899bedd344c69a1dcbce355b5f972d597b25aaa1c1742b52cffd9caccb22f348114f6be - languageName: node - linkType: hard - -"at-least-node@npm:^1.0.0": - version: 1.0.0 - resolution: "at-least-node@npm:1.0.0" - checksum: 463e2f8e43384f1afb54bc68485c436d7622acec08b6fad269b421cb1d29cebb5af751426793d0961ed243146fe4dc983402f6d5a51b720b277818dbf6f2e49e - languageName: node - linkType: hard - -"atob@npm:^2.1.2": - version: 2.1.2 - resolution: "atob@npm:2.1.2" - bin: - atob: bin/atob.js - checksum: dfeeeb70090c5ebea7be4b9f787f866686c645d9f39a0d184c817252d0cf08455ed25267d79c03254d3be1f03ac399992a792edcd5ffb9c91e097ab5ef42833a - languageName: node - linkType: hard - -"atomic-sleep@npm:^1.0.0": - version: 1.0.0 - resolution: "atomic-sleep@npm:1.0.0" - checksum: b95275afb2f80732f22f43a60178430c468906a415a7ff18bcd0feeebc8eec3930b51250aeda91a476062a90e07132b43a1794e8d8ffcf9b650e8139be75fa36 - languageName: node - linkType: hard - -"babel-jest@npm:^27.4.6": - version: 27.4.6 - resolution: "babel-jest@npm:27.4.6" - dependencies: - "@jest/transform": ^27.4.6 - "@jest/types": ^27.4.2 - "@types/babel__core": ^7.1.14 - babel-plugin-istanbul: ^6.1.1 - babel-preset-jest: ^27.4.0 - chalk: ^4.0.0 - graceful-fs: ^4.2.4 - slash: ^3.0.0 - peerDependencies: - "@babel/core": ^7.8.0 - checksum: fc839d5e8788170e68c8cbde9466fdf1c4fc740a947ba0728e1933ade7ad6fe744c9276d86207f093b64e9cf72a1fdd756fbc44c21034282f01832338e7a8a80 - languageName: node - linkType: hard - -"babel-plugin-istanbul@npm:^6.1.1": - version: 6.1.1 - resolution: "babel-plugin-istanbul@npm:6.1.1" - dependencies: - "@babel/helper-plugin-utils": ^7.0.0 - "@istanbuljs/load-nyc-config": ^1.0.0 - "@istanbuljs/schema": ^0.1.2 - istanbul-lib-instrument: ^5.0.4 - test-exclude: ^6.0.0 - checksum: cb4fd95738219f232f0aece1116628cccff16db891713c4ccb501cddbbf9272951a5df81f2f2658dfdf4b3e7b236a9d5cbcf04d5d8c07dd5077297339598061a - languageName: node - linkType: hard - -"babel-plugin-jest-hoist@npm:^27.4.0": - version: 27.4.0 - resolution: "babel-plugin-jest-hoist@npm:27.4.0" - dependencies: - "@babel/template": ^7.3.3 - "@babel/types": ^7.3.3 - "@types/babel__core": ^7.0.0 - "@types/babel__traverse": ^7.0.6 - checksum: 48f216f286f2fb3b1d571b4ba4ccffdb0c11a2fb1117e4c355b26c8cef09603abd96a5c1f8442866830a7da5accdd9ae4805f3e977b606a596b4a259f2ff5a67 - languageName: node - linkType: hard - -"babel-preset-current-node-syntax@npm:^1.0.0": - version: 1.0.1 - resolution: "babel-preset-current-node-syntax@npm:1.0.1" - dependencies: - "@babel/plugin-syntax-async-generators": ^7.8.4 - "@babel/plugin-syntax-bigint": ^7.8.3 - "@babel/plugin-syntax-class-properties": ^7.8.3 - "@babel/plugin-syntax-import-meta": ^7.8.3 - "@babel/plugin-syntax-json-strings": ^7.8.3 - "@babel/plugin-syntax-logical-assignment-operators": ^7.8.3 - "@babel/plugin-syntax-nullish-coalescing-operator": ^7.8.3 - "@babel/plugin-syntax-numeric-separator": ^7.8.3 - "@babel/plugin-syntax-object-rest-spread": ^7.8.3 - "@babel/plugin-syntax-optional-catch-binding": ^7.8.3 - "@babel/plugin-syntax-optional-chaining": ^7.8.3 - "@babel/plugin-syntax-top-level-await": ^7.8.3 - peerDependencies: - "@babel/core": ^7.0.0 - checksum: d118c2742498c5492c095bc8541f4076b253e705b5f1ad9a2e7d302d81a84866f0070346662355c8e25fc02caa28dc2da8d69bcd67794a0d60c4d6fab6913cc8 - languageName: node - linkType: hard - -"babel-preset-jest@npm:^27.4.0": - version: 27.4.0 - resolution: "babel-preset-jest@npm:27.4.0" - dependencies: - babel-plugin-jest-hoist: ^27.4.0 - babel-preset-current-node-syntax: ^1.0.0 - peerDependencies: - "@babel/core": ^7.0.0 - checksum: 744449cc63283116e8268c088a714d9c26d93af8d6051523b900517b665e0122239fc6a326de206657d423f4cccfaf2437ef099fcdfbfd91c4cdde6b1c55c11f - languageName: node - linkType: hard - -"babel-runtime@npm:^6.9.2": - version: 6.26.0 - resolution: "babel-runtime@npm:6.26.0" - dependencies: - core-js: ^2.4.0 - regenerator-runtime: ^0.11.0 - checksum: 8aeade94665e67a73c1ccc10f6fd42ba0c689b980032b70929de7a6d9a12eb87ef51902733f8fefede35afea7a5c3ef7e916a64d503446c1eedc9e3284bd3d50 - languageName: node - linkType: hard - -"balanced-match@npm:^1.0.0": - version: 1.0.2 - resolution: "balanced-match@npm:1.0.2" - checksum: 9706c088a283058a8a99e0bf91b0a2f75497f185980d9ffa8b304de1d9e58ebda7c72c07ebf01dadedaac5b2907b2c6f566f660d62bd336c3468e960403b9d65 - languageName: node - linkType: hard - -"base64-js@npm:^1.3.1": - version: 1.5.1 - resolution: "base64-js@npm:1.5.1" - checksum: 669632eb3745404c2f822a18fc3a0122d2f9a7a13f7fb8b5823ee19d1d2ff9ee5b52c53367176ea4ad093c332fd5ab4bd0ebae5a8e27917a4105a4cfc86b1005 - languageName: node - linkType: hard - -"base@npm:^0.11.1": - version: 0.11.2 - resolution: "base@npm:0.11.2" - dependencies: - cache-base: ^1.0.1 - class-utils: ^0.3.5 - component-emitter: ^1.2.1 - define-property: ^1.0.0 - isobject: ^3.0.1 - mixin-deep: ^1.2.0 - pascalcase: ^0.1.1 - checksum: a4a146b912e27eea8f66d09cb0c9eab666f32ce27859a7dfd50f38cd069a2557b39f16dba1bc2aecb3b44bf096738dd207b7970d99b0318423285ab1b1994edd - languageName: node - linkType: hard - -"before-after-hook@npm:^2.2.0": - version: 2.2.2 - resolution: "before-after-hook@npm:2.2.2" - checksum: dc2e1ffe389e5afbef2a46790b1b5a50247ed57aba67649cfa9ec2552d248cc9278f222e72fb5a8ff59bbb39d78fbaa97e7234ead0c6b5e8418b67a8644ce207 - languageName: node - linkType: hard - -"bin-build@npm:^3.0.0": - version: 3.0.0 - resolution: "bin-build@npm:3.0.0" - dependencies: - decompress: ^4.0.0 - download: ^6.2.2 - execa: ^0.7.0 - p-map-series: ^1.0.0 - tempfile: ^2.0.0 - checksum: b2da71f686dbcb8ee40b36ddf8ca2810009cdc46a96e2bf6a1423f47256d17bde06ecdb8d0d6a3e1a8af6c4664bc9beffc7959cecc2420cd657ea63d50798d4a - languageName: node - linkType: hard - -"bin-links@npm:^3.0.0": - version: 3.0.1 - resolution: "bin-links@npm:3.0.1" - dependencies: - cmd-shim: ^5.0.0 - mkdirp-infer-owner: ^2.0.0 - npm-normalize-package-bin: ^1.0.0 - read-cmd-shim: ^3.0.0 - rimraf: ^3.0.0 - write-file-atomic: ^4.0.0 - checksum: c608f0746c5851f259f7578ae5157d24fb019b00792d246bade6255136e5fbd41df43219a50d53f844c562afb6e41092a5f2b0be1bd890e08ff023d330327380 - languageName: node - linkType: hard - -"binary-extensions@npm:^1.0.0": - version: 1.13.1 - resolution: "binary-extensions@npm:1.13.1" - checksum: ad7747f33c07e94ba443055de130b50c8b8b130a358bca064c580d91769ca6a69c7ac65ca008ff044ed4541d2c6ad45496e1fadbef5218a68770996b6a2194d7 - languageName: node - linkType: hard - -"binary-extensions@npm:^2.2.0": - version: 2.2.0 - resolution: "binary-extensions@npm:2.2.0" - checksum: ccd267956c58d2315f5d3ea6757cf09863c5fc703e50fbeb13a7dc849b812ef76e3cf9ca8f35a0c48498776a7478d7b4a0418e1e2b8cb9cb9731f2922aaad7f8 - languageName: node - linkType: hard - -"bindings@npm:^1.5.0": - version: 1.5.0 - resolution: "bindings@npm:1.5.0" - dependencies: - file-uri-to-path: 1.0.0 - checksum: 65b6b48095717c2e6105a021a7da4ea435aa8d3d3cd085cb9e85bcb6e5773cf318c4745c3f7c504412855940b585bdf9b918236612a1c7a7942491de176f1ae7 - languageName: node - linkType: hard - -"bl@npm:^1.0.0": - version: 1.2.3 - resolution: "bl@npm:1.2.3" - dependencies: - readable-stream: ^2.3.5 - safe-buffer: ^5.1.1 - checksum: 123f097989ce2fa9087ce761cd41176aaaec864e28f7dfe5c7dab8ae16d66d9844f849c3ad688eb357e3c5e4f49b573e3c0780bb8bc937206735a3b6f8569a5f - languageName: node - linkType: hard - -"bl@npm:^4.1.0": - version: 4.1.0 - resolution: "bl@npm:4.1.0" - dependencies: - buffer: ^5.5.0 - inherits: ^2.0.4 - readable-stream: ^3.4.0 - checksum: 9e8521fa7e83aa9427c6f8ccdcba6e8167ef30cc9a22df26effcc5ab682ef91d2cbc23a239f945d099289e4bbcfae7a192e9c28c84c6202e710a0dfec3722662 - languageName: node - linkType: hard - -"blork@npm:^9.3.0": - version: 9.3.0 - resolution: "blork@npm:9.3.0" - checksum: 62fd2c3402398e57f33b2c1fe768fd4dd67d087da72e92c00393e0229d029391a844c9ba149808f0b095649e7d57dbb4a44772c46191785d76f424511b74d868 - languageName: node - linkType: hard - -"bottleneck@npm:^2.18.1": - version: 2.19.5 - resolution: "bottleneck@npm:2.19.5" - checksum: c5eef1bbea12cef1f1405e7306e7d24860568b0f7ac5eeab706a86762b3fc65ef6d1c641c8a166e4db90f412fc5c948fc5ce8008a8cd3d28c7212ef9c3482bda - languageName: node - linkType: hard - -"brace-expansion@npm:^1.1.7": - version: 1.1.11 - resolution: "brace-expansion@npm:1.1.11" - dependencies: - balanced-match: ^1.0.0 - concat-map: 0.0.1 - checksum: faf34a7bb0c3fcf4b59c7808bc5d2a96a40988addf2e7e09dfbb67a2251800e0d14cd2bfc1aa79174f2f5095c54ff27f46fb1289fe2d77dac755b5eb3434cc07 - languageName: node - linkType: hard - -"brace-expansion@npm:^2.0.1": - version: 2.0.1 - resolution: "brace-expansion@npm:2.0.1" - dependencies: - balanced-match: ^1.0.0 - checksum: a61e7cd2e8a8505e9f0036b3b6108ba5e926b4b55089eeb5550cd04a471fe216c96d4fe7e4c7f995c728c554ae20ddfc4244cad10aef255e72b62930afd233d1 - languageName: node - linkType: hard - -"braces@npm:^1.8.2": - version: 1.8.5 - resolution: "braces@npm:1.8.5" - dependencies: - expand-range: ^1.8.1 - preserve: ^0.2.0 - repeat-element: ^1.1.2 - checksum: 9ea4fb6af8c0a224e515678d7be27ddc450bd974620542a3436188d7fae263f7987406d12ea36c1d92a862e7317b089aa3a0ebda7f1f1663b9332beddc92249e - languageName: node - linkType: hard - -"braces@npm:^2.3.1": - version: 2.3.2 - resolution: "braces@npm:2.3.2" - dependencies: - arr-flatten: ^1.1.0 - array-unique: ^0.3.2 - extend-shallow: ^2.0.1 - fill-range: ^4.0.0 - isobject: ^3.0.1 - repeat-element: ^1.1.2 - snapdragon: ^0.8.1 - snapdragon-node: ^2.0.1 - split-string: ^3.0.2 - to-regex: ^3.0.1 - checksum: e30dcb6aaf4a31c8df17d848aa283a65699782f75ad61ae93ec25c9729c66cf58e66f0000a9fec84e4add1135bb7da40f7cb9601b36bebcfa9ca58e8d5c07de0 - languageName: node - linkType: hard - -"braces@npm:^3.0.1": - version: 3.0.2 - resolution: "braces@npm:3.0.2" - dependencies: - fill-range: ^7.0.1 - checksum: e2a8e769a863f3d4ee887b5fe21f63193a891c68b612ddb4b68d82d1b5f3ff9073af066c343e9867a393fe4c2555dcb33e89b937195feb9c1613d259edfcd459 - languageName: node - linkType: hard - -"browser-process-hrtime@npm:^1.0.0": - version: 1.0.0 - resolution: "browser-process-hrtime@npm:1.0.0" - checksum: e30f868cdb770b1201afb714ad1575dd86366b6e861900884665fb627109b3cc757c40067d3bfee1ff2a29c835257ea30725a8018a9afd02ac1c24b408b1e45f - languageName: node - linkType: hard - -"browserslist@npm:^4.17.5": - version: 4.19.1 - resolution: "browserslist@npm:4.19.1" - dependencies: - caniuse-lite: ^1.0.30001286 - electron-to-chromium: ^1.4.17 - escalade: ^3.1.1 - node-releases: ^2.0.1 - picocolors: ^1.0.0 - bin: - browserslist: cli.js - checksum: c0777fd483691638fd6801e16c9d809e1d65f6d2b06db2e806654be51045cbab1452a89841a2c5caea2cbe19d621b4f1d391cffbb24512aa33280039ab345875 - languageName: node - linkType: hard - -"bs-logger@npm:0.x": - version: 0.2.6 - resolution: "bs-logger@npm:0.2.6" - dependencies: - fast-json-stable-stringify: 2.x - checksum: d34bdaf68c64bd099ab97c3ea608c9ae7d3f5faa1178b3f3f345acd94e852e608b2d4f9103fb2e503f5e69780e98293df41691b84be909b41cf5045374d54606 - languageName: node - linkType: hard - -"bser@npm:2.1.1": - version: 2.1.1 - resolution: "bser@npm:2.1.1" - dependencies: - node-int64: ^0.4.0 - checksum: 9ba4dc58ce86300c862bffc3ae91f00b2a03b01ee07f3564beeeaf82aa243b8b03ba53f123b0b842c190d4399b94697970c8e7cf7b1ea44b61aa28c3526a4449 - languageName: node - linkType: hard - -"buffer-alloc-unsafe@npm:^1.1.0": - version: 1.1.0 - resolution: "buffer-alloc-unsafe@npm:1.1.0" - checksum: c5e18bf51f67754ec843c9af3d4c005051aac5008a3992938dda1344e5cfec77c4b02b4ca303644d1e9a6e281765155ce6356d85c6f5ccc5cd21afc868def396 - languageName: node - linkType: hard - -"buffer-alloc@npm:^1.2.0": - version: 1.2.0 - resolution: "buffer-alloc@npm:1.2.0" - dependencies: - buffer-alloc-unsafe: ^1.1.0 - buffer-fill: ^1.0.0 - checksum: 560cd27f3cbe73c614867da373407d4506309c62fe18de45a1ce191f3785ec6ca2488d802ff82065798542422980ca25f903db078c57822218182c37c3576df5 - languageName: node - linkType: hard - -"buffer-crc32@npm:~0.2.3": - version: 0.2.13 - resolution: "buffer-crc32@npm:0.2.13" - checksum: 06252347ae6daca3453b94e4b2f1d3754a3b146a111d81c68924c22d91889a40623264e95e67955b1cb4a68cbedf317abeabb5140a9766ed248973096db5ce1c - languageName: node - linkType: hard - -"buffer-fill@npm:^1.0.0": - version: 1.0.0 - resolution: "buffer-fill@npm:1.0.0" - checksum: c29b4723ddeab01e74b5d3b982a0c6828f2ded49cef049ddca3dac661c874ecdbcecb5dd8380cf0f4adbeb8cff90a7de724126750a1f1e5ebd4eb6c59a1315b1 - languageName: node - linkType: hard - -"buffer-from@npm:^1.0.0": - version: 1.1.2 - resolution: "buffer-from@npm:1.1.2" - checksum: 0448524a562b37d4d7ed9efd91685a5b77a50672c556ea254ac9a6d30e3403a517d8981f10e565db24e8339413b43c97ca2951f10e399c6125a0d8911f5679bb - languageName: node - linkType: hard - -"buffer@npm:^5.2.1, buffer@npm:^5.5.0": - version: 5.7.1 - resolution: "buffer@npm:5.7.1" - dependencies: - base64-js: ^1.3.1 - ieee754: ^1.1.13 - checksum: e2cf8429e1c4c7b8cbd30834ac09bd61da46ce35f5c22a78e6c2f04497d6d25541b16881e30a019c6fd3154150650ccee27a308eff3e26229d788bbdeb08ab84 - languageName: node - linkType: hard - -"builtins@npm:^1.0.3": - version: 1.0.3 - resolution: "builtins@npm:1.0.3" - checksum: 47ce94f7eee0e644969da1f1a28e5f29bd2e48b25b2bbb61164c345881086e29464ccb1fb88dbc155ea26e8b1f5fc8a923b26c8c1ed0935b67b644d410674513 - languageName: node - linkType: hard - -"builtins@npm:^5.0.0": - version: 5.0.1 - resolution: "builtins@npm:5.0.1" - dependencies: - semver: ^7.0.0 - checksum: 66d204657fe36522822a95b288943ad11b58f5eaede235b11d8c4edaa28ce4800087d44a2681524c340494aadb120a0068011acabe99d30e8f11a7d826d83515 - languageName: node - linkType: hard - -"cacache@npm:^16.0.0, cacache@npm:^16.0.2, cacache@npm:^16.0.6": - version: 16.0.7 - resolution: "cacache@npm:16.0.7" - dependencies: - "@npmcli/fs": ^2.1.0 - "@npmcli/move-file": ^2.0.0 - chownr: ^2.0.0 - fs-minipass: ^2.1.0 - glob: ^8.0.1 - infer-owner: ^1.0.4 - lru-cache: ^7.7.1 - minipass: ^3.1.6 - minipass-collect: ^1.0.2 - minipass-flush: ^1.0.5 - minipass-pipeline: ^1.2.4 - mkdirp: ^1.0.4 - p-map: ^4.0.0 - promise-inflight: ^1.0.1 - rimraf: ^3.0.2 - ssri: ^9.0.0 - tar: ^6.1.11 - unique-filename: ^1.1.1 - checksum: 2155b099b7e0f0369fb1155ca4673532ca7efe2ebdbec63acca8743580b8446b5d4fd7184626b1cb059001af77b981cdc67035c7855544d365d4f048eafca2ca - languageName: node - linkType: hard - -"cache-base@npm:^1.0.1": - version: 1.0.1 - resolution: "cache-base@npm:1.0.1" - dependencies: - collection-visit: ^1.0.0 - component-emitter: ^1.2.1 - get-value: ^2.0.6 - has-value: ^1.0.0 - isobject: ^3.0.1 - set-value: ^2.0.0 - to-object-path: ^0.3.0 - union-value: ^1.0.0 - unset-value: ^1.0.0 - checksum: 9114b8654fe2366eedc390bad0bcf534e2f01b239a888894e2928cb58cdc1e6ea23a73c6f3450dcfd2058aa73a8a981e723cd1e7c670c047bf11afdc65880107 - languageName: node - linkType: hard - -"cacheable-request@npm:^2.1.1": - version: 2.1.4 - resolution: "cacheable-request@npm:2.1.4" - dependencies: - clone-response: 1.0.2 - get-stream: 3.0.0 - http-cache-semantics: 3.8.1 - keyv: 3.0.0 - lowercase-keys: 1.0.0 - normalize-url: 2.0.1 - responselike: 1.0.2 - checksum: 69c684cb3645f75af094e3ef6e7959ca5edff33d70737498de1a068d2f719a12786efdd82fe1e2254a1f332bb88cce088273bd78fad3e57cdef5034f3ded9432 - languageName: node - linkType: hard - -"call-bind@npm:^1.0.0, call-bind@npm:^1.0.2": - version: 1.0.2 - resolution: "call-bind@npm:1.0.2" - dependencies: - function-bind: ^1.1.1 - get-intrinsic: ^1.0.2 - checksum: f8e31de9d19988a4b80f3e704788c4a2d6b6f3d17cfec4f57dc29ced450c53a49270dc66bf0fbd693329ee948dd33e6c90a329519aef17474a4d961e8d6426b0 - languageName: node - linkType: hard - -"callsites@npm:^3.0.0": - version: 3.1.0 - resolution: "callsites@npm:3.1.0" - checksum: 072d17b6abb459c2ba96598918b55868af677154bec7e73d222ef95a8fdb9bbf7dae96a8421085cdad8cd190d86653b5b6dc55a4484f2e5b2e27d5e0c3fc15b3 - languageName: node - linkType: hard - -"camelcase-keys@npm:^6.2.2": - version: 6.2.2 - resolution: "camelcase-keys@npm:6.2.2" - dependencies: - camelcase: ^5.3.1 - map-obj: ^4.0.0 - quick-lru: ^4.0.1 - checksum: 43c9af1adf840471e54c68ab3e5fe8a62719a6b7dbf4e2e86886b7b0ff96112c945736342b837bd2529ec9d1c7d1934e5653318478d98e0cf22c475c04658e2a - languageName: node - linkType: hard - -"camelcase-keys@npm:^7.0.0": - version: 7.0.2 - resolution: "camelcase-keys@npm:7.0.2" - dependencies: - camelcase: ^6.3.0 - map-obj: ^4.1.0 - quick-lru: ^5.1.1 - type-fest: ^1.2.1 - checksum: b5821cc48dd00e8398a30c5d6547f06837ab44de123f1b3a603d0a03399722b2fc67a485a7e47106eb02ef543c3b50c5ebaabc1242cde4b63a267c3258d2365b - languageName: node - linkType: hard - -"camelcase@npm:^5.3.1": - version: 5.3.1 - resolution: "camelcase@npm:5.3.1" - checksum: e6effce26b9404e3c0f301498184f243811c30dfe6d0b9051863bd8e4034d09c8c2923794f280d6827e5aa055f6c434115ff97864a16a963366fb35fd673024b - languageName: node - linkType: hard - -"camelcase@npm:^6.2.0, camelcase@npm:^6.3.0": - version: 6.3.0 - resolution: "camelcase@npm:6.3.0" - checksum: 8c96818a9076434998511251dcb2761a94817ea17dbdc37f47ac080bd088fc62c7369429a19e2178b993497132c8cbcf5cc1f44ba963e76782ba469c0474938d - languageName: node - linkType: hard - -"caniuse-lite@npm:^1.0.30001286": - version: 1.0.30001297 - resolution: "caniuse-lite@npm:1.0.30001297" - checksum: 4f0d298cf32c050aa1d8a7bb33ef6ff5f289e6dd6dad48b364bc2db91e03b5f0089ffa9950d6228dbd43446695cecd1990601b432a8d03c1d5b2e945cb67bade - languageName: node - linkType: hard - -"cardinal@npm:^2.1.1": - version: 2.1.1 - resolution: "cardinal@npm:2.1.1" - dependencies: - ansicolors: ~0.3.2 - redeyed: ~2.1.0 - bin: - cdl: ./bin/cdl.js - checksum: e8d4ae46439cf8fed481c0efd267711ee91e199aa7821a9143e784ed94a6495accd01a0b36d84d377e8ee2cc9928a6c9c123b03be761c60b805f2c026b8a99ad - languageName: node - linkType: hard - -"caw@npm:^2.0.0": - version: 2.0.1 - resolution: "caw@npm:2.0.1" - dependencies: - get-proxy: ^2.0.0 - isurl: ^1.0.0-alpha5 - tunnel-agent: ^0.6.0 - url-to-options: ^1.0.1 - checksum: 8be9811b9b21289f49062905771e664c05221fa406b57a1b5debc41e90fc4318b73dc42fc3f3719c7fce882d9cd76a22e8183d0632a6f1772777e01caea62107 - languageName: node - linkType: hard - -"chalk@npm:^4.1.2": - version: 4.1.2 - resolution: "chalk@npm:4.1.2" - dependencies: - ansi-styles: ^4.1.0 - supports-color: ^7.1.0 - checksum: fe75c9d5c76a7a98d45495b91b2172fa3b7a09e0cc9370e5c8feb1c567b85c4288e2b3fded7cfdd7359ac28d6b3844feb8b82b8686842e93d23c827c417e83fc - languageName: node - linkType: hard - -"char-regex@npm:^1.0.2": - version: 1.0.2 - resolution: "char-regex@npm:1.0.2" - checksum: b563e4b6039b15213114626621e7a3d12f31008bdce20f9c741d69987f62aeaace7ec30f6018890ad77b2e9b4d95324c9f5acfca58a9441e3b1dcdd1e2525d17 - languageName: node - linkType: hard - -"chardet@npm:^0.7.0": - version: 0.7.0 - resolution: "chardet@npm:0.7.0" - checksum: 6fd5da1f5d18ff5712c1e0aed41da200d7c51c28f11b36ee3c7b483f3696dabc08927fc6b227735eb8f0e1215c9a8abd8154637f3eff8cada5959df7f58b024d - languageName: node - linkType: hard - -"chokidar@npm:^1.6.0": - version: 1.7.0 - resolution: "chokidar@npm:1.7.0" - dependencies: - anymatch: ^1.3.0 - async-each: ^1.0.0 - fsevents: ^1.0.0 - glob-parent: ^2.0.0 - inherits: ^2.0.1 - is-binary-path: ^1.0.0 - is-glob: ^2.0.0 - path-is-absolute: ^1.0.0 - readdirp: ^2.0.0 - dependenciesMeta: - fsevents: - optional: true - checksum: 96b2319b1dd09e1ec927739af537dadae30a9bd853a5698c0bae964443dff714e92b8414017164f7f917fefbbc216fdf1767026e937d25096a7016ec69c8cd1f - languageName: node - linkType: hard - -"chownr@npm:^2.0.0": - version: 2.0.0 - resolution: "chownr@npm:2.0.0" - checksum: c57cf9dd0791e2f18a5ee9c1a299ae6e801ff58fee96dc8bfd0dcb4738a6ce58dd252a3605b1c93c6418fe4f9d5093b28ffbf4d66648cb2a9c67eaef9679be2f - languageName: node - linkType: hard - -"ci-info@npm:^3.2.0": - version: 3.3.0 - resolution: "ci-info@npm:3.3.0" - checksum: c3d86fe374938ecda5093b1ba39acb535d8309185ba3f23587747c6a057e63f45419b406d880304dbc0e1d72392c9a33e42fe9a1e299209bc0ded5efaa232b66 - languageName: node - linkType: hard - -"cidr-regex@npm:^3.1.1": - version: 3.1.1 - resolution: "cidr-regex@npm:3.1.1" - dependencies: - ip-regex: ^4.1.0 - checksum: ef9306d086928ee82b3f841b3bdab6e072230f3623a57cf19e06174946f2cbfeb70ca52bc106b127db27a628b9e84fb39284f5851003898ffdb957fe330478ee - languageName: node - linkType: hard - -"cjs-module-lexer@npm:^1.0.0": - version: 1.2.2 - resolution: "cjs-module-lexer@npm:1.2.2" - checksum: 977f3f042bd4f08e368c890d91eecfbc4f91da0bc009a3c557bc4dfbf32022ad1141244ac1178d44de70fc9f3dea7add7cd9a658a34b9fae98a55d8f92331ce5 - languageName: node - linkType: hard - -"class-utils@npm:^0.3.5": - version: 0.3.6 - resolution: "class-utils@npm:0.3.6" - dependencies: - arr-union: ^3.1.0 - define-property: ^0.2.5 - isobject: ^3.0.0 - static-extend: ^0.1.1 - checksum: be108900801e639e50f96a7e4bfa8867c753a7750a7603879f3981f8b0a89cba657497a2d5f40cd4ea557ff15d535a100818bb486baf6e26fe5d7872e75f1078 - languageName: node - linkType: hard - -"clean-stack@npm:^2.0.0": - version: 2.2.0 - resolution: "clean-stack@npm:2.2.0" - checksum: 2ac8cd2b2f5ec986a3c743935ec85b07bc174d5421a5efc8017e1f146a1cf5f781ae962618f416352103b32c9cd7e203276e8c28241bbe946160cab16149fb68 - languageName: node - linkType: hard - -"cli-columns@npm:^4.0.0": - version: 4.0.0 - resolution: "cli-columns@npm:4.0.0" - dependencies: - string-width: ^4.2.3 - strip-ansi: ^6.0.1 - checksum: fa1a3a7f4e8f26a18e47969c248a2b9a016391bca2588abbe77026255390bee71dc9b7b876f317f46e40164c3c5200972e77ec58b823a05154f26e81a74a54c3 - languageName: node - linkType: hard - -"cli-cursor@npm:^3.1.0": - version: 3.1.0 - resolution: "cli-cursor@npm:3.1.0" - dependencies: - restore-cursor: ^3.1.0 - checksum: 2692784c6cd2fd85cfdbd11f53aea73a463a6d64a77c3e098b2b4697a20443f430c220629e1ca3b195ea5ac4a97a74c2ee411f3807abf6df2b66211fec0c0a29 - languageName: node - linkType: hard - -"cli-spinners@npm:^2.5.0": - version: 2.6.1 - resolution: "cli-spinners@npm:2.6.1" - checksum: 423409baaa7a58e5104b46ca1745fbfc5888bbd0b0c5a626e052ae1387060839c8efd512fb127e25769b3dc9562db1dc1b5add6e0b93b7ef64f477feb6416a45 - languageName: node - linkType: hard - -"cli-table3@npm:^0.6.1": - version: 0.6.1 - resolution: "cli-table3@npm:0.6.1" - dependencies: - colors: 1.4.0 - string-width: ^4.2.0 - dependenciesMeta: - colors: - optional: true - checksum: 956e175f8eb019c26465b9f1e51121c08d8978e2aab04be7f8520ea8a4e67906fcbd8516dfb77e386ae3730ef0281aa21a65613dffbfa3d62969263252bd25a9 - languageName: node - linkType: hard - -"cli-width@npm:^3.0.0": - version: 3.0.0 - resolution: "cli-width@npm:3.0.0" - checksum: 4c94af3769367a70e11ed69aa6095f1c600c0ff510f3921ab4045af961820d57c0233acfa8b6396037391f31b4c397e1f614d234294f979ff61430a6c166c3f6 - languageName: node - linkType: hard - -"cliui@npm:^7.0.2": - version: 7.0.4 - resolution: "cliui@npm:7.0.4" - dependencies: - string-width: ^4.2.0 - strip-ansi: ^6.0.0 - wrap-ansi: ^7.0.0 - checksum: ce2e8f578a4813806788ac399b9e866297740eecd4ad1823c27fd344d78b22c5f8597d548adbcc46f0573e43e21e751f39446c5a5e804a12aace402b7a315d7f - languageName: node - linkType: hard - -"clone-response@npm:1.0.2": - version: 1.0.2 - resolution: "clone-response@npm:1.0.2" - dependencies: - mimic-response: ^1.0.0 - checksum: 2d0e61547fc66276e0903be9654ada422515f5a15741691352000d47e8c00c226061221074ce2c0064d12e975e84a8687cfd35d8b405750cb4e772f87b256eda - languageName: node - linkType: hard - -"clone@npm:^1.0.2": - version: 1.0.4 - resolution: "clone@npm:1.0.4" - checksum: d06418b7335897209e77bdd430d04f882189582e67bd1f75a04565f3f07f5b3f119a9d670c943b6697d0afb100f03b866b3b8a1f91d4d02d72c4ecf2bb64b5dd - languageName: node - linkType: hard - -"cmd-shim@npm:^5.0.0": - version: 5.0.0 - resolution: "cmd-shim@npm:5.0.0" - dependencies: - mkdirp-infer-owner: ^2.0.0 - checksum: 83d2a46cdf4adbb38d3d3184364b2df0e4c001ac770f5ca94373825d7a48838b4cb8a59534ef48f02b0d556caa047728589ca65c640c17c0b417b3afb34acfbb - languageName: node - linkType: hard - -"co@npm:^4.6.0": - version: 4.6.0 - resolution: "co@npm:4.6.0" - checksum: 5210d9223010eb95b29df06a91116f2cf7c8e0748a9013ed853b53f362ea0e822f1e5bb054fb3cefc645239a4cf966af1f6133a3b43f40d591f3b68ed6cf0510 - languageName: node - linkType: hard - -"collect-v8-coverage@npm:^1.0.0": - version: 1.0.1 - resolution: "collect-v8-coverage@npm:1.0.1" - checksum: 4efe0a1fccd517b65478a2364b33dadd0a43fc92a56f59aaece9b6186fe5177b2de471253587de7c91516f07c7268c2f6770b6cbcffc0e0ece353b766ec87e55 - languageName: node - linkType: hard - -"collection-visit@npm:^1.0.0": - version: 1.0.0 - resolution: "collection-visit@npm:1.0.0" - dependencies: - map-visit: ^1.0.0 - object-visit: ^1.0.0 - checksum: 15d9658fe6eb23594728346adad5433b86bb7a04fd51bbab337755158722f9313a5376ef479de5b35fbc54140764d0d39de89c339f5d25b959ed221466981da9 - languageName: node - linkType: hard - -"color-convert@npm:^2.0.1": - version: 2.0.1 - resolution: "color-convert@npm:2.0.1" - dependencies: - color-name: ~1.1.4 - checksum: 79e6bdb9fd479a205c71d89574fccfb22bd9053bd98c6c4d870d65c132e5e904e6034978e55b43d69fcaa7433af2016ee203ce76eeba9cfa554b373e7f7db336 - languageName: node - linkType: hard - -"color-name@npm:~1.1.4": - version: 1.1.4 - resolution: "color-name@npm:1.1.4" - checksum: b0445859521eb4021cd0fb0cc1a75cecf67fceecae89b63f62b201cca8d345baf8b952c966862a9d9a2632987d4f6581f0ec8d957dfacece86f0a7919316f610 - languageName: node - linkType: hard - -"color-support@npm:^1.1.3": - version: 1.1.3 - resolution: "color-support@npm:1.1.3" - bin: - color-support: bin.js - checksum: 9b7356817670b9a13a26ca5af1c21615463b500783b739b7634a0c2047c16cef4b2865d7576875c31c3cddf9dd621fa19285e628f20198b233a5cfdda6d0793b - languageName: node - linkType: hard - -"colors@npm:1.4.0": - version: 1.4.0 - resolution: "colors@npm:1.4.0" - checksum: 98aa2c2418ad87dedf25d781be69dc5fc5908e279d9d30c34d8b702e586a0474605b3a189511482b9d5ed0d20c867515d22749537f7bc546256c6014f3ebdcec - languageName: node - linkType: hard - -"columnify@npm:^1.6.0": - version: 1.6.0 - resolution: "columnify@npm:1.6.0" - dependencies: - strip-ansi: ^6.0.1 - wcwidth: ^1.0.0 - checksum: 0d590023616a27bcd2135c0f6ddd6fac94543263f9995538bbe391068976e30545e5534d369737ec7c3e9db4e53e70a277462de46aeb5a36e6997b4c7559c335 - languageName: node - linkType: hard - -"combined-stream@npm:^1.0.8": - version: 1.0.8 - resolution: "combined-stream@npm:1.0.8" - dependencies: - delayed-stream: ~1.0.0 - checksum: 49fa4aeb4916567e33ea81d088f6584749fc90c7abec76fd516bf1c5aa5c79f3584b5ba3de6b86d26ddd64bae5329c4c7479343250cfe71c75bb366eae53bb7c - languageName: node - linkType: hard - -"commander@npm:^2.8.1": - version: 2.20.3 - resolution: "commander@npm:2.20.3" - checksum: ab8c07884e42c3a8dbc5dd9592c606176c7eb5c1ca5ff274bcf907039b2c41de3626f684ea75ccf4d361ba004bbaff1f577d5384c155f3871e456bdf27becf9e - languageName: node - linkType: hard - -"common-ancestor-path@npm:^1.0.1": - version: 1.0.1 - resolution: "common-ancestor-path@npm:1.0.1" - checksum: 1d2e4186067083d8cc413f00fc2908225f04ae4e19417ded67faa6494fb313c4fcd5b28a52326d1a62b466e2b3a4325e92c31133c5fee628cdf8856b3a57c3d7 - languageName: node - linkType: hard - -"compare-func@npm:^2.0.0": - version: 2.0.0 - resolution: "compare-func@npm:2.0.0" - dependencies: - array-ify: ^1.0.0 - dot-prop: ^5.1.0 - checksum: fb71d70632baa1e93283cf9d80f30ac97f003aabee026e0b4426c9716678079ef5fea7519b84d012cbed938c476493866a38a79760564a9e21ae9433e40e6f0d - languageName: node - linkType: hard - -"component-emitter@npm:^1.2.1": - version: 1.3.0 - resolution: "component-emitter@npm:1.3.0" - checksum: b3c46de38ffd35c57d1c02488355be9f218e582aec72d72d1b8bbec95a3ac1b38c96cd6e03ff015577e68f550fbb361a3bfdbd9bb248be9390b7b3745691be6b - languageName: node - linkType: hard - -"concat-map@npm:0.0.1": - version: 0.0.1 - resolution: "concat-map@npm:0.0.1" - checksum: 902a9f5d8967a3e2faf138d5cb784b9979bad2e6db5357c5b21c568df4ebe62bcb15108af1b2253744844eb964fc023fbd9afbbbb6ddd0bcc204c6fb5b7bf3af - languageName: node - linkType: hard - -"config-chain@npm:^1.1.11": - version: 1.1.13 - resolution: "config-chain@npm:1.1.13" - dependencies: - ini: ^1.3.4 - proto-list: ~1.2.1 - checksum: 828137a28e7c2fc4b7fb229bd0cd6c1397bcf83434de54347e608154008f411749041ee392cbe42fab6307e02de4c12480260bf769b7d44b778fdea3839eafab - languageName: node - linkType: hard - -"confusing-browser-globals@npm:^1.0.10": - version: 1.0.11 - resolution: "confusing-browser-globals@npm:1.0.11" - checksum: 3afc635abd37e566477f610e7978b15753f0e84025c25d49236f1f14d480117185516bdd40d2a2167e6bed8048641a9854964b9c067e3dcdfa6b5d0ad3c3a5ef - languageName: node - linkType: hard - -"console-control-strings@npm:^1.1.0": - version: 1.1.0 - resolution: "console-control-strings@npm:1.1.0" - checksum: 8755d76787f94e6cf79ce4666f0c5519906d7f5b02d4b884cf41e11dcd759ed69c57da0670afd9236d229a46e0f9cf519db0cd829c6dca820bb5a5c3def584ed - languageName: node - linkType: hard - -"content-disposition@npm:^0.5.2": - version: 0.5.4 - resolution: "content-disposition@npm:0.5.4" - dependencies: - safe-buffer: 5.2.1 - checksum: afb9d545e296a5171d7574fcad634b2fdf698875f4006a9dd04a3e1333880c5c0c98d47b560d01216fb6505a54a2ba6a843ee3a02ec86d7e911e8315255f56c3 - languageName: node - linkType: hard - -"conventional-changelog-angular@npm:^5.0.0": - version: 5.0.13 - resolution: "conventional-changelog-angular@npm:5.0.13" - dependencies: - compare-func: ^2.0.0 - q: ^1.5.1 - checksum: 6ed4972fce25a50f9f038c749cc9db501363131b0fb2efc1fccecba14e4b1c80651d0d758d4c350a609f32010c66fa343eefd49c02e79e911884be28f53f3f90 - languageName: node - linkType: hard - -"conventional-changelog-writer@npm:^5.0.0": - version: 5.0.1 - resolution: "conventional-changelog-writer@npm:5.0.1" - dependencies: - conventional-commits-filter: ^2.0.7 - dateformat: ^3.0.0 - handlebars: ^4.7.7 - json-stringify-safe: ^5.0.1 - lodash: ^4.17.15 - meow: ^8.0.0 - semver: ^6.0.0 - split: ^1.0.0 - through2: ^4.0.0 - bin: - conventional-changelog-writer: cli.js - checksum: 5c0129db44577f14b1f8de225b62a392a9927ba7fe3422cb21ad71a771b8472bd03badb7c87cb47419913abc3f2ce3759b69f59550cdc6f7a7b0459015b3b44c - languageName: node - linkType: hard - -"conventional-commits-filter@npm:^2.0.0, conventional-commits-filter@npm:^2.0.7": - version: 2.0.7 - resolution: "conventional-commits-filter@npm:2.0.7" - dependencies: - lodash.ismatch: ^4.4.0 - modify-values: ^1.0.0 - checksum: feb567f680a6da1baaa1ef3cff393b3c56a5828f77ab9df5e70626475425d109a6fee0289b4979223c62bbd63bf9c98ef532baa6fcb1b66ee8b5f49077f5d46c - languageName: node - linkType: hard - -"conventional-commits-parser@npm:^3.2.3": - version: 3.2.4 - resolution: "conventional-commits-parser@npm:3.2.4" - dependencies: - JSONStream: ^1.0.4 - is-text-path: ^1.0.1 - lodash: ^4.17.15 - meow: ^8.0.0 - split2: ^3.0.0 - through2: ^4.0.0 - bin: - conventional-commits-parser: cli.js - checksum: 1627ff203bc9586d89e47a7fe63acecf339aba74903b9114e23d28094f79d4e2d6389bf146ae561461dcba8fc42e7bc228165d2b173f15756c43f1d32bc50bfd - languageName: node - linkType: hard - -"convert-source-map@npm:^1.4.0, convert-source-map@npm:^1.6.0, convert-source-map@npm:^1.7.0": - version: 1.8.0 - resolution: "convert-source-map@npm:1.8.0" - dependencies: - safe-buffer: ~5.1.1 - checksum: 985d974a2d33e1a2543ada51c93e1ba2f73eaed608dc39f229afc78f71dcc4c8b7d7c684aa647e3c6a3a204027444d69e53e169ce94e8d1fa8d7dee80c9c8fed - languageName: node - linkType: hard - -"copy-descriptor@npm:^0.1.0": - version: 0.1.1 - resolution: "copy-descriptor@npm:0.1.1" - checksum: d4b7b57b14f1d256bb9aa0b479241048afd7f5bcf22035fc7b94e8af757adeae247ea23c1a774fe44869fd5694efba4a969b88d966766c5245fdee59837fe45b - languageName: node - linkType: hard - -"core-js@npm:^2.4.0": - version: 2.6.12 - resolution: "core-js@npm:2.6.12" - checksum: 44fa9934a85f8c78d61e0c8b7b22436330471ffe59ec5076fe7f324d6e8cf7f824b14b1c81ca73608b13bdb0fef035bd820989bf059767ad6fa13123bb8bd016 - languageName: node - linkType: hard - -"core-util-is@npm:~1.0.0": - version: 1.0.2 - resolution: "core-util-is@npm:1.0.2" - checksum: 7a4c925b497a2c91421e25bf76d6d8190f0b2359a9200dbeed136e63b2931d6294d3b1893eda378883ed363cd950f44a12a401384c609839ea616befb7927dab - languageName: node - linkType: hard - -"cosmiconfig@npm:^7.0.0, cosmiconfig@npm:^7.0.1": - version: 7.0.1 - resolution: "cosmiconfig@npm:7.0.1" - dependencies: - "@types/parse-json": ^4.0.0 - import-fresh: ^3.2.1 - parse-json: ^5.0.0 - path-type: ^4.0.0 - yaml: ^1.10.0 - checksum: 4be63e7117955fd88333d7460e4c466a90f556df6ef34efd59034d2463484e339666c41f02b523d574a797ec61f4a91918c5b89a316db2ea2f834e0d2d09465b - languageName: node - linkType: hard - -"cpx@npm:^1.5.0": - version: 1.5.0 - resolution: "cpx@npm:1.5.0" - dependencies: - babel-runtime: ^6.9.2 - chokidar: ^1.6.0 - duplexer: ^0.1.1 - glob: ^7.0.5 - glob2base: ^0.0.12 - minimatch: ^3.0.2 - mkdirp: ^0.5.1 - resolve: ^1.1.7 - safe-buffer: ^5.0.1 - shell-quote: ^1.6.1 - subarg: ^1.0.0 - bin: - cpx: bin/index.js - checksum: 0a63ea121ff40761eb7db989dd6761bd7ad340800ef64d37b126c30798950a0b97c83556dffe6a9581c3e171cddae6ecec2ea58aee9509c684d41fa1a185ae87 - languageName: node - linkType: hard - -"cross-spawn@npm:^5.0.1": - version: 5.1.0 - resolution: "cross-spawn@npm:5.1.0" - dependencies: - lru-cache: ^4.0.1 - shebang-command: ^1.2.0 - which: ^1.2.9 - checksum: 726939c9954fc70c20e538923feaaa33bebc253247d13021737c3c7f68cdc3e0a57f720c0fe75057c0387995349f3f12e20e9bfdbf12274db28019c7ea4ec166 - languageName: node - linkType: hard - -"cross-spawn@npm:^7.0.2, cross-spawn@npm:^7.0.3": - version: 7.0.3 - resolution: "cross-spawn@npm:7.0.3" - dependencies: - path-key: ^3.1.0 - shebang-command: ^2.0.0 - which: ^2.0.1 - checksum: 671cc7c7288c3a8406f3c69a3ae2fc85555c04169e9d611def9a675635472614f1c0ed0ef80955d5b6d4e724f6ced67f0ad1bb006c2ea643488fcfef994d7f52 - languageName: node - linkType: hard - -"crypto-random-string@npm:^2.0.0": - version: 2.0.0 - resolution: "crypto-random-string@npm:2.0.0" - checksum: 0283879f55e7c16fdceacc181f87a0a65c53bc16ffe1d58b9d19a6277adcd71900d02bb2c4843dd55e78c51e30e89b0fec618a7f170ebcc95b33182c28f05fd6 - languageName: node - linkType: hard - -"crypto-random-string@npm:^4.0.0": - version: 4.0.0 - resolution: "crypto-random-string@npm:4.0.0" - dependencies: - type-fest: ^1.0.1 - checksum: 91f148f27bcc8582798f0fb3e75a09d9174557f39c3c40a89dd1bd70fb5a14a02548245aa26fa7d663c426ac5026f4729841231c84f9e30e8c8ece5e38656741 - languageName: node - linkType: hard - -"cssom@npm:^0.4.4": - version: 0.4.4 - resolution: "cssom@npm:0.4.4" - checksum: e3bc1076e7ee4213d4fef05e7ae03bfa83dc05f32611d8edc341f4ecc3d9647b89c8245474c7dd2cdcdb797a27c462e99da7ad00a34399694559f763478ff53f - languageName: node - linkType: hard - -"cssom@npm:~0.3.6": - version: 0.3.8 - resolution: "cssom@npm:0.3.8" - checksum: 24beb3087c76c0d52dd458be9ee1fbc80ac771478a9baef35dd258cdeb527c68eb43204dd439692bb2b1ae5272fa5f2946d10946edab0d04f1078f85e06bc7f6 - languageName: node - linkType: hard - -"cssstyle@npm:^2.3.0": - version: 2.3.0 - resolution: "cssstyle@npm:2.3.0" - dependencies: - cssom: ~0.3.6 - checksum: 5f05e6fd2e3df0b44695c2f08b9ef38b011862b274e320665176467c0725e44a53e341bc4959a41176e83b66064ab786262e7380fd1cabeae6efee0d255bb4e3 - languageName: node - linkType: hard - -"cuid@npm:^2.1.8": - version: 2.1.8 - resolution: "cuid@npm:2.1.8" - checksum: 12b85b3f5150a6f0b9e4f345c8d98299d74647419151751fa1132f6702fe2b5388ceceb1c9b49bad7cab1b3ac033c7cedea8ffc034930f90005b8a4345025288 - languageName: node - linkType: hard - -"data-urls@npm:^2.0.0": - version: 2.0.0 - resolution: "data-urls@npm:2.0.0" - dependencies: - abab: ^2.0.3 - whatwg-mimetype: ^2.3.0 - whatwg-url: ^8.0.0 - checksum: 97caf828aac25e25e04ba6869db0f99c75e6859bb5b424ada28d3e7841941ebf08ddff3c1b1bb4585986bd507a5d54c2a716853ea6cb98af877400e637393e71 - languageName: node - linkType: hard - -"date-fns@npm:^2.25.0": - version: 2.28.0 - resolution: "date-fns@npm:2.28.0" - checksum: a0516b2e4f99b8bffc6cc5193349f185f195398385bdcaf07f17c2c4a24473c99d933eb0018be4142a86a6d46cb0b06be6440ad874f15e795acbedd6fd727a1f - languageName: node - linkType: hard - -"dateformat@npm:^3.0.0": - version: 3.0.3 - resolution: "dateformat@npm:3.0.3" - checksum: ca4911148abb09887bd9bdcd632c399b06f3ecad709a18eb594d289a1031982f441e08e281db77ffebcb2cbcbfa1ac578a7cbfbf8743f41009aa5adc1846ed34 - languageName: node - linkType: hard - -"debug@npm:4, debug@npm:^4.0.0, debug@npm:^4.0.1, debug@npm:^4.1.0, debug@npm:^4.1.1, debug@npm:^4.3.1, debug@npm:^4.3.3, debug@npm:^4.3.4": - version: 4.3.4 - resolution: "debug@npm:4.3.4" - dependencies: - ms: 2.1.2 - peerDependenciesMeta: - supports-color: - optional: true - checksum: 3dbad3f94ea64f34431a9cbf0bafb61853eda57bff2880036153438f50fb5a84f27683ba0d8e5426bf41a8c6ff03879488120cf5b3a761e77953169c0600a708 - languageName: node - linkType: hard - -"debug@npm:^2.2.0, debug@npm:^2.3.3, debug@npm:^2.6.9": - version: 2.6.9 - resolution: "debug@npm:2.6.9" - dependencies: - ms: 2.0.0 - checksum: d2f51589ca66df60bf36e1fa6e4386b318c3f1e06772280eea5b1ae9fd3d05e9c2b7fd8a7d862457d00853c75b00451aa2d7459b924629ee385287a650f58fe6 - languageName: node - linkType: hard - -"debug@npm:^3.2.7": - version: 3.2.7 - resolution: "debug@npm:3.2.7" - dependencies: - ms: ^2.1.1 - checksum: b3d8c5940799914d30314b7c3304a43305fd0715581a919dacb8b3176d024a782062368405b47491516d2091d6462d4d11f2f4974a405048094f8bfebfa3071c - languageName: node - linkType: hard - -"debuglog@npm:^1.0.1": - version: 1.0.1 - resolution: "debuglog@npm:1.0.1" - checksum: 970679f2eb7a73867e04d45b52583e7ec6dee1f33c058e9147702e72a665a9647f9c3d6e7c2f66f6bf18510b23eb5ded1b617e48ac1db23603809c5ddbbb9763 - languageName: node - linkType: hard - -"decamelize-keys@npm:^1.1.0": - version: 1.1.0 - resolution: "decamelize-keys@npm:1.1.0" - dependencies: - decamelize: ^1.1.0 - map-obj: ^1.0.0 - checksum: 8bc5d32e035a072f5dffc1f1f3d26ca7ab1fb44a9cade34c97ab6cd1e62c81a87e718101e96de07d78cecda20a3fdb955df958e46671ccad01bb8dcf0de2e298 - languageName: node - linkType: hard - -"decamelize@npm:^1.1.0": - version: 1.2.0 - resolution: "decamelize@npm:1.2.0" - checksum: ad8c51a7e7e0720c70ec2eeb1163b66da03e7616d7b98c9ef43cce2416395e84c1e9548dd94f5f6ffecfee9f8b94251fc57121a8b021f2ff2469b2bae247b8aa - languageName: node - linkType: hard - -"decamelize@npm:^5.0.0": - version: 5.0.1 - resolution: "decamelize@npm:5.0.1" - checksum: 7c3b1ed4b3e60e7fbc00a35fb248298527c1cdfe603e41dfcf05e6c4a8cb9efbee60630deb677ed428908fb4e74e322966c687a094d1478ddc9c3a74e9dc7140 - languageName: node - linkType: hard - -"decimal.js@npm:^10.2.1": - version: 10.3.1 - resolution: "decimal.js@npm:10.3.1" - checksum: 0351ac9f05fe050f23227aa6a4573bee2d58fa7378fcf28d969a8c789525032effb488a90320fd3fe86a66e17b4bc507d811b15eada5b7f0e7ec5d2af4c24a59 - languageName: node - linkType: hard - -"decode-uri-component@npm:^0.2.0": - version: 0.2.0 - resolution: "decode-uri-component@npm:0.2.0" - checksum: f3749344ab9305ffcfe4bfe300e2dbb61fc6359e2b736812100a3b1b6db0a5668cba31a05e4b45d4d63dbf1a18dfa354cd3ca5bb3ededddabb8cd293f4404f94 - languageName: node - linkType: hard - -"decompress-response@npm:^3.2.0, decompress-response@npm:^3.3.0": - version: 3.3.0 - resolution: "decompress-response@npm:3.3.0" - dependencies: - mimic-response: ^1.0.0 - checksum: 952552ac3bd7de2fc18015086b09468645c9638d98a551305e485230ada278c039c91116e946d07894b39ee53c0f0d5b6473f25a224029344354513b412d7380 - languageName: node - linkType: hard - -"decompress-tar@npm:^4.0.0, decompress-tar@npm:^4.1.0, decompress-tar@npm:^4.1.1": - version: 4.1.1 - resolution: "decompress-tar@npm:4.1.1" - dependencies: - file-type: ^5.2.0 - is-stream: ^1.1.0 - tar-stream: ^1.5.2 - checksum: 42d5360b558a28dd884e1bf809e3fea92b9910fda5151add004d4a64cc76ac124e8b3e9117e805f2349af9e49c331d873e6fc5ad86a00e575703fee632b0a225 - languageName: node - linkType: hard - -"decompress-tarbz2@npm:^4.0.0": - version: 4.1.1 - resolution: "decompress-tarbz2@npm:4.1.1" - dependencies: - decompress-tar: ^4.1.0 - file-type: ^6.1.0 - is-stream: ^1.1.0 - seek-bzip: ^1.0.5 - unbzip2-stream: ^1.0.9 - checksum: 519c81337730159a1f2d7072a6ee8523ffd76df48d34f14c27cb0a27f89b4e2acf75dad2f761838e5bc63230cea1ac154b092ecb7504be4e93f7d0e32ddd6aff - languageName: node - linkType: hard - -"decompress-targz@npm:^4.0.0": - version: 4.1.1 - resolution: "decompress-targz@npm:4.1.1" - dependencies: - decompress-tar: ^4.1.1 - file-type: ^5.2.0 - is-stream: ^1.1.0 - checksum: 22738f58eb034568dc50d370c03b346c428bfe8292fe56165847376b5af17d3c028fefca82db642d79cb094df4c0a599d40a8f294b02aad1d3ddec82f3fd45d4 - languageName: node - linkType: hard - -"decompress-unzip@npm:^4.0.1": - version: 4.0.1 - resolution: "decompress-unzip@npm:4.0.1" - dependencies: - file-type: ^3.8.0 - get-stream: ^2.2.0 - pify: ^2.3.0 - yauzl: ^2.4.2 - checksum: ba9f3204ab2415bedb18d796244928a18148ef40dbb15174d0d01e5991b39536b03d02800a8a389515a1523f8fb13efc7cd44697df758cd06c674879caefd62b - languageName: node - linkType: hard - -"decompress@npm:^4.0.0, decompress@npm:^4.2.1": - version: 4.2.1 - resolution: "decompress@npm:4.2.1" - dependencies: - decompress-tar: ^4.0.0 - decompress-tarbz2: ^4.0.0 - decompress-targz: ^4.0.0 - decompress-unzip: ^4.0.1 - graceful-fs: ^4.1.10 - make-dir: ^1.0.0 - pify: ^2.3.0 - strip-dirs: ^2.0.0 - checksum: 8247a31c6db7178413715fdfb35a482f019c81dfcd6e8e623d9f0382c9889ce797ce0144de016b256ed03298907a620ce81387cca0e69067a933470081436cb8 - languageName: node - linkType: hard - -"dedent@npm:^0.7.0": - version: 0.7.0 - resolution: "dedent@npm:0.7.0" - checksum: 87de191050d9a40dd70cad01159a0bcf05ecb59750951242070b6abf9569088684880d00ba92a955b4058804f16eeaf91d604f283929b4f614d181cd7ae633d2 - languageName: node - linkType: hard - -"deep-extend@npm:^0.6.0": - version: 0.6.0 - resolution: "deep-extend@npm:0.6.0" - checksum: 7be7e5a8d468d6b10e6a67c3de828f55001b6eb515d014f7aeb9066ce36bd5717161eb47d6a0f7bed8a9083935b465bc163ee2581c8b128d29bf61092fdf57a7 - languageName: node - linkType: hard - -"deep-is@npm:^0.1.3, deep-is@npm:~0.1.3": - version: 0.1.4 - resolution: "deep-is@npm:0.1.4" - checksum: edb65dd0d7d1b9c40b2f50219aef30e116cedd6fc79290e740972c132c09106d2e80aa0bc8826673dd5a00222d4179c84b36a790eef63a4c4bca75a37ef90804 - languageName: node - linkType: hard - -"deepmerge@npm:^4.2.2": - version: 4.2.2 - resolution: "deepmerge@npm:4.2.2" - checksum: a8c43a1ed8d6d1ed2b5bf569fa4c8eb9f0924034baf75d5d406e47e157a451075c4db353efea7b6bcc56ec48116a8ce72fccf867b6e078e7c561904b5897530b - languageName: node - linkType: hard - -"defaults@npm:^1.0.3": - version: 1.0.3 - resolution: "defaults@npm:1.0.3" - dependencies: - clone: ^1.0.2 - checksum: 96e2112da6553d376afd5265ea7cbdb2a3b45535965d71ab8bb1da10c8126d168fdd5268799625324b368356d21ba2a7b3d4ec50961f11a47b7feb9de3d4413e - languageName: node - linkType: hard - -"define-properties@npm:^1.1.3": - version: 1.1.3 - resolution: "define-properties@npm:1.1.3" - dependencies: - object-keys: ^1.0.12 - checksum: da80dba55d0cd76a5a7ab71ef6ea0ebcb7b941f803793e4e0257b384cb772038faa0c31659d244e82c4342edef841c1a1212580006a05a5068ee48223d787317 - languageName: node - linkType: hard - -"define-property@npm:^0.2.5": - version: 0.2.5 - resolution: "define-property@npm:0.2.5" - dependencies: - is-descriptor: ^0.1.0 - checksum: 85af107072b04973b13f9e4128ab74ddfda48ec7ad2e54b193c0ffb57067c4ce5b7786a7b4ae1f24bd03e87c5d18766b094571810b314d7540f86d4354dbd394 - languageName: node - linkType: hard - -"define-property@npm:^1.0.0": - version: 1.0.0 - resolution: "define-property@npm:1.0.0" - dependencies: - is-descriptor: ^1.0.0 - checksum: 5fbed11dace44dd22914035ba9ae83ad06008532ca814d7936a53a09e897838acdad5b108dd0688cc8d2a7cf0681acbe00ee4136cf36743f680d10517379350a - languageName: node - linkType: hard - -"define-property@npm:^2.0.2": - version: 2.0.2 - resolution: "define-property@npm:2.0.2" - dependencies: - is-descriptor: ^1.0.2 - isobject: ^3.0.1 - checksum: 3217ed53fc9eed06ba8da6f4d33e28c68a82e2f2a8ab4d562c4920d8169a166fe7271453675e6c69301466f36a65d7f47edf0cf7f474b9aa52a5ead9c1b13c99 - languageName: node - linkType: hard - -"del@npm:^6.0.0": - version: 6.0.0 - resolution: "del@npm:6.0.0" - dependencies: - globby: ^11.0.1 - graceful-fs: ^4.2.4 - is-glob: ^4.0.1 - is-path-cwd: ^2.2.0 - is-path-inside: ^3.0.2 - p-map: ^4.0.0 - rimraf: ^3.0.2 - slash: ^3.0.0 - checksum: 5742891627e91aaf62385714025233f4664da28bc55b6ab825649dcdea4691fed3cf329a2b1913fd2d2612e693e99e08a03c84cac7f36ef54bacac9390520192 - languageName: node - linkType: hard - -"delayed-stream@npm:~1.0.0": - version: 1.0.0 - resolution: "delayed-stream@npm:1.0.0" - checksum: 46fe6e83e2cb1d85ba50bd52803c68be9bd953282fa7096f51fc29edd5d67ff84ff753c51966061e5ba7cb5e47ef6d36a91924eddb7f3f3483b1c560f77a0020 - languageName: node - linkType: hard - -"delegates@npm:^1.0.0": - version: 1.0.0 - resolution: "delegates@npm:1.0.0" - checksum: a51744d9b53c164ba9c0492471a1a2ffa0b6727451bdc89e31627fdf4adda9d51277cfcbfb20f0a6f08ccb3c436f341df3e92631a3440226d93a8971724771fd - languageName: node - linkType: hard - -"depd@npm:^1.1.2": - version: 1.1.2 - resolution: "depd@npm:1.1.2" - checksum: 6b406620d269619852885ce15965272b829df6f409724415e0002c8632ab6a8c0a08ec1f0bd2add05dc7bd7507606f7e2cc034fa24224ab829580040b835ecd9 - languageName: node - linkType: hard - -"deprecation@npm:^2.0.0, deprecation@npm:^2.3.1": - version: 2.3.1 - resolution: "deprecation@npm:2.3.1" - checksum: f56a05e182c2c195071385455956b0c4106fe14e36245b00c689ceef8e8ab639235176a96977ba7c74afb173317fac2e0ec6ec7a1c6d1e6eaa401c586c714132 - languageName: node - linkType: hard - -"detect-indent@npm:^7.0.0": - version: 7.0.0 - resolution: "detect-indent@npm:7.0.0" - checksum: 71da5b82e5343662b7c3ff348d23674f7f1fc91500615018bf6ef4ccd57a5a35f285287c25179ce0603c39a36782dd5bce5f888bb72efb98ff699646dbad9008 - languageName: node - linkType: hard - -"detect-newline@npm:^3.0.0": - version: 3.1.0 - resolution: "detect-newline@npm:3.1.0" - checksum: ae6cd429c41ad01b164c59ea36f264a2c479598e61cba7c99da24175a7ab80ddf066420f2bec9a1c57a6bead411b4655ff15ad7d281c000a89791f48cbe939e7 - languageName: node - linkType: hard - -"detect-newline@npm:^4.0.0": - version: 4.0.0 - resolution: "detect-newline@npm:4.0.0" - checksum: 52767347c70f485b2d1db6493dde57b8c3c1f249e24bad7eb7424cc1129200aa7e671902ede18bc94a8b69e10dec91456aab4c7e2478559d9eedb31ef3847f36 - languageName: node - linkType: hard - -"dezalgo@npm:^1.0.0": - version: 1.0.4 - resolution: "dezalgo@npm:1.0.4" - dependencies: - asap: ^2.0.0 - wrappy: 1 - checksum: 895389c6aead740d2ab5da4d3466d20fa30f738010a4d3f4dcccc9fc645ca31c9d10b7e1804ae489b1eb02c7986f9f1f34ba132d409b043082a86d9a4e745624 - languageName: node - linkType: hard - -"diff-sequences@npm:^27.4.0": - version: 27.4.0 - resolution: "diff-sequences@npm:27.4.0" - checksum: 66d04033e8632eeacdd029b4ecaf87d233d475e4b0cd1cee035eda99e70e1a7f803507d72f2677990ef526f28a2f6e5709af8d94dcdc0682b8884a3a646190a1 - languageName: node - linkType: hard - -"diff@npm:^5.0.0": - version: 5.0.0 - resolution: "diff@npm:5.0.0" - checksum: f19fe29284b633afdb2725c2a8bb7d25761ea54d321d8e67987ac851c5294be4afeab532bd84531e02583a3fe7f4014aa314a3eda84f5590e7a9e6b371ef3b46 - languageName: node - linkType: hard - -"dir-glob@npm:^3.0.0, dir-glob@npm:^3.0.1": - version: 3.0.1 - resolution: "dir-glob@npm:3.0.1" - dependencies: - path-type: ^4.0.0 - checksum: fa05e18324510d7283f55862f3161c6759a3f2f8dbce491a2fc14c8324c498286c54282c1f0e933cb930da8419b30679389499b919122952a4f8592362ef4615 - languageName: node - linkType: hard - -"doctrine@npm:^2.1.0": - version: 2.1.0 - resolution: "doctrine@npm:2.1.0" - dependencies: - esutils: ^2.0.2 - checksum: a45e277f7feaed309fe658ace1ff286c6e2002ac515af0aaf37145b8baa96e49899638c7cd47dccf84c3d32abfc113246625b3ac8f552d1046072adee13b0dc8 - languageName: node - linkType: hard - -"doctrine@npm:^3.0.0": - version: 3.0.0 - resolution: "doctrine@npm:3.0.0" - dependencies: - esutils: ^2.0.2 - checksum: fd7673ca77fe26cd5cba38d816bc72d641f500f1f9b25b83e8ce28827fe2da7ad583a8da26ab6af85f834138cf8dae9f69b0cd6ab925f52ddab1754db44d99ce - languageName: node - linkType: hard - -"domexception@npm:^2.0.1": - version: 2.0.1 - resolution: "domexception@npm:2.0.1" - dependencies: - webidl-conversions: ^5.0.0 - checksum: d638e9cb05c52999f1b2eb87c374b03311ea5b1d69c2f875bc92da73e17db60c12142b45c950228642ff7f845c536b65305483350d080df59003a653da80b691 - languageName: node - linkType: hard - -"dot-prop@npm:^5.1.0": - version: 5.3.0 - resolution: "dot-prop@npm:5.3.0" - dependencies: - is-obj: ^2.0.0 - checksum: d5775790093c234ef4bfd5fbe40884ff7e6c87573e5339432870616331189f7f5d86575c5b5af2dcf0f61172990f4f734d07844b1f23482fff09e3c4bead05ea - languageName: node - linkType: hard - -"download@npm:^6.2.2": - version: 6.2.5 - resolution: "download@npm:6.2.5" - dependencies: - caw: ^2.0.0 - content-disposition: ^0.5.2 - decompress: ^4.0.0 - ext-name: ^5.0.0 - file-type: 5.2.0 - filenamify: ^2.0.0 - get-stream: ^3.0.0 - got: ^7.0.0 - make-dir: ^1.0.0 - p-event: ^1.0.0 - pify: ^3.0.0 - checksum: 7b98d88f1fb7e02a3d0557ba7de64f34e0165668f31ac70bacc7e96a352e2d9905866677f899a2b81306ced1a92f985398f2dd772b26b2c297d759c691b20fed - languageName: node - linkType: hard - -"download@npm:^8.0.0": - version: 8.0.0 - resolution: "download@npm:8.0.0" - dependencies: - archive-type: ^4.0.0 - content-disposition: ^0.5.2 - decompress: ^4.2.1 - ext-name: ^5.0.0 - file-type: ^11.1.0 - filenamify: ^3.0.0 - get-stream: ^4.1.0 - got: ^8.3.1 - make-dir: ^2.1.0 - p-event: ^2.1.0 - pify: ^4.0.1 - checksum: 8a26b21eee8d23352265729dba8eea9f18cba0ebfa3e064041afffeefdfe508fc31e54a08bd0606ff8b0d548466bdb2e2e32b571a8f95227efa5b7c09c261a2f - languageName: node - linkType: hard - -"duplexer2@npm:~0.1.0": - version: 0.1.4 - resolution: "duplexer2@npm:0.1.4" - dependencies: - readable-stream: ^2.0.2 - checksum: 744961f03c7f54313f90555ac20284a3fb7bf22fdff6538f041a86c22499560eb6eac9d30ab5768054137cb40e6b18b40f621094e0261d7d8c35a37b7a5ad241 - languageName: node - linkType: hard - -"duplexer3@npm:^0.1.4": - version: 0.1.4 - resolution: "duplexer3@npm:0.1.4" - checksum: c2fd6969314607d23439c583699aaa43c4100d66b3e161df55dccd731acc57d5c81a64bb4f250805fbe434ddb1d2623fee2386fb890f5886ca1298690ec53415 - languageName: node - linkType: hard - -"duplexer@npm:^0.1.1": - version: 0.1.2 - resolution: "duplexer@npm:0.1.2" - checksum: 62ba61a830c56801db28ff6305c7d289b6dc9f859054e8c982abd8ee0b0a14d2e9a8e7d086ffee12e868d43e2bbe8a964be55ddbd8c8957714c87373c7a4f9b0 - languageName: node - linkType: hard - -"electron-to-chromium@npm:^1.4.17": - version: 1.4.37 - resolution: "electron-to-chromium@npm:1.4.37" - checksum: d5da221e456bdbd23d554d1362c3e544fb3d384680a8a9fe5027e855f4a16986e7ccfa2924ba8b24f40b47eadd81738db8d2cc6388b5b6386dfadee7bada2155 - languageName: node - linkType: hard - -"emittery@npm:^0.8.1": - version: 0.8.1 - resolution: "emittery@npm:0.8.1" - checksum: 2457e8c7b0688bb006126f2c025b2655abe682f66b184954122a8a065b5277f9813d49d627896a10b076b81c513ec5f491fd9c14fbd42c04b95ca3c9f3c365ee - languageName: node - linkType: hard - -"emoji-regex@npm:^8.0.0": - version: 8.0.0 - resolution: "emoji-regex@npm:8.0.0" - checksum: d4c5c39d5a9868b5fa152f00cada8a936868fd3367f33f71be515ecee4c803132d11b31a6222b2571b1e5f7e13890156a94880345594d0ce7e3c9895f560f192 - languageName: node - linkType: hard - -"encoding@npm:^0.1.13": - version: 0.1.13 - resolution: "encoding@npm:0.1.13" - dependencies: - iconv-lite: ^0.6.2 - checksum: bb98632f8ffa823996e508ce6a58ffcf5856330fde839ae42c9e1f436cc3b5cc651d4aeae72222916545428e54fd0f6aa8862fd8d25bdbcc4589f1e3f3715e7f - languageName: node - linkType: hard - -"end-of-stream@npm:^1.0.0, end-of-stream@npm:^1.1.0": - version: 1.4.4 - resolution: "end-of-stream@npm:1.4.4" - dependencies: - once: ^1.4.0 - checksum: 530a5a5a1e517e962854a31693dbb5c0b2fc40b46dad2a56a2deec656ca040631124f4795823acc68238147805f8b021abbe221f4afed5ef3c8e8efc2024908b - languageName: node - linkType: hard - -"enquirer@npm:^2.3.5": - version: 2.3.6 - resolution: "enquirer@npm:2.3.6" - dependencies: - ansi-colors: ^4.1.1 - checksum: 1c0911e14a6f8d26721c91e01db06092a5f7675159f0261d69c403396a385afd13dd76825e7678f66daffa930cfaa8d45f506fb35f818a2788463d022af1b884 - languageName: node - linkType: hard - -"env-ci@npm:^5.0.0": - version: 5.5.0 - resolution: "env-ci@npm:5.5.0" - dependencies: - execa: ^5.0.0 - fromentries: ^1.3.2 - java-properties: ^1.0.0 - checksum: 0984298e0eca8461f898f5ab92edb8d1d440a117aa1864ee04b8e3cb785a8f48d3a30d1ede88f9775da8e8ae38b2afdb890072d819170f085ae47507e324e915 - languageName: node - linkType: hard - -"env-paths@npm:^2.2.0": - version: 2.2.1 - resolution: "env-paths@npm:2.2.1" - checksum: 65b5df55a8bab92229ab2b40dad3b387fad24613263d103a97f91c9fe43ceb21965cd3392b1ccb5d77088021e525c4e0481adb309625d0cb94ade1d1fb8dc17e - languageName: node - linkType: hard - -"err-code@npm:^2.0.2": - version: 2.0.3 - resolution: "err-code@npm:2.0.3" - checksum: 8b7b1be20d2de12d2255c0bc2ca638b7af5171142693299416e6a9339bd7d88fc8d7707d913d78e0993176005405a236b066b45666b27b797252c771156ace54 - languageName: node - linkType: hard - -"error-ex@npm:^1.3.1": - version: 1.3.2 - resolution: "error-ex@npm:1.3.2" - dependencies: - is-arrayish: ^0.2.1 - checksum: c1c2b8b65f9c91b0f9d75f0debaa7ec5b35c266c2cac5de412c1a6de86d4cbae04ae44e510378cb14d032d0645a36925d0186f8bb7367bcc629db256b743a001 - languageName: node - linkType: hard - -"es-abstract@npm:^1.19.0, es-abstract@npm:^1.19.1": - version: 1.19.1 - resolution: "es-abstract@npm:1.19.1" - dependencies: - call-bind: ^1.0.2 - es-to-primitive: ^1.2.1 - function-bind: ^1.1.1 - get-intrinsic: ^1.1.1 - get-symbol-description: ^1.0.0 - has: ^1.0.3 - has-symbols: ^1.0.2 - internal-slot: ^1.0.3 - is-callable: ^1.2.4 - is-negative-zero: ^2.0.1 - is-regex: ^1.1.4 - is-shared-array-buffer: ^1.0.1 - is-string: ^1.0.7 - is-weakref: ^1.0.1 - object-inspect: ^1.11.0 - object-keys: ^1.1.1 - object.assign: ^4.1.2 - string.prototype.trimend: ^1.0.4 - string.prototype.trimstart: ^1.0.4 - unbox-primitive: ^1.0.1 - checksum: b6be8410672c5364db3fb01eb786e30c7b4bb32b4af63d381c08840f4382c4a168e7855cd338bf59d4f1a1a1138f4d748d1fd40ec65aaa071876f9e9fbfed949 - languageName: node - linkType: hard - -"es-to-primitive@npm:^1.2.1": - version: 1.2.1 - resolution: "es-to-primitive@npm:1.2.1" - dependencies: - is-callable: ^1.1.4 - is-date-object: ^1.0.1 - is-symbol: ^1.0.2 - checksum: 4ead6671a2c1402619bdd77f3503991232ca15e17e46222b0a41a5d81aebc8740a77822f5b3c965008e631153e9ef0580540007744521e72de8e33599fca2eed - languageName: node - linkType: hard - -"escalade@npm:^3.1.1": - version: 3.1.1 - resolution: "escalade@npm:3.1.1" - checksum: a3e2a99f07acb74b3ad4989c48ca0c3140f69f923e56d0cba0526240ee470b91010f9d39001f2a4a313841d237ede70a729e92125191ba5d21e74b106800b133 - languageName: node - linkType: hard - -"escape-string-regexp@npm:^1.0.2, escape-string-regexp@npm:^1.0.5": - version: 1.0.5 - resolution: "escape-string-regexp@npm:1.0.5" - checksum: 6092fda75c63b110c706b6a9bfde8a612ad595b628f0bd2147eea1d3406723020810e591effc7db1da91d80a71a737a313567c5abb3813e8d9c71f4aa595b410 - languageName: node - linkType: hard - -"escape-string-regexp@npm:^2.0.0": - version: 2.0.0 - resolution: "escape-string-regexp@npm:2.0.0" - checksum: 9f8a2d5743677c16e85c810e3024d54f0c8dea6424fad3c79ef6666e81dd0846f7437f5e729dfcdac8981bc9e5294c39b4580814d114076b8d36318f46ae4395 - languageName: node - linkType: hard - -"escape-string-regexp@npm:^4.0.0": - version: 4.0.0 - resolution: "escape-string-regexp@npm:4.0.0" - checksum: 98b48897d93060f2322108bf29db0feba7dd774be96cd069458d1453347b25ce8682ecc39859d4bca2203cc0ab19c237bcc71755eff49a0f8d90beadeeba5cc5 - languageName: node - linkType: hard - -"escodegen@npm:^1.8.1": - version: 1.14.3 - resolution: "escodegen@npm:1.14.3" - dependencies: - esprima: ^4.0.1 - estraverse: ^4.2.0 - esutils: ^2.0.2 - optionator: ^0.8.1 - source-map: ~0.6.1 - dependenciesMeta: - source-map: - optional: true - bin: - escodegen: bin/escodegen.js - esgenerate: bin/esgenerate.js - checksum: 381cdc4767ecdb221206bbbab021b467bbc2a6f5c9a99c9e6353040080bdd3dfe73d7604ad89a47aca6ea7d58bc635f6bd3fbc8da9a1998e9ddfa8372362ccd0 - languageName: node - linkType: hard - -"escodegen@npm:^2.0.0": - version: 2.0.0 - resolution: "escodegen@npm:2.0.0" - dependencies: - esprima: ^4.0.1 - estraverse: ^5.2.0 - esutils: ^2.0.2 - optionator: ^0.8.1 - source-map: ~0.6.1 - dependenciesMeta: - source-map: - optional: true - bin: - escodegen: bin/escodegen.js - esgenerate: bin/esgenerate.js - checksum: 5aa6b2966fafe0545e4e77936300cc94ad57cfe4dc4ebff9950492eaba83eef634503f12d7e3cbd644ecc1bab388ad0e92b06fd32222c9281a75d1cf02ec6cef - languageName: node - linkType: hard - -"eslint-config-airbnb-base@npm:14.2.1": - version: 14.2.1 - resolution: "eslint-config-airbnb-base@npm:14.2.1" - dependencies: - confusing-browser-globals: ^1.0.10 - object.assign: ^4.1.2 - object.entries: ^1.1.2 - peerDependencies: - eslint: ^5.16.0 || ^6.8.0 || ^7.2.0 - eslint-plugin-import: ^2.22.1 - checksum: 858bea748a3c8685b52fcf2488e6a0b964022f8387f4ee1e69cb707d4fda2a409f09eb8eea658bcd83fae3519967d10208ba7576dd3d3202b8cf0b9d1a6e21eb - languageName: node - linkType: hard - -"eslint-config-prettier@npm:^6.11.0": - version: 6.15.0 - resolution: "eslint-config-prettier@npm:6.15.0" - dependencies: - get-stdin: ^6.0.0 - peerDependencies: - eslint: ">=3.14.1" - bin: - eslint-config-prettier-check: bin/cli.js - checksum: 02f461a5d7fbf06bd17077e76857eb7cf70def81762fb853094ae16e895231b2bf53c7ca83f535b943d7558fdd02ac41b33eb6d59523e60b1d8c6d1730d00f1e - languageName: node - linkType: hard - -"eslint-import-resolver-node@npm:^0.3.6": - version: 0.3.6 - resolution: "eslint-import-resolver-node@npm:0.3.6" - dependencies: - debug: ^3.2.7 - resolve: ^1.20.0 - checksum: 6266733af1e112970e855a5bcc2d2058fb5ae16ad2a6d400705a86b29552b36131ffc5581b744c23d550de844206fb55e9193691619ee4dbf225c4bde526b1c8 - languageName: node - linkType: hard - -"eslint-module-utils@npm:^2.7.2": - version: 2.7.2 - resolution: "eslint-module-utils@npm:2.7.2" - dependencies: - debug: ^3.2.7 - find-up: ^2.1.0 - checksum: 3e6407461d12b1568556fc9a84668415693ecce92d17d7407353defcfcafec5d3d8dfa2d9eda3743b3b53ef04101d8aa69072b3d634d92e766c3dfa10505542d - languageName: node - linkType: hard - -"eslint-plugin-import@npm:^2.22.1": - version: 2.25.4 - resolution: "eslint-plugin-import@npm:2.25.4" - dependencies: - array-includes: ^3.1.4 - array.prototype.flat: ^1.2.5 - debug: ^2.6.9 - doctrine: ^2.1.0 - eslint-import-resolver-node: ^0.3.6 - eslint-module-utils: ^2.7.2 - has: ^1.0.3 - is-core-module: ^2.8.0 - is-glob: ^4.0.3 - minimatch: ^3.0.4 - object.values: ^1.1.5 - resolve: ^1.20.0 - tsconfig-paths: ^3.12.0 - peerDependencies: - eslint: ^2 || ^3 || ^4 || ^5 || ^6 || ^7.2.0 || ^8 - checksum: 0af24f5c7c6ca692f42e3947127f0ae7dfe44f1e02740f7cbe988b510a9c52bab0065d7df04e2d953dcc88a4595a00cbdcf14018acf8cd75cfd47b72efcbb734 - languageName: node - linkType: hard - -"eslint-plugin-prettier@npm:^3.4.0": - version: 3.4.1 - resolution: "eslint-plugin-prettier@npm:3.4.1" - dependencies: - prettier-linter-helpers: ^1.0.0 - peerDependencies: - eslint: ">=5.0.0" - prettier: ">=1.13.0" - peerDependenciesMeta: - eslint-config-prettier: - optional: true - checksum: fa6a89f0d7cba1cc87064352f5a4a68dc3739448dd279bec2bced1bfa3b704467e603d13b69dcec853f8fa30b286b8b715912898e9da776e1b016cf0ee48bd99 - languageName: node - linkType: hard - -"eslint-scope@npm:^5.1.1": - version: 5.1.1 - resolution: "eslint-scope@npm:5.1.1" - dependencies: - esrecurse: ^4.3.0 - estraverse: ^4.1.1 - checksum: 47e4b6a3f0cc29c7feedee6c67b225a2da7e155802c6ea13bbef4ac6b9e10c66cd2dcb987867ef176292bf4e64eccc680a49e35e9e9c669f4a02bac17e86abdb - languageName: node - linkType: hard - -"eslint-utils@npm:^2.1.0": - version: 2.1.0 - resolution: "eslint-utils@npm:2.1.0" - dependencies: - eslint-visitor-keys: ^1.1.0 - checksum: 27500938f348da42100d9e6ad03ae29b3de19ba757ae1a7f4a087bdcf83ac60949bbb54286492ca61fac1f5f3ac8692dd21537ce6214240bf95ad0122f24d71d - languageName: node - linkType: hard - -"eslint-utils@npm:^3.0.0": - version: 3.0.0 - resolution: "eslint-utils@npm:3.0.0" - dependencies: - eslint-visitor-keys: ^2.0.0 - peerDependencies: - eslint: ">=5" - checksum: 0668fe02f5adab2e5a367eee5089f4c39033af20499df88fe4e6aba2015c20720404d8c3d6349b6f716b08fdf91b9da4e5d5481f265049278099c4c836ccb619 - languageName: node - linkType: hard - -"eslint-visitor-keys@npm:^1.1.0, eslint-visitor-keys@npm:^1.3.0": - version: 1.3.0 - resolution: "eslint-visitor-keys@npm:1.3.0" - checksum: 37a19b712f42f4c9027e8ba98c2b06031c17e0c0a4c696cd429bd9ee04eb43889c446f2cd545e1ff51bef9593fcec94ecd2c2ef89129fcbbf3adadbef520376a - languageName: node - linkType: hard - -"eslint-visitor-keys@npm:^2.0.0": - version: 2.1.0 - resolution: "eslint-visitor-keys@npm:2.1.0" - checksum: e3081d7dd2611a35f0388bbdc2f5da60b3a3c5b8b6e928daffff7391146b434d691577aa95064c8b7faad0b8a680266bcda0a42439c18c717b80e6718d7e267d - languageName: node - linkType: hard - -"eslint@npm:^7.2.0, eslint@npm:^7.25.0": - version: 7.32.0 - resolution: "eslint@npm:7.32.0" - dependencies: - "@babel/code-frame": 7.12.11 - "@eslint/eslintrc": ^0.4.3 - "@humanwhocodes/config-array": ^0.5.0 - ajv: ^6.10.0 - chalk: ^4.0.0 - cross-spawn: ^7.0.2 - debug: ^4.0.1 - doctrine: ^3.0.0 - enquirer: ^2.3.5 - escape-string-regexp: ^4.0.0 - eslint-scope: ^5.1.1 - eslint-utils: ^2.1.0 - eslint-visitor-keys: ^2.0.0 - espree: ^7.3.1 - esquery: ^1.4.0 - esutils: ^2.0.2 - fast-deep-equal: ^3.1.3 - file-entry-cache: ^6.0.1 - functional-red-black-tree: ^1.0.1 - glob-parent: ^5.1.2 - globals: ^13.6.0 - ignore: ^4.0.6 - import-fresh: ^3.0.0 - imurmurhash: ^0.1.4 - is-glob: ^4.0.0 - js-yaml: ^3.13.1 - json-stable-stringify-without-jsonify: ^1.0.1 - levn: ^0.4.1 - lodash.merge: ^4.6.2 - minimatch: ^3.0.4 - natural-compare: ^1.4.0 - optionator: ^0.9.1 - progress: ^2.0.0 - regexpp: ^3.1.0 - semver: ^7.2.1 - strip-ansi: ^6.0.0 - strip-json-comments: ^3.1.0 - table: ^6.0.9 - text-table: ^0.2.0 - v8-compile-cache: ^2.0.3 - bin: - eslint: bin/eslint.js - checksum: cc85af9985a3a11085c011f3d27abe8111006d34cc274291b3c4d7bea51a4e2ff6135780249becd919ba7f6d6d1ecc38a6b73dacb6a7be08d38453b344dc8d37 - languageName: node - linkType: hard - -"espree@npm:^7.3.0, espree@npm:^7.3.1": - version: 7.3.1 - resolution: "espree@npm:7.3.1" - dependencies: - acorn: ^7.4.0 - acorn-jsx: ^5.3.1 - eslint-visitor-keys: ^1.3.0 - checksum: aa9b50dcce883449af2e23bc2b8d9abb77118f96f4cb313935d6b220f77137eaef7724a83c3f6243b96bc0e4ab14766198e60818caad99f9519ae5a336a39b45 - languageName: node - linkType: hard - -"esprima@npm:1.2.2": - version: 1.2.2 - resolution: "esprima@npm:1.2.2" - bin: - esparse: ./bin/esparse.js - esvalidate: ./bin/esvalidate.js - checksum: 4f10006f0e315f2f7d8cf6630e465f183512f1ab2e862b11785a133ce37ed1696573deefb5256e510eaa4368342b13b393334477f6ccdcdb8f10e782b0f5e6dc - languageName: node - linkType: hard - -"esprima@npm:^4.0.0, esprima@npm:^4.0.1, esprima@npm:~4.0.0": - version: 4.0.1 - resolution: "esprima@npm:4.0.1" - bin: - esparse: ./bin/esparse.js - esvalidate: ./bin/esvalidate.js - checksum: b45bc805a613dbea2835278c306b91aff6173c8d034223fa81498c77dcbce3b2931bf6006db816f62eacd9fd4ea975dfd85a5b7f3c6402cfd050d4ca3c13a628 - languageName: node - linkType: hard - -"esquery@npm:^1.4.0": - version: 1.4.0 - resolution: "esquery@npm:1.4.0" - dependencies: - estraverse: ^5.1.0 - checksum: a0807e17abd7fbe5fbd4fab673038d6d8a50675cdae6b04fbaa520c34581be0c5fa24582990e8acd8854f671dd291c78bb2efb9e0ed5b62f33bac4f9cf820210 - languageName: node - linkType: hard - -"esrecurse@npm:^4.3.0": - version: 4.3.0 - resolution: "esrecurse@npm:4.3.0" - dependencies: - estraverse: ^5.2.0 - checksum: ebc17b1a33c51cef46fdc28b958994b1dc43cd2e86237515cbc3b4e5d2be6a811b2315d0a1a4d9d340b6d2308b15322f5c8291059521cc5f4802f65e7ec32837 - languageName: node - linkType: hard - -"estraverse@npm:^4.1.1, estraverse@npm:^4.2.0": - version: 4.3.0 - resolution: "estraverse@npm:4.3.0" - checksum: a6299491f9940bb246124a8d44b7b7a413a8336f5436f9837aaa9330209bd9ee8af7e91a654a3545aee9c54b3308e78ee360cef1d777d37cfef77d2fa33b5827 - languageName: node - linkType: hard - -"estraverse@npm:^5.1.0, estraverse@npm:^5.2.0": - version: 5.3.0 - resolution: "estraverse@npm:5.3.0" - checksum: 072780882dc8416ad144f8fe199628d2b3e7bbc9989d9ed43795d2c90309a2047e6bc5979d7e2322a341163d22cfad9e21f4110597fe487519697389497e4e2b - languageName: node - linkType: hard - -"esutils@npm:^2.0.2": - version: 2.0.3 - resolution: "esutils@npm:2.0.3" - checksum: 22b5b08f74737379a840b8ed2036a5fb35826c709ab000683b092d9054e5c2a82c27818f12604bfc2a9a76b90b6834ef081edbc1c7ae30d1627012e067c6ec87 - languageName: node - linkType: hard - -"execa@npm:^0.7.0": - version: 0.7.0 - resolution: "execa@npm:0.7.0" - dependencies: - cross-spawn: ^5.0.1 - get-stream: ^3.0.0 - is-stream: ^1.1.0 - npm-run-path: ^2.0.0 - p-finally: ^1.0.0 - signal-exit: ^3.0.0 - strip-eof: ^1.0.0 - checksum: dd70206d74b7217bf678ec9f04dddedc82f425df4c1d70e34c9f429d630ec407819e4bd42e3af2618981a4a3a1be000c9b651c0637be486cdab985160c20337c - languageName: node - linkType: hard - -"execa@npm:^5.0.0": - version: 5.1.1 - resolution: "execa@npm:5.1.1" - dependencies: - cross-spawn: ^7.0.3 - get-stream: ^6.0.0 - human-signals: ^2.1.0 - is-stream: ^2.0.0 - merge-stream: ^2.0.0 - npm-run-path: ^4.0.1 - onetime: ^5.1.2 - signal-exit: ^3.0.3 - strip-final-newline: ^2.0.0 - checksum: fba9022c8c8c15ed862847e94c252b3d946036d7547af310e344a527e59021fd8b6bb0723883ea87044dc4f0201f949046993124a42ccb0855cae5bf8c786343 - languageName: node - linkType: hard - -"execa@npm:^6.1.0": - version: 6.1.0 - resolution: "execa@npm:6.1.0" - dependencies: - cross-spawn: ^7.0.3 - get-stream: ^6.0.1 - human-signals: ^3.0.1 - is-stream: ^3.0.0 - merge-stream: ^2.0.0 - npm-run-path: ^5.1.0 - onetime: ^6.0.0 - signal-exit: ^3.0.7 - strip-final-newline: ^3.0.0 - checksum: 1a4af799839134f5c72eb63d525b87304c1114a63aa71676c91d57ccef2e26f2f53e14c11384ab11c4ec479be1efa83d11c8190e00040355c2c5c3364327fa8e - languageName: node - linkType: hard - -"exit@npm:^0.1.2": - version: 0.1.2 - resolution: "exit@npm:0.1.2" - checksum: abc407f07a875c3961e4781dfcb743b58d6c93de9ab263f4f8c9d23bb6da5f9b7764fc773f86b43dd88030444d5ab8abcb611cb680fba8ca075362b77114bba3 - languageName: node - linkType: hard - -"expand-brackets@npm:^0.1.4": - version: 0.1.5 - resolution: "expand-brackets@npm:0.1.5" - dependencies: - is-posix-bracket: ^0.1.0 - checksum: 71b2971027eb026f055a1c310d24d18a266427b84fc18cadddcedb4de2e07aaef6084e252406b20e58f7aa7613f6bfbe6136962955562529a66675bf49bb10d7 - languageName: node - linkType: hard - -"expand-brackets@npm:^2.1.4": - version: 2.1.4 - resolution: "expand-brackets@npm:2.1.4" - dependencies: - debug: ^2.3.3 - define-property: ^0.2.5 - extend-shallow: ^2.0.1 - posix-character-classes: ^0.1.0 - regex-not: ^1.0.0 - snapdragon: ^0.8.1 - to-regex: ^3.0.1 - checksum: 1781d422e7edfa20009e2abda673cadb040a6037f0bd30fcd7357304f4f0c284afd420d7622722ca4a016f39b6d091841ab57b401c1f7e2e5131ac65b9f14fa1 - languageName: node - linkType: hard - -"expand-range@npm:^1.8.1": - version: 1.8.2 - resolution: "expand-range@npm:1.8.2" - dependencies: - fill-range: ^2.1.0 - checksum: ca773ec06838d7d53cfd835b7d58c9c662a3773e5d57647ca6f83e50218efd93e29b5ee6cc1ea9c5651794e9005562cad28c4911ea06aac27323a05f3c6b787d - languageName: node - linkType: hard - -"expect@npm:^27.4.6": - version: 27.4.6 - resolution: "expect@npm:27.4.6" - dependencies: - "@jest/types": ^27.4.2 - jest-get-type: ^27.4.0 - jest-matcher-utils: ^27.4.6 - jest-message-util: ^27.4.6 - checksum: 593eaa8ff34320f9a70f961bc25eeae932df4f48ebcc5ecc1033f1cddffd286fc42a2f312929222541cec1077de2604ff4fc6e97012afcbd36b333bfaba82f7f - languageName: node - linkType: hard - -"ext-list@npm:^2.0.0": - version: 2.2.2 - resolution: "ext-list@npm:2.2.2" - dependencies: - mime-db: ^1.28.0 - checksum: 9b2426bea312e674eeced62c5f18407ab9a8653bbdfbde36492331c7973dab7fbf9e11d6c38605786168b42da333910314988097ca06eee61f1b9b57efae3f18 - languageName: node - linkType: hard - -"ext-name@npm:^5.0.0": - version: 5.0.0 - resolution: "ext-name@npm:5.0.0" - dependencies: - ext-list: ^2.0.0 - sort-keys-length: ^1.0.0 - checksum: f598269bd5de4295540ea7d6f8f6a01d82a7508f148b7700a05628ef6121648d26e6e5e942049e953b3051863df6b54bd8fe951e7877f185e34ace5d44370b33 - languageName: node - linkType: hard - -"extend-shallow@npm:^2.0.1": - version: 2.0.1 - resolution: "extend-shallow@npm:2.0.1" - dependencies: - is-extendable: ^0.1.0 - checksum: 8fb58d9d7a511f4baf78d383e637bd7d2e80843bd9cd0853649108ea835208fb614da502a553acc30208e1325240bb7cc4a68473021612496bb89725483656d8 - languageName: node - linkType: hard - -"extend-shallow@npm:^3.0.0, extend-shallow@npm:^3.0.2": - version: 3.0.2 - resolution: "extend-shallow@npm:3.0.2" - dependencies: - assign-symbols: ^1.0.0 - is-extendable: ^1.0.1 - checksum: a920b0cd5838a9995ace31dfd11ab5e79bf6e295aa566910ce53dff19f4b1c0fda2ef21f26b28586c7a2450ca2b42d97bd8c0f5cec9351a819222bf861e02461 - languageName: node - linkType: hard - -"external-editor@npm:^3.0.3": - version: 3.1.0 - resolution: "external-editor@npm:3.1.0" - dependencies: - chardet: ^0.7.0 - iconv-lite: ^0.4.24 - tmp: ^0.0.33 - checksum: 1c2a616a73f1b3435ce04030261bed0e22d4737e14b090bb48e58865da92529c9f2b05b893de650738d55e692d071819b45e1669259b2b354bc3154d27a698c7 - languageName: node - linkType: hard - -"extglob@npm:^0.3.1": - version: 0.3.2 - resolution: "extglob@npm:0.3.2" - dependencies: - is-extglob: ^1.0.0 - checksum: c1c8d5365fe4992fc5b007140cbb37292ffadcd767cb602606de4d572ff96f38620e42855f8cb75020c050aacf1eeb51212dd6312de46eab42e2200277b5fc45 - languageName: node - linkType: hard - -"extglob@npm:^2.0.4": - version: 2.0.4 - resolution: "extglob@npm:2.0.4" - dependencies: - array-unique: ^0.3.2 - define-property: ^1.0.0 - expand-brackets: ^2.1.4 - extend-shallow: ^2.0.1 - fragment-cache: ^0.2.1 - regex-not: ^1.0.0 - snapdragon: ^0.8.1 - to-regex: ^3.0.1 - checksum: a41531b8934735b684cef5e8c5a01d0f298d7d384500ceca38793a9ce098125aab04ee73e2d75d5b2901bc5dddd2b64e1b5e3bf19139ea48bac52af4a92f1d00 - languageName: node - linkType: hard - -"fast-deep-equal@npm:^3.1.1, fast-deep-equal@npm:^3.1.3": - version: 3.1.3 - resolution: "fast-deep-equal@npm:3.1.3" - checksum: e21a9d8d84f53493b6aa15efc9cfd53dd5b714a1f23f67fb5dc8f574af80df889b3bce25dc081887c6d25457cce704e636395333abad896ccdec03abaf1f3f9d - languageName: node - linkType: hard - -"fast-diff@npm:^1.1.2": - version: 1.2.0 - resolution: "fast-diff@npm:1.2.0" - checksum: 1b5306eaa9e826564d9e5ffcd6ebd881eb5f770b3f977fcbf38f05c824e42172b53c79920e8429c54eb742ce15a0caf268b0fdd5b38f6de52234c4a8368131ae - languageName: node - linkType: hard - -"fast-glob@npm:^3.1.1, fast-glob@npm:^3.2.11, fast-glob@npm:^3.2.7": - version: 3.2.11 - resolution: "fast-glob@npm:3.2.11" - dependencies: - "@nodelib/fs.stat": ^2.0.2 - "@nodelib/fs.walk": ^1.2.3 - glob-parent: ^5.1.2 - merge2: ^1.3.0 - micromatch: ^4.0.4 - checksum: f473105324a7780a20c06de842e15ddbb41d3cb7e71d1e4fe6e8373204f22245d54f5ab9e2061e6a1c613047345954d29b022e0e76f5c28b1df9858179a0e6d7 - languageName: node - linkType: hard - -"fast-json-stable-stringify@npm:2.x, fast-json-stable-stringify@npm:^2.0.0": - version: 2.1.0 - resolution: "fast-json-stable-stringify@npm:2.1.0" - checksum: b191531e36c607977e5b1c47811158733c34ccb3bfde92c44798929e9b4154884378536d26ad90dfecd32e1ffc09c545d23535ad91b3161a27ddbb8ebe0cbecb - languageName: node - linkType: hard - -"fast-levenshtein@npm:^2.0.6, fast-levenshtein@npm:~2.0.6": - version: 2.0.6 - resolution: "fast-levenshtein@npm:2.0.6" - checksum: 92cfec0a8dfafd9c7a15fba8f2cc29cd0b62b85f056d99ce448bbcd9f708e18ab2764bda4dd5158364f4145a7c72788538994f0d1787b956ef0d1062b0f7c24c - languageName: node - linkType: hard - -"fastest-levenshtein@npm:^1.0.12": - version: 1.0.12 - resolution: "fastest-levenshtein@npm:1.0.12" - checksum: e1a013698dd1d302c7a78150130c7d50bb678c2c2f8839842a796d66cc7cdf50ea6b3d7ca930b0c8e7e8c2cd84fea8ab831023b382f7aab6922c318c1451beab - languageName: node - linkType: hard - -"fastq@npm:^1.6.0": - version: 1.13.0 - resolution: "fastq@npm:1.13.0" - dependencies: - reusify: ^1.0.4 - checksum: 32cf15c29afe622af187d12fc9cd93e160a0cb7c31a3bb6ace86b7dea3b28e7b72acde89c882663f307b2184e14782c6c664fa315973c03626c7d4bff070bb0b - languageName: node - linkType: hard - -"fb-watchman@npm:^2.0.0": - version: 2.0.1 - resolution: "fb-watchman@npm:2.0.1" - dependencies: - bser: 2.1.1 - checksum: 8510230778ab3a51c27dffb1b76ef2c24fab672a42742d3c0a45c2e9d1e5f20210b1fbca33486088da4a9a3958bde96b5aec0a63aac9894b4e9df65c88b2cbd6 - languageName: node - linkType: hard - -"fd-slicer@npm:~1.1.0": - version: 1.1.0 - resolution: "fd-slicer@npm:1.1.0" - dependencies: - pend: ~1.2.0 - checksum: c8585fd5713f4476eb8261150900d2cb7f6ff2d87f8feb306ccc8a1122efd152f1783bdb2b8dc891395744583436bfd8081d8e63ece0ec8687eeefea394d4ff2 - languageName: node - linkType: hard - -"figures@npm:^2.0.0": - version: 2.0.0 - resolution: "figures@npm:2.0.0" - dependencies: - escape-string-regexp: ^1.0.5 - checksum: 081beb16ea57d1716f8447c694f637668322398b57017b20929376aaf5def9823b35245b734cdd87e4832dc96e9c6f46274833cada77bfe15e5f980fea1fd21f - languageName: node - linkType: hard - -"figures@npm:^3.0.0": - version: 3.2.0 - resolution: "figures@npm:3.2.0" - dependencies: - escape-string-regexp: ^1.0.5 - checksum: 85a6ad29e9aca80b49b817e7c89ecc4716ff14e3779d9835af554db91bac41c0f289c418923519392a1e582b4d10482ad282021330cd045bb7b80c84152f2a2b - languageName: node - linkType: hard - -"file-entry-cache@npm:^6.0.1": - version: 6.0.1 - resolution: "file-entry-cache@npm:6.0.1" - dependencies: - flat-cache: ^3.0.4 - checksum: f49701feaa6314c8127c3c2f6173cfefff17612f5ed2daaafc6da13b5c91fd43e3b2a58fd0d63f9f94478a501b167615931e7200e31485e320f74a33885a9c74 - languageName: node - linkType: hard - -"file-type@npm:5.2.0, file-type@npm:^5.2.0": - version: 5.2.0 - resolution: "file-type@npm:5.2.0" - checksum: b2b21c7fc3cfb3c6a3a18b0d5d7233b74d8c17d82757655766573951daf42962a5c809e5fc3637675b237c558ebc67e4958fb2cc5a4ad407bc545aaa40001c74 - languageName: node - linkType: hard - -"file-type@npm:^11.1.0": - version: 11.1.0 - resolution: "file-type@npm:11.1.0" - checksum: 66c2086867291fda760a245534bec1fbf12817dc6fd3426c2b41f29a37c71bb61f1091505c98f03a446703321cc1d4a8e873ce631f5763fc53178645d9eb3f85 - languageName: node - linkType: hard - -"file-type@npm:^3.8.0": - version: 3.9.0 - resolution: "file-type@npm:3.9.0" - checksum: 1db70b2485ac77c4edb4b8753c1874ee6194123533f43c2651820f96b518f505fa570b093fedd6672eb105ba9fb89c62f84b6492e46788e39c3447aed37afa2d - languageName: node - linkType: hard - -"file-type@npm:^4.2.0": - version: 4.4.0 - resolution: "file-type@npm:4.4.0" - checksum: f3e0b38bef643a330b3d98e3aa9d6f0f32d2d80cb9341f5612187bd53ac84489a4dc66b354bd0cff6b60bff053c7ef21eb8923d62e9f1196ac627b63bd7875ef - languageName: node - linkType: hard - -"file-type@npm:^6.1.0": - version: 6.2.0 - resolution: "file-type@npm:6.2.0" - checksum: 749540cefcd4959121eb83e373ed84e49b2e5a510aa5d598b725bd772dd306ae41fd00d3162ae3f6563b4db5cfafbbd0df321de3f20c17e20a8c56431ae55e58 - languageName: node - linkType: hard - -"file-uri-to-path@npm:1.0.0": - version: 1.0.0 - resolution: "file-uri-to-path@npm:1.0.0" - checksum: b648580bdd893a008c92c7ecc96c3ee57a5e7b6c4c18a9a09b44fb5d36d79146f8e442578bc0e173dc027adf3987e254ba1dfd6e3ec998b7c282873010502144 - languageName: node - linkType: hard - -"filename-regex@npm:^2.0.0": - version: 2.0.1 - resolution: "filename-regex@npm:2.0.1" - checksum: ac181f8184cf49d2f08889a446995537c3967e6f6195752d903b69c7d85f134425fb1446c4e384e77390bac488b60a9658805debc5a91e8c0bc9f81340505371 - languageName: node - linkType: hard - -"filename-reserved-regex@npm:^2.0.0": - version: 2.0.0 - resolution: "filename-reserved-regex@npm:2.0.0" - checksum: 323a0020fd7f243238ffccab9d728cbc5f3a13c84b2c10e01efb09b8324561d7a51776be76f36603c734d4f69145c39a5d12492bf6142a28b50d7f90bd6190bc - languageName: node - linkType: hard - -"filenamify@npm:^2.0.0": - version: 2.1.0 - resolution: "filenamify@npm:2.1.0" - dependencies: - filename-reserved-regex: ^2.0.0 - strip-outer: ^1.0.0 - trim-repeated: ^1.0.0 - checksum: dd7f6ce050b642dac75fd4a88dc88fb5c4c40d72e7b8b1da5c2799a0c13332b7d631947e0e549906895864207c81a74a3656fc9684ba265e3b17ef8b1421bdcf - languageName: node - linkType: hard - -"filenamify@npm:^3.0.0": - version: 3.0.0 - resolution: "filenamify@npm:3.0.0" - dependencies: - filename-reserved-regex: ^2.0.0 - strip-outer: ^1.0.0 - trim-repeated: ^1.0.0 - checksum: d419eaa1b8c331ab8616e1fffe33e4af135c60b5364320bbe015bc93ded89c6c301363f69593991de18a8f9dd278324c0a0d89fd554c30250306f4c16c956673 - languageName: node - linkType: hard - -"fill-range@npm:^2.1.0": - version: 2.2.4 - resolution: "fill-range@npm:2.2.4" - dependencies: - is-number: ^2.1.0 - isobject: ^2.0.0 - randomatic: ^3.0.0 - repeat-element: ^1.1.2 - repeat-string: ^1.5.2 - checksum: ee7cb386c983bf7ff8aa120164c8b857a937c9d2b9c4ddf47af22f9d2bb1bd03dfa821946d7246f1631e86816562dd60059e081948d0804ce2ac0ac83f7edc61 - languageName: node - linkType: hard - -"fill-range@npm:^4.0.0": - version: 4.0.0 - resolution: "fill-range@npm:4.0.0" - dependencies: - extend-shallow: ^2.0.1 - is-number: ^3.0.0 - repeat-string: ^1.6.1 - to-regex-range: ^2.1.0 - checksum: dbb5102467786ab42bc7a3ec7380ae5d6bfd1b5177b2216de89e4a541193f8ba599a6db84651bd2c58c8921db41b8cc3d699ea83b477342d3ce404020f73c298 - languageName: node - linkType: hard - -"fill-range@npm:^7.0.1": - version: 7.0.1 - resolution: "fill-range@npm:7.0.1" - dependencies: - to-regex-range: ^5.0.1 - checksum: cc283f4e65b504259e64fd969bcf4def4eb08d85565e906b7d36516e87819db52029a76b6363d0f02d0d532f0033c9603b9e2d943d56ee3b0d4f7ad3328ff917 - languageName: node - linkType: hard - -"find-index@npm:^0.1.1": - version: 0.1.1 - resolution: "find-index@npm:0.1.1" - checksum: bf445157a466a823f7d1c40f2314c9a261c347bb6a81c3f46f0534bc25beaa233629b63255c078a34cf33994f6ad5866cdddf5dcdcdd70168a7ac978a3c6e35c - languageName: node - linkType: hard - -"find-up@npm:^2.0.0, find-up@npm:^2.1.0": - version: 2.1.0 - resolution: "find-up@npm:2.1.0" - dependencies: - locate-path: ^2.0.0 - checksum: 43284fe4da09f89011f08e3c32cd38401e786b19226ea440b75386c1b12a4cb738c94969808d53a84f564ede22f732c8409e3cfc3f7fb5b5c32378ad0bbf28bd - languageName: node - linkType: hard - -"find-up@npm:^4.0.0, find-up@npm:^4.1.0": - version: 4.1.0 - resolution: "find-up@npm:4.1.0" - dependencies: - locate-path: ^5.0.0 - path-exists: ^4.0.0 - checksum: 4c172680e8f8c1f78839486e14a43ef82e9decd0e74145f40707cc42e7420506d5ec92d9a11c22bd2c48fb0c384ea05dd30e10dd152fefeec6f2f75282a8b844 - languageName: node - linkType: hard - -"find-up@npm:^5.0.0": - version: 5.0.0 - resolution: "find-up@npm:5.0.0" - dependencies: - locate-path: ^6.0.0 - path-exists: ^4.0.0 - checksum: 07955e357348f34660bde7920783204ff5a26ac2cafcaa28bace494027158a97b9f56faaf2d89a6106211a8174db650dd9f503f9c0d526b1202d5554a00b9095 - languageName: node - linkType: hard - -"find-versions@npm:^4.0.0": - version: 4.0.0 - resolution: "find-versions@npm:4.0.0" - dependencies: - semver-regex: ^3.1.2 - checksum: 2b4c749dc33e3fa73a457ca4df616ac13b4b32c53f6297bc862b0814d402a6cfec93a0d308d5502eeb47f2c125906e0f861bf01b756f08395640892186357711 - languageName: node - linkType: hard - -"flat-cache@npm:^3.0.4": - version: 3.0.4 - resolution: "flat-cache@npm:3.0.4" - dependencies: - flatted: ^3.1.0 - rimraf: ^3.0.2 - checksum: 4fdd10ecbcbf7d520f9040dd1340eb5dfe951e6f0ecf2252edeec03ee68d989ec8b9a20f4434270e71bcfd57800dc09b3344fca3966b2eb8f613072c7d9a2365 - languageName: node - linkType: hard - -"flatted@npm:^3.1.0": - version: 3.2.4 - resolution: "flatted@npm:3.2.4" - checksum: 7d33846428ab337ec81ef9b8b9103894c1c81f5f67feb32bd4ed106fbc47da60d56edb42efd36c9f1f30a010272aeccd34ec1ffacfe9dfdff19673b1d4df481b - languageName: node - linkType: hard - -"for-in@npm:^1.0.1, for-in@npm:^1.0.2": - version: 1.0.2 - resolution: "for-in@npm:1.0.2" - checksum: 09f4ae93ce785d253ac963d94c7f3432d89398bf25ac7a24ed034ca393bf74380bdeccc40e0f2d721a895e54211b07c8fad7132e8157827f6f7f059b70b4043d - languageName: node - linkType: hard - -"for-own@npm:^0.1.4": - version: 0.1.5 - resolution: "for-own@npm:0.1.5" - dependencies: - for-in: ^1.0.1 - checksum: 07eb0a2e98eb55ce13b56dd11ef4fb5e619ba7380aaec388b9eec1946153d74fa734ce409e8434020557e9489a50c34bc004d55754f5863bf7d77b441d8dee8c - languageName: node - linkType: hard - -"form-data@npm:^3.0.0": - version: 3.0.1 - resolution: "form-data@npm:3.0.1" - dependencies: - asynckit: ^0.4.0 - combined-stream: ^1.0.8 - mime-types: ^2.1.12 - checksum: b019e8d35c8afc14a2bd8a7a92fa4f525a4726b6d5a9740e8d2623c30e308fbb58dc8469f90415a856698933c8479b01646a9dff33c87cc4e76d72aedbbf860d - languageName: node - linkType: hard - -"fragment-cache@npm:^0.2.1": - version: 0.2.1 - resolution: "fragment-cache@npm:0.2.1" - dependencies: - map-cache: ^0.2.2 - checksum: 1cbbd0b0116b67d5790175de0038a11df23c1cd2e8dcdbade58ebba5594c2d641dade6b4f126d82a7b4a6ffc2ea12e3d387dbb64ea2ae97cf02847d436f60fdc - languageName: node - linkType: hard - -"from2@npm:^2.1.1, from2@npm:^2.3.0": - version: 2.3.0 - resolution: "from2@npm:2.3.0" - dependencies: - inherits: ^2.0.1 - readable-stream: ^2.0.0 - checksum: 6080eba0793dce32f475141fb3d54cc15f84ee52e420ee22ac3ab0ad639dc95a1875bc6eb9c0e1140e94972a36a89dc5542491b85f1ab8df0c126241e0f1a61b - languageName: node - linkType: hard - -"fromentries@npm:^1.3.2": - version: 1.3.2 - resolution: "fromentries@npm:1.3.2" - checksum: 33729c529ce19f5494f846f0dd4945078f4e37f4e8955f4ae8cc7385c218f600e9d93a7d225d17636c20d1889106fd87061f911550861b7072f53bf891e6b341 - languageName: node - linkType: hard - -"fs-constants@npm:^1.0.0": - version: 1.0.0 - resolution: "fs-constants@npm:1.0.0" - checksum: 18f5b718371816155849475ac36c7d0b24d39a11d91348cfcb308b4494824413e03572c403c86d3a260e049465518c4f0d5bd00f0371cdfcad6d4f30a85b350d - languageName: node - linkType: hard - -"fs-extra@npm:^10.0.0": - version: 10.0.1 - resolution: "fs-extra@npm:10.0.1" - dependencies: - graceful-fs: ^4.2.0 - jsonfile: ^6.0.1 - universalify: ^2.0.0 - checksum: c1faaa5eb9e1c5c7c7ff09f966e93922ecb068ae1b04801cfc983ef05fcc1f66bfbb8d8d0b745c910014c7a2e7317fb6cf3bfe7390450c1157e3cc1a218f221d - languageName: node - linkType: hard - -"fs-extra@npm:^8.1.0": - version: 8.1.0 - resolution: "fs-extra@npm:8.1.0" - dependencies: - graceful-fs: ^4.2.0 - jsonfile: ^4.0.0 - universalify: ^0.1.0 - checksum: bf44f0e6cea59d5ce071bba4c43ca76d216f89e402dc6285c128abc0902e9b8525135aa808adad72c9d5d218e9f4bcc63962815529ff2f684ad532172a284880 - languageName: node - linkType: hard - -"fs-extra@npm:^9.0.0": - version: 9.1.0 - resolution: "fs-extra@npm:9.1.0" - dependencies: - at-least-node: ^1.0.0 - graceful-fs: ^4.2.0 - jsonfile: ^6.0.1 - universalify: ^2.0.0 - checksum: ba71ba32e0faa74ab931b7a0031d1523c66a73e225de7426e275e238e312d07313d2da2d33e34a52aa406c8763ade5712eb3ec9ba4d9edce652bcacdc29e6b20 - languageName: node - linkType: hard - -"fs-minipass@npm:^2.0.0, fs-minipass@npm:^2.1.0": - version: 2.1.0 - resolution: "fs-minipass@npm:2.1.0" - dependencies: - minipass: ^3.0.0 - checksum: 1b8d128dae2ac6cc94230cc5ead341ba3e0efaef82dab46a33d171c044caaa6ca001364178d42069b2809c35a1c3c35079a32107c770e9ffab3901b59af8c8b1 - languageName: node - linkType: hard - -"fs.realpath@npm:^1.0.0": - version: 1.0.0 - resolution: "fs.realpath@npm:1.0.0" - checksum: 99ddea01a7e75aa276c250a04eedeffe5662bce66c65c07164ad6264f9de18fb21be9433ead460e54cff20e31721c811f4fb5d70591799df5f85dce6d6746fd0 - languageName: node - linkType: hard - -"fsevents@npm:^1.0.0": - version: 1.2.13 - resolution: "fsevents@npm:1.2.13" - dependencies: - bindings: ^1.5.0 - nan: ^2.12.1 - checksum: ae855aa737aaa2f9167e9f70417cf6e45a5cd11918e1fee9923709a0149be52416d765433b4aeff56c789b1152e718cd1b13ddec6043b78cdda68260d86383c1 - conditions: os=darwin - languageName: node - linkType: hard - -"fsevents@npm:^2.3.2": - version: 2.3.2 - resolution: "fsevents@npm:2.3.2" - dependencies: - node-gyp: latest - checksum: 97ade64e75091afee5265e6956cb72ba34db7819b4c3e94c431d4be2b19b8bb7a2d4116da417950c3425f17c8fe693d25e20212cac583ac1521ad066b77ae31f - conditions: os=darwin - languageName: node - linkType: hard - -"fsevents@patch:fsevents@^1.0.0#~builtin": - version: 1.2.13 - resolution: "fsevents@patch:fsevents@npm%3A1.2.13#~builtin::version=1.2.13&hash=18f3a7" - dependencies: - bindings: ^1.5.0 - nan: ^2.12.1 - conditions: os=darwin - languageName: node - linkType: hard - -"fsevents@patch:fsevents@^2.3.2#~builtin": - version: 2.3.2 - resolution: "fsevents@patch:fsevents@npm%3A2.3.2#~builtin::version=2.3.2&hash=18f3a7" - dependencies: - node-gyp: latest - conditions: os=darwin - languageName: node - linkType: hard - -"function-bind@npm:^1.1.1": - version: 1.1.1 - resolution: "function-bind@npm:1.1.1" - checksum: b32fbaebb3f8ec4969f033073b43f5c8befbb58f1a79e12f1d7490358150359ebd92f49e72ff0144f65f2c48ea2a605bff2d07965f548f6474fd8efd95bf361a - languageName: node - linkType: hard - -"functional-red-black-tree@npm:^1.0.1": - version: 1.0.1 - resolution: "functional-red-black-tree@npm:1.0.1" - checksum: ca6c170f37640e2d94297da8bb4bf27a1d12bea3e00e6a3e007fd7aa32e37e000f5772acf941b4e4f3cf1c95c3752033d0c509af157ad8f526e7f00723b9eb9f - languageName: node - linkType: hard - -"gauge@npm:^4.0.3": - version: 4.0.4 - resolution: "gauge@npm:4.0.4" - dependencies: - aproba: ^1.0.3 || ^2.0.0 - color-support: ^1.1.3 - console-control-strings: ^1.1.0 - has-unicode: ^2.0.1 - signal-exit: ^3.0.7 - string-width: ^4.2.3 - strip-ansi: ^6.0.1 - wide-align: ^1.1.5 - checksum: 788b6bfe52f1dd8e263cda800c26ac0ca2ff6de0b6eee2fe0d9e3abf15e149b651bd27bf5226be10e6e3edb5c4e5d5985a5a1a98137e7a892f75eff76467ad2d - languageName: node - linkType: hard - -"gensync@npm:^1.0.0-beta.2": - version: 1.0.0-beta.2 - resolution: "gensync@npm:1.0.0-beta.2" - checksum: a7437e58c6be12aa6c90f7730eac7fa9833dc78872b4ad2963d2031b00a3367a93f98aec75f9aaac7220848e4026d67a8655e870b24f20a543d103c0d65952ec - languageName: node - linkType: hard - -"get-caller-file@npm:^2.0.5": - version: 2.0.5 - resolution: "get-caller-file@npm:2.0.5" - checksum: b9769a836d2a98c3ee734a88ba712e62703f1df31b94b784762c433c27a386dd6029ff55c2a920c392e33657d80191edbf18c61487e198844844516f843496b9 - languageName: node - linkType: hard - -"get-intrinsic@npm:^1.0.2, get-intrinsic@npm:^1.1.0, get-intrinsic@npm:^1.1.1": - version: 1.1.1 - resolution: "get-intrinsic@npm:1.1.1" - dependencies: - function-bind: ^1.1.1 - has: ^1.0.3 - has-symbols: ^1.0.1 - checksum: a9fe2ca8fa3f07f9b0d30fb202bcd01f3d9b9b6b732452e79c48e79f7d6d8d003af3f9e38514250e3553fdc83c61650851cb6870832ac89deaaceb08e3721a17 - languageName: node - linkType: hard - -"get-package-type@npm:^0.1.0": - version: 0.1.0 - resolution: "get-package-type@npm:0.1.0" - checksum: bba0811116d11e56d702682ddef7c73ba3481f114590e705fc549f4d868972263896af313c57a25c076e3c0d567e11d919a64ba1b30c879be985fc9d44f96148 - languageName: node - linkType: hard - -"get-proxy@npm:^2.0.0": - version: 2.1.0 - resolution: "get-proxy@npm:2.1.0" - dependencies: - npm-conf: ^1.1.0 - checksum: d9574a70425c280f60247ab1917b9b159eb0d32da2013f975f632bbc21f171f3769f226fbdacffc71bb406786693bbeb5b271c134b0f3d7dc052e92a1f285266 - languageName: node - linkType: hard - -"get-stdin@npm:^6.0.0": - version: 6.0.0 - resolution: "get-stdin@npm:6.0.0" - checksum: 593f6fb4fff4c8d49ec93a07c430c1edc6bd4fe7e429d222b5da2f367276a98809af9e90467ad88a2d83722ff95b9b35bbaba02b56801421c5e3668173fe12b4 - languageName: node - linkType: hard - -"get-stream@npm:3.0.0, get-stream@npm:^3.0.0": - version: 3.0.0 - resolution: "get-stream@npm:3.0.0" - checksum: 36142f46005ed74ce3a45c55545ec4e7da8e243554179e345a786baf144e5c4a35fb7bdc49fadfa9f18bd08000589b6fe364abdadfc4e1eb0e1b9914a6bb9c56 - languageName: node - linkType: hard - -"get-stream@npm:^2.2.0": - version: 2.3.1 - resolution: "get-stream@npm:2.3.1" - dependencies: - object-assign: ^4.0.1 - pinkie-promise: ^2.0.0 - checksum: d82c86556e131ba7bef00233aa0aa7a51230e6deac11a971ce0f47cd43e2a5e968a3e3914cd082f07cd0d69425653b2f96735b0a7d5c5c03fef3ab857a531367 - languageName: node - linkType: hard - -"get-stream@npm:^4.1.0": - version: 4.1.0 - resolution: "get-stream@npm:4.1.0" - dependencies: - pump: ^3.0.0 - checksum: 443e1914170c15bd52ff8ea6eff6dfc6d712b031303e36302d2778e3de2506af9ee964d6124010f7818736dcfde05c04ba7ca6cc26883106e084357a17ae7d73 - languageName: node - linkType: hard - -"get-stream@npm:^6.0.0, get-stream@npm:^6.0.1": - version: 6.0.1 - resolution: "get-stream@npm:6.0.1" - checksum: e04ecece32c92eebf5b8c940f51468cd53554dcbb0ea725b2748be583c9523d00128137966afce410b9b051eb2ef16d657cd2b120ca8edafcf5a65e81af63cad - languageName: node - linkType: hard - -"get-symbol-description@npm:^1.0.0": - version: 1.0.0 - resolution: "get-symbol-description@npm:1.0.0" - dependencies: - call-bind: ^1.0.2 - get-intrinsic: ^1.1.1 - checksum: 9ceff8fe968f9270a37a1f73bf3f1f7bda69ca80f4f80850670e0e7b9444ff99323f7ac52f96567f8b5f5fbe7ac717a0d81d3407c7313e82810c6199446a5247 - languageName: node - linkType: hard - -"get-value@npm:^2.0.3, get-value@npm:^2.0.6": - version: 2.0.6 - resolution: "get-value@npm:2.0.6" - checksum: 5c3b99cb5398ea8016bf46ff17afc5d1d286874d2ad38ca5edb6e87d75c0965b0094cb9a9dddef2c59c23d250702323539a7fbdd870620db38c7e7d7ec87c1eb - languageName: node - linkType: hard - -"git-log-parser@npm:^1.2.0": - version: 1.2.0 - resolution: "git-log-parser@npm:1.2.0" - dependencies: - argv-formatter: ~1.0.0 - spawn-error-forwarder: ~1.0.0 - split2: ~1.0.0 - stream-combiner2: ~1.1.1 - through2: ~2.0.0 - traverse: ~0.6.6 - checksum: 57294e72f91920d3262ff51fb0fd81dba1465c9e1b25961e19c757ae39bb38e72dd4a5da40649eeb368673b08be449a0844a2bafc0c0ded7375a8a56a6af8640 - languageName: node - linkType: hard - -"glob-base@npm:^0.3.0": - version: 0.3.0 - resolution: "glob-base@npm:0.3.0" - dependencies: - glob-parent: ^2.0.0 - is-glob: ^2.0.0 - checksum: d0e3054a7df6033936980a3454ee6c91bb6661300b86b7a616d822a521e089afff1f5fbbd2582f9cee9f5823aed31d90244ee2e2e55f425103d42558615df294 - languageName: node - linkType: hard - -"glob-parent@npm:^2.0.0": - version: 2.0.0 - resolution: "glob-parent@npm:2.0.0" - dependencies: - is-glob: ^2.0.0 - checksum: 734fc461d9d2753dd490dd072df6ce41fe4ebb60e9319b108bc538707b21780af3a61c3961ec2264131fad5d3d9a493e013a775aef11a69ac2f49fd7d8f46457 - languageName: node - linkType: hard - -"glob-parent@npm:^5.1.2": - version: 5.1.2 - resolution: "glob-parent@npm:5.1.2" - dependencies: - is-glob: ^4.0.1 - checksum: f4f2bfe2425296e8a47e36864e4f42be38a996db40420fe434565e4480e3322f18eb37589617a98640c5dc8fdec1a387007ee18dbb1f3f5553409c34d17f425e - languageName: node - linkType: hard - -"glob2base@npm:^0.0.12": - version: 0.0.12 - resolution: "glob2base@npm:0.0.12" - dependencies: - find-index: ^0.1.1 - checksum: 277bbfee5bebf869d63f04e0d62a20d1811aef0c138ac37f98927c8e1af0ddbab18e4bb8b6674622a8acf906019f58fb2e622ceb6fb824d3915fec1ca0fc7730 - languageName: node - linkType: hard - -"glob@npm:^7.0.0, glob@npm:^7.0.5, glob@npm:^7.1.1, glob@npm:^7.1.2, glob@npm:^7.1.3, glob@npm:^7.1.4, glob@npm:^7.2.0": - version: 7.2.0 - resolution: "glob@npm:7.2.0" - dependencies: - fs.realpath: ^1.0.0 - inflight: ^1.0.4 - inherits: 2 - minimatch: ^3.0.4 - once: ^1.3.0 - path-is-absolute: ^1.0.0 - checksum: 78a8ea942331f08ed2e055cb5b9e40fe6f46f579d7fd3d694f3412fe5db23223d29b7fee1575440202e9a7ff9a72ab106a39fee39934c7bedafe5e5f8ae20134 - languageName: node - linkType: hard - -"glob@npm:^8.0.1": - version: 8.0.1 - resolution: "glob@npm:8.0.1" - dependencies: - fs.realpath: ^1.0.0 - inflight: ^1.0.4 - inherits: 2 - minimatch: ^5.0.1 - once: ^1.3.0 - path-is-absolute: ^1.0.0 - checksum: 7ac782f3ef1c08005884447479e68ceb0ad56997eb2003e1e9aefae71bad3cb48eb7c49190d3d6736f2ffcd8af4985d53a46831b3d5e0052cc5756822a38b61a - languageName: node - linkType: hard - -"globals@npm:^11.1.0": - version: 11.12.0 - resolution: "globals@npm:11.12.0" - checksum: 67051a45eca3db904aee189dfc7cd53c20c7d881679c93f6146ddd4c9f4ab2268e68a919df740d39c71f4445d2b38ee360fc234428baea1dbdfe68bbcb46979e - languageName: node - linkType: hard - -"globals@npm:^13.6.0, globals@npm:^13.9.0": - version: 13.12.0 - resolution: "globals@npm:13.12.0" - dependencies: - type-fest: ^0.20.2 - checksum: 1f959abb11117916468a1afcba527eead152900cad652c8383c4e8976daea7ec55e1ee30c086f48d1b8655719f214e9d92eca083c3a43b5543bc4056e7e5fccf - languageName: node - linkType: hard - -"globby@npm:11.0.4, globby@npm:^11.0.0, globby@npm:^11.0.1, globby@npm:^11.0.3": - version: 11.0.4 - resolution: "globby@npm:11.0.4" - dependencies: - array-union: ^2.1.0 - dir-glob: ^3.0.1 - fast-glob: ^3.1.1 - ignore: ^5.1.4 - merge2: ^1.3.0 - slash: ^3.0.0 - checksum: d3e02d5e459e02ffa578b45f040381c33e3c0538ed99b958f0809230c423337999867d7b0dbf752ce93c46157d3bbf154d3fff988a93ccaeb627df8e1841775b - languageName: node - linkType: hard - -"globby@npm:13.1.1": - version: 13.1.1 - resolution: "globby@npm:13.1.1" - dependencies: - dir-glob: ^3.0.1 - fast-glob: ^3.2.11 - ignore: ^5.2.0 - merge2: ^1.4.1 - slash: ^4.0.0 - checksum: e6c43409c6c31b374fbd1c01a8c1811de52336928be9c697e472d2a89a156c9cbf1fb33863755c0447b4db16485858aa57f16628d66a6b7c7131669c9fbe76cd - languageName: node - linkType: hard - -"got@npm:^7.0.0": - version: 7.1.0 - resolution: "got@npm:7.1.0" - dependencies: - decompress-response: ^3.2.0 - duplexer3: ^0.1.4 - get-stream: ^3.0.0 - is-plain-obj: ^1.1.0 - is-retry-allowed: ^1.0.0 - is-stream: ^1.0.0 - isurl: ^1.0.0-alpha5 - lowercase-keys: ^1.0.0 - p-cancelable: ^0.3.0 - p-timeout: ^1.1.1 - safe-buffer: ^5.0.1 - timed-out: ^4.0.0 - url-parse-lax: ^1.0.0 - url-to-options: ^1.0.1 - checksum: 0270472a389bdca67e60d36cccd014e502d1797d925c06ea2ef372fb41ae99c9e25ac4f187cc422760b4a66abb5478f8821b8134b4eaefe0bf5183daeded5e2f - languageName: node - linkType: hard - -"got@npm:^8.3.1": - version: 8.3.2 - resolution: "got@npm:8.3.2" - dependencies: - "@sindresorhus/is": ^0.7.0 - cacheable-request: ^2.1.1 - decompress-response: ^3.3.0 - duplexer3: ^0.1.4 - get-stream: ^3.0.0 - into-stream: ^3.1.0 - is-retry-allowed: ^1.1.0 - isurl: ^1.0.0-alpha5 - lowercase-keys: ^1.0.0 - mimic-response: ^1.0.0 - p-cancelable: ^0.4.0 - p-timeout: ^2.0.1 - pify: ^3.0.0 - safe-buffer: ^5.1.1 - timed-out: ^4.0.1 - url-parse-lax: ^3.0.0 - url-to-options: ^1.0.1 - checksum: ab05bfcb6de86dc0c3fba8d25cc51cb2b09851ff3f6f899c86cde8c63b30269f8823d69dbbc6d03f7c58bb069f55a3c5f60aba74aad6721938652d8f35fd3165 - languageName: node - linkType: hard - -"graceful-fs@npm:^4.1.10, graceful-fs@npm:^4.1.11, graceful-fs@npm:^4.1.2, graceful-fs@npm:^4.1.5, graceful-fs@npm:^4.1.6, graceful-fs@npm:^4.2.0, graceful-fs@npm:^4.2.4, graceful-fs@npm:^4.2.6, graceful-fs@npm:^4.2.9": - version: 4.2.9 - resolution: "graceful-fs@npm:4.2.9" - checksum: 68ea4e07ff2c041ada184f9278b830375f8e0b75154e3f080af6b70f66172fabb4108d19b3863a96b53fc068a310b9b6493d86d1291acc5f3861eb4b79d26ad6 - languageName: node - linkType: hard - -"graphql@npm:^16.2.0": - version: 16.2.0 - resolution: "graphql@npm:16.2.0" - checksum: 204b5c9991b82561651a28b13dbb2e0e67514171a6a8c045ca4a527b944087344a14519d0426d661b49f2305584b390591abadc82b942f7b65e64e05cb31a584 - languageName: node - linkType: hard - -"handlebars@npm:^4.7.7": - version: 4.7.7 - resolution: "handlebars@npm:4.7.7" - dependencies: - minimist: ^1.2.5 - neo-async: ^2.6.0 - source-map: ^0.6.1 - uglify-js: ^3.1.4 - wordwrap: ^1.0.0 - dependenciesMeta: - uglify-js: - optional: true - bin: - handlebars: bin/handlebars - checksum: 1e79a43f5e18d15742977cb987923eab3e2a8f44f2d9d340982bcb69e1735ed049226e534d7c1074eaddaf37e4fb4f471a8adb71cddd5bc8cf3f894241df5cee - languageName: node - linkType: hard - -"hard-rejection@npm:^2.1.0": - version: 2.1.0 - resolution: "hard-rejection@npm:2.1.0" - checksum: 7baaf80a0c7fff4ca79687b4060113f1529589852152fa935e6787a2bc96211e784ad4588fb3048136ff8ffc9dfcf3ae385314a5b24db32de20bea0d1597f9dc - languageName: node - linkType: hard - -"has-bigints@npm:^1.0.1": - version: 1.0.1 - resolution: "has-bigints@npm:1.0.1" - checksum: 44ab55868174470065d2e0f8f6def1c990d12b82162a8803c679699fa8a39f966e336f2a33c185092fe8aea7e8bf2e85f1c26add5f29d98f2318bd270096b183 - languageName: node - linkType: hard - -"has-flag@npm:^4.0.0": - version: 4.0.0 - resolution: "has-flag@npm:4.0.0" - checksum: 261a1357037ead75e338156b1f9452c016a37dcd3283a972a30d9e4a87441ba372c8b81f818cd0fbcd9c0354b4ae7e18b9e1afa1971164aef6d18c2b6095a8ad - languageName: node - linkType: hard - -"has-symbol-support-x@npm:^1.4.1": - version: 1.4.2 - resolution: "has-symbol-support-x@npm:1.4.2" - checksum: ff06631d556d897424c00e8e79c10093ad34c93e88bb0563932d7837f148a4c90a4377abc5d8da000cb6637c0ecdb4acc9ae836c7cfd0ffc919986db32097609 - languageName: node - linkType: hard - -"has-symbols@npm:^1.0.1, has-symbols@npm:^1.0.2": - version: 1.0.2 - resolution: "has-symbols@npm:1.0.2" - checksum: 2309c426071731be792b5be43b3da6fb4ed7cbe8a9a6bcfca1862587709f01b33d575ce8f5c264c1eaad09fca2f9a8208c0a2be156232629daa2dd0c0740976b - languageName: node - linkType: hard - -"has-to-string-tag-x@npm:^1.2.0": - version: 1.4.1 - resolution: "has-to-string-tag-x@npm:1.4.1" - dependencies: - has-symbol-support-x: ^1.4.1 - checksum: 804c4505727be7770f8b2f5e727ce31c9affc5b83df4ce12344f44b68d557fefb31f77751dbd739de900653126bcd71f8842fac06f97a3fae5422685ab0ce6f0 - languageName: node - linkType: hard - -"has-tostringtag@npm:^1.0.0": - version: 1.0.0 - resolution: "has-tostringtag@npm:1.0.0" - dependencies: - has-symbols: ^1.0.2 - checksum: cc12eb28cb6ae22369ebaad3a8ab0799ed61270991be88f208d508076a1e99abe4198c965935ce85ea90b60c94ddda73693b0920b58e7ead048b4a391b502c1c - languageName: node - linkType: hard - -"has-unicode@npm:^2.0.1": - version: 2.0.1 - resolution: "has-unicode@npm:2.0.1" - checksum: 1eab07a7436512db0be40a710b29b5dc21fa04880b7f63c9980b706683127e3c1b57cb80ea96d47991bdae2dfe479604f6a1ba410106ee1046a41d1bd0814400 - languageName: node - linkType: hard - -"has-value@npm:^0.3.1": - version: 0.3.1 - resolution: "has-value@npm:0.3.1" - dependencies: - get-value: ^2.0.3 - has-values: ^0.1.4 - isobject: ^2.0.0 - checksum: 29e2a1e6571dad83451b769c7ce032fce6009f65bccace07c2962d3ad4d5530b6743d8f3229e4ecf3ea8e905d23a752c5f7089100c1f3162039fa6dc3976558f - languageName: node - linkType: hard - -"has-value@npm:^1.0.0": - version: 1.0.0 - resolution: "has-value@npm:1.0.0" - dependencies: - get-value: ^2.0.6 - has-values: ^1.0.0 - isobject: ^3.0.0 - checksum: b9421d354e44f03d3272ac39fd49f804f19bc1e4fa3ceef7745df43d6b402053f828445c03226b21d7d934a21ac9cf4bc569396dc312f496ddff873197bbd847 - languageName: node - linkType: hard - -"has-values@npm:^0.1.4": - version: 0.1.4 - resolution: "has-values@npm:0.1.4" - checksum: ab1c4bcaf811ccd1856c11cfe90e62fca9e2b026ebe474233a3d282d8d67e3b59ed85b622c7673bac3db198cb98bd1da2b39300a2f98e453729b115350af49bc - languageName: node - linkType: hard - -"has-values@npm:^1.0.0": - version: 1.0.0 - resolution: "has-values@npm:1.0.0" - dependencies: - is-number: ^3.0.0 - kind-of: ^4.0.0 - checksum: 77e6693f732b5e4cf6c38dfe85fdcefad0fab011af74995c3e83863fabf5e3a836f406d83565816baa0bc0a523c9410db8b990fe977074d61aeb6d8f4fcffa11 - languageName: node - linkType: hard - -"has@npm:^1.0.3": - version: 1.0.3 - resolution: "has@npm:1.0.3" - dependencies: - function-bind: ^1.1.1 - checksum: b9ad53d53be4af90ce5d1c38331e712522417d017d5ef1ebd0507e07c2fbad8686fffb8e12ddecd4c39ca9b9b47431afbb975b8abf7f3c3b82c98e9aad052792 - languageName: node - linkType: hard - -"hook-std@npm:^2.0.0": - version: 2.0.0 - resolution: "hook-std@npm:2.0.0" - checksum: 1e6051dd3ba89980027f9fe9675874e890958ee416f239d2a83bea6d3a2ae00bdca3da525933036d2b63638bdadd71b74aeb37f9cdb90338e555a0da5b9e74f9 - languageName: node - linkType: hard - -"hosted-git-info@npm:^2.1.4": - version: 2.8.9 - resolution: "hosted-git-info@npm:2.8.9" - checksum: c955394bdab888a1e9bb10eb33029e0f7ce5a2ac7b3f158099dc8c486c99e73809dca609f5694b223920ca2174db33d32b12f9a2a47141dc59607c29da5a62dd - languageName: node - linkType: hard - -"hosted-git-info@npm:^4.0.0, hosted-git-info@npm:^4.0.1": - version: 4.1.0 - resolution: "hosted-git-info@npm:4.1.0" - dependencies: - lru-cache: ^6.0.0 - checksum: c3f87b3c2f7eb8c2748c8f49c0c2517c9a95f35d26f4bf54b2a8cba05d2e668f3753548b6ea366b18ec8dadb4e12066e19fa382a01496b0ffa0497eb23cbe461 - languageName: node - linkType: hard - -"hosted-git-info@npm:^5.0.0": - version: 5.0.0 - resolution: "hosted-git-info@npm:5.0.0" - dependencies: - lru-cache: ^7.5.1 - checksum: 515e69463d123635f70d70656c5ec648951ffc1987f92a87cb4a038e1794bfed833cf87569b358b137ebbc75d992c073ed0408d420c9e5b717c2b4f0a291490c - languageName: node - linkType: hard - -"html-encoding-sniffer@npm:^2.0.1": - version: 2.0.1 - resolution: "html-encoding-sniffer@npm:2.0.1" - dependencies: - whatwg-encoding: ^1.0.5 - checksum: bf30cce461015ed7e365736fcd6a3063c7bc016a91f74398ef6158886970a96333938f7c02417ab3c12aa82e3e53b40822145facccb9ddfbcdc15a879ae4d7ba - languageName: node - linkType: hard - -"html-escaper@npm:^2.0.0": - version: 2.0.2 - resolution: "html-escaper@npm:2.0.2" - checksum: d2df2da3ad40ca9ee3a39c5cc6475ef67c8f83c234475f24d8e9ce0dc80a2c82df8e1d6fa78ddd1e9022a586ea1bd247a615e80a5cd9273d90111ddda7d9e974 - languageName: node - linkType: hard - -"http-cache-semantics@npm:3.8.1": - version: 3.8.1 - resolution: "http-cache-semantics@npm:3.8.1" - checksum: b1108d37be478fa9b03890d4185217aac2256e9d2247ce6c6bd90bc5432687d68dc7710ba908cea6166fb983a849d902195241626cf175a3c62817a494c0f7f6 - languageName: node - linkType: hard - -"http-cache-semantics@npm:^4.1.0": - version: 4.1.0 - resolution: "http-cache-semantics@npm:4.1.0" - checksum: 974de94a81c5474be07f269f9fd8383e92ebb5a448208223bfb39e172a9dbc26feff250192ecc23b9593b3f92098e010406b0f24bd4d588d631f80214648ed42 - languageName: node - linkType: hard - -"http-proxy-agent@npm:^4.0.1": - version: 4.0.1 - resolution: "http-proxy-agent@npm:4.0.1" - dependencies: - "@tootallnate/once": 1 - agent-base: 6 - debug: 4 - checksum: c6a5da5a1929416b6bbdf77b1aca13888013fe7eb9d59fc292e25d18e041bb154a8dfada58e223fc7b76b9b2d155a87e92e608235201f77d34aa258707963a82 - languageName: node - linkType: hard - -"http-proxy-agent@npm:^5.0.0": - version: 5.0.0 - resolution: "http-proxy-agent@npm:5.0.0" - dependencies: - "@tootallnate/once": 2 - agent-base: 6 - debug: 4 - checksum: e2ee1ff1656a131953839b2a19cd1f3a52d97c25ba87bd2559af6ae87114abf60971e498021f9b73f9fd78aea8876d1fb0d4656aac8a03c6caa9fc175f22b786 - languageName: node - linkType: hard - -"https-proxy-agent@npm:^5.0.0": - version: 5.0.0 - resolution: "https-proxy-agent@npm:5.0.0" - dependencies: - agent-base: 6 - debug: 4 - checksum: 165bfb090bd26d47693597661298006841ab733d0c7383a8cb2f17373387a94c903a3ac687090aa739de05e379ab6f868bae84ab4eac288ad85c328cd1ec9e53 - languageName: node - linkType: hard - -"human-signals@npm:^2.1.0": - version: 2.1.0 - resolution: "human-signals@npm:2.1.0" - checksum: b87fd89fce72391625271454e70f67fe405277415b48bcc0117ca73d31fa23a4241787afdc8d67f5a116cf37258c052f59ea82daffa72364d61351423848e3b8 - languageName: node - linkType: hard - -"human-signals@npm:^3.0.1": - version: 3.0.1 - resolution: "human-signals@npm:3.0.1" - checksum: f252a7769c8094a5c9dc6772816bdb417b188820b04c8b42d0fc468e03a0ba905b1dd07afabe9385cc83504af1ccc2b985cd1e4aeeeb8e0029896c5af2e6f354 - languageName: node - linkType: hard - -"humanize-ms@npm:^1.2.1": - version: 1.2.1 - resolution: "humanize-ms@npm:1.2.1" - dependencies: - ms: ^2.0.0 - checksum: 9c7a74a2827f9294c009266c82031030eae811ca87b0da3dceb8d6071b9bde22c9f3daef0469c3c533cc67a97d8a167cd9fc0389350e5f415f61a79b171ded16 - languageName: node - linkType: hard - -"iconv-lite@npm:0.4.24, iconv-lite@npm:^0.4.24": - version: 0.4.24 - resolution: "iconv-lite@npm:0.4.24" - dependencies: - safer-buffer: ">= 2.1.2 < 3" - checksum: bd9f120f5a5b306f0bc0b9ae1edeb1577161503f5f8252a20f1a9e56ef8775c9959fd01c55f2d3a39d9a8abaf3e30c1abeb1895f367dcbbe0a8fd1c9ca01c4f6 - languageName: node - linkType: hard - -"iconv-lite@npm:^0.6.2": - version: 0.6.3 - resolution: "iconv-lite@npm:0.6.3" - dependencies: - safer-buffer: ">= 2.1.2 < 3.0.0" - checksum: 3f60d47a5c8fc3313317edfd29a00a692cc87a19cac0159e2ce711d0ebc9019064108323b5e493625e25594f11c6236647d8e256fbe7a58f4a3b33b89e6d30bf - languageName: node - linkType: hard - -"ieee754@npm:^1.1.13": - version: 1.2.1 - resolution: "ieee754@npm:1.2.1" - checksum: 5144c0c9815e54ada181d80a0b810221a253562422e7c6c3a60b1901154184f49326ec239d618c416c1c5945a2e197107aee8d986a3dd836b53dffefd99b5e7e - languageName: node - linkType: hard - -"ignore-walk@npm:^5.0.1": - version: 5.0.1 - resolution: "ignore-walk@npm:5.0.1" - dependencies: - minimatch: ^5.0.1 - checksum: 1a4ef35174653a1aa6faab3d9f8781269166536aee36a04946f6e2b319b2475c1903a75ed42f04219274128242f49d0a10e20c4354ee60d9548e97031451150b - languageName: node - linkType: hard - -"ignore@npm:^4.0.6": - version: 4.0.6 - resolution: "ignore@npm:4.0.6" - checksum: 248f82e50a430906f9ee7f35e1158e3ec4c3971451dd9f99c9bc1548261b4db2b99709f60ac6c6cac9333494384176cc4cc9b07acbe42d52ac6a09cad734d800 - languageName: node - linkType: hard - -"ignore@npm:^5.1.4, ignore@npm:^5.1.8, ignore@npm:^5.2.0": - version: 5.2.0 - resolution: "ignore@npm:5.2.0" - checksum: 6b1f926792d614f64c6c83da3a1f9c83f6196c2839aa41e1e32dd7b8d174cef2e329d75caabb62cb61ce9dc432f75e67d07d122a037312db7caa73166a1bdb77 - languageName: node - linkType: hard - -"import-fresh@npm:^3.0.0, import-fresh@npm:^3.2.1": - version: 3.3.0 - resolution: "import-fresh@npm:3.3.0" - dependencies: - parent-module: ^1.0.0 - resolve-from: ^4.0.0 - checksum: 2cacfad06e652b1edc50be650f7ec3be08c5e5a6f6d12d035c440a42a8cc028e60a5b99ca08a77ab4d6b1346da7d971915828f33cdab730d3d42f08242d09baa - languageName: node - linkType: hard - -"import-from@npm:^4.0.0": - version: 4.0.0 - resolution: "import-from@npm:4.0.0" - checksum: 1fa29c05b048da18914e91d9a529e5d9b91774bebbfab10e53f59bcc1667917672b971cf102fee857f142e5e433ce69fa1f0a596e1c7d82f9947a5ec352694b9 - languageName: node - linkType: hard - -"import-local@npm:^3.0.2": - version: 3.1.0 - resolution: "import-local@npm:3.1.0" - dependencies: - pkg-dir: ^4.2.0 - resolve-cwd: ^3.0.0 - bin: - import-local-fixture: fixtures/cli.js - checksum: bfcdb63b5e3c0e245e347f3107564035b128a414c4da1172a20dc67db2504e05ede4ac2eee1252359f78b0bfd7b19ef180aec427c2fce6493ae782d73a04cddd - languageName: node - linkType: hard - -"imurmurhash@npm:^0.1.4": - version: 0.1.4 - resolution: "imurmurhash@npm:0.1.4" - checksum: 7cae75c8cd9a50f57dadd77482359f659eaebac0319dd9368bcd1714f55e65badd6929ca58569da2b6494ef13fdd5598cd700b1eba23f8b79c5f19d195a3ecf7 - languageName: node - linkType: hard - -"indent-string@npm:^4.0.0": - version: 4.0.0 - resolution: "indent-string@npm:4.0.0" - checksum: 824cfb9929d031dabf059bebfe08cf3137365e112019086ed3dcff6a0a7b698cb80cf67ccccde0e25b9e2d7527aa6cc1fed1ac490c752162496caba3e6699612 - languageName: node - linkType: hard - -"indent-string@npm:^5.0.0": - version: 5.0.0 - resolution: "indent-string@npm:5.0.0" - checksum: e466c27b6373440e6d84fbc19e750219ce25865cb82d578e41a6053d727e5520dc5725217d6eb1cc76005a1bb1696a0f106d84ce7ebda3033b963a38583fb3b3 - languageName: node - linkType: hard - -"infer-owner@npm:^1.0.4": - version: 1.0.4 - resolution: "infer-owner@npm:1.0.4" - checksum: 181e732764e4a0611576466b4b87dac338972b839920b2a8cde43642e4ed6bd54dc1fb0b40874728f2a2df9a1b097b8ff83b56d5f8f8e3927f837fdcb47d8a89 - languageName: node - linkType: hard - -"inflight@npm:^1.0.4": - version: 1.0.6 - resolution: "inflight@npm:1.0.6" - dependencies: - once: ^1.3.0 - wrappy: 1 - checksum: f4f76aa072ce19fae87ce1ef7d221e709afb59d445e05d47fba710e85470923a75de35bfae47da6de1b18afc3ce83d70facf44cfb0aff89f0a3f45c0a0244dfd - languageName: node - linkType: hard - -"inherits@npm:2, inherits@npm:^2.0.1, inherits@npm:^2.0.3, inherits@npm:^2.0.4, inherits@npm:~2.0.3": - version: 2.0.4 - resolution: "inherits@npm:2.0.4" - checksum: 4a48a733847879d6cf6691860a6b1e3f0f4754176e4d71494c41f3475553768b10f84b5ce1d40fbd0e34e6bfbb864ee35858ad4dd2cf31e02fc4a154b724d7f1 - languageName: node - linkType: hard - -"ini@npm:^1.3.4, ini@npm:~1.3.0": - version: 1.3.8 - resolution: "ini@npm:1.3.8" - checksum: dfd98b0ca3a4fc1e323e38a6c8eb8936e31a97a918d3b377649ea15bdb15d481207a0dda1021efbd86b464cae29a0d33c1d7dcaf6c5672bee17fa849bc50a1b3 - languageName: node - linkType: hard - -"ini@npm:^2.0.0": - version: 2.0.0 - resolution: "ini@npm:2.0.0" - checksum: e7aadc5fb2e4aefc666d74ee2160c073995a4061556b1b5b4241ecb19ad609243b9cceafe91bae49c219519394bbd31512516cb22a3b1ca6e66d869e0447e84e - languageName: node - linkType: hard - -"ini@npm:^3.0.0": - version: 3.0.0 - resolution: "ini@npm:3.0.0" - checksum: e92b6b0835ac369e58c677e7faa8db6019ac667d7404887978fb86b181d658e50f1742ecbba7d81eb5ff917b3ae4d63a48e1ef3a9f8a0527bd7605fe1a9995d4 - languageName: node - linkType: hard - -"init-package-json@npm:^3.0.1": - version: 3.0.2 - resolution: "init-package-json@npm:3.0.2" - dependencies: - npm-package-arg: ^9.0.1 - promzard: ^0.3.0 - read: ^1.0.7 - read-package-json: ^5.0.0 - semver: ^7.3.5 - validate-npm-package-license: ^3.0.4 - validate-npm-package-name: ^4.0.0 - checksum: e027f60e4a1564809eee790d5a842341c784888fd7c7ace5f9a34ea76224c0adb6f3ab3bf205cf1c9c877a6e1a76c68b00847a984139f60813125d7b42a23a13 - languageName: node - linkType: hard - -"inquirer@npm:^8.1.2": - version: 8.2.0 - resolution: "inquirer@npm:8.2.0" - dependencies: - ansi-escapes: ^4.2.1 - chalk: ^4.1.1 - cli-cursor: ^3.1.0 - cli-width: ^3.0.0 - external-editor: ^3.0.3 - figures: ^3.0.0 - lodash: ^4.17.21 - mute-stream: 0.0.8 - ora: ^5.4.1 - run-async: ^2.4.0 - rxjs: ^7.2.0 - string-width: ^4.1.0 - strip-ansi: ^6.0.0 - through: ^2.3.6 - checksum: 861d1a9324ae933b49126b3541d94e4d6a2f2a25411b3f3cc00c34bf1bdab34146362d702cf289efe6d8034900dc5905bcf2ea716092a02b6fc390e5986dd236 - languageName: node - linkType: hard - -"internal-slot@npm:^1.0.3": - version: 1.0.3 - resolution: "internal-slot@npm:1.0.3" - dependencies: - get-intrinsic: ^1.1.0 - has: ^1.0.3 - side-channel: ^1.0.4 - checksum: 1944f92e981e47aebc98a88ff0db579fd90543d937806104d0b96557b10c1f170c51fb777b97740a8b6ddeec585fca8c39ae99fd08a8e058dfc8ab70937238bf - languageName: node - linkType: hard - -"interpret@npm:^1.0.0": - version: 1.4.0 - resolution: "interpret@npm:1.4.0" - checksum: 2e5f51268b5941e4a17e4ef0575bc91ed0ab5f8515e3cf77486f7c14d13f3010df9c0959f37063dcc96e78d12dc6b0bb1b9e111cdfe69771f4656d2993d36155 - languageName: node - linkType: hard - -"into-stream@npm:^3.1.0": - version: 3.1.0 - resolution: "into-stream@npm:3.1.0" - dependencies: - from2: ^2.1.1 - p-is-promise: ^1.1.0 - checksum: e6e1a202227b20c446c251ef95348b3e8503cdc75aa2a09076f8821fc42c1b7fd43fabaeb8ed3cf9eb875942cfa4510b66949c5317997aa640921cc9bbadcd17 - languageName: node - linkType: hard - -"into-stream@npm:^6.0.0": - version: 6.0.0 - resolution: "into-stream@npm:6.0.0" - dependencies: - from2: ^2.3.0 - p-is-promise: ^3.0.0 - checksum: 8df24c9eadd7cdd1cbc160bc20914b961dfd0ca29767785b69e698f799e85466b6f7c637d237dca1472d09d333399f70cc05a2fb8d08cb449dc9a80d92193980 - languageName: node - linkType: hard - -"ip-regex@npm:^4.1.0": - version: 4.3.0 - resolution: "ip-regex@npm:4.3.0" - checksum: 7ff904b891221b1847f3fdf3dbb3e6a8660dc39bc283f79eb7ed88f5338e1a3d1104b779bc83759159be266249c59c2160e779ee39446d79d4ed0890dfd06f08 - languageName: node - linkType: hard - -"ip@npm:^1.1.5": - version: 1.1.5 - resolution: "ip@npm:1.1.5" - checksum: 30133981f082a060a32644f6a7746e9ba7ac9e2bc07ecc8bbdda3ee8ca9bec1190724c390e45a1ee7695e7edfd2a8f7dda2c104ec5f7ac5068c00648504c7e5a - languageName: node - linkType: hard - -"is-accessor-descriptor@npm:^0.1.6": - version: 0.1.6 - resolution: "is-accessor-descriptor@npm:0.1.6" - dependencies: - kind-of: ^3.0.2 - checksum: 3d629a086a9585bc16a83a8e8a3416f400023301855cafb7ccc9a1d63145b7480f0ad28877dcc2cce09492c4ec1c39ef4c071996f24ee6ac626be4217b8ffc8a - languageName: node - linkType: hard - -"is-accessor-descriptor@npm:^1.0.0": - version: 1.0.0 - resolution: "is-accessor-descriptor@npm:1.0.0" - dependencies: - kind-of: ^6.0.0 - checksum: 8e475968e9b22f9849343c25854fa24492dbe8ba0dea1a818978f9f1b887339190b022c9300d08c47fe36f1b913d70ce8cbaca00369c55a56705fdb7caed37fe - languageName: node - linkType: hard - -"is-arrayish@npm:^0.2.1": - version: 0.2.1 - resolution: "is-arrayish@npm:0.2.1" - checksum: eef4417e3c10e60e2c810b6084942b3ead455af16c4509959a27e490e7aee87cfb3f38e01bbde92220b528a0ee1a18d52b787e1458ee86174d8c7f0e58cd488f - languageName: node - linkType: hard - -"is-bigint@npm:^1.0.1": - version: 1.0.4 - resolution: "is-bigint@npm:1.0.4" - dependencies: - has-bigints: ^1.0.1 - checksum: c56edfe09b1154f8668e53ebe8252b6f185ee852a50f9b41e8d921cb2bed425652049fbe438723f6cb48a63ca1aa051e948e7e401e093477c99c84eba244f666 - languageName: node - linkType: hard - -"is-binary-path@npm:^1.0.0": - version: 1.0.1 - resolution: "is-binary-path@npm:1.0.1" - dependencies: - binary-extensions: ^1.0.0 - checksum: a803c99e9d898170c3b44a86fbdc0736d3d7fcbe737345433fb78e810b9fe30c982657782ad0e676644ba4693ddf05601a7423b5611423218663d6b533341ac9 - languageName: node - linkType: hard - -"is-boolean-object@npm:^1.1.0": - version: 1.1.2 - resolution: "is-boolean-object@npm:1.1.2" - dependencies: - call-bind: ^1.0.2 - has-tostringtag: ^1.0.0 - checksum: c03b23dbaacadc18940defb12c1c0e3aaece7553ef58b162a0f6bba0c2a7e1551b59f365b91e00d2dbac0522392d576ef322628cb1d036a0fe51eb466db67222 - languageName: node - linkType: hard - -"is-buffer@npm:^1.1.5": - version: 1.1.6 - resolution: "is-buffer@npm:1.1.6" - checksum: 4a186d995d8bbf9153b4bd9ff9fd04ae75068fe695d29025d25e592d9488911eeece84eefbd8fa41b8ddcc0711058a71d4c466dcf6f1f6e1d83830052d8ca707 - languageName: node - linkType: hard - -"is-callable@npm:^1.1.4, is-callable@npm:^1.2.4": - version: 1.2.4 - resolution: "is-callable@npm:1.2.4" - checksum: 1a28d57dc435797dae04b173b65d6d1e77d4f16276e9eff973f994eadcfdc30a017e6a597f092752a083c1103cceb56c91e3dadc6692fedb9898dfaba701575f - languageName: node - linkType: hard - -"is-cidr@npm:^4.0.2": - version: 4.0.2 - resolution: "is-cidr@npm:4.0.2" - dependencies: - cidr-regex: ^3.1.1 - checksum: ee6e670e655a835710a7fa15268b428adbf80267114a494ce1c2ca2b09e1ca0b629fe1375aae621d4c093b32930d5ff7c4ee6da97eae14e3836bc7b3a07b171f - languageName: node - linkType: hard - -"is-core-module@npm:^2.5.0, is-core-module@npm:^2.8.0": - version: 2.8.1 - resolution: "is-core-module@npm:2.8.1" - dependencies: - has: ^1.0.3 - checksum: 418b7bc10768a73c41c7ef497e293719604007f88934a6ffc5f7c78702791b8528102fb4c9e56d006d69361549b3d9519440214a74aefc7e0b79e5e4411d377f - languageName: node - linkType: hard - -"is-core-module@npm:^2.8.1": - version: 2.9.0 - resolution: "is-core-module@npm:2.9.0" - dependencies: - has: ^1.0.3 - checksum: b27034318b4b462f1c8f1dfb1b32baecd651d891a4e2d1922135daeff4141dfced2b82b07aef83ef54275c4a3526aa38da859223664d0868ca24182badb784ce - languageName: node - linkType: hard - -"is-data-descriptor@npm:^0.1.4": - version: 0.1.4 - resolution: "is-data-descriptor@npm:0.1.4" - dependencies: - kind-of: ^3.0.2 - checksum: 5c622e078ba933a78338ae398a3d1fc5c23332b395312daf4f74bab4afb10d061cea74821add726cb4db8b946ba36217ee71a24fe71dd5bca4632edb7f6aad87 - languageName: node - linkType: hard - -"is-data-descriptor@npm:^1.0.0": - version: 1.0.0 - resolution: "is-data-descriptor@npm:1.0.0" - dependencies: - kind-of: ^6.0.0 - checksum: e705e6816241c013b05a65dc452244ee378d1c3e3842bd140beabe6e12c0d700ef23c91803f971aa7b091fb0573c5da8963af34a2b573337d87bc3e1f53a4e6d - languageName: node - linkType: hard - -"is-date-object@npm:^1.0.1": - version: 1.0.5 - resolution: "is-date-object@npm:1.0.5" - dependencies: - has-tostringtag: ^1.0.0 - checksum: baa9077cdf15eb7b58c79398604ca57379b2fc4cf9aa7a9b9e295278648f628c9b201400c01c5e0f7afae56507d741185730307cbe7cad3b9f90a77e5ee342fc - languageName: node - linkType: hard - -"is-descriptor@npm:^0.1.0": - version: 0.1.6 - resolution: "is-descriptor@npm:0.1.6" - dependencies: - is-accessor-descriptor: ^0.1.6 - is-data-descriptor: ^0.1.4 - kind-of: ^5.0.0 - checksum: 0f780c1b46b465f71d970fd7754096ffdb7b69fd8797ca1f5069c163eaedcd6a20ec4a50af669075c9ebcfb5266d2e53c8b227e485eefdb0d1fee09aa1dd8ab6 - languageName: node - linkType: hard - -"is-descriptor@npm:^1.0.0, is-descriptor@npm:^1.0.2": - version: 1.0.2 - resolution: "is-descriptor@npm:1.0.2" - dependencies: - is-accessor-descriptor: ^1.0.0 - is-data-descriptor: ^1.0.0 - kind-of: ^6.0.2 - checksum: 2ed623560bee035fb67b23e32ce885700bef8abe3fbf8c909907d86507b91a2c89a9d3a4d835a4d7334dd5db0237a0aeae9ca109c1e4ef1c0e7b577c0846ab5a - languageName: node - linkType: hard - -"is-dotfile@npm:^1.0.0": - version: 1.0.3 - resolution: "is-dotfile@npm:1.0.3" - checksum: 5257760d998d50ba2d5b4707007c043c69da0b62172f2221505edc6671ff634581c05df494a19d8d7206d248154c2f29f8432193ee199d33b09733e66371fb35 - languageName: node - linkType: hard - -"is-equal-shallow@npm:^0.1.3": - version: 0.1.3 - resolution: "is-equal-shallow@npm:0.1.3" - dependencies: - is-primitive: ^2.0.0 - checksum: 1a296b660b8749ba1449017d9572e81fe8a96764877d5f9739c523a20cc7cdfa49594c16fa17052d0c3ee4711e35fd6919b06bf1b11b7126feab61abb9503ce6 - languageName: node - linkType: hard - -"is-extendable@npm:^0.1.0, is-extendable@npm:^0.1.1": - version: 0.1.1 - resolution: "is-extendable@npm:0.1.1" - checksum: 3875571d20a7563772ecc7a5f36cb03167e9be31ad259041b4a8f73f33f885441f778cee1f1fe0085eb4bc71679b9d8c923690003a36a6a5fdf8023e6e3f0672 - languageName: node - linkType: hard - -"is-extendable@npm:^1.0.1": - version: 1.0.1 - resolution: "is-extendable@npm:1.0.1" - dependencies: - is-plain-object: ^2.0.4 - checksum: db07bc1e9de6170de70eff7001943691f05b9d1547730b11be01c0ebfe67362912ba743cf4be6fd20a5e03b4180c685dad80b7c509fe717037e3eee30ad8e84f - languageName: node - linkType: hard - -"is-extglob@npm:^1.0.0": - version: 1.0.0 - resolution: "is-extglob@npm:1.0.0" - checksum: 5eea8517feeae5206547c0fc838c1416ec763b30093c286e1965a05f46b74a59ad391f912565f3b67c9c31cab4769ab9c35420e016b608acb47309be8d0d6e94 - languageName: node - linkType: hard - -"is-extglob@npm:^2.1.1": - version: 2.1.1 - resolution: "is-extglob@npm:2.1.1" - checksum: df033653d06d0eb567461e58a7a8c9f940bd8c22274b94bf7671ab36df5719791aae15eef6d83bbb5e23283967f2f984b8914559d4449efda578c775c4be6f85 - languageName: node - linkType: hard - -"is-fullwidth-code-point@npm:^3.0.0": - version: 3.0.0 - resolution: "is-fullwidth-code-point@npm:3.0.0" - checksum: 44a30c29457c7fb8f00297bce733f0a64cd22eca270f83e58c105e0d015e45c019491a4ab2faef91ab51d4738c670daff901c799f6a700e27f7314029e99e348 - languageName: node - linkType: hard - -"is-generator-fn@npm:^2.0.0": - version: 2.1.0 - resolution: "is-generator-fn@npm:2.1.0" - checksum: a6ad5492cf9d1746f73b6744e0c43c0020510b59d56ddcb78a91cbc173f09b5e6beff53d75c9c5a29feb618bfef2bf458e025ecf3a57ad2268e2fb2569f56215 - languageName: node - linkType: hard - -"is-glob@npm:^2.0.0, is-glob@npm:^2.0.1": - version: 2.0.1 - resolution: "is-glob@npm:2.0.1" - dependencies: - is-extglob: ^1.0.0 - checksum: 089f5f93640072491396a5f075ce73e949a90f35832b782bc49a6b7637d58e392d53cb0b395e059ccab70fcb82ff35d183f6f9ebbcb43227a1e02e3fed5430c9 - languageName: node - linkType: hard - -"is-glob@npm:^4.0.0, is-glob@npm:^4.0.1, is-glob@npm:^4.0.3": - version: 4.0.3 - resolution: "is-glob@npm:4.0.3" - dependencies: - is-extglob: ^2.1.1 - checksum: d381c1319fcb69d341cc6e6c7cd588e17cd94722d9a32dbd60660b993c4fb7d0f19438674e68dfec686d09b7c73139c9166b47597f846af387450224a8101ab4 - languageName: node - linkType: hard - -"is-interactive@npm:^1.0.0": - version: 1.0.0 - resolution: "is-interactive@npm:1.0.0" - checksum: 824808776e2d468b2916cdd6c16acacebce060d844c35ca6d82267da692e92c3a16fdba624c50b54a63f38bdc4016055b6f443ce57d7147240de4f8cdabaf6f9 - languageName: node - linkType: hard - -"is-invalid-path@npm:^0.1.0": - version: 0.1.0 - resolution: "is-invalid-path@npm:0.1.0" - dependencies: - is-glob: ^2.0.0 - checksum: 184dd40d9c7a765506e4fdcd7e664f86de68a4d5d429964b160255fe40de1b4323d1b4e6ea76ff87debf788a330e4f27cb1dfe5fc2420405e1c8a16a6ed87092 - languageName: node - linkType: hard - -"is-lambda@npm:^1.0.1": - version: 1.0.1 - resolution: "is-lambda@npm:1.0.1" - checksum: 93a32f01940220532e5948538699ad610d5924ac86093fcee83022252b363eb0cc99ba53ab084a04e4fb62bf7b5731f55496257a4c38adf87af9c4d352c71c35 - languageName: node - linkType: hard - -"is-natural-number@npm:^4.0.1": - version: 4.0.1 - resolution: "is-natural-number@npm:4.0.1" - checksum: 3e5e3d52e0dfa4fea923b5d2b8a5cdbd9bf110c4598d30304b98528b02f40c9058a2abf1bae10bcbaf2bac18ace41cff7bc9673aff339f8c8297fae74ae0e75d - languageName: node - linkType: hard - -"is-negative-zero@npm:^2.0.1": - version: 2.0.2 - resolution: "is-negative-zero@npm:2.0.2" - checksum: f3232194c47a549da60c3d509c9a09be442507616b69454716692e37ae9f37c4dea264fb208ad0c9f3efd15a796a46b79df07c7e53c6227c32170608b809149a - languageName: node - linkType: hard - -"is-number-object@npm:^1.0.4": - version: 1.0.6 - resolution: "is-number-object@npm:1.0.6" - dependencies: - has-tostringtag: ^1.0.0 - checksum: c697704e8fc2027fc41cb81d29805de4e8b6dc9c3efee93741dbf126a8ecc8443fef85adbc581415ae7e55d325e51d0a942324ae35c829131748cce39cba55f3 - languageName: node - linkType: hard - -"is-number@npm:^2.1.0": - version: 2.1.0 - resolution: "is-number@npm:2.1.0" - dependencies: - kind-of: ^3.0.2 - checksum: d80e041a43a8de31ecc02037d532f1f448ec9c5b6c02fe7ee67bdd45d21cd9a4b3b4cf07e428ae5adafc2f17408c49fcb0a227915916d94a16d576c39e689f60 - languageName: node - linkType: hard - -"is-number@npm:^3.0.0": - version: 3.0.0 - resolution: "is-number@npm:3.0.0" - dependencies: - kind-of: ^3.0.2 - checksum: 0c62bf8e9d72c4dd203a74d8cfc751c746e75513380fef420cda8237e619a988ee43e678ddb23c87ac24d91ac0fe9f22e4ffb1301a50310c697e9d73ca3994e9 - languageName: node - linkType: hard - -"is-number@npm:^4.0.0": - version: 4.0.0 - resolution: "is-number@npm:4.0.0" - checksum: e71962a5ae97400211e6be5946eff2b81d3fa85154dad498bfe2704999e63ac6b3f8591fdb7971a121122cc6e25915c2cfe882ff7b77e243d51b92ca6961267e - languageName: node - linkType: hard - -"is-number@npm:^7.0.0": - version: 7.0.0 - resolution: "is-number@npm:7.0.0" - checksum: 456ac6f8e0f3111ed34668a624e45315201dff921e5ac181f8ec24923b99e9f32ca1a194912dc79d539c97d33dba17dc635202ff0b2cf98326f608323276d27a - languageName: node - linkType: hard - -"is-obj@npm:^2.0.0": - version: 2.0.0 - resolution: "is-obj@npm:2.0.0" - checksum: c9916ac8f4621962a42f5e80e7ffdb1d79a3fab7456ceaeea394cd9e0858d04f985a9ace45be44433bf605673c8be8810540fe4cc7f4266fc7526ced95af5a08 - languageName: node - linkType: hard - -"is-object@npm:^1.0.1": - version: 1.0.2 - resolution: "is-object@npm:1.0.2" - checksum: 971219c4b1985b9751f65e4c8296d3104f0457b0e8a70849e848a4a2208bc47317d73b3b85d4a369619cb2df8284dc22584cb2695a7d99aca5e8d0aa64fc075a - languageName: node - linkType: hard - -"is-path-cwd@npm:^2.2.0": - version: 2.2.0 - resolution: "is-path-cwd@npm:2.2.0" - checksum: 46a840921bb8cc0dc7b5b423a14220e7db338072a4495743a8230533ce78812dc152548c86f4b828411fe98c5451959f07cf841c6a19f611e46600bd699e8048 - languageName: node - linkType: hard - -"is-path-inside@npm:^3.0.2": - version: 3.0.3 - resolution: "is-path-inside@npm:3.0.3" - checksum: abd50f06186a052b349c15e55b182326f1936c89a78bf6c8f2b707412517c097ce04bc49a0ca221787bc44e1049f51f09a2ffb63d22899051988d3a618ba13e9 - languageName: node - linkType: hard - -"is-plain-obj@npm:^1.0.0, is-plain-obj@npm:^1.1.0": - version: 1.1.0 - resolution: "is-plain-obj@npm:1.1.0" - checksum: 0ee04807797aad50859652a7467481816cbb57e5cc97d813a7dcd8915da8195dc68c436010bf39d195226cde6a2d352f4b815f16f26b7bf486a5754290629931 - languageName: node - linkType: hard - -"is-plain-object@npm:^2.0.3, is-plain-object@npm:^2.0.4": - version: 2.0.4 - resolution: "is-plain-object@npm:2.0.4" - dependencies: - isobject: ^3.0.1 - checksum: 2a401140cfd86cabe25214956ae2cfee6fbd8186809555cd0e84574f88de7b17abacb2e477a6a658fa54c6083ecbda1e6ae404c7720244cd198903848fca70ca - languageName: node - linkType: hard - -"is-plain-object@npm:^5.0.0": - version: 5.0.0 - resolution: "is-plain-object@npm:5.0.0" - checksum: e32d27061eef62c0847d303125440a38660517e586f2f3db7c9d179ae5b6674ab0f469d519b2e25c147a1a3bc87156d0d5f4d8821e0ce4a9ee7fe1fcf11ce45c - languageName: node - linkType: hard - -"is-posix-bracket@npm:^0.1.0": - version: 0.1.1 - resolution: "is-posix-bracket@npm:0.1.1" - checksum: 8a6391b41e7acef6898e64b00e06885b28c14b0c76398d3251a6ab1e5350d495dd32ec3f7f88f3f877558ce4b970939356fb315ee607f8f99a1716d4db7bdd40 - languageName: node - linkType: hard - -"is-potential-custom-element-name@npm:^1.0.1": - version: 1.0.1 - resolution: "is-potential-custom-element-name@npm:1.0.1" - checksum: ced7bbbb6433a5b684af581872afe0e1767e2d1146b2207ca0068a648fb5cab9d898495d1ac0583524faaf24ca98176a7d9876363097c2d14fee6dd324f3a1ab - languageName: node - linkType: hard - -"is-primitive@npm:^2.0.0": - version: 2.0.0 - resolution: "is-primitive@npm:2.0.0" - checksum: 4d63fe952e31a4bc1d1a65d72f8485f5952407dce8d1cd8d8f070586936ea9ae2df79e0a83956b224aa7776cbbf5767eba3277f28119c36a616b20a439f057c0 - languageName: node - linkType: hard - -"is-regex@npm:^1.1.4": - version: 1.1.4 - resolution: "is-regex@npm:1.1.4" - dependencies: - call-bind: ^1.0.2 - has-tostringtag: ^1.0.0 - checksum: 362399b33535bc8f386d96c45c9feb04cf7f8b41c182f54174c1a45c9abbbe5e31290bbad09a458583ff6bf3b2048672cdb1881b13289569a7c548370856a652 - languageName: node - linkType: hard - -"is-retry-allowed@npm:^1.0.0, is-retry-allowed@npm:^1.1.0": - version: 1.2.0 - resolution: "is-retry-allowed@npm:1.2.0" - checksum: 50d700a89ae31926b1c91b3eb0104dbceeac8790d8b80d02f5c76d9a75c2056f1bb24b5268a8a018dead606bddf116b2262e5ac07401eb8b8783b266ed22558d - languageName: node - linkType: hard - -"is-shared-array-buffer@npm:^1.0.1": - version: 1.0.1 - resolution: "is-shared-array-buffer@npm:1.0.1" - checksum: 2ffb92533e64e2876e6cfe6906871d28400b6f1a53130fe652ec8007bc0e5044d05e7af8e31bdc992fbba520bd92938cfbeedd0f286be92f250c7c76191c4d90 - languageName: node - linkType: hard - -"is-stream@npm:^1.0.0, is-stream@npm:^1.1.0": - version: 1.1.0 - resolution: "is-stream@npm:1.1.0" - checksum: 063c6bec9d5647aa6d42108d4c59723d2bd4ae42135a2d4db6eadbd49b7ea05b750fd69d279e5c7c45cf9da753ad2c00d8978be354d65aa9f6bb434969c6a2ae - languageName: node - linkType: hard - -"is-stream@npm:^2.0.0": - version: 2.0.1 - resolution: "is-stream@npm:2.0.1" - checksum: b8e05ccdf96ac330ea83c12450304d4a591f9958c11fd17bed240af8d5ffe08aedafa4c0f4cfccd4d28dc9d4d129daca1023633d5c11601a6cbc77521f6fae66 - languageName: node - linkType: hard - -"is-stream@npm:^3.0.0": - version: 3.0.0 - resolution: "is-stream@npm:3.0.0" - checksum: 172093fe99119ffd07611ab6d1bcccfe8bc4aa80d864b15f43e63e54b7abc71e779acd69afdb854c4e2a67fdc16ae710e370eda40088d1cfc956a50ed82d8f16 - languageName: node - linkType: hard - -"is-string@npm:^1.0.5, is-string@npm:^1.0.7": - version: 1.0.7 - resolution: "is-string@npm:1.0.7" - dependencies: - has-tostringtag: ^1.0.0 - checksum: 323b3d04622f78d45077cf89aab783b2f49d24dc641aa89b5ad1a72114cfeff2585efc8c12ef42466dff32bde93d839ad321b26884cf75e5a7892a938b089989 - languageName: node - linkType: hard - -"is-symbol@npm:^1.0.2, is-symbol@npm:^1.0.3": - version: 1.0.4 - resolution: "is-symbol@npm:1.0.4" - dependencies: - has-symbols: ^1.0.2 - checksum: 92805812ef590738d9de49d677cd17dfd486794773fb6fa0032d16452af46e9b91bb43ffe82c983570f015b37136f4b53b28b8523bfb10b0ece7a66c31a54510 - languageName: node - linkType: hard - -"is-text-path@npm:^1.0.1": - version: 1.0.1 - resolution: "is-text-path@npm:1.0.1" - dependencies: - text-extensions: ^1.0.0 - checksum: fb5d78752c22b3f73a7c9540768f765ffcfa38c9e421e2b9af869565307fa1ae5e3d3a2ba016a43549742856846566d327da406e94a5846ec838a288b1704fd2 - languageName: node - linkType: hard - -"is-typedarray@npm:^1.0.0": - version: 1.0.0 - resolution: "is-typedarray@npm:1.0.0" - checksum: 3508c6cd0a9ee2e0df2fa2e9baabcdc89e911c7bd5cf64604586697212feec525aa21050e48affb5ffc3df20f0f5d2e2cf79b08caa64e1ccc9578e251763aef7 - languageName: node - linkType: hard - -"is-unicode-supported@npm:^0.1.0": - version: 0.1.0 - resolution: "is-unicode-supported@npm:0.1.0" - checksum: a2aab86ee7712f5c2f999180daaba5f361bdad1efadc9610ff5b8ab5495b86e4f627839d085c6530363c6d6d4ecbde340fb8e54bdb83da4ba8e0865ed5513c52 - languageName: node - linkType: hard - -"is-valid-path@npm:^0.1.1": - version: 0.1.1 - resolution: "is-valid-path@npm:0.1.1" - dependencies: - is-invalid-path: ^0.1.0 - checksum: d6e716a4a999c75e32ff91ff1ea684fc9e69de05747ec4aaae049460beb971c79f474629dd87a5b4b662691f8323c1920f1b6f1dcdcb39b07082f0ff77b71da6 - languageName: node - linkType: hard - -"is-weakref@npm:^1.0.1": - version: 1.0.2 - resolution: "is-weakref@npm:1.0.2" - dependencies: - call-bind: ^1.0.2 - checksum: 95bd9a57cdcb58c63b1c401c60a474b0f45b94719c30f548c891860f051bc2231575c290a6b420c6bc6e7ed99459d424c652bd5bf9a1d5259505dc35b4bf83de - languageName: node - linkType: hard - -"is-windows@npm:^1.0.2": - version: 1.0.2 - resolution: "is-windows@npm:1.0.2" - checksum: 438b7e52656fe3b9b293b180defb4e448088e7023a523ec21a91a80b9ff8cdb3377ddb5b6e60f7c7de4fa8b63ab56e121b6705fe081b3cf1b828b0a380009ad7 - languageName: node - linkType: hard - -"isarray@npm:1.0.0, isarray@npm:~1.0.0": - version: 1.0.0 - resolution: "isarray@npm:1.0.0" - checksum: f032df8e02dce8ec565cf2eb605ea939bdccea528dbcf565cdf92bfa2da9110461159d86a537388ef1acef8815a330642d7885b29010e8f7eac967c9993b65ab - languageName: node - linkType: hard - -"isexe@npm:^2.0.0": - version: 2.0.0 - resolution: "isexe@npm:2.0.0" - checksum: 26bf6c5480dda5161c820c5b5c751ae1e766c587b1f951ea3fcfc973bafb7831ae5b54a31a69bd670220e42e99ec154475025a468eae58ea262f813fdc8d1c62 - languageName: node - linkType: hard - -"isobject@npm:^2.0.0": - version: 2.1.0 - resolution: "isobject@npm:2.1.0" - dependencies: - isarray: 1.0.0 - checksum: 811c6f5a866877d31f0606a88af4a45f282544de886bf29f6a34c46616a1ae2ed17076cc6bf34c0128f33eecf7e1fcaa2c82cf3770560d3e26810894e96ae79f - languageName: node - linkType: hard - -"isobject@npm:^3.0.0, isobject@npm:^3.0.1": - version: 3.0.1 - resolution: "isobject@npm:3.0.1" - checksum: db85c4c970ce30693676487cca0e61da2ca34e8d4967c2e1309143ff910c207133a969f9e4ddb2dc6aba670aabce4e0e307146c310350b298e74a31f7d464703 - languageName: node - linkType: hard - -"issue-parser@npm:^6.0.0": - version: 6.0.0 - resolution: "issue-parser@npm:6.0.0" - dependencies: - lodash.capitalize: ^4.2.1 - lodash.escaperegexp: ^4.1.2 - lodash.isplainobject: ^4.0.6 - lodash.isstring: ^4.0.1 - lodash.uniqby: ^4.7.0 - checksum: 3357928af6c78c4803340f978bd55dc922b6b15b3f6c76aaa78a08999d39002729502ce1650863d1a9d728a7e31ccc0a865087244225ef6e8fc85aaf2f9c0f67 - languageName: node - linkType: hard - -"istanbul-lib-coverage@npm:^3.0.0, istanbul-lib-coverage@npm:^3.2.0": - version: 3.2.0 - resolution: "istanbul-lib-coverage@npm:3.2.0" - checksum: a2a545033b9d56da04a8571ed05c8120bf10e9bce01cf8633a3a2b0d1d83dff4ac4fe78d6d5673c27fc29b7f21a41d75f83a36be09f82a61c367b56aa73c1ff9 - languageName: node - linkType: hard - -"istanbul-lib-instrument@npm:^5.0.4, istanbul-lib-instrument@npm:^5.1.0": - version: 5.1.0 - resolution: "istanbul-lib-instrument@npm:5.1.0" - dependencies: - "@babel/core": ^7.12.3 - "@babel/parser": ^7.14.7 - "@istanbuljs/schema": ^0.1.2 - istanbul-lib-coverage: ^3.2.0 - semver: ^6.3.0 - checksum: 8b82e733c69fe9f94d2e21f3e5760c9bedb110329aa75df4bd40df95f1cac3bf38767e43f35b125cc547ceca7376b72ce7d95cc5238b7e9088345c7b589233d3 - languageName: node - linkType: hard - -"istanbul-lib-report@npm:^3.0.0": - version: 3.0.0 - resolution: "istanbul-lib-report@npm:3.0.0" - dependencies: - istanbul-lib-coverage: ^3.0.0 - make-dir: ^3.0.0 - supports-color: ^7.1.0 - checksum: 3f29eb3f53c59b987386e07fe772d24c7f58c6897f34c9d7a296f4000de7ae3de9eb95c3de3df91dc65b134c84dee35c54eee572a56243e8907c48064e34ff1b - languageName: node - linkType: hard - -"istanbul-lib-source-maps@npm:^4.0.0": - version: 4.0.1 - resolution: "istanbul-lib-source-maps@npm:4.0.1" - dependencies: - debug: ^4.1.1 - istanbul-lib-coverage: ^3.0.0 - source-map: ^0.6.1 - checksum: 21ad3df45db4b81852b662b8d4161f6446cd250c1ddc70ef96a585e2e85c26ed7cd9c2a396a71533cfb981d1a645508bc9618cae431e55d01a0628e7dec62ef2 - languageName: node - linkType: hard - -"istanbul-reports@npm:^3.1.3": - version: 3.1.3 - resolution: "istanbul-reports@npm:3.1.3" - dependencies: - html-escaper: ^2.0.0 - istanbul-lib-report: ^3.0.0 - checksum: ef6e0d9ed05ecab1974c6eb46cc2a12d8570911934192db4ed40cf1978449240ea80aae32c4dd5555b67407cdf860212d1a9e415443af69641aa57ed1da5ebbb - languageName: node - linkType: hard - -"isurl@npm:^1.0.0-alpha5": - version: 1.0.0 - resolution: "isurl@npm:1.0.0" - dependencies: - has-to-string-tag-x: ^1.2.0 - is-object: ^1.0.1 - checksum: 28a96e019269d57015fa5869f19dda5a3ed1f7b21e3e0c4ff695419bd0541547db352aa32ee4a3659e811a177b0e37a5bc1a036731e71939dd16b59808ab92bd - languageName: node - linkType: hard - -"java-properties@npm:^1.0.0": - version: 1.0.2 - resolution: "java-properties@npm:1.0.2" - checksum: 9a086778346e3adbe2395e370f5c779033ed60360055a15e2cead49e3d676d2c73786cf2f6563a1860277dea3dd0a859432e546ed89c03ee08c1f53e31a5d420 - languageName: node - linkType: hard - -"jest-changed-files@npm:^27.4.2": - version: 27.4.2 - resolution: "jest-changed-files@npm:27.4.2" - dependencies: - "@jest/types": ^27.4.2 - execa: ^5.0.0 - throat: ^6.0.1 - checksum: 4df8dff39882995d4852756686357e0629cf8029ea5c35dcf25f63fba4febe15b564b9222f7d18a7546fcd48d3414345bf3c363a1d13af61d8d66e662a035420 - languageName: node - linkType: hard - -"jest-circus@npm:^27.4.6": - version: 27.4.6 - resolution: "jest-circus@npm:27.4.6" - dependencies: - "@jest/environment": ^27.4.6 - "@jest/test-result": ^27.4.6 - "@jest/types": ^27.4.2 - "@types/node": "*" - chalk: ^4.0.0 - co: ^4.6.0 - dedent: ^0.7.0 - expect: ^27.4.6 - is-generator-fn: ^2.0.0 - jest-each: ^27.4.6 - jest-matcher-utils: ^27.4.6 - jest-message-util: ^27.4.6 - jest-runtime: ^27.4.6 - jest-snapshot: ^27.4.6 - jest-util: ^27.4.2 - pretty-format: ^27.4.6 - slash: ^3.0.0 - stack-utils: ^2.0.3 - throat: ^6.0.1 - checksum: 00aae02bc4de4afa2144b073c4158a322cb37924d5583ef5caa5cb4badcc8f32474da3a01dd5672e85eda088b92d2b769986b46e36c2c88df0dd6ec0c72bd8c1 - languageName: node - linkType: hard - -"jest-cli@npm:^27.4.7": - version: 27.4.7 - resolution: "jest-cli@npm:27.4.7" - dependencies: - "@jest/core": ^27.4.7 - "@jest/test-result": ^27.4.6 - "@jest/types": ^27.4.2 - chalk: ^4.0.0 - exit: ^0.1.2 - graceful-fs: ^4.2.4 - import-local: ^3.0.2 - jest-config: ^27.4.7 - jest-util: ^27.4.2 - jest-validate: ^27.4.6 - prompts: ^2.0.1 - yargs: ^16.2.0 - peerDependencies: - node-notifier: ^8.0.1 || ^9.0.0 || ^10.0.0 - peerDependenciesMeta: - node-notifier: - optional: true - bin: - jest: bin/jest.js - checksum: bf301039f1c14ef3fa2b7699b7b94328faa5549e34cb1573610c894bedd036ad36e31e6af436e11b3aa85e22e409a05d1fef1624bebc2da7ed416ce969b87307 - languageName: node - linkType: hard - -"jest-config@npm:^27.4.7": - version: 27.4.7 - resolution: "jest-config@npm:27.4.7" - dependencies: - "@babel/core": ^7.8.0 - "@jest/test-sequencer": ^27.4.6 - "@jest/types": ^27.4.2 - babel-jest: ^27.4.6 - chalk: ^4.0.0 - ci-info: ^3.2.0 - deepmerge: ^4.2.2 - glob: ^7.1.1 - graceful-fs: ^4.2.4 - jest-circus: ^27.4.6 - jest-environment-jsdom: ^27.4.6 - jest-environment-node: ^27.4.6 - jest-get-type: ^27.4.0 - jest-jasmine2: ^27.4.6 - jest-regex-util: ^27.4.0 - jest-resolve: ^27.4.6 - jest-runner: ^27.4.6 - jest-util: ^27.4.2 - jest-validate: ^27.4.6 - micromatch: ^4.0.4 - pretty-format: ^27.4.6 - slash: ^3.0.0 - peerDependencies: - ts-node: ">=9.0.0" - peerDependenciesMeta: - ts-node: - optional: true - checksum: 23d5bacc483b2674d6efcd6bfc66bcde7c2b428511b50d17a22a2750d85bfc23753f9e41f504411e411e848e34ec61244bdae9da8782df4ada6e284106f71a4d - languageName: node - linkType: hard - -"jest-diff@npm:^27.0.0, jest-diff@npm:^27.4.6": - version: 27.4.6 - resolution: "jest-diff@npm:27.4.6" - dependencies: - chalk: ^4.0.0 - diff-sequences: ^27.4.0 - jest-get-type: ^27.4.0 - pretty-format: ^27.4.6 - checksum: cf6b7e80e3c64a7c71ab209c0325bbda175991aed985ecee7652df9d6540e4959089038e208c04ab05391c9ddf07adc72f0c8c26cc4cee6fa17f76f500e2bf43 - languageName: node - linkType: hard - -"jest-docblock@npm:^27.4.0": - version: 27.4.0 - resolution: "jest-docblock@npm:27.4.0" - dependencies: - detect-newline: ^3.0.0 - checksum: 4b7639ceb7808280562166c87c49746d9e9cc13f8315ea05a0a400d2f7b11f4491b4ad50935e5976db6509f26004fa2b187dc19eea5e09c445eed2648eb1e927 - languageName: node - linkType: hard - -"jest-each@npm:^27.4.6": - version: 27.4.6 - resolution: "jest-each@npm:27.4.6" - dependencies: - "@jest/types": ^27.4.2 - chalk: ^4.0.0 - jest-get-type: ^27.4.0 - jest-util: ^27.4.2 - pretty-format: ^27.4.6 - checksum: cce85a14a4c3a37733e75da2352e767c6eef923181e0c884eb9f86253ed417de0454da5117ebfbc1fcabdf109a305b1dbbf9b71a5712da8b6d79fde1f73a9b75 - languageName: node - linkType: hard - -"jest-environment-jsdom@npm:^27.4.6": - version: 27.4.6 - resolution: "jest-environment-jsdom@npm:27.4.6" - dependencies: - "@jest/environment": ^27.4.6 - "@jest/fake-timers": ^27.4.6 - "@jest/types": ^27.4.2 - "@types/node": "*" - jest-mock: ^27.4.6 - jest-util: ^27.4.2 - jsdom: ^16.6.0 - checksum: bdf5f349a3e96b029fd0c442c8ba86dd7beb8d14922b6a53f0c52f9ab7b34521ef8deedfaba13ce81ca01e9074032eb8dc506d9035941348e129d0b76671d6bc - languageName: node - linkType: hard - -"jest-environment-node@npm:^27.4.6": - version: 27.4.6 - resolution: "jest-environment-node@npm:27.4.6" - dependencies: - "@jest/environment": ^27.4.6 - "@jest/fake-timers": ^27.4.6 - "@jest/types": ^27.4.2 - "@types/node": "*" - jest-mock: ^27.4.6 - jest-util: ^27.4.2 - checksum: 3f146e7819f65b1dc0252573cddadc8c565a566ddf7c06c93eded51cccfc55f4765373fb2aaafeb4d8b76ec62b062e1bd4f1da6b9f57429af6789ef8bbada3cb - languageName: node - linkType: hard - -"jest-get-type@npm:^27.4.0": - version: 27.4.0 - resolution: "jest-get-type@npm:27.4.0" - checksum: bb9b70e420009fdaed3026d5bccd01569f92c7500f9f544d862796d4f4efa93ced5484864b2f272c7748bfb5bfd3268d48868b169c51ab45fe5b45b9519b6e46 - languageName: node - linkType: hard - -"jest-haste-map@npm:^27.4.6": - version: 27.4.6 - resolution: "jest-haste-map@npm:27.4.6" - dependencies: - "@jest/types": ^27.4.2 - "@types/graceful-fs": ^4.1.2 - "@types/node": "*" - anymatch: ^3.0.3 - fb-watchman: ^2.0.0 - fsevents: ^2.3.2 - graceful-fs: ^4.2.4 - jest-regex-util: ^27.4.0 - jest-serializer: ^27.4.0 - jest-util: ^27.4.2 - jest-worker: ^27.4.6 - micromatch: ^4.0.4 - walker: ^1.0.7 - dependenciesMeta: - fsevents: - optional: true - checksum: 07a336e9dba9e7308f16c8b8e037dcc80eb346b0f68cbb6bd1badf97abb104da12c305b411549a5ac0bd4e634b61f9d12e0b5ac2ae8e8bea08952a5fe1a6e82e - languageName: node - linkType: hard - -"jest-jasmine2@npm:^27.4.6": - version: 27.4.6 - resolution: "jest-jasmine2@npm:27.4.6" - dependencies: - "@jest/environment": ^27.4.6 - "@jest/source-map": ^27.4.0 - "@jest/test-result": ^27.4.6 - "@jest/types": ^27.4.2 - "@types/node": "*" - chalk: ^4.0.0 - co: ^4.6.0 - expect: ^27.4.6 - is-generator-fn: ^2.0.0 - jest-each: ^27.4.6 - jest-matcher-utils: ^27.4.6 - jest-message-util: ^27.4.6 - jest-runtime: ^27.4.6 - jest-snapshot: ^27.4.6 - jest-util: ^27.4.2 - pretty-format: ^27.4.6 - throat: ^6.0.1 - checksum: d9b05405708161b90c2e9add00ee3c62b154b0f839bc50f034ae8369921956bb16cec428e46ae3b8074a3aeded6cb02f770161d7453f1a183b1abac17dae43f7 - languageName: node - linkType: hard - -"jest-leak-detector@npm:^27.4.6": - version: 27.4.6 - resolution: "jest-leak-detector@npm:27.4.6" - dependencies: - jest-get-type: ^27.4.0 - pretty-format: ^27.4.6 - checksum: 4259400403d51b1297b9ab05c1342345c4a93a77c99447b061192ed81b56efcbdd28a03914c9f97670d2f3498bdc368712575d6218b02e3af1656b7db507d3bf - languageName: node - linkType: hard - -"jest-matcher-utils@npm:^27.4.6": - version: 27.4.6 - resolution: "jest-matcher-utils@npm:27.4.6" - dependencies: - chalk: ^4.0.0 - jest-diff: ^27.4.6 - jest-get-type: ^27.4.0 - pretty-format: ^27.4.6 - checksum: 445a8cc9eaa7cb08653a10cfc4f109eca76a97d1b1d3a01067bd77efa9cb3a554b74c7402a4c9d5083b21e11218e1515ef538faa47fa47c282072b4825f6b307 - languageName: node - linkType: hard - -"jest-message-util@npm:^27.4.6": - version: 27.4.6 - resolution: "jest-message-util@npm:27.4.6" - dependencies: - "@babel/code-frame": ^7.12.13 - "@jest/types": ^27.4.2 - "@types/stack-utils": ^2.0.0 - chalk: ^4.0.0 - graceful-fs: ^4.2.4 - micromatch: ^4.0.4 - pretty-format: ^27.4.6 - slash: ^3.0.0 - stack-utils: ^2.0.3 - checksum: 1fdd542d091dbf7aa63a484feead97a921e3c4d6db3784fe2e6d83e9110ac06de5691fdc043da991ca1d0ce5d179ea8266c8d93b388f4bba7d80a267fdd946df - languageName: node - linkType: hard - -"jest-mock@npm:^27.4.6": - version: 27.4.6 - resolution: "jest-mock@npm:27.4.6" - dependencies: - "@jest/types": ^27.4.2 - "@types/node": "*" - checksum: 34df5ec502fa0db5ef36e2b2e96a522de730e7be907c6df5d4ec8ab1292d9be71f1e269e8bcdafd020239edaf3ca6f9c464eb0b4aca6986420a1f392976fc0ab - languageName: node - linkType: hard - -"jest-pnp-resolver@npm:^1.2.2": - version: 1.2.2 - resolution: "jest-pnp-resolver@npm:1.2.2" - peerDependencies: - jest-resolve: "*" - peerDependenciesMeta: - jest-resolve: - optional: true - checksum: bd85dcc0e76e0eb0c3d56382ec140f08d25ff4068cda9d0e360bb78fb176cb726d0beab82dc0e8694cafd09f55fee7622b8bcb240afa5fad301f4ed3eebb4f47 - languageName: node - linkType: hard - -"jest-regex-util@npm:^27.4.0": - version: 27.4.0 - resolution: "jest-regex-util@npm:27.4.0" - checksum: 222e4aacec601fd2cfdfee74adb8d324fef672f77577a7c2220893ec1a62031a2640388fce8d0bd8be2e4537da1ab40aa74dba60ac531a23b2643b15c65014ac - languageName: node - linkType: hard - -"jest-resolve-dependencies@npm:^27.4.6": - version: 27.4.6 - resolution: "jest-resolve-dependencies@npm:27.4.6" - dependencies: - "@jest/types": ^27.4.2 - jest-regex-util: ^27.4.0 - jest-snapshot: ^27.4.6 - checksum: c644adb74a602c8c08f90256c9a5c519434cd213a02a6f427425003f9ab026c12860527eb67cf624aa6717c410fa92aee66662d212c0ffbb73f80e2711ffb7a4 - languageName: node - linkType: hard - -"jest-resolve@npm:^27.4.6": - version: 27.4.6 - resolution: "jest-resolve@npm:27.4.6" - dependencies: - "@jest/types": ^27.4.2 - chalk: ^4.0.0 - graceful-fs: ^4.2.4 - jest-haste-map: ^27.4.6 - jest-pnp-resolver: ^1.2.2 - jest-util: ^27.4.2 - jest-validate: ^27.4.6 - resolve: ^1.20.0 - resolve.exports: ^1.1.0 - slash: ^3.0.0 - checksum: 69b765660ee2dd71542953fbe5f6fc9ee3590a4829376e00d955f7566d47049ec5e300832bee1530ac85d2946e341558993ab381d3023363058ae6f9d4c10025 - languageName: node - linkType: hard - -"jest-runner@npm:^27.4.6": - version: 27.4.6 - resolution: "jest-runner@npm:27.4.6" - dependencies: - "@jest/console": ^27.4.6 - "@jest/environment": ^27.4.6 - "@jest/test-result": ^27.4.6 - "@jest/transform": ^27.4.6 - "@jest/types": ^27.4.2 - "@types/node": "*" - chalk: ^4.0.0 - emittery: ^0.8.1 - exit: ^0.1.2 - graceful-fs: ^4.2.4 - jest-docblock: ^27.4.0 - jest-environment-jsdom: ^27.4.6 - jest-environment-node: ^27.4.6 - jest-haste-map: ^27.4.6 - jest-leak-detector: ^27.4.6 - jest-message-util: ^27.4.6 - jest-resolve: ^27.4.6 - jest-runtime: ^27.4.6 - jest-util: ^27.4.2 - jest-worker: ^27.4.6 - source-map-support: ^0.5.6 - throat: ^6.0.1 - checksum: 4e76117e5373b6eb51c7113f848dbc92bc1e1d2f1302f9530ef9cb6c967eb364836f4a5790f65a437f47debc917bfb696bbc647831292fa8b1b4321f292e721f - languageName: node - linkType: hard - -"jest-runtime@npm:^27.4.6": - version: 27.4.6 - resolution: "jest-runtime@npm:27.4.6" - dependencies: - "@jest/environment": ^27.4.6 - "@jest/fake-timers": ^27.4.6 - "@jest/globals": ^27.4.6 - "@jest/source-map": ^27.4.0 - "@jest/test-result": ^27.4.6 - "@jest/transform": ^27.4.6 - "@jest/types": ^27.4.2 - chalk: ^4.0.0 - cjs-module-lexer: ^1.0.0 - collect-v8-coverage: ^1.0.0 - execa: ^5.0.0 - glob: ^7.1.3 - graceful-fs: ^4.2.4 - jest-haste-map: ^27.4.6 - jest-message-util: ^27.4.6 - jest-mock: ^27.4.6 - jest-regex-util: ^27.4.0 - jest-resolve: ^27.4.6 - jest-snapshot: ^27.4.6 - jest-util: ^27.4.2 - slash: ^3.0.0 - strip-bom: ^4.0.0 - checksum: 64d833c7d7b1d67b53932dc9fd9332aaf43ea1777fc61c3f143515968f066438b3247e4f1a71a7f127b1bedbc7c3124bfc53cb4f026fff5b26e2feda8d35535c - languageName: node - linkType: hard - -"jest-serializer@npm:^27.4.0": - version: 27.4.0 - resolution: "jest-serializer@npm:27.4.0" - dependencies: - "@types/node": "*" - graceful-fs: ^4.2.4 - checksum: 1ed5f38e88010f258bd9557d7842a89741ff15bfc578328e8ae1985933406350b817cf5e3127773e3dbc755dbe2522195378f8b98284bcc32111a723294ebbea - languageName: node - linkType: hard - -"jest-snapshot@npm:^27.4.6": - version: 27.4.6 - resolution: "jest-snapshot@npm:27.4.6" - dependencies: - "@babel/core": ^7.7.2 - "@babel/generator": ^7.7.2 - "@babel/plugin-syntax-typescript": ^7.7.2 - "@babel/traverse": ^7.7.2 - "@babel/types": ^7.0.0 - "@jest/transform": ^27.4.6 - "@jest/types": ^27.4.2 - "@types/babel__traverse": ^7.0.4 - "@types/prettier": ^2.1.5 - babel-preset-current-node-syntax: ^1.0.0 - chalk: ^4.0.0 - expect: ^27.4.6 - graceful-fs: ^4.2.4 - jest-diff: ^27.4.6 - jest-get-type: ^27.4.0 - jest-haste-map: ^27.4.6 - jest-matcher-utils: ^27.4.6 - jest-message-util: ^27.4.6 - jest-util: ^27.4.2 - natural-compare: ^1.4.0 - pretty-format: ^27.4.6 - semver: ^7.3.2 - checksum: c7a1ae993ae7334277c61e6d645efedefce53ca212498ae766ea28efa46287559a56d2bd2edaaead8476191a45adbb1354df5367dfd223763b5a66751bfbda14 - languageName: node - linkType: hard - -"jest-util@npm:^27.0.0, jest-util@npm:^27.4.2": - version: 27.4.2 - resolution: "jest-util@npm:27.4.2" - dependencies: - "@jest/types": ^27.4.2 - "@types/node": "*" - chalk: ^4.0.0 - ci-info: ^3.2.0 - graceful-fs: ^4.2.4 - picomatch: ^2.2.3 - checksum: bcf16881aff1421c5f7c2df2ef9492cf8cd92fcd0a2a99bec5ab16f7185ee19aea48eda41d9dfa7b5bf4354bdc21628f5931cd2e7281741e6d2983965efb631e - languageName: node - linkType: hard - -"jest-validate@npm:^27.4.6": - version: 27.4.6 - resolution: "jest-validate@npm:27.4.6" - dependencies: - "@jest/types": ^27.4.2 - camelcase: ^6.2.0 - chalk: ^4.0.0 - jest-get-type: ^27.4.0 - leven: ^3.1.0 - pretty-format: ^27.4.6 - checksum: d3578030eadd872b99e65dac24d9ca755f2a2483f8344d9e575ea6034c6cb5ed5bcf7a4aa4f1050ab0080d5a8d0b0efd31c911514f27820b871a636a97dc196c - languageName: node - linkType: hard - -"jest-watcher@npm:^27.4.6": - version: 27.4.6 - resolution: "jest-watcher@npm:27.4.6" - dependencies: - "@jest/test-result": ^27.4.6 - "@jest/types": ^27.4.2 - "@types/node": "*" - ansi-escapes: ^4.2.1 - chalk: ^4.0.0 - jest-util: ^27.4.2 - string-length: ^4.0.1 - checksum: bb9c0a34dcc690cef6430c275e81213620bc4ba6337e42302efa51666ac06781e9f6f50c930332396e4e8cd8cc47de8fb2e8de57da0f7e35a246b0206dde1cd3 - languageName: node - linkType: hard - -"jest-worker@npm:^27.4.6": - version: 27.4.6 - resolution: "jest-worker@npm:27.4.6" - dependencies: - "@types/node": "*" - merge-stream: ^2.0.0 - supports-color: ^8.0.0 - checksum: 105bcdf5c66700bbfe352bc09476629ca0858cfa819fcc1a37ea76660f0168d586c6e77aee8ea91eded5a20f40f331a0a81e503b5ba19f7b566204406b239466 - languageName: node - linkType: hard - -"jest@npm:^27.0.6": - version: 27.4.7 - resolution: "jest@npm:27.4.7" - dependencies: - "@jest/core": ^27.4.7 - import-local: ^3.0.2 - jest-cli: ^27.4.7 - peerDependencies: - node-notifier: ^8.0.1 || ^9.0.0 || ^10.0.0 - peerDependenciesMeta: - node-notifier: - optional: true - bin: - jest: bin/jest.js - checksum: 28ce948b30c074907393f37553acac4422d0f60190776e62b3403e4c742d33dd6012e3a20748254a43e38b5b4ce52d813b13a3a5be1d43d6d12429bd08ce1a23 - languageName: node - linkType: hard - -"joi@npm:^17.4.0": - version: 17.5.0 - resolution: "joi@npm:17.5.0" - dependencies: - "@hapi/hoek": ^9.0.0 - "@hapi/topo": ^5.0.0 - "@sideway/address": ^4.1.3 - "@sideway/formula": ^3.0.0 - "@sideway/pinpoint": ^2.0.0 - checksum: 6a20d009d2fa8a72dbfd9bc739d240f678b09d3a16c05b4bfb4e2d0503e60f7d7914250f0bfc52fb79a537490739ba36a1ace00a05b8ddecaaacfcedafc5c8b9 - languageName: node - linkType: hard - -"js-tokens@npm:^4.0.0": - version: 4.0.0 - resolution: "js-tokens@npm:4.0.0" - checksum: 8a95213a5a77deb6cbe94d86340e8d9ace2b93bc367790b260101d2f36a2eaf4e4e22d9fa9cf459b38af3a32fb4190e638024cf82ec95ef708680e405ea7cc78 - languageName: node - linkType: hard - -"js-yaml@npm:^3.13.1, js-yaml@npm:^3.6.1": - version: 3.14.1 - resolution: "js-yaml@npm:3.14.1" - dependencies: - argparse: ^1.0.7 - esprima: ^4.0.0 - bin: - js-yaml: bin/js-yaml.js - checksum: bef146085f472d44dee30ec34e5cf36bf89164f5d585435a3d3da89e52622dff0b188a580e4ad091c3341889e14cb88cac6e4deb16dc5b1e9623bb0601fc255c - languageName: node - linkType: hard - -"jsdom@npm:^16.6.0": - version: 16.7.0 - resolution: "jsdom@npm:16.7.0" - dependencies: - abab: ^2.0.5 - acorn: ^8.2.4 - acorn-globals: ^6.0.0 - cssom: ^0.4.4 - cssstyle: ^2.3.0 - data-urls: ^2.0.0 - decimal.js: ^10.2.1 - domexception: ^2.0.1 - escodegen: ^2.0.0 - form-data: ^3.0.0 - html-encoding-sniffer: ^2.0.1 - http-proxy-agent: ^4.0.1 - https-proxy-agent: ^5.0.0 - is-potential-custom-element-name: ^1.0.1 - nwsapi: ^2.2.0 - parse5: 6.0.1 - saxes: ^5.0.1 - symbol-tree: ^3.2.4 - tough-cookie: ^4.0.0 - w3c-hr-time: ^1.0.2 - w3c-xmlserializer: ^2.0.0 - webidl-conversions: ^6.1.0 - whatwg-encoding: ^1.0.5 - whatwg-mimetype: ^2.3.0 - whatwg-url: ^8.5.0 - ws: ^7.4.6 - xml-name-validator: ^3.0.0 - peerDependencies: - canvas: ^2.5.0 - peerDependenciesMeta: - canvas: - optional: true - checksum: 454b83371857000763ed31130a049acd1b113e3b927e6dcd75c67ddc30cdd242d7ebcac5c2294b7a1a6428155cb1398709c573b3c6d809218692ea68edd93370 - languageName: node - linkType: hard - -"jsesc@npm:^2.5.1": - version: 2.5.2 - resolution: "jsesc@npm:2.5.2" - bin: - jsesc: bin/jsesc - checksum: 4dc190771129e12023f729ce20e1e0bfceac84d73a85bc3119f7f938843fe25a4aeccb54b6494dce26fcf263d815f5f31acdefac7cc9329efb8422a4f4d9fa9d - languageName: node - linkType: hard - -"json-buffer@npm:3.0.0": - version: 3.0.0 - resolution: "json-buffer@npm:3.0.0" - checksum: 0cecacb8025370686a916069a2ff81f7d55167421b6aa7270ee74e244012650dd6bce22b0852202ea7ff8624fce50ff0ec1bdf95914ccb4553426e290d5a63fa - languageName: node - linkType: hard - -"json-parse-better-errors@npm:^1.0.1": - version: 1.0.2 - resolution: "json-parse-better-errors@npm:1.0.2" - checksum: ff2b5ba2a70e88fd97a3cb28c1840144c5ce8fae9cbeeddba15afa333a5c407cf0e42300cd0a2885dbb055227fe68d405070faad941beeffbfde9cf3b2c78c5d - languageName: node - linkType: hard - -"json-parse-even-better-errors@npm:^2.3.0, json-parse-even-better-errors@npm:^2.3.1": - version: 2.3.1 - resolution: "json-parse-even-better-errors@npm:2.3.1" - checksum: 798ed4cf3354a2d9ccd78e86d2169515a0097a5c133337807cdf7f1fc32e1391d207ccfc276518cc1d7d8d4db93288b8a50ba4293d212ad1336e52a8ec0a941f - languageName: node - linkType: hard - -"json-schema-traverse@npm:^0.4.1": - version: 0.4.1 - resolution: "json-schema-traverse@npm:0.4.1" - checksum: 7486074d3ba247769fda17d5181b345c9fb7d12e0da98b22d1d71a5db9698d8b4bd900a3ec1a4ffdd60846fc2556274a5c894d0c48795f14cb03aeae7b55260b - languageName: node - linkType: hard - -"json-schema-traverse@npm:^1.0.0": - version: 1.0.0 - resolution: "json-schema-traverse@npm:1.0.0" - checksum: 02f2f466cdb0362558b2f1fd5e15cce82ef55d60cd7f8fa828cf35ba74330f8d767fcae5c5c2adb7851fa811766c694b9405810879bc4e1ddd78a7c0e03658ad - languageName: node - linkType: hard - -"json-stable-stringify-without-jsonify@npm:^1.0.1": - version: 1.0.1 - resolution: "json-stable-stringify-without-jsonify@npm:1.0.1" - checksum: cff44156ddce9c67c44386ad5cddf91925fe06b1d217f2da9c4910d01f358c6e3989c4d5a02683c7a5667f9727ff05831f7aa8ae66c8ff691c556f0884d49215 - languageName: node - linkType: hard - -"json-stringify-nice@npm:^1.1.4": - version: 1.1.4 - resolution: "json-stringify-nice@npm:1.1.4" - checksum: 6ddf781148b46857ab04e97f47be05f14c4304b86eb5478369edbeacd070c21c697269964b982fc977e8989d4c59091103b1d9dc291aba40096d6cbb9a392b72 - languageName: node - linkType: hard - -"json-stringify-safe@npm:^5.0.1": - version: 5.0.1 - resolution: "json-stringify-safe@npm:5.0.1" - checksum: 48ec0adad5280b8a96bb93f4563aa1667fd7a36334f79149abd42446d0989f2ddc58274b479f4819f1f00617957e6344c886c55d05a4e15ebb4ab931e4a6a8ee - languageName: node - linkType: hard - -"json5@npm:2.x, json5@npm:^2.1.2": - version: 2.2.0 - resolution: "json5@npm:2.2.0" - dependencies: - minimist: ^1.2.5 - bin: - json5: lib/cli.js - checksum: e88fc5274bb58fc99547baa777886b069d2dd96d9cfc4490b305fd16d711dabd5979e35a4f90873cefbeb552e216b041a304fe56702bedba76e19bc7845f208d - languageName: node - linkType: hard - -"json5@npm:^1.0.1": - version: 1.0.1 - resolution: "json5@npm:1.0.1" - dependencies: - minimist: ^1.2.0 - bin: - json5: lib/cli.js - checksum: e76ea23dbb8fc1348c143da628134a98adf4c5a4e8ea2adaa74a80c455fc2cdf0e2e13e6398ef819bfe92306b610ebb2002668ed9fc1af386d593691ef346fc3 - languageName: node - linkType: hard - -"jsonfile@npm:^4.0.0": - version: 4.0.0 - resolution: "jsonfile@npm:4.0.0" - dependencies: - graceful-fs: ^4.1.6 - dependenciesMeta: - graceful-fs: - optional: true - checksum: 6447d6224f0d31623eef9b51185af03ac328a7553efcee30fa423d98a9e276ca08db87d71e17f2310b0263fd3ffa6c2a90a6308367f661dc21580f9469897c9e - languageName: node - linkType: hard - -"jsonfile@npm:^6.0.1": - version: 6.1.0 - resolution: "jsonfile@npm:6.1.0" - dependencies: - graceful-fs: ^4.1.6 - universalify: ^2.0.0 - dependenciesMeta: - graceful-fs: - optional: true - checksum: 7af3b8e1ac8fe7f1eccc6263c6ca14e1966fcbc74b618d3c78a0a2075579487547b94f72b7a1114e844a1e15bb00d440e5d1720bfc4612d790a6f285d5ea8354 - languageName: node - linkType: hard - -"jsonparse@npm:^1.2.0, jsonparse@npm:^1.3.1": - version: 1.3.1 - resolution: "jsonparse@npm:1.3.1" - checksum: 6514a7be4674ebf407afca0eda3ba284b69b07f9958a8d3113ef1005f7ec610860c312be067e450c569aab8b89635e332cee3696789c750692bb60daba627f4d - languageName: node - linkType: hard - -"jsonpath@npm:^1.1.1": - version: 1.1.1 - resolution: "jsonpath@npm:1.1.1" - dependencies: - esprima: 1.2.2 - static-eval: 2.0.2 - underscore: 1.12.1 - checksum: 5480d8e9e424fe2ed4ade6860b6e2cefddb21adb3a99abe0254cd9428e8ef9b0c9fb5729d6a5a514e90df50d645ccea9f3be48d627570e6222dd5dadc28eba7b - languageName: node - linkType: hard - -"just-diff-apply@npm:^5.2.0": - version: 5.2.0 - resolution: "just-diff-apply@npm:5.2.0" - checksum: 5e63562665f7b3b279d286f5cd3d73af0e0ffadbdc02cb2c43a50370ad1a614b557842938d157de904be69a4bc6b2187cee3257add1440fdf1e4814de691b0af - languageName: node - linkType: hard - -"just-diff@npm:^5.0.1": - version: 5.0.2 - resolution: "just-diff@npm:5.0.2" - checksum: 1c7408432f53ff67ea4ce41adb5579c08a39f990956ddbf2e94f4161f3802a41179d7412538573972433ce9f50e371afdca019964e51cf500577bf1aa732b842 - languageName: node - linkType: hard - -"keyv@npm:3.0.0": - version: 3.0.0 - resolution: "keyv@npm:3.0.0" - dependencies: - json-buffer: 3.0.0 - checksum: 5182775e546cdbb88dc583825bc0e990164709f31904a219e3321b3bf564a301ac4e5255ba95f7fba466548eba793b356a04a0242110173b199a37192b3b565f - languageName: node - linkType: hard - -"kind-of@npm:^3.0.2, kind-of@npm:^3.0.3, kind-of@npm:^3.2.0": - version: 3.2.2 - resolution: "kind-of@npm:3.2.2" - dependencies: - is-buffer: ^1.1.5 - checksum: e898df8ca2f31038f27d24f0b8080da7be274f986bc6ed176f37c77c454d76627619e1681f6f9d2e8d2fd7557a18ecc419a6bb54e422abcbb8da8f1a75e4b386 - languageName: node - linkType: hard - -"kind-of@npm:^4.0.0": - version: 4.0.0 - resolution: "kind-of@npm:4.0.0" - dependencies: - is-buffer: ^1.1.5 - checksum: 1b9e7624a8771b5a2489026e820f3bbbcc67893e1345804a56b23a91e9069965854d2a223a7c6ee563c45be9d8c6ff1ef87f28ed5f0d1a8d00d9dcbb067c529f - languageName: node - linkType: hard - -"kind-of@npm:^5.0.0": - version: 5.1.0 - resolution: "kind-of@npm:5.1.0" - checksum: f2a0102ae0cf19c4a953397e552571bad2b588b53282874f25fca7236396e650e2db50d41f9f516bd402536e4df968dbb51b8e69e4d5d4a7173def78448f7bab - languageName: node - linkType: hard - -"kind-of@npm:^6.0.0, kind-of@npm:^6.0.2, kind-of@npm:^6.0.3": - version: 6.0.3 - resolution: "kind-of@npm:6.0.3" - checksum: 3ab01e7b1d440b22fe4c31f23d8d38b4d9b91d9f291df683476576493d5dfd2e03848a8b05813dd0c3f0e835bc63f433007ddeceb71f05cb25c45ae1b19c6d3b - languageName: node - linkType: hard - -"kleur@npm:^3.0.3": - version: 3.0.3 - resolution: "kleur@npm:3.0.3" - checksum: df82cd1e172f957bae9c536286265a5cdbd5eeca487cb0a3b2a7b41ef959fc61f8e7c0e9aeea9c114ccf2c166b6a8dd45a46fd619c1c569d210ecd2765ad5169 - languageName: node - linkType: hard - -"leven@npm:^3.1.0": - version: 3.1.0 - resolution: "leven@npm:3.1.0" - checksum: 638401d534585261b6003db9d99afd244dfe82d75ddb6db5c0df412842d5ab30b2ef18de471aaec70fe69a46f17b4ae3c7f01d8a4e6580ef7adb9f4273ad1e55 - languageName: node - linkType: hard - -"levn@npm:^0.4.1": - version: 0.4.1 - resolution: "levn@npm:0.4.1" - dependencies: - prelude-ls: ^1.2.1 - type-check: ~0.4.0 - checksum: 12c5021c859bd0f5248561bf139121f0358285ec545ebf48bb3d346820d5c61a4309535c7f387ed7d84361cf821e124ce346c6b7cef8ee09a67c1473b46d0fc4 - languageName: node - linkType: hard - -"levn@npm:~0.3.0": - version: 0.3.0 - resolution: "levn@npm:0.3.0" - dependencies: - prelude-ls: ~1.1.2 - type-check: ~0.3.2 - checksum: 0d084a524231a8246bb10fec48cdbb35282099f6954838604f3c7fc66f2e16fa66fd9cc2f3f20a541a113c4dafdf181e822c887c8a319c9195444e6c64ac395e - languageName: node - linkType: hard - -"libnpmaccess@npm:^6.0.2": - version: 6.0.3 - resolution: "libnpmaccess@npm:6.0.3" - dependencies: - aproba: ^2.0.0 - minipass: ^3.1.1 - npm-package-arg: ^9.0.1 - npm-registry-fetch: ^13.0.0 - checksum: 4a437390d52bd5e6145164210cfab4cdbc824c4f4a62e11cf186cad9c159a7c8f0c1b6e37346db1cc675bcdf1508e92ed64d47ac1a9bcf838a670bb4741a50c9 - languageName: node - linkType: hard - -"libnpmdiff@npm:^4.0.2": - version: 4.0.3 - resolution: "libnpmdiff@npm:4.0.3" - dependencies: - "@npmcli/disparity-colors": ^2.0.0 - "@npmcli/installed-package-contents": ^1.0.7 - binary-extensions: ^2.2.0 - diff: ^5.0.0 - minimatch: ^5.0.1 - npm-package-arg: ^9.0.1 - pacote: ^13.0.5 - tar: ^6.1.0 - checksum: 415a8d40f2d746b1d66f155f818b5581c510d975201250f6d1e4d94888905a660b513a87ca01a59994b5afa78a1def4ebbfce35542b992927cdbfc286fe5b6ae - languageName: node - linkType: hard - -"libnpmexec@npm:^4.0.2": - version: 4.0.5 - resolution: "libnpmexec@npm:4.0.5" - dependencies: - "@npmcli/arborist": ^5.0.0 - "@npmcli/ci-detect": ^2.0.0 - "@npmcli/run-script": ^3.0.0 - chalk: ^4.1.0 - mkdirp-infer-owner: ^2.0.0 - npm-package-arg: ^9.0.1 - npmlog: ^6.0.2 - pacote: ^13.0.5 - proc-log: ^2.0.0 - read: ^1.0.7 - read-package-json-fast: ^2.0.2 - walk-up-path: ^1.0.0 - checksum: 46c248211a7a3534e1e9a3eaac5fab9d8ecc59828508f04eec8862a02d281d72e47bd8102b18e06526b1bed3905759640b410cda9a56321a0a8e04a69824766f - languageName: node - linkType: hard - -"libnpmfund@npm:^3.0.1": - version: 3.0.2 - resolution: "libnpmfund@npm:3.0.2" - dependencies: - "@npmcli/arborist": ^5.0.0 - checksum: 9c25bed2c5207007a509f0dff97d6d9712c0648b58bb96617b652e6803d14252203751a83298c257446e8e7b58556c9b519b5b0d5ac9a6d29453576aeb9ee20e - languageName: node - linkType: hard - -"libnpmhook@npm:^8.0.2": - version: 8.0.3 - resolution: "libnpmhook@npm:8.0.3" - dependencies: - aproba: ^2.0.0 - npm-registry-fetch: ^13.0.0 - checksum: 99d031d102d62a78672a94965208c2716a0b1d9ca413f7f45dc55b571f6b77f8ac293810fd8dd3445a6196c92a2219095f85ce430bb82c5ce200e7e0e1a83064 - languageName: node - linkType: hard - -"libnpmorg@npm:^4.0.2": - version: 4.0.3 - resolution: "libnpmorg@npm:4.0.3" - dependencies: - aproba: ^2.0.0 - npm-registry-fetch: ^13.0.0 - checksum: 6b54c8f8216b0d98dda2fdedd8a38fbe36f5f98da94c3613efc00789bfce334b2996037f0a0839af37d5d2dc52378ca8fdae5dee932202d8d2235d05b4563861 - languageName: node - linkType: hard - -"libnpmpack@npm:^4.0.2": - version: 4.0.3 - resolution: "libnpmpack@npm:4.0.3" - dependencies: - "@npmcli/run-script": ^3.0.0 - npm-package-arg: ^9.0.1 - pacote: ^13.0.5 - checksum: 41fdc65e2cf78a85f32bf4ef18de7941827a668c9865d59d02dbb4508d5c0e27bc0c1c59f450f9c7e1297c42ea902713f4b4697837fcf5ed002f04056a224bff - languageName: node - linkType: hard - -"libnpmpublish@npm:^6.0.2": - version: 6.0.4 - resolution: "libnpmpublish@npm:6.0.4" - dependencies: - normalize-package-data: ^4.0.0 - npm-package-arg: ^9.0.1 - npm-registry-fetch: ^13.0.0 - semver: ^7.3.7 - ssri: ^9.0.0 - checksum: d653e0d9be0b01011c020f8252f480ca68105b56fde575a6c4fda650f6b5ff33a51fda43897ba817d2955579cc096910561e60e26628c59f5ac2d031157551d1 - languageName: node - linkType: hard - -"libnpmsearch@npm:^5.0.2": - version: 5.0.3 - resolution: "libnpmsearch@npm:5.0.3" - dependencies: - npm-registry-fetch: ^13.0.0 - checksum: c346d1656bfa46c52e25d71d44d2127961c1dd87d1cc99eabffcd4d6593fbd59071047bb0d28323f914387e3ccf9a8ed8e249f8ca563a2e70d3c5be954707442 - languageName: node - linkType: hard - -"libnpmteam@npm:^4.0.2": - version: 4.0.3 - resolution: "libnpmteam@npm:4.0.3" - dependencies: - aproba: ^2.0.0 - npm-registry-fetch: ^13.0.0 - checksum: 0c2a1fd55ade169d0d623cacfbd01fc420fb37cd157947eeda8a2be5affbff71069912c04a896c4a69569e23c16b0aa101a6cbaf4b07264514519cb7061569fb - languageName: node - linkType: hard - -"libnpmversion@npm:^3.0.1": - version: 3.0.4 - resolution: "libnpmversion@npm:3.0.4" - dependencies: - "@npmcli/git": ^3.0.0 - "@npmcli/run-script": ^3.0.0 - json-parse-even-better-errors: ^2.3.1 - proc-log: ^2.0.0 - semver: ^7.3.7 - checksum: ac0820826ffb1efec4e34813b9f567975b9a580b788ddcfd13e45b42468612001b61bc411b789b0fc611d4d9e61d0a4083b38660342a4fd4a85e3cc7f37054ac - languageName: node - linkType: hard - -"lines-and-columns@npm:^1.1.6": - version: 1.2.4 - resolution: "lines-and-columns@npm:1.2.4" - checksum: 0c37f9f7fa212b38912b7145e1cd16a5f3cd34d782441c3e6ca653485d326f58b3caccda66efce1c5812bde4961bbde3374fae4b0d11bf1226152337f3894aa5 - languageName: node - linkType: hard - -"load-json-file@npm:^4.0.0": - version: 4.0.0 - resolution: "load-json-file@npm:4.0.0" - dependencies: - graceful-fs: ^4.1.2 - parse-json: ^4.0.0 - pify: ^3.0.0 - strip-bom: ^3.0.0 - checksum: 8f5d6d93ba64a9620445ee9bde4d98b1eac32cf6c8c2d20d44abfa41a6945e7969456ab5f1ca2fb06ee32e206c9769a20eec7002fe290de462e8c884b6b8b356 - languageName: node - linkType: hard - -"locate-path@npm:^2.0.0": - version: 2.0.0 - resolution: "locate-path@npm:2.0.0" - dependencies: - p-locate: ^2.0.0 - path-exists: ^3.0.0 - checksum: 02d581edbbbb0fa292e28d96b7de36b5b62c2fa8b5a7e82638ebb33afa74284acf022d3b1e9ae10e3ffb7658fbc49163fcd5e76e7d1baaa7801c3e05a81da755 - languageName: node - linkType: hard - -"locate-path@npm:^5.0.0": - version: 5.0.0 - resolution: "locate-path@npm:5.0.0" - dependencies: - p-locate: ^4.1.0 - checksum: 83e51725e67517287d73e1ded92b28602e3ae5580b301fe54bfb76c0c723e3f285b19252e375712316774cf52006cb236aed5704692c32db0d5d089b69696e30 - languageName: node - linkType: hard - -"locate-path@npm:^6.0.0": - version: 6.0.0 - resolution: "locate-path@npm:6.0.0" - dependencies: - p-locate: ^5.0.0 - checksum: 72eb661788a0368c099a184c59d2fee760b3831c9c1c33955e8a19ae4a21b4116e53fa736dc086cdeb9fce9f7cc508f2f92d2d3aae516f133e16a2bb59a39f5a - languageName: node - linkType: hard - -"lodash-es@npm:^4.17.21": - version: 4.17.21 - resolution: "lodash-es@npm:4.17.21" - checksum: 05cbffad6e2adbb331a4e16fbd826e7faee403a1a04873b82b42c0f22090f280839f85b95393f487c1303c8a3d2a010048bf06151a6cbe03eee4d388fb0a12d2 - languageName: node - linkType: hard - -"lodash.capitalize@npm:^4.2.1": - version: 4.2.1 - resolution: "lodash.capitalize@npm:4.2.1" - checksum: d9195f31d48c105206f1099946d8bbc8ab71435bc1c8708296992a31a992bb901baf120fdcadd773098ac96e62a79e6b023ee7d26a2deb0d6c6aada930e6ad0a - languageName: node - linkType: hard - -"lodash.escaperegexp@npm:^4.1.2": - version: 4.1.2 - resolution: "lodash.escaperegexp@npm:4.1.2" - checksum: 6d99452b1cfd6073175a9b741a9b09ece159eac463f86f02ea3bee2e2092923fce812c8d2bf446309cc52d1d61bf9af51c8118b0d7421388e6cead7bd3798f0f - languageName: node - linkType: hard - -"lodash.ismatch@npm:^4.4.0": - version: 4.4.0 - resolution: "lodash.ismatch@npm:4.4.0" - checksum: a393917578842705c7fc1a30fb80613d1ac42d20b67eb26a2a6004d6d61ee90b419f9eb320508ddcd608e328d91eeaa2651411727eaa9a12534ed6ccb02fc705 - languageName: node - linkType: hard - -"lodash.isplainobject@npm:^4.0.6": - version: 4.0.6 - resolution: "lodash.isplainobject@npm:4.0.6" - checksum: 29c6351f281e0d9a1d58f1a4c8f4400924b4c79f18dfc4613624d7d54784df07efaff97c1ff2659f3e085ecf4fff493300adc4837553104cef2634110b0d5337 - languageName: node - linkType: hard - -"lodash.isstring@npm:^4.0.1": - version: 4.0.1 - resolution: "lodash.isstring@npm:4.0.1" - checksum: eaac87ae9636848af08021083d796e2eea3d02e80082ab8a9955309569cb3a463ce97fd281d7dc119e402b2e7d8c54a23914b15d2fc7fff56461511dc8937ba0 - languageName: node - linkType: hard - -"lodash.memoize@npm:4.x": - version: 4.1.2 - resolution: "lodash.memoize@npm:4.1.2" - checksum: 9ff3942feeccffa4f1fafa88d32f0d24fdc62fd15ded5a74a5f950ff5f0c6f61916157246744c620173dddf38d37095a92327d5fd3861e2063e736a5c207d089 - languageName: node - linkType: hard - -"lodash.merge@npm:^4.6.2": - version: 4.6.2 - resolution: "lodash.merge@npm:4.6.2" - checksum: ad580b4bdbb7ca1f7abf7e1bce63a9a0b98e370cf40194b03380a46b4ed799c9573029599caebc1b14e3f24b111aef72b96674a56cfa105e0f5ac70546cdc005 - languageName: node - linkType: hard - -"lodash.truncate@npm:^4.4.2": - version: 4.4.2 - resolution: "lodash.truncate@npm:4.4.2" - checksum: b463d8a382cfb5f0e71c504dcb6f807a7bd379ff1ea216669aa42c52fc28c54e404bfbd96791aa09e6df0de2c1d7b8f1b7f4b1a61f324d38fe98bc535aeee4f5 - languageName: node - linkType: hard - -"lodash.uniqby@npm:^4.7.0": - version: 4.7.0 - resolution: "lodash.uniqby@npm:4.7.0" - checksum: 659264545a95726d1493123345aad8cbf56e17810fa9a0b029852c6d42bc80517696af09d99b23bef1845d10d95e01b8b4a1da578f22aeba7a30d3e0022a4938 - languageName: node - linkType: hard - -"lodash@npm:^4.17.15, lodash@npm:^4.17.21, lodash@npm:^4.17.4, lodash@npm:^4.7.0": - version: 4.17.21 - resolution: "lodash@npm:4.17.21" - checksum: eb835a2e51d381e561e508ce932ea50a8e5a68f4ebdd771ea240d3048244a8d13658acbd502cd4829768c56f2e16bdd4340b9ea141297d472517b83868e677f7 - languageName: node - linkType: hard - -"log-symbols@npm:^4.1.0": - version: 4.1.0 - resolution: "log-symbols@npm:4.1.0" - dependencies: - chalk: ^4.1.0 - is-unicode-supported: ^0.1.0 - checksum: fce1497b3135a0198803f9f07464165e9eb83ed02ceb2273930a6f8a508951178d8cf4f0378e9d28300a2ed2bc49050995d2bd5f53ab716bb15ac84d58c6ef74 - languageName: node - linkType: hard - -"lowercase-keys@npm:1.0.0": - version: 1.0.0 - resolution: "lowercase-keys@npm:1.0.0" - checksum: 2370110c149967038fd5eb278f9b2d889eb427487c0e7fb417ab2ef4d93bacba1c8f226cf2ef1c2848b3191f37d84167d4342fbee72a1a122086680adecf362b - languageName: node - linkType: hard - -"lowercase-keys@npm:^1.0.0": - version: 1.0.1 - resolution: "lowercase-keys@npm:1.0.1" - checksum: 4d045026595936e09953e3867722e309415ff2c80d7701d067546d75ef698dac218a4f53c6d1d0e7368b47e45fd7529df47e6cb56fbb90523ba599f898b3d147 - languageName: node - linkType: hard - -"lru-cache@npm:^4.0.1": - version: 4.1.5 - resolution: "lru-cache@npm:4.1.5" - dependencies: - pseudomap: ^1.0.2 - yallist: ^2.1.2 - checksum: 4bb4b58a36cd7dc4dcec74cbe6a8f766a38b7426f1ff59d4cf7d82a2aa9b9565cd1cb98f6ff60ce5cd174524868d7bc9b7b1c294371851356066ca9ac4cf135a - languageName: node - linkType: hard - -"lru-cache@npm:^6.0.0": - version: 6.0.0 - resolution: "lru-cache@npm:6.0.0" - dependencies: - yallist: ^4.0.0 - checksum: f97f499f898f23e4585742138a22f22526254fdba6d75d41a1c2526b3b6cc5747ef59c5612ba7375f42aca4f8461950e925ba08c991ead0651b4918b7c978297 - languageName: node - linkType: hard - -"lru-cache@npm:^7.4.4, lru-cache@npm:^7.5.1, lru-cache@npm:^7.7.1": - version: 7.9.0 - resolution: "lru-cache@npm:7.9.0" - checksum: c91a293a103d11ea4f07de4122ba4f73d8203d0de51852fb612b1764296aebf623a3e11dddef1b3aefdc8d71af97d52b222dad5459dcb967713bbab9a19fed7d - languageName: node - linkType: hard - -"make-dir@npm:^1.0.0": - version: 1.3.0 - resolution: "make-dir@npm:1.3.0" - dependencies: - pify: ^3.0.0 - checksum: c564f6e7bb5ace1c02ad56b3a5f5e07d074af0c0b693c55c7b2c2b148882827c8c2afc7b57e43338a9f90c125b58d604e8cf3e6990a48bf949dfea8c79668c0b - languageName: node - linkType: hard - -"make-dir@npm:^2.1.0": - version: 2.1.0 - resolution: "make-dir@npm:2.1.0" - dependencies: - pify: ^4.0.1 - semver: ^5.6.0 - checksum: 043548886bfaf1820323c6a2997e6d2fa51ccc2586ac14e6f14634f7458b4db2daf15f8c310e2a0abd3e0cddc64df1890d8fc7263033602c47bb12cbfcf86aab - languageName: node - linkType: hard - -"make-dir@npm:^3.0.0": - version: 3.1.0 - resolution: "make-dir@npm:3.1.0" - dependencies: - semver: ^6.0.0 - checksum: 484200020ab5a1fdf12f393fe5f385fc8e4378824c940fba1729dcd198ae4ff24867bc7a5646331e50cead8abff5d9270c456314386e629acec6dff4b8016b78 - languageName: node - linkType: hard - -"make-error@npm:1.x": - version: 1.3.6 - resolution: "make-error@npm:1.3.6" - checksum: b86e5e0e25f7f777b77fabd8e2cbf15737972869d852a22b7e73c17623928fccb826d8e46b9951501d3f20e51ad74ba8c59ed584f610526a48f8ccf88aaec402 - languageName: node - linkType: hard - -"make-fetch-happen@npm:^10.0.3, make-fetch-happen@npm:^10.0.6": - version: 10.1.3 - resolution: "make-fetch-happen@npm:10.1.3" - dependencies: - agentkeepalive: ^4.2.1 - cacache: ^16.0.2 - http-cache-semantics: ^4.1.0 - http-proxy-agent: ^5.0.0 - https-proxy-agent: ^5.0.0 - is-lambda: ^1.0.1 - lru-cache: ^7.7.1 - minipass: ^3.1.6 - minipass-collect: ^1.0.2 - minipass-fetch: ^2.0.3 - minipass-flush: ^1.0.5 - minipass-pipeline: ^1.2.4 - negotiator: ^0.6.3 - promise-retry: ^2.0.1 - socks-proxy-agent: ^6.1.1 - ssri: ^9.0.0 - checksum: 14b9bc5fb65a1a1f53b4579c947d1ebdb18db71eb0b35a2eab612e9642a14127917528fe4ffb2c37aaa0d27dfd7507e4044e6e2e47b43985e8fa18722f535b8f - languageName: node - linkType: hard - -"makeerror@npm:1.0.12": - version: 1.0.12 - resolution: "makeerror@npm:1.0.12" - dependencies: - tmpl: 1.0.5 - checksum: b38a025a12c8146d6eeea5a7f2bf27d51d8ad6064da8ca9405fcf7bf9b54acd43e3b30ddd7abb9b1bfa4ddb266019133313482570ddb207de568f71ecfcf6060 - languageName: node - linkType: hard - -"map-cache@npm:^0.2.2": - version: 0.2.2 - resolution: "map-cache@npm:0.2.2" - checksum: 3067cea54285c43848bb4539f978a15dedc63c03022abeec6ef05c8cb6829f920f13b94bcaf04142fc6a088318e564c4785704072910d120d55dbc2e0c421969 - languageName: node - linkType: hard - -"map-obj@npm:^1.0.0": - version: 1.0.1 - resolution: "map-obj@npm:1.0.1" - checksum: 9949e7baec2a336e63b8d4dc71018c117c3ce6e39d2451ccbfd3b8350c547c4f6af331a4cbe1c83193d7c6b786082b6256bde843db90cb7da2a21e8fcc28afed - languageName: node - linkType: hard - -"map-obj@npm:^4.0.0, map-obj@npm:^4.1.0": - version: 4.3.0 - resolution: "map-obj@npm:4.3.0" - checksum: fbc554934d1a27a1910e842bc87b177b1a556609dd803747c85ece420692380827c6ae94a95cce4407c054fa0964be3bf8226f7f2cb2e9eeee432c7c1985684e - languageName: node - linkType: hard - -"map-visit@npm:^1.0.0": - version: 1.0.0 - resolution: "map-visit@npm:1.0.0" - dependencies: - object-visit: ^1.0.0 - checksum: c27045a5021c344fc19b9132eb30313e441863b2951029f8f8b66f79d3d8c1e7e5091578075a996f74e417479506fe9ede28c44ca7bc351a61c9d8073daec36a - languageName: node - linkType: hard - -"marked-terminal@npm:^5.0.0": - version: 5.1.1 - resolution: "marked-terminal@npm:5.1.1" - dependencies: - ansi-escapes: ^5.0.0 - cardinal: ^2.1.1 - chalk: ^5.0.0 - cli-table3: ^0.6.1 - node-emoji: ^1.11.0 - supports-hyperlinks: ^2.2.0 - peerDependencies: - marked: ^1.0.0 || ^2.0.0 || ^3.0.0 || ^4.0.0 - checksum: 24ceb02ebd10e9c6c2fac2240a2cc019093c95029732779ea41ba7a81c45867e956d1f6f1ae7426d5247ab5185b9cdaea31a9663e4d624c17335660fa9474c3d - languageName: node - linkType: hard - -"marked@npm:^4.0.10": - version: 4.0.12 - resolution: "marked@npm:4.0.12" - bin: - marked: bin/marked.js - checksum: 7575117f85a8986652f3ac8b8a7b95056c4c5fce01a1fc76dc4c7960412cb4c9bd9da8133487159b6b3ff84f52b543dfe9a36f826a5f358892b5ec4b6824f192 - languageName: node - linkType: hard - -"math-random@npm:^1.0.1": - version: 1.0.4 - resolution: "math-random@npm:1.0.4" - checksum: 9edf31ea337bba21994eb968218fd571d55fce86b51661158d8e241886b73121d9e1a35a5bb8997dba8ce67417a83c8dbd0811917248f886840035b7f1c667b9 - languageName: node - linkType: hard - -"meow@npm:^10.1.2": - version: 10.1.2 - resolution: "meow@npm:10.1.2" - dependencies: - "@types/minimist": ^1.2.2 - camelcase-keys: ^7.0.0 - decamelize: ^5.0.0 - decamelize-keys: ^1.1.0 - hard-rejection: ^2.1.0 - minimist-options: 4.1.0 - normalize-package-data: ^3.0.2 - read-pkg-up: ^8.0.0 - redent: ^4.0.0 - trim-newlines: ^4.0.2 - type-fest: ^1.2.2 - yargs-parser: ^20.2.9 - checksum: 1ea19df7d6d5b160219d928937db247092ed2deada71923558487ce2d06b215b1bc8378e8bc28c9784dcdc4089b186e1a1409193d533b7f4764827f087370bda - languageName: node - linkType: hard - -"meow@npm:^8.0.0": - version: 8.1.2 - resolution: "meow@npm:8.1.2" - dependencies: - "@types/minimist": ^1.2.0 - camelcase-keys: ^6.2.2 - decamelize-keys: ^1.1.0 - hard-rejection: ^2.1.0 - minimist-options: 4.1.0 - normalize-package-data: ^3.0.0 - read-pkg-up: ^7.0.1 - redent: ^3.0.0 - trim-newlines: ^3.0.0 - type-fest: ^0.18.0 - yargs-parser: ^20.2.3 - checksum: bc23bf1b4423ef6a821dff9734406bce4b91ea257e7f10a8b7f896f45b59649f07adc0926e2917eacd8cf1df9e4cd89c77623cf63dfd0f8bf54de07a32ee5a85 - languageName: node - linkType: hard - -"merge-stream@npm:^2.0.0": - version: 2.0.0 - resolution: "merge-stream@npm:2.0.0" - checksum: 6fa4dcc8d86629705cea944a4b88ef4cb0e07656ebf223fa287443256414283dd25d91c1cd84c77987f2aec5927af1a9db6085757cb43d90eb170ebf4b47f4f4 - languageName: node - linkType: hard - -"merge2@npm:^1.3.0, merge2@npm:^1.4.1": - version: 1.4.1 - resolution: "merge2@npm:1.4.1" - checksum: 7268db63ed5169466540b6fb947aec313200bcf6d40c5ab722c22e242f651994619bcd85601602972d3c85bd2cc45a358a4c61937e9f11a061919a1da569b0c2 - languageName: node - linkType: hard - -"micromatch@npm:^2.1.5": - version: 2.3.11 - resolution: "micromatch@npm:2.3.11" - dependencies: - arr-diff: ^2.0.0 - array-unique: ^0.2.1 - braces: ^1.8.2 - expand-brackets: ^0.1.4 - extglob: ^0.3.1 - filename-regex: ^2.0.0 - is-extglob: ^1.0.0 - is-glob: ^2.0.1 - kind-of: ^3.0.2 - normalize-path: ^2.0.1 - object.omit: ^2.0.0 - parse-glob: ^3.0.4 - regex-cache: ^0.4.2 - checksum: 562681808a3149c77ba90947cb8cf1874ea6d07da6fa86416a4f9454f847fb6329aea5234e1af060d9465d9bb14eaaf4bc6c482bf24bc561649042f2b81d3092 - languageName: node - linkType: hard - -"micromatch@npm:^3.1.10": - version: 3.1.10 - resolution: "micromatch@npm:3.1.10" - dependencies: - arr-diff: ^4.0.0 - array-unique: ^0.3.2 - braces: ^2.3.1 - define-property: ^2.0.2 - extend-shallow: ^3.0.2 - extglob: ^2.0.4 - fragment-cache: ^0.2.1 - kind-of: ^6.0.2 - nanomatch: ^1.2.9 - object.pick: ^1.3.0 - regex-not: ^1.0.0 - snapdragon: ^0.8.1 - to-regex: ^3.0.2 - checksum: ad226cba4daa95b4eaf47b2ca331c8d2e038d7b41ae7ed0697cde27f3f1d6142881ab03d4da51b65d9d315eceb5e4cdddb3fbb55f5f72cfa19cf3ea469d054dc - languageName: node - linkType: hard - -"micromatch@npm:^4.0.0, micromatch@npm:^4.0.2, micromatch@npm:^4.0.4": - version: 4.0.4 - resolution: "micromatch@npm:4.0.4" - dependencies: - braces: ^3.0.1 - picomatch: ^2.2.3 - checksum: ef3d1c88e79e0a68b0e94a03137676f3324ac18a908c245a9e5936f838079fcc108ac7170a5fadc265a9c2596963462e402841406bda1a4bb7b68805601d631c - languageName: node - linkType: hard - -"mime-db@npm:1.51.0, mime-db@npm:^1.28.0": - version: 1.51.0 - resolution: "mime-db@npm:1.51.0" - checksum: 613b1ac9d6e725cc24444600b124a7f1ce6c60b1baa654f39a3e260d0995a6dffc5693190217e271af7e2a5612dae19f2a73f3e316707d797a7391165f7ef423 - languageName: node - linkType: hard - -"mime-types@npm:^2.1.12": - version: 2.1.34 - resolution: "mime-types@npm:2.1.34" - dependencies: - mime-db: 1.51.0 - checksum: 67013de9e9d6799bde6d669d18785b7e18bcd212e710d3e04a4727f92f67a8ad4e74aee24be28b685adb794944814bde649119b58ee3282ffdbee58f9278d9f3 - languageName: node - linkType: hard - -"mime@npm:^3.0.0": - version: 3.0.0 - resolution: "mime@npm:3.0.0" - bin: - mime: cli.js - checksum: f43f9b7bfa64534e6b05bd6062961681aeb406a5b53673b53b683f27fcc4e739989941836a355eef831f4478923651ecc739f4a5f6e20a76487b432bfd4db928 - languageName: node - linkType: hard - -"mimic-fn@npm:^2.1.0": - version: 2.1.0 - resolution: "mimic-fn@npm:2.1.0" - checksum: d2421a3444848ce7f84bd49115ddacff29c15745db73f54041edc906c14b131a38d05298dae3081667627a59b2eb1ca4b436ff2e1b80f69679522410418b478a - languageName: node - linkType: hard - -"mimic-fn@npm:^4.0.0": - version: 4.0.0 - resolution: "mimic-fn@npm:4.0.0" - checksum: 995dcece15ee29aa16e188de6633d43a3db4611bcf93620e7e62109ec41c79c0f34277165b8ce5e361205049766e371851264c21ac64ca35499acb5421c2ba56 - languageName: node - linkType: hard - -"mimic-response@npm:^1.0.0": - version: 1.0.1 - resolution: "mimic-response@npm:1.0.1" - checksum: 034c78753b0e622bc03c983663b1cdf66d03861050e0c8606563d149bc2b02d63f62ce4d32be4ab50d0553ae0ffe647fc34d1f5281184c6e1e8cf4d85e8d9823 - languageName: node - linkType: hard - -"min-indent@npm:^1.0.0, min-indent@npm:^1.0.1": - version: 1.0.1 - resolution: "min-indent@npm:1.0.1" - checksum: bfc6dd03c5eaf623a4963ebd94d087f6f4bbbfd8c41329a7f09706b0cb66969c4ddd336abeb587bc44bc6f08e13bf90f0b374f9d71f9f01e04adc2cd6f083ef1 - languageName: node - linkType: hard - -"minimatch@npm:^3.0.2, minimatch@npm:^3.0.4": - version: 3.0.4 - resolution: "minimatch@npm:3.0.4" - dependencies: - brace-expansion: ^1.1.7 - checksum: 66ac295f8a7b59788000ea3749938b0970344c841750abd96694f80269b926ebcafad3deeb3f1da2522978b119e6ae3a5869b63b13a7859a456b3408bd18a078 - languageName: node - linkType: hard - -"minimatch@npm:^5.0.1": - version: 5.0.1 - resolution: "minimatch@npm:5.0.1" - dependencies: - brace-expansion: ^2.0.1 - checksum: b34b98463da4754bc526b244d680c69d4d6089451ebe512edaf6dd9eeed0279399cfa3edb19233513b8f830bf4bfcad911dddcdf125e75074100d52f724774f0 - languageName: node - linkType: hard - -"minimist-options@npm:4.1.0": - version: 4.1.0 - resolution: "minimist-options@npm:4.1.0" - dependencies: - arrify: ^1.0.1 - is-plain-obj: ^1.1.0 - kind-of: ^6.0.3 - checksum: 8c040b3068811e79de1140ca2b708d3e203c8003eb9a414c1ab3cd467fc5f17c9ca02a5aef23bedc51a7f8bfbe77f87e9a7e31ec81fba304cda675b019496f4e - languageName: node - linkType: hard - -"minimist@npm:^1.1.0, minimist@npm:^1.2.0, minimist@npm:^1.2.3, minimist@npm:^1.2.5": - version: 1.2.5 - resolution: "minimist@npm:1.2.5" - checksum: 86706ce5b36c16bfc35c5fe3dbb01d5acdc9a22f2b6cc810b6680656a1d2c0e44a0159c9a3ba51fb072bb5c203e49e10b51dcd0eec39c481f4c42086719bae52 - languageName: node - linkType: hard - -"minipass-collect@npm:^1.0.2": - version: 1.0.2 - resolution: "minipass-collect@npm:1.0.2" - dependencies: - minipass: ^3.0.0 - checksum: 14df761028f3e47293aee72888f2657695ec66bd7d09cae7ad558da30415fdc4752bbfee66287dcc6fd5e6a2fa3466d6c484dc1cbd986525d9393b9523d97f10 - languageName: node - linkType: hard - -"minipass-fetch@npm:^2.0.3": - version: 2.1.0 - resolution: "minipass-fetch@npm:2.1.0" - dependencies: - encoding: ^0.1.13 - minipass: ^3.1.6 - minipass-sized: ^1.0.3 - minizlib: ^2.1.2 - dependenciesMeta: - encoding: - optional: true - checksum: 1334732859a3f7959ed22589bafd9c40384b885aebb5932328071c33f86b3eb181d54c86919675d1825ab5f1c8e4f328878c863873258d113c29d79a4b0c9c9f - languageName: node - linkType: hard - -"minipass-flush@npm:^1.0.5": - version: 1.0.5 - resolution: "minipass-flush@npm:1.0.5" - dependencies: - minipass: ^3.0.0 - checksum: 56269a0b22bad756a08a94b1ffc36b7c9c5de0735a4dd1ab2b06c066d795cfd1f0ac44a0fcae13eece5589b908ecddc867f04c745c7009be0b566421ea0944cf - languageName: node - linkType: hard - -"minipass-json-stream@npm:^1.0.1": - version: 1.0.1 - resolution: "minipass-json-stream@npm:1.0.1" - dependencies: - jsonparse: ^1.3.1 - minipass: ^3.0.0 - checksum: 791b696a27d1074c4c08dab1bf5a9f3201145c2933e428f45d880467bce12c60de4703203d2928de4b162d0ae77b0bb4b55f96cb846645800aa0eb4919b3e796 - languageName: node - linkType: hard - -"minipass-pipeline@npm:^1.2.4": - version: 1.2.4 - resolution: "minipass-pipeline@npm:1.2.4" - dependencies: - minipass: ^3.0.0 - checksum: b14240dac0d29823c3d5911c286069e36d0b81173d7bdf07a7e4a91ecdef92cdff4baaf31ea3746f1c61e0957f652e641223970870e2353593f382112257971b - languageName: node - linkType: hard - -"minipass-sized@npm:^1.0.3": - version: 1.0.3 - resolution: "minipass-sized@npm:1.0.3" - dependencies: - minipass: ^3.0.0 - checksum: 79076749fcacf21b5d16dd596d32c3b6bf4d6e62abb43868fac21674078505c8b15eaca4e47ed844985a4514854f917d78f588fcd029693709417d8f98b2bd60 - languageName: node - linkType: hard - -"minipass@npm:^3.0.0, minipass@npm:^3.1.1, minipass@npm:^3.1.6": - version: 3.1.6 - resolution: "minipass@npm:3.1.6" - dependencies: - yallist: ^4.0.0 - checksum: 57a04041413a3531a65062452cb5175f93383ef245d6f4a2961d34386eb9aa8ac11ac7f16f791f5e8bbaf1dfb1ef01596870c88e8822215db57aa591a5bb0a77 - languageName: node - linkType: hard - -"minizlib@npm:^2.1.1, minizlib@npm:^2.1.2": - version: 2.1.2 - resolution: "minizlib@npm:2.1.2" - dependencies: - minipass: ^3.0.0 - yallist: ^4.0.0 - checksum: f1fdeac0b07cf8f30fcf12f4b586795b97be856edea22b5e9072707be51fc95d41487faec3f265b42973a304fe3a64acd91a44a3826a963e37b37bafde0212c3 - languageName: node - linkType: hard - -"mixin-deep@npm:^1.2.0": - version: 1.3.2 - resolution: "mixin-deep@npm:1.3.2" - dependencies: - for-in: ^1.0.2 - is-extendable: ^1.0.1 - checksum: 820d5a51fcb7479f2926b97f2c3bb223546bc915e6b3a3eb5d906dda871bba569863595424a76682f2b15718252954644f3891437cb7e3f220949bed54b1750d - languageName: node - linkType: hard - -"mkdirp-infer-owner@npm:^2.0.0": - version: 2.0.0 - resolution: "mkdirp-infer-owner@npm:2.0.0" - dependencies: - chownr: ^2.0.0 - infer-owner: ^1.0.4 - mkdirp: ^1.0.3 - checksum: d8f4ecd32f6762459d6b5714eae6487c67ae9734ab14e26d14377ddd9b2a1bf868d8baa18c0f3e73d3d513f53ec7a698e0f81a9367102c870a55bef7833880f7 - languageName: node - linkType: hard - -"mkdirp@npm:^0.5.1": - version: 0.5.5 - resolution: "mkdirp@npm:0.5.5" - dependencies: - minimist: ^1.2.5 - bin: - mkdirp: bin/cmd.js - checksum: 3bce20ea525f9477befe458ab85284b0b66c8dc3812f94155af07c827175948cdd8114852ac6c6d82009b13c1048c37f6d98743eb019651ee25c39acc8aabe7d - languageName: node - linkType: hard - -"mkdirp@npm:^1.0.3, mkdirp@npm:^1.0.4": - version: 1.0.4 - resolution: "mkdirp@npm:1.0.4" - bin: - mkdirp: bin/cmd.js - checksum: a96865108c6c3b1b8e1d5e9f11843de1e077e57737602de1b82030815f311be11f96f09cce59bd5b903d0b29834733e5313f9301e3ed6d6f6fba2eae0df4298f - languageName: node - linkType: hard - -"modify-values@npm:^1.0.0": - version: 1.0.1 - resolution: "modify-values@npm:1.0.1" - checksum: 8296610c608bc97b03c2cf889c6cdf4517e32fa2d836440096374c2209f6b7b3e256c209493a0b32584b9cb32d528e99d0dd19dcd9a14d2d915a312d391cc7e9 - languageName: node - linkType: hard - -"ms@npm:2.0.0": - version: 2.0.0 - resolution: "ms@npm:2.0.0" - checksum: 0e6a22b8b746d2e0b65a430519934fefd41b6db0682e3477c10f60c76e947c4c0ad06f63ffdf1d78d335f83edee8c0aa928aa66a36c7cd95b69b26f468d527f4 - languageName: node - linkType: hard - -"ms@npm:2.1.2, ms@npm:^2.1.1": - version: 2.1.2 - resolution: "ms@npm:2.1.2" - checksum: 673cdb2c3133eb050c745908d8ce632ed2c02d85640e2edb3ace856a2266a813b30c613569bf3354fdf4ea7d1a1494add3bfa95e2713baa27d0c2c71fc44f58f - languageName: node - linkType: hard - -"ms@npm:^2.0.0, ms@npm:^2.1.2": - version: 2.1.3 - resolution: "ms@npm:2.1.3" - checksum: aa92de608021b242401676e35cfa5aa42dd70cbdc082b916da7fb925c542173e36bce97ea3e804923fe92c0ad991434e4a38327e15a1b5b5f945d66df615ae6d - languageName: node - linkType: hard - -"mute-stream@npm:0.0.8, mute-stream@npm:~0.0.4": - version: 0.0.8 - resolution: "mute-stream@npm:0.0.8" - checksum: ff48d251fc3f827e5b1206cda0ffdaec885e56057ee86a3155e1951bc940fd5f33531774b1cc8414d7668c10a8907f863f6561875ee6e8768931a62121a531a1 - languageName: node - linkType: hard - -"nan@npm:^2.12.1": - version: 2.15.0 - resolution: "nan@npm:2.15.0" - dependencies: - node-gyp: latest - checksum: 33e1bb4dfca447fe37d4bb5889be55de154828632c8d38646db67293a21afd61ed9909cdf1b886214a64707d935926c4e60e2b09de9edfc2ad58de31d6ce8f39 - languageName: node - linkType: hard - -"nanomatch@npm:^1.2.9": - version: 1.2.13 - resolution: "nanomatch@npm:1.2.13" - dependencies: - arr-diff: ^4.0.0 - array-unique: ^0.3.2 - define-property: ^2.0.2 - extend-shallow: ^3.0.2 - fragment-cache: ^0.2.1 - is-windows: ^1.0.2 - kind-of: ^6.0.2 - object.pick: ^1.3.0 - regex-not: ^1.0.0 - snapdragon: ^0.8.1 - to-regex: ^3.0.1 - checksum: 54d4166d6ef08db41252eb4e96d4109ebcb8029f0374f9db873bd91a1f896c32ec780d2a2ea65c0b2d7caf1f28d5e1ea33746a470f32146ac8bba821d80d38d8 - languageName: node - linkType: hard - -"natural-compare@npm:^1.4.0": - version: 1.4.0 - resolution: "natural-compare@npm:1.4.0" - checksum: 23ad088b08f898fc9b53011d7bb78ec48e79de7627e01ab5518e806033861bef68d5b0cd0e2205c2f36690ac9571ff6bcb05eb777ced2eeda8d4ac5b44592c3d - languageName: node - linkType: hard - -"negotiator@npm:^0.6.3": - version: 0.6.3 - resolution: "negotiator@npm:0.6.3" - checksum: b8ffeb1e262eff7968fc90a2b6767b04cfd9842582a9d0ece0af7049537266e7b2506dfb1d107a32f06dd849ab2aea834d5830f7f4d0e5cb7d36e1ae55d021d9 - languageName: node - linkType: hard - -"neo-async@npm:^2.6.0": - version: 2.6.2 - resolution: "neo-async@npm:2.6.2" - checksum: deac9f8d00eda7b2e5cd1b2549e26e10a0faa70adaa6fdadca701cc55f49ee9018e427f424bac0c790b7c7e2d3068db97f3093f1093975f2acb8f8818b936ed9 - languageName: node - linkType: hard - -"nerf-dart@npm:^1.0.0": - version: 1.0.0 - resolution: "nerf-dart@npm:1.0.0" - checksum: 0e5508d83eae21a6ed0bd32b3a048c849741023811f06efa972800f4ad55eaa8205442e81c406ad051771f232c4ed3d3ee262f6c850bbcad9660f54a6471a4b9 - languageName: node - linkType: hard - -"node-emoji@npm:^1.11.0": - version: 1.11.0 - resolution: "node-emoji@npm:1.11.0" - dependencies: - lodash: ^4.17.21 - checksum: e8c856c04a1645062112a72e59a98b203505ed5111ff84a3a5f40611afa229b578c7d50f1e6a7f17aa62baeea4a640d2e2f61f63afc05423aa267af10977fb2b - languageName: node - linkType: hard - -"node-fetch@npm:^2.6.1": - version: 2.6.6 - resolution: "node-fetch@npm:2.6.6" - dependencies: - whatwg-url: ^5.0.0 - checksum: ee8290626bdb73629c59722b75dcf4b9b6a67c1ed7eb9102e368479c4a13b56a48c2bb3ad71571e378e98c8b2c64c820e11f9cd39e4b8557dd138ad571ef9a42 - languageName: node - linkType: hard - -"node-gyp@npm:^9.0.0, node-gyp@npm:latest": - version: 9.0.0 - resolution: "node-gyp@npm:9.0.0" - dependencies: - env-paths: ^2.2.0 - glob: ^7.1.4 - graceful-fs: ^4.2.6 - make-fetch-happen: ^10.0.3 - nopt: ^5.0.0 - npmlog: ^6.0.0 - rimraf: ^3.0.2 - semver: ^7.3.5 - tar: ^6.1.2 - which: ^2.0.2 - bin: - node-gyp: bin/node-gyp.js - checksum: 4d8ef8860f7e4f4d86c91db3f519d26ed5cc23b48fe54543e2afd86162b4acbd14f21de42a5db344525efb69a991e021b96a68c70c6e2d5f4a5cb770793da6d3 - languageName: node - linkType: hard - -"node-int64@npm:^0.4.0": - version: 0.4.0 - resolution: "node-int64@npm:0.4.0" - checksum: d0b30b1ee6d961851c60d5eaa745d30b5c95d94bc0e74b81e5292f7c42a49e3af87f1eb9e89f59456f80645d679202537de751b7d72e9e40ceea40c5e449057e - languageName: node - linkType: hard - -"node-jq@npm:2.1.0, node-jq@npm:^2.1.0": - version: 2.1.0 - resolution: "node-jq@npm:2.1.0" - dependencies: - "@semantic-release/changelog": ^6.0.1 - "@semantic-release/git": ^10.0.1 - bin-build: ^3.0.0 - download: ^8.0.0 - is-valid-path: ^0.1.1 - joi: ^17.4.0 - strip-eof: ^2.0.0 - strip-final-newline: ^2.0.0 - tempfile: ^3.0.0 - checksum: 335b6a2680bce1cdda97e4fe54a9bf5619367714bcc813449a81c0b9f22fe0ffd946ff8cf6a8f7e1611cc7c12c9552d1907715a87287d79bb4ea2c68b8c713f3 - languageName: node - linkType: hard - -"node-releases@npm:^2.0.1": - version: 2.0.1 - resolution: "node-releases@npm:2.0.1" - checksum: b20dd8d4bced11f75060f0387e05e76b9dc4a0451f7bb3516eade6f50499ea7768ba95d8a60d520c193402df1e58cb3fe301510cc1c1ad68949c3d57b5149866 - languageName: node - linkType: hard - -"nopt@npm:^5.0.0": - version: 5.0.0 - resolution: "nopt@npm:5.0.0" - dependencies: - abbrev: 1 - bin: - nopt: bin/nopt.js - checksum: d35fdec187269503843924e0114c0c6533fb54bbf1620d0f28b4b60ba01712d6687f62565c55cc20a504eff0fbe5c63e22340c3fad549ad40469ffb611b04f2f - languageName: node - linkType: hard - -"normalize-package-data@npm:^2.5.0": - version: 2.5.0 - resolution: "normalize-package-data@npm:2.5.0" - dependencies: - hosted-git-info: ^2.1.4 - resolve: ^1.10.0 - semver: 2 || 3 || 4 || 5 - validate-npm-package-license: ^3.0.1 - checksum: 7999112efc35a6259bc22db460540cae06564aa65d0271e3bdfa86876d08b0e578b7b5b0028ee61b23f1cae9fc0e7847e4edc0948d3068a39a2a82853efc8499 - languageName: node - linkType: hard - -"normalize-package-data@npm:^3.0.0, normalize-package-data@npm:^3.0.2": - version: 3.0.3 - resolution: "normalize-package-data@npm:3.0.3" - dependencies: - hosted-git-info: ^4.0.1 - is-core-module: ^2.5.0 - semver: ^7.3.4 - validate-npm-package-license: ^3.0.1 - checksum: bbcee00339e7c26fdbc760f9b66d429258e2ceca41a5df41f5df06cc7652de8d82e8679ff188ca095cad8eff2b6118d7d866af2b68400f74602fbcbce39c160a - languageName: node - linkType: hard - -"normalize-package-data@npm:^4.0.0": - version: 4.0.0 - resolution: "normalize-package-data@npm:4.0.0" - dependencies: - hosted-git-info: ^5.0.0 - is-core-module: ^2.8.1 - semver: ^7.3.5 - validate-npm-package-license: ^3.0.4 - checksum: b0f47de4295a0f8499bd478e84b9f9592a29f65227c2b4446ae80f7dff6e7a5ec6ef25ea8f06f3dcb9b7b7d945c2daa274385925b3d85e77e34eaffa0b42e316 - languageName: node - linkType: hard - -"normalize-path@npm:^2.0.0, normalize-path@npm:^2.0.1, normalize-path@npm:^2.1.1": - version: 2.1.1 - resolution: "normalize-path@npm:2.1.1" - dependencies: - remove-trailing-separator: ^1.0.1 - checksum: 7e9cbdcf7f5b8da7aa191fbfe33daf290cdcd8c038f422faf1b8a83c972bf7a6d94c5be34c4326cb00fb63bc0fd97d9fbcfaf2e5d6142332c2cd36d2e1b86cea - languageName: node - linkType: hard - -"normalize-path@npm:^3.0.0": - version: 3.0.0 - resolution: "normalize-path@npm:3.0.0" - checksum: 88eeb4da891e10b1318c4b2476b6e2ecbeb5ff97d946815ffea7794c31a89017c70d7f34b3c2ebf23ef4e9fc9fb99f7dffe36da22011b5b5c6ffa34f4873ec20 - languageName: node - linkType: hard - -"normalize-url@npm:2.0.1": - version: 2.0.1 - resolution: "normalize-url@npm:2.0.1" - dependencies: - prepend-http: ^2.0.0 - query-string: ^5.0.1 - sort-keys: ^2.0.0 - checksum: 30e337ee03fc7f360c7d2b966438657fabd2628925cc58bffc893982fe4d2c59b397ae664fa2c319cd83565af73eee88906e80bc5eec91bc32b601920e770d75 - languageName: node - linkType: hard - -"normalize-url@npm:^6.0.0": - version: 6.1.0 - resolution: "normalize-url@npm:6.1.0" - checksum: 4a4944631173e7d521d6b80e4c85ccaeceb2870f315584fa30121f505a6dfd86439c5e3fdd8cd9e0e291290c41d0c3599f0cb12ab356722ed242584c30348e50 - languageName: node - linkType: hard - -"npm-audit-report@npm:^2.1.5": - version: 2.1.5 - resolution: "npm-audit-report@npm:2.1.5" - dependencies: - chalk: ^4.0.0 - checksum: 9199c4331a29b478b7adbafe1bf463943f65cfd840f62ffe9e6263f0ae64d77725ea102126b3892ef3379a6770a6fe11e1f68ab4cb196c0045db2e1aeafc593d - languageName: node - linkType: hard - -"npm-bundled@npm:^1.1.1, npm-bundled@npm:^1.1.2": - version: 1.1.2 - resolution: "npm-bundled@npm:1.1.2" - dependencies: - npm-normalize-package-bin: ^1.0.1 - checksum: 6e599155ef28d0b498622f47f1ba189dfbae05095a1ed17cb3a5babf961e965dd5eab621f0ec6f0a98de774e5836b8f5a5ee639010d64f42850a74acec3d4d09 - languageName: node - linkType: hard - -"npm-conf@npm:^1.1.0": - version: 1.1.3 - resolution: "npm-conf@npm:1.1.3" - dependencies: - config-chain: ^1.1.11 - pify: ^3.0.0 - checksum: 2d4e933b657623d98183ec408d17318547296b1cd17c4d3587e2920c554675f24f829d8f5f7f84db3a020516678fdcd01952ebaaf0e7fa8a17f6c39be4154bef - languageName: node - linkType: hard - -"npm-install-checks@npm:^4.0.0": - version: 4.0.0 - resolution: "npm-install-checks@npm:4.0.0" - dependencies: - semver: ^7.1.1 - checksum: 8308ff48e61e0863d7f148f62543e1f6c832525a7d8002ea742d5e478efa8b29bf65a87f9fb82786e15232e4b3d0362b126c45afdceed4c051c0d3c227dd0ace - languageName: node - linkType: hard - -"npm-install-checks@npm:^5.0.0": - version: 5.0.0 - resolution: "npm-install-checks@npm:5.0.0" - dependencies: - semver: ^7.1.1 - checksum: 0e7d1aae52b1fe9d3a0fd4a008850c7047931722dd49ee908afd13fd0297ac5ddb10964d9c59afcdaaa2ca04b51d75af2788f668c729ae71fec0e4cdac590ffc - languageName: node - linkType: hard - -"npm-normalize-package-bin@npm:^1.0.0, npm-normalize-package-bin@npm:^1.0.1": - version: 1.0.1 - resolution: "npm-normalize-package-bin@npm:1.0.1" - checksum: ae7f15155a1e3ace2653f12ddd1ee8eaa3c84452fdfbf2f1943e1de264e4b079c86645e2c55931a51a0a498cba31f70022a5219d5665fbcb221e99e58bc70122 - languageName: node - linkType: hard - -"npm-package-arg@npm:^9.0.0, npm-package-arg@npm:^9.0.1": - version: 9.0.2 - resolution: "npm-package-arg@npm:9.0.2" - dependencies: - hosted-git-info: ^5.0.0 - semver: ^7.3.5 - validate-npm-package-name: ^4.0.0 - checksum: 07828f330f611214a0aa1e87f402b30b3dc90388671470ad8dc1551f28b0cb886f1f75fa7c37e894a9598640a555c05643642994ecacb9a6c68f655e571968f7 - languageName: node - linkType: hard - -"npm-packlist@npm:^5.0.0": - version: 5.0.3 - resolution: "npm-packlist@npm:5.0.3" - dependencies: - glob: ^8.0.1 - ignore-walk: ^5.0.1 - npm-bundled: ^1.1.2 - npm-normalize-package-bin: ^1.0.1 - bin: - npm-packlist: bin/index.js - checksum: ab8444928518e652e2d4f3de75dd979b695170c9c9c96882c601dfc5f9e47eca6af65a6599cd45f5ea4e77ee66254fd4cc91a6f34ec8cd7754af258cb99fbb61 - languageName: node - linkType: hard - -"npm-pick-manifest@npm:^7.0.0": - version: 7.0.1 - resolution: "npm-pick-manifest@npm:7.0.1" - dependencies: - npm-install-checks: ^5.0.0 - npm-normalize-package-bin: ^1.0.1 - npm-package-arg: ^9.0.0 - semver: ^7.3.5 - checksum: 9a4a8e64d2214783b2b74a361845000f5d91bb40c7858e2a30af2ac7876d9296efc37f8cacf60335e96a45effee2035b033d9bdefb4889757cc60d85959accbb - languageName: node - linkType: hard - -"npm-profile@npm:^6.0.2": - version: 6.0.3 - resolution: "npm-profile@npm:6.0.3" - dependencies: - npm-registry-fetch: ^13.0.1 - proc-log: ^2.0.0 - checksum: d2023c5a15bb70b87fec0144ddfa454af642d34debd49ad561041d7bb8a4a225f162352013096352f4d2f35b59c6b009c0a6f66ba838db8bac02e376fa754e47 - languageName: node - linkType: hard - -"npm-registry-fetch@npm:^13.0.0, npm-registry-fetch@npm:^13.0.1": - version: 13.1.1 - resolution: "npm-registry-fetch@npm:13.1.1" - dependencies: - make-fetch-happen: ^10.0.6 - minipass: ^3.1.6 - minipass-fetch: ^2.0.3 - minipass-json-stream: ^1.0.1 - minizlib: ^2.1.2 - npm-package-arg: ^9.0.1 - proc-log: ^2.0.0 - checksum: e085faf5cdc1cfe9b8f825065a0823531b2a28799d84614b3971e344dde087f9089c0f0220360771a81f110c5444978c6f7309084ff7d7d396252b068148bb44 - languageName: node - linkType: hard - -"npm-run-path@npm:^2.0.0": - version: 2.0.2 - resolution: "npm-run-path@npm:2.0.2" - dependencies: - path-key: ^2.0.0 - checksum: acd5ad81648ba4588ba5a8effb1d98d2b339d31be16826a118d50f182a134ac523172101b82eab1d01cb4c2ba358e857d54cfafd8163a1ffe7bd52100b741125 - languageName: node - linkType: hard - -"npm-run-path@npm:^4.0.1": - version: 4.0.1 - resolution: "npm-run-path@npm:4.0.1" - dependencies: - path-key: ^3.0.0 - checksum: 5374c0cea4b0bbfdfae62da7bbdf1e1558d338335f4cacf2515c282ff358ff27b2ecb91ffa5330a8b14390ac66a1e146e10700440c1ab868208430f56b5f4d23 - languageName: node - linkType: hard - -"npm-run-path@npm:^5.1.0": - version: 5.1.0 - resolution: "npm-run-path@npm:5.1.0" - dependencies: - path-key: ^4.0.0 - checksum: dc184eb5ec239d6a2b990b43236845332ef12f4e0beaa9701de724aa797fe40b6bbd0157fb7639d24d3ab13f5d5cf22d223a19c6300846b8126f335f788bee66 - languageName: node - linkType: hard - -"npm-user-validate@npm:^1.0.1": - version: 1.0.1 - resolution: "npm-user-validate@npm:1.0.1" - checksum: 38ec7eb78a0c001adc220798cd986592e03f6232f171af64c10c28fb5053d058d7f2748d1c42346338fa04fbeb5c0529f704cd5794aed1c33d303d978ac97b77 - languageName: node - linkType: hard - -"npm@npm:^8.3.0": - version: 8.5.5 - resolution: "npm@npm:8.5.5" - dependencies: - "@isaacs/string-locale-compare": ^1.1.0 - "@npmcli/arborist": ^5.0.3 - "@npmcli/ci-detect": ^2.0.0 - "@npmcli/config": ^4.0.1 - "@npmcli/map-workspaces": ^2.0.2 - "@npmcli/package-json": ^1.0.1 - "@npmcli/run-script": ^3.0.1 - abbrev: ~1.1.1 - ansicolors: ~0.3.2 - ansistyles: ~0.1.3 - archy: ~1.0.0 - cacache: ^16.0.2 - chalk: ^4.1.2 - chownr: ^2.0.0 - cli-columns: ^4.0.0 - cli-table3: ^0.6.1 - columnify: ^1.6.0 - fastest-levenshtein: ^1.0.12 - glob: ^7.2.0 - graceful-fs: ^4.2.9 - hosted-git-info: ^5.0.0 - ini: ^2.0.0 - init-package-json: ^3.0.1 - is-cidr: ^4.0.2 - json-parse-even-better-errors: ^2.3.1 - libnpmaccess: ^6.0.2 - libnpmdiff: ^4.0.2 - libnpmexec: ^4.0.2 - libnpmfund: ^3.0.1 - libnpmhook: ^8.0.2 - libnpmorg: ^4.0.2 - libnpmpack: ^4.0.2 - libnpmpublish: ^6.0.2 - libnpmsearch: ^5.0.2 - libnpmteam: ^4.0.2 - libnpmversion: ^3.0.1 - make-fetch-happen: ^10.0.6 - minipass: ^3.1.6 - minipass-pipeline: ^1.2.4 - mkdirp: ^1.0.4 - mkdirp-infer-owner: ^2.0.0 - ms: ^2.1.2 - node-gyp: ^9.0.0 - nopt: ^5.0.0 - npm-audit-report: ^2.1.5 - npm-install-checks: ^4.0.0 - npm-package-arg: ^9.0.1 - npm-pick-manifest: ^7.0.0 - npm-profile: ^6.0.2 - npm-registry-fetch: ^13.0.1 - npm-user-validate: ^1.0.1 - npmlog: ^6.0.1 - opener: ^1.5.2 - pacote: ^13.0.5 - parse-conflict-json: ^2.0.1 - proc-log: ^2.0.0 - qrcode-terminal: ^0.12.0 - read: ~1.0.7 - read-package-json: ^5.0.0 - read-package-json-fast: ^2.0.3 - readdir-scoped-modules: ^1.1.0 - rimraf: ^3.0.2 - semver: ^7.3.5 - ssri: ^8.0.1 - tar: ^6.1.11 - text-table: ~0.2.0 - tiny-relative-date: ^1.3.0 - treeverse: ^1.0.4 - validate-npm-package-name: ~3.0.0 - which: ^2.0.2 - write-file-atomic: ^4.0.1 - bin: - npm: bin/npm-cli.js - npx: bin/npx-cli.js - checksum: f48fbac8c76a0afa709aaeb3ffeb2d6886b88577f6f7f54e91bc0d6169f6ec90f402bbd6ab7e643347970d95d43860f35b0dc0343664222def47cc6042ccf74a - languageName: node - linkType: hard - -"npmlog@npm:^6.0.0, npmlog@npm:^6.0.1, npmlog@npm:^6.0.2": - version: 6.0.2 - resolution: "npmlog@npm:6.0.2" - dependencies: - are-we-there-yet: ^3.0.0 - console-control-strings: ^1.1.0 - gauge: ^4.0.3 - set-blocking: ^2.0.0 - checksum: ae238cd264a1c3f22091cdd9e2b106f684297d3c184f1146984ecbe18aaa86343953f26b9520dedd1b1372bc0316905b736c1932d778dbeb1fcf5a1001390e2a - languageName: node - linkType: hard - -"nwsapi@npm:^2.2.0": - version: 2.2.0 - resolution: "nwsapi@npm:2.2.0" - checksum: 5ef4a9bc0c1a5b7f2e014aa6a4b359a257503b796618ed1ef0eb852098f77e772305bb0e92856e4bbfa3e6c75da48c0113505c76f144555ff38867229c2400a7 - languageName: node - linkType: hard - -"object-assign@npm:^4.0.1, object-assign@npm:^4.1.0": - version: 4.1.1 - resolution: "object-assign@npm:4.1.1" - checksum: fcc6e4ea8c7fe48abfbb552578b1c53e0d194086e2e6bbbf59e0a536381a292f39943c6e9628af05b5528aa5e3318bb30d6b2e53cadaf5b8fe9e12c4b69af23f - languageName: node - linkType: hard - -"object-copy@npm:^0.1.0": - version: 0.1.0 - resolution: "object-copy@npm:0.1.0" - dependencies: - copy-descriptor: ^0.1.0 - define-property: ^0.2.5 - kind-of: ^3.0.3 - checksum: a9e35f07e3a2c882a7e979090360d1a20ab51d1fa19dfdac3aa8873b328a7c4c7683946ee97c824ae40079d848d6740a3788fa14f2185155dab7ed970a72c783 - languageName: node - linkType: hard - -"object-inspect@npm:^1.11.0, object-inspect@npm:^1.9.0": - version: 1.12.0 - resolution: "object-inspect@npm:1.12.0" - checksum: 2b36d4001a9c921c6b342e2965734519c9c58c355822243c3207fbf0aac271f8d44d30d2d570d450b2cc6f0f00b72bcdba515c37827d2560e5f22b1899a31cf4 - languageName: node - linkType: hard - -"object-keys@npm:^1.0.12, object-keys@npm:^1.1.1": - version: 1.1.1 - resolution: "object-keys@npm:1.1.1" - checksum: b363c5e7644b1e1b04aa507e88dcb8e3a2f52b6ffd0ea801e4c7a62d5aa559affe21c55a07fd4b1fd55fc03a33c610d73426664b20032405d7b92a1414c34d6a - languageName: node - linkType: hard - -"object-visit@npm:^1.0.0": - version: 1.0.1 - resolution: "object-visit@npm:1.0.1" - dependencies: - isobject: ^3.0.0 - checksum: b0ee07f5bf3bb881b881ff53b467ebbde2b37ebb38649d6944a6cd7681b32eedd99da9bd1e01c55facf81f54ed06b13af61aba6ad87f0052982995e09333f790 - languageName: node - linkType: hard - -"object.assign@npm:^4.1.2": - version: 4.1.2 - resolution: "object.assign@npm:4.1.2" - dependencies: - call-bind: ^1.0.0 - define-properties: ^1.1.3 - has-symbols: ^1.0.1 - object-keys: ^1.1.1 - checksum: d621d832ed7b16ac74027adb87196804a500d80d9aca536fccb7ba48d33a7e9306a75f94c1d29cbfa324bc091bfc530bc24789568efdaee6a47fcfa298993814 - languageName: node - linkType: hard - -"object.entries@npm:^1.1.2": - version: 1.1.5 - resolution: "object.entries@npm:1.1.5" - dependencies: - call-bind: ^1.0.2 - define-properties: ^1.1.3 - es-abstract: ^1.19.1 - checksum: d658696f74fd222060d8428d2a9fda2ce736b700cb06f6bdf4a16a1892d145afb746f453502b2fa55d1dca8ead6f14ddbcf66c545df45adadea757a6c4cd86c7 - languageName: node - linkType: hard - -"object.omit@npm:^2.0.0": - version: 2.0.1 - resolution: "object.omit@npm:2.0.1" - dependencies: - for-own: ^0.1.4 - is-extendable: ^0.1.1 - checksum: 581de24e16b72388ad294693daef29072943ef8db3da16aaeb580b5ecefacabe58a744893e9d1564e29130d3465c96ba3e13a03fd130d14f3e06525b3176cac4 - languageName: node - linkType: hard - -"object.pick@npm:^1.3.0": - version: 1.3.0 - resolution: "object.pick@npm:1.3.0" - dependencies: - isobject: ^3.0.1 - checksum: 77fb6eed57c67adf75e9901187e37af39f052ef601cb4480386436561357eb9e459e820762f01fd02c5c1b42ece839ad393717a6d1850d848ee11fbabb3e580a - languageName: node - linkType: hard - -"object.values@npm:^1.1.5": - version: 1.1.5 - resolution: "object.values@npm:1.1.5" - dependencies: - call-bind: ^1.0.2 - define-properties: ^1.1.3 - es-abstract: ^1.19.1 - checksum: 0f17e99741ebfbd0fa55ce942f6184743d3070c61bd39221afc929c8422c4907618c8da694c6915bc04a83ab3224260c779ba37fc07bb668bdc5f33b66a902a4 - languageName: node - linkType: hard - -"once@npm:^1.3.0, once@npm:^1.3.1, once@npm:^1.4.0": - version: 1.4.0 - resolution: "once@npm:1.4.0" - dependencies: - wrappy: 1 - checksum: cd0a88501333edd640d95f0d2700fbde6bff20b3d4d9bdc521bdd31af0656b5706570d6c6afe532045a20bb8dc0849f8332d6f2a416e0ba6d3d3b98806c7db68 - languageName: node - linkType: hard - -"onetime@npm:^5.1.0, onetime@npm:^5.1.2": - version: 5.1.2 - resolution: "onetime@npm:5.1.2" - dependencies: - mimic-fn: ^2.1.0 - checksum: 2478859ef817fc5d4e9c2f9e5728512ddd1dbc9fb7829ad263765bb6d3b91ce699d6e2332eef6b7dff183c2f490bd3349f1666427eaba4469fba0ac38dfd0d34 - languageName: node - linkType: hard - -"onetime@npm:^6.0.0": - version: 6.0.0 - resolution: "onetime@npm:6.0.0" - dependencies: - mimic-fn: ^4.0.0 - checksum: 0846ce78e440841335d4e9182ef69d5762e9f38aa7499b19f42ea1c4cd40f0b4446094c455c713f9adac3f4ae86f613bb5e30c99e52652764d06a89f709b3788 - languageName: node - linkType: hard - -"opener@npm:^1.5.2": - version: 1.5.2 - resolution: "opener@npm:1.5.2" - bin: - opener: bin/opener-bin.js - checksum: 33b620c0d53d5b883f2abc6687dd1c5fd394d270dbe33a6356f2d71e0a2ec85b100d5bac94694198ccf5c30d592da863b2292c5539009c715a9c80c697b4f6cc - languageName: node - linkType: hard - -"optionator@npm:^0.8.1": - version: 0.8.3 - resolution: "optionator@npm:0.8.3" - dependencies: - deep-is: ~0.1.3 - fast-levenshtein: ~2.0.6 - levn: ~0.3.0 - prelude-ls: ~1.1.2 - type-check: ~0.3.2 - word-wrap: ~1.2.3 - checksum: b8695ddf3d593203e25ab0900e265d860038486c943ff8b774f596a310f8ceebdb30c6832407a8198ba3ec9debe1abe1f51d4aad94843612db3b76d690c61d34 - languageName: node - linkType: hard - -"optionator@npm:^0.9.1": - version: 0.9.1 - resolution: "optionator@npm:0.9.1" - dependencies: - deep-is: ^0.1.3 - fast-levenshtein: ^2.0.6 - levn: ^0.4.1 - prelude-ls: ^1.2.1 - type-check: ^0.4.0 - word-wrap: ^1.2.3 - checksum: dbc6fa065604b24ea57d734261914e697bd73b69eff7f18e967e8912aa2a40a19a9f599a507fa805be6c13c24c4eae8c71306c239d517d42d4c041c942f508a0 - languageName: node - linkType: hard - -"ora@npm:^5.4.1": - version: 5.4.1 - resolution: "ora@npm:5.4.1" - dependencies: - bl: ^4.1.0 - chalk: ^4.1.0 - cli-cursor: ^3.1.0 - cli-spinners: ^2.5.0 - is-interactive: ^1.0.0 - is-unicode-supported: ^0.1.0 - log-symbols: ^4.1.0 - strip-ansi: ^6.0.0 - wcwidth: ^1.0.1 - checksum: 28d476ee6c1049d68368c0dc922e7225e3b5600c3ede88fade8052837f9ed342625fdaa84a6209302587c8ddd9b664f71f0759833cbdb3a4cf81344057e63c63 - languageName: node - linkType: hard - -"os-tmpdir@npm:~1.0.2": - version: 1.0.2 - resolution: "os-tmpdir@npm:1.0.2" - checksum: 5666560f7b9f10182548bf7013883265be33620b1c1b4a4d405c25be2636f970c5488ff3e6c48de75b55d02bde037249fe5dbfbb4c0fb7714953d56aed062e6d - languageName: node - linkType: hard - -"p-cancelable@npm:^0.3.0": - version: 0.3.0 - resolution: "p-cancelable@npm:0.3.0" - checksum: 2b27639be8f7f8718f2854c1711f713c296db00acc4675975b1531ecb6253da197304b4a211a330a8e54e754d28d4b3f7feecb48f0566dd265e3ba6745cd4148 - languageName: node - linkType: hard - -"p-cancelable@npm:^0.4.0": - version: 0.4.1 - resolution: "p-cancelable@npm:0.4.1" - checksum: d11144d72ee3a99f62fe595cb0e13b8585ea73c3807b4a9671744f1bf5d3ccddb049247a4ec3ceff05ca4adba9d0bb0f1862829daf20795bf528c86fa088509c - languageName: node - linkType: hard - -"p-each-series@npm:^2.1.0": - version: 2.2.0 - resolution: "p-each-series@npm:2.2.0" - checksum: 5fbe2f1f1966f55833bd401fe36f7afe410707d5e9fb6032c6dde8aa716d50521c3bb201fdb584130569b5941d5e84993e09e0b3f76a474288e0ede8f632983c - languageName: node - linkType: hard - -"p-event@npm:^1.0.0": - version: 1.3.0 - resolution: "p-event@npm:1.3.0" - dependencies: - p-timeout: ^1.1.1 - checksum: 5a7693a2fc3f24fb6529340a911e290f82b8c9499d9e1cd8c7e8cdc71b7caa538a95ed7cb228e3b04b3f34a7e404f5cd2e91e900d31928316861a35457277820 - languageName: node - linkType: hard - -"p-event@npm:^2.1.0": - version: 2.3.1 - resolution: "p-event@npm:2.3.1" - dependencies: - p-timeout: ^2.0.1 - checksum: 7f973c4c001045bcd561202fc1b2bdf9e148182bb28a7bafa8e7b2ebfaf71a4f9ba91554222040d364290e707e3ebbb049122b8eda9d2aac413b4cf8de0b79ff - languageName: node - linkType: hard - -"p-filter@npm:^2.0.0": - version: 2.1.0 - resolution: "p-filter@npm:2.1.0" - dependencies: - p-map: ^2.0.0 - checksum: 76e552ca624ce2233448d68b19eec9de42b695208121998f7e011edce71d1079a83096ee6a2078fb2a59cfa8a5c999f046edf00ebf16a8e780022010b4693234 - languageName: node - linkType: hard - -"p-finally@npm:^1.0.0": - version: 1.0.0 - resolution: "p-finally@npm:1.0.0" - checksum: 93a654c53dc805dd5b5891bab16eb0ea46db8f66c4bfd99336ae929323b1af2b70a8b0654f8f1eae924b2b73d037031366d645f1fd18b3d30cbd15950cc4b1d4 - languageName: node - linkType: hard - -"p-is-promise@npm:^1.1.0": - version: 1.1.0 - resolution: "p-is-promise@npm:1.1.0" - checksum: 64d7c6cda18af2c91c04209e5856c54d1a9818662d2320b34153d446645f431307e04406969a1be00cad680288e86dcf97b9eb39edd5dc4d0b1bd714ee85e13b - languageName: node - linkType: hard - -"p-is-promise@npm:^3.0.0": - version: 3.0.0 - resolution: "p-is-promise@npm:3.0.0" - checksum: 74e511225fde5eeda7a120d51c60c284de90d68dec7c73611e7e59e8d1c44cc7e2246686544515849149b74ed0571ad470a456ac0d00314f8d03d2cc1ad43aae - languageName: node - linkType: hard - -"p-limit@npm:^1.1.0": - version: 1.3.0 - resolution: "p-limit@npm:1.3.0" - dependencies: - p-try: ^1.0.0 - checksum: 281c1c0b8c82e1ac9f81acd72a2e35d402bf572e09721ce5520164e9de07d8274451378a3470707179ad13240535558f4b277f02405ad752e08c7d5b0d54fbfd - languageName: node - linkType: hard - -"p-limit@npm:^2.2.0": - version: 2.3.0 - resolution: "p-limit@npm:2.3.0" - dependencies: - p-try: ^2.0.0 - checksum: 84ff17f1a38126c3314e91ecfe56aecbf36430940e2873dadaa773ffe072dc23b7af8e46d4b6485d302a11673fe94c6b67ca2cfbb60c989848b02100d0594ac1 - languageName: node - linkType: hard - -"p-limit@npm:^3.0.2": - version: 3.1.0 - resolution: "p-limit@npm:3.1.0" - dependencies: - yocto-queue: ^0.1.0 - checksum: 7c3690c4dbf62ef625671e20b7bdf1cbc9534e83352a2780f165b0d3ceba21907e77ad63401708145ca4e25bfc51636588d89a8c0aeb715e6c37d1c066430360 - languageName: node - linkType: hard - -"p-locate@npm:^2.0.0": - version: 2.0.0 - resolution: "p-locate@npm:2.0.0" - dependencies: - p-limit: ^1.1.0 - checksum: e2dceb9b49b96d5513d90f715780f6f4972f46987dc32a0e18bc6c3fc74a1a5d73ec5f81b1398af5e58b99ea1ad03fd41e9181c01fa81b4af2833958696e3081 - languageName: node - linkType: hard - -"p-locate@npm:^4.1.0": - version: 4.1.0 - resolution: "p-locate@npm:4.1.0" - dependencies: - p-limit: ^2.2.0 - checksum: 513bd14a455f5da4ebfcb819ef706c54adb09097703de6aeaa5d26fe5ea16df92b48d1ac45e01e3944ce1e6aa2a66f7f8894742b8c9d6e276e16cd2049a2b870 - languageName: node - linkType: hard - -"p-locate@npm:^5.0.0": - version: 5.0.0 - resolution: "p-locate@npm:5.0.0" - dependencies: - p-limit: ^3.0.2 - checksum: 1623088f36cf1cbca58e9b61c4e62bf0c60a07af5ae1ca99a720837356b5b6c5ba3eb1b2127e47a06865fee59dd0453cad7cc844cda9d5a62ac1a5a51b7c86d3 - languageName: node - linkType: hard - -"p-map-series@npm:^1.0.0": - version: 1.0.0 - resolution: "p-map-series@npm:1.0.0" - dependencies: - p-reduce: ^1.0.0 - checksum: 719a774a2ea5397732b8a00d154214320019d250230ef68243edae2a75df36fb8e9aee363a86b106e1d7c36995643a1beea7d9261dcd4acb9bc28ec5575d3f21 - languageName: node - linkType: hard - -"p-map@npm:^2.0.0": - version: 2.1.0 - resolution: "p-map@npm:2.1.0" - checksum: 9e3ad3c9f6d75a5b5661bcad78c91f3a63849189737cd75e4f1225bf9ac205194e5c44aac2ef6f09562b1facdb9bd1425584d7ac375bfaa17b3f1a142dab936d - languageName: node - linkType: hard - -"p-map@npm:^4.0.0": - version: 4.0.0 - resolution: "p-map@npm:4.0.0" - dependencies: - aggregate-error: ^3.0.0 - checksum: cb0ab21ec0f32ddffd31dfc250e3afa61e103ef43d957cc45497afe37513634589316de4eb88abdfd969fe6410c22c0b93ab24328833b8eb1ccc087fc0442a1c - languageName: node - linkType: hard - -"p-reduce@npm:^1.0.0": - version: 1.0.0 - resolution: "p-reduce@npm:1.0.0" - checksum: 7b0f25c861ca2319c1fd6d28d1421edca12eb5b780b2f2bcdb418e634b4c2ef07bd85f75ad41594474ec512e5505b49c36e7b22a177d43c60cc014576eab8888 - languageName: node - linkType: hard - -"p-reduce@npm:^2.0.0": - version: 2.1.0 - resolution: "p-reduce@npm:2.1.0" - checksum: 99b26d36066a921982f25c575e78355824da0787c486e3dd9fc867460e8bf17d5fb3ce98d006b41bdc81ffc0aa99edf5faee53d11fe282a20291fb721b0cb1c7 - languageName: node - linkType: hard - -"p-retry@npm:^4.0.0": - version: 4.6.1 - resolution: "p-retry@npm:4.6.1" - dependencies: - "@types/retry": ^0.12.0 - retry: ^0.13.1 - checksum: e6d540413bb3d0b96e0db44f74a7af1dce41f5005e6e84d617960110b148348c86a3987be07797749e3ddd55817dd3a8ffd6eae3428758bc2994d987e48c3a70 - languageName: node - linkType: hard - -"p-timeout@npm:^1.1.1": - version: 1.2.1 - resolution: "p-timeout@npm:1.2.1" - dependencies: - p-finally: ^1.0.0 - checksum: 65a456f49cca1328774a6bfba61aac98d854b36df9153c2887f82f078d4399e9a30463be8a479871c22ed350a23b34a66ff303ca652b9d81ed4ff5260ac660d2 - languageName: node - linkType: hard - -"p-timeout@npm:^2.0.1": - version: 2.0.1 - resolution: "p-timeout@npm:2.0.1" - dependencies: - p-finally: ^1.0.0 - checksum: 9205a661173f03adbeabda8e02826de876376b09c99768bdc33e5b25ae73230e3ac00e520acedbe3cf05fbd3352fb02efbd3811a9a021b148fb15eb07e7accac - languageName: node - linkType: hard - -"p-try@npm:^1.0.0": - version: 1.0.0 - resolution: "p-try@npm:1.0.0" - checksum: 3b5303f77eb7722144154288bfd96f799f8ff3e2b2b39330efe38db5dd359e4fb27012464cd85cb0a76e9b7edd1b443568cb3192c22e7cffc34989df0bafd605 - languageName: node - linkType: hard - -"p-try@npm:^2.0.0": - version: 2.2.0 - resolution: "p-try@npm:2.2.0" - checksum: f8a8e9a7693659383f06aec604ad5ead237c7a261c18048a6e1b5b85a5f8a067e469aa24f5bc009b991ea3b058a87f5065ef4176793a200d4917349881216cae - languageName: node - linkType: hard - -"pacote@npm:^13.0.3, pacote@npm:^13.0.5": - version: 13.3.0 - resolution: "pacote@npm:13.3.0" - dependencies: - "@npmcli/git": ^3.0.0 - "@npmcli/installed-package-contents": ^1.0.7 - "@npmcli/promise-spawn": ^3.0.0 - "@npmcli/run-script": ^3.0.1 - cacache: ^16.0.0 - chownr: ^2.0.0 - fs-minipass: ^2.1.0 - infer-owner: ^1.0.4 - minipass: ^3.1.6 - mkdirp: ^1.0.4 - npm-package-arg: ^9.0.0 - npm-packlist: ^5.0.0 - npm-pick-manifest: ^7.0.0 - npm-registry-fetch: ^13.0.1 - proc-log: ^2.0.0 - promise-retry: ^2.0.1 - read-package-json: ^5.0.0 - read-package-json-fast: ^2.0.3 - rimraf: ^3.0.2 - ssri: ^9.0.0 - tar: ^6.1.11 - bin: - pacote: lib/bin.js - checksum: 49badbafac64e7cd9c87aa14342424ee90946e0ac729faeffb489a94ed6cdab815bd7ffec7673b4863e20e113ee678b8038ace95ee2fc1f58206bc4482ff0bf5 - languageName: node - linkType: hard - -"parent-module@npm:^1.0.0": - version: 1.0.1 - resolution: "parent-module@npm:1.0.1" - dependencies: - callsites: ^3.0.0 - checksum: 6ba8b255145cae9470cf5551eb74be2d22281587af787a2626683a6c20fbb464978784661478dd2a3f1dad74d1e802d403e1b03c1a31fab310259eec8ac560ff - languageName: node - linkType: hard - -"parse-conflict-json@npm:^2.0.1": - version: 2.0.2 - resolution: "parse-conflict-json@npm:2.0.2" - dependencies: - json-parse-even-better-errors: ^2.3.1 - just-diff: ^5.0.1 - just-diff-apply: ^5.2.0 - checksum: 076f65c958696586daefb153f59d575dfb59648be43116a21b74d5ff69ec63dd56f585a27cc2da56d8e64ca5abf0373d6619b8330c035131f8d1e990c8406378 - languageName: node - linkType: hard - -"parse-glob@npm:^3.0.4": - version: 3.0.4 - resolution: "parse-glob@npm:3.0.4" - dependencies: - glob-base: ^0.3.0 - is-dotfile: ^1.0.0 - is-extglob: ^1.0.0 - is-glob: ^2.0.0 - checksum: 447bc442d76522c5e03b5babc8582d4a37fe9d59b3e5ef8d7ddae4e03060637ae38d5d28686e03c27e4d20be34983b5cb053cf8b066d34be0f9d1867eb677e45 - languageName: node - linkType: hard - -"parse-json@npm:^4.0.0": - version: 4.0.0 - resolution: "parse-json@npm:4.0.0" - dependencies: - error-ex: ^1.3.1 - json-parse-better-errors: ^1.0.1 - checksum: 0fe227d410a61090c247e34fa210552b834613c006c2c64d9a05cfe9e89cf8b4246d1246b1a99524b53b313e9ac024438d0680f67e33eaed7e6f38db64cfe7b5 - languageName: node - linkType: hard - -"parse-json@npm:^5.0.0, parse-json@npm:^5.2.0": - version: 5.2.0 - resolution: "parse-json@npm:5.2.0" - dependencies: - "@babel/code-frame": ^7.0.0 - error-ex: ^1.3.1 - json-parse-even-better-errors: ^2.3.0 - lines-and-columns: ^1.1.6 - checksum: 62085b17d64da57f40f6afc2ac1f4d95def18c4323577e1eced571db75d9ab59b297d1d10582920f84b15985cbfc6b6d450ccbf317644cfa176f3ed982ad87e2 - languageName: node - linkType: hard - -"parse5@npm:6.0.1": - version: 6.0.1 - resolution: "parse5@npm:6.0.1" - checksum: 7d569a176c5460897f7c8f3377eff640d54132b9be51ae8a8fa4979af940830b2b0c296ce75e5bd8f4041520aadde13170dbdec44889975f906098ea0002f4bd - languageName: node - linkType: hard - -"pascalcase@npm:^0.1.1": - version: 0.1.1 - resolution: "pascalcase@npm:0.1.1" - checksum: f83681c3c8ff75fa473a2bb2b113289952f802ff895d435edd717e7cb898b0408cbdb247117a938edcbc5d141020909846cc2b92c47213d764e2a94d2ad2b925 - languageName: node - linkType: hard - -"path-exists@npm:^3.0.0": - version: 3.0.0 - resolution: "path-exists@npm:3.0.0" - checksum: 96e92643aa34b4b28d0de1cd2eba52a1c5313a90c6542d03f62750d82480e20bfa62bc865d5cfc6165f5fcd5aeb0851043c40a39be5989646f223300021bae0a - languageName: node - linkType: hard - -"path-exists@npm:^4.0.0": - version: 4.0.0 - resolution: "path-exists@npm:4.0.0" - checksum: 505807199dfb7c50737b057dd8d351b82c033029ab94cb10a657609e00c1bc53b951cfdbccab8de04c5584d5eff31128ce6afd3db79281874a5ef2adbba55ed1 - languageName: node - linkType: hard - -"path-is-absolute@npm:^1.0.0": - version: 1.0.1 - resolution: "path-is-absolute@npm:1.0.1" - checksum: 060840f92cf8effa293bcc1bea81281bd7d363731d214cbe5c227df207c34cd727430f70c6037b5159c8a870b9157cba65e775446b0ab06fd5ecc7e54615a3b8 - languageName: node - linkType: hard - -"path-key@npm:^2.0.0": - version: 2.0.1 - resolution: "path-key@npm:2.0.1" - checksum: f7ab0ad42fe3fb8c7f11d0c4f849871e28fbd8e1add65c370e422512fc5887097b9cf34d09c1747d45c942a8c1e26468d6356e2df3f740bf177ab8ca7301ebfd - languageName: node - linkType: hard - -"path-key@npm:^3.0.0, path-key@npm:^3.1.0": - version: 3.1.1 - resolution: "path-key@npm:3.1.1" - checksum: 55cd7a9dd4b343412a8386a743f9c746ef196e57c823d90ca3ab917f90ab9f13dd0ded27252ba49dbdfcab2b091d998bc446f6220cd3cea65db407502a740020 - languageName: node - linkType: hard - -"path-key@npm:^4.0.0": - version: 4.0.0 - resolution: "path-key@npm:4.0.0" - checksum: 8e6c314ae6d16b83e93032c61020129f6f4484590a777eed709c4a01b50e498822b00f76ceaf94bc64dbd90b327df56ceadce27da3d83393790f1219e07721d7 - languageName: node - linkType: hard - -"path-parse@npm:^1.0.7": - version: 1.0.7 - resolution: "path-parse@npm:1.0.7" - checksum: 49abf3d81115642938a8700ec580da6e830dde670be21893c62f4e10bd7dd4c3742ddc603fe24f898cba7eb0c6bc1777f8d9ac14185d34540c6d4d80cd9cae8a - languageName: node - linkType: hard - -"path-type@npm:^4.0.0": - version: 4.0.0 - resolution: "path-type@npm:4.0.0" - checksum: 5b1e2daa247062061325b8fdbfd1fb56dde0a448fb1455453276ea18c60685bdad23a445dc148cf87bc216be1573357509b7d4060494a6fd768c7efad833ee45 - languageName: node - linkType: hard - -"pend@npm:~1.2.0": - version: 1.2.0 - resolution: "pend@npm:1.2.0" - checksum: 6c72f5243303d9c60bd98e6446ba7d30ae29e3d56fdb6fae8767e8ba6386f33ee284c97efe3230a0d0217e2b1723b8ab490b1bbf34fcbb2180dbc8a9de47850d - languageName: node - linkType: hard - -"picocolors@npm:^1.0.0": - version: 1.0.0 - resolution: "picocolors@npm:1.0.0" - checksum: a2e8092dd86c8396bdba9f2b5481032848525b3dc295ce9b57896f931e63fc16f79805144321f72976383fc249584672a75cc18d6777c6b757603f372f745981 - languageName: node - linkType: hard - -"picomatch@npm:^2.0.4, picomatch@npm:^2.2.3": - version: 2.3.1 - resolution: "picomatch@npm:2.3.1" - checksum: 050c865ce81119c4822c45d3c84f1ced46f93a0126febae20737bd05ca20589c564d6e9226977df859ed5e03dc73f02584a2b0faad36e896936238238b0446cf - languageName: node - linkType: hard - -"pify@npm:^2.3.0": - version: 2.3.0 - resolution: "pify@npm:2.3.0" - checksum: 9503aaeaf4577acc58642ad1d25c45c6d90288596238fb68f82811c08104c800e5a7870398e9f015d82b44ecbcbef3dc3d4251a1cbb582f6e5959fe09884b2ba - languageName: node - linkType: hard - -"pify@npm:^3.0.0": - version: 3.0.0 - resolution: "pify@npm:3.0.0" - checksum: 6cdcbc3567d5c412450c53261a3f10991665d660961e06605decf4544a61a97a54fefe70a68d5c37080ff9d6f4cf51444c90198d1ba9f9309a6c0d6e9f5c4fde - languageName: node - linkType: hard - -"pify@npm:^4.0.1": - version: 4.0.1 - resolution: "pify@npm:4.0.1" - checksum: 9c4e34278cb09987685fa5ef81499c82546c033713518f6441778fbec623fc708777fe8ac633097c72d88470d5963094076c7305cafc7ad340aae27cfacd856b - languageName: node - linkType: hard - -"pinkie-promise@npm:^2.0.0": - version: 2.0.1 - resolution: "pinkie-promise@npm:2.0.1" - dependencies: - pinkie: ^2.0.0 - checksum: b53a4a2e73bf56b6f421eef711e7bdcb693d6abb474d57c5c413b809f654ba5ee750c6a96dd7225052d4b96c4d053cdcb34b708a86fceed4663303abee52fcca - languageName: node - linkType: hard - -"pinkie@npm:^2.0.0": - version: 2.0.4 - resolution: "pinkie@npm:2.0.4" - checksum: b12b10afea1177595aab036fc220785488f67b4b0fc49e7a27979472592e971614fa1c728e63ad3e7eb748b4ec3c3dbd780819331dad6f7d635c77c10537b9db - languageName: node - linkType: hard - -"pirates@npm:^4.0.4": - version: 4.0.4 - resolution: "pirates@npm:4.0.4" - checksum: 6b7187d526fd025a2b91e8fd289c78d88c4adc3ea947b9facbe9cb300a896b0ec00f3e77b36a043001695312a8debbf714453495283bd8a4eaad3bc0c38df425 - languageName: node - linkType: hard - -"pkg-conf@npm:^2.1.0": - version: 2.1.0 - resolution: "pkg-conf@npm:2.1.0" - dependencies: - find-up: ^2.0.0 - load-json-file: ^4.0.0 - checksum: b50775157262abd1bfb4d3d948f3fc6c009d10266c6507d4de296af4e2cbb6d2738310784432185886d83144466fbb286b6e8ff0bc23dc5ee7d81810dc6c4788 - languageName: node - linkType: hard - -"pkg-dir@npm:^4.2.0": - version: 4.2.0 - resolution: "pkg-dir@npm:4.2.0" - dependencies: - find-up: ^4.0.0 - checksum: 9863e3f35132bf99ae1636d31ff1e1e3501251d480336edb1c211133c8d58906bed80f154a1d723652df1fda91e01c7442c2eeaf9dc83157c7ae89087e43c8d6 - languageName: node - linkType: hard - -"policy-packs@workspace:.": - version: 0.0.0-use.local - resolution: "policy-packs@workspace:." - dependencies: - "@qiwi/multi-semantic-release": ^6.1.1 - "@semantic-release/changelog": ^6.0.1 - "@semantic-release/git": ^10.0.1 - "@semantic-release/github": ^8.0.1 - "@semantic-release/npm": ^9.0.1 - "@semrel-extra/npm": ^1.2.0 - lodash: ^4.17.21 - semantic-release: ^19.0.2 - languageName: unknown - linkType: soft - -"posix-character-classes@npm:^0.1.0": - version: 0.1.1 - resolution: "posix-character-classes@npm:0.1.1" - checksum: dedb99913c60625a16050cfed2fb5c017648fc075be41ac18474e1c6c3549ef4ada201c8bd9bd006d36827e289c571b6092e1ef6e756cdbab2fd7046b25c6442 - languageName: node - linkType: hard - -"prelude-ls@npm:^1.2.1": - version: 1.2.1 - resolution: "prelude-ls@npm:1.2.1" - checksum: cd192ec0d0a8e4c6da3bb80e4f62afe336df3f76271ac6deb0e6a36187133b6073a19e9727a1ff108cd8b9982e4768850d413baa71214dd80c7979617dca827a - languageName: node - linkType: hard - -"prelude-ls@npm:~1.1.2": - version: 1.1.2 - resolution: "prelude-ls@npm:1.1.2" - checksum: c4867c87488e4a0c233e158e4d0d5565b609b105d75e4c05dc760840475f06b731332eb93cc8c9cecb840aa8ec323ca3c9a56ad7820ad2e63f0261dadcb154e4 - languageName: node - linkType: hard - -"prepend-http@npm:^1.0.1": - version: 1.0.4 - resolution: "prepend-http@npm:1.0.4" - checksum: 01e7baf4ad38af02257b99098543469332fc42ae50df33d97a124bf8172295907352fa6138c9b1610c10c6dd0847ca736e53fda736387cc5cf8fcffe96b47f29 - languageName: node - linkType: hard - -"prepend-http@npm:^2.0.0": - version: 2.0.0 - resolution: "prepend-http@npm:2.0.0" - checksum: 7694a9525405447662c1ffd352fcb41b6410c705b739b6f4e3a3e21cf5fdede8377890088e8934436b8b17ba55365a615f153960f30877bf0d0392f9e93503ea - languageName: node - linkType: hard - -"preserve@npm:^0.2.0": - version: 0.2.0 - resolution: "preserve@npm:0.2.0" - checksum: dd31d4fd0e6b218cac7178712ae0683c96e6eaa3e5490a37aba6d47095f87c47ffe980a3061ebe72ca07cb2a9a4f1a41bbeecee8944ec77be311c294e05b2e43 - languageName: node - linkType: hard - -"prettier-linter-helpers@npm:^1.0.0": - version: 1.0.0 - resolution: "prettier-linter-helpers@npm:1.0.0" - dependencies: - fast-diff: ^1.1.2 - checksum: 00ce8011cf6430158d27f9c92cfea0a7699405633f7f1d4a45f07e21bf78e99895911cbcdc3853db3a824201a7c745bd49bfea8abd5fb9883e765a90f74f8392 - languageName: node - linkType: hard - -"prettier@npm:^2.4.1, prettier@npm:^2.5.1": - version: 2.5.1 - resolution: "prettier@npm:2.5.1" - bin: - prettier: bin-prettier.js - checksum: 21b9408476ea1c544b0e45d51ceb94a84789ff92095abb710942d780c862d0daebdb29972d47f6b4d0f7ebbfb0ffbf56cc2cfa3e3e9d1cca54864af185b15b66 - languageName: node - linkType: hard - -"pretty-format@npm:^27.0.0, pretty-format@npm:^27.4.6": - version: 27.4.6 - resolution: "pretty-format@npm:27.4.6" - dependencies: - ansi-regex: ^5.0.1 - ansi-styles: ^5.0.0 - react-is: ^17.0.1 - checksum: 5eda32e4e47ddd1a9e8fe9ebef519b217ba403eb8bcb804ba551dfb37f87e674472013fcf78480ab535844fdddcc706fac94511eba349bfb94a138a02d1a7a59 - languageName: node - linkType: hard - -"proc-log@npm:^2.0.0": - version: 2.0.1 - resolution: "proc-log@npm:2.0.1" - checksum: f6f23564ff759097db37443e6e2765af84979a703d2c52c1b9df506ee9f87caa101ba49d8fdc115c1a313ec78e37e8134704e9069e6a870f3499d98bb24c436f - languageName: node - linkType: hard - -"process-nextick-args@npm:~2.0.0": - version: 2.0.1 - resolution: "process-nextick-args@npm:2.0.1" - checksum: 1d38588e520dab7cea67cbbe2efdd86a10cc7a074c09657635e34f035277b59fbb57d09d8638346bf7090f8e8ebc070c96fa5fd183b777fff4f5edff5e9466cf - languageName: node - linkType: hard - -"progress@npm:^2.0.0": - version: 2.0.3 - resolution: "progress@npm:2.0.3" - checksum: f67403fe7b34912148d9252cb7481266a354bd99ce82c835f79070643bb3c6583d10dbcfda4d41e04bbc1d8437e9af0fb1e1f2135727878f5308682a579429b7 - languageName: node - linkType: hard - -"promise-all-reject-late@npm:^1.0.0": - version: 1.0.1 - resolution: "promise-all-reject-late@npm:1.0.1" - checksum: d7d61ac412352e2c8c3463caa5b1c3ca0f0cc3db15a09f180a3da1446e33d544c4261fc716f772b95e4c27d559cfd2388540f44104feb356584f9c73cfb9ffcb - languageName: node - linkType: hard - -"promise-call-limit@npm:^1.0.1": - version: 1.0.1 - resolution: "promise-call-limit@npm:1.0.1" - checksum: e69aed17f5f34bbd7aecff28faedb456e3500a08af31ee759ef75f2d8c2219d7c0e59f153f4d8c339056de8c304e0dd4acc500c339e7ea1e9c0e7bb1444367c8 - languageName: node - linkType: hard - -"promise-events@npm:^0.2.4": - version: 0.2.4 - resolution: "promise-events@npm:0.2.4" - checksum: e912756002f737f08edb636d98075290ed74150853c6dcd03339ae1c14ea567ce4fda6a7aecd46c124f92e700dd1c80ca2d4f1cc5493c2601dd18e400b761ff8 - languageName: node - linkType: hard - -"promise-inflight@npm:^1.0.1": - version: 1.0.1 - resolution: "promise-inflight@npm:1.0.1" - checksum: 22749483091d2c594261517f4f80e05226d4d5ecc1fc917e1886929da56e22b5718b7f2a75f3807e7a7d471bc3be2907fe92e6e8f373ddf5c64bae35b5af3981 - languageName: node - linkType: hard - -"promise-retry@npm:^2.0.1": - version: 2.0.1 - resolution: "promise-retry@npm:2.0.1" - dependencies: - err-code: ^2.0.2 - retry: ^0.12.0 - checksum: f96a3f6d90b92b568a26f71e966cbbc0f63ab85ea6ff6c81284dc869b41510e6cdef99b6b65f9030f0db422bf7c96652a3fff9f2e8fb4a0f069d8f4430359429 - languageName: node - linkType: hard - -"prompts@npm:^2.0.1": - version: 2.4.2 - resolution: "prompts@npm:2.4.2" - dependencies: - kleur: ^3.0.3 - sisteransi: ^1.0.5 - checksum: d8fd1fe63820be2412c13bfc5d0a01909acc1f0367e32396962e737cb2fc52d004f3302475d5ce7d18a1e8a79985f93ff04ee03007d091029c3f9104bffc007d - languageName: node - linkType: hard - -"promzard@npm:^0.3.0": - version: 0.3.0 - resolution: "promzard@npm:0.3.0" - dependencies: - read: 1 - checksum: 443a3b39ac916099988ee0161ab4e22edd1fa27e3d39a38d60e48c11ca6df3f5a90bfe44d95af06ed8659c4050b789ffe64c3f9f8e49a4bea1ea19105c98445a - languageName: node - linkType: hard - -"proto-list@npm:~1.2.1": - version: 1.2.4 - resolution: "proto-list@npm:1.2.4" - checksum: 4d4826e1713cbfa0f15124ab0ae494c91b597a3c458670c9714c36e8baddf5a6aad22842776f2f5b137f259c8533e741771445eb8df82e861eea37a6eaba03f7 - languageName: node - linkType: hard - -"pseudomap@npm:^1.0.2": - version: 1.0.2 - resolution: "pseudomap@npm:1.0.2" - checksum: 856c0aae0ff2ad60881168334448e898ad7a0e45fe7386d114b150084254c01e200c957cf378378025df4e052c7890c5bd933939b0e0d2ecfcc1dc2f0b2991f5 - languageName: node - linkType: hard - -"psl@npm:^1.1.33": - version: 1.8.0 - resolution: "psl@npm:1.8.0" - checksum: 6150048ed2da3f919478bee8a82f3828303bc0fc730fb015a48f83c9977682c7b28c60ab01425a72d82a2891a1681627aa530a991d50c086b48a3be27744bde7 - languageName: node - linkType: hard - -"pump@npm:^3.0.0": - version: 3.0.0 - resolution: "pump@npm:3.0.0" - dependencies: - end-of-stream: ^1.1.0 - once: ^1.3.1 - checksum: e42e9229fba14732593a718b04cb5e1cfef8254544870997e0ecd9732b189a48e1256e4e5478148ecb47c8511dca2b09eae56b4d0aad8009e6fac8072923cfc9 - languageName: node - linkType: hard - -"punycode@npm:^2.1.0, punycode@npm:^2.1.1": - version: 2.1.1 - resolution: "punycode@npm:2.1.1" - checksum: 823bf443c6dd14f669984dea25757b37993f67e8d94698996064035edd43bed8a5a17a9f12e439c2b35df1078c6bec05a6c86e336209eb1061e8025c481168e8 - languageName: node - linkType: hard - -"q@npm:^1.5.1": - version: 1.5.1 - resolution: "q@npm:1.5.1" - checksum: 147baa93c805bc1200ed698bdf9c72e9e42c05f96d007e33a558b5fdfd63e5ea130e99313f28efc1783e90e6bdb4e48b67a36fcc026b7b09202437ae88a1fb12 - languageName: node - linkType: hard - -"qrcode-terminal@npm:^0.12.0": - version: 0.12.0 - resolution: "qrcode-terminal@npm:0.12.0" - bin: - qrcode-terminal: ./bin/qrcode-terminal.js - checksum: 51638d11d080e06ef79ef2d5cfe911202159e48d2873d6a80a3c5489b4b767acf4754811ceba4e113db8f41f61a06c163bcb17e6e18e6b34e04a7a5155dac974 - languageName: node - linkType: hard - -"query-string@npm:^5.0.1": - version: 5.1.1 - resolution: "query-string@npm:5.1.1" - dependencies: - decode-uri-component: ^0.2.0 - object-assign: ^4.1.0 - strict-uri-encode: ^1.0.0 - checksum: 4ac760d9778d413ef5f94f030ed14b1a07a1708dd13fd3bc54f8b9ef7b425942c7577f30de0bf5a7d227ee65a9a0350dfa3a43d1d266880882fb7ce4c434a4dd - languageName: node - linkType: hard - -"queue-microtask@npm:^1.2.2": - version: 1.2.3 - resolution: "queue-microtask@npm:1.2.3" - checksum: b676f8c040cdc5b12723ad2f91414d267605b26419d5c821ff03befa817ddd10e238d22b25d604920340fd73efd8ba795465a0377c4adf45a4a41e4234e42dc4 - languageName: node - linkType: hard - -"quick-lru@npm:^4.0.1": - version: 4.0.1 - resolution: "quick-lru@npm:4.0.1" - checksum: bea46e1abfaa07023e047d3cf1716a06172c4947886c053ede5c50321893711577cb6119360f810cc3ffcd70c4d7db4069c3cee876b358ceff8596e062bd1154 - languageName: node - linkType: hard - -"quick-lru@npm:^5.1.1": - version: 5.1.1 - resolution: "quick-lru@npm:5.1.1" - checksum: a516faa25574be7947969883e6068dbe4aa19e8ef8e8e0fd96cddd6d36485e9106d85c0041a27153286b0770b381328f4072aa40d3b18a19f5f7d2b78b94b5ed - languageName: node - linkType: hard - -"randomatic@npm:^3.0.0": - version: 3.1.1 - resolution: "randomatic@npm:3.1.1" - dependencies: - is-number: ^4.0.0 - kind-of: ^6.0.0 - math-random: ^1.0.1 - checksum: 1952baed71801d3698fe84f3ab01e25ea124fc20ce91e133aa1981268c1347647f9ae1fdc62389db2411ebdad61c0f7cea0ce840dee260ad2adadfcf27299018 - languageName: node - linkType: hard - -"rc@npm:^1.2.8": - version: 1.2.8 - resolution: "rc@npm:1.2.8" - dependencies: - deep-extend: ^0.6.0 - ini: ~1.3.0 - minimist: ^1.2.0 - strip-json-comments: ~2.0.1 - bin: - rc: ./cli.js - checksum: 2e26e052f8be2abd64e6d1dabfbd7be03f80ec18ccbc49562d31f617d0015fbdbcf0f9eed30346ea6ab789e0fdfe4337f033f8016efdbee0df5354751842080e - languageName: node - linkType: hard - -"react-is@npm:^17.0.1": - version: 17.0.2 - resolution: "react-is@npm:17.0.2" - checksum: 9d6d111d8990dc98bc5402c1266a808b0459b5d54830bbea24c12d908b536df7883f268a7868cfaedde3dd9d4e0d574db456f84d2e6df9c4526f99bb4b5344d8 - languageName: node - linkType: hard - -"read-cmd-shim@npm:^3.0.0": - version: 3.0.0 - resolution: "read-cmd-shim@npm:3.0.0" - checksum: b518c6026f3320e30b692044f6ff5c4dc80f9c71261296da8994101b569b26b12b8e5df397bba2d4691dd3a3a2f770a1eca7be18a69ec202fac6dcfadc5016fd - languageName: node - linkType: hard - -"read-package-json-fast@npm:^2.0.2, read-package-json-fast@npm:^2.0.3": - version: 2.0.3 - resolution: "read-package-json-fast@npm:2.0.3" - dependencies: - json-parse-even-better-errors: ^2.3.0 - npm-normalize-package-bin: ^1.0.1 - checksum: fca37b3b2160b9dda7c5588b767f6a2b8ce68d03a044000e568208e20bea0cf6dd2de17b90740ce8da8b42ea79c0b3859649dadf29510bbe77224ea65326a903 - languageName: node - linkType: hard - -"read-package-json@npm:^5.0.0": - version: 5.0.1 - resolution: "read-package-json@npm:5.0.1" - dependencies: - glob: ^8.0.1 - json-parse-even-better-errors: ^2.3.1 - normalize-package-data: ^4.0.0 - npm-normalize-package-bin: ^1.0.1 - checksum: e8c2ad72df1f17e71268feabdb9bb0153ed2c7d38a05b759c5c49cf368a754bdd3c0e8a279fbc8d707802ff91d2cf144a995e6ebd5534de2848d52ab2c14034d - languageName: node - linkType: hard - -"read-pkg-up@npm:^7.0.0, read-pkg-up@npm:^7.0.1": - version: 7.0.1 - resolution: "read-pkg-up@npm:7.0.1" - dependencies: - find-up: ^4.1.0 - read-pkg: ^5.2.0 - type-fest: ^0.8.1 - checksum: e4e93ce70e5905b490ca8f883eb9e48b5d3cebc6cd4527c25a0d8f3ae2903bd4121c5ab9c5a3e217ada0141098eeb661313c86fa008524b089b8ed0b7f165e44 - languageName: node - linkType: hard - -"read-pkg-up@npm:^8.0.0": - version: 8.0.0 - resolution: "read-pkg-up@npm:8.0.0" - dependencies: - find-up: ^5.0.0 - read-pkg: ^6.0.0 - type-fest: ^1.0.1 - checksum: fe4c80401656b40b408884457fffb5a8015c03b1018cfd8e48f8d82a5e9023e24963603aeb2755608d964593e046c15b34d29b07d35af9c7aa478be81805209c - languageName: node - linkType: hard - -"read-pkg@npm:^5.0.0, read-pkg@npm:^5.2.0": - version: 5.2.0 - resolution: "read-pkg@npm:5.2.0" - dependencies: - "@types/normalize-package-data": ^2.4.0 - normalize-package-data: ^2.5.0 - parse-json: ^5.0.0 - type-fest: ^0.6.0 - checksum: eb696e60528b29aebe10e499ba93f44991908c57d70f2d26f369e46b8b9afc208ef11b4ba64f67630f31df8b6872129e0a8933c8c53b7b4daf0eace536901222 - languageName: node - linkType: hard - -"read-pkg@npm:^6.0.0": - version: 6.0.0 - resolution: "read-pkg@npm:6.0.0" - dependencies: - "@types/normalize-package-data": ^2.4.0 - normalize-package-data: ^3.0.2 - parse-json: ^5.2.0 - type-fest: ^1.0.1 - checksum: 0cebdff381128e923815c643074a87011070e5fc352bee575d327d6485da3317fab6d802a7b03deeb0be7be8d3ad1640397b3d5d2f044452caf4e8d1736bf94f - languageName: node - linkType: hard - -"read-yaml-file@npm:^1.1.0": - version: 1.1.0 - resolution: "read-yaml-file@npm:1.1.0" - dependencies: - graceful-fs: ^4.1.5 - js-yaml: ^3.6.1 - pify: ^4.0.1 - strip-bom: ^3.0.0 - checksum: 41ee5f075507ef0403328dd54e225a61c3149f915675ce7fd0fd791ddcce2e6c30a9fe0f76ffa7a465c1c157b9b4ad8ded1dcf47dc3b396103eeb013490bbc2e - languageName: node - linkType: hard - -"read@npm:1, read@npm:^1.0.7, read@npm:~1.0.7": - version: 1.0.7 - resolution: "read@npm:1.0.7" - dependencies: - mute-stream: ~0.0.4 - checksum: 2777c254e5732cac96f5d0a1c0f6b836c89ae23d8febd405b206f6f24d5de1873420f1a0795e0e3721066650d19adf802c7882c4027143ee0acf942a4f34f97b - languageName: node - linkType: hard - -"readable-stream@npm:3, readable-stream@npm:^3.0.0, readable-stream@npm:^3.4.0, readable-stream@npm:^3.6.0": - version: 3.6.0 - resolution: "readable-stream@npm:3.6.0" - dependencies: - inherits: ^2.0.3 - string_decoder: ^1.1.1 - util-deprecate: ^1.0.1 - checksum: d4ea81502d3799439bb955a3a5d1d808592cf3133350ed352aeaa499647858b27b1c4013984900238b0873ec8d0d8defce72469fb7a83e61d53f5ad61cb80dc8 - languageName: node - linkType: hard - -"readable-stream@npm:^2.0.0, readable-stream@npm:^2.0.2, readable-stream@npm:^2.3.0, readable-stream@npm:^2.3.5, readable-stream@npm:~2.3.6": - version: 2.3.7 - resolution: "readable-stream@npm:2.3.7" - dependencies: - core-util-is: ~1.0.0 - inherits: ~2.0.3 - isarray: ~1.0.0 - process-nextick-args: ~2.0.0 - safe-buffer: ~5.1.1 - string_decoder: ~1.1.1 - util-deprecate: ~1.0.1 - checksum: e4920cf7549a60f8aaf694d483a0e61b2a878b969d224f89b3bc788b8d920075132c4b55a7494ee944c7b6a9a0eada28a7f6220d80b0312ece70bbf08eeca755 - languageName: node - linkType: hard - -"readdir-scoped-modules@npm:^1.1.0": - version: 1.1.0 - resolution: "readdir-scoped-modules@npm:1.1.0" - dependencies: - debuglog: ^1.0.1 - dezalgo: ^1.0.0 - graceful-fs: ^4.1.2 - once: ^1.3.0 - checksum: 6d9f334e40dfd0f5e4a8aab5e67eb460c95c85083c690431f87ab2c9135191170e70c2db6d71afcafb78e073d23eb95dcb3fc33ef91308f6ebfe3197be35e608 - languageName: node - linkType: hard - -"readdirp@npm:^2.0.0": - version: 2.2.1 - resolution: "readdirp@npm:2.2.1" - dependencies: - graceful-fs: ^4.1.11 - micromatch: ^3.1.10 - readable-stream: ^2.0.2 - checksum: 3879b20f1a871e0e004a14fbf1776e65ee0b746a62f5a416010808b37c272ac49b023c47042c7b1e281cba75a449696635bc64c397ed221ea81d853a8f2ed79a - languageName: node - linkType: hard - -"rechoir@npm:^0.6.2": - version: 0.6.2 - resolution: "rechoir@npm:0.6.2" - dependencies: - resolve: ^1.1.6 - checksum: fe76bf9c21875ac16e235defedd7cbd34f333c02a92546142b7911a0f7c7059d2e16f441fe6fb9ae203f459c05a31b2bcf26202896d89e390eda7514d5d2702b - languageName: node - linkType: hard - -"redent@npm:^3.0.0": - version: 3.0.0 - resolution: "redent@npm:3.0.0" - dependencies: - indent-string: ^4.0.0 - strip-indent: ^3.0.0 - checksum: fa1ef20404a2d399235e83cc80bd55a956642e37dd197b4b612ba7327bf87fa32745aeb4a1634b2bab25467164ab4ed9c15be2c307923dd08b0fe7c52431ae6b - languageName: node - linkType: hard - -"redent@npm:^4.0.0": - version: 4.0.0 - resolution: "redent@npm:4.0.0" - dependencies: - indent-string: ^5.0.0 - strip-indent: ^4.0.0 - checksum: 6944e7b1d8f3fd28c2515f5c605b9f7f0ea0f4edddf41890bbbdd4d9ee35abb7540c3b278f03ff827bd278bb6ff4a5bd8692ca406b748c5c1c3ce7355e9fbf8f - languageName: node - linkType: hard - -"redeyed@npm:~2.1.0": - version: 2.1.1 - resolution: "redeyed@npm:2.1.1" - dependencies: - esprima: ~4.0.0 - checksum: 39a1426e377727cfb47a0e24e95c1cf78d969fbc388dc1e0fa1e2ef8a8756450cefb8b0c2598f63b85f1a331986fca7604c0db798427a5775a1dbdb9c1291979 - languageName: node - linkType: hard - -"regenerator-runtime@npm:^0.11.0": - version: 0.11.1 - resolution: "regenerator-runtime@npm:0.11.1" - checksum: 3c97bd2c7b2b3247e6f8e2147a002eb78c995323732dad5dc70fac8d8d0b758d0295e7015b90d3d444446ae77cbd24b9f9123ec3a77018e81d8999818301b4f4 - languageName: node - linkType: hard - -"regenerator-runtime@npm:^0.13.4": - version: 0.13.9 - resolution: "regenerator-runtime@npm:0.13.9" - checksum: 65ed455fe5afd799e2897baf691ca21c2772e1a969d19bb0c4695757c2d96249eb74ee3553ea34a91062b2a676beedf630b4c1551cc6299afb937be1426ec55e - languageName: node - linkType: hard - -"regex-cache@npm:^0.4.2": - version: 0.4.4 - resolution: "regex-cache@npm:0.4.4" - dependencies: - is-equal-shallow: ^0.1.3 - checksum: fdaf756fbd7048a34dc454ab6da678828148d34ac8e3701636bd747fd9d2df1191f6f80669f7ce7c4173e4631a92d3943ce4dc2a43a1acfa7c5308cdd49a1587 - languageName: node - linkType: hard - -"regex-not@npm:^1.0.0, regex-not@npm:^1.0.2": - version: 1.0.2 - resolution: "regex-not@npm:1.0.2" - dependencies: - extend-shallow: ^3.0.2 - safe-regex: ^1.1.0 - checksum: 3081403de79559387a35ef9d033740e41818a559512668cef3d12da4e8a29ef34ee13c8ed1256b07e27ae392790172e8a15c8a06b72962fd4550476cde3d8f77 - languageName: node - linkType: hard - -"regexpp@npm:^3.1.0": - version: 3.2.0 - resolution: "regexpp@npm:3.2.0" - checksum: a78dc5c7158ad9ddcfe01aa9144f46e192ddbfa7b263895a70a5c6c73edd9ce85faf7c0430e59ac38839e1734e275b9c3de5c57ee3ab6edc0e0b1bdebefccef8 - languageName: node - linkType: hard - -"registry-auth-token@npm:^4.0.0": - version: 4.2.1 - resolution: "registry-auth-token@npm:4.2.1" - dependencies: - rc: ^1.2.8 - checksum: aa72060b573a50607cfd2dee16d0e51e13ca58b6a80442e74545325dc24d2c38896e6bad229bdcc1fc9759fa81b4066be8693d4d6f45927318e7c793a93e9cd0 - languageName: node - linkType: hard - -"remove-trailing-separator@npm:^1.0.1": - version: 1.1.0 - resolution: "remove-trailing-separator@npm:1.1.0" - checksum: d3c20b5a2d987db13e1cca9385d56ecfa1641bae143b620835ac02a6b70ab88f68f117a0021838db826c57b31373d609d52e4f31aca75fc490c862732d595419 - languageName: node - linkType: hard - -"repeat-element@npm:^1.1.2": - version: 1.1.4 - resolution: "repeat-element@npm:1.1.4" - checksum: 1edd0301b7edad71808baad226f0890ba709443f03a698224c9ee4f2494c317892dc5211b2ba8cbea7194a9ddbcac01e283bd66de0467ab24ee1fc1a3711d8a9 - languageName: node - linkType: hard - -"repeat-string@npm:^1.5.2, repeat-string@npm:^1.6.1": - version: 1.6.1 - resolution: "repeat-string@npm:1.6.1" - checksum: 1b809fc6db97decdc68f5b12c4d1a671c8e3f65ec4a40c238bc5200e44e85bcc52a54f78268ab9c29fcf5fe4f1343e805420056d1f30fa9a9ee4c2d93e3cc6c0 - languageName: node - linkType: hard - -"require-directory@npm:^2.1.1": - version: 2.1.1 - resolution: "require-directory@npm:2.1.1" - checksum: fb47e70bf0001fdeabdc0429d431863e9475e7e43ea5f94ad86503d918423c1543361cc5166d713eaa7029dd7a3d34775af04764bebff99ef413111a5af18c80 - languageName: node - linkType: hard - -"require-from-string@npm:^2.0.2": - version: 2.0.2 - resolution: "require-from-string@npm:2.0.2" - checksum: a03ef6895445f33a4015300c426699bc66b2b044ba7b670aa238610381b56d3f07c686251740d575e22f4c87531ba662d06937508f0f3c0f1ddc04db3130560b - languageName: node - linkType: hard - -"resolve-cwd@npm:^3.0.0": - version: 3.0.0 - resolution: "resolve-cwd@npm:3.0.0" - dependencies: - resolve-from: ^5.0.0 - checksum: 546e0816012d65778e580ad62b29e975a642989108d9a3c5beabfb2304192fa3c9f9146fbdfe213563c6ff51975ae41bac1d3c6e047dd9572c94863a057b4d81 - languageName: node - linkType: hard - -"resolve-from@npm:^4.0.0": - version: 4.0.0 - resolution: "resolve-from@npm:4.0.0" - checksum: f4ba0b8494846a5066328ad33ef8ac173801a51739eb4d63408c847da9a2e1c1de1e6cbbf72699211f3d13f8fc1325648b169bd15eb7da35688e30a5fb0e4a7f - languageName: node - linkType: hard - -"resolve-from@npm:^5.0.0": - version: 5.0.0 - resolution: "resolve-from@npm:5.0.0" - checksum: 4ceeb9113e1b1372d0cd969f3468fa042daa1dd9527b1b6bb88acb6ab55d8b9cd65dbf18819f9f9ddf0db804990901dcdaade80a215e7b2c23daae38e64f5bdf - languageName: node - linkType: hard - -"resolve-url@npm:^0.2.1": - version: 0.2.1 - resolution: "resolve-url@npm:0.2.1" - checksum: 7b7035b9ed6e7bc7d289e90aef1eab5a43834539695dac6416ca6e91f1a94132ae4796bbd173cdacfdc2ade90b5f38a3fb6186bebc1b221cd157777a23b9ad14 - languageName: node - linkType: hard - -"resolve.exports@npm:^1.1.0": - version: 1.1.0 - resolution: "resolve.exports@npm:1.1.0" - checksum: 52865af8edb088f6c7759a328584a5de6b226754f004b742523adcfe398cfbc4559515104bc2ae87b8e78b1e4de46c9baec400b3fb1f7d517b86d2d48a098a2d - languageName: node - linkType: hard - -"resolve@npm:^1.1.6, resolve@npm:^1.1.7, resolve@npm:^1.10.0, resolve@npm:^1.20.0": - version: 1.21.0 - resolution: "resolve@npm:1.21.0" - dependencies: - is-core-module: ^2.8.0 - path-parse: ^1.0.7 - supports-preserve-symlinks-flag: ^1.0.0 - bin: - resolve: bin/resolve - checksum: d7d9092a5c04a048bea16c7e5a2eb605ac3e8363a0cc5644de1fde17d5028e8d5f4343aab1d99bd327b98e91a66ea83e242718150c64dfedcb96e5e7aad6c4f5 - languageName: node - linkType: hard - -"resolve@patch:resolve@^1.1.6#~builtin, resolve@patch:resolve@^1.1.7#~builtin, resolve@patch:resolve@^1.10.0#~builtin, resolve@patch:resolve@^1.20.0#~builtin": - version: 1.21.0 - resolution: "resolve@patch:resolve@npm%3A1.21.0#~builtin::version=1.21.0&hash=07638b" - dependencies: - is-core-module: ^2.8.0 - path-parse: ^1.0.7 - supports-preserve-symlinks-flag: ^1.0.0 - bin: - resolve: bin/resolve - checksum: a0a4d1f7409e73190f31f901f8a619960bb3bd4ae38ba3a54c7ea7e1c87758d28a73256bb8d6a35996a903d1bf14f53883f0dcac6c571c063cb8162d813ad26e - languageName: node - linkType: hard - -"responselike@npm:1.0.2": - version: 1.0.2 - resolution: "responselike@npm:1.0.2" - dependencies: - lowercase-keys: ^1.0.0 - checksum: 2e9e70f1dcca3da621a80ce71f2f9a9cad12c047145c6ece20df22f0743f051cf7c73505e109814915f23f9e34fb0d358e22827723ee3d56b623533cab8eafcd - languageName: node - linkType: hard - -"restore-cursor@npm:^3.1.0": - version: 3.1.0 - resolution: "restore-cursor@npm:3.1.0" - dependencies: - onetime: ^5.1.0 - signal-exit: ^3.0.2 - checksum: f877dd8741796b909f2a82454ec111afb84eb45890eb49ac947d87991379406b3b83ff9673a46012fca0d7844bb989f45cc5b788254cf1a39b6b5a9659de0630 - languageName: node - linkType: hard - -"ret@npm:~0.1.10": - version: 0.1.15 - resolution: "ret@npm:0.1.15" - checksum: d76a9159eb8c946586567bd934358dfc08a36367b3257f7a3d7255fdd7b56597235af23c6afa0d7f0254159e8051f93c918809962ebd6df24ca2a83dbe4d4151 - languageName: node - linkType: hard - -"retry@npm:^0.12.0": - version: 0.12.0 - resolution: "retry@npm:0.12.0" - checksum: 623bd7d2e5119467ba66202d733ec3c2e2e26568074923bc0585b6b99db14f357e79bdedb63cab56cec47491c4a0da7e6021a7465ca6dc4f481d3898fdd3158c - languageName: node - linkType: hard - -"retry@npm:^0.13.1": - version: 0.13.1 - resolution: "retry@npm:0.13.1" - checksum: 47c4d5be674f7c13eee4cfe927345023972197dbbdfba5d3af7e461d13b44de1bfd663bfc80d2f601f8ef3fc8164c16dd99655a221921954a65d044a2fc1233b - languageName: node - linkType: hard - -"reusify@npm:^1.0.4": - version: 1.0.4 - resolution: "reusify@npm:1.0.4" - checksum: c3076ebcc22a6bc252cb0b9c77561795256c22b757f40c0d8110b1300723f15ec0fc8685e8d4ea6d7666f36c79ccc793b1939c748bf36f18f542744a4e379fcc - languageName: node - linkType: hard - -"rimraf@npm:^3.0.0, rimraf@npm:^3.0.2": - version: 3.0.2 - resolution: "rimraf@npm:3.0.2" - dependencies: - glob: ^7.1.3 - bin: - rimraf: bin.js - checksum: 87f4164e396f0171b0a3386cc1877a817f572148ee13a7e113b238e48e8a9f2f31d009a92ec38a591ff1567d9662c6b67fd8818a2dbbaed74bc26a87a2a4a9a0 - languageName: node - linkType: hard - -"run-async@npm:^2.4.0": - version: 2.4.1 - resolution: "run-async@npm:2.4.1" - checksum: a2c88aa15df176f091a2878eb840e68d0bdee319d8d97bbb89112223259cebecb94bc0defd735662b83c2f7a30bed8cddb7d1674eb48ae7322dc602b22d03797 - languageName: node - linkType: hard - -"run-parallel@npm:^1.1.9": - version: 1.2.0 - resolution: "run-parallel@npm:1.2.0" - dependencies: - queue-microtask: ^1.2.2 - checksum: cb4f97ad25a75ebc11a8ef4e33bb962f8af8516bb2001082ceabd8902e15b98f4b84b4f8a9b222e5d57fc3bd1379c483886ed4619367a7680dad65316993021d - languageName: node - linkType: hard - -"rxjs@npm:^7.2.0": - version: 7.5.1 - resolution: "rxjs@npm:7.5.1" - dependencies: - tslib: ^2.1.0 - checksum: 78e3eecb1644dd83adabc8d956f879dca62eb19c8afcd6acac71cf6d94534c33ea201e65387494fdeb1332395cba081e194f5a9699d58a5d48e416b8b52372aa - languageName: node - linkType: hard - -"safe-buffer@npm:5.2.1, safe-buffer@npm:^5.0.1, safe-buffer@npm:^5.1.1, safe-buffer@npm:~5.2.0": - version: 5.2.1 - resolution: "safe-buffer@npm:5.2.1" - checksum: b99c4b41fdd67a6aaf280fcd05e9ffb0813654894223afb78a31f14a19ad220bba8aba1cb14eddce1fcfb037155fe6de4e861784eb434f7d11ed58d1e70dd491 - languageName: node - linkType: hard - -"safe-buffer@npm:~5.1.0, safe-buffer@npm:~5.1.1": - version: 5.1.2 - resolution: "safe-buffer@npm:5.1.2" - checksum: f2f1f7943ca44a594893a852894055cf619c1fbcb611237fc39e461ae751187e7baf4dc391a72125e0ac4fb2d8c5c0b3c71529622e6a58f46b960211e704903c - languageName: node - linkType: hard - -"safe-regex@npm:^1.1.0": - version: 1.1.0 - resolution: "safe-regex@npm:1.1.0" - dependencies: - ret: ~0.1.10 - checksum: 9a8bba57c87a841f7997b3b951e8e403b1128c1a4fd1182f40cc1a20e2d490593d7c2a21030fadfea320c8e859219019e136f678c6689ed5960b391b822f01d5 - languageName: node - linkType: hard - -"safer-buffer@npm:>= 2.1.2 < 3, safer-buffer@npm:>= 2.1.2 < 3.0.0": - version: 2.1.2 - resolution: "safer-buffer@npm:2.1.2" - checksum: cab8f25ae6f1434abee8d80023d7e72b598cf1327164ddab31003c51215526801e40b66c5e65d658a0af1e9d6478cadcb4c745f4bd6751f97d8644786c0978b0 - languageName: node - linkType: hard - -"saxes@npm:^5.0.1": - version: 5.0.1 - resolution: "saxes@npm:5.0.1" - dependencies: - xmlchars: ^2.2.0 - checksum: 5636b55cf15f7cf0baa73f2797bf992bdcf75d1b39d82c0aa4608555c774368f6ac321cb641fd5f3d3ceb87805122cd47540da6a7b5960fe0dbdb8f8c263f000 - languageName: node - linkType: hard - -"seek-bzip@npm:^1.0.5": - version: 1.0.6 - resolution: "seek-bzip@npm:1.0.6" - dependencies: - commander: ^2.8.1 - bin: - seek-bunzip: bin/seek-bunzip - seek-table: bin/seek-bzip-table - checksum: c2ab3291e7085558499efd4e99d1466ee6782f6c4a4e4c417aa859e1cd2f5117fb3b5444f3d27c38ec5908c0f0312e2a0bc69dff087751f97b3921b5bde4f9ed - languageName: node - linkType: hard - -"semantic-release@npm:^19.0.2": - version: 19.0.2 - resolution: "semantic-release@npm:19.0.2" - dependencies: - "@semantic-release/commit-analyzer": ^9.0.2 - "@semantic-release/error": ^3.0.0 - "@semantic-release/github": ^8.0.0 - "@semantic-release/npm": ^9.0.0 - "@semantic-release/release-notes-generator": ^10.0.0 - aggregate-error: ^3.0.0 - cosmiconfig: ^7.0.0 - debug: ^4.0.0 - env-ci: ^5.0.0 - execa: ^5.0.0 - figures: ^3.0.0 - find-versions: ^4.0.0 - get-stream: ^6.0.0 - git-log-parser: ^1.2.0 - hook-std: ^2.0.0 - hosted-git-info: ^4.0.0 - lodash: ^4.17.21 - marked: ^4.0.10 - marked-terminal: ^5.0.0 - micromatch: ^4.0.2 - p-each-series: ^2.1.0 - p-reduce: ^2.0.0 - read-pkg-up: ^7.0.0 - resolve-from: ^5.0.0 - semver: ^7.3.2 - semver-diff: ^3.1.1 - signale: ^1.2.1 - yargs: ^16.2.0 - bin: - semantic-release: bin/semantic-release.js - checksum: 0807cae8c57445793d3181a15cd587950aaf6b9c6ea9f4b7876b85a4ac78d1cd8d53f309512fe53eca2a8ed48600dd4d5483ac403bb42bfcf1c88a2c2340cf65 - languageName: node - linkType: hard - -"semver-diff@npm:^3.1.1": - version: 3.1.1 - resolution: "semver-diff@npm:3.1.1" - dependencies: - semver: ^6.3.0 - checksum: 8bbe5a5d7add2d5e51b72314a9215cd294d71f41cdc2bf6bd59ee76411f3610b576172896f1d191d0d7294cb9f2f847438d2ee158adacc0c224dca79052812fe - languageName: node - linkType: hard - -"semver-regex@npm:^3.1.2": - version: 3.1.3 - resolution: "semver-regex@npm:3.1.3" - checksum: a40c17716679f413994ba4723cf32cf94160a4a3db36e3f730f840cb36bbdbcfda2a34df051d1adb56ed2c67c2a00badfaa9e1e4b755ae6addc7d23ebf55c32b - languageName: node - linkType: hard - -"semver@npm:2 || 3 || 4 || 5, semver@npm:^5.6.0": - version: 5.7.1 - resolution: "semver@npm:5.7.1" - bin: - semver: ./bin/semver - checksum: 57fd0acfd0bac382ee87cd52cd0aaa5af086a7dc8d60379dfe65fea491fb2489b6016400813930ecd61fd0952dae75c115287a1b16c234b1550887117744dfaf - languageName: node - linkType: hard - -"semver@npm:7.x, semver@npm:^7.0.0, semver@npm:^7.1.1, semver@npm:^7.1.2, semver@npm:^7.2.1, semver@npm:^7.3.2, semver@npm:^7.3.4, semver@npm:^7.3.5, semver@npm:^7.3.6, semver@npm:^7.3.7": - version: 7.3.7 - resolution: "semver@npm:7.3.7" - dependencies: - lru-cache: ^6.0.0 - bin: - semver: bin/semver.js - checksum: 2fa3e877568cd6ce769c75c211beaed1f9fce80b28338cadd9d0b6c40f2e2862bafd62c19a6cff42f3d54292b7c623277bcab8816a2b5521cf15210d43e75232 - languageName: node - linkType: hard - -"semver@npm:^6.0.0, semver@npm:^6.3.0": - version: 6.3.0 - resolution: "semver@npm:6.3.0" - bin: - semver: ./bin/semver.js - checksum: 1b26ecf6db9e8292dd90df4e781d91875c0dcc1b1909e70f5d12959a23c7eebb8f01ea581c00783bbee72ceeaad9505797c381756326073850dc36ed284b21b9 - languageName: node - linkType: hard - -"set-blocking@npm:^2.0.0": - version: 2.0.0 - resolution: "set-blocking@npm:2.0.0" - checksum: 6e65a05f7cf7ebdf8b7c75b101e18c0b7e3dff4940d480efed8aad3a36a4005140b660fa1d804cb8bce911cac290441dc728084a30504d3516ac2ff7ad607b02 - languageName: node - linkType: hard - -"set-value@npm:^2.0.0, set-value@npm:^2.0.1": - version: 2.0.1 - resolution: "set-value@npm:2.0.1" - dependencies: - extend-shallow: ^2.0.1 - is-extendable: ^0.1.1 - is-plain-object: ^2.0.3 - split-string: ^3.0.1 - checksum: 09a4bc72c94641aeae950eb60dc2755943b863780fcc32e441eda964b64df5e3f50603d5ebdd33394ede722528bd55ed43aae26e9df469b4d32e2292b427b601 - languageName: node - linkType: hard - -"shebang-command@npm:^1.2.0": - version: 1.2.0 - resolution: "shebang-command@npm:1.2.0" - dependencies: - shebang-regex: ^1.0.0 - checksum: 9eed1750301e622961ba5d588af2212505e96770ec376a37ab678f965795e995ade7ed44910f5d3d3cb5e10165a1847f52d3348c64e146b8be922f7707958908 - languageName: node - linkType: hard - -"shebang-command@npm:^2.0.0": - version: 2.0.0 - resolution: "shebang-command@npm:2.0.0" - dependencies: - shebang-regex: ^3.0.0 - checksum: 6b52fe87271c12968f6a054e60f6bde5f0f3d2db483a1e5c3e12d657c488a15474121a1d55cd958f6df026a54374ec38a4a963988c213b7570e1d51575cea7fa - languageName: node - linkType: hard - -"shebang-regex@npm:^1.0.0": - version: 1.0.0 - resolution: "shebang-regex@npm:1.0.0" - checksum: 404c5a752cd40f94591dfd9346da40a735a05139dac890ffc229afba610854d8799aaa52f87f7e0c94c5007f2c6af55bdcaeb584b56691926c5eaf41dc8f1372 - languageName: node - linkType: hard - -"shebang-regex@npm:^3.0.0": - version: 3.0.0 - resolution: "shebang-regex@npm:3.0.0" - checksum: 1a2bcae50de99034fcd92ad4212d8e01eedf52c7ec7830eedcf886622804fe36884278f2be8be0ea5fde3fd1c23911643a4e0f726c8685b61871c8908af01222 - languageName: node - linkType: hard - -"shell-quote@npm:^1.6.1": - version: 1.7.3 - resolution: "shell-quote@npm:1.7.3" - checksum: aca58e73a3a5d933d02e0bdddedc53ee14f7c2ec264f97ac915b9d4482d077a38e422aa664631d60a672cd3cdb4054eb2e6c0303f54882453dacb6483e482d34 - languageName: node - linkType: hard - -"shelljs@npm:^0.8.4": - version: 0.8.5 - resolution: "shelljs@npm:0.8.5" - dependencies: - glob: ^7.0.0 - interpret: ^1.0.0 - rechoir: ^0.6.2 - bin: - shjs: bin/shjs - checksum: 7babc46f732a98f4c054ec1f048b55b9149b98aa2da32f6cf9844c434b43c6251efebd6eec120937bd0999e13811ebd45efe17410edb3ca938f82f9381302748 - languageName: node - linkType: hard - -"shx@npm:^0.3.3": - version: 0.3.3 - resolution: "shx@npm:0.3.3" - dependencies: - minimist: ^1.2.3 - shelljs: ^0.8.4 - bin: - shx: lib/cli.js - checksum: 2e408a79c680cef4d719a56563217031ef20d5c2c18fdfe28933e22d833adabd995ad6fa6be087a141832cb17010facfc0288e90a6743c0276b478759fd393e0 - languageName: node - linkType: hard - -"side-channel@npm:^1.0.4": - version: 1.0.4 - resolution: "side-channel@npm:1.0.4" - dependencies: - call-bind: ^1.0.0 - get-intrinsic: ^1.0.2 - object-inspect: ^1.9.0 - checksum: 351e41b947079c10bd0858364f32bb3a7379514c399edb64ab3dce683933483fc63fb5e4efe0a15a2e8a7e3c436b6a91736ddb8d8c6591b0460a24bb4a1ee245 - languageName: node - linkType: hard - -"signal-exit@npm:^3.0.0, signal-exit@npm:^3.0.2, signal-exit@npm:^3.0.3, signal-exit@npm:^3.0.7": - version: 3.0.7 - resolution: "signal-exit@npm:3.0.7" - checksum: a2f098f247adc367dffc27845853e9959b9e88b01cb301658cfe4194352d8d2bb32e18467c786a7fe15f1d44b233ea35633d076d5e737870b7139949d1ab6318 - languageName: node - linkType: hard - -"signale@npm:^1.2.1, signale@npm:^1.4.0": - version: 1.4.0 - resolution: "signale@npm:1.4.0" - dependencies: - chalk: ^2.3.2 - figures: ^2.0.0 - pkg-conf: ^2.1.0 - checksum: a6a540e054096a1f4cf8b1f21fea62ca3e44a19faa63bd486723b736348609caab1fa59a87f16559de347dde8ae1fdebfc25a8b6723c88ae8239f176ffb0dda5 - languageName: node - linkType: hard - -"sisteransi@npm:^1.0.5": - version: 1.0.5 - resolution: "sisteransi@npm:1.0.5" - checksum: aba6438f46d2bfcef94cf112c835ab395172c75f67453fe05c340c770d3c402363018ae1ab4172a1026a90c47eaccf3af7b6ff6fa749a680c2929bd7fa2b37a4 - languageName: node - linkType: hard - -"slash@npm:^3.0.0": - version: 3.0.0 - resolution: "slash@npm:3.0.0" - checksum: 94a93fff615f25a999ad4b83c9d5e257a7280c90a32a7cb8b4a87996e4babf322e469c42b7f649fd5796edd8687652f3fb452a86dc97a816f01113183393f11c - languageName: node - linkType: hard - -"slash@npm:^4.0.0": - version: 4.0.0 - resolution: "slash@npm:4.0.0" - checksum: da8e4af73712253acd21b7853b7e0dbba776b786e82b010a5bfc8b5051a1db38ed8aba8e1e8f400dd2c9f373be91eb1c42b66e91abb407ff42b10feece5e1d2d - languageName: node - linkType: hard - -"slice-ansi@npm:^4.0.0": - version: 4.0.0 - resolution: "slice-ansi@npm:4.0.0" - dependencies: - ansi-styles: ^4.0.0 - astral-regex: ^2.0.0 - is-fullwidth-code-point: ^3.0.0 - checksum: 4a82d7f085b0e1b070e004941ada3c40d3818563ac44766cca4ceadd2080427d337554f9f99a13aaeb3b4a94d9964d9466c807b3d7b7541d1ec37ee32d308756 - languageName: node - linkType: hard - -"smart-buffer@npm:^4.2.0": - version: 4.2.0 - resolution: "smart-buffer@npm:4.2.0" - checksum: b5167a7142c1da704c0e3af85c402002b597081dd9575031a90b4f229ca5678e9a36e8a374f1814c8156a725d17008ae3bde63b92f9cfd132526379e580bec8b - languageName: node - linkType: hard - -"snapdragon-node@npm:^2.0.1": - version: 2.1.1 - resolution: "snapdragon-node@npm:2.1.1" - dependencies: - define-property: ^1.0.0 - isobject: ^3.0.0 - snapdragon-util: ^3.0.1 - checksum: 9bb57d759f9e2a27935dbab0e4a790137adebace832b393e350a8bf5db461ee9206bb642d4fe47568ee0b44080479c8b4a9ad0ebe3712422d77edf9992a672fd - languageName: node - linkType: hard - -"snapdragon-util@npm:^3.0.1": - version: 3.0.1 - resolution: "snapdragon-util@npm:3.0.1" - dependencies: - kind-of: ^3.2.0 - checksum: 684997dbe37ec995c03fd3f412fba2b711fc34cb4010452b7eb668be72e8811a86a12938b511e8b19baf853b325178c56d8b78d655305e5cfb0bb8b21677e7b7 - languageName: node - linkType: hard - -"snapdragon@npm:^0.8.1": - version: 0.8.2 - resolution: "snapdragon@npm:0.8.2" - dependencies: - base: ^0.11.1 - debug: ^2.2.0 - define-property: ^0.2.5 - extend-shallow: ^2.0.1 - map-cache: ^0.2.2 - source-map: ^0.5.6 - source-map-resolve: ^0.5.0 - use: ^3.1.0 - checksum: a197f242a8f48b11036563065b2487e9b7068f50a20dd81d9161eca6af422174fc158b8beeadbe59ce5ef172aa5718143312b3aebaae551c124b7824387c8312 - languageName: node - linkType: hard - -"socks-proxy-agent@npm:^6.1.1": - version: 6.2.0 - resolution: "socks-proxy-agent@npm:6.2.0" - dependencies: - agent-base: ^6.0.2 - debug: ^4.3.3 - socks: ^2.6.2 - checksum: 6723fd64fb50334e2b340fd0a80fd8488ffc5bc43d85b7cf1d25612044f814dd7d6ea417fd47602159941236f7f4bd15669fa5d7e1f852598a31288e1a43967b - languageName: node - linkType: hard - -"socks@npm:^2.6.2": - version: 2.6.2 - resolution: "socks@npm:2.6.2" - dependencies: - ip: ^1.1.5 - smart-buffer: ^4.2.0 - checksum: dd9194293059d737759d5c69273850ad4149f448426249325c4bea0e340d1cf3d266c3b022694b0dcf5d31f759de23657244c481fc1e8322add80b7985c36b5e - languageName: node - linkType: hard - -"sonic-boom@npm:^2.1.0": - version: 2.4.2 - resolution: "sonic-boom@npm:2.4.2" - dependencies: - atomic-sleep: ^1.0.0 - checksum: 2f63eb28f95e742f2d1f022cf0e3e9df427d0d5c2fd4d24185ac983f60dfd2b45a2d8631e7a88e4d2c21a141cd2890af5aa3ed642ad8edb8716f8f3e017131b6 - languageName: node - linkType: hard - -"sort-keys-length@npm:^1.0.0": - version: 1.0.1 - resolution: "sort-keys-length@npm:1.0.1" - dependencies: - sort-keys: ^1.0.0 - checksum: f9acac5fb31580a9e3d43b419dc86a1b75e85b79036a084d95dd4d1062b621c9589906588ac31e370a0dd381be46d8dbe900efa306d087ca9c912d7a59b5a590 - languageName: node - linkType: hard - -"sort-keys@npm:^1.0.0": - version: 1.1.2 - resolution: "sort-keys@npm:1.1.2" - dependencies: - is-plain-obj: ^1.0.0 - checksum: 5963fd191a2a185a5ec86f06e47721e8e04713eda43bb04ae60d2a8afb21241553dd5bc9d863ed2bd7c3d541b609b0c8d0e58836b1a3eb6764c09c094bcc8b00 - languageName: node - linkType: hard - -"sort-keys@npm:^2.0.0": - version: 2.0.0 - resolution: "sort-keys@npm:2.0.0" - dependencies: - is-plain-obj: ^1.0.0 - checksum: f0fd827fa9f8f866e98588d2a38c35209afbf1e9a05bb0e4ceeeb8bbf31d923c8902b0a7e0f561590ddb65e58eba6a74f74b991c85360bcc52e83a3f0d1cffd7 - languageName: node - linkType: hard - -"source-map-resolve@npm:^0.5.0": - version: 0.5.3 - resolution: "source-map-resolve@npm:0.5.3" - dependencies: - atob: ^2.1.2 - decode-uri-component: ^0.2.0 - resolve-url: ^0.2.1 - source-map-url: ^0.4.0 - urix: ^0.1.0 - checksum: c73fa44ac00783f025f6ad9e038ab1a2e007cd6a6b86f47fe717c3d0765b4a08d264f6966f3bd7cd9dbcd69e4832783d5472e43247775b2a550d6f2155d24bae - languageName: node - linkType: hard - -"source-map-support@npm:^0.5.6": - version: 0.5.21 - resolution: "source-map-support@npm:0.5.21" - dependencies: - buffer-from: ^1.0.0 - source-map: ^0.6.0 - checksum: 43e98d700d79af1d36f859bdb7318e601dfc918c7ba2e98456118ebc4c4872b327773e5a1df09b0524e9e5063bb18f0934538eace60cca2710d1fa687645d137 - languageName: node - linkType: hard - -"source-map-url@npm:^0.4.0": - version: 0.4.1 - resolution: "source-map-url@npm:0.4.1" - checksum: 64c5c2c77aff815a6e61a4120c309ae4cac01298d9bcbb3deb1b46a4dd4c46d4a1eaeda79ec9f684766ae80e8dc86367b89326ce9dd2b89947bd9291fc1ac08c - languageName: node - linkType: hard - -"source-map@npm:^0.5.0, source-map@npm:^0.5.6": - version: 0.5.7 - resolution: "source-map@npm:0.5.7" - checksum: 5dc2043b93d2f194142c7f38f74a24670cd7a0063acdaf4bf01d2964b402257ae843c2a8fa822ad5b71013b5fcafa55af7421383da919752f22ff488bc553f4d - languageName: node - linkType: hard - -"source-map@npm:^0.6.0, source-map@npm:^0.6.1, source-map@npm:~0.6.1": - version: 0.6.1 - resolution: "source-map@npm:0.6.1" - checksum: 59ce8640cf3f3124f64ac289012c2b8bd377c238e316fb323ea22fbfe83da07d81e000071d7242cad7a23cd91c7de98e4df8830ec3f133cb6133a5f6e9f67bc2 - languageName: node - linkType: hard - -"source-map@npm:^0.7.3": - version: 0.7.3 - resolution: "source-map@npm:0.7.3" - checksum: cd24efb3b8fa69b64bf28e3c1b1a500de77e84260c5b7f2b873f88284df17974157cc88d386ee9b6d081f08fdd8242f3fc05c953685a6ad81aad94c7393dedea - languageName: node - linkType: hard - -"spawn-error-forwarder@npm:~1.0.0": - version: 1.0.0 - resolution: "spawn-error-forwarder@npm:1.0.0" - checksum: ac7e69f980ce8dbcdd6323b7e30bc7dc6cbfcc7ebaefa63d71cb2150e153798f4ad20e5182f16137f1537fb8ecea386c3a1f241ade4711ef6c6e1f4a1bc971e5 - languageName: node - linkType: hard - -"spdx-correct@npm:^3.0.0": - version: 3.1.1 - resolution: "spdx-correct@npm:3.1.1" - dependencies: - spdx-expression-parse: ^3.0.0 - spdx-license-ids: ^3.0.0 - checksum: 77ce438344a34f9930feffa61be0eddcda5b55fc592906ef75621d4b52c07400a97084d8701557b13f7d2aae0cb64f808431f469e566ef3fe0a3a131dcb775a6 - languageName: node - linkType: hard - -"spdx-exceptions@npm:^2.1.0": - version: 2.3.0 - resolution: "spdx-exceptions@npm:2.3.0" - checksum: cb69a26fa3b46305637123cd37c85f75610e8c477b6476fa7354eb67c08128d159f1d36715f19be6f9daf4b680337deb8c65acdcae7f2608ba51931540687ac0 - languageName: node - linkType: hard - -"spdx-expression-parse@npm:^3.0.0": - version: 3.0.1 - resolution: "spdx-expression-parse@npm:3.0.1" - dependencies: - spdx-exceptions: ^2.1.0 - spdx-license-ids: ^3.0.0 - checksum: a1c6e104a2cbada7a593eaa9f430bd5e148ef5290d4c0409899855ce8b1c39652bcc88a725259491a82601159d6dc790bedefc9016c7472f7de8de7361f8ccde - languageName: node - linkType: hard - -"spdx-license-ids@npm:^3.0.0": - version: 3.0.11 - resolution: "spdx-license-ids@npm:3.0.11" - checksum: 1da1acb090257773e60b022094050e810ae9fec874dc1461f65dc0400cd42dd830ab2df6e64fb49c2db3dce386dd0362110780e1b154db7c0bb413488836aaeb - languageName: node - linkType: hard - -"split-string@npm:^3.0.1, split-string@npm:^3.0.2": - version: 3.1.0 - resolution: "split-string@npm:3.1.0" - dependencies: - extend-shallow: ^3.0.0 - checksum: ae5af5c91bdc3633628821bde92fdf9492fa0e8a63cf6a0376ed6afde93c701422a1610916f59be61972717070119e848d10dfbbd5024b7729d6a71972d2a84c - languageName: node - linkType: hard - -"split2@npm:^3.0.0": - version: 3.2.2 - resolution: "split2@npm:3.2.2" - dependencies: - readable-stream: ^3.0.0 - checksum: 8127ddbedd0faf31f232c0e9192fede469913aa8982aa380752e0463b2e31c2359ef6962eb2d24c125bac59eeec76873678d723b1c7ff696216a1cd071e3994a - languageName: node - linkType: hard - -"split2@npm:~1.0.0": - version: 1.0.0 - resolution: "split2@npm:1.0.0" - dependencies: - through2: ~2.0.0 - checksum: 84cb1713a9b5ef7da06dbcb60780051f34a3b68f737a4bd5e807804ba742e3667f9e9e49eb589c1d7adb0bda4cf1eac9ea27a1040d480c785fc339c40b78396e - languageName: node - linkType: hard - -"split@npm:^1.0.0": - version: 1.0.1 - resolution: "split@npm:1.0.1" - dependencies: - through: 2 - checksum: 12f4554a5792c7e98bb3e22b53c63bfa5ef89aa704353e1db608a55b51f5b12afaad6e4a8ecf7843c15f273f43cdadd67b3705cc43d48a75c2cf4641d51f7e7a - languageName: node - linkType: hard - -"sprintf-js@npm:~1.0.2": - version: 1.0.3 - resolution: "sprintf-js@npm:1.0.3" - checksum: 19d79aec211f09b99ec3099b5b2ae2f6e9cdefe50bc91ac4c69144b6d3928a640bb6ae5b3def70c2e85a2c3d9f5ec2719921e3a59d3ca3ef4b2fd1a4656a0df3 - languageName: node - linkType: hard - -"ssri@npm:^8.0.1": - version: 8.0.1 - resolution: "ssri@npm:8.0.1" - dependencies: - minipass: ^3.1.1 - checksum: bc447f5af814fa9713aa201ec2522208ae0f4d8f3bda7a1f445a797c7b929a02720436ff7c478fb5edc4045adb02b1b88d2341b436a80798734e2494f1067b36 - languageName: node - linkType: hard - -"ssri@npm:^9.0.0": - version: 9.0.0 - resolution: "ssri@npm:9.0.0" - dependencies: - minipass: ^3.1.1 - checksum: bf33174232d07cc64e77ab1c51b55d28352273380c503d35642a19627e88a2c5f160039bb0a28608a353485075dda084dbf0390c7070f9f284559eb71d01b84b - languageName: node - linkType: hard - -"stack-utils@npm:^2.0.3": - version: 2.0.5 - resolution: "stack-utils@npm:2.0.5" - dependencies: - escape-string-regexp: ^2.0.0 - checksum: 76b69da0f5b48a34a0f93c98ee2a96544d2c4ca2557f7eef5ddb961d3bdc33870b46f498a84a7c4f4ffb781df639840e7ebf6639164ed4da5e1aeb659615b9c7 - languageName: node - linkType: hard - -"static-eval@npm:2.0.2": - version: 2.0.2 - resolution: "static-eval@npm:2.0.2" - dependencies: - escodegen: ^1.8.1 - checksum: 335a923c5ccb29add404ac23d0a55c0da6cee3071f6f67a7053aeac0dedc6dbfc53ac9269e9c25f403f5b7603a291ef47d7114f99bde241184f7aa3f9286dc32 - languageName: node - linkType: hard - -"static-extend@npm:^0.1.1": - version: 0.1.2 - resolution: "static-extend@npm:0.1.2" - dependencies: - define-property: ^0.2.5 - object-copy: ^0.1.0 - checksum: 8657485b831f79e388a437260baf22784540417a9b29e11572c87735df24c22b84eda42107403a64b30861b2faf13df9f7fc5525d51f9d1d2303aba5cbf4e12c - languageName: node - linkType: hard - -"stream-buffers@npm:^3.0.2": - version: 3.0.2 - resolution: "stream-buffers@npm:3.0.2" - checksum: b09fdeea606e3113ebd0e07010ed0cf038608fa396130add9e45deaff5cc3ba845dc25c31ad24f8341f85907846344cb7c85f75ea52c6572e2ac646e9b6072d0 - languageName: node - linkType: hard - -"stream-combiner2@npm:~1.1.1": - version: 1.1.1 - resolution: "stream-combiner2@npm:1.1.1" - dependencies: - duplexer2: ~0.1.0 - readable-stream: ^2.0.2 - checksum: dd32d179fa8926619c65471a7396fc638ec8866616c0b8747c4e05563ccdb0b694dd4e83cd799f1c52789c965a40a88195942b82b8cea2ee7a5536f1954060f9 - languageName: node - linkType: hard - -"strict-uri-encode@npm:^1.0.0": - version: 1.1.0 - resolution: "strict-uri-encode@npm:1.1.0" - checksum: 9466d371f7b36768d43f7803f26137657559e4c8b0161fb9e320efb8edba3ae22f8e99d4b0d91da023b05a13f62ec5412c3f4f764b5788fac11d1fea93720bb3 - languageName: node - linkType: hard - -"string-length@npm:^4.0.1": - version: 4.0.2 - resolution: "string-length@npm:4.0.2" - dependencies: - char-regex: ^1.0.2 - strip-ansi: ^6.0.0 - checksum: ce85533ef5113fcb7e522bcf9e62cb33871aa99b3729cec5595f4447f660b0cefd542ca6df4150c97a677d58b0cb727a3fe09ac1de94071d05526c73579bf505 - languageName: node - linkType: hard - -"string-width@npm:^1.0.2 || 2 || 3 || 4, string-width@npm:^4.1.0, string-width@npm:^4.2.0, string-width@npm:^4.2.3": - version: 4.2.3 - resolution: "string-width@npm:4.2.3" - dependencies: - emoji-regex: ^8.0.0 - is-fullwidth-code-point: ^3.0.0 - strip-ansi: ^6.0.1 - checksum: e52c10dc3fbfcd6c3a15f159f54a90024241d0f149cf8aed2982a2d801d2e64df0bf1dc351cf8e95c3319323f9f220c16e740b06faecd53e2462df1d2b5443fb - languageName: node - linkType: hard - -"string.prototype.trimend@npm:^1.0.4": - version: 1.0.4 - resolution: "string.prototype.trimend@npm:1.0.4" - dependencies: - call-bind: ^1.0.2 - define-properties: ^1.1.3 - checksum: 17e5aa45c3983f582693161f972c1c1fa4bbbdf22e70e582b00c91b6575f01680dc34e83005b98e31abe4d5d29e0b21fcc24690239c106c7b2315aade6a898ac - languageName: node - linkType: hard - -"string.prototype.trimstart@npm:^1.0.4": - version: 1.0.4 - resolution: "string.prototype.trimstart@npm:1.0.4" - dependencies: - call-bind: ^1.0.2 - define-properties: ^1.1.3 - checksum: 3fb06818d3cccac5fa3f5f9873d984794ca0e9f6616fae6fcc745885d9efed4e17fe15f832515d9af5e16c279857fdbffdfc489ca4ed577811b017721b30302f - languageName: node - linkType: hard - -"string_decoder@npm:^1.1.1": - version: 1.3.0 - resolution: "string_decoder@npm:1.3.0" - dependencies: - safe-buffer: ~5.2.0 - checksum: 8417646695a66e73aefc4420eb3b84cc9ffd89572861fe004e6aeb13c7bc00e2f616247505d2dbbef24247c372f70268f594af7126f43548565c68c117bdeb56 - languageName: node - linkType: hard - -"string_decoder@npm:~1.1.1": - version: 1.1.1 - resolution: "string_decoder@npm:1.1.1" - dependencies: - safe-buffer: ~5.1.0 - checksum: 9ab7e56f9d60a28f2be697419917c50cac19f3e8e6c28ef26ed5f4852289fe0de5d6997d29becf59028556f2c62983790c1d9ba1e2a3cc401768ca12d5183a5b - languageName: node - linkType: hard - -"strip-ansi@npm:^6.0.0, strip-ansi@npm:^6.0.1": - version: 6.0.1 - resolution: "strip-ansi@npm:6.0.1" - dependencies: - ansi-regex: ^5.0.1 - checksum: f3cd25890aef3ba6e1a74e20896c21a46f482e93df4a06567cebf2b57edabb15133f1f94e57434e0a958d61186087b1008e89c94875d019910a213181a14fc8c - languageName: node - linkType: hard - -"strip-bom@npm:^3.0.0": - version: 3.0.0 - resolution: "strip-bom@npm:3.0.0" - checksum: 8d50ff27b7ebe5ecc78f1fe1e00fcdff7af014e73cf724b46fb81ef889eeb1015fc5184b64e81a2efe002180f3ba431bdd77e300da5c6685d702780fbf0c8d5b - languageName: node - linkType: hard - -"strip-bom@npm:^4.0.0": - version: 4.0.0 - resolution: "strip-bom@npm:4.0.0" - checksum: 9dbcfbaf503c57c06af15fe2c8176fb1bf3af5ff65003851a102749f875a6dbe0ab3b30115eccf6e805e9d756830d3e40ec508b62b3f1ddf3761a20ebe29d3f3 - languageName: node - linkType: hard - -"strip-dirs@npm:^2.0.0": - version: 2.1.0 - resolution: "strip-dirs@npm:2.1.0" - dependencies: - is-natural-number: ^4.0.1 - checksum: 9465547d71d8819daa7a5c9d4d783289ed8eac72eb06bd687bed382ce62af8ab8e6ffbda229805f5d2e71acce2ca4915e781c94190d284994cbc0b7cdc8303cc - languageName: node - linkType: hard - -"strip-eof@npm:^1.0.0": - version: 1.0.0 - resolution: "strip-eof@npm:1.0.0" - checksum: 40bc8ddd7e072f8ba0c2d6d05267b4e0a4800898c3435b5fb5f5a21e6e47dfaff18467e7aa0d1844bb5d6274c3097246595841fbfeb317e541974ee992cac506 - languageName: node - linkType: hard - -"strip-eof@npm:^2.0.0": - version: 2.0.0 - resolution: "strip-eof@npm:2.0.0" - checksum: b5f0df428ccbc90f96595fae9a841fd8d108d0c962cad4b8b1ea171b0237d72092d4d04348fc48e91d513f90cf916e5d76181243d586e25506f3c31c779290e4 - languageName: node - linkType: hard - -"strip-final-newline@npm:^2.0.0": - version: 2.0.0 - resolution: "strip-final-newline@npm:2.0.0" - checksum: 69412b5e25731e1938184b5d489c32e340605bb611d6140344abc3421b7f3c6f9984b21dff296dfcf056681b82caa3bb4cc996a965ce37bcfad663e92eae9c64 - languageName: node - linkType: hard - -"strip-final-newline@npm:^3.0.0": - version: 3.0.0 - resolution: "strip-final-newline@npm:3.0.0" - checksum: 23ee263adfa2070cd0f23d1ac14e2ed2f000c9b44229aec9c799f1367ec001478469560abefd00c5c99ee6f0b31c137d53ec6029c53e9f32a93804e18c201050 - languageName: node - linkType: hard - -"strip-indent@npm:^3.0.0": - version: 3.0.0 - resolution: "strip-indent@npm:3.0.0" - dependencies: - min-indent: ^1.0.0 - checksum: 18f045d57d9d0d90cd16f72b2313d6364fd2cb4bf85b9f593523ad431c8720011a4d5f08b6591c9d580f446e78855c5334a30fb91aa1560f5d9f95ed1b4a0530 - languageName: node - linkType: hard - -"strip-indent@npm:^4.0.0": - version: 4.0.0 - resolution: "strip-indent@npm:4.0.0" - dependencies: - min-indent: ^1.0.1 - checksum: 06cbcd93da721c46bc13caeb1c00af93a9b18146a1c95927672d2decab6a25ad83662772417cea9317a2507fb143253ecc23c4415b64f5828cef9b638a744598 - languageName: node - linkType: hard - -"strip-json-comments@npm:^3.1.0, strip-json-comments@npm:^3.1.1": - version: 3.1.1 - resolution: "strip-json-comments@npm:3.1.1" - checksum: 492f73e27268f9b1c122733f28ecb0e7e8d8a531a6662efbd08e22cccb3f9475e90a1b82cab06a392f6afae6d2de636f977e231296400d0ec5304ba70f166443 - languageName: node - linkType: hard - -"strip-json-comments@npm:~2.0.1": - version: 2.0.1 - resolution: "strip-json-comments@npm:2.0.1" - checksum: 1074ccb63270d32ca28edfb0a281c96b94dc679077828135141f27d52a5a398ef5e78bcf22809d23cadc2b81dfbe345eb5fd8699b385c8b1128907dec4a7d1e1 - languageName: node - linkType: hard - -"strip-outer@npm:^1.0.0": - version: 1.0.1 - resolution: "strip-outer@npm:1.0.1" - dependencies: - escape-string-regexp: ^1.0.2 - checksum: f8d65d33ca2b49aabc66bb41d689dda7b8b9959d320e3a40a2ef4d7079ff2f67ffb72db43f179f48dbf9495c2e33742863feab7a584d180fa62505439162c191 - languageName: node - linkType: hard - -"subarg@npm:^1.0.0": - version: 1.0.0 - resolution: "subarg@npm:1.0.0" - dependencies: - minimist: ^1.1.0 - checksum: 8359df72e9a2d03c35702ba58e49cac04daae8f27dff26837e12687c7d10cb800a036fd33fdc5eb0e8c24fb25d804f657fe8bde18dd3dd6ec7dab8eff7aac27e - languageName: node - linkType: hard - -"supports-color@npm:^7.0.0, supports-color@npm:^7.1.0": - version: 7.2.0 - resolution: "supports-color@npm:7.2.0" - dependencies: - has-flag: ^4.0.0 - checksum: 3dda818de06ebbe5b9653e07842d9479f3555ebc77e9a0280caf5a14fb877ffee9ed57007c3b78f5a6324b8dbeec648d9e97a24e2ed9fdb81ddc69ea07100f4a - languageName: node - linkType: hard - -"supports-color@npm:^8.0.0": - version: 8.1.1 - resolution: "supports-color@npm:8.1.1" - dependencies: - has-flag: ^4.0.0 - checksum: c052193a7e43c6cdc741eb7f378df605636e01ad434badf7324f17fb60c69a880d8d8fcdcb562cf94c2350e57b937d7425ab5b8326c67c2adc48f7c87c1db406 - languageName: node - linkType: hard - -"supports-hyperlinks@npm:^2.0.0, supports-hyperlinks@npm:^2.2.0": - version: 2.2.0 - resolution: "supports-hyperlinks@npm:2.2.0" - dependencies: - has-flag: ^4.0.0 - supports-color: ^7.0.0 - checksum: aef04fb41f4a67f1bc128f7c3e88a81b6cf2794c800fccf137006efe5bafde281da3e42e72bf9206c2fcf42e6438f37e3a820a389214d0a88613ca1f2d36076a - languageName: node - linkType: hard - -"supports-preserve-symlinks-flag@npm:^1.0.0": - version: 1.0.0 - resolution: "supports-preserve-symlinks-flag@npm:1.0.0" - checksum: 53b1e247e68e05db7b3808b99b892bd36fb096e6fba213a06da7fab22045e97597db425c724f2bbd6c99a3c295e1e73f3e4de78592289f38431049e1277ca0ae - languageName: node - linkType: hard - -"symbol-tree@npm:^3.2.4": - version: 3.2.4 - resolution: "symbol-tree@npm:3.2.4" - checksum: 6e8fc7e1486b8b54bea91199d9535bb72f10842e40c79e882fc94fb7b14b89866adf2fd79efa5ebb5b658bc07fb459ccce5ac0e99ef3d72f474e74aaf284029d - languageName: node - linkType: hard - -"table@npm:^6.0.9": - version: 6.8.0 - resolution: "table@npm:6.8.0" - dependencies: - ajv: ^8.0.1 - lodash.truncate: ^4.4.2 - slice-ansi: ^4.0.0 - string-width: ^4.2.3 - strip-ansi: ^6.0.1 - checksum: 5b07fe462ee03d2e1fac02cbb578efd2e0b55ac07e3d3db2e950aa9570ade5a4a2b8d3c15e9f25c89e4e50b646bc4269934601ee1eef4ca7968ad31960977690 - languageName: node - linkType: hard - -"tar-stream@npm:^1.5.2": - version: 1.6.2 - resolution: "tar-stream@npm:1.6.2" - dependencies: - bl: ^1.0.0 - buffer-alloc: ^1.2.0 - end-of-stream: ^1.0.0 - fs-constants: ^1.0.0 - readable-stream: ^2.3.0 - to-buffer: ^1.1.1 - xtend: ^4.0.0 - checksum: a5d49e232d3e33321bbd150381b6a4e5046bf12b1c2618acb95435b7871efde4d98bd1891eb2200478a7142ef7e304e033eb29bbcbc90451a2cdfa1890e05245 - languageName: node - linkType: hard - -"tar@npm:^6.1.0, tar@npm:^6.1.11, tar@npm:^6.1.2": - version: 6.1.11 - resolution: "tar@npm:6.1.11" - dependencies: - chownr: ^2.0.0 - fs-minipass: ^2.0.0 - minipass: ^3.0.0 - minizlib: ^2.1.1 - mkdirp: ^1.0.3 - yallist: ^4.0.0 - checksum: a04c07bb9e2d8f46776517d4618f2406fb977a74d914ad98b264fc3db0fe8224da5bec11e5f8902c5b9bcb8ace22d95fbe3c7b36b8593b7dfc8391a25898f32f - languageName: node - linkType: hard - -"temp-dir@npm:^1.0.0": - version: 1.0.0 - resolution: "temp-dir@npm:1.0.0" - checksum: cb2b58ddfb12efa83e939091386ad73b425c9a8487ea0095fe4653192a40d49184a771a1beba99045fbd011e389fd563122d79f54f82be86a55620667e08a6b2 - languageName: node - linkType: hard - -"temp-dir@npm:^2.0.0": - version: 2.0.0 - resolution: "temp-dir@npm:2.0.0" - checksum: cc4f0404bf8d6ae1a166e0e64f3f409b423f4d1274d8c02814a59a5529f07db6cd070a749664141b992b2c1af337fa9bb451a460a43bb9bcddc49f235d3115aa - languageName: node - linkType: hard - -"tempfile@npm:^2.0.0": - version: 2.0.0 - resolution: "tempfile@npm:2.0.0" - dependencies: - temp-dir: ^1.0.0 - uuid: ^3.0.1 - checksum: 8a92a0f57e0ae457dfbc156b14c427b42048a86ca6bade311835cc2aeda61b25b82d688f71f2d663dde6f172f479ed07293b53f7981e41cb6f9120a3eb4fe797 - languageName: node - linkType: hard - -"tempfile@npm:^3.0.0": - version: 3.0.0 - resolution: "tempfile@npm:3.0.0" - dependencies: - temp-dir: ^2.0.0 - uuid: ^3.3.2 - checksum: ebf07b7e580ab0a0673093d84007783f3d3bef9f82108e463c353974382296ba2d3309c8ac9574efba0dec8c99c27c5392f11b3de85d3f3a88a22850e9f782ef - languageName: node - linkType: hard - -"tempy@npm:^1.0.0": - version: 1.0.1 - resolution: "tempy@npm:1.0.1" - dependencies: - del: ^6.0.0 - is-stream: ^2.0.0 - temp-dir: ^2.0.0 - type-fest: ^0.16.0 - unique-string: ^2.0.0 - checksum: e77ca4440af18e42dc64d8903b7ed0be673455b76680ff94a7d7c6ee7c16f7604bdcdee3c39436342b1082c23eda010dbe48f6094e836e0bd53c8b1aa63e5b95 - languageName: node - linkType: hard - -"tempy@npm:^2.0.0": - version: 2.0.0 - resolution: "tempy@npm:2.0.0" - dependencies: - del: ^6.0.0 - is-stream: ^3.0.0 - temp-dir: ^2.0.0 - type-fest: ^2.0.0 - unique-string: ^3.0.0 - checksum: b4834033830b9ca8876d1b2c886c43fcae4965cfe6a40baa28999d3f07b34de19d1f383e7829353d33b431c2a7f2393382df25de9ac65e1c2b6285f969c52d88 - languageName: node - linkType: hard - -"terminal-link@npm:^2.0.0": - version: 2.1.1 - resolution: "terminal-link@npm:2.1.1" - dependencies: - ansi-escapes: ^4.2.1 - supports-hyperlinks: ^2.0.0 - checksum: ce3d2cd3a438c4a9453947aa664581519173ea40e77e2534d08c088ee6dda449eabdbe0a76d2a516b8b73c33262fedd10d5270ccf7576ae316e3db170ce6562f - languageName: node - linkType: hard - -"test-exclude@npm:^6.0.0": - version: 6.0.0 - resolution: "test-exclude@npm:6.0.0" - dependencies: - "@istanbuljs/schema": ^0.1.2 - glob: ^7.1.4 - minimatch: ^3.0.4 - checksum: 3b34a3d77165a2cb82b34014b3aba93b1c4637a5011807557dc2f3da826c59975a5ccad765721c4648b39817e3472789f9b0fa98fc854c5c1c7a1e632aacdc28 - languageName: node - linkType: hard - -"text-extensions@npm:^1.0.0": - version: 1.9.0 - resolution: "text-extensions@npm:1.9.0" - checksum: 56a9962c1b62d39b2bcb369b7558ca85c1b55e554b38dfd725edcc0a1babe5815782a60c17ff6b839093b163dfebb92b804208aaaea616ec7571c8059ae0cf44 - languageName: node - linkType: hard - -"text-table@npm:^0.2.0, text-table@npm:~0.2.0": - version: 0.2.0 - resolution: "text-table@npm:0.2.0" - checksum: b6937a38c80c7f84d9c11dd75e49d5c44f71d95e810a3250bd1f1797fc7117c57698204adf676b71497acc205d769d65c16ae8fa10afad832ae1322630aef10a - languageName: node - linkType: hard - -"throat@npm:^6.0.1": - version: 6.0.1 - resolution: "throat@npm:6.0.1" - checksum: 782d4171ee4e3cf947483ed2ff1af3e17cc4354c693b9d339284f61f99fbc401d171e0b0d2db3295bb7d447630333e9319c174ebd7ef315c6fb791db9675369c - languageName: node - linkType: hard - -"through2@npm:^4.0.0": - version: 4.0.2 - resolution: "through2@npm:4.0.2" - dependencies: - readable-stream: 3 - checksum: ac7430bd54ccb7920fd094b1c7ff3e1ad6edd94202e5528331253e5fde0cc56ceaa690e8df9895de2e073148c52dfbe6c4db74cacae812477a35660090960cc0 - languageName: node - linkType: hard - -"through2@npm:~2.0.0": - version: 2.0.5 - resolution: "through2@npm:2.0.5" - dependencies: - readable-stream: ~2.3.6 - xtend: ~4.0.1 - checksum: beb0f338aa2931e5660ec7bf3ad949e6d2e068c31f4737b9525e5201b824ac40cac6a337224856b56bd1ddd866334bbfb92a9f57cd6f66bc3f18d3d86fc0fe50 - languageName: node - linkType: hard - -"through@npm:2, through@npm:>=2.2.7 <3, through@npm:^2.3.6, through@npm:^2.3.8": - version: 2.3.8 - resolution: "through@npm:2.3.8" - checksum: a38c3e059853c494af95d50c072b83f8b676a9ba2818dcc5b108ef252230735c54e0185437618596c790bbba8fcdaef5b290405981ffa09dce67b1f1bf190cbd - languageName: node - linkType: hard - -"timed-out@npm:^4.0.0, timed-out@npm:^4.0.1": - version: 4.0.1 - resolution: "timed-out@npm:4.0.1" - checksum: 98efc5d6fc0d2a329277bd4d34f65c1bf44d9ca2b14fd267495df92898f522e6f563c5e9e467c418e0836f5ca1f47a84ca3ee1de79b1cc6fe433834b7f02ec54 - languageName: node - linkType: hard - -"tiny-relative-date@npm:^1.3.0": - version: 1.3.0 - resolution: "tiny-relative-date@npm:1.3.0" - checksum: 82a1fa2f3b00cd77c3ff0cf45380dad9e5befa8ee344d8de8076525efda4e6bd6af8f7f483e103b5834dc34bbed337fab7ac151f1d1a429a20f434a3744057b4 - languageName: node - linkType: hard - -"tmp@npm:^0.0.33": - version: 0.0.33 - resolution: "tmp@npm:0.0.33" - dependencies: - os-tmpdir: ~1.0.2 - checksum: 902d7aceb74453ea02abbf58c203f4a8fc1cead89b60b31e354f74ed5b3fb09ea817f94fb310f884a5d16987dd9fa5a735412a7c2dd088dd3d415aa819ae3a28 - languageName: node - linkType: hard - -"tmpl@npm:1.0.5": - version: 1.0.5 - resolution: "tmpl@npm:1.0.5" - checksum: cd922d9b853c00fe414c5a774817be65b058d54a2d01ebb415840960406c669a0fc632f66df885e24cb022ec812739199ccbdb8d1164c3e513f85bfca5ab2873 - languageName: node - linkType: hard - -"to-buffer@npm:^1.1.1": - version: 1.1.1 - resolution: "to-buffer@npm:1.1.1" - checksum: 6c897f58c2bdd8b8b1645ea515297732fec6dafb089bf36d12370c102ff5d64abf2be9410e0b1b7cfc707bada22d9a4084558010bfc78dd7023748dc5dd9a1ce - languageName: node - linkType: hard - -"to-fast-properties@npm:^2.0.0": - version: 2.0.0 - resolution: "to-fast-properties@npm:2.0.0" - checksum: be2de62fe58ead94e3e592680052683b1ec986c72d589e7b21e5697f8744cdbf48c266fa72f6c15932894c10187b5f54573a3bcf7da0bfd964d5caf23d436168 - languageName: node - linkType: hard - -"to-object-path@npm:^0.3.0": - version: 0.3.0 - resolution: "to-object-path@npm:0.3.0" - dependencies: - kind-of: ^3.0.2 - checksum: 9425effee5b43e61d720940fa2b889623f77473d459c2ce3d4a580a4405df4403eec7be6b857455908070566352f9e2417304641ed158dda6f6a365fe3e66d70 - languageName: node - linkType: hard - -"to-regex-range@npm:^2.1.0": - version: 2.1.1 - resolution: "to-regex-range@npm:2.1.1" - dependencies: - is-number: ^3.0.0 - repeat-string: ^1.6.1 - checksum: 46093cc14be2da905cc931e442d280b2e544e2bfdb9a24b3cf821be8d342f804785e5736c108d5be026021a05d7b38144980a61917eee3c88de0a5e710e10320 - languageName: node - linkType: hard - -"to-regex-range@npm:^5.0.1": - version: 5.0.1 - resolution: "to-regex-range@npm:5.0.1" - dependencies: - is-number: ^7.0.0 - checksum: f76fa01b3d5be85db6a2a143e24df9f60dd047d151062d0ba3df62953f2f697b16fe5dad9b0ac6191c7efc7b1d9dcaa4b768174b7b29da89d4428e64bc0a20ed - languageName: node - linkType: hard - -"to-regex@npm:^3.0.1, to-regex@npm:^3.0.2": - version: 3.0.2 - resolution: "to-regex@npm:3.0.2" - dependencies: - define-property: ^2.0.2 - extend-shallow: ^3.0.2 - regex-not: ^1.0.2 - safe-regex: ^1.1.0 - checksum: 4ed4a619059b64e204aad84e4e5f3ea82d97410988bcece7cf6cbfdbf193d11bff48cf53842d88b8bb00b1bfc0d048f61f20f0709e6f393fd8fe0122662d9db4 - languageName: node - linkType: hard - -"toposort@npm:^2.0.2": - version: 2.0.2 - resolution: "toposort@npm:2.0.2" - checksum: d64c74b570391c9432873f48e231b439ee56bc49f7cb9780b505cfdf5cb832f808d0bae072515d93834dd6bceca5bb34448b5b4b408335e4d4716eaf68195dcb - languageName: node - linkType: hard - -"tough-cookie@npm:^4.0.0": - version: 4.0.0 - resolution: "tough-cookie@npm:4.0.0" - dependencies: - psl: ^1.1.33 - punycode: ^2.1.1 - universalify: ^0.1.2 - checksum: 0891b37eb7d17faa3479d47f0dce2e3007f2583094ad272f2670d120fbcc3df3b0b0a631ba96ecad49f9e2297d93ff8995ce0d3292d08dd7eabe162f5b224d69 - languageName: node - linkType: hard - -"tr46@npm:^2.1.0": - version: 2.1.0 - resolution: "tr46@npm:2.1.0" - dependencies: - punycode: ^2.1.1 - checksum: ffe6049b9dca3ae329b059aada7f515b0f0064c611b39b51ff6b53897e954650f6f63d9319c6c008d36ead477c7b55e5f64c9dc60588ddc91ff720d64eb710b3 - languageName: node - linkType: hard - -"tr46@npm:~0.0.3": - version: 0.0.3 - resolution: "tr46@npm:0.0.3" - checksum: 726321c5eaf41b5002e17ffbd1fb7245999a073e8979085dacd47c4b4e8068ff5777142fc6726d6ca1fd2ff16921b48788b87225cbc57c72636f6efa8efbffe3 - languageName: node - linkType: hard - -"traverse@npm:~0.6.6": - version: 0.6.6 - resolution: "traverse@npm:0.6.6" - checksum: e2afa72f11efa9ba31ed763d2d9d2aa244612f22015d16c0ea3ba5f6ca8bf071de87f8108b721885cce06ea4a36ef4605d9228c67e431d9015ea4685cb364420 - languageName: node - linkType: hard - -"treeverse@npm:^1.0.4": - version: 1.0.4 - resolution: "treeverse@npm:1.0.4" - checksum: 712640acd811060ff552a3c761f700d18d22a4da544d31b4e290817ac4bbbfcfe33b58f85e7a5787e6ff7351d3a9100670721a289ca14eb87b36ad8a0c20ebd8 - languageName: node - linkType: hard - -"treeverse@npm:^2.0.0": - version: 2.0.0 - resolution: "treeverse@npm:2.0.0" - checksum: 3c6b2b890975a4d42c86b9a0f1eb932b4450db3fa874be5c301c4f5e306fd76330c6a490cf334b0937b3a44b049787ba5d98c88bc7b140f34fdb3ab1f83e5269 - languageName: node - linkType: hard - -"trim-newlines@npm:^3.0.0": - version: 3.0.1 - resolution: "trim-newlines@npm:3.0.1" - checksum: b530f3fadf78e570cf3c761fb74fef655beff6b0f84b29209bac6c9622db75ad1417f4a7b5d54c96605dcd72734ad44526fef9f396807b90839449eb543c6206 - languageName: node - linkType: hard - -"trim-newlines@npm:^4.0.2": - version: 4.0.2 - resolution: "trim-newlines@npm:4.0.2" - checksum: 1eef206eb77361856dff0b827e5811baf64574bb21e81b7ad643fe321c5c19b0a452dd83e9afc31206993fcff9bb90a379925d7b5915f887de1ca7da5b57933a - languageName: node - linkType: hard - -"trim-repeated@npm:^1.0.0": - version: 1.0.0 - resolution: "trim-repeated@npm:1.0.0" - dependencies: - escape-string-regexp: ^1.0.2 - checksum: e25c235305b82c43f1d64a67a71226c406b00281755e4c2c4f3b1d0b09c687a535dd3c4483327f949f28bb89dc400a0bc5e5b749054f4b99f49ebfe48ba36496 - languageName: node - linkType: hard - -"ts-jest@npm:^27.0.4": - version: 27.1.2 - resolution: "ts-jest@npm:27.1.2" - dependencies: - bs-logger: 0.x - fast-json-stable-stringify: 2.x - jest-util: ^27.0.0 - json5: 2.x - lodash.memoize: 4.x - make-error: 1.x - semver: 7.x - yargs-parser: 20.x - peerDependencies: - "@babel/core": ">=7.0.0-beta.0 <8" - "@types/jest": ^27.0.0 - babel-jest: ">=27.0.0 <28" - esbuild: ~0.14.0 - jest: ^27.0.0 - typescript: ">=3.8 <5.0" - peerDependenciesMeta: - "@babel/core": - optional: true - "@types/jest": - optional: true - babel-jest: - optional: true - esbuild: - optional: true - bin: - ts-jest: cli.js - checksum: 2e7275f8a3545ec1340b37c458ace9244b5903e86861eb108beffff97d433f296c1254f76a41b573b1fe6245110b21bb62150bb88d55159f1dc7a929886535cb - languageName: node - linkType: hard - -"tsconfig-paths@npm:^3.12.0": - version: 3.12.0 - resolution: "tsconfig-paths@npm:3.12.0" - dependencies: - "@types/json5": ^0.0.29 - json5: ^1.0.1 - minimist: ^1.2.0 - strip-bom: ^3.0.0 - checksum: 4999ec6cd1c7cc06750a460dbc0d39fe3595a4308cb5f1d0d0a8283009cf9c0a30d5a156508c28fe3a47760508af5263ab288fc23d71e9762779674257a95d3b - languageName: node - linkType: hard - -"tslib@npm:^1, tslib@npm:^1.8.1": - version: 1.14.1 - resolution: "tslib@npm:1.14.1" - checksum: dbe628ef87f66691d5d2959b3e41b9ca0045c3ee3c7c7b906cc1e328b39f199bb1ad9e671c39025bd56122ac57dfbf7385a94843b1cc07c60a4db74795829acd - languageName: node - linkType: hard - -"tslib@npm:^2.1.0, tslib@npm:^2.3.1, tslib@npm:~2.3.0": - version: 2.3.1 - resolution: "tslib@npm:2.3.1" - checksum: de17a98d4614481f7fcb5cd53ffc1aaf8654313be0291e1bfaee4b4bb31a20494b7d218ff2e15017883e8ea9626599b3b0e0229c18383ba9dce89da2adf15cb9 - languageName: node - linkType: hard - -"tsutils@npm:^3.21.0": - version: 3.21.0 - resolution: "tsutils@npm:3.21.0" - dependencies: - tslib: ^1.8.1 - peerDependencies: - typescript: ">=2.8.0 || >= 3.2.0-dev || >= 3.3.0-dev || >= 3.4.0-dev || >= 3.5.0-dev || >= 3.6.0-dev || >= 3.6.0-beta || >= 3.7.0-dev || >= 3.7.0-beta" - checksum: 1843f4c1b2e0f975e08c4c21caa4af4f7f65a12ac1b81b3b8489366826259323feb3fc7a243123453d2d1a02314205a7634e048d4a8009921da19f99755cdc48 - languageName: node - linkType: hard - -"tunnel-agent@npm:^0.6.0": - version: 0.6.0 - resolution: "tunnel-agent@npm:0.6.0" - dependencies: - safe-buffer: ^5.0.1 - checksum: 05f6510358f8afc62a057b8b692f05d70c1782b70db86d6a1e0d5e28a32389e52fa6e7707b6c5ecccacc031462e4bc35af85ecfe4bbc341767917b7cf6965711 - languageName: node - linkType: hard - -"type-check@npm:^0.4.0, type-check@npm:~0.4.0": - version: 0.4.0 - resolution: "type-check@npm:0.4.0" - dependencies: - prelude-ls: ^1.2.1 - checksum: ec688ebfc9c45d0c30412e41ca9c0cdbd704580eb3a9ccf07b9b576094d7b86a012baebc95681999dd38f4f444afd28504cb3a89f2ef16b31d4ab61a0739025a - languageName: node - linkType: hard - -"type-check@npm:~0.3.2": - version: 0.3.2 - resolution: "type-check@npm:0.3.2" - dependencies: - prelude-ls: ~1.1.2 - checksum: dd3b1495642731bc0e1fc40abe5e977e0263005551ac83342ecb6f4f89551d106b368ec32ad3fb2da19b3bd7b2d1f64330da2ea9176d8ddbfe389fb286eb5124 - languageName: node - linkType: hard - -"type-detect@npm:4.0.8": - version: 4.0.8 - resolution: "type-detect@npm:4.0.8" - checksum: 62b5628bff67c0eb0b66afa371bd73e230399a8d2ad30d852716efcc4656a7516904570cd8631a49a3ce57c10225adf5d0cbdcb47f6b0255fe6557c453925a15 - languageName: node - linkType: hard - -"type-fest@npm:^0.16.0": - version: 0.16.0 - resolution: "type-fest@npm:0.16.0" - checksum: 1a4102c06dc109db00418c753062e206cab65befd469d000ece4452ee649bf2a9cf57686d96fb42326bc9d918d9a194d4452897b486dcc41989e5c99e4e87094 - languageName: node - linkType: hard - -"type-fest@npm:^0.18.0": - version: 0.18.1 - resolution: "type-fest@npm:0.18.1" - checksum: e96dcee18abe50ec82dab6cbc4751b3a82046da54c52e3b2d035b3c519732c0b3dd7a2fa9df24efd1a38d953d8d4813c50985f215f1957ee5e4f26b0fe0da395 - languageName: node - linkType: hard - -"type-fest@npm:^0.20.2": - version: 0.20.2 - resolution: "type-fest@npm:0.20.2" - checksum: 4fb3272df21ad1c552486f8a2f8e115c09a521ad7a8db3d56d53718d0c907b62c6e9141ba5f584af3f6830d0872c521357e512381f24f7c44acae583ad517d73 - languageName: node - linkType: hard - -"type-fest@npm:^0.21.3": - version: 0.21.3 - resolution: "type-fest@npm:0.21.3" - checksum: e6b32a3b3877f04339bae01c193b273c62ba7bfc9e325b8703c4ee1b32dc8fe4ef5dfa54bf78265e069f7667d058e360ae0f37be5af9f153b22382cd55a9afe0 - languageName: node - linkType: hard - -"type-fest@npm:^0.6.0": - version: 0.6.0 - resolution: "type-fest@npm:0.6.0" - checksum: b2188e6e4b21557f6e92960ec496d28a51d68658018cba8b597bd3ef757721d1db309f120ae987abeeda874511d14b776157ff809f23c6d1ce8f83b9b2b7d60f - languageName: node - linkType: hard - -"type-fest@npm:^0.8.1": - version: 0.8.1 - resolution: "type-fest@npm:0.8.1" - checksum: d61c4b2eba24009033ae4500d7d818a94fd6d1b481a8111612ee141400d5f1db46f199c014766b9fa9b31a6a7374d96fc748c6d688a78a3ce5a33123839becb7 - languageName: node - linkType: hard - -"type-fest@npm:^1.0.1, type-fest@npm:^1.0.2, type-fest@npm:^1.2.1, type-fest@npm:^1.2.2": - version: 1.4.0 - resolution: "type-fest@npm:1.4.0" - checksum: b011c3388665b097ae6a109a437a04d6f61d81b7357f74cbcb02246f2f5bd72b888ae33631b99871388122ba0a87f4ff1c94078e7119ff22c70e52c0ff828201 - languageName: node - linkType: hard - -"type-fest@npm:^2.0.0": - version: 2.12.1 - resolution: "type-fest@npm:2.12.1" - checksum: faac07668190b7709c16ba4696e42b6cc83b702fa11e8936ce94d9ed1415eb9034b157ae25bba23e222d755e031787f7b92552710704d55e39aadcc27f0ee1da - languageName: node - linkType: hard - -"typedarray-to-buffer@npm:^3.1.5": - version: 3.1.5 - resolution: "typedarray-to-buffer@npm:3.1.5" - dependencies: - is-typedarray: ^1.0.0 - checksum: 99c11aaa8f45189fcfba6b8a4825fd684a321caa9bd7a76a27cf0c7732c174d198b99f449c52c3818107430b5f41c0ccbbfb75cb2ee3ca4a9451710986d61a60 - languageName: node - linkType: hard - -"typescript@npm:^4.3.5": - version: 4.5.4 - resolution: "typescript@npm:4.5.4" - bin: - tsc: bin/tsc - tsserver: bin/tsserver - checksum: 59f3243f9cd6fe3161e6150ff6bf795fc843b4234a655dbd938a310515e0d61afd1ac942799e7415e4334255e41c2c49b7dd5d9fd38a17acd25a6779ca7e0961 - languageName: node - linkType: hard - -"typescript@patch:typescript@^4.3.5#~builtin": - version: 4.5.4 - resolution: "typescript@patch:typescript@npm%3A4.5.4#~builtin::version=4.5.4&hash=bda367" - bin: - tsc: bin/tsc - tsserver: bin/tsserver - checksum: eda87927f9cfb94aca9b5e47842daf37347ad3073133e17f556fbb6c18f3493c5b551eedab0f4b26774235ddb7acbe0087250d5285f72ce6819a0891dd5a74ed - languageName: node - linkType: hard - -"uglify-js@npm:^3.1.4": - version: 3.14.5 - resolution: "uglify-js@npm:3.14.5" - bin: - uglifyjs: bin/uglifyjs - checksum: 0330eb11a36f4181b6d9a00336355989bfad9dd2203049fc63a59454b0d12337612272ad011bc571b9a382bf74d829ca20409ebfe089e38edb26cfc06bfa2cc9 - languageName: node - linkType: hard - -"unbox-primitive@npm:^1.0.1": - version: 1.0.1 - resolution: "unbox-primitive@npm:1.0.1" - dependencies: - function-bind: ^1.1.1 - has-bigints: ^1.0.1 - has-symbols: ^1.0.2 - which-boxed-primitive: ^1.0.2 - checksum: 89d950e18fb45672bc6b3c961f1e72c07beb9640c7ceed847b571ba6f7d2af570ae1a2584cfee268b9d9ea1e3293f7e33e0bc29eaeb9f8e8a0bab057ff9e6bba - languageName: node - linkType: hard - -"unbzip2-stream@npm:^1.0.9": - version: 1.4.3 - resolution: "unbzip2-stream@npm:1.4.3" - dependencies: - buffer: ^5.2.1 - through: ^2.3.8 - checksum: 0e67c4a91f4fa0fc7b4045f8b914d3498c2fc2e8c39c359977708ec85ac6d6029840e97f508675fdbdf21fcb8d276ca502043406f3682b70f075e69aae626d1d - languageName: node - linkType: hard - -"underscore@npm:1.12.1": - version: 1.12.1 - resolution: "underscore@npm:1.12.1" - checksum: ec327603aa112b99fe9d74cd9bf3b3b7451465a9d2610ceab269a532e3f191650ab017903be34dc86fe406a11d04d8905a3b04dd4c129493e51bee09a3f3074c - languageName: node - linkType: hard - -"union-value@npm:^1.0.0": - version: 1.0.1 - resolution: "union-value@npm:1.0.1" - dependencies: - arr-union: ^3.1.0 - get-value: ^2.0.6 - is-extendable: ^0.1.1 - set-value: ^2.0.1 - checksum: a3464097d3f27f6aa90cf103ed9387541bccfc006517559381a10e0dffa62f465a9d9a09c9b9c3d26d0f4cbe61d4d010e2fbd710fd4bf1267a768ba8a774b0ba - languageName: node - linkType: hard - -"unique-filename@npm:^1.1.1": - version: 1.1.1 - resolution: "unique-filename@npm:1.1.1" - dependencies: - unique-slug: ^2.0.0 - checksum: cf4998c9228cc7647ba7814e255dec51be43673903897b1786eff2ac2d670f54d4d733357eb08dea969aa5e6875d0e1bd391d668fbdb5a179744e7c7551a6f80 - languageName: node - linkType: hard - -"unique-slug@npm:^2.0.0": - version: 2.0.2 - resolution: "unique-slug@npm:2.0.2" - dependencies: - imurmurhash: ^0.1.4 - checksum: 5b6876a645da08d505dedb970d1571f6cebdf87044cb6b740c8dbb24f0d6e1dc8bdbf46825fd09f994d7cf50760e6f6e063cfa197d51c5902c00a861702eb75a - languageName: node - linkType: hard - -"unique-string@npm:^2.0.0": - version: 2.0.0 - resolution: "unique-string@npm:2.0.0" - dependencies: - crypto-random-string: ^2.0.0 - checksum: ef68f639136bcfe040cf7e3cd7a8dff076a665288122855148a6f7134092e6ed33bf83a7f3a9185e46c98dddc445a0da6ac25612afa1a7c38b8b654d6c02498e - languageName: node - linkType: hard - -"unique-string@npm:^3.0.0": - version: 3.0.0 - resolution: "unique-string@npm:3.0.0" - dependencies: - crypto-random-string: ^4.0.0 - checksum: 1a1e2e7d02eab1bb10f720475da735e1990c8a5ff34edd1a3b6bc31590cb4210b7a1233d779360cc622ce11c211e43afa1628dd658f35d3e6a89964b622940df - languageName: node - linkType: hard - -"universal-user-agent@npm:^6.0.0": - version: 6.0.0 - resolution: "universal-user-agent@npm:6.0.0" - checksum: 5092bbc80dd0d583cef0b62c17df0043193b74f425112ea6c1f69bc5eda21eeec7a08d8c4f793a277eb2202ffe9b44bec852fa3faff971234cd209874d1b79ef - languageName: node - linkType: hard - -"universalify@npm:^0.1.0, universalify@npm:^0.1.2": - version: 0.1.2 - resolution: "universalify@npm:0.1.2" - checksum: 40cdc60f6e61070fe658ca36016a8f4ec216b29bf04a55dce14e3710cc84c7448538ef4dad3728d0bfe29975ccd7bfb5f414c45e7b78883567fb31b246f02dff - languageName: node - linkType: hard - -"universalify@npm:^2.0.0": - version: 2.0.0 - resolution: "universalify@npm:2.0.0" - checksum: 2406a4edf4a8830aa6813278bab1f953a8e40f2f63a37873ffa9a3bc8f9745d06cc8e88f3572cb899b7e509013f7f6fcc3e37e8a6d914167a5381d8440518c44 - languageName: node - linkType: hard - -"unixify@npm:1.0.0": - version: 1.0.0 - resolution: "unixify@npm:1.0.0" - dependencies: - normalize-path: ^2.1.1 - checksum: 3be30e48579fc6c7390bd59b4ab9e745fede0c164dfb7351cf710bd1dbef8484b1441186205af6bcb13b731c0c88caf9b33459f7bf8c89e79c046e656ae433f0 - languageName: node - linkType: hard - -"unset-value@npm:^1.0.0": - version: 1.0.0 - resolution: "unset-value@npm:1.0.0" - dependencies: - has-value: ^0.3.1 - isobject: ^3.0.0 - checksum: 5990ecf660672be2781fc9fb322543c4aa592b68ed9a3312fa4df0e9ba709d42e823af090fc8f95775b4cd2c9a5169f7388f0cec39238b6d0d55a69fc2ab6b29 - languageName: node - linkType: hard - -"uri-js@npm:^4.2.2": - version: 4.4.1 - resolution: "uri-js@npm:4.4.1" - dependencies: - punycode: ^2.1.0 - checksum: 7167432de6817fe8e9e0c9684f1d2de2bb688c94388f7569f7dbdb1587c9f4ca2a77962f134ec90be0cc4d004c939ff0d05acc9f34a0db39a3c797dada262633 - languageName: node - linkType: hard - -"urix@npm:^0.1.0": - version: 0.1.0 - resolution: "urix@npm:0.1.0" - checksum: 4c076ecfbf3411e888547fe844e52378ab5ada2d2f27625139011eada79925e77f7fbf0e4016d45e6a9e9adb6b7e64981bd49b22700c7c401c5fc15f423303b3 - languageName: node - linkType: hard - -"url-join@npm:^4.0.0": - version: 4.0.1 - resolution: "url-join@npm:4.0.1" - checksum: f74e868bf25dbc8be6a8d7237d4c36bb5b6c62c72e594d5ab1347fe91d6af7ccd9eb5d621e30152e4da45c2e9a26bec21390e911ab54a62d4d82e76028374ee5 - languageName: node - linkType: hard - -"url-parse-lax@npm:^1.0.0": - version: 1.0.0 - resolution: "url-parse-lax@npm:1.0.0" - dependencies: - prepend-http: ^1.0.1 - checksum: 03316acff753845329652258c16d1688765ee34f7d242a94dadf9ff6e43ea567ec062cec7aa27c37f76f2c57f95e0660695afff32fb97b527591c7340a3090fa - languageName: node - linkType: hard - -"url-parse-lax@npm:^3.0.0": - version: 3.0.0 - resolution: "url-parse-lax@npm:3.0.0" - dependencies: - prepend-http: ^2.0.0 - checksum: 1040e357750451173132228036aff1fd04abbd43eac1fb3e4fca7495a078bcb8d33cb765fe71ad7e473d9c94d98fd67adca63bd2716c815a2da066198dd37217 - languageName: node - linkType: hard - -"url-to-options@npm:^1.0.1": - version: 1.0.1 - resolution: "url-to-options@npm:1.0.1" - checksum: 20e59f4578525fb0d30ffc22b13b5aa60bc9e57cefd4f5842720f5b57211b6dec54abeae2d675381ac4486fd1a2e987f1318725dea996e503ff89f8c8ce2c17e - languageName: node - linkType: hard - -"use@npm:^3.1.0": - version: 3.1.1 - resolution: "use@npm:3.1.1" - checksum: 08a130289f5238fcbf8f59a18951286a6e660d17acccc9d58d9b69dfa0ee19aa038e8f95721b00b432c36d1629a9e32a464bf2e7e0ae6a244c42ddb30bdd8b33 - languageName: node - linkType: hard - -"util-deprecate@npm:^1.0.1, util-deprecate@npm:~1.0.1": - version: 1.0.2 - resolution: "util-deprecate@npm:1.0.2" - checksum: 474acf1146cb2701fe3b074892217553dfcf9a031280919ba1b8d651a068c9b15d863b7303cb15bd00a862b498e6cf4ad7b4a08fb134edd5a6f7641681cb54a2 - languageName: node - linkType: hard - -"uuid@npm:^3.0.1, uuid@npm:^3.3.2": - version: 3.4.0 - resolution: "uuid@npm:3.4.0" - bin: - uuid: ./bin/uuid - checksum: 58de2feed61c59060b40f8203c0e4ed7fd6f99d42534a499f1741218a1dd0c129f4aa1de797bcf822c8ea5da7e4137aa3673431a96dae729047f7aca7b27866f - languageName: node - linkType: hard - -"v8-compile-cache@npm:^2.0.3": - version: 2.3.0 - resolution: "v8-compile-cache@npm:2.3.0" - checksum: adb0a271eaa2297f2f4c536acbfee872d0dd26ec2d76f66921aa7fc437319132773483344207bdbeee169225f4739016d8d2dbf0553913a52bb34da6d0334f8e - languageName: node - linkType: hard - -"v8-to-istanbul@npm:^8.1.0": - version: 8.1.0 - resolution: "v8-to-istanbul@npm:8.1.0" - dependencies: - "@types/istanbul-lib-coverage": ^2.0.1 - convert-source-map: ^1.6.0 - source-map: ^0.7.3 - checksum: c7dabf9567e0c210b24d0720e553803cbe1ff81edb1ec7f2080eb4be01ed081a40286cc9f4aaa86d1bf8d57840cefae8fdf326b7cb8faa316ba50c7b948030d4 - languageName: node - linkType: hard - -"validate-npm-package-license@npm:^3.0.1, validate-npm-package-license@npm:^3.0.4": - version: 3.0.4 - resolution: "validate-npm-package-license@npm:3.0.4" - dependencies: - spdx-correct: ^3.0.0 - spdx-expression-parse: ^3.0.0 - checksum: 35703ac889d419cf2aceef63daeadbe4e77227c39ab6287eeb6c1b36a746b364f50ba22e88591f5d017bc54685d8137bc2d328d0a896e4d3fd22093c0f32a9ad - languageName: node - linkType: hard - -"validate-npm-package-name@npm:^4.0.0": - version: 4.0.0 - resolution: "validate-npm-package-name@npm:4.0.0" - dependencies: - builtins: ^5.0.0 - checksum: a32fd537bad17fcb59cfd58ae95a414d443866020d448ec3b22e8d40550cb585026582a57efbe1f132b882eea4da8ac38ee35f7be0dd72988a3cb55d305a20c1 - languageName: node - linkType: hard - -"validate-npm-package-name@npm:~3.0.0": - version: 3.0.0 - resolution: "validate-npm-package-name@npm:3.0.0" - dependencies: - builtins: ^1.0.3 - checksum: ce4c68207abfb22c05eedb09ff97adbcedc80304a235a0844f5344f1fd5086aa80e4dbec5684d6094e26e35065277b765c1caef68bcea66b9056761eddb22967 - languageName: node - linkType: hard - -"w3c-hr-time@npm:^1.0.2": - version: 1.0.2 - resolution: "w3c-hr-time@npm:1.0.2" - dependencies: - browser-process-hrtime: ^1.0.0 - checksum: ec3c2dacbf8050d917bbf89537a101a08c2e333b4c19155f7d3bedde43529d4339db6b3d049d9610789cb915f9515f8be037e0c54c079e9d4735c50b37ed52b9 - languageName: node - linkType: hard - -"w3c-xmlserializer@npm:^2.0.0": - version: 2.0.0 - resolution: "w3c-xmlserializer@npm:2.0.0" - dependencies: - xml-name-validator: ^3.0.0 - checksum: ae25c51cf71f1fb2516df1ab33a481f83461a117565b95e3d0927432522323f93b1b2846cbb60196d337970c421adb604fc2d0d180c6a47a839da01db5b9973b - languageName: node - linkType: hard - -"walk-up-path@npm:^1.0.0": - version: 1.0.0 - resolution: "walk-up-path@npm:1.0.0" - checksum: b8019ac4fb9ba1576839ec66d2217f62ab773c1cc4c704bfd1c79b1359fef5366f1382d3ab230a66a14c3adb1bf0fe102d1fdaa3437881e69154dfd1432abd32 - languageName: node - linkType: hard - -"walker@npm:^1.0.7": - version: 1.0.8 - resolution: "walker@npm:1.0.8" - dependencies: - makeerror: 1.0.12 - checksum: ad7a257ea1e662e57ef2e018f97b3c02a7240ad5093c392186ce0bcf1f1a60bbadd520d073b9beb921ed99f64f065efb63dfc8eec689a80e569f93c1c5d5e16c - languageName: node - linkType: hard - -"wcwidth@npm:^1.0.0, wcwidth@npm:^1.0.1": - version: 1.0.1 - resolution: "wcwidth@npm:1.0.1" - dependencies: - defaults: ^1.0.3 - checksum: 814e9d1ddcc9798f7377ffa448a5a3892232b9275ebb30a41b529607691c0491de47cba426e917a4d08ded3ee7e9ba2f3fe32e62ee3cd9c7d3bafb7754bd553c - languageName: node - linkType: hard - -"webidl-conversions@npm:^3.0.0": - version: 3.0.1 - resolution: "webidl-conversions@npm:3.0.1" - checksum: c92a0a6ab95314bde9c32e1d0a6dfac83b578f8fa5f21e675bc2706ed6981bc26b7eb7e6a1fab158e5ce4adf9caa4a0aee49a52505d4d13c7be545f15021b17c - languageName: node - linkType: hard - -"webidl-conversions@npm:^5.0.0": - version: 5.0.0 - resolution: "webidl-conversions@npm:5.0.0" - checksum: ccf1ec2ca7c0b5671e5440ace4a66806ae09c49016ab821481bec0c05b1b82695082dc0a27d1fe9d804d475a408ba0c691e6803fd21be608e710955d4589cd69 - languageName: node - linkType: hard - -"webidl-conversions@npm:^6.1.0": - version: 6.1.0 - resolution: "webidl-conversions@npm:6.1.0" - checksum: 1f526507aa491f972a0c1409d07f8444e1d28778dfa269a9971f2e157182f3d496dc33296e4ed45b157fdb3bf535bb90c90bf10c50dcf1dd6caacb2a34cc84fb - languageName: node - linkType: hard - -"whatwg-encoding@npm:^1.0.5": - version: 1.0.5 - resolution: "whatwg-encoding@npm:1.0.5" - dependencies: - iconv-lite: 0.4.24 - checksum: 5be4efe111dce29ddee3448d3915477fcc3b28f991d9cf1300b4e50d6d189010d47bca2f51140a844cf9b726e8f066f4aee72a04d687bfe4f2ee2767b2f5b1e6 - languageName: node - linkType: hard - -"whatwg-mimetype@npm:^2.3.0": - version: 2.3.0 - resolution: "whatwg-mimetype@npm:2.3.0" - checksum: 23eb885940bcbcca4ff841c40a78e9cbb893ec42743993a42bf7aed16085b048b44b06f3402018931687153550f9a32d259dfa524e4f03577ab898b6965e5383 - languageName: node - linkType: hard - -"whatwg-url@npm:^5.0.0": - version: 5.0.0 - resolution: "whatwg-url@npm:5.0.0" - dependencies: - tr46: ~0.0.3 - webidl-conversions: ^3.0.0 - checksum: b8daed4ad3356cc4899048a15b2c143a9aed0dfae1f611ebd55073310c7b910f522ad75d727346ad64203d7e6c79ef25eafd465f4d12775ca44b90fa82ed9e2c - languageName: node - linkType: hard - -"whatwg-url@npm:^8.0.0, whatwg-url@npm:^8.5.0": - version: 8.7.0 - resolution: "whatwg-url@npm:8.7.0" - dependencies: - lodash: ^4.7.0 - tr46: ^2.1.0 - webidl-conversions: ^6.1.0 - checksum: a87abcc6cefcece5311eb642858c8fdb234e51ec74196bfacf8def2edae1bfbffdf6acb251646ed6301f8cee44262642d8769c707256125a91387e33f405dd1e - languageName: node - linkType: hard - -"which-boxed-primitive@npm:^1.0.2": - version: 1.0.2 - resolution: "which-boxed-primitive@npm:1.0.2" - dependencies: - is-bigint: ^1.0.1 - is-boolean-object: ^1.1.0 - is-number-object: ^1.0.4 - is-string: ^1.0.5 - is-symbol: ^1.0.3 - checksum: 53ce774c7379071729533922adcca47220228405e1895f26673bbd71bdf7fb09bee38c1d6399395927c6289476b5ae0629863427fd151491b71c4b6cb04f3a5e - languageName: node - linkType: hard - -"which@npm:^1.2.9": - version: 1.3.1 - resolution: "which@npm:1.3.1" - dependencies: - isexe: ^2.0.0 - bin: - which: ./bin/which - checksum: f2e185c6242244b8426c9df1510e86629192d93c1a986a7d2a591f2c24869e7ffd03d6dac07ca863b2e4c06f59a4cc9916c585b72ee9fa1aa609d0124df15e04 - languageName: node - linkType: hard - -"which@npm:^2.0.1, which@npm:^2.0.2": - version: 2.0.2 - resolution: "which@npm:2.0.2" - dependencies: - isexe: ^2.0.0 - bin: - node-which: ./bin/node-which - checksum: 1a5c563d3c1b52d5f893c8b61afe11abc3bab4afac492e8da5bde69d550de701cf9806235f20a47b5c8fa8a1d6a9135841de2596535e998027a54589000e66d1 - languageName: node - linkType: hard - -"wide-align@npm:^1.1.5": - version: 1.1.5 - resolution: "wide-align@npm:1.1.5" - dependencies: - string-width: ^1.0.2 || 2 || 3 || 4 - checksum: d5fc37cd561f9daee3c80e03b92ed3e84d80dde3365a8767263d03dacfc8fa06b065ffe1df00d8c2a09f731482fcacae745abfbb478d4af36d0a891fad4834d3 - languageName: node - linkType: hard - -"word-wrap@npm:^1.2.3, word-wrap@npm:~1.2.3": - version: 1.2.3 - resolution: "word-wrap@npm:1.2.3" - checksum: 30b48f91fcf12106ed3186ae4fa86a6a1842416df425be7b60485de14bec665a54a68e4b5156647dec3a70f25e84d270ca8bc8cd23182ed095f5c7206a938c1f - languageName: node - linkType: hard - -"wordwrap@npm:^1.0.0": - version: 1.0.0 - resolution: "wordwrap@npm:1.0.0" - checksum: 2a44b2788165d0a3de71fd517d4880a8e20ea3a82c080ce46e294f0b68b69a2e49cff5f99c600e275c698a90d12c5ea32aff06c311f0db2eb3f1201f3e7b2a04 - languageName: node - linkType: hard - -"wrap-ansi@npm:^7.0.0": - version: 7.0.0 - resolution: "wrap-ansi@npm:7.0.0" - dependencies: - ansi-styles: ^4.0.0 - string-width: ^4.1.0 - strip-ansi: ^6.0.0 - checksum: a790b846fd4505de962ba728a21aaeda189b8ee1c7568ca5e817d85930e06ef8d1689d49dbf0e881e8ef84436af3a88bc49115c2e2788d841ff1b8b5b51a608b - languageName: node - linkType: hard - -"wrappy@npm:1": - version: 1.0.2 - resolution: "wrappy@npm:1.0.2" - checksum: 159da4805f7e84a3d003d8841557196034155008f817172d4e986bd591f74aa82aa7db55929a54222309e01079a65a92a9e6414da5a6aa4b01ee44a511ac3ee5 - languageName: node - linkType: hard - -"write-file-atomic@npm:^3.0.0": - version: 3.0.3 - resolution: "write-file-atomic@npm:3.0.3" - dependencies: - imurmurhash: ^0.1.4 - is-typedarray: ^1.0.0 - signal-exit: ^3.0.2 - typedarray-to-buffer: ^3.1.5 - checksum: c55b24617cc61c3a4379f425fc62a386cc51916a9b9d993f39734d005a09d5a4bb748bc251f1304e7abd71d0a26d339996c275955f527a131b1dcded67878280 - languageName: node - linkType: hard - -"write-file-atomic@npm:^4.0.0, write-file-atomic@npm:^4.0.1": - version: 4.0.1 - resolution: "write-file-atomic@npm:4.0.1" - dependencies: - imurmurhash: ^0.1.4 - signal-exit: ^3.0.7 - checksum: 8f780232533ca6223c63c9b9c01c4386ca8c625ebe5017a9ed17d037aec19462ae17109e0aa155bff5966ee4ae7a27b67a99f55caf3f32ffd84155e9da3929fc - languageName: node - linkType: hard - -"ws@npm:^7.4.6": - version: 7.5.6 - resolution: "ws@npm:7.5.6" - peerDependencies: - bufferutil: ^4.0.1 - utf-8-validate: ^5.0.2 - peerDependenciesMeta: - bufferutil: - optional: true - utf-8-validate: - optional: true - checksum: 0c2ffc9a539dd61dd2b00ff6cc5c98a3371e2521011fe23da4b3578bb7ac26cbdf7ca8a68e8e08023c122ae247013216dde2a20c908de415a6bcc87bdef68c87 - languageName: node - linkType: hard - -"xml-name-validator@npm:^3.0.0": - version: 3.0.0 - resolution: "xml-name-validator@npm:3.0.0" - checksum: b3ac459afed783c285bb98e4960bd1f3ba12754fd4f2320efa0f9181ca28928c53cc75ca660d15d205e81f92304419afe94c531c7cfb3e0649aa6d140d53ecb0 - languageName: node - linkType: hard - -"xmlchars@npm:^2.2.0": - version: 2.2.0 - resolution: "xmlchars@npm:2.2.0" - checksum: 8c70ac94070ccca03f47a81fcce3b271bd1f37a591bf5424e787ae313fcb9c212f5f6786e1fa82076a2c632c0141552babcd85698c437506dfa6ae2d58723062 - languageName: node - linkType: hard - -"xtend@npm:^4.0.0, xtend@npm:~4.0.1": - version: 4.0.2 - resolution: "xtend@npm:4.0.2" - checksum: ac5dfa738b21f6e7f0dd6e65e1b3155036d68104e67e5d5d1bde74892e327d7e5636a076f625599dc394330a731861e87343ff184b0047fef1360a7ec0a5a36a - languageName: node - linkType: hard - -"y18n@npm:^5.0.5": - version: 5.0.8 - resolution: "y18n@npm:5.0.8" - checksum: 54f0fb95621ee60898a38c572c515659e51cc9d9f787fb109cef6fde4befbe1c4602dc999d30110feee37456ad0f1660fa2edcfde6a9a740f86a290999550d30 - languageName: node - linkType: hard - -"yallist@npm:^2.1.2": - version: 2.1.2 - resolution: "yallist@npm:2.1.2" - checksum: 9ba99409209f485b6fcb970330908a6d41fa1c933f75e08250316cce19383179a6b70a7e0721b89672ebb6199cc377bf3e432f55100da6a7d6e11902b0a642cb - languageName: node - linkType: hard - -"yallist@npm:^4.0.0": - version: 4.0.0 - resolution: "yallist@npm:4.0.0" - checksum: 343617202af32df2a15a3be36a5a8c0c8545208f3d3dfbc6bb7c3e3b7e8c6f8e7485432e4f3b88da3031a6e20afa7c711eded32ddfb122896ac5d914e75848d5 - languageName: node - linkType: hard - -"yaml@npm:^1.10.0": - version: 1.10.2 - resolution: "yaml@npm:1.10.2" - checksum: ce4ada136e8a78a0b08dc10b4b900936912d15de59905b2bf415b4d33c63df1d555d23acb2a41b23cf9fb5da41c256441afca3d6509de7247daa062fd2c5ea5f - languageName: node - linkType: hard - -"yargs-parser@npm:20.x, yargs-parser@npm:^20.2.2, yargs-parser@npm:^20.2.3": - version: 20.2.4 - resolution: "yargs-parser@npm:20.2.4" - checksum: d251998a374b2743a20271c2fd752b9fbef24eb881d53a3b99a7caa5e8227fcafd9abf1f345ac5de46435821be25ec12189a11030c12ee6481fef6863ed8b924 - languageName: node - linkType: hard - -"yargs-parser@npm:^20.2.9": - version: 20.2.9 - resolution: "yargs-parser@npm:20.2.9" - checksum: 8bb69015f2b0ff9e17b2c8e6bfe224ab463dd00ca211eece72a4cd8a906224d2703fb8a326d36fdd0e68701e201b2a60ed7cf81ce0fd9b3799f9fe7745977ae3 - languageName: node - linkType: hard - -"yargs@npm:^16.2.0": - version: 16.2.0 - resolution: "yargs@npm:16.2.0" - dependencies: - cliui: ^7.0.2 - escalade: ^3.1.1 - get-caller-file: ^2.0.5 - require-directory: ^2.1.1 - string-width: ^4.2.0 - y18n: ^5.0.5 - yargs-parser: ^20.2.2 - checksum: b14afbb51e3251a204d81937c86a7e9d4bdbf9a2bcee38226c900d00f522969ab675703bee2a6f99f8e20103f608382936034e64d921b74df82b63c07c5e8f59 - languageName: node - linkType: hard - -"yauzl@npm:^2.4.2": - version: 2.10.0 - resolution: "yauzl@npm:2.10.0" - dependencies: - buffer-crc32: ~0.2.3 - fd-slicer: ~1.1.0 - checksum: 7f21fe0bbad6e2cb130044a5d1d0d5a0e5bf3d8d4f8c4e6ee12163ce798fee3de7388d22a7a0907f563ac5f9d40f8699a223d3d5c1718da90b0156da6904022b - languageName: node - linkType: hard - -"yocto-queue@npm:^0.1.0": - version: 0.1.0 - resolution: "yocto-queue@npm:0.1.0" - checksum: f77b3d8d00310def622123df93d4ee654fc6a0096182af8bd60679ddcdfb3474c56c6c7190817c84a2785648cdee9d721c0154eb45698c62176c322fb46fc700 - languageName: node - linkType: hard +# THIS IS AN AUTOGENERATED FILE. DO NOT EDIT THIS FILE DIRECTLY. +# yarn lockfile v1 + + +"@autocloud/eslint-config@^0.1.0": + "version" "0.1.0" + dependencies: + "@typescript-eslint/eslint-plugin" "^4.28.5" + "@typescript-eslint/parser" "^4.28.5" + "eslint" "^7.2.0" + "eslint-config-airbnb-base" "14.2.1" + "eslint-config-prettier" "^6.11.0" + "eslint-plugin-import" "^2.22.1" + "eslint-plugin-prettier" "^3.4.0" + +"@babel/code-frame@^7.0.0": + "version" "7.12.11" + dependencies: + "@babel/highlight" "^7.10.4" + +"@babel/code-frame@^7.12.13", "@babel/code-frame@^7.16.7": + "version" "7.16.7" + dependencies: + "@babel/highlight" "^7.16.7" + +"@babel/code-frame@7.12.11": + "version" "7.12.11" + dependencies: + "@babel/highlight" "^7.10.4" + +"@babel/compat-data@^7.16.4": + "version" "7.16.4" + +"@babel/core@^7.0.0", "@babel/core@^7.0.0-0", "@babel/core@^7.1.0", "@babel/core@^7.12.3", "@babel/core@^7.7.2", "@babel/core@^7.8.0", "@babel/core@>=7.0.0-beta.0 <8": + "version" "7.16.7" + dependencies: + "@babel/code-frame" "^7.16.7" + "@babel/generator" "^7.16.7" + "@babel/helper-compilation-targets" "^7.16.7" + "@babel/helper-module-transforms" "^7.16.7" + "@babel/helpers" "^7.16.7" + "@babel/parser" "^7.16.7" + "@babel/template" "^7.16.7" + "@babel/traverse" "^7.16.7" + "@babel/types" "^7.16.7" + "convert-source-map" "^1.7.0" + "debug" "^4.1.0" + "gensync" "^1.0.0-beta.2" + "json5" "^2.1.2" + "semver" "^6.3.0" + "source-map" "^0.5.0" + +"@babel/generator@^7.16.7", "@babel/generator@^7.7.2": + "version" "7.16.7" + dependencies: + "@babel/types" "^7.16.7" + "jsesc" "^2.5.1" + "source-map" "^0.5.0" + +"@babel/helper-compilation-targets@^7.16.7": + "version" "7.16.7" + dependencies: + "@babel/compat-data" "^7.16.4" + "@babel/helper-validator-option" "^7.16.7" + "browserslist" "^4.17.5" + "semver" "^6.3.0" + +"@babel/helper-environment-visitor@^7.16.7": + "version" "7.16.7" + dependencies: + "@babel/types" "^7.16.7" + +"@babel/helper-function-name@^7.16.7": + "version" "7.16.7" + dependencies: + "@babel/helper-get-function-arity" "^7.16.7" + "@babel/template" "^7.16.7" + "@babel/types" "^7.16.7" + +"@babel/helper-get-function-arity@^7.16.7": + "version" "7.16.7" + dependencies: + "@babel/types" "^7.16.7" + +"@babel/helper-hoist-variables@^7.16.7": + "version" "7.16.7" + dependencies: + "@babel/types" "^7.16.7" + +"@babel/helper-module-imports@^7.16.7": + "version" "7.16.7" + dependencies: + "@babel/types" "^7.16.7" + +"@babel/helper-module-transforms@^7.16.7": + "version" "7.16.7" + dependencies: + "@babel/helper-environment-visitor" "^7.16.7" + "@babel/helper-module-imports" "^7.16.7" + "@babel/helper-simple-access" "^7.16.7" + "@babel/helper-split-export-declaration" "^7.16.7" + "@babel/helper-validator-identifier" "^7.16.7" + "@babel/template" "^7.16.7" + "@babel/traverse" "^7.16.7" + "@babel/types" "^7.16.7" + +"@babel/helper-plugin-utils@^7.0.0", "@babel/helper-plugin-utils@^7.10.4", "@babel/helper-plugin-utils@^7.12.13", "@babel/helper-plugin-utils@^7.14.5", "@babel/helper-plugin-utils@^7.16.7", "@babel/helper-plugin-utils@^7.8.0": + "version" "7.16.7" + +"@babel/helper-simple-access@^7.16.7": + "version" "7.16.7" + dependencies: + "@babel/types" "^7.16.7" + +"@babel/helper-split-export-declaration@^7.16.7": + "version" "7.16.7" + dependencies: + "@babel/types" "^7.16.7" + +"@babel/helper-validator-identifier@^7.16.7": + "version" "7.16.7" + +"@babel/helper-validator-option@^7.16.7": + "version" "7.16.7" + +"@babel/helpers@^7.16.7": + "version" "7.16.7" + dependencies: + "@babel/template" "^7.16.7" + "@babel/traverse" "^7.16.7" + "@babel/types" "^7.16.7" + +"@babel/highlight@^7.10.4", "@babel/highlight@^7.16.7": + "version" "7.16.7" + dependencies: + "@babel/helper-validator-identifier" "^7.16.7" + "chalk" "^2.0.0" + "js-tokens" "^4.0.0" + +"@babel/parser@^7.1.0", "@babel/parser@^7.14.7", "@babel/parser@^7.16.7": + "version" "7.16.7" + +"@babel/plugin-syntax-async-generators@^7.8.4": + "version" "7.8.4" + dependencies: + "@babel/helper-plugin-utils" "^7.8.0" + +"@babel/plugin-syntax-bigint@^7.8.3": + "version" "7.8.3" + dependencies: + "@babel/helper-plugin-utils" "^7.8.0" + +"@babel/plugin-syntax-class-properties@^7.8.3": + "version" "7.12.13" + dependencies: + "@babel/helper-plugin-utils" "^7.12.13" + +"@babel/plugin-syntax-import-meta@^7.8.3": + "version" "7.10.4" + dependencies: + "@babel/helper-plugin-utils" "^7.10.4" + +"@babel/plugin-syntax-json-strings@^7.8.3": + "version" "7.8.3" + dependencies: + "@babel/helper-plugin-utils" "^7.8.0" + +"@babel/plugin-syntax-logical-assignment-operators@^7.8.3": + "version" "7.10.4" + dependencies: + "@babel/helper-plugin-utils" "^7.10.4" + +"@babel/plugin-syntax-nullish-coalescing-operator@^7.8.3": + "version" "7.8.3" + dependencies: + "@babel/helper-plugin-utils" "^7.8.0" + +"@babel/plugin-syntax-numeric-separator@^7.8.3": + "version" "7.10.4" + dependencies: + "@babel/helper-plugin-utils" "^7.10.4" + +"@babel/plugin-syntax-object-rest-spread@^7.8.3": + "version" "7.8.3" + dependencies: + "@babel/helper-plugin-utils" "^7.8.0" + +"@babel/plugin-syntax-optional-catch-binding@^7.8.3": + "version" "7.8.3" + dependencies: + "@babel/helper-plugin-utils" "^7.8.0" + +"@babel/plugin-syntax-optional-chaining@^7.8.3": + "version" "7.8.3" + dependencies: + "@babel/helper-plugin-utils" "^7.8.0" + +"@babel/plugin-syntax-top-level-await@^7.8.3": + "version" "7.14.5" + dependencies: + "@babel/helper-plugin-utils" "^7.14.5" + +"@babel/plugin-syntax-typescript@^7.7.2": + "version" "7.16.7" + dependencies: + "@babel/helper-plugin-utils" "^7.16.7" + +"@babel/runtime@^7.5.5": + "version" "7.16.7" + dependencies: + "regenerator-runtime" "^0.13.4" + +"@babel/template@^7.16.7", "@babel/template@^7.3.3": + "version" "7.16.7" + dependencies: + "@babel/code-frame" "^7.16.7" + "@babel/parser" "^7.16.7" + "@babel/types" "^7.16.7" + +"@babel/traverse@^7.16.7", "@babel/traverse@^7.7.2": + "version" "7.16.7" + dependencies: + "@babel/code-frame" "^7.16.7" + "@babel/generator" "^7.16.7" + "@babel/helper-environment-visitor" "^7.16.7" + "@babel/helper-function-name" "^7.16.7" + "@babel/helper-hoist-variables" "^7.16.7" + "@babel/helper-split-export-declaration" "^7.16.7" + "@babel/parser" "^7.16.7" + "@babel/types" "^7.16.7" + "debug" "^4.1.0" + "globals" "^11.1.0" + +"@babel/types@^7.0.0", "@babel/types@^7.16.7", "@babel/types@^7.3.0", "@babel/types@^7.3.3": + "version" "7.16.7" + dependencies: + "@babel/helper-validator-identifier" "^7.16.7" + "to-fast-properties" "^2.0.0" + +"@bcoe/v8-coverage@^0.2.3": + "version" "0.2.3" + +"@changesets/types@^4.0.1": + "version" "4.0.2" + +"@cloudgraph/policy-pack-aws-cis-1.2.0@file:/Users/ckoning/Projects/autocloud/cloudgraph/policy-packs/src/aws/cis-1.2.0": + "resolved" "file:src/aws/cis-1.2.0" + "version" "0.11.0" + +"@cloudgraph/policy-pack-aws-cis-1.3.0@file:/Users/ckoning/Projects/autocloud/cloudgraph/policy-packs/src/aws/cis-1.3.0": + "resolved" "file:src/aws/cis-1.3.0" + "version" "0.1.0" + +"@cloudgraph/policy-pack-aws-cis-1.4.0@file:/Users/ckoning/Projects/autocloud/cloudgraph/policy-packs/src/aws/cis-1.4.0": + "resolved" "file:src/aws/cis-1.4.0" + "version" "0.1.0" + +"@cloudgraph/policy-pack-aws-nist-800-53-rev4@file:/Users/ckoning/Projects/autocloud/cloudgraph/policy-packs/src/aws/nist-800-53-rev4": + "resolved" "file:src/aws/nist-800-53-rev4" + "version" "1.5.0" + +"@cloudgraph/policy-pack-aws-pci-dss-3.2.1@file:/Users/ckoning/Projects/autocloud/cloudgraph/policy-packs/src/aws/pci-dss-3.2.1": + "resolved" "file:src/aws/pci-dss-3.2.1" + "version" "1.16.1" + +"@cloudgraph/policy-pack-azure-cis-1.3.1@file:/Users/ckoning/Projects/autocloud/cloudgraph/policy-packs/src/azure/cis-1.3.1": + "resolved" "file:src/azure/cis-1.3.1" + "version" "1.13.1" + +"@cloudgraph/policy-pack-gcp-cis-1.2.0@file:/Users/ckoning/Projects/autocloud/cloudgraph/policy-packs/src/gcp/cis-1.2.0": + "resolved" "file:src/gcp/cis-1.2.0" + "version" "1.20.0" + +"@cloudgraph/policy-pack-gcp-pci-dss-3.2.1@file:/Users/ckoning/Projects/autocloud/cloudgraph/policy-packs/src/gcp/pci-dss-3.2.1": + "resolved" "file:src/gcp/pci-dss-3.2.1" + "version" "1.0.0" + +"@cloudgraph/sdk@^0.14.0": + "version" "0.14.0" + dependencies: + "@graphql-tools/load-files" "^6.5.3" + "@graphql-tools/merge" "^8.2.1" + "chalk" "^4.1.1" + "date-fns" "^2.25.0" + "graphql" "^16.2.0" + "inquirer" "^8.1.2" + "jsonpath" "^1.1.1" + "lodash" "^4.17.21" + "node-jq" "^2.1.0" + "ora" "^5.4.1" + +"@cloudgraph/sdk@^0.15.0": + "version" "0.15.0" + dependencies: + "@graphql-tools/load-files" "^6.5.3" + "@graphql-tools/merge" "^8.2.1" + "chalk" "^4.1.1" + "date-fns" "^2.25.0" + "graphql" "^16.2.0" + "inquirer" "^8.1.2" + "jsonpath" "^1.1.1" + "lodash" "^4.17.21" + "node-jq" "^2.1.0" + "ora" "^5.4.1" + +"@cloudgraph/sdk@^0.18.1": + "version" "0.18.1" + dependencies: + "@graphql-tools/load-files" "^6.5.3" + "@graphql-tools/merge" "^8.2.1" + "chalk" "^4.1.1" + "date-fns" "^2.25.0" + "graphql" "^16.2.0" + "inquirer" "^8.1.2" + "jsonpath" "^1.1.1" + "lodash" "^4.17.21" + "node-jq" "2.1.0" + "ora" "^5.4.1" + +"@colors/colors@1.5.0": + "version" "1.5.0" + +"@eslint/eslintrc@^0.4.3": + "version" "0.4.3" + dependencies: + "ajv" "^6.12.4" + "debug" "^4.1.1" + "espree" "^7.3.0" + "globals" "^13.9.0" + "ignore" "^4.0.6" + "import-fresh" "^3.2.1" + "js-yaml" "^3.13.1" + "minimatch" "^3.0.4" + "strip-json-comments" "^3.1.1" + +"@gar/promisify@^1.1.3": + "version" "1.1.3" + +"@graphql-tools/load-files@^6.5.3": + "version" "6.5.3" + dependencies: + "globby" "11.0.4" + "tslib" "~2.3.0" + "unixify" "1.0.0" + +"@graphql-tools/merge@^8.2.1": + "version" "8.2.1" + dependencies: + "@graphql-tools/utils" "^8.5.1" + "tslib" "~2.3.0" + +"@graphql-tools/utils@^8.5.1": + "version" "8.6.0" + dependencies: + "tslib" "~2.3.0" + +"@hapi/hoek@^9.0.0": + "version" "9.2.1" + +"@hapi/topo@^5.0.0": + "version" "5.1.0" + dependencies: + "@hapi/hoek" "^9.0.0" + +"@humanwhocodes/config-array@^0.5.0": + "version" "0.5.0" + dependencies: + "@humanwhocodes/object-schema" "^1.2.0" + "debug" "^4.1.1" + "minimatch" "^3.0.4" + +"@humanwhocodes/object-schema@^1.2.0": + "version" "1.2.1" + +"@isaacs/string-locale-compare@^1.1.0": + "version" "1.1.0" + +"@istanbuljs/load-nyc-config@^1.0.0": + "version" "1.1.0" + dependencies: + "camelcase" "^5.3.1" + "find-up" "^4.1.0" + "get-package-type" "^0.1.0" + "js-yaml" "^3.13.1" + "resolve-from" "^5.0.0" + +"@istanbuljs/schema@^0.1.2": + "version" "0.1.3" + +"@jest/console@^27.4.6": + "version" "27.4.6" + dependencies: + "@jest/types" "^27.4.2" + "@types/node" "*" + "chalk" "^4.0.0" + "jest-message-util" "^27.4.6" + "jest-util" "^27.4.2" + "slash" "^3.0.0" + +"@jest/core@^27.4.7": + "version" "27.4.7" + dependencies: + "@jest/console" "^27.4.6" + "@jest/reporters" "^27.4.6" + "@jest/test-result" "^27.4.6" + "@jest/transform" "^27.4.6" + "@jest/types" "^27.4.2" + "@types/node" "*" + "ansi-escapes" "^4.2.1" + "chalk" "^4.0.0" + "emittery" "^0.8.1" + "exit" "^0.1.2" + "graceful-fs" "^4.2.4" + "jest-changed-files" "^27.4.2" + "jest-config" "^27.4.7" + "jest-haste-map" "^27.4.6" + "jest-message-util" "^27.4.6" + "jest-regex-util" "^27.4.0" + "jest-resolve" "^27.4.6" + "jest-resolve-dependencies" "^27.4.6" + "jest-runner" "^27.4.6" + "jest-runtime" "^27.4.6" + "jest-snapshot" "^27.4.6" + "jest-util" "^27.4.2" + "jest-validate" "^27.4.6" + "jest-watcher" "^27.4.6" + "micromatch" "^4.0.4" + "rimraf" "^3.0.0" + "slash" "^3.0.0" + "strip-ansi" "^6.0.0" + +"@jest/environment@^27.4.6": + "version" "27.4.6" + dependencies: + "@jest/fake-timers" "^27.4.6" + "@jest/types" "^27.4.2" + "@types/node" "*" + "jest-mock" "^27.4.6" + +"@jest/fake-timers@^27.4.6": + "version" "27.4.6" + dependencies: + "@jest/types" "^27.4.2" + "@sinonjs/fake-timers" "^8.0.1" + "@types/node" "*" + "jest-message-util" "^27.4.6" + "jest-mock" "^27.4.6" + "jest-util" "^27.4.2" + +"@jest/globals@^27.4.6": + "version" "27.4.6" + dependencies: + "@jest/environment" "^27.4.6" + "@jest/types" "^27.4.2" + "expect" "^27.4.6" + +"@jest/reporters@^27.4.6": + "version" "27.4.6" + dependencies: + "@bcoe/v8-coverage" "^0.2.3" + "@jest/console" "^27.4.6" + "@jest/test-result" "^27.4.6" + "@jest/transform" "^27.4.6" + "@jest/types" "^27.4.2" + "@types/node" "*" + "chalk" "^4.0.0" + "collect-v8-coverage" "^1.0.0" + "exit" "^0.1.2" + "glob" "^7.1.2" + "graceful-fs" "^4.2.4" + "istanbul-lib-coverage" "^3.0.0" + "istanbul-lib-instrument" "^5.1.0" + "istanbul-lib-report" "^3.0.0" + "istanbul-lib-source-maps" "^4.0.0" + "istanbul-reports" "^3.1.3" + "jest-haste-map" "^27.4.6" + "jest-resolve" "^27.4.6" + "jest-util" "^27.4.2" + "jest-worker" "^27.4.6" + "slash" "^3.0.0" + "source-map" "^0.6.0" + "string-length" "^4.0.1" + "terminal-link" "^2.0.0" + "v8-to-istanbul" "^8.1.0" + +"@jest/source-map@^27.4.0": + "version" "27.4.0" + dependencies: + "callsites" "^3.0.0" + "graceful-fs" "^4.2.4" + "source-map" "^0.6.0" + +"@jest/test-result@^27.4.6": + "version" "27.4.6" + dependencies: + "@jest/console" "^27.4.6" + "@jest/types" "^27.4.2" + "@types/istanbul-lib-coverage" "^2.0.0" + "collect-v8-coverage" "^1.0.0" + +"@jest/test-sequencer@^27.4.6": + "version" "27.4.6" + dependencies: + "@jest/test-result" "^27.4.6" + "graceful-fs" "^4.2.4" + "jest-haste-map" "^27.4.6" + "jest-runtime" "^27.4.6" + +"@jest/transform@^27.4.6": + "version" "27.4.6" + dependencies: + "@babel/core" "^7.1.0" + "@jest/types" "^27.4.2" + "babel-plugin-istanbul" "^6.1.1" + "chalk" "^4.0.0" + "convert-source-map" "^1.4.0" + "fast-json-stable-stringify" "^2.0.0" + "graceful-fs" "^4.2.4" + "jest-haste-map" "^27.4.6" + "jest-regex-util" "^27.4.0" + "jest-util" "^27.4.2" + "micromatch" "^4.0.4" + "pirates" "^4.0.4" + "slash" "^3.0.0" + "source-map" "^0.6.1" + "write-file-atomic" "^3.0.0" + +"@jest/types@^27.4.2": + "version" "27.4.2" + dependencies: + "@types/istanbul-lib-coverage" "^2.0.0" + "@types/istanbul-reports" "^3.0.0" + "@types/node" "*" + "@types/yargs" "^16.0.0" + "chalk" "^4.0.0" + +"@manypkg/find-root@^1.1.0": + "version" "1.1.0" + dependencies: + "@babel/runtime" "^7.5.5" + "@types/node" "^12.7.1" + "find-up" "^4.1.0" + "fs-extra" "^8.1.0" + +"@manypkg/get-packages@^1.1.3": + "version" "1.1.3" + dependencies: + "@babel/runtime" "^7.5.5" + "@changesets/types" "^4.0.1" + "@manypkg/find-root" "^1.1.0" + "fs-extra" "^8.1.0" + "globby" "^11.0.0" + "read-yaml-file" "^1.1.0" + +"@nodelib/fs.scandir@2.1.5": + "version" "2.1.5" + dependencies: + "@nodelib/fs.stat" "2.0.5" + "run-parallel" "^1.1.9" + +"@nodelib/fs.stat@^2.0.2", "@nodelib/fs.stat@2.0.5": + "version" "2.0.5" + +"@nodelib/fs.walk@^1.2.3": + "version" "1.2.8" + dependencies: + "@nodelib/fs.scandir" "2.1.5" + "fastq" "^1.6.0" + +"@npmcli/arborist@^5.0.0", "@npmcli/arborist@^5.0.3": + "version" "5.1.1" + dependencies: + "@isaacs/string-locale-compare" "^1.1.0" + "@npmcli/installed-package-contents" "^1.0.7" + "@npmcli/map-workspaces" "^2.0.3" + "@npmcli/metavuln-calculator" "^3.0.1" + "@npmcli/move-file" "^2.0.0" + "@npmcli/name-from-folder" "^1.0.1" + "@npmcli/node-gyp" "^2.0.0" + "@npmcli/package-json" "^2.0.0" + "@npmcli/run-script" "^3.0.0" + "bin-links" "^3.0.0" + "cacache" "^16.0.6" + "common-ancestor-path" "^1.0.1" + "json-parse-even-better-errors" "^2.3.1" + "json-stringify-nice" "^1.1.4" + "mkdirp" "^1.0.4" + "mkdirp-infer-owner" "^2.0.0" + "nopt" "^5.0.0" + "npm-install-checks" "^5.0.0" + "npm-package-arg" "^9.0.0" + "npm-pick-manifest" "^7.0.0" + "npm-registry-fetch" "^13.0.0" + "npmlog" "^6.0.2" + "pacote" "^13.0.5" + "parse-conflict-json" "^2.0.1" + "proc-log" "^2.0.0" + "promise-all-reject-late" "^1.0.0" + "promise-call-limit" "^1.0.1" + "read-package-json-fast" "^2.0.2" + "readdir-scoped-modules" "^1.1.0" + "rimraf" "^3.0.2" + "semver" "^7.3.7" + "ssri" "^9.0.0" + "treeverse" "^2.0.0" + "walk-up-path" "^1.0.0" + +"@npmcli/arborist@^5.0.4": + "version" "5.2.0" + dependencies: + "@isaacs/string-locale-compare" "^1.1.0" + "@npmcli/installed-package-contents" "^1.0.7" + "@npmcli/map-workspaces" "^2.0.3" + "@npmcli/metavuln-calculator" "^3.0.1" + "@npmcli/move-file" "^2.0.0" + "@npmcli/name-from-folder" "^1.0.1" + "@npmcli/node-gyp" "^2.0.0" + "@npmcli/package-json" "^2.0.0" + "@npmcli/run-script" "^3.0.0" + "bin-links" "^3.0.0" + "cacache" "^16.0.6" + "common-ancestor-path" "^1.0.1" + "json-parse-even-better-errors" "^2.3.1" + "json-stringify-nice" "^1.1.4" + "mkdirp" "^1.0.4" + "mkdirp-infer-owner" "^2.0.0" + "nopt" "^5.0.0" + "npm-install-checks" "^5.0.0" + "npm-package-arg" "^9.0.0" + "npm-pick-manifest" "^7.0.0" + "npm-registry-fetch" "^13.0.0" + "npmlog" "^6.0.2" + "pacote" "^13.0.5" + "parse-conflict-json" "^2.0.1" + "proc-log" "^2.0.0" + "promise-all-reject-late" "^1.0.0" + "promise-call-limit" "^1.0.1" + "read-package-json-fast" "^2.0.2" + "readdir-scoped-modules" "^1.1.0" + "rimraf" "^3.0.2" + "semver" "^7.3.7" + "ssri" "^9.0.0" + "treeverse" "^2.0.0" + "walk-up-path" "^1.0.0" + +"@npmcli/ci-detect@^2.0.0": + "version" "2.0.0" + +"@npmcli/config@^4.0.1", "@npmcli/config@^4.1.0": + "version" "4.1.0" + dependencies: + "@npmcli/map-workspaces" "^2.0.2" + "ini" "^3.0.0" + "mkdirp-infer-owner" "^2.0.0" + "nopt" "^5.0.0" + "proc-log" "^2.0.0" + "read-package-json-fast" "^2.0.3" + "semver" "^7.3.5" + "walk-up-path" "^1.0.0" + +"@npmcli/disparity-colors@^2.0.0": + "version" "2.0.0" + dependencies: + "ansi-styles" "^4.3.0" + +"@npmcli/fs@^2.1.0": + "version" "2.1.0" + dependencies: + "@gar/promisify" "^1.1.3" + "semver" "^7.3.5" + +"@npmcli/git@^3.0.0": + "version" "3.0.1" + dependencies: + "@npmcli/promise-spawn" "^3.0.0" + "lru-cache" "^7.4.4" + "mkdirp" "^1.0.4" + "npm-pick-manifest" "^7.0.0" + "proc-log" "^2.0.0" + "promise-inflight" "^1.0.1" + "promise-retry" "^2.0.1" + "semver" "^7.3.5" + "which" "^2.0.2" + +"@npmcli/installed-package-contents@^1.0.7": + "version" "1.0.7" + dependencies: + "npm-bundled" "^1.1.1" + "npm-normalize-package-bin" "^1.0.1" + +"@npmcli/map-workspaces@^2.0.2", "@npmcli/map-workspaces@^2.0.3": + "version" "2.0.3" + dependencies: + "@npmcli/name-from-folder" "^1.0.1" + "glob" "^8.0.1" + "minimatch" "^5.0.1" + "read-package-json-fast" "^2.0.3" + +"@npmcli/metavuln-calculator@^3.0.1": + "version" "3.1.0" + dependencies: + "cacache" "^16.0.0" + "json-parse-even-better-errors" "^2.3.1" + "pacote" "^13.0.3" + "semver" "^7.3.5" + +"@npmcli/move-file@^2.0.0": + "version" "2.0.0" + dependencies: + "mkdirp" "^1.0.4" + "rimraf" "^3.0.2" + +"@npmcli/name-from-folder@^1.0.1": + "version" "1.0.1" + +"@npmcli/node-gyp@^2.0.0": + "version" "2.0.0" + +"@npmcli/package-json@^1.0.1": + "version" "1.0.1" + dependencies: + "json-parse-even-better-errors" "^2.3.1" + +"@npmcli/package-json@^2.0.0": + "version" "2.0.0" + dependencies: + "json-parse-even-better-errors" "^2.3.1" + +"@npmcli/promise-spawn@^3.0.0": + "version" "3.0.0" + dependencies: + "infer-owner" "^1.0.4" + +"@npmcli/run-script@^3.0.0", "@npmcli/run-script@^3.0.1": + "version" "3.0.2" + dependencies: + "@npmcli/node-gyp" "^2.0.0" + "@npmcli/promise-spawn" "^3.0.0" + "node-gyp" "^9.0.0" + "read-package-json-fast" "^2.0.3" + +"@octokit/auth-token@^2.4.4": + "version" "2.5.0" + dependencies: + "@octokit/types" "^6.0.3" + +"@octokit/core@^3.5.1", "@octokit/core@>=2", "@octokit/core@>=3": + "version" "3.5.1" + dependencies: + "@octokit/auth-token" "^2.4.4" + "@octokit/graphql" "^4.5.8" + "@octokit/request" "^5.6.0" + "@octokit/request-error" "^2.0.5" + "@octokit/types" "^6.0.3" + "before-after-hook" "^2.2.0" + "universal-user-agent" "^6.0.0" + +"@octokit/endpoint@^6.0.1": + "version" "6.0.12" + dependencies: + "@octokit/types" "^6.0.3" + "is-plain-object" "^5.0.0" + "universal-user-agent" "^6.0.0" + +"@octokit/graphql@^4.5.8": + "version" "4.8.0" + dependencies: + "@octokit/request" "^5.6.0" + "@octokit/types" "^6.0.3" + "universal-user-agent" "^6.0.0" + +"@octokit/openapi-types@^11.2.0": + "version" "11.2.0" + +"@octokit/plugin-paginate-rest@^2.16.8": + "version" "2.17.0" + dependencies: + "@octokit/types" "^6.34.0" + +"@octokit/plugin-request-log@^1.0.4": + "version" "1.0.4" + +"@octokit/plugin-rest-endpoint-methods@^5.12.0": + "version" "5.13.0" + dependencies: + "@octokit/types" "^6.34.0" + "deprecation" "^2.3.1" + +"@octokit/request-error@^2.0.5", "@octokit/request-error@^2.1.0": + "version" "2.1.0" + dependencies: + "@octokit/types" "^6.0.3" + "deprecation" "^2.0.0" + "once" "^1.4.0" + +"@octokit/request@^5.6.0": + "version" "5.6.2" + dependencies: + "@octokit/endpoint" "^6.0.1" + "@octokit/request-error" "^2.1.0" + "@octokit/types" "^6.16.1" + "is-plain-object" "^5.0.0" + "node-fetch" "^2.6.1" + "universal-user-agent" "^6.0.0" + +"@octokit/rest@^18.0.0": + "version" "18.12.0" + dependencies: + "@octokit/core" "^3.5.1" + "@octokit/plugin-paginate-rest" "^2.16.8" + "@octokit/plugin-request-log" "^1.0.4" + "@octokit/plugin-rest-endpoint-methods" "^5.12.0" + +"@octokit/types@^6.0.3", "@octokit/types@^6.16.1", "@octokit/types@^6.34.0": + "version" "6.34.0" + dependencies: + "@octokit/openapi-types" "^11.2.0" + +"@qiwi/multi-semantic-release@^6.1.1": + "version" "6.1.1" + dependencies: + "@manypkg/get-packages" "^1.1.3" + "@semrel-extra/topo" "^1.3.0" + "blork" "^9.3.0" + "cosmiconfig" "^7.0.1" + "debug" "^4.3.4" + "detect-indent" "^7.0.0" + "detect-newline" "^4.0.0" + "execa" "^6.1.0" + "get-stream" "^6.0.1" + "git-log-parser" "^1.2.0" + "globby" "13.1.1" + "lodash" "^4.17.21" + "lodash-es" "^4.17.21" + "meow" "^10.1.2" + "promise-events" "^0.2.4" + "semantic-release" "^19.0.2" + "semver" "^7.3.6" + "signale" "^1.4.0" + "stream-buffers" "^3.0.2" + "tempy" "^2.0.0" + +"@semantic-release/changelog@^6.0.1": + "version" "6.0.1" + dependencies: + "@semantic-release/error" "^3.0.0" + "aggregate-error" "^3.0.0" + "fs-extra" "^9.0.0" + "lodash" "^4.17.4" + +"@semantic-release/commit-analyzer@^9.0.2": + "version" "9.0.2" + dependencies: + "conventional-changelog-angular" "^5.0.0" + "conventional-commits-filter" "^2.0.0" + "conventional-commits-parser" "^3.2.3" + "debug" "^4.0.0" + "import-from" "^4.0.0" + "lodash" "^4.17.4" + "micromatch" "^4.0.2" + +"@semantic-release/error@^2.2.0": + "version" "2.2.0" + +"@semantic-release/error@^3.0.0": + "version" "3.0.0" + +"@semantic-release/git@^10.0.1": + "version" "10.0.1" + dependencies: + "@semantic-release/error" "^3.0.0" + "aggregate-error" "^3.0.0" + "debug" "^4.0.0" + "dir-glob" "^3.0.0" + "execa" "^5.0.0" + "lodash" "^4.17.4" + "micromatch" "^4.0.0" + "p-reduce" "^2.0.0" + +"@semantic-release/github@^8.0.0", "@semantic-release/github@^8.0.1": + "version" "8.0.4" + dependencies: + "@octokit/rest" "^18.0.0" + "@semantic-release/error" "^2.2.0" + "aggregate-error" "^3.0.0" + "bottleneck" "^2.18.1" + "debug" "^4.0.0" + "dir-glob" "^3.0.0" + "fs-extra" "^10.0.0" + "globby" "^11.0.0" + "http-proxy-agent" "^5.0.0" + "https-proxy-agent" "^5.0.0" + "issue-parser" "^6.0.0" + "lodash" "^4.17.4" + "mime" "^3.0.0" + "p-filter" "^2.0.0" + "p-retry" "^4.0.0" + "url-join" "^4.0.0" + +"@semantic-release/npm@^9.0.0", "@semantic-release/npm@^9.0.1": + "version" "9.0.1" + dependencies: + "@semantic-release/error" "^3.0.0" + "aggregate-error" "^3.0.0" + "execa" "^5.0.0" + "fs-extra" "^10.0.0" + "lodash" "^4.17.15" + "nerf-dart" "^1.0.0" + "normalize-url" "^6.0.0" + "npm" "^8.3.0" + "rc" "^1.2.8" + "read-pkg" "^5.0.0" + "registry-auth-token" "^4.0.0" + "semver" "^7.1.2" + "tempy" "^1.0.0" + +"@semantic-release/release-notes-generator@^10.0.0": + "version" "10.0.3" + dependencies: + "conventional-changelog-angular" "^5.0.0" + "conventional-changelog-writer" "^5.0.0" + "conventional-commits-filter" "^2.0.0" + "conventional-commits-parser" "^3.2.3" + "debug" "^4.0.0" + "get-stream" "^6.0.0" + "import-from" "^4.0.0" + "into-stream" "^6.0.0" + "lodash" "^4.17.4" + "read-pkg-up" "^7.0.0" + +"@semrel-extra/npm@^1.2.0": + "version" "1.2.0" + +"@semrel-extra/topo@^1.3.0": + "version" "1.3.0" + dependencies: + "@types/toposort" "^2.0.3" + "fast-glob" "^3.2.7" + "toposort" "^2.0.2" + "tslib" "^2.3.1" + +"@sideway/address@^4.1.3": + "version" "4.1.3" + dependencies: + "@hapi/hoek" "^9.0.0" + +"@sideway/formula@^3.0.0": + "version" "3.0.0" + +"@sideway/pinpoint@^2.0.0": + "version" "2.0.0" + +"@sindresorhus/is@^0.7.0": + "version" "0.7.0" + +"@sinonjs/commons@^1.7.0": + "version" "1.8.3" + dependencies: + "type-detect" "4.0.8" + +"@sinonjs/fake-timers@^8.0.1": + "version" "8.1.0" + dependencies: + "@sinonjs/commons" "^1.7.0" + +"@tootallnate/once@1": + "version" "1.1.2" + +"@tootallnate/once@2": + "version" "2.0.0" + +"@types/babel__core@^7.0.0", "@types/babel__core@^7.1.14": + "version" "7.1.18" + dependencies: + "@babel/parser" "^7.1.0" + "@babel/types" "^7.0.0" + "@types/babel__generator" "*" + "@types/babel__template" "*" + "@types/babel__traverse" "*" + +"@types/babel__generator@*": + "version" "7.6.4" + dependencies: + "@babel/types" "^7.0.0" + +"@types/babel__template@*": + "version" "7.4.1" + dependencies: + "@babel/parser" "^7.1.0" + "@babel/types" "^7.0.0" + +"@types/babel__traverse@*", "@types/babel__traverse@^7.0.4", "@types/babel__traverse@^7.0.6": + "version" "7.14.2" + dependencies: + "@babel/types" "^7.3.0" + +"@types/graceful-fs@^4.1.2": + "version" "4.1.5" + dependencies: + "@types/node" "*" + +"@types/istanbul-lib-coverage@*", "@types/istanbul-lib-coverage@^2.0.0", "@types/istanbul-lib-coverage@^2.0.1": + "version" "2.0.4" + +"@types/istanbul-lib-report@*": + "version" "3.0.0" + dependencies: + "@types/istanbul-lib-coverage" "*" + +"@types/istanbul-reports@^3.0.0": + "version" "3.0.1" + dependencies: + "@types/istanbul-lib-report" "*" + +"@types/jest@^27.0.0", "@types/jest@^27.0.3", "@types/jest@^27.4.0": + "version" "27.4.0" + dependencies: + "jest-diff" "^27.0.0" + "pretty-format" "^27.0.0" + +"@types/json-schema@^7.0.7": + "version" "7.0.9" + +"@types/json5@^0.0.29": + "version" "0.0.29" + +"@types/minimist@^1.2.0", "@types/minimist@^1.2.2": + "version" "1.2.2" + +"@types/node@*": + "version" "12.20.41" + +"@types/node@^12.7.1": + "version" "12.20.41" + +"@types/node@^15.12.4": + "version" "15.14.9" + +"@types/node@^17.0.8": + "version" "17.0.8" + +"@types/normalize-package-data@^2.4.0": + "version" "2.4.1" + +"@types/parse-json@^4.0.0": + "version" "4.0.0" + +"@types/pino-pretty@*": + "version" "4.7.4" + dependencies: + "@types/node" "*" + "@types/pino" "6.3" + +"@types/pino-std-serializers@*": + "version" "2.4.1" + dependencies: + "@types/node" "*" + +"@types/pino@^6.3.11", "@types/pino@6.3": + "version" "6.3.12" + dependencies: + "@types/node" "*" + "@types/pino-pretty" "*" + "@types/pino-std-serializers" "*" + "sonic-boom" "^2.1.0" + +"@types/prettier@^2.1.5": + "version" "2.4.2" + +"@types/retry@^0.12.0": + "version" "0.12.1" + +"@types/stack-utils@^2.0.0": + "version" "2.0.1" + +"@types/toposort@^2.0.3": + "version" "2.0.3" + +"@types/yargs-parser@*": + "version" "20.2.1" + +"@types/yargs@^16.0.0": + "version" "16.0.4" + dependencies: + "@types/yargs-parser" "*" + +"@typescript-eslint/eslint-plugin@^4.28.5": + "version" "4.33.0" + dependencies: + "@typescript-eslint/experimental-utils" "4.33.0" + "@typescript-eslint/scope-manager" "4.33.0" + "debug" "^4.3.1" + "functional-red-black-tree" "^1.0.1" + "ignore" "^5.1.8" + "regexpp" "^3.1.0" + "semver" "^7.3.5" + "tsutils" "^3.21.0" + +"@typescript-eslint/experimental-utils@4.33.0": + "version" "4.33.0" + dependencies: + "@types/json-schema" "^7.0.7" + "@typescript-eslint/scope-manager" "4.33.0" + "@typescript-eslint/types" "4.33.0" + "@typescript-eslint/typescript-estree" "4.33.0" + "eslint-scope" "^5.1.1" + "eslint-utils" "^3.0.0" + +"@typescript-eslint/parser@^4.0.0", "@typescript-eslint/parser@^4.28.5": + "version" "4.33.0" + dependencies: + "@typescript-eslint/scope-manager" "4.33.0" + "@typescript-eslint/types" "4.33.0" + "@typescript-eslint/typescript-estree" "4.33.0" + "debug" "^4.3.1" + +"@typescript-eslint/scope-manager@4.33.0": + "version" "4.33.0" + dependencies: + "@typescript-eslint/types" "4.33.0" + "@typescript-eslint/visitor-keys" "4.33.0" + +"@typescript-eslint/types@4.33.0": + "version" "4.33.0" + +"@typescript-eslint/typescript-estree@4.33.0": + "version" "4.33.0" + dependencies: + "@typescript-eslint/types" "4.33.0" + "@typescript-eslint/visitor-keys" "4.33.0" + "debug" "^4.3.1" + "globby" "^11.0.3" + "is-glob" "^4.0.1" + "semver" "^7.3.5" + "tsutils" "^3.21.0" + +"@typescript-eslint/visitor-keys@4.33.0": + "version" "4.33.0" + dependencies: + "@typescript-eslint/types" "4.33.0" + "eslint-visitor-keys" "^2.0.0" + +"abab@^2.0.3", "abab@^2.0.5": + "version" "2.0.5" + +"abbrev@~1.1.1", "abbrev@1": + "version" "1.1.1" + +"acorn-globals@^6.0.0": + "version" "6.0.0" + dependencies: + "acorn" "^7.1.1" + "acorn-walk" "^7.1.1" + +"acorn-jsx@^5.3.1": + "version" "5.3.2" + +"acorn-walk@^7.1.1": + "version" "7.2.0" + +"acorn@^6.0.0 || ^7.0.0 || ^8.0.0", "acorn@^7.1.1", "acorn@^7.4.0": + "version" "7.4.1" + +"acorn@^8.2.4": + "version" "8.7.0" + +"agent-base@^6.0.2", "agent-base@6": + "version" "6.0.2" + dependencies: + "debug" "4" + +"agentkeepalive@^4.2.1": + "version" "4.2.1" + dependencies: + "debug" "^4.1.0" + "depd" "^1.1.2" + "humanize-ms" "^1.2.1" + +"aggregate-error@^3.0.0": + "version" "3.1.0" + dependencies: + "clean-stack" "^2.0.0" + "indent-string" "^4.0.0" + +"ajv@^6.10.0", "ajv@^6.12.4": + "version" "6.12.6" + dependencies: + "fast-deep-equal" "^3.1.1" + "fast-json-stable-stringify" "^2.0.0" + "json-schema-traverse" "^0.4.1" + "uri-js" "^4.2.2" + +"ajv@^8.0.1": + "version" "8.8.2" + dependencies: + "fast-deep-equal" "^3.1.1" + "json-schema-traverse" "^1.0.0" + "require-from-string" "^2.0.2" + "uri-js" "^4.2.2" + +"ansi-colors@^4.1.1": + "version" "4.1.1" + +"ansi-escapes@^4.2.1": + "version" "4.3.2" + dependencies: + "type-fest" "^0.21.3" + +"ansi-escapes@^5.0.0": + "version" "5.0.0" + dependencies: + "type-fest" "^1.0.2" + +"ansi-regex@^5.0.1": + "version" "5.0.1" + +"ansi-styles@^3.2.1": + "integrity" "sha512-VT0ZI6kZRdTh8YyJw3SMbYm/u+NqfsAxEpWO0Pf9sq8/e94WxxOpPKx9FR1FlyCtOVDNOQ+8ntlqFxiRc+r5qA==" + "resolved" "https://registry.npmjs.org/ansi-styles/-/ansi-styles-3.2.1.tgz" + "version" "3.2.1" + dependencies: + "color-convert" "^1.9.0" + +"ansi-styles@^4.0.0", "ansi-styles@^4.1.0", "ansi-styles@^4.3.0": + "version" "4.3.0" + dependencies: + "color-convert" "^2.0.1" + +"ansi-styles@^5.0.0": + "version" "5.2.0" + +"ansicolors@~0.3.2": + "version" "0.3.2" + +"ansistyles@~0.1.3": + "version" "0.1.3" + +"anymatch@^1.3.0": + "version" "1.3.2" + dependencies: + "micromatch" "^2.1.5" + "normalize-path" "^2.0.0" + +"anymatch@^3.0.3": + "version" "3.1.2" + dependencies: + "normalize-path" "^3.0.0" + "picomatch" "^2.0.4" + +"aproba@^1.0.3 || ^2.0.0", "aproba@^2.0.0": + "version" "2.0.0" + +"archive-type@^4.0.0": + "version" "4.0.0" + dependencies: + "file-type" "^4.2.0" + +"archy@~1.0.0": + "version" "1.0.0" + +"are-we-there-yet@^3.0.0": + "version" "3.0.0" + dependencies: + "delegates" "^1.0.0" + "readable-stream" "^3.6.0" + +"argparse@^1.0.7": + "version" "1.0.10" + dependencies: + "sprintf-js" "~1.0.2" + +"argv-formatter@~1.0.0": + "version" "1.0.0" + +"arr-diff@^2.0.0": + "version" "2.0.0" + dependencies: + "arr-flatten" "^1.0.1" + +"arr-diff@^4.0.0": + "version" "4.0.0" + +"arr-flatten@^1.0.1", "arr-flatten@^1.1.0": + "version" "1.1.0" + +"arr-union@^3.1.0": + "version" "3.1.0" + +"array-ify@^1.0.0": + "version" "1.0.0" + +"array-includes@^3.1.4": + "version" "3.1.4" + dependencies: + "call-bind" "^1.0.2" + "define-properties" "^1.1.3" + "es-abstract" "^1.19.1" + "get-intrinsic" "^1.1.1" + "is-string" "^1.0.7" + +"array-union@^2.1.0": + "version" "2.1.0" + +"array-unique@^0.2.1": + "version" "0.2.1" + +"array-unique@^0.3.2": + "version" "0.3.2" + +"array.prototype.flat@^1.2.5": + "version" "1.2.5" + dependencies: + "call-bind" "^1.0.2" + "define-properties" "^1.1.3" + "es-abstract" "^1.19.0" + +"arrify@^1.0.1": + "version" "1.0.1" + +"asap@^2.0.0": + "version" "2.0.6" + +"assign-symbols@^1.0.0": + "version" "1.0.0" + +"astral-regex@^2.0.0": + "version" "2.0.0" + +"async-each@^1.0.0": + "version" "1.0.3" + +"asynckit@^0.4.0": + "version" "0.4.0" + +"at-least-node@^1.0.0": + "version" "1.0.0" + +"atob@^2.1.2": + "version" "2.1.2" + +"atomic-sleep@^1.0.0": + "version" "1.0.0" + +"babel-jest@^27.4.6", "babel-jest@>=27.0.0 <28": + "version" "27.4.6" + dependencies: + "@jest/transform" "^27.4.6" + "@jest/types" "^27.4.2" + "@types/babel__core" "^7.1.14" + "babel-plugin-istanbul" "^6.1.1" + "babel-preset-jest" "^27.4.0" + "chalk" "^4.0.0" + "graceful-fs" "^4.2.4" + "slash" "^3.0.0" + +"babel-plugin-istanbul@^6.1.1": + "version" "6.1.1" + dependencies: + "@babel/helper-plugin-utils" "^7.0.0" + "@istanbuljs/load-nyc-config" "^1.0.0" + "@istanbuljs/schema" "^0.1.2" + "istanbul-lib-instrument" "^5.0.4" + "test-exclude" "^6.0.0" + +"babel-plugin-jest-hoist@^27.4.0": + "version" "27.4.0" + dependencies: + "@babel/template" "^7.3.3" + "@babel/types" "^7.3.3" + "@types/babel__core" "^7.0.0" + "@types/babel__traverse" "^7.0.6" + +"babel-preset-current-node-syntax@^1.0.0": + "version" "1.0.1" + dependencies: + "@babel/plugin-syntax-async-generators" "^7.8.4" + "@babel/plugin-syntax-bigint" "^7.8.3" + "@babel/plugin-syntax-class-properties" "^7.8.3" + "@babel/plugin-syntax-import-meta" "^7.8.3" + "@babel/plugin-syntax-json-strings" "^7.8.3" + "@babel/plugin-syntax-logical-assignment-operators" "^7.8.3" + "@babel/plugin-syntax-nullish-coalescing-operator" "^7.8.3" + "@babel/plugin-syntax-numeric-separator" "^7.8.3" + "@babel/plugin-syntax-object-rest-spread" "^7.8.3" + "@babel/plugin-syntax-optional-catch-binding" "^7.8.3" + "@babel/plugin-syntax-optional-chaining" "^7.8.3" + "@babel/plugin-syntax-top-level-await" "^7.8.3" + +"babel-preset-jest@^27.4.0": + "version" "27.4.0" + dependencies: + "babel-plugin-jest-hoist" "^27.4.0" + "babel-preset-current-node-syntax" "^1.0.0" + +"babel-runtime@^6.9.2": + "version" "6.26.0" + dependencies: + "core-js" "^2.4.0" + "regenerator-runtime" "^0.11.0" + +"balanced-match@^1.0.0": + "version" "1.0.2" + +"base@^0.11.1": + "version" "0.11.2" + dependencies: + "cache-base" "^1.0.1" + "class-utils" "^0.3.5" + "component-emitter" "^1.2.1" + "define-property" "^1.0.0" + "isobject" "^3.0.1" + "mixin-deep" "^1.2.0" + "pascalcase" "^0.1.1" + +"base64-js@^1.3.1": + "version" "1.5.1" + +"before-after-hook@^2.2.0": + "version" "2.2.2" + +"bin-build@^3.0.0": + "version" "3.0.0" + dependencies: + "decompress" "^4.0.0" + "download" "^6.2.2" + "execa" "^0.7.0" + "p-map-series" "^1.0.0" + "tempfile" "^2.0.0" + +"bin-links@^3.0.0": + "version" "3.0.1" + dependencies: + "cmd-shim" "^5.0.0" + "mkdirp-infer-owner" "^2.0.0" + "npm-normalize-package-bin" "^1.0.0" + "read-cmd-shim" "^3.0.0" + "rimraf" "^3.0.0" + "write-file-atomic" "^4.0.0" + +"binary-extensions@^1.0.0": + "version" "1.13.1" + +"binary-extensions@^2.2.0": + "version" "2.2.0" + +"bindings@^1.5.0": + "version" "1.5.0" + dependencies: + "file-uri-to-path" "1.0.0" + +"bl@^1.0.0": + "version" "1.2.3" + dependencies: + "readable-stream" "^2.3.5" + "safe-buffer" "^5.1.1" + +"bl@^4.1.0": + "version" "4.1.0" + dependencies: + "buffer" "^5.5.0" + "inherits" "^2.0.4" + "readable-stream" "^3.4.0" + +"blork@^9.3.0": + "version" "9.3.0" + +"bottleneck@^2.18.1": + "version" "2.19.5" + +"brace-expansion@^1.1.7": + "version" "1.1.11" + dependencies: + "balanced-match" "^1.0.0" + "concat-map" "0.0.1" + +"brace-expansion@^2.0.1": + "version" "2.0.1" + dependencies: + "balanced-match" "^1.0.0" + +"braces@^1.8.2": + "version" "1.8.5" + dependencies: + "expand-range" "^1.8.1" + "preserve" "^0.2.0" + "repeat-element" "^1.1.2" + +"braces@^2.3.1": + "version" "2.3.2" + dependencies: + "arr-flatten" "^1.1.0" + "array-unique" "^0.3.2" + "extend-shallow" "^2.0.1" + "fill-range" "^4.0.0" + "isobject" "^3.0.1" + "repeat-element" "^1.1.2" + "snapdragon" "^0.8.1" + "snapdragon-node" "^2.0.1" + "split-string" "^3.0.2" + "to-regex" "^3.0.1" + +"braces@^3.0.1": + "version" "3.0.2" + dependencies: + "fill-range" "^7.0.1" + +"browser-process-hrtime@^1.0.0": + "version" "1.0.0" + +"browserslist@^4.17.5": + "version" "4.19.1" + dependencies: + "caniuse-lite" "^1.0.30001286" + "electron-to-chromium" "^1.4.17" + "escalade" "^3.1.1" + "node-releases" "^2.0.1" + "picocolors" "^1.0.0" + +"bs-logger@0.x": + "version" "0.2.6" + dependencies: + "fast-json-stable-stringify" "2.x" + +"bser@2.1.1": + "version" "2.1.1" + dependencies: + "node-int64" "^0.4.0" + +"buffer-alloc-unsafe@^1.1.0": + "version" "1.1.0" + +"buffer-alloc@^1.2.0": + "version" "1.2.0" + dependencies: + "buffer-alloc-unsafe" "^1.1.0" + "buffer-fill" "^1.0.0" + +"buffer-crc32@~0.2.3": + "version" "0.2.13" + +"buffer-fill@^1.0.0": + "version" "1.0.0" + +"buffer-from@^1.0.0": + "version" "1.1.2" + +"buffer@^5.2.1", "buffer@^5.5.0": + "version" "5.7.1" + dependencies: + "base64-js" "^1.3.1" + "ieee754" "^1.1.13" + +"builtins@^1.0.3": + "version" "1.0.3" + +"builtins@^5.0.0": + "version" "5.0.1" + dependencies: + "semver" "^7.0.0" + +"cacache@^16.0.0", "cacache@^16.0.2", "cacache@^16.0.6", "cacache@^16.0.7": + "version" "16.0.7" + dependencies: + "@npmcli/fs" "^2.1.0" + "@npmcli/move-file" "^2.0.0" + "chownr" "^2.0.0" + "fs-minipass" "^2.1.0" + "glob" "^8.0.1" + "infer-owner" "^1.0.4" + "lru-cache" "^7.7.1" + "minipass" "^3.1.6" + "minipass-collect" "^1.0.2" + "minipass-flush" "^1.0.5" + "minipass-pipeline" "^1.2.4" + "mkdirp" "^1.0.4" + "p-map" "^4.0.0" + "promise-inflight" "^1.0.1" + "rimraf" "^3.0.2" + "ssri" "^9.0.0" + "tar" "^6.1.11" + "unique-filename" "^1.1.1" + +"cache-base@^1.0.1": + "version" "1.0.1" + dependencies: + "collection-visit" "^1.0.0" + "component-emitter" "^1.2.1" + "get-value" "^2.0.6" + "has-value" "^1.0.0" + "isobject" "^3.0.1" + "set-value" "^2.0.0" + "to-object-path" "^0.3.0" + "union-value" "^1.0.0" + "unset-value" "^1.0.0" + +"cacheable-request@^2.1.1": + "version" "2.1.4" + dependencies: + "clone-response" "1.0.2" + "get-stream" "3.0.0" + "http-cache-semantics" "3.8.1" + "keyv" "3.0.0" + "lowercase-keys" "1.0.0" + "normalize-url" "2.0.1" + "responselike" "1.0.2" + +"call-bind@^1.0.0", "call-bind@^1.0.2": + "version" "1.0.2" + dependencies: + "function-bind" "^1.1.1" + "get-intrinsic" "^1.0.2" + +"callsites@^3.0.0": + "version" "3.1.0" + +"camelcase-keys@^6.2.2": + "version" "6.2.2" + dependencies: + "camelcase" "^5.3.1" + "map-obj" "^4.0.0" + "quick-lru" "^4.0.1" + +"camelcase-keys@^7.0.0": + "version" "7.0.2" + dependencies: + "camelcase" "^6.3.0" + "map-obj" "^4.1.0" + "quick-lru" "^5.1.1" + "type-fest" "^1.2.1" + +"camelcase@^5.3.1": + "version" "5.3.1" + +"camelcase@^6.2.0", "camelcase@^6.3.0": + "version" "6.3.0" + +"caniuse-lite@^1.0.30001286": + "version" "1.0.30001297" + +"cardinal@^2.1.1": + "version" "2.1.1" + dependencies: + "ansicolors" "~0.3.2" + "redeyed" "~2.1.0" + +"caw@^2.0.0": + "version" "2.0.1" + dependencies: + "get-proxy" "^2.0.0" + "isurl" "^1.0.0-alpha5" + "tunnel-agent" "^0.6.0" + "url-to-options" "^1.0.1" + +"chalk@^2.0.0": + "integrity" "sha512-Mti+f9lpJNcwF4tWV8/OrTTtF1gZi+f8FqlyAdouralcFWFQWF2+NgCHShjkCb+IFBLq9buZwE1xckQU4peSuQ==" + "resolved" "https://registry.npmjs.org/chalk/-/chalk-2.4.2.tgz" + "version" "2.4.2" + dependencies: + "ansi-styles" "^3.2.1" + "escape-string-regexp" "^1.0.5" + "supports-color" "^5.3.0" + +"chalk@^2.3.2": + "integrity" "sha512-Mti+f9lpJNcwF4tWV8/OrTTtF1gZi+f8FqlyAdouralcFWFQWF2+NgCHShjkCb+IFBLq9buZwE1xckQU4peSuQ==" + "resolved" "https://registry.npmjs.org/chalk/-/chalk-2.4.2.tgz" + "version" "2.4.2" + dependencies: + "ansi-styles" "^3.2.1" + "escape-string-regexp" "^1.0.5" + "supports-color" "^5.3.0" + +"chalk@^4.0.0", "chalk@^4.1.0", "chalk@^4.1.1", "chalk@^4.1.2": + "version" "4.1.2" + dependencies: + "ansi-styles" "^4.1.0" + "supports-color" "^7.1.0" + +"chalk@^5.0.0": + "integrity" "sha512-Fo07WOYGqMfCWHOzSXOt2CxDbC6skS/jO9ynEcmpANMoPrD+W1r1K6Vx7iNm+AQmETU1Xr2t+n8nzkV9t6xh3w==" + "resolved" "https://registry.npmjs.org/chalk/-/chalk-5.0.1.tgz" + "version" "5.0.1" + +"char-regex@^1.0.2": + "version" "1.0.2" + +"chardet@^0.7.0": + "version" "0.7.0" + +"chokidar@^1.6.0": + "version" "1.7.0" + dependencies: + "anymatch" "^1.3.0" + "async-each" "^1.0.0" + "glob-parent" "^2.0.0" + "inherits" "^2.0.1" + "is-binary-path" "^1.0.0" + "is-glob" "^2.0.0" + "path-is-absolute" "^1.0.0" + "readdirp" "^2.0.0" + optionalDependencies: + "fsevents" "^1.0.0" + +"chownr@^2.0.0": + "version" "2.0.0" + +"ci-info@^3.2.0": + "version" "3.3.0" + +"cidr-regex@^3.1.1": + "version" "3.1.1" + dependencies: + "ip-regex" "^4.1.0" + +"cjs-module-lexer@^1.0.0": + "version" "1.2.2" + +"class-utils@^0.3.5": + "version" "0.3.6" + dependencies: + "arr-union" "^3.1.0" + "define-property" "^0.2.5" + "isobject" "^3.0.0" + "static-extend" "^0.1.1" + +"clean-stack@^2.0.0": + "version" "2.2.0" + +"cli-columns@^4.0.0": + "version" "4.0.0" + dependencies: + "string-width" "^4.2.3" + "strip-ansi" "^6.0.1" + +"cli-cursor@^3.1.0": + "version" "3.1.0" + dependencies: + "restore-cursor" "^3.1.0" + +"cli-spinners@^2.5.0": + "version" "2.6.1" + +"cli-table3@^0.6.1": + "version" "0.6.1" + dependencies: + "string-width" "^4.2.0" + optionalDependencies: + "colors" "1.4.0" + +"cli-table3@^0.6.2": + "version" "0.6.2" + dependencies: + "string-width" "^4.2.0" + optionalDependencies: + "@colors/colors" "1.5.0" + +"cli-width@^3.0.0": + "version" "3.0.0" + +"cliui@^7.0.2": + "version" "7.0.4" + dependencies: + "string-width" "^4.2.0" + "strip-ansi" "^6.0.0" + "wrap-ansi" "^7.0.0" + +"clone-response@1.0.2": + "version" "1.0.2" + dependencies: + "mimic-response" "^1.0.0" + +"clone@^1.0.2": + "version" "1.0.4" + +"cmd-shim@^5.0.0": + "version" "5.0.0" + dependencies: + "mkdirp-infer-owner" "^2.0.0" + +"co@^4.6.0": + "version" "4.6.0" + +"collect-v8-coverage@^1.0.0": + "version" "1.0.1" + +"collection-visit@^1.0.0": + "version" "1.0.0" + dependencies: + "map-visit" "^1.0.0" + "object-visit" "^1.0.0" + +"color-convert@^1.9.0": + "integrity" "sha512-QfAUtd+vFdAtFQcC8CCyYt1fYWxSqAiK2cSD6zDB8N3cpsEBAvRxp9zOGg6G/SHHJYAT88/az/IuDGALsNVbGg==" + "resolved" "https://registry.npmjs.org/color-convert/-/color-convert-1.9.3.tgz" + "version" "1.9.3" + dependencies: + "color-name" "1.1.3" + +"color-convert@^2.0.1": + "version" "2.0.1" + dependencies: + "color-name" "~1.1.4" + +"color-name@~1.1.4": + "version" "1.1.4" + +"color-name@1.1.3": + "integrity" "sha1-p9BVi9icQveV3UIyj3QIMcpTvCU=" + "resolved" "https://registry.npmjs.org/color-name/-/color-name-1.1.3.tgz" + "version" "1.1.3" + +"color-support@^1.1.3": + "version" "1.1.3" + +"colors@1.4.0": + "version" "1.4.0" + +"columnify@^1.6.0": + "version" "1.6.0" + dependencies: + "strip-ansi" "^6.0.1" + "wcwidth" "^1.0.0" + +"combined-stream@^1.0.8": + "version" "1.0.8" + dependencies: + "delayed-stream" "~1.0.0" + +"commander@^2.8.1": + "version" "2.20.3" + +"common-ancestor-path@^1.0.1": + "version" "1.0.1" + +"compare-func@^2.0.0": + "version" "2.0.0" + dependencies: + "array-ify" "^1.0.0" + "dot-prop" "^5.1.0" + +"component-emitter@^1.2.1": + "version" "1.3.0" + +"concat-map@0.0.1": + "version" "0.0.1" + +"config-chain@^1.1.11": + "version" "1.1.13" + dependencies: + "ini" "^1.3.4" + "proto-list" "~1.2.1" + +"confusing-browser-globals@^1.0.10": + "version" "1.0.11" + +"console-control-strings@^1.1.0": + "version" "1.1.0" + +"content-disposition@^0.5.2": + "version" "0.5.4" + dependencies: + "safe-buffer" "5.2.1" + +"conventional-changelog-angular@^5.0.0": + "version" "5.0.13" + dependencies: + "compare-func" "^2.0.0" + "q" "^1.5.1" + +"conventional-changelog-writer@^5.0.0": + "version" "5.0.1" + dependencies: + "conventional-commits-filter" "^2.0.7" + "dateformat" "^3.0.0" + "handlebars" "^4.7.7" + "json-stringify-safe" "^5.0.1" + "lodash" "^4.17.15" + "meow" "^8.0.0" + "semver" "^6.0.0" + "split" "^1.0.0" + "through2" "^4.0.0" + +"conventional-commits-filter@^2.0.0", "conventional-commits-filter@^2.0.7": + "version" "2.0.7" + dependencies: + "lodash.ismatch" "^4.4.0" + "modify-values" "^1.0.0" + +"conventional-commits-parser@^3.2.3": + "version" "3.2.4" + dependencies: + "is-text-path" "^1.0.1" + "JSONStream" "^1.0.4" + "lodash" "^4.17.15" + "meow" "^8.0.0" + "split2" "^3.0.0" + "through2" "^4.0.0" + +"convert-source-map@^1.4.0", "convert-source-map@^1.6.0", "convert-source-map@^1.7.0": + "version" "1.8.0" + dependencies: + "safe-buffer" "~5.1.1" + +"copy-descriptor@^0.1.0": + "version" "0.1.1" + +"core-js@^2.4.0": + "version" "2.6.12" + +"core-util-is@~1.0.0": + "version" "1.0.2" + +"cosmiconfig@^7.0.0", "cosmiconfig@^7.0.1": + "version" "7.0.1" + dependencies: + "@types/parse-json" "^4.0.0" + "import-fresh" "^3.2.1" + "parse-json" "^5.0.0" + "path-type" "^4.0.0" + "yaml" "^1.10.0" + +"cpx@^1.5.0": + "version" "1.5.0" + dependencies: + "babel-runtime" "^6.9.2" + "chokidar" "^1.6.0" + "duplexer" "^0.1.1" + "glob" "^7.0.5" + "glob2base" "^0.0.12" + "minimatch" "^3.0.2" + "mkdirp" "^0.5.1" + "resolve" "^1.1.7" + "safe-buffer" "^5.0.1" + "shell-quote" "^1.6.1" + "subarg" "^1.0.0" + +"cross-spawn@^5.0.1": + "version" "5.1.0" + dependencies: + "lru-cache" "^4.0.1" + "shebang-command" "^1.2.0" + "which" "^1.2.9" + +"cross-spawn@^7.0.2", "cross-spawn@^7.0.3": + "version" "7.0.3" + dependencies: + "path-key" "^3.1.0" + "shebang-command" "^2.0.0" + "which" "^2.0.1" + +"crypto-random-string@^2.0.0": + "version" "2.0.0" + +"crypto-random-string@^4.0.0": + "version" "4.0.0" + dependencies: + "type-fest" "^1.0.1" + +"cssom@^0.4.4": + "version" "0.4.4" + +"cssom@~0.3.6": + "version" "0.3.8" + +"cssstyle@^2.3.0": + "version" "2.3.0" + dependencies: + "cssom" "~0.3.6" + +"cuid@^2.1.8": + "version" "2.1.8" + +"data-urls@^2.0.0": + "version" "2.0.0" + dependencies: + "abab" "^2.0.3" + "whatwg-mimetype" "^2.3.0" + "whatwg-url" "^8.0.0" + +"date-fns@^2.25.0": + "version" "2.28.0" + +"dateformat@^3.0.0": + "version" "3.0.3" + +"debug@^2.2.0": + "version" "2.6.9" + dependencies: + "ms" "2.0.0" + +"debug@^2.3.3": + "version" "2.6.9" + dependencies: + "ms" "2.0.0" + +"debug@^2.6.9": + "version" "2.6.9" + dependencies: + "ms" "2.0.0" + +"debug@^3.2.7": + "version" "3.2.7" + dependencies: + "ms" "^2.1.1" + +"debug@^4.0.0", "debug@^4.0.1", "debug@^4.1.0", "debug@^4.1.1", "debug@^4.3.1", "debug@^4.3.3", "debug@^4.3.4", "debug@4": + "version" "4.3.4" + dependencies: + "ms" "2.1.2" + +"debuglog@^1.0.1": + "version" "1.0.1" + +"decamelize-keys@^1.1.0": + "version" "1.1.0" + dependencies: + "decamelize" "^1.1.0" + "map-obj" "^1.0.0" + +"decamelize@^1.1.0": + "version" "1.2.0" + +"decamelize@^5.0.0": + "version" "5.0.1" + +"decimal.js@^10.2.1": + "version" "10.3.1" + +"decode-uri-component@^0.2.0": + "version" "0.2.0" + +"decompress-response@^3.2.0", "decompress-response@^3.3.0": + "version" "3.3.0" + dependencies: + "mimic-response" "^1.0.0" + +"decompress-tar@^4.0.0", "decompress-tar@^4.1.0", "decompress-tar@^4.1.1": + "version" "4.1.1" + dependencies: + "file-type" "^5.2.0" + "is-stream" "^1.1.0" + "tar-stream" "^1.5.2" + +"decompress-tarbz2@^4.0.0": + "version" "4.1.1" + dependencies: + "decompress-tar" "^4.1.0" + "file-type" "^6.1.0" + "is-stream" "^1.1.0" + "seek-bzip" "^1.0.5" + "unbzip2-stream" "^1.0.9" + +"decompress-targz@^4.0.0": + "version" "4.1.1" + dependencies: + "decompress-tar" "^4.1.1" + "file-type" "^5.2.0" + "is-stream" "^1.1.0" + +"decompress-unzip@^4.0.1": + "version" "4.0.1" + dependencies: + "file-type" "^3.8.0" + "get-stream" "^2.2.0" + "pify" "^2.3.0" + "yauzl" "^2.4.2" + +"decompress@^4.0.0", "decompress@^4.2.1": + "version" "4.2.1" + dependencies: + "decompress-tar" "^4.0.0" + "decompress-tarbz2" "^4.0.0" + "decompress-targz" "^4.0.0" + "decompress-unzip" "^4.0.1" + "graceful-fs" "^4.1.10" + "make-dir" "^1.0.0" + "pify" "^2.3.0" + "strip-dirs" "^2.0.0" + +"dedent@^0.7.0": + "version" "0.7.0" + +"deep-extend@^0.6.0": + "version" "0.6.0" + +"deep-is@^0.1.3", "deep-is@~0.1.3": + "version" "0.1.4" + +"deepmerge@^4.2.2": + "version" "4.2.2" + +"defaults@^1.0.3": + "version" "1.0.3" + dependencies: + "clone" "^1.0.2" + +"define-properties@^1.1.3": + "version" "1.1.3" + dependencies: + "object-keys" "^1.0.12" + +"define-property@^0.2.5": + "version" "0.2.5" + dependencies: + "is-descriptor" "^0.1.0" + +"define-property@^1.0.0": + "version" "1.0.0" + dependencies: + "is-descriptor" "^1.0.0" + +"define-property@^2.0.2": + "version" "2.0.2" + dependencies: + "is-descriptor" "^1.0.2" + "isobject" "^3.0.1" + +"del@^6.0.0": + "version" "6.0.0" + dependencies: + "globby" "^11.0.1" + "graceful-fs" "^4.2.4" + "is-glob" "^4.0.1" + "is-path-cwd" "^2.2.0" + "is-path-inside" "^3.0.2" + "p-map" "^4.0.0" + "rimraf" "^3.0.2" + "slash" "^3.0.0" + +"delayed-stream@~1.0.0": + "version" "1.0.0" + +"delegates@^1.0.0": + "version" "1.0.0" + +"depd@^1.1.2": + "version" "1.1.2" + +"deprecation@^2.0.0", "deprecation@^2.3.1": + "version" "2.3.1" + +"detect-indent@^7.0.0": + "version" "7.0.0" + +"detect-newline@^3.0.0": + "version" "3.1.0" + +"detect-newline@^4.0.0": + "version" "4.0.0" + +"dezalgo@^1.0.0": + "version" "1.0.4" + dependencies: + "asap" "^2.0.0" + "wrappy" "1" + +"diff-sequences@^27.4.0": + "version" "27.4.0" + +"diff@^5.0.0": + "version" "5.0.0" + +"dir-glob@^3.0.0", "dir-glob@^3.0.1": + "version" "3.0.1" + dependencies: + "path-type" "^4.0.0" + +"doctrine@^2.1.0": + "version" "2.1.0" + dependencies: + "esutils" "^2.0.2" + +"doctrine@^3.0.0": + "version" "3.0.0" + dependencies: + "esutils" "^2.0.2" + +"domexception@^2.0.1": + "version" "2.0.1" + dependencies: + "webidl-conversions" "^5.0.0" + +"dot-prop@^5.1.0": + "version" "5.3.0" + dependencies: + "is-obj" "^2.0.0" + +"download@^6.2.2": + "version" "6.2.5" + dependencies: + "caw" "^2.0.0" + "content-disposition" "^0.5.2" + "decompress" "^4.0.0" + "ext-name" "^5.0.0" + "file-type" "5.2.0" + "filenamify" "^2.0.0" + "get-stream" "^3.0.0" + "got" "^7.0.0" + "make-dir" "^1.0.0" + "p-event" "^1.0.0" + "pify" "^3.0.0" + +"download@^8.0.0": + "version" "8.0.0" + dependencies: + "archive-type" "^4.0.0" + "content-disposition" "^0.5.2" + "decompress" "^4.2.1" + "ext-name" "^5.0.0" + "file-type" "^11.1.0" + "filenamify" "^3.0.0" + "get-stream" "^4.1.0" + "got" "^8.3.1" + "make-dir" "^2.1.0" + "p-event" "^2.1.0" + "pify" "^4.0.1" + +"duplexer@^0.1.1": + "version" "0.1.2" + +"duplexer2@~0.1.0": + "version" "0.1.4" + dependencies: + "readable-stream" "^2.0.2" + +"duplexer3@^0.1.4": + "version" "0.1.4" + +"electron-to-chromium@^1.4.17": + "version" "1.4.37" + +"emittery@^0.8.1": + "version" "0.8.1" + +"emoji-regex@^8.0.0": + "version" "8.0.0" + +"encoding@^0.1.13": + "version" "0.1.13" + dependencies: + "iconv-lite" "^0.6.2" + +"end-of-stream@^1.0.0", "end-of-stream@^1.1.0": + "version" "1.4.4" + dependencies: + "once" "^1.4.0" + +"enquirer@^2.3.5": + "version" "2.3.6" + dependencies: + "ansi-colors" "^4.1.1" + +"env-ci@^5.0.0": + "version" "5.5.0" + dependencies: + "execa" "^5.0.0" + "fromentries" "^1.3.2" + "java-properties" "^1.0.0" + +"env-paths@^2.2.0": + "version" "2.2.1" + +"err-code@^2.0.2": + "version" "2.0.3" + +"error-ex@^1.3.1": + "version" "1.3.2" + dependencies: + "is-arrayish" "^0.2.1" + +"es-abstract@^1.19.0", "es-abstract@^1.19.1": + "version" "1.19.1" + dependencies: + "call-bind" "^1.0.2" + "es-to-primitive" "^1.2.1" + "function-bind" "^1.1.1" + "get-intrinsic" "^1.1.1" + "get-symbol-description" "^1.0.0" + "has" "^1.0.3" + "has-symbols" "^1.0.2" + "internal-slot" "^1.0.3" + "is-callable" "^1.2.4" + "is-negative-zero" "^2.0.1" + "is-regex" "^1.1.4" + "is-shared-array-buffer" "^1.0.1" + "is-string" "^1.0.7" + "is-weakref" "^1.0.1" + "object-inspect" "^1.11.0" + "object-keys" "^1.1.1" + "object.assign" "^4.1.2" + "string.prototype.trimend" "^1.0.4" + "string.prototype.trimstart" "^1.0.4" + "unbox-primitive" "^1.0.1" + +"es-to-primitive@^1.2.1": + "version" "1.2.1" + dependencies: + "is-callable" "^1.1.4" + "is-date-object" "^1.0.1" + "is-symbol" "^1.0.2" + +"escalade@^3.1.1": + "version" "3.1.1" + +"escape-string-regexp@^1.0.2", "escape-string-regexp@^1.0.5": + "version" "1.0.5" + +"escape-string-regexp@^2.0.0": + "version" "2.0.0" + +"escape-string-regexp@^4.0.0": + "version" "4.0.0" + +"escodegen@^1.8.1": + "version" "1.14.3" + dependencies: + "esprima" "^4.0.1" + "estraverse" "^4.2.0" + "esutils" "^2.0.2" + "optionator" "^0.8.1" + optionalDependencies: + "source-map" "~0.6.1" + +"escodegen@^2.0.0": + "version" "2.0.0" + dependencies: + "esprima" "^4.0.1" + "estraverse" "^5.2.0" + "esutils" "^2.0.2" + "optionator" "^0.8.1" + optionalDependencies: + "source-map" "~0.6.1" + +"eslint-config-airbnb-base@14.2.1": + "version" "14.2.1" + dependencies: + "confusing-browser-globals" "^1.0.10" + "object.assign" "^4.1.2" + "object.entries" "^1.1.2" + +"eslint-config-prettier@^6.11.0": + "version" "6.15.0" + dependencies: + "get-stdin" "^6.0.0" + +"eslint-import-resolver-node@^0.3.6": + "version" "0.3.6" + dependencies: + "debug" "^3.2.7" + "resolve" "^1.20.0" + +"eslint-module-utils@^2.7.2": + "version" "2.7.2" + dependencies: + "debug" "^3.2.7" + "find-up" "^2.1.0" + +"eslint-plugin-import@^2.22.1": + "version" "2.25.4" + dependencies: + "array-includes" "^3.1.4" + "array.prototype.flat" "^1.2.5" + "debug" "^2.6.9" + "doctrine" "^2.1.0" + "eslint-import-resolver-node" "^0.3.6" + "eslint-module-utils" "^2.7.2" + "has" "^1.0.3" + "is-core-module" "^2.8.0" + "is-glob" "^4.0.3" + "minimatch" "^3.0.4" + "object.values" "^1.1.5" + "resolve" "^1.20.0" + "tsconfig-paths" "^3.12.0" + +"eslint-plugin-prettier@^3.4.0": + "version" "3.4.1" + dependencies: + "prettier-linter-helpers" "^1.0.0" + +"eslint-scope@^5.1.1": + "version" "5.1.1" + dependencies: + "esrecurse" "^4.3.0" + "estraverse" "^4.1.1" + +"eslint-utils@^2.1.0": + "version" "2.1.0" + dependencies: + "eslint-visitor-keys" "^1.1.0" + +"eslint-utils@^3.0.0": + "version" "3.0.0" + dependencies: + "eslint-visitor-keys" "^2.0.0" + +"eslint-visitor-keys@^1.1.0": + "version" "1.3.0" + +"eslint-visitor-keys@^1.3.0": + "version" "1.3.0" + +"eslint-visitor-keys@^2.0.0": + "version" "2.1.0" + +"eslint@*", "eslint@^2 || ^3 || ^4 || ^5 || ^6 || ^7.2.0 || ^8", "eslint@^5.0.0 || ^6.0.0 || ^7.0.0", "eslint@^5.16.0 || ^6.8.0 || ^7.2.0", "eslint@^7.2.0", "eslint@^7.25.0", "eslint@>=3.14.1", "eslint@>=5", "eslint@>=5.0.0": + "version" "7.32.0" + dependencies: + "@babel/code-frame" "7.12.11" + "@eslint/eslintrc" "^0.4.3" + "@humanwhocodes/config-array" "^0.5.0" + "ajv" "^6.10.0" + "chalk" "^4.0.0" + "cross-spawn" "^7.0.2" + "debug" "^4.0.1" + "doctrine" "^3.0.0" + "enquirer" "^2.3.5" + "escape-string-regexp" "^4.0.0" + "eslint-scope" "^5.1.1" + "eslint-utils" "^2.1.0" + "eslint-visitor-keys" "^2.0.0" + "espree" "^7.3.1" + "esquery" "^1.4.0" + "esutils" "^2.0.2" + "fast-deep-equal" "^3.1.3" + "file-entry-cache" "^6.0.1" + "functional-red-black-tree" "^1.0.1" + "glob-parent" "^5.1.2" + "globals" "^13.6.0" + "ignore" "^4.0.6" + "import-fresh" "^3.0.0" + "imurmurhash" "^0.1.4" + "is-glob" "^4.0.0" + "js-yaml" "^3.13.1" + "json-stable-stringify-without-jsonify" "^1.0.1" + "levn" "^0.4.1" + "lodash.merge" "^4.6.2" + "minimatch" "^3.0.4" + "natural-compare" "^1.4.0" + "optionator" "^0.9.1" + "progress" "^2.0.0" + "regexpp" "^3.1.0" + "semver" "^7.2.1" + "strip-ansi" "^6.0.0" + "strip-json-comments" "^3.1.0" + "table" "^6.0.9" + "text-table" "^0.2.0" + "v8-compile-cache" "^2.0.3" + +"espree@^7.3.0", "espree@^7.3.1": + "version" "7.3.1" + dependencies: + "acorn" "^7.4.0" + "acorn-jsx" "^5.3.1" + "eslint-visitor-keys" "^1.3.0" + +"esprima@^4.0.0", "esprima@^4.0.1", "esprima@~4.0.0": + "version" "4.0.1" + +"esprima@1.2.2": + "version" "1.2.2" + +"esquery@^1.4.0": + "version" "1.4.0" + dependencies: + "estraverse" "^5.1.0" + +"esrecurse@^4.3.0": + "version" "4.3.0" + dependencies: + "estraverse" "^5.2.0" + +"estraverse@^4.1.1": + "version" "4.3.0" + +"estraverse@^4.2.0": + "version" "4.3.0" + +"estraverse@^5.1.0", "estraverse@^5.2.0": + "version" "5.3.0" + +"esutils@^2.0.2": + "version" "2.0.3" + +"execa@^0.7.0": + "version" "0.7.0" + dependencies: + "cross-spawn" "^5.0.1" + "get-stream" "^3.0.0" + "is-stream" "^1.1.0" + "npm-run-path" "^2.0.0" + "p-finally" "^1.0.0" + "signal-exit" "^3.0.0" + "strip-eof" "^1.0.0" + +"execa@^5.0.0": + "version" "5.1.1" + dependencies: + "cross-spawn" "^7.0.3" + "get-stream" "^6.0.0" + "human-signals" "^2.1.0" + "is-stream" "^2.0.0" + "merge-stream" "^2.0.0" + "npm-run-path" "^4.0.1" + "onetime" "^5.1.2" + "signal-exit" "^3.0.3" + "strip-final-newline" "^2.0.0" + +"execa@^6.1.0": + "version" "6.1.0" + dependencies: + "cross-spawn" "^7.0.3" + "get-stream" "^6.0.1" + "human-signals" "^3.0.1" + "is-stream" "^3.0.0" + "merge-stream" "^2.0.0" + "npm-run-path" "^5.1.0" + "onetime" "^6.0.0" + "signal-exit" "^3.0.7" + "strip-final-newline" "^3.0.0" + +"exit@^0.1.2": + "version" "0.1.2" + +"expand-brackets@^0.1.4": + "version" "0.1.5" + dependencies: + "is-posix-bracket" "^0.1.0" + +"expand-brackets@^2.1.4": + "version" "2.1.4" + dependencies: + "debug" "^2.3.3" + "define-property" "^0.2.5" + "extend-shallow" "^2.0.1" + "posix-character-classes" "^0.1.0" + "regex-not" "^1.0.0" + "snapdragon" "^0.8.1" + "to-regex" "^3.0.1" + +"expand-range@^1.8.1": + "version" "1.8.2" + dependencies: + "fill-range" "^2.1.0" + +"expect@^27.4.6": + "version" "27.4.6" + dependencies: + "@jest/types" "^27.4.2" + "jest-get-type" "^27.4.0" + "jest-matcher-utils" "^27.4.6" + "jest-message-util" "^27.4.6" + +"ext-list@^2.0.0": + "version" "2.2.2" + dependencies: + "mime-db" "^1.28.0" + +"ext-name@^5.0.0": + "version" "5.0.0" + dependencies: + "ext-list" "^2.0.0" + "sort-keys-length" "^1.0.0" + +"extend-shallow@^2.0.1": + "version" "2.0.1" + dependencies: + "is-extendable" "^0.1.0" + +"extend-shallow@^3.0.0": + "version" "3.0.2" + dependencies: + "assign-symbols" "^1.0.0" + "is-extendable" "^1.0.1" + +"extend-shallow@^3.0.2": + "version" "3.0.2" + dependencies: + "assign-symbols" "^1.0.0" + "is-extendable" "^1.0.1" + +"external-editor@^3.0.3": + "version" "3.1.0" + dependencies: + "chardet" "^0.7.0" + "iconv-lite" "^0.4.24" + "tmp" "^0.0.33" + +"extglob@^0.3.1": + "version" "0.3.2" + dependencies: + "is-extglob" "^1.0.0" + +"extglob@^2.0.4": + "version" "2.0.4" + dependencies: + "array-unique" "^0.3.2" + "define-property" "^1.0.0" + "expand-brackets" "^2.1.4" + "extend-shallow" "^2.0.1" + "fragment-cache" "^0.2.1" + "regex-not" "^1.0.0" + "snapdragon" "^0.8.1" + "to-regex" "^3.0.1" + +"fast-deep-equal@^3.1.1", "fast-deep-equal@^3.1.3": + "version" "3.1.3" + +"fast-diff@^1.1.2": + "version" "1.2.0" + +"fast-glob@^3.1.1", "fast-glob@^3.2.11", "fast-glob@^3.2.7": + "version" "3.2.11" + dependencies: + "@nodelib/fs.stat" "^2.0.2" + "@nodelib/fs.walk" "^1.2.3" + "glob-parent" "^5.1.2" + "merge2" "^1.3.0" + "micromatch" "^4.0.4" + +"fast-json-stable-stringify@^2.0.0", "fast-json-stable-stringify@2.x": + "version" "2.1.0" + +"fast-levenshtein@^2.0.6", "fast-levenshtein@~2.0.6": + "version" "2.0.6" + +"fastest-levenshtein@^1.0.12": + "version" "1.0.12" + +"fastq@^1.6.0": + "version" "1.13.0" + dependencies: + "reusify" "^1.0.4" + +"fb-watchman@^2.0.0": + "version" "2.0.1" + dependencies: + "bser" "2.1.1" + +"fd-slicer@~1.1.0": + "version" "1.1.0" + dependencies: + "pend" "~1.2.0" + +"figures@^2.0.0": + "version" "2.0.0" + dependencies: + "escape-string-regexp" "^1.0.5" + +"figures@^3.0.0": + "version" "3.2.0" + dependencies: + "escape-string-regexp" "^1.0.5" + +"file-entry-cache@^6.0.1": + "version" "6.0.1" + dependencies: + "flat-cache" "^3.0.4" + +"file-type@^11.1.0": + "version" "11.1.0" + +"file-type@^3.8.0": + "version" "3.9.0" + +"file-type@^4.2.0": + "version" "4.4.0" + +"file-type@^5.2.0", "file-type@5.2.0": + "version" "5.2.0" + +"file-type@^6.1.0": + "version" "6.2.0" + +"file-uri-to-path@1.0.0": + "version" "1.0.0" + +"filename-regex@^2.0.0": + "version" "2.0.1" + +"filename-reserved-regex@^2.0.0": + "version" "2.0.0" + +"filenamify@^2.0.0": + "version" "2.1.0" + dependencies: + "filename-reserved-regex" "^2.0.0" + "strip-outer" "^1.0.0" + "trim-repeated" "^1.0.0" + +"filenamify@^3.0.0": + "version" "3.0.0" + dependencies: + "filename-reserved-regex" "^2.0.0" + "strip-outer" "^1.0.0" + "trim-repeated" "^1.0.0" + +"fill-range@^2.1.0": + "version" "2.2.4" + dependencies: + "is-number" "^2.1.0" + "isobject" "^2.0.0" + "randomatic" "^3.0.0" + "repeat-element" "^1.1.2" + "repeat-string" "^1.5.2" + +"fill-range@^4.0.0": + "version" "4.0.0" + dependencies: + "extend-shallow" "^2.0.1" + "is-number" "^3.0.0" + "repeat-string" "^1.6.1" + "to-regex-range" "^2.1.0" + +"fill-range@^7.0.1": + "version" "7.0.1" + dependencies: + "to-regex-range" "^5.0.1" + +"find-index@^0.1.1": + "version" "0.1.1" + +"find-up@^2.0.0": + "version" "2.1.0" + dependencies: + "locate-path" "^2.0.0" + +"find-up@^2.1.0": + "version" "2.1.0" + dependencies: + "locate-path" "^2.0.0" + +"find-up@^4.0.0", "find-up@^4.1.0": + "version" "4.1.0" + dependencies: + "locate-path" "^5.0.0" + "path-exists" "^4.0.0" + +"find-up@^5.0.0": + "version" "5.0.0" + dependencies: + "locate-path" "^6.0.0" + "path-exists" "^4.0.0" + +"find-versions@^4.0.0": + "version" "4.0.0" + dependencies: + "semver-regex" "^3.1.2" + +"flat-cache@^3.0.4": + "version" "3.0.4" + dependencies: + "flatted" "^3.1.0" + "rimraf" "^3.0.2" + +"flatted@^3.1.0": + "version" "3.2.4" + +"for-in@^1.0.1", "for-in@^1.0.2": + "version" "1.0.2" + +"for-own@^0.1.4": + "version" "0.1.5" + dependencies: + "for-in" "^1.0.1" + +"form-data@^3.0.0": + "version" "3.0.1" + dependencies: + "asynckit" "^0.4.0" + "combined-stream" "^1.0.8" + "mime-types" "^2.1.12" + +"fragment-cache@^0.2.1": + "version" "0.2.1" + dependencies: + "map-cache" "^0.2.2" + +"from2@^2.1.1", "from2@^2.3.0": + "version" "2.3.0" + dependencies: + "inherits" "^2.0.1" + "readable-stream" "^2.0.0" + +"fromentries@^1.3.2": + "version" "1.3.2" + +"fs-constants@^1.0.0": + "version" "1.0.0" + +"fs-extra@^10.0.0": + "version" "10.0.1" + dependencies: + "graceful-fs" "^4.2.0" + "jsonfile" "^6.0.1" + "universalify" "^2.0.0" + +"fs-extra@^8.1.0": + "version" "8.1.0" + dependencies: + "graceful-fs" "^4.2.0" + "jsonfile" "^4.0.0" + "universalify" "^0.1.0" + +"fs-extra@^9.0.0": + "version" "9.1.0" + dependencies: + "at-least-node" "^1.0.0" + "graceful-fs" "^4.2.0" + "jsonfile" "^6.0.1" + "universalify" "^2.0.0" + +"fs-minipass@^2.0.0", "fs-minipass@^2.1.0": + "version" "2.1.0" + dependencies: + "minipass" "^3.0.0" + +"fs.realpath@^1.0.0": + "version" "1.0.0" + +"fsevents@^1.0.0": + "version" "1.2.13" + dependencies: + "bindings" "^1.5.0" + "nan" "^2.12.1" + +"fsevents@^2.3.2": + "version" "2.3.2" + +"function-bind@^1.1.1": + "version" "1.1.1" + +"functional-red-black-tree@^1.0.1": + "version" "1.0.1" + +"gauge@^4.0.3": + "version" "4.0.4" + dependencies: + "aproba" "^1.0.3 || ^2.0.0" + "color-support" "^1.1.3" + "console-control-strings" "^1.1.0" + "has-unicode" "^2.0.1" + "signal-exit" "^3.0.7" + "string-width" "^4.2.3" + "strip-ansi" "^6.0.1" + "wide-align" "^1.1.5" + +"gensync@^1.0.0-beta.2": + "version" "1.0.0-beta.2" + +"get-caller-file@^2.0.5": + "version" "2.0.5" + +"get-intrinsic@^1.0.2", "get-intrinsic@^1.1.0", "get-intrinsic@^1.1.1": + "version" "1.1.1" + dependencies: + "function-bind" "^1.1.1" + "has" "^1.0.3" + "has-symbols" "^1.0.1" + +"get-package-type@^0.1.0": + "version" "0.1.0" + +"get-proxy@^2.0.0": + "version" "2.1.0" + dependencies: + "npm-conf" "^1.1.0" + +"get-stdin@^6.0.0": + "version" "6.0.0" + +"get-stream@^2.2.0": + "version" "2.3.1" + dependencies: + "object-assign" "^4.0.1" + "pinkie-promise" "^2.0.0" + +"get-stream@^3.0.0": + "version" "3.0.0" + +"get-stream@^4.1.0": + "version" "4.1.0" + dependencies: + "pump" "^3.0.0" + +"get-stream@^6.0.0", "get-stream@^6.0.1": + "version" "6.0.1" + +"get-stream@3.0.0": + "version" "3.0.0" + +"get-symbol-description@^1.0.0": + "version" "1.0.0" + dependencies: + "call-bind" "^1.0.2" + "get-intrinsic" "^1.1.1" + +"get-value@^2.0.3", "get-value@^2.0.6": + "version" "2.0.6" + +"git-log-parser@^1.2.0": + "version" "1.2.0" + dependencies: + "argv-formatter" "~1.0.0" + "spawn-error-forwarder" "~1.0.0" + "split2" "~1.0.0" + "stream-combiner2" "~1.1.1" + "through2" "~2.0.0" + "traverse" "~0.6.6" + +"glob-base@^0.3.0": + "version" "0.3.0" + dependencies: + "glob-parent" "^2.0.0" + "is-glob" "^2.0.0" + +"glob-parent@^2.0.0": + "version" "2.0.0" + dependencies: + "is-glob" "^2.0.0" + +"glob-parent@^5.1.2": + "version" "5.1.2" + dependencies: + "is-glob" "^4.0.1" + +"glob@^7.0.0", "glob@^7.0.5", "glob@^7.1.1", "glob@^7.1.2", "glob@^7.1.3", "glob@^7.1.4", "glob@^7.2.0": + "version" "7.2.0" + dependencies: + "fs.realpath" "^1.0.0" + "inflight" "^1.0.4" + "inherits" "2" + "minimatch" "^3.0.4" + "once" "^1.3.0" + "path-is-absolute" "^1.0.0" + +"glob@^8.0.1": + "version" "8.0.1" + dependencies: + "fs.realpath" "^1.0.0" + "inflight" "^1.0.4" + "inherits" "2" + "minimatch" "^5.0.1" + "once" "^1.3.0" + "path-is-absolute" "^1.0.0" + +"glob2base@^0.0.12": + "version" "0.0.12" + dependencies: + "find-index" "^0.1.1" + +"globals@^11.1.0": + "version" "11.12.0" + +"globals@^13.6.0", "globals@^13.9.0": + "version" "13.12.0" + dependencies: + "type-fest" "^0.20.2" + +"globby@^11.0.0", "globby@^11.0.1", "globby@^11.0.3", "globby@11.0.4": + "version" "11.0.4" + dependencies: + "array-union" "^2.1.0" + "dir-glob" "^3.0.1" + "fast-glob" "^3.1.1" + "ignore" "^5.1.4" + "merge2" "^1.3.0" + "slash" "^3.0.0" + +"globby@13.1.1": + "version" "13.1.1" + dependencies: + "dir-glob" "^3.0.1" + "fast-glob" "^3.2.11" + "ignore" "^5.2.0" + "merge2" "^1.4.1" + "slash" "^4.0.0" + +"got@^7.0.0": + "version" "7.1.0" + dependencies: + "decompress-response" "^3.2.0" + "duplexer3" "^0.1.4" + "get-stream" "^3.0.0" + "is-plain-obj" "^1.1.0" + "is-retry-allowed" "^1.0.0" + "is-stream" "^1.0.0" + "isurl" "^1.0.0-alpha5" + "lowercase-keys" "^1.0.0" + "p-cancelable" "^0.3.0" + "p-timeout" "^1.1.1" + "safe-buffer" "^5.0.1" + "timed-out" "^4.0.0" + "url-parse-lax" "^1.0.0" + "url-to-options" "^1.0.1" + +"got@^8.3.1": + "version" "8.3.2" + dependencies: + "@sindresorhus/is" "^0.7.0" + "cacheable-request" "^2.1.1" + "decompress-response" "^3.3.0" + "duplexer3" "^0.1.4" + "get-stream" "^3.0.0" + "into-stream" "^3.1.0" + "is-retry-allowed" "^1.1.0" + "isurl" "^1.0.0-alpha5" + "lowercase-keys" "^1.0.0" + "mimic-response" "^1.0.0" + "p-cancelable" "^0.4.0" + "p-timeout" "^2.0.1" + "pify" "^3.0.0" + "safe-buffer" "^5.1.1" + "timed-out" "^4.0.1" + "url-parse-lax" "^3.0.0" + "url-to-options" "^1.0.1" + +"graceful-fs@^4.1.10", "graceful-fs@^4.1.11", "graceful-fs@^4.1.2", "graceful-fs@^4.1.5", "graceful-fs@^4.1.6", "graceful-fs@^4.2.0", "graceful-fs@^4.2.4", "graceful-fs@^4.2.6", "graceful-fs@^4.2.9": + "version" "4.2.9" + +"graceful-fs@^4.2.10": + "version" "4.2.10" + +"graphql@^14.0.0 || ^15.0.0 || ^16.0.0", "graphql@^16.2.0": + "version" "16.2.0" + +"handlebars@^4.7.7": + "version" "4.7.7" + dependencies: + "minimist" "^1.2.5" + "neo-async" "^2.6.0" + "source-map" "^0.6.1" + "wordwrap" "^1.0.0" + optionalDependencies: + "uglify-js" "^3.1.4" + +"hard-rejection@^2.1.0": + "version" "2.1.0" + +"has-bigints@^1.0.1": + "version" "1.0.1" + +"has-flag@^3.0.0": + "integrity" "sha1-tdRU3CGZriJWmfNGfloH87lVuv0=" + "resolved" "https://registry.npmjs.org/has-flag/-/has-flag-3.0.0.tgz" + "version" "3.0.0" + +"has-flag@^4.0.0": + "version" "4.0.0" + +"has-symbol-support-x@^1.4.1": + "version" "1.4.2" + +"has-symbols@^1.0.1", "has-symbols@^1.0.2": + "version" "1.0.2" + +"has-to-string-tag-x@^1.2.0": + "version" "1.4.1" + dependencies: + "has-symbol-support-x" "^1.4.1" + +"has-tostringtag@^1.0.0": + "version" "1.0.0" + dependencies: + "has-symbols" "^1.0.2" + +"has-unicode@^2.0.1": + "version" "2.0.1" + +"has-value@^0.3.1": + "version" "0.3.1" + dependencies: + "get-value" "^2.0.3" + "has-values" "^0.1.4" + "isobject" "^2.0.0" + +"has-value@^1.0.0": + "version" "1.0.0" + dependencies: + "get-value" "^2.0.6" + "has-values" "^1.0.0" + "isobject" "^3.0.0" + +"has-values@^0.1.4": + "version" "0.1.4" + +"has-values@^1.0.0": + "version" "1.0.0" + dependencies: + "is-number" "^3.0.0" + "kind-of" "^4.0.0" + +"has@^1.0.3": + "version" "1.0.3" + dependencies: + "function-bind" "^1.1.1" + +"hook-std@^2.0.0": + "version" "2.0.0" + +"hosted-git-info@^2.1.4": + "version" "2.8.9" + +"hosted-git-info@^4.0.0": + "version" "4.1.0" + dependencies: + "lru-cache" "^6.0.0" + +"hosted-git-info@^4.0.1": + "version" "4.1.0" + dependencies: + "lru-cache" "^6.0.0" + +"hosted-git-info@^5.0.0": + "version" "5.0.0" + dependencies: + "lru-cache" "^7.5.1" + +"html-encoding-sniffer@^2.0.1": + "version" "2.0.1" + dependencies: + "whatwg-encoding" "^1.0.5" + +"html-escaper@^2.0.0": + "version" "2.0.2" + +"http-cache-semantics@^4.1.0": + "version" "4.1.0" + +"http-cache-semantics@3.8.1": + "version" "3.8.1" + +"http-proxy-agent@^4.0.1": + "version" "4.0.1" + dependencies: + "@tootallnate/once" "1" + "agent-base" "6" + "debug" "4" + +"http-proxy-agent@^5.0.0": + "version" "5.0.0" + dependencies: + "@tootallnate/once" "2" + "agent-base" "6" + "debug" "4" + +"https-proxy-agent@^5.0.0": + "version" "5.0.0" + dependencies: + "agent-base" "6" + "debug" "4" + +"human-signals@^2.1.0": + "version" "2.1.0" + +"human-signals@^3.0.1": + "version" "3.0.1" + +"humanize-ms@^1.2.1": + "version" "1.2.1" + dependencies: + "ms" "^2.0.0" + +"iconv-lite@^0.4.24", "iconv-lite@0.4.24": + "version" "0.4.24" + dependencies: + "safer-buffer" ">= 2.1.2 < 3" + +"iconv-lite@^0.6.2": + "version" "0.6.3" + dependencies: + "safer-buffer" ">= 2.1.2 < 3.0.0" + +"ieee754@^1.1.13": + "version" "1.2.1" + +"ignore-walk@^5.0.1": + "version" "5.0.1" + dependencies: + "minimatch" "^5.0.1" + +"ignore@^4.0.6": + "version" "4.0.6" + +"ignore@^5.1.4", "ignore@^5.1.8", "ignore@^5.2.0": + "version" "5.2.0" + +"import-fresh@^3.0.0", "import-fresh@^3.2.1": + "version" "3.3.0" + dependencies: + "parent-module" "^1.0.0" + "resolve-from" "^4.0.0" + +"import-from@^4.0.0": + "version" "4.0.0" + +"import-local@^3.0.2": + "version" "3.1.0" + dependencies: + "pkg-dir" "^4.2.0" + "resolve-cwd" "^3.0.0" + +"imurmurhash@^0.1.4": + "version" "0.1.4" + +"indent-string@^4.0.0": + "version" "4.0.0" + +"indent-string@^5.0.0": + "version" "5.0.0" + +"infer-owner@^1.0.4": + "version" "1.0.4" + +"inflight@^1.0.4": + "version" "1.0.6" + dependencies: + "once" "^1.3.0" + "wrappy" "1" + +"inherits@^2.0.1", "inherits@^2.0.3", "inherits@^2.0.4", "inherits@~2.0.3", "inherits@2": + "version" "2.0.4" + +"ini@^1.3.4": + "version" "1.3.8" + +"ini@^2.0.0": + "version" "2.0.0" + +"ini@^3.0.0": + "version" "3.0.0" + +"ini@~1.3.0": + "version" "1.3.8" + +"init-package-json@^3.0.1", "init-package-json@^3.0.2": + "version" "3.0.2" + dependencies: + "npm-package-arg" "^9.0.1" + "promzard" "^0.3.0" + "read" "^1.0.7" + "read-package-json" "^5.0.0" + "semver" "^7.3.5" + "validate-npm-package-license" "^3.0.4" + "validate-npm-package-name" "^4.0.0" + +"inquirer@^8.1.2": + "version" "8.2.0" + dependencies: + "ansi-escapes" "^4.2.1" + "chalk" "^4.1.1" + "cli-cursor" "^3.1.0" + "cli-width" "^3.0.0" + "external-editor" "^3.0.3" + "figures" "^3.0.0" + "lodash" "^4.17.21" + "mute-stream" "0.0.8" + "ora" "^5.4.1" + "run-async" "^2.4.0" + "rxjs" "^7.2.0" + "string-width" "^4.1.0" + "strip-ansi" "^6.0.0" + "through" "^2.3.6" + +"internal-slot@^1.0.3": + "version" "1.0.3" + dependencies: + "get-intrinsic" "^1.1.0" + "has" "^1.0.3" + "side-channel" "^1.0.4" + +"interpret@^1.0.0": + "version" "1.4.0" + +"into-stream@^3.1.0": + "version" "3.1.0" + dependencies: + "from2" "^2.1.1" + "p-is-promise" "^1.1.0" + +"into-stream@^6.0.0": + "version" "6.0.0" + dependencies: + "from2" "^2.3.0" + "p-is-promise" "^3.0.0" + +"ip-regex@^4.1.0": + "version" "4.3.0" + +"ip@^1.1.5": + "version" "1.1.5" + +"is-accessor-descriptor@^0.1.6": + "version" "0.1.6" + dependencies: + "kind-of" "^3.0.2" + +"is-accessor-descriptor@^1.0.0": + "version" "1.0.0" + dependencies: + "kind-of" "^6.0.0" + +"is-arrayish@^0.2.1": + "version" "0.2.1" + +"is-bigint@^1.0.1": + "version" "1.0.4" + dependencies: + "has-bigints" "^1.0.1" + +"is-binary-path@^1.0.0": + "version" "1.0.1" + dependencies: + "binary-extensions" "^1.0.0" + +"is-boolean-object@^1.1.0": + "version" "1.1.2" + dependencies: + "call-bind" "^1.0.2" + "has-tostringtag" "^1.0.0" + +"is-buffer@^1.1.5": + "version" "1.1.6" + +"is-callable@^1.1.4", "is-callable@^1.2.4": + "version" "1.2.4" + +"is-cidr@^4.0.2": + "version" "4.0.2" + dependencies: + "cidr-regex" "^3.1.1" + +"is-core-module@^2.5.0", "is-core-module@^2.8.0": + "version" "2.8.1" + dependencies: + "has" "^1.0.3" + +"is-core-module@^2.8.1": + "version" "2.9.0" + dependencies: + "has" "^1.0.3" + +"is-data-descriptor@^0.1.4": + "version" "0.1.4" + dependencies: + "kind-of" "^3.0.2" + +"is-data-descriptor@^1.0.0": + "version" "1.0.0" + dependencies: + "kind-of" "^6.0.0" + +"is-date-object@^1.0.1": + "version" "1.0.5" + dependencies: + "has-tostringtag" "^1.0.0" + +"is-descriptor@^0.1.0": + "version" "0.1.6" + dependencies: + "is-accessor-descriptor" "^0.1.6" + "is-data-descriptor" "^0.1.4" + "kind-of" "^5.0.0" + +"is-descriptor@^1.0.0", "is-descriptor@^1.0.2": + "version" "1.0.2" + dependencies: + "is-accessor-descriptor" "^1.0.0" + "is-data-descriptor" "^1.0.0" + "kind-of" "^6.0.2" + +"is-dotfile@^1.0.0": + "version" "1.0.3" + +"is-equal-shallow@^0.1.3": + "version" "0.1.3" + dependencies: + "is-primitive" "^2.0.0" + +"is-extendable@^0.1.0", "is-extendable@^0.1.1": + "version" "0.1.1" + +"is-extendable@^1.0.1": + "version" "1.0.1" + dependencies: + "is-plain-object" "^2.0.4" + +"is-extglob@^1.0.0": + "version" "1.0.0" + +"is-extglob@^2.1.1": + "version" "2.1.1" + +"is-fullwidth-code-point@^3.0.0": + "version" "3.0.0" + +"is-generator-fn@^2.0.0": + "version" "2.1.0" + +"is-glob@^2.0.0", "is-glob@^2.0.1": + "version" "2.0.1" + dependencies: + "is-extglob" "^1.0.0" + +"is-glob@^4.0.0": + "version" "4.0.3" + dependencies: + "is-extglob" "^2.1.1" + +"is-glob@^4.0.1": + "version" "4.0.3" + dependencies: + "is-extglob" "^2.1.1" + +"is-glob@^4.0.3": + "version" "4.0.3" + dependencies: + "is-extglob" "^2.1.1" + +"is-interactive@^1.0.0": + "version" "1.0.0" + +"is-invalid-path@^0.1.0": + "version" "0.1.0" + dependencies: + "is-glob" "^2.0.0" + +"is-lambda@^1.0.1": + "version" "1.0.1" + +"is-natural-number@^4.0.1": + "version" "4.0.1" + +"is-negative-zero@^2.0.1": + "version" "2.0.2" + +"is-number-object@^1.0.4": + "version" "1.0.6" + dependencies: + "has-tostringtag" "^1.0.0" + +"is-number@^2.1.0": + "version" "2.1.0" + dependencies: + "kind-of" "^3.0.2" + +"is-number@^3.0.0": + "version" "3.0.0" + dependencies: + "kind-of" "^3.0.2" + +"is-number@^4.0.0": + "version" "4.0.0" + +"is-number@^7.0.0": + "version" "7.0.0" + +"is-obj@^2.0.0": + "version" "2.0.0" + +"is-object@^1.0.1": + "version" "1.0.2" + +"is-path-cwd@^2.2.0": + "version" "2.2.0" + +"is-path-inside@^3.0.2": + "version" "3.0.3" + +"is-plain-obj@^1.0.0", "is-plain-obj@^1.1.0": + "version" "1.1.0" + +"is-plain-object@^2.0.3": + "version" "2.0.4" + dependencies: + "isobject" "^3.0.1" + +"is-plain-object@^2.0.4": + "version" "2.0.4" + dependencies: + "isobject" "^3.0.1" + +"is-plain-object@^5.0.0": + "version" "5.0.0" + +"is-posix-bracket@^0.1.0": + "version" "0.1.1" + +"is-potential-custom-element-name@^1.0.1": + "version" "1.0.1" + +"is-primitive@^2.0.0": + "version" "2.0.0" + +"is-regex@^1.1.4": + "version" "1.1.4" + dependencies: + "call-bind" "^1.0.2" + "has-tostringtag" "^1.0.0" + +"is-retry-allowed@^1.0.0", "is-retry-allowed@^1.1.0": + "version" "1.2.0" + +"is-shared-array-buffer@^1.0.1": + "version" "1.0.1" + +"is-stream@^1.0.0", "is-stream@^1.1.0": + "version" "1.1.0" + +"is-stream@^2.0.0": + "version" "2.0.1" + +"is-stream@^3.0.0": + "version" "3.0.0" + +"is-string@^1.0.5", "is-string@^1.0.7": + "version" "1.0.7" + dependencies: + "has-tostringtag" "^1.0.0" + +"is-symbol@^1.0.2", "is-symbol@^1.0.3": + "version" "1.0.4" + dependencies: + "has-symbols" "^1.0.2" + +"is-text-path@^1.0.1": + "version" "1.0.1" + dependencies: + "text-extensions" "^1.0.0" + +"is-typedarray@^1.0.0": + "version" "1.0.0" + +"is-unicode-supported@^0.1.0": + "version" "0.1.0" + +"is-valid-path@^0.1.1": + "version" "0.1.1" + dependencies: + "is-invalid-path" "^0.1.0" + +"is-weakref@^1.0.1": + "version" "1.0.2" + dependencies: + "call-bind" "^1.0.2" + +"is-windows@^1.0.2": + "version" "1.0.2" + +"isarray@~1.0.0", "isarray@1.0.0": + "version" "1.0.0" + +"isexe@^2.0.0": + "version" "2.0.0" + +"isobject@^2.0.0": + "version" "2.1.0" + dependencies: + "isarray" "1.0.0" + +"isobject@^3.0.0", "isobject@^3.0.1": + "version" "3.0.1" + +"issue-parser@^6.0.0": + "version" "6.0.0" + dependencies: + "lodash.capitalize" "^4.2.1" + "lodash.escaperegexp" "^4.1.2" + "lodash.isplainobject" "^4.0.6" + "lodash.isstring" "^4.0.1" + "lodash.uniqby" "^4.7.0" + +"istanbul-lib-coverage@^3.0.0", "istanbul-lib-coverage@^3.2.0": + "version" "3.2.0" + +"istanbul-lib-instrument@^5.0.4", "istanbul-lib-instrument@^5.1.0": + "version" "5.1.0" + dependencies: + "@babel/core" "^7.12.3" + "@babel/parser" "^7.14.7" + "@istanbuljs/schema" "^0.1.2" + "istanbul-lib-coverage" "^3.2.0" + "semver" "^6.3.0" + +"istanbul-lib-report@^3.0.0": + "version" "3.0.0" + dependencies: + "istanbul-lib-coverage" "^3.0.0" + "make-dir" "^3.0.0" + "supports-color" "^7.1.0" + +"istanbul-lib-source-maps@^4.0.0": + "version" "4.0.1" + dependencies: + "debug" "^4.1.1" + "istanbul-lib-coverage" "^3.0.0" + "source-map" "^0.6.1" + +"istanbul-reports@^3.1.3": + "version" "3.1.3" + dependencies: + "html-escaper" "^2.0.0" + "istanbul-lib-report" "^3.0.0" + +"isurl@^1.0.0-alpha5": + "version" "1.0.0" + dependencies: + "has-to-string-tag-x" "^1.2.0" + "is-object" "^1.0.1" + +"java-properties@^1.0.0": + "version" "1.0.2" + +"jest-changed-files@^27.4.2": + "version" "27.4.2" + dependencies: + "@jest/types" "^27.4.2" + "execa" "^5.0.0" + "throat" "^6.0.1" + +"jest-circus@^27.4.6": + "version" "27.4.6" + dependencies: + "@jest/environment" "^27.4.6" + "@jest/test-result" "^27.4.6" + "@jest/types" "^27.4.2" + "@types/node" "*" + "chalk" "^4.0.0" + "co" "^4.6.0" + "dedent" "^0.7.0" + "expect" "^27.4.6" + "is-generator-fn" "^2.0.0" + "jest-each" "^27.4.6" + "jest-matcher-utils" "^27.4.6" + "jest-message-util" "^27.4.6" + "jest-runtime" "^27.4.6" + "jest-snapshot" "^27.4.6" + "jest-util" "^27.4.2" + "pretty-format" "^27.4.6" + "slash" "^3.0.0" + "stack-utils" "^2.0.3" + "throat" "^6.0.1" + +"jest-cli@^27.4.7": + "version" "27.4.7" + dependencies: + "@jest/core" "^27.4.7" + "@jest/test-result" "^27.4.6" + "@jest/types" "^27.4.2" + "chalk" "^4.0.0" + "exit" "^0.1.2" + "graceful-fs" "^4.2.4" + "import-local" "^3.0.2" + "jest-config" "^27.4.7" + "jest-util" "^27.4.2" + "jest-validate" "^27.4.6" + "prompts" "^2.0.1" + "yargs" "^16.2.0" + +"jest-config@^27.4.7": + "version" "27.4.7" + dependencies: + "@babel/core" "^7.8.0" + "@jest/test-sequencer" "^27.4.6" + "@jest/types" "^27.4.2" + "babel-jest" "^27.4.6" + "chalk" "^4.0.0" + "ci-info" "^3.2.0" + "deepmerge" "^4.2.2" + "glob" "^7.1.1" + "graceful-fs" "^4.2.4" + "jest-circus" "^27.4.6" + "jest-environment-jsdom" "^27.4.6" + "jest-environment-node" "^27.4.6" + "jest-get-type" "^27.4.0" + "jest-jasmine2" "^27.4.6" + "jest-regex-util" "^27.4.0" + "jest-resolve" "^27.4.6" + "jest-runner" "^27.4.6" + "jest-util" "^27.4.2" + "jest-validate" "^27.4.6" + "micromatch" "^4.0.4" + "pretty-format" "^27.4.6" + "slash" "^3.0.0" + +"jest-diff@^27.0.0", "jest-diff@^27.4.6": + "version" "27.4.6" + dependencies: + "chalk" "^4.0.0" + "diff-sequences" "^27.4.0" + "jest-get-type" "^27.4.0" + "pretty-format" "^27.4.6" + +"jest-docblock@^27.4.0": + "version" "27.4.0" + dependencies: + "detect-newline" "^3.0.0" + +"jest-each@^27.4.6": + "version" "27.4.6" + dependencies: + "@jest/types" "^27.4.2" + "chalk" "^4.0.0" + "jest-get-type" "^27.4.0" + "jest-util" "^27.4.2" + "pretty-format" "^27.4.6" + +"jest-environment-jsdom@^27.4.6": + "version" "27.4.6" + dependencies: + "@jest/environment" "^27.4.6" + "@jest/fake-timers" "^27.4.6" + "@jest/types" "^27.4.2" + "@types/node" "*" + "jest-mock" "^27.4.6" + "jest-util" "^27.4.2" + "jsdom" "^16.6.0" + +"jest-environment-node@^27.4.6": + "version" "27.4.6" + dependencies: + "@jest/environment" "^27.4.6" + "@jest/fake-timers" "^27.4.6" + "@jest/types" "^27.4.2" + "@types/node" "*" + "jest-mock" "^27.4.6" + "jest-util" "^27.4.2" + +"jest-get-type@^27.4.0": + "version" "27.4.0" + +"jest-haste-map@^27.4.6": + "version" "27.4.6" + dependencies: + "@jest/types" "^27.4.2" + "@types/graceful-fs" "^4.1.2" + "@types/node" "*" + "anymatch" "^3.0.3" + "fb-watchman" "^2.0.0" + "graceful-fs" "^4.2.4" + "jest-regex-util" "^27.4.0" + "jest-serializer" "^27.4.0" + "jest-util" "^27.4.2" + "jest-worker" "^27.4.6" + "micromatch" "^4.0.4" + "walker" "^1.0.7" + optionalDependencies: + "fsevents" "^2.3.2" + +"jest-jasmine2@^27.4.6": + "version" "27.4.6" + dependencies: + "@jest/environment" "^27.4.6" + "@jest/source-map" "^27.4.0" + "@jest/test-result" "^27.4.6" + "@jest/types" "^27.4.2" + "@types/node" "*" + "chalk" "^4.0.0" + "co" "^4.6.0" + "expect" "^27.4.6" + "is-generator-fn" "^2.0.0" + "jest-each" "^27.4.6" + "jest-matcher-utils" "^27.4.6" + "jest-message-util" "^27.4.6" + "jest-runtime" "^27.4.6" + "jest-snapshot" "^27.4.6" + "jest-util" "^27.4.2" + "pretty-format" "^27.4.6" + "throat" "^6.0.1" + +"jest-leak-detector@^27.4.6": + "version" "27.4.6" + dependencies: + "jest-get-type" "^27.4.0" + "pretty-format" "^27.4.6" + +"jest-matcher-utils@^27.4.6": + "version" "27.4.6" + dependencies: + "chalk" "^4.0.0" + "jest-diff" "^27.4.6" + "jest-get-type" "^27.4.0" + "pretty-format" "^27.4.6" + +"jest-message-util@^27.4.6": + "version" "27.4.6" + dependencies: + "@babel/code-frame" "^7.12.13" + "@jest/types" "^27.4.2" + "@types/stack-utils" "^2.0.0" + "chalk" "^4.0.0" + "graceful-fs" "^4.2.4" + "micromatch" "^4.0.4" + "pretty-format" "^27.4.6" + "slash" "^3.0.0" + "stack-utils" "^2.0.3" + +"jest-mock@^27.4.6": + "version" "27.4.6" + dependencies: + "@jest/types" "^27.4.2" + "@types/node" "*" + +"jest-pnp-resolver@^1.2.2": + "version" "1.2.2" + +"jest-regex-util@^27.4.0": + "version" "27.4.0" + +"jest-resolve-dependencies@^27.4.6": + "version" "27.4.6" + dependencies: + "@jest/types" "^27.4.2" + "jest-regex-util" "^27.4.0" + "jest-snapshot" "^27.4.6" + +"jest-resolve@*", "jest-resolve@^27.4.6": + "version" "27.4.6" + dependencies: + "@jest/types" "^27.4.2" + "chalk" "^4.0.0" + "graceful-fs" "^4.2.4" + "jest-haste-map" "^27.4.6" + "jest-pnp-resolver" "^1.2.2" + "jest-util" "^27.4.2" + "jest-validate" "^27.4.6" + "resolve" "^1.20.0" + "resolve.exports" "^1.1.0" + "slash" "^3.0.0" + +"jest-runner@^27.4.6": + "version" "27.4.6" + dependencies: + "@jest/console" "^27.4.6" + "@jest/environment" "^27.4.6" + "@jest/test-result" "^27.4.6" + "@jest/transform" "^27.4.6" + "@jest/types" "^27.4.2" + "@types/node" "*" + "chalk" "^4.0.0" + "emittery" "^0.8.1" + "exit" "^0.1.2" + "graceful-fs" "^4.2.4" + "jest-docblock" "^27.4.0" + "jest-environment-jsdom" "^27.4.6" + "jest-environment-node" "^27.4.6" + "jest-haste-map" "^27.4.6" + "jest-leak-detector" "^27.4.6" + "jest-message-util" "^27.4.6" + "jest-resolve" "^27.4.6" + "jest-runtime" "^27.4.6" + "jest-util" "^27.4.2" + "jest-worker" "^27.4.6" + "source-map-support" "^0.5.6" + "throat" "^6.0.1" + +"jest-runtime@^27.4.6": + "version" "27.4.6" + dependencies: + "@jest/environment" "^27.4.6" + "@jest/fake-timers" "^27.4.6" + "@jest/globals" "^27.4.6" + "@jest/source-map" "^27.4.0" + "@jest/test-result" "^27.4.6" + "@jest/transform" "^27.4.6" + "@jest/types" "^27.4.2" + "chalk" "^4.0.0" + "cjs-module-lexer" "^1.0.0" + "collect-v8-coverage" "^1.0.0" + "execa" "^5.0.0" + "glob" "^7.1.3" + "graceful-fs" "^4.2.4" + "jest-haste-map" "^27.4.6" + "jest-message-util" "^27.4.6" + "jest-mock" "^27.4.6" + "jest-regex-util" "^27.4.0" + "jest-resolve" "^27.4.6" + "jest-snapshot" "^27.4.6" + "jest-util" "^27.4.2" + "slash" "^3.0.0" + "strip-bom" "^4.0.0" + +"jest-serializer@^27.4.0": + "version" "27.4.0" + dependencies: + "@types/node" "*" + "graceful-fs" "^4.2.4" + +"jest-snapshot@^27.4.6": + "version" "27.4.6" + dependencies: + "@babel/core" "^7.7.2" + "@babel/generator" "^7.7.2" + "@babel/plugin-syntax-typescript" "^7.7.2" + "@babel/traverse" "^7.7.2" + "@babel/types" "^7.0.0" + "@jest/transform" "^27.4.6" + "@jest/types" "^27.4.2" + "@types/babel__traverse" "^7.0.4" + "@types/prettier" "^2.1.5" + "babel-preset-current-node-syntax" "^1.0.0" + "chalk" "^4.0.0" + "expect" "^27.4.6" + "graceful-fs" "^4.2.4" + "jest-diff" "^27.4.6" + "jest-get-type" "^27.4.0" + "jest-haste-map" "^27.4.6" + "jest-matcher-utils" "^27.4.6" + "jest-message-util" "^27.4.6" + "jest-util" "^27.4.2" + "natural-compare" "^1.4.0" + "pretty-format" "^27.4.6" + "semver" "^7.3.2" + +"jest-util@^27.0.0", "jest-util@^27.4.2": + "version" "27.4.2" + dependencies: + "@jest/types" "^27.4.2" + "@types/node" "*" + "chalk" "^4.0.0" + "ci-info" "^3.2.0" + "graceful-fs" "^4.2.4" + "picomatch" "^2.2.3" + +"jest-validate@^27.4.6": + "version" "27.4.6" + dependencies: + "@jest/types" "^27.4.2" + "camelcase" "^6.2.0" + "chalk" "^4.0.0" + "jest-get-type" "^27.4.0" + "leven" "^3.1.0" + "pretty-format" "^27.4.6" + +"jest-watcher@^27.4.6": + "version" "27.4.6" + dependencies: + "@jest/test-result" "^27.4.6" + "@jest/types" "^27.4.2" + "@types/node" "*" + "ansi-escapes" "^4.2.1" + "chalk" "^4.0.0" + "jest-util" "^27.4.2" + "string-length" "^4.0.1" + +"jest-worker@^27.4.6": + "version" "27.4.6" + dependencies: + "@types/node" "*" + "merge-stream" "^2.0.0" + "supports-color" "^8.0.0" + +"jest@^27.0.0", "jest@^27.0.6": + "version" "27.4.7" + dependencies: + "@jest/core" "^27.4.7" + "import-local" "^3.0.2" + "jest-cli" "^27.4.7" + +"joi@^17.4.0": + "version" "17.5.0" + dependencies: + "@hapi/hoek" "^9.0.0" + "@hapi/topo" "^5.0.0" + "@sideway/address" "^4.1.3" + "@sideway/formula" "^3.0.0" + "@sideway/pinpoint" "^2.0.0" + +"js-tokens@^4.0.0": + "version" "4.0.0" + +"js-yaml@^3.13.1", "js-yaml@^3.6.1": + "version" "3.14.1" + dependencies: + "argparse" "^1.0.7" + "esprima" "^4.0.0" + +"jsdom@^16.6.0": + "version" "16.7.0" + dependencies: + "abab" "^2.0.5" + "acorn" "^8.2.4" + "acorn-globals" "^6.0.0" + "cssom" "^0.4.4" + "cssstyle" "^2.3.0" + "data-urls" "^2.0.0" + "decimal.js" "^10.2.1" + "domexception" "^2.0.1" + "escodegen" "^2.0.0" + "form-data" "^3.0.0" + "html-encoding-sniffer" "^2.0.1" + "http-proxy-agent" "^4.0.1" + "https-proxy-agent" "^5.0.0" + "is-potential-custom-element-name" "^1.0.1" + "nwsapi" "^2.2.0" + "parse5" "6.0.1" + "saxes" "^5.0.1" + "symbol-tree" "^3.2.4" + "tough-cookie" "^4.0.0" + "w3c-hr-time" "^1.0.2" + "w3c-xmlserializer" "^2.0.0" + "webidl-conversions" "^6.1.0" + "whatwg-encoding" "^1.0.5" + "whatwg-mimetype" "^2.3.0" + "whatwg-url" "^8.5.0" + "ws" "^7.4.6" + "xml-name-validator" "^3.0.0" + +"jsesc@^2.5.1": + "version" "2.5.2" + +"json-buffer@3.0.0": + "version" "3.0.0" + +"json-parse-better-errors@^1.0.1": + "version" "1.0.2" + +"json-parse-even-better-errors@^2.3.0", "json-parse-even-better-errors@^2.3.1": + "version" "2.3.1" + +"json-schema-traverse@^0.4.1": + "version" "0.4.1" + +"json-schema-traverse@^1.0.0": + "version" "1.0.0" + +"json-stable-stringify-without-jsonify@^1.0.1": + "version" "1.0.1" + +"json-stringify-nice@^1.1.4": + "version" "1.1.4" + +"json-stringify-safe@^5.0.1": + "version" "5.0.1" + +"json5@^1.0.1": + "version" "1.0.1" + dependencies: + "minimist" "^1.2.0" + +"json5@^2.1.2", "json5@2.x": + "version" "2.2.0" + dependencies: + "minimist" "^1.2.5" + +"jsonfile@^4.0.0": + "version" "4.0.0" + optionalDependencies: + "graceful-fs" "^4.1.6" + +"jsonfile@^6.0.1": + "version" "6.1.0" + dependencies: + "universalify" "^2.0.0" + optionalDependencies: + "graceful-fs" "^4.1.6" + +"jsonparse@^1.2.0", "jsonparse@^1.3.1": + "version" "1.3.1" + +"jsonpath@^1.1.1": + "version" "1.1.1" + dependencies: + "esprima" "1.2.2" + "static-eval" "2.0.2" + "underscore" "1.12.1" + +"JSONStream@^1.0.4": + "version" "1.3.5" + dependencies: + "jsonparse" "^1.2.0" + "through" ">=2.2.7 <3" + +"just-diff-apply@^5.2.0": + "version" "5.2.0" + +"just-diff@^5.0.1": + "version" "5.0.2" + +"keyv@3.0.0": + "version" "3.0.0" + dependencies: + "json-buffer" "3.0.0" + +"kind-of@^3.0.2", "kind-of@^3.0.3", "kind-of@^3.2.0": + "version" "3.2.2" + dependencies: + "is-buffer" "^1.1.5" + +"kind-of@^4.0.0": + "version" "4.0.0" + dependencies: + "is-buffer" "^1.1.5" + +"kind-of@^5.0.0": + "version" "5.1.0" + +"kind-of@^6.0.0": + "version" "6.0.3" + +"kind-of@^6.0.2": + "version" "6.0.3" + +"kind-of@^6.0.3": + "version" "6.0.3" + +"kleur@^3.0.3": + "version" "3.0.3" + +"leven@^3.1.0": + "version" "3.1.0" + +"levn@^0.4.1": + "version" "0.4.1" + dependencies: + "prelude-ls" "^1.2.1" + "type-check" "~0.4.0" + +"levn@~0.3.0": + "version" "0.3.0" + dependencies: + "prelude-ls" "~1.1.2" + "type-check" "~0.3.2" + +"libnpmaccess@^6.0.2": + "version" "6.0.3" + dependencies: + "aproba" "^2.0.0" + "minipass" "^3.1.1" + "npm-package-arg" "^9.0.1" + "npm-registry-fetch" "^13.0.0" + +"libnpmdiff@^4.0.2": + "version" "4.0.3" + dependencies: + "@npmcli/disparity-colors" "^2.0.0" + "@npmcli/installed-package-contents" "^1.0.7" + "binary-extensions" "^2.2.0" + "diff" "^5.0.0" + "minimatch" "^5.0.1" + "npm-package-arg" "^9.0.1" + "pacote" "^13.0.5" + "tar" "^6.1.0" + +"libnpmexec@^4.0.2": + "version" "4.0.5" + dependencies: + "@npmcli/arborist" "^5.0.0" + "@npmcli/ci-detect" "^2.0.0" + "@npmcli/run-script" "^3.0.0" + "chalk" "^4.1.0" + "mkdirp-infer-owner" "^2.0.0" + "npm-package-arg" "^9.0.1" + "npmlog" "^6.0.2" + "pacote" "^13.0.5" + "proc-log" "^2.0.0" + "read" "^1.0.7" + "read-package-json-fast" "^2.0.2" + "walk-up-path" "^1.0.0" + +"libnpmfund@^3.0.1": + "version" "3.0.2" + dependencies: + "@npmcli/arborist" "^5.0.0" + +"libnpmhook@^8.0.2": + "version" "8.0.3" + dependencies: + "aproba" "^2.0.0" + "npm-registry-fetch" "^13.0.0" + +"libnpmorg@^4.0.2": + "version" "4.0.3" + dependencies: + "aproba" "^2.0.0" + "npm-registry-fetch" "^13.0.0" + +"libnpmpack@^4.0.2": + "version" "4.0.3" + dependencies: + "@npmcli/run-script" "^3.0.0" + "npm-package-arg" "^9.0.1" + "pacote" "^13.0.5" + +"libnpmpublish@^6.0.2": + "version" "6.0.4" + dependencies: + "normalize-package-data" "^4.0.0" + "npm-package-arg" "^9.0.1" + "npm-registry-fetch" "^13.0.0" + "semver" "^7.3.7" + "ssri" "^9.0.0" + +"libnpmsearch@^5.0.2": + "version" "5.0.3" + dependencies: + "npm-registry-fetch" "^13.0.0" + +"libnpmteam@^4.0.2": + "version" "4.0.3" + dependencies: + "aproba" "^2.0.0" + "npm-registry-fetch" "^13.0.0" + +"libnpmversion@^3.0.1": + "version" "3.0.4" + dependencies: + "@npmcli/git" "^3.0.0" + "@npmcli/run-script" "^3.0.0" + "json-parse-even-better-errors" "^2.3.1" + "proc-log" "^2.0.0" + "semver" "^7.3.7" + +"lines-and-columns@^1.1.6": + "version" "1.2.4" + +"load-json-file@^4.0.0": + "version" "4.0.0" + dependencies: + "graceful-fs" "^4.1.2" + "parse-json" "^4.0.0" + "pify" "^3.0.0" + "strip-bom" "^3.0.0" + +"locate-path@^2.0.0": + "version" "2.0.0" + dependencies: + "p-locate" "^2.0.0" + "path-exists" "^3.0.0" + +"locate-path@^5.0.0": + "version" "5.0.0" + dependencies: + "p-locate" "^4.1.0" + +"locate-path@^6.0.0": + "version" "6.0.0" + dependencies: + "p-locate" "^5.0.0" + +"lodash-es@^4.17.21": + "version" "4.17.21" + +"lodash.capitalize@^4.2.1": + "version" "4.2.1" + +"lodash.escaperegexp@^4.1.2": + "version" "4.1.2" + +"lodash.ismatch@^4.4.0": + "version" "4.4.0" + +"lodash.isplainobject@^4.0.6": + "version" "4.0.6" + +"lodash.isstring@^4.0.1": + "version" "4.0.1" + +"lodash.memoize@4.x": + "version" "4.1.2" + +"lodash.merge@^4.6.2": + "version" "4.6.2" + +"lodash.truncate@^4.4.2": + "version" "4.4.2" + +"lodash.uniqby@^4.7.0": + "version" "4.7.0" + +"lodash@^4.17.15", "lodash@^4.17.21", "lodash@^4.17.4", "lodash@^4.7.0": + "version" "4.17.21" + +"log-symbols@^4.1.0": + "version" "4.1.0" + dependencies: + "chalk" "^4.1.0" + "is-unicode-supported" "^0.1.0" + +"lowercase-keys@^1.0.0": + "version" "1.0.1" + +"lowercase-keys@1.0.0": + "version" "1.0.0" + +"lru-cache@^4.0.1": + "version" "4.1.5" + dependencies: + "pseudomap" "^1.0.2" + "yallist" "^2.1.2" + +"lru-cache@^6.0.0": + "version" "6.0.0" + dependencies: + "yallist" "^4.0.0" + +"lru-cache@^7.4.4", "lru-cache@^7.5.1", "lru-cache@^7.7.1": + "version" "7.9.0" + +"make-dir@^1.0.0": + "version" "1.3.0" + dependencies: + "pify" "^3.0.0" + +"make-dir@^2.1.0": + "version" "2.1.0" + dependencies: + "pify" "^4.0.1" + "semver" "^5.6.0" + +"make-dir@^3.0.0": + "version" "3.1.0" + dependencies: + "semver" "^6.0.0" + +"make-error@1.x": + "version" "1.3.6" + +"make-fetch-happen@^10.0.3", "make-fetch-happen@^10.0.6", "make-fetch-happen@^10.1.3": + "version" "10.1.3" + dependencies: + "agentkeepalive" "^4.2.1" + "cacache" "^16.0.2" + "http-cache-semantics" "^4.1.0" + "http-proxy-agent" "^5.0.0" + "https-proxy-agent" "^5.0.0" + "is-lambda" "^1.0.1" + "lru-cache" "^7.7.1" + "minipass" "^3.1.6" + "minipass-collect" "^1.0.2" + "minipass-fetch" "^2.0.3" + "minipass-flush" "^1.0.5" + "minipass-pipeline" "^1.2.4" + "negotiator" "^0.6.3" + "promise-retry" "^2.0.1" + "socks-proxy-agent" "^6.1.1" + "ssri" "^9.0.0" + +"makeerror@1.0.12": + "version" "1.0.12" + dependencies: + "tmpl" "1.0.5" + +"map-cache@^0.2.2": + "version" "0.2.2" + +"map-obj@^1.0.0": + "version" "1.0.1" + +"map-obj@^4.0.0", "map-obj@^4.1.0": + "version" "4.3.0" + +"map-visit@^1.0.0": + "version" "1.0.0" + dependencies: + "object-visit" "^1.0.0" + +"marked-terminal@^5.0.0": + "version" "5.1.1" + dependencies: + "ansi-escapes" "^5.0.0" + "cardinal" "^2.1.1" + "chalk" "^5.0.0" + "cli-table3" "^0.6.1" + "node-emoji" "^1.11.0" + "supports-hyperlinks" "^2.2.0" + +"marked@^1.0.0 || ^2.0.0 || ^3.0.0 || ^4.0.0", "marked@^4.0.10": + "version" "4.0.12" + +"math-random@^1.0.1": + "version" "1.0.4" + +"meow@^10.1.2": + "version" "10.1.2" + dependencies: + "@types/minimist" "^1.2.2" + "camelcase-keys" "^7.0.0" + "decamelize" "^5.0.0" + "decamelize-keys" "^1.1.0" + "hard-rejection" "^2.1.0" + "minimist-options" "4.1.0" + "normalize-package-data" "^3.0.2" + "read-pkg-up" "^8.0.0" + "redent" "^4.0.0" + "trim-newlines" "^4.0.2" + "type-fest" "^1.2.2" + "yargs-parser" "^20.2.9" + +"meow@^8.0.0": + "version" "8.1.2" + dependencies: + "@types/minimist" "^1.2.0" + "camelcase-keys" "^6.2.2" + "decamelize-keys" "^1.1.0" + "hard-rejection" "^2.1.0" + "minimist-options" "4.1.0" + "normalize-package-data" "^3.0.0" + "read-pkg-up" "^7.0.1" + "redent" "^3.0.0" + "trim-newlines" "^3.0.0" + "type-fest" "^0.18.0" + "yargs-parser" "^20.2.3" + +"merge-stream@^2.0.0": + "version" "2.0.0" + +"merge2@^1.3.0", "merge2@^1.4.1": + "version" "1.4.1" + +"micromatch@^2.1.5": + "version" "2.3.11" + dependencies: + "arr-diff" "^2.0.0" + "array-unique" "^0.2.1" + "braces" "^1.8.2" + "expand-brackets" "^0.1.4" + "extglob" "^0.3.1" + "filename-regex" "^2.0.0" + "is-extglob" "^1.0.0" + "is-glob" "^2.0.1" + "kind-of" "^3.0.2" + "normalize-path" "^2.0.1" + "object.omit" "^2.0.0" + "parse-glob" "^3.0.4" + "regex-cache" "^0.4.2" + +"micromatch@^3.1.10": + "version" "3.1.10" + dependencies: + "arr-diff" "^4.0.0" + "array-unique" "^0.3.2" + "braces" "^2.3.1" + "define-property" "^2.0.2" + "extend-shallow" "^3.0.2" + "extglob" "^2.0.4" + "fragment-cache" "^0.2.1" + "kind-of" "^6.0.2" + "nanomatch" "^1.2.9" + "object.pick" "^1.3.0" + "regex-not" "^1.0.0" + "snapdragon" "^0.8.1" + "to-regex" "^3.0.2" + +"micromatch@^4.0.0", "micromatch@^4.0.2", "micromatch@^4.0.4": + "version" "4.0.4" + dependencies: + "braces" "^3.0.1" + "picomatch" "^2.2.3" + +"mime-db@^1.28.0", "mime-db@1.51.0": + "version" "1.51.0" + +"mime-types@^2.1.12": + "version" "2.1.34" + dependencies: + "mime-db" "1.51.0" + +"mime@^3.0.0": + "version" "3.0.0" + +"mimic-fn@^2.1.0": + "version" "2.1.0" + +"mimic-fn@^4.0.0": + "version" "4.0.0" + +"mimic-response@^1.0.0": + "version" "1.0.1" + +"min-indent@^1.0.0", "min-indent@^1.0.1": + "version" "1.0.1" + +"minimatch@^3.0.2", "minimatch@^3.0.4": + "version" "3.0.4" + dependencies: + "brace-expansion" "^1.1.7" + +"minimatch@^5.0.1": + "version" "5.0.1" + dependencies: + "brace-expansion" "^2.0.1" + +"minimist-options@4.1.0": + "version" "4.1.0" + dependencies: + "arrify" "^1.0.1" + "is-plain-obj" "^1.1.0" + "kind-of" "^6.0.3" + +"minimist@^1.1.0", "minimist@^1.2.0", "minimist@^1.2.3", "minimist@^1.2.5": + "version" "1.2.5" + +"minipass-collect@^1.0.2": + "version" "1.0.2" + dependencies: + "minipass" "^3.0.0" + +"minipass-fetch@^2.0.3": + "version" "2.1.0" + dependencies: + "minipass" "^3.1.6" + "minipass-sized" "^1.0.3" + "minizlib" "^2.1.2" + optionalDependencies: + "encoding" "^0.1.13" + +"minipass-flush@^1.0.5": + "version" "1.0.5" + dependencies: + "minipass" "^3.0.0" + +"minipass-json-stream@^1.0.1": + "version" "1.0.1" + dependencies: + "jsonparse" "^1.3.1" + "minipass" "^3.0.0" + +"minipass-pipeline@^1.2.4": + "version" "1.2.4" + dependencies: + "minipass" "^3.0.0" + +"minipass-sized@^1.0.3": + "version" "1.0.3" + dependencies: + "minipass" "^3.0.0" + +"minipass@^3.0.0", "minipass@^3.1.1", "minipass@^3.1.6": + "version" "3.1.6" + dependencies: + "yallist" "^4.0.0" + +"minizlib@^2.1.1", "minizlib@^2.1.2": + "version" "2.1.2" + dependencies: + "minipass" "^3.0.0" + "yallist" "^4.0.0" + +"mixin-deep@^1.2.0": + "version" "1.3.2" + dependencies: + "for-in" "^1.0.2" + "is-extendable" "^1.0.1" + +"mkdirp-infer-owner@^2.0.0": + "version" "2.0.0" + dependencies: + "chownr" "^2.0.0" + "infer-owner" "^1.0.4" + "mkdirp" "^1.0.3" + +"mkdirp@^0.5.1": + "version" "0.5.5" + dependencies: + "minimist" "^1.2.5" + +"mkdirp@^1.0.3", "mkdirp@^1.0.4": + "version" "1.0.4" + +"modify-values@^1.0.0": + "version" "1.0.1" + +"ms@^2.0.0", "ms@^2.1.2": + "version" "2.1.3" + +"ms@^2.1.1": + "version" "2.1.2" + +"ms@2.0.0": + "version" "2.0.0" + +"ms@2.1.2": + "version" "2.1.2" + +"mute-stream@~0.0.4", "mute-stream@0.0.8": + "version" "0.0.8" + +"nan@^2.12.1": + "version" "2.15.0" + +"nanomatch@^1.2.9": + "version" "1.2.13" + dependencies: + "arr-diff" "^4.0.0" + "array-unique" "^0.3.2" + "define-property" "^2.0.2" + "extend-shallow" "^3.0.2" + "fragment-cache" "^0.2.1" + "is-windows" "^1.0.2" + "kind-of" "^6.0.2" + "object.pick" "^1.3.0" + "regex-not" "^1.0.0" + "snapdragon" "^0.8.1" + "to-regex" "^3.0.1" + +"natural-compare@^1.4.0": + "version" "1.4.0" + +"negotiator@^0.6.3": + "version" "0.6.3" + +"neo-async@^2.6.0": + "version" "2.6.2" + +"nerf-dart@^1.0.0": + "version" "1.0.0" + +"node-emoji@^1.11.0": + "version" "1.11.0" + dependencies: + "lodash" "^4.17.21" + +"node-fetch@^2.6.1": + "version" "2.6.6" + dependencies: + "whatwg-url" "^5.0.0" + +"node-gyp@^9.0.0": + "version" "9.0.0" + dependencies: + "env-paths" "^2.2.0" + "glob" "^7.1.4" + "graceful-fs" "^4.2.6" + "make-fetch-happen" "^10.0.3" + "nopt" "^5.0.0" + "npmlog" "^6.0.0" + "rimraf" "^3.0.2" + "semver" "^7.3.5" + "tar" "^6.1.2" + "which" "^2.0.2" + +"node-int64@^0.4.0": + "version" "0.4.0" + +"node-jq@^2.1.0", "node-jq@2.1.0": + "version" "2.1.0" + dependencies: + "@semantic-release/changelog" "^6.0.1" + "@semantic-release/git" "^10.0.1" + "bin-build" "^3.0.0" + "download" "^8.0.0" + "is-valid-path" "^0.1.1" + "joi" "^17.4.0" + "strip-eof" "^2.0.0" + "strip-final-newline" "^2.0.0" + "tempfile" "^3.0.0" + +"node-releases@^2.0.1": + "version" "2.0.1" + +"nopt@^5.0.0": + "version" "5.0.0" + dependencies: + "abbrev" "1" + +"normalize-package-data@^2.5.0": + "version" "2.5.0" + dependencies: + "hosted-git-info" "^2.1.4" + "resolve" "^1.10.0" + "semver" "2 || 3 || 4 || 5" + "validate-npm-package-license" "^3.0.1" + +"normalize-package-data@^3.0.0", "normalize-package-data@^3.0.2": + "version" "3.0.3" + dependencies: + "hosted-git-info" "^4.0.1" + "is-core-module" "^2.5.0" + "semver" "^7.3.4" + "validate-npm-package-license" "^3.0.1" + +"normalize-package-data@^4.0.0": + "version" "4.0.0" + dependencies: + "hosted-git-info" "^5.0.0" + "is-core-module" "^2.8.1" + "semver" "^7.3.5" + "validate-npm-package-license" "^3.0.4" + +"normalize-path@^2.0.0", "normalize-path@^2.0.1", "normalize-path@^2.1.1": + "version" "2.1.1" + dependencies: + "remove-trailing-separator" "^1.0.1" + +"normalize-path@^3.0.0": + "version" "3.0.0" + +"normalize-url@^6.0.0": + "version" "6.1.0" + +"normalize-url@2.0.1": + "version" "2.0.1" + dependencies: + "prepend-http" "^2.0.0" + "query-string" "^5.0.1" + "sort-keys" "^2.0.0" + +"npm-audit-report@^2.1.5": + "version" "2.1.5" + dependencies: + "chalk" "^4.0.0" + +"npm-audit-report@^3.0.0": + "version" "3.0.0" + dependencies: + "chalk" "^4.0.0" + +"npm-bundled@^1.1.1", "npm-bundled@^1.1.2": + "version" "1.1.2" + dependencies: + "npm-normalize-package-bin" "^1.0.1" + +"npm-conf@^1.1.0": + "version" "1.1.3" + dependencies: + "config-chain" "^1.1.11" + "pify" "^3.0.0" + +"npm-install-checks@^4.0.0": + "version" "4.0.0" + dependencies: + "semver" "^7.1.1" + +"npm-install-checks@^5.0.0": + "version" "5.0.0" + dependencies: + "semver" "^7.1.1" + +"npm-normalize-package-bin@^1.0.0", "npm-normalize-package-bin@^1.0.1": + "version" "1.0.1" + +"npm-package-arg@^9.0.0", "npm-package-arg@^9.0.1", "npm-package-arg@^9.0.2": + "version" "9.0.2" + dependencies: + "hosted-git-info" "^5.0.0" + "semver" "^7.3.5" + "validate-npm-package-name" "^4.0.0" + +"npm-packlist@^5.0.0": + "version" "5.0.3" + dependencies: + "glob" "^8.0.1" + "ignore-walk" "^5.0.1" + "npm-bundled" "^1.1.2" + "npm-normalize-package-bin" "^1.0.1" + +"npm-pick-manifest@^7.0.0", "npm-pick-manifest@^7.0.1": + "version" "7.0.1" + dependencies: + "npm-install-checks" "^5.0.0" + "npm-normalize-package-bin" "^1.0.1" + "npm-package-arg" "^9.0.0" + "semver" "^7.3.5" + +"npm-profile@^6.0.2", "npm-profile@^6.0.3": + "version" "6.0.3" + dependencies: + "npm-registry-fetch" "^13.0.1" + "proc-log" "^2.0.0" + +"npm-registry-fetch@^13.0.0", "npm-registry-fetch@^13.0.1", "npm-registry-fetch@^13.1.1": + "version" "13.1.1" + dependencies: + "make-fetch-happen" "^10.0.6" + "minipass" "^3.1.6" + "minipass-fetch" "^2.0.3" + "minipass-json-stream" "^1.0.1" + "minizlib" "^2.1.2" + "npm-package-arg" "^9.0.1" + "proc-log" "^2.0.0" + +"npm-run-path@^2.0.0": + "version" "2.0.2" + dependencies: + "path-key" "^2.0.0" + +"npm-run-path@^4.0.1": + "version" "4.0.1" + dependencies: + "path-key" "^3.0.0" + +"npm-run-path@^5.1.0": + "version" "5.1.0" + dependencies: + "path-key" "^4.0.0" + +"npm-user-validate@^1.0.1": + "version" "1.0.1" + +"npm@^8.3.0": + "version" "8.5.5" + dependencies: + "@isaacs/string-locale-compare" "^1.1.0" + "@npmcli/arborist" "^5.0.3" + "@npmcli/ci-detect" "^2.0.0" + "@npmcli/config" "^4.0.1" + "@npmcli/map-workspaces" "^2.0.2" + "@npmcli/package-json" "^1.0.1" + "@npmcli/run-script" "^3.0.1" + "abbrev" "~1.1.1" + "ansicolors" "~0.3.2" + "ansistyles" "~0.1.3" + "archy" "~1.0.0" + "cacache" "^16.0.2" + "chalk" "^4.1.2" + "chownr" "^2.0.0" + "cli-columns" "^4.0.0" + "cli-table3" "^0.6.1" + "columnify" "^1.6.0" + "fastest-levenshtein" "^1.0.12" + "glob" "^7.2.0" + "graceful-fs" "^4.2.9" + "hosted-git-info" "^5.0.0" + "ini" "^2.0.0" + "init-package-json" "^3.0.1" + "is-cidr" "^4.0.2" + "json-parse-even-better-errors" "^2.3.1" + "libnpmaccess" "^6.0.2" + "libnpmdiff" "^4.0.2" + "libnpmexec" "^4.0.2" + "libnpmfund" "^3.0.1" + "libnpmhook" "^8.0.2" + "libnpmorg" "^4.0.2" + "libnpmpack" "^4.0.2" + "libnpmpublish" "^6.0.2" + "libnpmsearch" "^5.0.2" + "libnpmteam" "^4.0.2" + "libnpmversion" "^3.0.1" + "make-fetch-happen" "^10.0.6" + "minipass" "^3.1.6" + "minipass-pipeline" "^1.2.4" + "mkdirp" "^1.0.4" + "mkdirp-infer-owner" "^2.0.0" + "ms" "^2.1.2" + "node-gyp" "^9.0.0" + "nopt" "^5.0.0" + "npm-audit-report" "^2.1.5" + "npm-install-checks" "^4.0.0" + "npm-package-arg" "^9.0.1" + "npm-pick-manifest" "^7.0.0" + "npm-profile" "^6.0.2" + "npm-registry-fetch" "^13.0.1" + "npm-user-validate" "^1.0.1" + "npmlog" "^6.0.1" + "opener" "^1.5.2" + "pacote" "^13.0.5" + "parse-conflict-json" "^2.0.1" + "proc-log" "^2.0.0" + "qrcode-terminal" "^0.12.0" + "read" "~1.0.7" + "read-package-json" "^5.0.0" + "read-package-json-fast" "^2.0.3" + "readdir-scoped-modules" "^1.1.0" + "rimraf" "^3.0.2" + "semver" "^7.3.5" + "ssri" "^8.0.1" + "tar" "^6.1.11" + "text-table" "~0.2.0" + "tiny-relative-date" "^1.3.0" + "treeverse" "^1.0.4" + "validate-npm-package-name" "~3.0.0" + "which" "^2.0.2" + "write-file-atomic" "^4.0.1" + +"npm@^8.8.0": + "version" "8.10.0" + dependencies: + "@isaacs/string-locale-compare" "^1.1.0" + "@npmcli/arborist" "^5.0.4" + "@npmcli/ci-detect" "^2.0.0" + "@npmcli/config" "^4.1.0" + "@npmcli/fs" "^2.1.0" + "@npmcli/map-workspaces" "^2.0.3" + "@npmcli/package-json" "^2.0.0" + "@npmcli/run-script" "^3.0.1" + "abbrev" "~1.1.1" + "archy" "~1.0.0" + "cacache" "^16.0.7" + "chalk" "^4.1.2" + "chownr" "^2.0.0" + "cli-columns" "^4.0.0" + "cli-table3" "^0.6.2" + "columnify" "^1.6.0" + "fastest-levenshtein" "^1.0.12" + "glob" "^8.0.1" + "graceful-fs" "^4.2.10" + "hosted-git-info" "^5.0.0" + "ini" "^3.0.0" + "init-package-json" "^3.0.2" + "is-cidr" "^4.0.2" + "json-parse-even-better-errors" "^2.3.1" + "libnpmaccess" "^6.0.2" + "libnpmdiff" "^4.0.2" + "libnpmexec" "^4.0.2" + "libnpmfund" "^3.0.1" + "libnpmhook" "^8.0.2" + "libnpmorg" "^4.0.2" + "libnpmpack" "^4.0.2" + "libnpmpublish" "^6.0.2" + "libnpmsearch" "^5.0.2" + "libnpmteam" "^4.0.2" + "libnpmversion" "^3.0.1" + "make-fetch-happen" "^10.1.3" + "minipass" "^3.1.6" + "minipass-pipeline" "^1.2.4" + "mkdirp" "^1.0.4" + "mkdirp-infer-owner" "^2.0.0" + "ms" "^2.1.2" + "node-gyp" "^9.0.0" + "nopt" "^5.0.0" + "npm-audit-report" "^3.0.0" + "npm-install-checks" "^5.0.0" + "npm-package-arg" "^9.0.2" + "npm-pick-manifest" "^7.0.1" + "npm-profile" "^6.0.3" + "npm-registry-fetch" "^13.1.1" + "npm-user-validate" "^1.0.1" + "npmlog" "^6.0.2" + "opener" "^1.5.2" + "pacote" "^13.3.0" + "parse-conflict-json" "^2.0.2" + "proc-log" "^2.0.1" + "qrcode-terminal" "^0.12.0" + "read" "~1.0.7" + "read-package-json" "^5.0.1" + "read-package-json-fast" "^2.0.3" + "readdir-scoped-modules" "^1.1.0" + "rimraf" "^3.0.2" + "semver" "^7.3.7" + "ssri" "^9.0.0" + "tar" "^6.1.11" + "text-table" "~0.2.0" + "tiny-relative-date" "^1.3.0" + "treeverse" "^2.0.0" + "validate-npm-package-name" "^4.0.0" + "which" "^2.0.2" + "write-file-atomic" "^4.0.1" + +"npmlog@^6.0.0", "npmlog@^6.0.1", "npmlog@^6.0.2": + "version" "6.0.2" + dependencies: + "are-we-there-yet" "^3.0.0" + "console-control-strings" "^1.1.0" + "gauge" "^4.0.3" + "set-blocking" "^2.0.0" + +"nwsapi@^2.2.0": + "version" "2.2.0" + +"object-assign@^4.0.1", "object-assign@^4.1.0": + "version" "4.1.1" + +"object-copy@^0.1.0": + "version" "0.1.0" + dependencies: + "copy-descriptor" "^0.1.0" + "define-property" "^0.2.5" + "kind-of" "^3.0.3" + +"object-inspect@^1.11.0", "object-inspect@^1.9.0": + "version" "1.12.0" + +"object-keys@^1.0.12", "object-keys@^1.1.1": + "version" "1.1.1" + +"object-visit@^1.0.0": + "version" "1.0.1" + dependencies: + "isobject" "^3.0.0" + +"object.assign@^4.1.2": + "version" "4.1.2" + dependencies: + "call-bind" "^1.0.0" + "define-properties" "^1.1.3" + "has-symbols" "^1.0.1" + "object-keys" "^1.1.1" + +"object.entries@^1.1.2": + "version" "1.1.5" + dependencies: + "call-bind" "^1.0.2" + "define-properties" "^1.1.3" + "es-abstract" "^1.19.1" + +"object.omit@^2.0.0": + "version" "2.0.1" + dependencies: + "for-own" "^0.1.4" + "is-extendable" "^0.1.1" + +"object.pick@^1.3.0": + "version" "1.3.0" + dependencies: + "isobject" "^3.0.1" + +"object.values@^1.1.5": + "version" "1.1.5" + dependencies: + "call-bind" "^1.0.2" + "define-properties" "^1.1.3" + "es-abstract" "^1.19.1" + +"once@^1.3.0", "once@^1.3.1", "once@^1.4.0": + "version" "1.4.0" + dependencies: + "wrappy" "1" + +"onetime@^5.1.0", "onetime@^5.1.2": + "version" "5.1.2" + dependencies: + "mimic-fn" "^2.1.0" + +"onetime@^6.0.0": + "version" "6.0.0" + dependencies: + "mimic-fn" "^4.0.0" + +"opener@^1.5.2": + "version" "1.5.2" + +"optionator@^0.8.1": + "version" "0.8.3" + dependencies: + "deep-is" "~0.1.3" + "fast-levenshtein" "~2.0.6" + "levn" "~0.3.0" + "prelude-ls" "~1.1.2" + "type-check" "~0.3.2" + "word-wrap" "~1.2.3" + +"optionator@^0.9.1": + "version" "0.9.1" + dependencies: + "deep-is" "^0.1.3" + "fast-levenshtein" "^2.0.6" + "levn" "^0.4.1" + "prelude-ls" "^1.2.1" + "type-check" "^0.4.0" + "word-wrap" "^1.2.3" + +"ora@^5.4.1": + "version" "5.4.1" + dependencies: + "bl" "^4.1.0" + "chalk" "^4.1.0" + "cli-cursor" "^3.1.0" + "cli-spinners" "^2.5.0" + "is-interactive" "^1.0.0" + "is-unicode-supported" "^0.1.0" + "log-symbols" "^4.1.0" + "strip-ansi" "^6.0.0" + "wcwidth" "^1.0.1" + +"os-tmpdir@~1.0.2": + "version" "1.0.2" + +"p-cancelable@^0.3.0": + "version" "0.3.0" + +"p-cancelable@^0.4.0": + "version" "0.4.1" + +"p-each-series@^2.1.0": + "version" "2.2.0" + +"p-event@^1.0.0": + "version" "1.3.0" + dependencies: + "p-timeout" "^1.1.1" + +"p-event@^2.1.0": + "version" "2.3.1" + dependencies: + "p-timeout" "^2.0.1" + +"p-filter@^2.0.0": + "version" "2.1.0" + dependencies: + "p-map" "^2.0.0" + +"p-finally@^1.0.0": + "version" "1.0.0" + +"p-is-promise@^1.1.0": + "version" "1.1.0" + +"p-is-promise@^3.0.0": + "version" "3.0.0" + +"p-limit@^1.1.0": + "version" "1.3.0" + dependencies: + "p-try" "^1.0.0" + +"p-limit@^2.2.0": + "version" "2.3.0" + dependencies: + "p-try" "^2.0.0" + +"p-limit@^3.0.2": + "version" "3.1.0" + dependencies: + "yocto-queue" "^0.1.0" + +"p-locate@^2.0.0": + "version" "2.0.0" + dependencies: + "p-limit" "^1.1.0" + +"p-locate@^4.1.0": + "version" "4.1.0" + dependencies: + "p-limit" "^2.2.0" + +"p-locate@^5.0.0": + "version" "5.0.0" + dependencies: + "p-limit" "^3.0.2" + +"p-map-series@^1.0.0": + "version" "1.0.0" + dependencies: + "p-reduce" "^1.0.0" + +"p-map@^2.0.0": + "version" "2.1.0" + +"p-map@^4.0.0": + "version" "4.0.0" + dependencies: + "aggregate-error" "^3.0.0" + +"p-reduce@^1.0.0": + "version" "1.0.0" + +"p-reduce@^2.0.0": + "version" "2.1.0" + +"p-retry@^4.0.0": + "version" "4.6.1" + dependencies: + "@types/retry" "^0.12.0" + "retry" "^0.13.1" + +"p-timeout@^1.1.1": + "version" "1.2.1" + dependencies: + "p-finally" "^1.0.0" + +"p-timeout@^2.0.1": + "version" "2.0.1" + dependencies: + "p-finally" "^1.0.0" + +"p-try@^1.0.0": + "version" "1.0.0" + +"p-try@^2.0.0": + "version" "2.2.0" + +"pacote@^13.0.3", "pacote@^13.0.5", "pacote@^13.3.0": + "version" "13.3.0" + dependencies: + "@npmcli/git" "^3.0.0" + "@npmcli/installed-package-contents" "^1.0.7" + "@npmcli/promise-spawn" "^3.0.0" + "@npmcli/run-script" "^3.0.1" + "cacache" "^16.0.0" + "chownr" "^2.0.0" + "fs-minipass" "^2.1.0" + "infer-owner" "^1.0.4" + "minipass" "^3.1.6" + "mkdirp" "^1.0.4" + "npm-package-arg" "^9.0.0" + "npm-packlist" "^5.0.0" + "npm-pick-manifest" "^7.0.0" + "npm-registry-fetch" "^13.0.1" + "proc-log" "^2.0.0" + "promise-retry" "^2.0.1" + "read-package-json" "^5.0.0" + "read-package-json-fast" "^2.0.3" + "rimraf" "^3.0.2" + "ssri" "^9.0.0" + "tar" "^6.1.11" + +"parent-module@^1.0.0": + "version" "1.0.1" + dependencies: + "callsites" "^3.0.0" + +"parse-conflict-json@^2.0.1", "parse-conflict-json@^2.0.2": + "version" "2.0.2" + dependencies: + "json-parse-even-better-errors" "^2.3.1" + "just-diff" "^5.0.1" + "just-diff-apply" "^5.2.0" + +"parse-glob@^3.0.4": + "version" "3.0.4" + dependencies: + "glob-base" "^0.3.0" + "is-dotfile" "^1.0.0" + "is-extglob" "^1.0.0" + "is-glob" "^2.0.0" + +"parse-json@^4.0.0": + "version" "4.0.0" + dependencies: + "error-ex" "^1.3.1" + "json-parse-better-errors" "^1.0.1" + +"parse-json@^5.0.0", "parse-json@^5.2.0": + "version" "5.2.0" + dependencies: + "@babel/code-frame" "^7.0.0" + "error-ex" "^1.3.1" + "json-parse-even-better-errors" "^2.3.0" + "lines-and-columns" "^1.1.6" + +"parse5@6.0.1": + "version" "6.0.1" + +"pascalcase@^0.1.1": + "version" "0.1.1" + +"path-exists@^3.0.0": + "version" "3.0.0" + +"path-exists@^4.0.0": + "version" "4.0.0" + +"path-is-absolute@^1.0.0": + "version" "1.0.1" + +"path-key@^2.0.0": + "version" "2.0.1" + +"path-key@^3.0.0", "path-key@^3.1.0": + "version" "3.1.1" + +"path-key@^4.0.0": + "version" "4.0.0" + +"path-parse@^1.0.7": + "version" "1.0.7" + +"path-type@^4.0.0": + "version" "4.0.0" + +"pend@~1.2.0": + "version" "1.2.0" + +"picocolors@^1.0.0": + "version" "1.0.0" + +"picomatch@^2.0.4", "picomatch@^2.2.3": + "version" "2.3.1" + +"pify@^2.3.0": + "version" "2.3.0" + +"pify@^3.0.0": + "version" "3.0.0" + +"pify@^4.0.1": + "version" "4.0.1" + +"pinkie-promise@^2.0.0": + "version" "2.0.1" + dependencies: + "pinkie" "^2.0.0" + +"pinkie@^2.0.0": + "version" "2.0.4" + +"pirates@^4.0.4": + "version" "4.0.4" + +"pkg-conf@^2.1.0": + "version" "2.1.0" + dependencies: + "find-up" "^2.0.0" + "load-json-file" "^4.0.0" + +"pkg-dir@^4.2.0": + "version" "4.2.0" + dependencies: + "find-up" "^4.0.0" + +"posix-character-classes@^0.1.0": + "version" "0.1.1" + +"prelude-ls@^1.2.1": + "version" "1.2.1" + +"prelude-ls@~1.1.2": + "version" "1.1.2" + +"prepend-http@^1.0.1": + "version" "1.0.4" + +"prepend-http@^2.0.0": + "version" "2.0.0" + +"preserve@^0.2.0": + "version" "0.2.0" + +"prettier-linter-helpers@^1.0.0": + "version" "1.0.0" + dependencies: + "fast-diff" "^1.1.2" + +"prettier@^2.4.1", "prettier@^2.5.1", "prettier@>=1.13.0": + "version" "2.5.1" + +"pretty-format@^27.0.0", "pretty-format@^27.4.6": + "version" "27.4.6" + dependencies: + "ansi-regex" "^5.0.1" + "ansi-styles" "^5.0.0" + "react-is" "^17.0.1" + +"proc-log@^2.0.0", "proc-log@^2.0.1": + "version" "2.0.1" + +"process-nextick-args@~2.0.0": + "version" "2.0.1" + +"progress@^2.0.0": + "version" "2.0.3" + +"promise-all-reject-late@^1.0.0": + "version" "1.0.1" + +"promise-call-limit@^1.0.1": + "version" "1.0.1" + +"promise-events@^0.2.4": + "version" "0.2.4" + +"promise-inflight@^1.0.1": + "version" "1.0.1" + +"promise-retry@^2.0.1": + "version" "2.0.1" + dependencies: + "err-code" "^2.0.2" + "retry" "^0.12.0" + +"prompts@^2.0.1": + "version" "2.4.2" + dependencies: + "kleur" "^3.0.3" + "sisteransi" "^1.0.5" + +"promzard@^0.3.0": + "version" "0.3.0" + dependencies: + "read" "1" + +"proto-list@~1.2.1": + "version" "1.2.4" + +"pseudomap@^1.0.2": + "version" "1.0.2" + +"psl@^1.1.33": + "version" "1.8.0" + +"pump@^3.0.0": + "version" "3.0.0" + dependencies: + "end-of-stream" "^1.1.0" + "once" "^1.3.1" + +"punycode@^2.1.0", "punycode@^2.1.1": + "version" "2.1.1" + +"q@^1.5.1": + "version" "1.5.1" + +"qrcode-terminal@^0.12.0": + "version" "0.12.0" + +"query-string@^5.0.1": + "version" "5.1.1" + dependencies: + "decode-uri-component" "^0.2.0" + "object-assign" "^4.1.0" + "strict-uri-encode" "^1.0.0" + +"queue-microtask@^1.2.2": + "version" "1.2.3" + +"quick-lru@^4.0.1": + "version" "4.0.1" + +"quick-lru@^5.1.1": + "version" "5.1.1" + +"randomatic@^3.0.0": + "version" "3.1.1" + dependencies: + "is-number" "^4.0.0" + "kind-of" "^6.0.0" + "math-random" "^1.0.1" + +"rc@^1.2.8": + "version" "1.2.8" + dependencies: + "deep-extend" "^0.6.0" + "ini" "~1.3.0" + "minimist" "^1.2.0" + "strip-json-comments" "~2.0.1" + +"react-is@^17.0.1": + "version" "17.0.2" + +"read-cmd-shim@^3.0.0": + "version" "3.0.0" + +"read-package-json-fast@^2.0.2", "read-package-json-fast@^2.0.3": + "version" "2.0.3" + dependencies: + "json-parse-even-better-errors" "^2.3.0" + "npm-normalize-package-bin" "^1.0.1" + +"read-package-json@^5.0.0", "read-package-json@^5.0.1": + "version" "5.0.1" + dependencies: + "glob" "^8.0.1" + "json-parse-even-better-errors" "^2.3.1" + "normalize-package-data" "^4.0.0" + "npm-normalize-package-bin" "^1.0.1" + +"read-pkg-up@^7.0.0", "read-pkg-up@^7.0.1": + "version" "7.0.1" + dependencies: + "find-up" "^4.1.0" + "read-pkg" "^5.2.0" + "type-fest" "^0.8.1" + +"read-pkg-up@^8.0.0": + "version" "8.0.0" + dependencies: + "find-up" "^5.0.0" + "read-pkg" "^6.0.0" + "type-fest" "^1.0.1" + +"read-pkg@^5.0.0", "read-pkg@^5.2.0": + "version" "5.2.0" + dependencies: + "@types/normalize-package-data" "^2.4.0" + "normalize-package-data" "^2.5.0" + "parse-json" "^5.0.0" + "type-fest" "^0.6.0" + +"read-pkg@^6.0.0": + "version" "6.0.0" + dependencies: + "@types/normalize-package-data" "^2.4.0" + "normalize-package-data" "^3.0.2" + "parse-json" "^5.2.0" + "type-fest" "^1.0.1" + +"read-yaml-file@^1.1.0": + "version" "1.1.0" + dependencies: + "graceful-fs" "^4.1.5" + "js-yaml" "^3.6.1" + "pify" "^4.0.1" + "strip-bom" "^3.0.0" + +"read@^1.0.7", "read@~1.0.7", "read@1": + "version" "1.0.7" + dependencies: + "mute-stream" "~0.0.4" + +"readable-stream@^2.0.0", "readable-stream@^2.0.2", "readable-stream@^2.3.0", "readable-stream@^2.3.5", "readable-stream@~2.3.6": + "version" "2.3.7" + dependencies: + "core-util-is" "~1.0.0" + "inherits" "~2.0.3" + "isarray" "~1.0.0" + "process-nextick-args" "~2.0.0" + "safe-buffer" "~5.1.1" + "string_decoder" "~1.1.1" + "util-deprecate" "~1.0.1" + +"readable-stream@^3.0.0", "readable-stream@3": + "version" "3.6.0" + dependencies: + "inherits" "^2.0.3" + "string_decoder" "^1.1.1" + "util-deprecate" "^1.0.1" + +"readable-stream@^3.4.0": + "version" "3.6.0" + dependencies: + "inherits" "^2.0.3" + "string_decoder" "^1.1.1" + "util-deprecate" "^1.0.1" + +"readable-stream@^3.6.0": + "version" "3.6.0" + dependencies: + "inherits" "^2.0.3" + "string_decoder" "^1.1.1" + "util-deprecate" "^1.0.1" + +"readdir-scoped-modules@^1.1.0": + "version" "1.1.0" + dependencies: + "debuglog" "^1.0.1" + "dezalgo" "^1.0.0" + "graceful-fs" "^4.1.2" + "once" "^1.3.0" + +"readdirp@^2.0.0": + "version" "2.2.1" + dependencies: + "graceful-fs" "^4.1.11" + "micromatch" "^3.1.10" + "readable-stream" "^2.0.2" + +"rechoir@^0.6.2": + "version" "0.6.2" + dependencies: + "resolve" "^1.1.6" + +"redent@^3.0.0": + "version" "3.0.0" + dependencies: + "indent-string" "^4.0.0" + "strip-indent" "^3.0.0" + +"redent@^4.0.0": + "version" "4.0.0" + dependencies: + "indent-string" "^5.0.0" + "strip-indent" "^4.0.0" + +"redeyed@~2.1.0": + "version" "2.1.1" + dependencies: + "esprima" "~4.0.0" + +"regenerator-runtime@^0.11.0": + "version" "0.11.1" + +"regenerator-runtime@^0.13.4": + "version" "0.13.9" + +"regex-cache@^0.4.2": + "version" "0.4.4" + dependencies: + "is-equal-shallow" "^0.1.3" + +"regex-not@^1.0.0", "regex-not@^1.0.2": + "version" "1.0.2" + dependencies: + "extend-shallow" "^3.0.2" + "safe-regex" "^1.1.0" + +"regexpp@^3.1.0": + "version" "3.2.0" + +"registry-auth-token@^4.0.0": + "version" "4.2.1" + dependencies: + "rc" "^1.2.8" + +"remove-trailing-separator@^1.0.1": + "version" "1.1.0" + +"repeat-element@^1.1.2": + "version" "1.1.4" + +"repeat-string@^1.5.2", "repeat-string@^1.6.1": + "version" "1.6.1" + +"require-directory@^2.1.1": + "version" "2.1.1" + +"require-from-string@^2.0.2": + "version" "2.0.2" + +"resolve-cwd@^3.0.0": + "version" "3.0.0" + dependencies: + "resolve-from" "^5.0.0" + +"resolve-from@^4.0.0": + "version" "4.0.0" + +"resolve-from@^5.0.0": + "version" "5.0.0" + +"resolve-url@^0.2.1": + "version" "0.2.1" + +"resolve.exports@^1.1.0": + "version" "1.1.0" + +"resolve@^1.1.6", "resolve@^1.1.7", "resolve@^1.10.0", "resolve@^1.20.0": + "version" "1.21.0" + dependencies: + "is-core-module" "^2.8.0" + "path-parse" "^1.0.7" + "supports-preserve-symlinks-flag" "^1.0.0" + +"responselike@1.0.2": + "version" "1.0.2" + dependencies: + "lowercase-keys" "^1.0.0" + +"restore-cursor@^3.1.0": + "version" "3.1.0" + dependencies: + "onetime" "^5.1.0" + "signal-exit" "^3.0.2" + +"ret@~0.1.10": + "version" "0.1.15" + +"retry@^0.12.0": + "version" "0.12.0" + +"retry@^0.13.1": + "version" "0.13.1" + +"reusify@^1.0.4": + "version" "1.0.4" + +"rimraf@^3.0.0", "rimraf@^3.0.2": + "version" "3.0.2" + dependencies: + "glob" "^7.1.3" + +"run-async@^2.4.0": + "version" "2.4.1" + +"run-parallel@^1.1.9": + "version" "1.2.0" + dependencies: + "queue-microtask" "^1.2.2" + +"rxjs@^7.2.0": + "version" "7.5.1" + dependencies: + "tslib" "^2.1.0" + +"safe-buffer@^5.0.1", "safe-buffer@^5.1.1", "safe-buffer@~5.2.0", "safe-buffer@5.2.1": + "version" "5.2.1" + +"safe-buffer@~5.1.0": + "version" "5.1.2" + +"safe-buffer@~5.1.1": + "version" "5.1.2" + +"safe-regex@^1.1.0": + "version" "1.1.0" + dependencies: + "ret" "~0.1.10" + +"safer-buffer@>= 2.1.2 < 3", "safer-buffer@>= 2.1.2 < 3.0.0": + "version" "2.1.2" + +"saxes@^5.0.1": + "version" "5.0.1" + dependencies: + "xmlchars" "^2.2.0" + +"seek-bzip@^1.0.5": + "version" "1.0.6" + dependencies: + "commander" "^2.8.1" + +"semantic-release@^19.0.2", "semantic-release@>=18.0.0", "semantic-release@>=18.0.0-beta.1", "semantic-release@>=19.0.0": + "version" "19.0.2" + dependencies: + "@semantic-release/commit-analyzer" "^9.0.2" + "@semantic-release/error" "^3.0.0" + "@semantic-release/github" "^8.0.0" + "@semantic-release/npm" "^9.0.0" + "@semantic-release/release-notes-generator" "^10.0.0" + "aggregate-error" "^3.0.0" + "cosmiconfig" "^7.0.0" + "debug" "^4.0.0" + "env-ci" "^5.0.0" + "execa" "^5.0.0" + "figures" "^3.0.0" + "find-versions" "^4.0.0" + "get-stream" "^6.0.0" + "git-log-parser" "^1.2.0" + "hook-std" "^2.0.0" + "hosted-git-info" "^4.0.0" + "lodash" "^4.17.21" + "marked" "^4.0.10" + "marked-terminal" "^5.0.0" + "micromatch" "^4.0.2" + "p-each-series" "^2.1.0" + "p-reduce" "^2.0.0" + "read-pkg-up" "^7.0.0" + "resolve-from" "^5.0.0" + "semver" "^7.3.2" + "semver-diff" "^3.1.1" + "signale" "^1.2.1" + "yargs" "^16.2.0" + +"semver-diff@^3.1.1": + "version" "3.1.1" + dependencies: + "semver" "^6.3.0" + +"semver-regex@^3.1.2": + "version" "3.1.3" + +"semver@^5.6.0": + "version" "5.7.1" + +"semver@^6.0.0": + "version" "6.3.0" + +"semver@^6.3.0": + "version" "6.3.0" + +"semver@^7.0.0", "semver@^7.1.1", "semver@^7.1.2", "semver@^7.2.1", "semver@^7.3.2", "semver@^7.3.4", "semver@^7.3.5", "semver@^7.3.6", "semver@^7.3.7", "semver@7.x": + "version" "7.3.7" + dependencies: + "lru-cache" "^6.0.0" + +"semver@2 || 3 || 4 || 5": + "version" "5.7.1" + +"set-blocking@^2.0.0": + "version" "2.0.0" + +"set-value@^2.0.0", "set-value@^2.0.1": + "version" "2.0.1" + dependencies: + "extend-shallow" "^2.0.1" + "is-extendable" "^0.1.1" + "is-plain-object" "^2.0.3" + "split-string" "^3.0.1" + +"shebang-command@^1.2.0": + "version" "1.2.0" + dependencies: + "shebang-regex" "^1.0.0" + +"shebang-command@^2.0.0": + "version" "2.0.0" + dependencies: + "shebang-regex" "^3.0.0" + +"shebang-regex@^1.0.0": + "version" "1.0.0" + +"shebang-regex@^3.0.0": + "version" "3.0.0" + +"shell-quote@^1.6.1": + "version" "1.7.3" + +"shelljs@^0.8.4": + "version" "0.8.5" + dependencies: + "glob" "^7.0.0" + "interpret" "^1.0.0" + "rechoir" "^0.6.2" + +"shx@^0.3.3": + "version" "0.3.3" + dependencies: + "minimist" "^1.2.3" + "shelljs" "^0.8.4" + +"side-channel@^1.0.4": + "version" "1.0.4" + dependencies: + "call-bind" "^1.0.0" + "get-intrinsic" "^1.0.2" + "object-inspect" "^1.9.0" + +"signal-exit@^3.0.0", "signal-exit@^3.0.2", "signal-exit@^3.0.3", "signal-exit@^3.0.7": + "version" "3.0.7" + +"signale@^1.2.1", "signale@^1.4.0": + "version" "1.4.0" + dependencies: + "chalk" "^2.3.2" + "figures" "^2.0.0" + "pkg-conf" "^2.1.0" + +"sisteransi@^1.0.5": + "version" "1.0.5" + +"slash@^3.0.0": + "version" "3.0.0" + +"slash@^4.0.0": + "version" "4.0.0" + +"slice-ansi@^4.0.0": + "version" "4.0.0" + dependencies: + "ansi-styles" "^4.0.0" + "astral-regex" "^2.0.0" + "is-fullwidth-code-point" "^3.0.0" + +"smart-buffer@^4.2.0": + "version" "4.2.0" + +"snapdragon-node@^2.0.1": + "version" "2.1.1" + dependencies: + "define-property" "^1.0.0" + "isobject" "^3.0.0" + "snapdragon-util" "^3.0.1" + +"snapdragon-util@^3.0.1": + "version" "3.0.1" + dependencies: + "kind-of" "^3.2.0" + +"snapdragon@^0.8.1": + "version" "0.8.2" + dependencies: + "base" "^0.11.1" + "debug" "^2.2.0" + "define-property" "^0.2.5" + "extend-shallow" "^2.0.1" + "map-cache" "^0.2.2" + "source-map" "^0.5.6" + "source-map-resolve" "^0.5.0" + "use" "^3.1.0" + +"socks-proxy-agent@^6.1.1": + "version" "6.2.0" + dependencies: + "agent-base" "^6.0.2" + "debug" "^4.3.3" + "socks" "^2.6.2" + +"socks@^2.6.2": + "version" "2.6.2" + dependencies: + "ip" "^1.1.5" + "smart-buffer" "^4.2.0" + +"sonic-boom@^2.1.0": + "version" "2.4.2" + dependencies: + "atomic-sleep" "^1.0.0" + +"sort-keys-length@^1.0.0": + "version" "1.0.1" + dependencies: + "sort-keys" "^1.0.0" + +"sort-keys@^1.0.0": + "version" "1.1.2" + dependencies: + "is-plain-obj" "^1.0.0" + +"sort-keys@^2.0.0": + "version" "2.0.0" + dependencies: + "is-plain-obj" "^1.0.0" + +"source-map-resolve@^0.5.0": + "version" "0.5.3" + dependencies: + "atob" "^2.1.2" + "decode-uri-component" "^0.2.0" + "resolve-url" "^0.2.1" + "source-map-url" "^0.4.0" + "urix" "^0.1.0" + +"source-map-support@^0.5.6": + "version" "0.5.21" + dependencies: + "buffer-from" "^1.0.0" + "source-map" "^0.6.0" + +"source-map-url@^0.4.0": + "version" "0.4.1" + +"source-map@^0.5.0": + "version" "0.5.7" + +"source-map@^0.5.6": + "version" "0.5.7" + +"source-map@^0.6.0", "source-map@^0.6.1", "source-map@~0.6.1": + "version" "0.6.1" + +"source-map@^0.7.3": + "version" "0.7.3" + +"spawn-error-forwarder@~1.0.0": + "version" "1.0.0" + +"spdx-correct@^3.0.0": + "version" "3.1.1" + dependencies: + "spdx-expression-parse" "^3.0.0" + "spdx-license-ids" "^3.0.0" + +"spdx-exceptions@^2.1.0": + "version" "2.3.0" + +"spdx-expression-parse@^3.0.0": + "version" "3.0.1" + dependencies: + "spdx-exceptions" "^2.1.0" + "spdx-license-ids" "^3.0.0" + +"spdx-license-ids@^3.0.0": + "version" "3.0.11" + +"split-string@^3.0.1", "split-string@^3.0.2": + "version" "3.1.0" + dependencies: + "extend-shallow" "^3.0.0" + +"split@^1.0.0": + "version" "1.0.1" + dependencies: + "through" "2" + +"split2@^3.0.0": + "version" "3.2.2" + dependencies: + "readable-stream" "^3.0.0" + +"split2@~1.0.0": + "version" "1.0.0" + dependencies: + "through2" "~2.0.0" + +"sprintf-js@~1.0.2": + "version" "1.0.3" + +"ssri@^8.0.1": + "version" "8.0.1" + dependencies: + "minipass" "^3.1.1" + +"ssri@^9.0.0": + "version" "9.0.0" + dependencies: + "minipass" "^3.1.1" + +"stack-utils@^2.0.3": + "version" "2.0.5" + dependencies: + "escape-string-regexp" "^2.0.0" + +"static-eval@2.0.2": + "version" "2.0.2" + dependencies: + "escodegen" "^1.8.1" + +"static-extend@^0.1.1": + "version" "0.1.2" + dependencies: + "define-property" "^0.2.5" + "object-copy" "^0.1.0" + +"stream-buffers@^3.0.2": + "version" "3.0.2" + +"stream-combiner2@~1.1.1": + "version" "1.1.1" + dependencies: + "duplexer2" "~0.1.0" + "readable-stream" "^2.0.2" + +"strict-uri-encode@^1.0.0": + "version" "1.1.0" + +"string_decoder@^1.1.1": + "version" "1.3.0" + dependencies: + "safe-buffer" "~5.2.0" + +"string_decoder@~1.1.1": + "version" "1.1.1" + dependencies: + "safe-buffer" "~5.1.0" + +"string-length@^4.0.1": + "version" "4.0.2" + dependencies: + "char-regex" "^1.0.2" + "strip-ansi" "^6.0.0" + +"string-width@^1.0.2 || 2 || 3 || 4", "string-width@^4.1.0", "string-width@^4.2.0", "string-width@^4.2.3": + "version" "4.2.3" + dependencies: + "emoji-regex" "^8.0.0" + "is-fullwidth-code-point" "^3.0.0" + "strip-ansi" "^6.0.1" + +"string.prototype.trimend@^1.0.4": + "version" "1.0.4" + dependencies: + "call-bind" "^1.0.2" + "define-properties" "^1.1.3" + +"string.prototype.trimstart@^1.0.4": + "version" "1.0.4" + dependencies: + "call-bind" "^1.0.2" + "define-properties" "^1.1.3" + +"strip-ansi@^6.0.0", "strip-ansi@^6.0.1": + "version" "6.0.1" + dependencies: + "ansi-regex" "^5.0.1" + +"strip-bom@^3.0.0": + "version" "3.0.0" + +"strip-bom@^4.0.0": + "version" "4.0.0" + +"strip-dirs@^2.0.0": + "version" "2.1.0" + dependencies: + "is-natural-number" "^4.0.1" + +"strip-eof@^1.0.0": + "version" "1.0.0" + +"strip-eof@^2.0.0": + "version" "2.0.0" + +"strip-final-newline@^2.0.0": + "version" "2.0.0" + +"strip-final-newline@^3.0.0": + "version" "3.0.0" + +"strip-indent@^3.0.0": + "version" "3.0.0" + dependencies: + "min-indent" "^1.0.0" + +"strip-indent@^4.0.0": + "version" "4.0.0" + dependencies: + "min-indent" "^1.0.1" + +"strip-json-comments@^3.1.0", "strip-json-comments@^3.1.1": + "version" "3.1.1" + +"strip-json-comments@~2.0.1": + "version" "2.0.1" + +"strip-outer@^1.0.0": + "version" "1.0.1" + dependencies: + "escape-string-regexp" "^1.0.2" + +"subarg@^1.0.0": + "version" "1.0.0" + dependencies: + "minimist" "^1.1.0" + +"supports-color@^5.3.0": + "integrity" "sha512-QjVjwdXIt408MIiAqCX4oUKsgU2EqAGzs2Ppkm4aQYbjm+ZEWEcW4SfFNTr4uMNZma0ey4f5lgLrkB0aX0QMow==" + "resolved" "https://registry.npmjs.org/supports-color/-/supports-color-5.5.0.tgz" + "version" "5.5.0" + dependencies: + "has-flag" "^3.0.0" + +"supports-color@^7.0.0", "supports-color@^7.1.0": + "version" "7.2.0" + dependencies: + "has-flag" "^4.0.0" + +"supports-color@^8.0.0": + "version" "8.1.1" + dependencies: + "has-flag" "^4.0.0" + +"supports-hyperlinks@^2.0.0", "supports-hyperlinks@^2.2.0": + "version" "2.2.0" + dependencies: + "has-flag" "^4.0.0" + "supports-color" "^7.0.0" + +"supports-preserve-symlinks-flag@^1.0.0": + "version" "1.0.0" + +"symbol-tree@^3.2.4": + "version" "3.2.4" + +"table@^6.0.9": + "version" "6.8.0" + dependencies: + "ajv" "^8.0.1" + "lodash.truncate" "^4.4.2" + "slice-ansi" "^4.0.0" + "string-width" "^4.2.3" + "strip-ansi" "^6.0.1" + +"tar-stream@^1.5.2": + "version" "1.6.2" + dependencies: + "bl" "^1.0.0" + "buffer-alloc" "^1.2.0" + "end-of-stream" "^1.0.0" + "fs-constants" "^1.0.0" + "readable-stream" "^2.3.0" + "to-buffer" "^1.1.1" + "xtend" "^4.0.0" + +"tar@^6.1.0", "tar@^6.1.11", "tar@^6.1.2": + "version" "6.1.11" + dependencies: + "chownr" "^2.0.0" + "fs-minipass" "^2.0.0" + "minipass" "^3.0.0" + "minizlib" "^2.1.1" + "mkdirp" "^1.0.3" + "yallist" "^4.0.0" + +"temp-dir@^1.0.0": + "version" "1.0.0" + +"temp-dir@^2.0.0": + "version" "2.0.0" + +"tempfile@^2.0.0": + "version" "2.0.0" + dependencies: + "temp-dir" "^1.0.0" + "uuid" "^3.0.1" + +"tempfile@^3.0.0": + "version" "3.0.0" + dependencies: + "temp-dir" "^2.0.0" + "uuid" "^3.3.2" + +"tempy@^1.0.0": + "version" "1.0.1" + dependencies: + "del" "^6.0.0" + "is-stream" "^2.0.0" + "temp-dir" "^2.0.0" + "type-fest" "^0.16.0" + "unique-string" "^2.0.0" + +"tempy@^2.0.0": + "version" "2.0.0" + dependencies: + "del" "^6.0.0" + "is-stream" "^3.0.0" + "temp-dir" "^2.0.0" + "type-fest" "^2.0.0" + "unique-string" "^3.0.0" + +"terminal-link@^2.0.0": + "version" "2.1.1" + dependencies: + "ansi-escapes" "^4.2.1" + "supports-hyperlinks" "^2.0.0" + +"test-exclude@^6.0.0": + "version" "6.0.0" + dependencies: + "@istanbuljs/schema" "^0.1.2" + "glob" "^7.1.4" + "minimatch" "^3.0.4" + +"text-extensions@^1.0.0": + "version" "1.9.0" + +"text-table@^0.2.0", "text-table@~0.2.0": + "version" "0.2.0" + +"throat@^6.0.1": + "version" "6.0.1" + +"through@^2.3.6", "through@^2.3.8", "through@>=2.2.7 <3", "through@2": + "version" "2.3.8" + +"through2@^4.0.0": + "version" "4.0.2" + dependencies: + "readable-stream" "3" + +"through2@~2.0.0": + "version" "2.0.5" + dependencies: + "readable-stream" "~2.3.6" + "xtend" "~4.0.1" + +"timed-out@^4.0.0", "timed-out@^4.0.1": + "version" "4.0.1" + +"tiny-relative-date@^1.3.0": + "version" "1.3.0" + +"tmp@^0.0.33": + "version" "0.0.33" + dependencies: + "os-tmpdir" "~1.0.2" + +"tmpl@1.0.5": + "version" "1.0.5" + +"to-buffer@^1.1.1": + "version" "1.1.1" + +"to-fast-properties@^2.0.0": + "version" "2.0.0" + +"to-object-path@^0.3.0": + "version" "0.3.0" + dependencies: + "kind-of" "^3.0.2" + +"to-regex-range@^2.1.0": + "version" "2.1.1" + dependencies: + "is-number" "^3.0.0" + "repeat-string" "^1.6.1" + +"to-regex-range@^5.0.1": + "version" "5.0.1" + dependencies: + "is-number" "^7.0.0" + +"to-regex@^3.0.1", "to-regex@^3.0.2": + "version" "3.0.2" + dependencies: + "define-property" "^2.0.2" + "extend-shallow" "^3.0.2" + "regex-not" "^1.0.2" + "safe-regex" "^1.1.0" + +"toposort@^2.0.2": + "version" "2.0.2" + +"tough-cookie@^4.0.0": + "version" "4.0.0" + dependencies: + "psl" "^1.1.33" + "punycode" "^2.1.1" + "universalify" "^0.1.2" + +"tr46@^2.1.0": + "version" "2.1.0" + dependencies: + "punycode" "^2.1.1" + +"tr46@~0.0.3": + "version" "0.0.3" + +"traverse@~0.6.6": + "version" "0.6.6" + +"treeverse@^1.0.4": + "version" "1.0.4" + +"treeverse@^2.0.0": + "version" "2.0.0" + +"trim-newlines@^3.0.0": + "version" "3.0.1" + +"trim-newlines@^4.0.2": + "version" "4.0.2" + +"trim-repeated@^1.0.0": + "version" "1.0.0" + dependencies: + "escape-string-regexp" "^1.0.2" + +"ts-jest@^27.0.4": + "version" "27.1.2" + dependencies: + "bs-logger" "0.x" + "fast-json-stable-stringify" "2.x" + "jest-util" "^27.0.0" + "json5" "2.x" + "lodash.memoize" "4.x" + "make-error" "1.x" + "semver" "7.x" + "yargs-parser" "20.x" + +"tsconfig-paths@^3.12.0": + "version" "3.12.0" + dependencies: + "@types/json5" "^0.0.29" + "json5" "^1.0.1" + "minimist" "^1.2.0" + "strip-bom" "^3.0.0" + +"tslib@^1", "tslib@^1.8.1": + "version" "1.14.1" + +"tslib@^2.1.0": + "version" "2.3.1" + +"tslib@^2.3.1": + "version" "2.3.1" + +"tslib@~2.3.0": + "version" "2.3.1" + +"tsutils@^3.21.0": + "version" "3.21.0" + dependencies: + "tslib" "^1.8.1" + +"tunnel-agent@^0.6.0": + "version" "0.6.0" + dependencies: + "safe-buffer" "^5.0.1" + +"type-check@^0.4.0": + "version" "0.4.0" + dependencies: + "prelude-ls" "^1.2.1" + +"type-check@~0.3.2": + "version" "0.3.2" + dependencies: + "prelude-ls" "~1.1.2" + +"type-check@~0.4.0": + "version" "0.4.0" + dependencies: + "prelude-ls" "^1.2.1" + +"type-detect@4.0.8": + "version" "4.0.8" + +"type-fest@^0.16.0": + "version" "0.16.0" + +"type-fest@^0.18.0": + "version" "0.18.1" + +"type-fest@^0.20.2": + "version" "0.20.2" + +"type-fest@^0.21.3": + "version" "0.21.3" + +"type-fest@^0.6.0": + "version" "0.6.0" + +"type-fest@^0.8.1": + "version" "0.8.1" + +"type-fest@^1.0.1", "type-fest@^1.0.2", "type-fest@^1.2.1", "type-fest@^1.2.2": + "version" "1.4.0" + +"type-fest@^2.0.0": + "version" "2.12.1" + +"typedarray-to-buffer@^3.1.5": + "version" "3.1.5" + dependencies: + "is-typedarray" "^1.0.0" + +"typescript@^4.3.5", "typescript@>=2.8.0 || >= 3.2.0-dev || >= 3.3.0-dev || >= 3.4.0-dev || >= 3.5.0-dev || >= 3.6.0-dev || >= 3.6.0-beta || >= 3.7.0-dev || >= 3.7.0-beta", "typescript@>=3.8 <5.0": + "version" "4.5.4" + +"uglify-js@^3.1.4": + "version" "3.14.5" + +"unbox-primitive@^1.0.1": + "version" "1.0.1" + dependencies: + "function-bind" "^1.1.1" + "has-bigints" "^1.0.1" + "has-symbols" "^1.0.2" + "which-boxed-primitive" "^1.0.2" + +"unbzip2-stream@^1.0.9": + "version" "1.4.3" + dependencies: + "buffer" "^5.2.1" + "through" "^2.3.8" + +"underscore@1.12.1": + "version" "1.12.1" + +"union-value@^1.0.0": + "version" "1.0.1" + dependencies: + "arr-union" "^3.1.0" + "get-value" "^2.0.6" + "is-extendable" "^0.1.1" + "set-value" "^2.0.1" + +"unique-filename@^1.1.1": + "version" "1.1.1" + dependencies: + "unique-slug" "^2.0.0" + +"unique-slug@^2.0.0": + "version" "2.0.2" + dependencies: + "imurmurhash" "^0.1.4" + +"unique-string@^2.0.0": + "version" "2.0.0" + dependencies: + "crypto-random-string" "^2.0.0" + +"unique-string@^3.0.0": + "version" "3.0.0" + dependencies: + "crypto-random-string" "^4.0.0" + +"universal-user-agent@^6.0.0": + "version" "6.0.0" + +"universalify@^0.1.0": + "version" "0.1.2" + +"universalify@^0.1.2": + "version" "0.1.2" + +"universalify@^2.0.0": + "version" "2.0.0" + +"unixify@1.0.0": + "version" "1.0.0" + dependencies: + "normalize-path" "^2.1.1" + +"unset-value@^1.0.0": + "version" "1.0.0" + dependencies: + "has-value" "^0.3.1" + "isobject" "^3.0.0" + +"uri-js@^4.2.2": + "version" "4.4.1" + dependencies: + "punycode" "^2.1.0" + +"urix@^0.1.0": + "version" "0.1.0" + +"url-join@^4.0.0": + "version" "4.0.1" + +"url-parse-lax@^1.0.0": + "version" "1.0.0" + dependencies: + "prepend-http" "^1.0.1" + +"url-parse-lax@^3.0.0": + "version" "3.0.0" + dependencies: + "prepend-http" "^2.0.0" + +"url-to-options@^1.0.1": + "version" "1.0.1" + +"use@^3.1.0": + "version" "3.1.1" + +"util-deprecate@^1.0.1", "util-deprecate@~1.0.1": + "version" "1.0.2" + +"uuid@^3.0.1", "uuid@^3.3.2": + "version" "3.4.0" + +"v8-compile-cache@^2.0.3": + "version" "2.3.0" + +"v8-to-istanbul@^8.1.0": + "version" "8.1.0" + dependencies: + "@types/istanbul-lib-coverage" "^2.0.1" + "convert-source-map" "^1.6.0" + "source-map" "^0.7.3" + +"validate-npm-package-license@^3.0.1", "validate-npm-package-license@^3.0.4": + "version" "3.0.4" + dependencies: + "spdx-correct" "^3.0.0" + "spdx-expression-parse" "^3.0.0" + +"validate-npm-package-name@^4.0.0": + "version" "4.0.0" + dependencies: + "builtins" "^5.0.0" + +"validate-npm-package-name@~3.0.0": + "version" "3.0.0" + dependencies: + "builtins" "^1.0.3" + +"w3c-hr-time@^1.0.2": + "version" "1.0.2" + dependencies: + "browser-process-hrtime" "^1.0.0" + +"w3c-xmlserializer@^2.0.0": + "version" "2.0.0" + dependencies: + "xml-name-validator" "^3.0.0" + +"walk-up-path@^1.0.0": + "version" "1.0.0" + +"walker@^1.0.7": + "version" "1.0.8" + dependencies: + "makeerror" "1.0.12" + +"wcwidth@^1.0.0", "wcwidth@^1.0.1": + "version" "1.0.1" + dependencies: + "defaults" "^1.0.3" + +"webidl-conversions@^3.0.0": + "version" "3.0.1" + +"webidl-conversions@^5.0.0": + "version" "5.0.0" + +"webidl-conversions@^6.1.0": + "version" "6.1.0" + +"whatwg-encoding@^1.0.5": + "version" "1.0.5" + dependencies: + "iconv-lite" "0.4.24" + +"whatwg-mimetype@^2.3.0": + "version" "2.3.0" + +"whatwg-url@^5.0.0": + "version" "5.0.0" + dependencies: + "tr46" "~0.0.3" + "webidl-conversions" "^3.0.0" + +"whatwg-url@^8.0.0", "whatwg-url@^8.5.0": + "version" "8.7.0" + dependencies: + "lodash" "^4.7.0" + "tr46" "^2.1.0" + "webidl-conversions" "^6.1.0" + +"which-boxed-primitive@^1.0.2": + "version" "1.0.2" + dependencies: + "is-bigint" "^1.0.1" + "is-boolean-object" "^1.1.0" + "is-number-object" "^1.0.4" + "is-string" "^1.0.5" + "is-symbol" "^1.0.3" + +"which@^1.2.9": + "version" "1.3.1" + dependencies: + "isexe" "^2.0.0" + +"which@^2.0.1", "which@^2.0.2": + "version" "2.0.2" + dependencies: + "isexe" "^2.0.0" + +"wide-align@^1.1.5": + "version" "1.1.5" + dependencies: + "string-width" "^1.0.2 || 2 || 3 || 4" + +"word-wrap@^1.2.3", "word-wrap@~1.2.3": + "version" "1.2.3" + +"wordwrap@^1.0.0": + "version" "1.0.0" + +"wrap-ansi@^7.0.0": + "version" "7.0.0" + dependencies: + "ansi-styles" "^4.0.0" + "string-width" "^4.1.0" + "strip-ansi" "^6.0.0" + +"wrappy@1": + "version" "1.0.2" + +"write-file-atomic@^3.0.0": + "version" "3.0.3" + dependencies: + "imurmurhash" "^0.1.4" + "is-typedarray" "^1.0.0" + "signal-exit" "^3.0.2" + "typedarray-to-buffer" "^3.1.5" + +"write-file-atomic@^4.0.0", "write-file-atomic@^4.0.1": + "version" "4.0.1" + dependencies: + "imurmurhash" "^0.1.4" + "signal-exit" "^3.0.7" + +"ws@^7.4.6": + "version" "7.5.6" + +"xml-name-validator@^3.0.0": + "version" "3.0.0" + +"xmlchars@^2.2.0": + "version" "2.2.0" + +"xtend@^4.0.0", "xtend@~4.0.1": + "version" "4.0.2" + +"y18n@^5.0.5": + "version" "5.0.8" + +"yallist@^2.1.2": + "version" "2.1.2" + +"yallist@^4.0.0": + "version" "4.0.0" + +"yaml@^1.10.0": + "version" "1.10.2" + +"yargs-parser@^20.2.2", "yargs-parser@^20.2.3", "yargs-parser@20.x": + "version" "20.2.4" + +"yargs-parser@^20.2.9": + "version" "20.2.9" + +"yargs@^16.2.0": + "version" "16.2.0" + dependencies: + "cliui" "^7.0.2" + "escalade" "^3.1.1" + "get-caller-file" "^2.0.5" + "require-directory" "^2.1.1" + "string-width" "^4.2.0" + "y18n" "^5.0.5" + "yargs-parser" "^20.2.2" + +"yauzl@^2.4.2": + "version" "2.10.0" + dependencies: + "buffer-crc32" "~0.2.3" + "fd-slicer" "~1.1.0" + +"yocto-queue@^0.1.0": + "version" "0.1.0" From c387273ef475d41937d74be0d865beb1dcff4a53 Mon Sep 17 00:00:00 2001 From: "mariano.pizarro" Date: Thu, 12 May 2022 16:13:05 -0300 Subject: [PATCH 18/30] feat: Added ACL Grants checks to 3.3 rule --- src/aws/cis-1.3.0/rules/aws-cis-1.3.0-3.3.ts | 56 ++++++++++++------- .../cis-1.3.0/tests/aws-cis-1.3.0-3.x.test.ts | 34 ++++++++++- 2 files changed, 68 insertions(+), 22 deletions(-) diff --git a/src/aws/cis-1.3.0/rules/aws-cis-1.3.0-3.3.ts b/src/aws/cis-1.3.0/rules/aws-cis-1.3.0-3.3.ts index 2ff66717..1ae3e2ea 100644 --- a/src/aws/cis-1.3.0/rules/aws-cis-1.3.0-3.3.ts +++ b/src/aws/cis-1.3.0/rules/aws-cis-1.3.0-3.3.ts @@ -63,6 +63,9 @@ export default { accountId __typename s3 { + aclGrants { + granteeUri + } policy { statement { effect @@ -81,30 +84,41 @@ export default { not: { path: '@.s3', array_any: { - path: '[*].policy.statement', - array_any: { - and: [ - { - path: '[*].effect', - equal: 'Allow', + or: [ + { + path: '[*].aclGrants', + array_any: { + path: '[*].granteeUri', + match: /^.*(AllUsers|AuthenticatedUsers).*$/, }, - { - path: '[*].principal', - array_any: { - and: [ - { - path: '[*].key', - in: ['', 'AWS'], - }, - { - path: '[*].value', - contains: '*', + }, + { + path: '[*].policy.statement', + array_any: { + and: [ + { + path: '[*].effect', + equal: 'Allow', + }, + { + path: '[*].principal', + array_any: { + and: [ + { + path: '[*].key', + in: ['', 'AWS'], + }, + { + path: '[*].value', + contains: '*', + }, + ], }, - ], - }, + }, + ], }, - ], - }, + }, + ], }, }, }, diff --git a/src/aws/cis-1.3.0/tests/aws-cis-1.3.0-3.x.test.ts b/src/aws/cis-1.3.0/tests/aws-cis-1.3.0-3.x.test.ts index 510ab147..d9f55702 100644 --- a/src/aws/cis-1.3.0/tests/aws-cis-1.3.0-3.x.test.ts +++ b/src/aws/cis-1.3.0/tests/aws-cis-1.3.0-3.x.test.ts @@ -50,9 +50,14 @@ export interface Policy { statement?: Statement[] } +export interface AclGrant { + granteeUri: string | undefined +} + export interface S3 { policy?: Policy logging?: string + aclGrants?: AclGrant[] } export interface RecordingGroup { @@ -247,7 +252,8 @@ describe('CIS Amazon Web Services Foundations: 1.3.0', () => { const getTestRuleFixture = ( effect: string, key: string, - value: string[] + value: string[], + granteeUri?: string | undefined, ): CIS3xQueryResponse => { return { queryawsCloudtrail: [ @@ -255,6 +261,11 @@ describe('CIS Amazon Web Services Foundations: 1.3.0', () => { id: cuid(), s3: [ { + aclGrants: [ + { + granteeUri + } + ], policy: { statement: [ { @@ -297,6 +308,13 @@ describe('CIS Amazon Web Services Foundations: 1.3.0', () => { await testRule(data, Result.PASS) }) + test('No Security Issue when no exists any ACL Grantee set to Everyone or Any Authenticated User.', async () => { + const data: CIS3xQueryResponse = getTestRuleFixture('Allow', 'Service', [ + 'cloudtrail.amazonaws.com', + ], 'http://acs.amazonaws.com/groups/s3/LogDelivery') + await testRule(data, Result.PASS) + }) + test('Security Issue when a policy contains a statement having an Effect set to Allow and a Principal set to "*"', async () => { const data: CIS3xQueryResponse = getTestRuleFixture('Allow', '', ['*']) await testRule(data, Result.FAIL) @@ -306,6 +324,20 @@ describe('CIS Amazon Web Services Foundations: 1.3.0', () => { const data: CIS3xQueryResponse = getTestRuleFixture('Allow', 'AWS', ['*']) await testRule(data, Result.FAIL) }) + + test('Security Issue when exists an ACL Grantee set to Everyone.', async () => { + const data: CIS3xQueryResponse = getTestRuleFixture('Allow', 'Service', [ + 'cloudtrail.amazonaws.com', + ], 'http://acs.amazonaws.com/groups/global/AllUsers') + await testRule(data, Result.FAIL) + }) + + test('Security Issue when exists an ACL Grantee set to Any Authenticated User.', async () => { + const data: CIS3xQueryResponse = getTestRuleFixture('Allow', 'Service', [ + 'cloudtrail.amazonaws.com', + ], 'http://acs.amazonaws.com/groups/global/AuthenticatedUsers') + await testRule(data, Result.FAIL) + }) }) describe('AWS CIS 3.4 Ensure CloudTrail trails are integrated with CloudWatch Logs', () => { From 6498ad17405f64f277d8caccf96c853c3805fa88 Mon Sep 17 00:00:00 2001 From: "mariano.pizarro" Date: Thu, 12 May 2022 17:48:40 -0300 Subject: [PATCH 19/30] feat: Fixed rule 1.12 --- src/aws/cis-1.3.0/rules/aws-cis-1.3.0-1.12.ts | 22 +++++++++++-------- .../cis-1.3.0/tests/aws-cis-1.3.0-1.x.test.ts | 9 ++++---- 2 files changed, 17 insertions(+), 14 deletions(-) diff --git a/src/aws/cis-1.3.0/rules/aws-cis-1.3.0-1.12.ts b/src/aws/cis-1.3.0/rules/aws-cis-1.3.0-1.12.ts index fc53fe66..72e1f6ba 100644 --- a/src/aws/cis-1.3.0/rules/aws-cis-1.3.0-1.12.ts +++ b/src/aws/cis-1.3.0/rules/aws-cis-1.3.0-1.12.ts @@ -109,15 +109,19 @@ export default { ] }, { - value: { daysAgo: {}, path: '@.passwordLastUsed' }, - lessThanInclusive: 90, - }, - { - path: '@.accessKeyData', - array_any: { - value: { daysAgo: {}, path: '[*].lastUsedDate' }, - lessThanInclusive: 90, - }, + and: [ + { + value: { daysAgo: {}, path: '@.passwordLastUsed' }, + lessThanInclusive: 90, + }, + { + path: '@.accessKeyData', + array_any: { + value: { daysAgo: {}, path: '[*].lastUsedDate' }, + lessThanInclusive: 90, + }, + }, + ], }, ], }, diff --git a/src/aws/cis-1.3.0/tests/aws-cis-1.3.0-1.x.test.ts b/src/aws/cis-1.3.0/tests/aws-cis-1.3.0-1.x.test.ts index 022d43a9..e90bc42e 100644 --- a/src/aws/cis-1.3.0/tests/aws-cis-1.3.0-1.x.test.ts +++ b/src/aws/cis-1.3.0/tests/aws-cis-1.3.0-1.x.test.ts @@ -548,8 +548,8 @@ describe('CIS Amazon Web Services Foundations: 1.4.0', () => { expect(processedRule.result).toBe(expectedResult) } - test('No Security Issue when there are an access key unused for less than 90 days', async () => { - const data: CIS1xQueryResponse = getTestRuleFixture('', new Date().toISOString()) + test('No Security Issue when there are an access key and password used for less than 90 days', async () => { + const data: CIS1xQueryResponse = getTestRuleFixture(new Date().toISOString(), new Date().toISOString()) await testRule(data, Result.PASS) }) @@ -561,17 +561,16 @@ describe('CIS Amazon Web Services Foundations: 1.4.0', () => { }) test('Security Issue when there are an access key unused for more than 90 days', async () => { - const data: CIS1xQueryResponse = getTestRuleFixture('', '2021-05-27T20:29:00.000Z') + const data: CIS1xQueryResponse = getTestRuleFixture(new Date().toISOString(), '2021-05-27T20:29:00.000Z') await testRule(data, Result.FAIL) }) test('Security Issue when there are a passwoord unused for more than 90 days', async () => { - const data: CIS1xQueryResponse = getTestRuleFixture('2021-05-27T20:29:00.000Z', '') + const data: CIS1xQueryResponse = getTestRuleFixture('2021-05-27T20:29:00.000Z', new Date().toISOString()) const queryawsIamUser = data.queryawsIamUser?.[0] as QueryawsIamUser queryawsIamUser.accessKeyData = [] await testRule(data, Result.FAIL) }) - }) describe('AWS CIS 1.13 Ensure there is only one active access key available for any single IAM user', () => { From 54e3947cafb90516a1c443885e9407e36cda6ce5 Mon Sep 17 00:00:00 2001 From: "mariano.pizarro" Date: Fri, 13 May 2022 11:04:27 -0300 Subject: [PATCH 20/30] feat: Included 12.1 and 12.2 rules for aws nist 800-53 rev4 --- .../rules/aws-nist-800-53-rev4-11.1.ts | 93 ++++++++------- .../rules/aws-nist-800-53-rev4-11.2.ts | 91 ++++++++------- .../rules/aws-nist-800-53-rev4-12.1.ts | 18 ++- .../rules/aws-nist-800-53-rev4-12.2.ts | 14 ++- .../tests/nist-800-53-rev4-11.x.test.ts | 107 +++++------------ .../tests/nist-800-53-rev4-12.x.test.ts | 108 +++++++----------- 6 files changed, 184 insertions(+), 247 deletions(-) diff --git a/src/aws/nist-800-53-rev4/rules/aws-nist-800-53-rev4-11.1.ts b/src/aws/nist-800-53-rev4/rules/aws-nist-800-53-rev4-11.1.ts index a7975178..996a195d 100644 --- a/src/aws/nist-800-53-rev4/rules/aws-nist-800-53-rev4-11.1.ts +++ b/src/aws/nist-800-53-rev4/rules/aws-nist-800-53-rev4-11.1.ts @@ -1,60 +1,65 @@ export default { id: 'aws-nist-800-53-rev4-11.1', - title: 'ECS task definitions should limit memory usage for containers', + title: 'AWS NIST 11.1 ECS task definitions should limit memory usage for containers', - description: `'Limiting memory usage for your ECS tasks allows you to avoid running out of memory because ECS stops placing tasks on the instance, and Docker kills any containers that try to go over the hard limit. Having no limit on memory usage can lead to issues where one container can easily make the whole system unstable and as a result unusable.'`, + description: `Limiting memory usage for your ECS tasks allows you to avoid running out of memory because ECS stops placing tasks on the instance, and Docker kills any containers that try to go over the hard limit. Having no limit on memory usage can lead to issues where one container can easily make the whole system unstable and as a result unusable. + + Memory limits must be set through the *memory* property for each *ContainerDefinition* within the task definition. For more information about the *memory* property, see [ContainerDefinition](https://docs.aws.amazon.com/AmazonECS/latest/APIReference/API_ContainerDefinition.html) in the ECS API Reference.`, audit: '', rationale: '', - remediation: `**AWS Console** - - - Navigate to ECS. + remediation: `**Console Remediation Steps** + + - Navigate to [ECS](https://console.aws.amazon.com/ecs/). - Select the Region that contains your task definition. - In the left pane, select Task Definitions. - Check the task definition and click Create new revision. - On the Create new revision of task definition page, make changes. For example, to change the existing container definitions (such as the container image, memory limits, or port mappings), select the container, make the changes, and then choose Update. - Select Create. - - If your task definition is used in a service, update your service with the updated task definition and deactivate the previous task definition. For more information, see Updating a service. - - **AWS CLI** + - If your task definition is used in a service, update your service with the updated task definition and deactivate the previous task definition. For more information, see [Updating a service](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/update-service.html). + + **CLI Remediation Steps** + - Create new task definition revision: - > aws ecs register-task-definition
- > --family \
- > [--task-role-arn \]
- > [--execution-role-arn \]
- > [--network-mode \]
- > --container-definitions \
- > [--volumes \]
- > [--placement-constraints \]
- > [--requires-compatibilities \]
- > [--cpu \]
- > [--memory \]
- > [--tags \]
- > [--pid-mode \]
- > [--ipc-mode \]
- > [--proxy-configuration \]
- > [--inference-accelerators \]
- > [--cli-input-json | --cli-input-yaml]
- > [--generate-cli-skeleton \]
- -- Update the service to use the new task definition: - > aws ecs update-service
- > [--cluster \]
- > --service \
- > [--desired-count \]
- > [--task-definition \]
- > [--capacity-provider-strategy \]
- > [--deployment-configuration \]
- > [--network-configuration \]
- > [--placement-constraints \]
- > [--placement-strategy \]
- > [--platform-version \]
- > [--force-new-deployment | --no-force-new-deployment]
- > [--health-check-grace-period-seconds \]
- > [--cli-input-json | --cli-input-yaml]
- > [--generate-cli-skeleton \]
`, + + aws ecs register-task-definition + --family + [--task-role-arn ] + [--execution-role-arn ] + [--network-mode ] + --container-definitions + [--volumes ] + [--placement-constraints ] + [--requires-compatibilities ] + [--cpu ] + [--memory ] + [--tags ] + [--pid-mode ] + [--ipc-mode ] + [--proxy-configuration ] + [--inference-accelerators ] + [--cli-input-json | --cli-input-yaml] + [--generate-cli-skeleton ] + + - Update the service to use the new task definition: + + aws ecs update-service + [--cluster ] + --service + [--desired-count ] + [--task-definition ] + [--capacity-provider-strategy ] + [--deployment-configuration ] + [--network-configuration ] + [--placement-constraints ] + [--placement-strategy ] + [--platform-version ] + [--force-new-deployment | --no-force-new-deployment] + [--health-check-grace-period-seconds ] + [--cli-input-json | --cli-input-yaml] + [--generate-cli-skeleton ]`, references: [ 'https://docs.aws.amazon.com/AmazonECS/latest/developerguide/update-service.html', @@ -76,6 +81,6 @@ export default { severity: 'medium', conditions: { path: '@.memory', - in: ["0", "256", "512"] + in: ['0', '256', '512'], }, } \ No newline at end of file diff --git a/src/aws/nist-800-53-rev4/rules/aws-nist-800-53-rev4-11.2.ts b/src/aws/nist-800-53-rev4/rules/aws-nist-800-53-rev4-11.2.ts index 8b1bf325..ac59b49a 100644 --- a/src/aws/nist-800-53-rev4/rules/aws-nist-800-53-rev4-11.2.ts +++ b/src/aws/nist-800-53-rev4/rules/aws-nist-800-53-rev4-11.2.ts @@ -1,60 +1,65 @@ export default { id: 'aws-nist-800-53-rev4-11.2', - title: 'ECS task definitions should set CPU limit for containers', + title: 'AWS NIST 11.2 ECS task definitions should set CPU limit for containers', - description: `'Unless specified, containers get access to all the CPU and memory capacity available on that host. Specifying CPU for ECS task definitions ensures that high priority containers are able to claim the CPU runtime they require.'`, + description: `Unless specified, containers get access to all the CPU and memory capacity available on that host. Specifying CPU for ECS task definitions ensures that high priority containers are able to claim the CPU runtime they require. + + A CPU limit must be set through the *cpu* property in the task definition. For more information about the *cpu* property, see [TaskDefinition](https://docs.aws.amazon.com/AmazonECS/latest/APIReference/API_TaskDefinition.html) in the ECS API Reference.`, audit: '', rationale: '', - remediation: `**AWS Console** - - - Navigate to ECS. + remediation: `**Console Remediation Steps** + + - Navigate to [ECS](https://console.aws.amazon.com/ecs/). - Select the Region that contains your task definition. - In the left pane, select Task Definitions. - Check the task definition and click Create new revision. - On the Create new revision of task definition page, make changes. For example, to change the existing container definitions (such as the container image, memory limits, or port mappings), select the container, make the changes, and then choose Update. - Select Create. - - If your task definition is used in a service, update your service with the updated task definition and deactivate the previous task definition. For more information, see Updating a service. - - **AWS CLI** + - If your task definition is used in a service, update your service with the updated task definition and deactivate the previous task definition. For more information, see [Updating a service](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/update-service.html). + + **CLI Remediation Steps** + - Create new task definition revision: - > aws ecs register-task-definition
- > --family \
- > [--task-role-arn \]
- > [--execution-role-arn \]
- > [--network-mode \]
- > --container-definitions \
- > [--volumes \]
- > [--placement-constraints \]
- > [--requires-compatibilities \]
- > [--cpu \]
- > [--memory \]
- > [--tags \]
- > [--pid-mode \]
- > [--ipc-mode \]
- > [--proxy-configuration \]
- > [--inference-accelerators \]
- > [--cli-input-json | --cli-input-yaml]
- > [--generate-cli-skeleton \] - + + aws ecs register-task-definition + --family + [--task-role-arn ] + [--execution-role-arn ] + [--network-mode ] + --container-definitions + [--volumes ] + [--placement-constraints ] + [--requires-compatibilities ] + [--cpu ] + [--memory ] + [--tags ] + [--pid-mode ] + [--ipc-mode ] + [--proxy-configuration ] + [--inference-accelerators ] + [--cli-input-json | --cli-input-yaml] + [--generate-cli-skeleton ] + - Update the service to use the new task definition: - > aws ecs update-service - > [--cluster \] - > --service \ - > [--desired-count \] - > [--task-definition \] - > [--capacity-provider-strategy \] - > [--deployment-configuration \] - > [--network-configuration \] - > [--placement-constraints \] - > [--placement-strategy \] - > [--platform-version \] - > [--force-new-deployment | --no-force-new-deployment] - > [--health-check-grace-period-seconds \] - > [--cli-input-json | --cli-input-yaml] - > [--generate-cli-skeleton \]`, + + aws ecs update-service + [--cluster ] + --service + [--desired-count ] + [--task-definition ] + [--capacity-provider-strategy ] + [--deployment-configuration ] + [--network-configuration ] + [--placement-constraints ] + [--placement-strategy ] + [--platform-version ] + [--force-new-deployment | --no-force-new-deployment] + [--health-check-grace-period-seconds ] + [--cli-input-json | --cli-input-yaml] + [--generate-cli-skeleton ]`, references: [ 'https://docs.aws.amazon.com/AmazonECS/latest/developerguide/update-service.html', @@ -75,6 +80,6 @@ export default { severity: 'medium', conditions: { path: '@.cpu', - in: ["0", "256", "512"] + in: ['0', '256', '512'], }, } \ No newline at end of file diff --git a/src/aws/nist-800-53-rev4/rules/aws-nist-800-53-rev4-12.1.ts b/src/aws/nist-800-53-rev4/rules/aws-nist-800-53-rev4-12.1.ts index eee08823..aec5e1b4 100644 --- a/src/aws/nist-800-53-rev4/rules/aws-nist-800-53-rev4-12.1.ts +++ b/src/aws/nist-800-53-rev4/rules/aws-nist-800-53-rev4-12.1.ts @@ -1,6 +1,6 @@ export default { id: 'aws-nist-800-53-rev4-12.1', - title: 'CloudFront distributions should have geo-restrictions specified', + title: 'AWS NIST 12.1 CloudFront distributions should have geo-restrictions specified', description: `CloudFront distributions should enable geo-restriction when an organization needs to prevent users in specific geographic locations from accessing content. For example, @@ -39,17 +39,23 @@ export default { accountId __typename geoRestriction { - restrictionType + restrictionType + locations } } }`, resource: 'queryawsCloudfront[*]', severity: 'medium', conditions: { - path: '@.geoRestriction', - array_all: { - path: '[*].restrictionType', - notIn: 'none' + and: [ + { + path: '@.geoRestriction.restrictionType', + in: ['whitelist', 'blacklist'] }, + { + path: '@.geoRestriction.locations', + isEmpty: false + }, + ], }, } \ No newline at end of file diff --git a/src/aws/nist-800-53-rev4/rules/aws-nist-800-53-rev4-12.2.ts b/src/aws/nist-800-53-rev4/rules/aws-nist-800-53-rev4-12.2.ts index 11d9dc4c..e8637ca0 100644 --- a/src/aws/nist-800-53-rev4/rules/aws-nist-800-53-rev4-12.2.ts +++ b/src/aws/nist-800-53-rev4/rules/aws-nist-800-53-rev4-12.2.ts @@ -1,6 +1,6 @@ export default { id: 'aws-nist-800-53-rev4-12.2', - title: 'EC2 instances should not have a public IP association (IPv4)', + title: 'AWS NIST 12.2 EC2 instances should not have a public IP association (IPv4)', description: `EC2 instances are reachable over the internet even if you have protections such as NACLs or security groups if a public IP address is associated with an instance. To minimize the risk @@ -50,7 +50,7 @@ Disable the public IP addressing feature arn accountId __typename - subnet { + subnets { autoAssignPublicIpv4Address } } @@ -58,10 +58,12 @@ Disable the public IP addressing feature resource: 'queryawsEc2[*]', severity: 'medium', conditions: { - path: '@.subnet', - array_all: { - path: '[*].autoAssignPublicIpv4Address', - notEqual: 'Yes' + not: { + path: '@.subnets', + array_any: { + path: '[*].autoAssignPublicIpv4Address', + equal: 'Yes', + }, }, }, } \ No newline at end of file diff --git a/src/aws/nist-800-53-rev4/tests/nist-800-53-rev4-11.x.test.ts b/src/aws/nist-800-53-rev4/tests/nist-800-53-rev4-11.x.test.ts index fa7f25d9..77154d8a 100644 --- a/src/aws/nist-800-53-rev4/tests/nist-800-53-rev4-11.x.test.ts +++ b/src/aws/nist-800-53-rev4/tests/nist-800-53-rev4-11.x.test.ts @@ -4,57 +4,14 @@ import cuid from 'cuid' import Aws_NIST_800_53_111 from '../rules/aws-nist-800-53-rev4-11.1' import Aws_NIST_800_53_112 from '../rules/aws-nist-800-53-rev4-11.2' -export interface Logging { - enabled: boolean -} - -export interface DataResource { - type: string -} - -export interface EventSelector { - readWriteType?: string - includeManagementEvents?: boolean - dataResources?: DataResource[] -} - -export interface Cloudtrail { - isMultiRegionTrail?: string - eventSelectors?: EventSelector[] - includeGlobalServiceEvents?: string -} - -export interface QueryawsCloudfront { +export interface QueryawsEcsTaskDefinition { id: string - logging: Logging + memory?: string | null + cpu?: string | null } -export interface QueryawsAccount { - id: string - cloudtrail: Cloudtrail[] -} - -export interface QueryawsCloudtrail { - id: string - eventSelectors?: EventSelector[] -} - -export interface QueryawsAlb { - id: string - accessLogsEnabled: string -} - -export interface QueryawsElb { - id: string - accessLogs: string -} - -export interface NIS6xQueryResponse { - queryawsCloudfront?: QueryawsCloudfront[] - queryawsAccount?: QueryawsAccount[] - queryawsCloudtrail?: QueryawsCloudtrail[] - queryawsAlb?: QueryawsAlb[] - queryawsElb?: QueryawsElb[] +export interface NIST11xQueryResponse { + queryawsEcsTaskDefinition?: QueryawsEcsTaskDefinition[] } describe('AWS NIST 800-53: Rev. 4', () => { @@ -66,14 +23,15 @@ describe('AWS NIST 800-53: Rev. 4', () => { }) }) - //11.X - describe(' AWS 11.1 ECS task definitions should limit memory usage for containers', () => { - const getTestRuleFixture = (memory: string|null|undefined): any => { + describe('AWS NIST 11.1 ECS task definitions should limit memory usage for containers', () => { + const getTestRuleFixture = ( + memory: string | null + ): NIST11xQueryResponse => { return { queryawsEcsTaskDefinition: [ { id: cuid(), - memory + memory, }, ], } @@ -81,7 +39,7 @@ describe('AWS NIST 800-53: Rev. 4', () => { // Act const testRule = async ( - data: any, + data: NIST11xQueryResponse, expectedResult: Result ): Promise => { // Act @@ -94,34 +52,29 @@ describe('AWS NIST 800-53: Rev. 4', () => { expect(processedRule.result).toBe(expectedResult) } - test('Container memory is within the acceptable limit', async () => { - const data: any = getTestRuleFixture('512') + test('No Security Issue when Container memory is within the acceptable limit (512)', async () => { + const data: NIST11xQueryResponse = getTestRuleFixture('512') await testRule(data, Result.PASS) }) - test('Container memory is within the acceptable limit', async () => { - const data: any = getTestRuleFixture('256') + test('No Security Issue when Container memory is within the acceptable limit (256)', async () => { + const data: NIST11xQueryResponse = getTestRuleFixture('256') await testRule(data, Result.PASS) }) - test('Container memory cannot be null or undefined', async () => { - const data: any = getTestRuleFixture(null) - await testRule(data, Result.FAIL) - }) - - test('Container memory cannot be null or undefined', async () => { - const data: any = getTestRuleFixture(undefined) + test('Security Issue when Container memory is not set', async () => { + const data: NIST11xQueryResponse = getTestRuleFixture(null) await testRule(data, Result.FAIL) }) }) - describe(' AWS 11.2 ECS task definitions should set CPU limit for containers', () => { - const getTestRuleFixture = (cpu: string|null|undefined): any => { + describe('AWS NIST 11.2 ECS task definitions should set CPU limit for containers', () => { + const getTestRuleFixture = (cpu: string | null): NIST11xQueryResponse => { return { queryawsEcsTaskDefinition: [ { id: cuid(), - cpu + cpu, }, ], } @@ -129,7 +82,7 @@ describe('AWS NIST 800-53: Rev. 4', () => { // Act const testRule = async ( - data: any, + data: NIST11xQueryResponse, expectedResult: Result ): Promise => { // Act @@ -142,25 +95,19 @@ describe('AWS NIST 800-53: Rev. 4', () => { expect(processedRule.result).toBe(expectedResult) } - test('CPU limit is within the acceptable limit', async () => { - const data: any = getTestRuleFixture('512') + test('No Security Issue when CPU limit is within the acceptable limit (512)', async () => { + const data: NIST11xQueryResponse = getTestRuleFixture('512') await testRule(data, Result.PASS) }) - test('CPU limit is within the acceptable limit', async () => { - const data: any = getTestRuleFixture('256') + test('No Security Issue when CPU limit is within the acceptable limit (256)', async () => { + const data: NIST11xQueryResponse = getTestRuleFixture('256') await testRule(data, Result.PASS) }) - test('CPU limit cannot be null or undefined', async () => { - const data: any = getTestRuleFixture(null) - await testRule(data, Result.FAIL) - }) - - test('CPU limit cannot be null or undefined', async () => { - const data: any = getTestRuleFixture(undefined) + test('Security Issue when CPU limit is not set', async () => { + const data: NIST11xQueryResponse = getTestRuleFixture(null) await testRule(data, Result.FAIL) }) }) - }) diff --git a/src/aws/nist-800-53-rev4/tests/nist-800-53-rev4-12.x.test.ts b/src/aws/nist-800-53-rev4/tests/nist-800-53-rev4-12.x.test.ts index 01ae5010..3046c8a8 100644 --- a/src/aws/nist-800-53-rev4/tests/nist-800-53-rev4-12.x.test.ts +++ b/src/aws/nist-800-53-rev4/tests/nist-800-53-rev4-12.x.test.ts @@ -4,58 +4,27 @@ import cuid from 'cuid' import Aws_NIST_800_53_121 from '../rules/aws-nist-800-53-rev4-12.1' import Aws_NIST_800_53_122 from '../rules/aws-nist-800-53-rev4-12.2' - -export interface Logging { - enabled: boolean -} - -export interface DataResource { - type: string -} - -export interface EventSelector { - readWriteType?: string - includeManagementEvents?: boolean - dataResources?: DataResource[] -} - -export interface Cloudtrail { - isMultiRegionTrail?: string - eventSelectors?: EventSelector[] - includeGlobalServiceEvents?: string +export interface GeoRestriction { + restrictionType: string + locations: string[] } -export interface QueryawsCloudfront { - id: string - logging: Logging -} - -export interface QueryawsAccount { - id: string - cloudtrail: Cloudtrail[] -} - -export interface QueryawsCloudtrail { - id: string - eventSelectors?: EventSelector[] +export interface Subnet { + autoAssignPublicIpv4Address: string } - -export interface QueryawsAlb { +export interface QueryawsEc2 { id: string - accessLogsEnabled: string + subnets: Subnet[] } -export interface QueryawsElb { +export interface QueryawsCloudfront { id: string - accessLogs: string + geoRestriction: GeoRestriction } -export interface NIS6xQueryResponse { +export interface NIST12xQueryResponse { queryawsCloudfront?: QueryawsCloudfront[] - queryawsAccount?: QueryawsAccount[] - queryawsCloudtrail?: QueryawsCloudtrail[] - queryawsAlb?: QueryawsAlb[] - queryawsElb?: QueryawsElb[] + queryawsEc2?: QueryawsEc2[] } describe('AWS NIST 800-53: Rev. 4', () => { @@ -67,18 +36,19 @@ describe('AWS NIST 800-53: Rev. 4', () => { }) }) - //12.X - describe(' AWS 12.1 CloudFront distributions should have geo-restrictions specified', () => { - const getTestRuleFixture = (restrictionType: string): any => { + describe('AWS NIST 12.1 CloudFront distributions should have geo-restrictions specified', () => { + const getTestRuleFixture = ( + restrictionType: string, + locations: string[] + ): NIST12xQueryResponse => { return { queryawsCloudfront: [ { id: cuid(), - geoRestriction: [ - { - restrictionType - }, - ], + geoRestriction: { + restrictionType, + locations + }, }, ], } @@ -86,7 +56,7 @@ describe('AWS NIST 800-53: Rev. 4', () => { // Act const testRule = async ( - data: any, + data: NIST12xQueryResponse, expectedResult: Result ): Promise => { // Act @@ -99,25 +69,29 @@ describe('AWS NIST 800-53: Rev. 4', () => { expect(processedRule.result).toBe(expectedResult) } - test('Georestrictions allowed. Content is available', async () => { - const data: any = getTestRuleFixture('whitelist') + test('No Security Issue when there is an inbound rule with a restrictionType equal to whitelist and locations specified', async () => { + const data: NIST12xQueryResponse = getTestRuleFixture('whitelist', ['CA','US']) await testRule(data, Result.PASS) }) - test('Georestrictions not set. Content is not available', async () => { - const data: any = getTestRuleFixture('none') - await testRule(data, Result.FAIL) + test('No Security Issue when there is an inbound rule with a restrictionType equal to whitelist and locations specified', async () => { + const data: NIST12xQueryResponse = getTestRuleFixture('blacklist', ['CA','US']) + await testRule(data, Result.PASS) }) + test('Security Issue when there is an inbound rule without geoRestriction specified', async () => { + const data: NIST12xQueryResponse = getTestRuleFixture('none', []) + await testRule(data, Result.FAIL) + }) }) - describe(' AWS 12.2 EC2 instances should not have a public IP association (IPv4)', () => { - const getTestRuleFixture = (autoAssignPublicIpv4Address: string): any => { + describe('AWS NIST 12.2 EC2 instances should not have a public IP association (IPv4)', () => { + const getTestRuleFixture = (autoAssignPublicIpv4Address: string): NIST12xQueryResponse => { return { queryawsEc2: [ { id: cuid(), - subnet: [ + subnets: [ { autoAssignPublicIpv4Address, }, @@ -129,7 +103,7 @@ describe('AWS NIST 800-53: Rev. 4', () => { // Act const testRule = async ( - data: any, + data: NIST12xQueryResponse, expectedResult: Result ): Promise => { // Act @@ -142,16 +116,14 @@ describe('AWS NIST 800-53: Rev. 4', () => { expect(processedRule.result).toBe(expectedResult) } - test('Subnet is Default and auto assign attribute is true', async () => { - const data: any = getTestRuleFixture('Yes') - await testRule(data, Result.FAIL) - }) - - test('Subnet is nonDefault and auto assign attribute cannot be false', async () => { - const data: any = getTestRuleFixture('No') + test('No Security Issue when EC2 instances not have a public IP association (IPv4)', async () => { + const data: NIST12xQueryResponse = getTestRuleFixture('No') await testRule(data, Result.PASS) }) + test('Security Issue when EC2 instances have a public IP association (IPv4)', async () => { + const data: NIST12xQueryResponse = getTestRuleFixture('Yes') + await testRule(data, Result.FAIL) + }) }) - }) From 7227bc637eece1fa8a04e8aca8daa24d051c9dbe Mon Sep 17 00:00:00 2001 From: "mariano.pizarro" Date: Mon, 16 May 2022 18:20:44 -0300 Subject: [PATCH 21/30] fix: [GCP] Fix discrepancies between AutoCloud and Fugue --- src/gcp/cis-1.2.0/rules/gcp-cis-1.2.0-4.5.ts | 44 +++++++------------ src/gcp/cis-1.2.0/rules/gcp-cis-1.2.0-4.6.ts | 6 ++- src/gcp/cis-1.2.0/rules/gcp-cis-1.2.0-4.9.ts | 12 +---- .../cis-1.2.0/tests/gcp-cis-1.2.0-4.x.test.ts | 37 +++------------- 4 files changed, 26 insertions(+), 73 deletions(-) diff --git a/src/gcp/cis-1.2.0/rules/gcp-cis-1.2.0-4.5.ts b/src/gcp/cis-1.2.0/rules/gcp-cis-1.2.0-4.5.ts index f5400575..dfc5aab7 100644 --- a/src/gcp/cis-1.2.0/rules/gcp-cis-1.2.0-4.5.ts +++ b/src/gcp/cis-1.2.0/rules/gcp-cis-1.2.0-4.5.ts @@ -63,7 +63,7 @@ export default { You can prevent VMs from having serial port access enable by *Disable VM serial port access* organization policy: https://console.cloud.google.com/iam-admin/orgpolicies/compute-disableSerialPortAccess.`, references: [ - `https://cloud.google.com/compute/docs/instances/interacting-with-serial-console`, + 'https://cloud.google.com/compute/docs/instances/interacting-with-serial-console', ], gql: `{ querygcpVmInstance{ @@ -80,34 +80,20 @@ export default { resource: 'querygcpVmInstance[*]', severity: 'medium', conditions: { - path: '@.metadata.items', - array_any: { - or: [ - { - and: [ - { - path: '[*].key', - equal: 'serial-port-enable', - }, - { - path: '[*].value', - equal: '0', - }, - ], - }, - { - and: [ - { - path: '[*].key', - equal: 'serial-port-enable', - }, - { - path: '[*].value', - equal: 'false', - }, - ], - }, - ], + not: { + path: '@.metadata.items', + array_any: { + and: [ + { + path: '[*].key', + equal: 'serial-port-enable', + }, + { + path: '[*].value', + in: ['1', 'true'], + }, + ], + }, }, }, } diff --git a/src/gcp/cis-1.2.0/rules/gcp-cis-1.2.0-4.6.ts b/src/gcp/cis-1.2.0/rules/gcp-cis-1.2.0-4.6.ts index 036a929c..4a1f6442 100644 --- a/src/gcp/cis-1.2.0/rules/gcp-cis-1.2.0-4.6.ts +++ b/src/gcp/cis-1.2.0/rules/gcp-cis-1.2.0-4.6.ts @@ -56,7 +56,9 @@ export default { resource: 'querygcpVmInstance[*]', severity: 'medium', conditions: { - path: '@.canIpForward', - equal: false, + not: { + path: '@.canIpForward', + equal: true, + }, }, } diff --git a/src/gcp/cis-1.2.0/rules/gcp-cis-1.2.0-4.9.ts b/src/gcp/cis-1.2.0/rules/gcp-cis-1.2.0-4.9.ts index 497d8a56..43af3e7c 100644 --- a/src/gcp/cis-1.2.0/rules/gcp-cis-1.2.0-4.9.ts +++ b/src/gcp/cis-1.2.0/rules/gcp-cis-1.2.0-4.9.ts @@ -103,16 +103,8 @@ export default { array_any: { path: '[*].accessConfigs', array_any: { - and: [ - { - path: '[*].natIP', - notEqual: null, - }, - { - path: '[*].natIP', - notEqual: '', - }, - ], + path: '[*].natIP', + notIn: [null, ''], }, }, }, diff --git a/src/gcp/cis-1.2.0/tests/gcp-cis-1.2.0-4.x.test.ts b/src/gcp/cis-1.2.0/tests/gcp-cis-1.2.0-4.x.test.ts index 6bffed84..6a700175 100644 --- a/src/gcp/cis-1.2.0/tests/gcp-cis-1.2.0-4.x.test.ts +++ b/src/gcp/cis-1.2.0/tests/gcp-cis-1.2.0-4.x.test.ts @@ -1369,7 +1369,7 @@ describe('CIS Google Cloud Platform Foundations: 1.2.0', () => { await test45Rule(data, Result.PASS) }) - test('Security Security Issue when ¨serial-port-enable¨ is set to true', async () => { + test('Security Issue when ¨serial-port-enable¨ is set to true', async () => { const metadataItems: MetadataItem[] = [ { key: 'serial-port-enable', @@ -1380,29 +1380,7 @@ describe('CIS Google Cloud Platform Foundations: 1.2.0', () => { await test45Rule(data, Result.FAIL) }) - test('Security Security Issue when ¨serial-port-enable¨ is set to 1', async () => { - const metadataItems: MetadataItem[] = [ - { - key: 'serial-port-enable', - value: 'true', - }, - ] - const data: CIS4xQueryResponse = getTest45RuleFixture(metadataItems) - await test45Rule(data, Result.FAIL) - }) - - test('Security Security Issue when ¨serial-port-enable¨ is set to 1', async () => { - const metadataItems: MetadataItem[] = [ - { - key: 'serial-port-enable', - value: '1', - }, - ] - const data: CIS4xQueryResponse = getTest45RuleFixture(metadataItems) - await test45Rule(data, Result.FAIL) - }) - - test('Security Security Issue when metadata is empty', async () => { + test('Security Issue when ¨serial-port-enable¨ is set to 1', async () => { const metadataItems: MetadataItem[] = [ { key: 'serial-port-enable', @@ -1413,15 +1391,10 @@ describe('CIS Google Cloud Platform Foundations: 1.2.0', () => { await test45Rule(data, Result.FAIL) }) - test('Security Security Issue when metadata does NOT contain ¨serial-port-enable¨ key', async () => { - const metadataItems: MetadataItem[] = [ - { - key: 'dummy-key', - value: 'false', - }, - ] + test('No Security Issue when metadata is empty', async () => { + const metadataItems: MetadataItem[] = [] const data: CIS4xQueryResponse = getTest45RuleFixture(metadataItems) - await test45Rule(data, Result.FAIL) + await test45Rule(data, Result.PASS) }) }) From 86be9816667dfe107f946a8cde90533fb6564f91 Mon Sep 17 00:00:00 2001 From: "mariano.pizarro" Date: Tue, 17 May 2022 14:26:12 -0300 Subject: [PATCH 22/30] feat: Support GCP PCI rules - Part 2 --- src/gcp/cis-1.2.0/rules/gcp-cis-1.2.0-3.7.ts | 8 +- .../cis-1.2.0/tests/gcp-cis-1.2.0-3.x.test.ts | 30 +- src/gcp/pci-dss-3.2.1/README.md | 23 +- src/gcp/pci-dss-3.2.1/rules/index.ts | 30 +- .../rules/pci-dss-3.2.1-iam-check-1.ts | 67 ++ .../rules/pci-dss-3.2.1-iam-check-2.ts | 119 +++ .../rules/pci-dss-3.2.1-monitoring-check-1.ts | 139 +++ .../rules/pci-dss-3.2.1-monitoring-check-2.ts | 145 +++ .../rules/pci-dss-3.2.1-monitoring-check-3.ts | 153 ++++ .../rules/pci-dss-3.2.1-monitoring-check-4.ts | 137 +++ .../rules/pci-dss-3.2.1-monitoring-check-5.ts | 139 +++ .../rules/pci-dss-3.2.1-monitoring-check-6.ts | 158 ++++ .../rules/pci-dss-3.2.1-monitoring-check-7.ts | 148 ++++ .../rules/pci-dss-3.2.1-monitoring-check-8.ts | 135 +++ .../rules/pci-dss-3.2.1-networking-check-1.ts | 134 +++ .../rules/pci-dss-3.2.1-networking-check-2.ts | 133 +++ .../rules/pci-dss-3.2.1-networking-check-3.ts | 87 ++ .../rules/pci-dss-3.2.1-networking-check-4.ts | 204 +++++ .../tests/pci-dss-3.2.1-iam-checks.test.ts | 174 ++++ .../pci-dss-3.2.1-monitoring-checks.test.ts | 837 ++++++++++++++++++ .../pci-dss-3.2.1-networking-checks.test.ts | 500 +++++++++++ .../pci-dss-3.2.1/tests/pci-dss-3.2.1.test.ts | 18 - 22 files changed, 3474 insertions(+), 44 deletions(-) create mode 100644 src/gcp/pci-dss-3.2.1/rules/pci-dss-3.2.1-iam-check-1.ts create mode 100644 src/gcp/pci-dss-3.2.1/rules/pci-dss-3.2.1-iam-check-2.ts create mode 100644 src/gcp/pci-dss-3.2.1/rules/pci-dss-3.2.1-monitoring-check-1.ts create mode 100644 src/gcp/pci-dss-3.2.1/rules/pci-dss-3.2.1-monitoring-check-2.ts create mode 100644 src/gcp/pci-dss-3.2.1/rules/pci-dss-3.2.1-monitoring-check-3.ts create mode 100644 src/gcp/pci-dss-3.2.1/rules/pci-dss-3.2.1-monitoring-check-4.ts create mode 100644 src/gcp/pci-dss-3.2.1/rules/pci-dss-3.2.1-monitoring-check-5.ts create mode 100644 src/gcp/pci-dss-3.2.1/rules/pci-dss-3.2.1-monitoring-check-6.ts create mode 100644 src/gcp/pci-dss-3.2.1/rules/pci-dss-3.2.1-monitoring-check-7.ts create mode 100644 src/gcp/pci-dss-3.2.1/rules/pci-dss-3.2.1-monitoring-check-8.ts create mode 100644 src/gcp/pci-dss-3.2.1/rules/pci-dss-3.2.1-networking-check-1.ts create mode 100644 src/gcp/pci-dss-3.2.1/rules/pci-dss-3.2.1-networking-check-2.ts create mode 100644 src/gcp/pci-dss-3.2.1/rules/pci-dss-3.2.1-networking-check-3.ts create mode 100644 src/gcp/pci-dss-3.2.1/rules/pci-dss-3.2.1-networking-check-4.ts create mode 100644 src/gcp/pci-dss-3.2.1/tests/pci-dss-3.2.1-iam-checks.test.ts create mode 100644 src/gcp/pci-dss-3.2.1/tests/pci-dss-3.2.1-monitoring-checks.test.ts create mode 100644 src/gcp/pci-dss-3.2.1/tests/pci-dss-3.2.1-networking-checks.test.ts delete mode 100644 src/gcp/pci-dss-3.2.1/tests/pci-dss-3.2.1.test.ts diff --git a/src/gcp/cis-1.2.0/rules/gcp-cis-1.2.0-3.7.ts b/src/gcp/cis-1.2.0/rules/gcp-cis-1.2.0-3.7.ts index a4e1d5e3..e7758251 100644 --- a/src/gcp/cis-1.2.0/rules/gcp-cis-1.2.0-3.7.ts +++ b/src/gcp/cis-1.2.0/rules/gcp-cis-1.2.0-3.7.ts @@ -34,7 +34,7 @@ export default { - When ALL TCP ports are allowed in a rule, PORT does not have any value set (*NULL*) - When ALL Protocols are allowed in a rule, PORT does not have any value set (*NULL*)`, - rationale: `GCP *Firewall Rule*s within a *VPC Network*. These rules apply to outgoing (egress) traffic from instances and incoming (ingress) traffic to instances in the network. Egress and ingress traffic flows are controlled even if the traffic stays within the network (for example, instance-to-instance communication). For an instance to have outgoing Internet access, the network must have a valid Internet gateway route or custom route whose destination IP is specified. This route simply defines the path to the Internet, to avoid the most general (0.0.0.0/0) destination IP Range specified from the Internet through RDP with the default *Port 3389*. Generic access from the Internet to a specific IP Range should be restricted.`, + rationale: 'GCP *Firewall Rule*s within a *VPC Network*. These rules apply to outgoing (egress) traffic from instances and incoming (ingress) traffic to instances in the network. Egress and ingress traffic flows are controlled even if the traffic stays within the network (for example, instance-to-instance communication). For an instance to have outgoing Internet access, the network must have a valid Internet gateway route or custom route whose destination IP is specified. This route simply defines the path to the Internet, to avoid the most general (0.0.0.0/0) destination IP Range specified from the Internet through RDP with the default *Port 3389*. Generic access from the Internet to a specific IP Range should be restricted.', remediation: `**From the Console:** 1. Go to *VPC Network*. @@ -48,7 +48,7 @@ export default { 1. Update RDP Firewall rule with new *SOURCE_RANGE* from the below command: gcloud compute firewall-rules update FirewallName --allow=[PROTOCOL[:PORT[-PORT]],...] --source-ranges=[CIDR_RANGE,...]`, - references: [`https://cloud.google.com/vpc/docs/firewalls#blockedtraffic`], + references: ['https://cloud.google.com/vpc/docs/firewalls#blockedtraffic'], gql: `{ querygcpFirewall(filter: {direction:{eq: "INGRESS"}}){ id @@ -109,11 +109,11 @@ export default { and: [ { path: '[*].fromPort', - lessThanInclusive: 3986, + lessThanInclusive: 3389, }, { path: '[*].toPort', - greaterThanInclusive: 3986, + greaterThanInclusive: 3389, }, ], }, diff --git a/src/gcp/cis-1.2.0/tests/gcp-cis-1.2.0-3.x.test.ts b/src/gcp/cis-1.2.0/tests/gcp-cis-1.2.0-3.x.test.ts index f2cd4e74..62dc78fb 100644 --- a/src/gcp/cis-1.2.0/tests/gcp-cis-1.2.0-3.x.test.ts +++ b/src/gcp/cis-1.2.0/tests/gcp-cis-1.2.0-3.x.test.ts @@ -451,8 +451,8 @@ describe('CIS Google Cloud Platform Foundations: 1.2.0', () => { expect(processedRule.result).toBe(expectedResult) } - test('No Security Issue when there is an inbound rule with a random IPv4 address and port 3986', async () => { - await test37Rule(3986, 3986, '10.10.10.10/16', Result.PASS) + test('No Security Issue when there is an inbound rule with a random IPv4 address and port 3389', async () => { + await test37Rule(3389, 3389, '10.10.10.10/16', Result.PASS) }) test('No Security Issue when there is an inbound rule with IPv4 wilcard address and port 80', async () => { @@ -463,32 +463,32 @@ describe('CIS Google Cloud Platform Foundations: 1.2.0', () => { await test37Rule(80, 80, ipV6WildcardAddress, Result.PASS) }) - test('No Security Issue when there is an inbound rule with a random IPv4 and a port range not including the port 3986', async () => { + test('No Security Issue when there is an inbound rule with a random IPv4 and a port range not including the port 3389', async () => { await test37Rule(1000, 2000, '10.10.10.10/16', Result.PASS) }) - test('No Security Issue when there is an inbound rule with IPv4 wilcard address and a port range not including the port 3986', async () => { + test('No Security Issue when there is an inbound rule with IPv4 wilcard address and a port range not including the port 3389', async () => { await test37Rule(1000, 2000, ipV4WildcardAddress, Result.PASS) }) - test('No Security Issue when there is an inbound rule with IPv6 wilcard address and a port range not including the port 3986', async () => { + test('No Security Issue when there is an inbound rule with IPv6 wilcard address and a port range not including the port 3389', async () => { await test37Rule(1000, 2000, ipV6WildcardAddress, Result.PASS) }) - test('Security Issue when IPv4 wilcard address and port 3986 and tcp protocol', async () => { - await test37Rule(3986, 3986, ipV4WildcardAddress, Result.FAIL) + test('Security Issue when IPv4 wilcard address and port 3389 and tcp protocol', async () => { + await test37Rule(3389, 3389, ipV4WildcardAddress, Result.FAIL) }) - test('Security Issue when IPv4 wilcard address and port 3986 and all protocol', async () => { - await test37Rule(3986, 3986, ipV4WildcardAddress, Result.FAIL, 'all') + test('Security Issue when IPv4 wilcard address and port 3389 and all protocol', async () => { + await test37Rule(3389, 3389, ipV4WildcardAddress, Result.FAIL, 'all') }) - test('Security Issue when IPv6 wilcard address and port 3986 and tcp protocol', async () => { - await test37Rule(3986, 3986, ipV6WildcardAddress, Result.FAIL) + test('Security Issue when IPv6 wilcard address and port 3389 and tcp protocol', async () => { + await test37Rule(3389, 3389, ipV6WildcardAddress, Result.FAIL) }) - test('Security Issue when IPv6 wilcard address and port 3986 and all protocol', async () => { - await test37Rule(3986, 3986, ipV6WildcardAddress, Result.FAIL, 'all') + test('Security Issue when IPv6 wilcard address and port 3389 and all protocol', async () => { + await test37Rule(3389, 3389, ipV6WildcardAddress, Result.FAIL, 'all') }) test('Security Issue when there is an inbound rule with IPv4 wilcard address and no port range is specified', async () => { @@ -499,11 +499,11 @@ describe('CIS Google Cloud Platform Foundations: 1.2.0', () => { await test37Rule(undefined, undefined, ipV6WildcardAddress, Result.FAIL) }) - test('Security Issue when there is an inbound rule with IPv4 wilcard address and port range includes the port 3986', async () => { + test('Security Issue when there is an inbound rule with IPv4 wilcard address and port range includes the port 3389', async () => { await test37Rule(0, 4000, ipV4WildcardAddress, Result.FAIL) }) - test('Security Issue when there is an inbound rule with IPv6 wilcard address and port range includes the port 3986', async () => { + test('Security Issue when there is an inbound rule with IPv6 wilcard address and port range includes the port 3389', async () => { await test37Rule(0, 4000, ipV6WildcardAddress, Result.FAIL) }) }) diff --git a/src/gcp/pci-dss-3.2.1/README.md b/src/gcp/pci-dss-3.2.1/README.md index 4a598cef..ab165804 100644 --- a/src/gcp/pci-dss-3.2.1/README.md +++ b/src/gcp/pci-dss-3.2.1/README.md @@ -51,10 +51,21 @@ Policy Pack based on the [PCI DSS version 3.2.1](https://www.pcisecuritystandard } ``` - + +| Rule | Description | +| ------------------ | ----------------------------------------------------------------------------------------------------------------------------- | +| iam-check-1 | IAM users should not have both KMS admin and any of the KMS encrypter/decrypter roles | +| iam-check-2 | IAM users should not have project-level "Service Account User" or "Service Account Token Creator" roles | +| monitoring-check-1 | Logging metric filter and alert for audit configuration changes should be configured | +| monitoring-check-2 | Logging metric filter and alert for Custom Role changes should be configured | +| monitoring-check-3 | Logging metric filter and alert for network changes should be configured | +| monitoring-check-4 | Logging metric filter and alert for network firewall rule changes should be configured | +| monitoring-check-5 | Logging metric filter and alert for network route changes should be configured | +| monitoring-check-6 | Logging metric filter and alert for project ownership assignments/changes should be configured | +| monitoring-check-7 | Logging metric filter and alert for SQL instance configuration changes should be configured | +| monitoring-check-8 | Logging metric filter and alert for Storage IAM permission changes should be configured | +| networking-check-1 | Network firewall rules should not permit ingress from 0.0.0.0/0 to port 22 (SSH) | +| networking-check-2 | Network firewall rules should not permit ingress from 0.0.0.0/0 to port 3389 (RDP) | +| networking-check-3 | The default network for a project should be deleted | +| networking-check-4 | Load balancer HTTPS or SSL proxy SSL policies should not have weak cipher suites | \ No newline at end of file diff --git a/src/gcp/pci-dss-3.2.1/rules/index.ts b/src/gcp/pci-dss-3.2.1/rules/index.ts index 44842b4f..f0f52c8e 100644 --- a/src/gcp/pci-dss-3.2.1/rules/index.ts +++ b/src/gcp/pci-dss-3.2.1/rules/index.ts @@ -1,3 +1,31 @@ +import Gcp_PCI_DSS_321_IAM_1 from './pci-dss-3.2.1-iam-check-1' +import Gcp_PCI_DSS_321_IAM_2 from './pci-dss-3.2.1-iam-check-2' +import Gcp_PCI_DSS_321_Monitoring_1 from './pci-dss-3.2.1-monitoring-check-1' +import Gcp_PCI_DSS_321_Monitoring_2 from './pci-dss-3.2.1-monitoring-check-2' +import Gcp_PCI_DSS_321_Monitoring_3 from './pci-dss-3.2.1-monitoring-check-3' +import Gcp_PCI_DSS_321_Monitoring_4 from './pci-dss-3.2.1-monitoring-check-4' +import Gcp_PCI_DSS_321_Monitoring_5 from './pci-dss-3.2.1-monitoring-check-5' +import Gcp_PCI_DSS_321_Monitoring_6 from './pci-dss-3.2.1-monitoring-check-6' +import Gcp_PCI_DSS_321_Monitoring_7 from './pci-dss-3.2.1-monitoring-check-7' +import Gcp_PCI_DSS_321_Monitoring_8 from './pci-dss-3.2.1-monitoring-check-8' +import Gcp_PCI_DSS_321_Networking_1 from './pci-dss-3.2.1-networking-check-1' +import Gcp_PCI_DSS_321_Networking_2 from './pci-dss-3.2.1-networking-check-2' +import Gcp_PCI_DSS_321_Networking_3 from './pci-dss-3.2.1-networking-check-3' +import Gcp_PCI_DSS_321_Networking_4 from './pci-dss-3.2.1-networking-check-4' + export default [ - // TODO: Add rules to export + Gcp_PCI_DSS_321_IAM_1, + Gcp_PCI_DSS_321_IAM_2, + Gcp_PCI_DSS_321_Monitoring_1, + Gcp_PCI_DSS_321_Monitoring_2, + Gcp_PCI_DSS_321_Monitoring_3, + Gcp_PCI_DSS_321_Monitoring_4, + Gcp_PCI_DSS_321_Monitoring_5, + Gcp_PCI_DSS_321_Monitoring_6, + Gcp_PCI_DSS_321_Monitoring_7, + Gcp_PCI_DSS_321_Monitoring_8, + Gcp_PCI_DSS_321_Networking_1, + Gcp_PCI_DSS_321_Networking_2, + Gcp_PCI_DSS_321_Networking_3, + Gcp_PCI_DSS_321_Networking_4, ] \ No newline at end of file diff --git a/src/gcp/pci-dss-3.2.1/rules/pci-dss-3.2.1-iam-check-1.ts b/src/gcp/pci-dss-3.2.1/rules/pci-dss-3.2.1-iam-check-1.ts new file mode 100644 index 00000000..8b45a8ce --- /dev/null +++ b/src/gcp/pci-dss-3.2.1/rules/pci-dss-3.2.1-iam-check-1.ts @@ -0,0 +1,67 @@ +// GCP CIS 1.2.0 Rule equivalent 1.11 +export default { + id: 'gcp-pci-dss-3.2.1-iam-check-1', + title: 'IAM check 1: IAM users should not have both KMS admin and any of the KMS encrypter/decrypter roles', + + description: 'It is recommended that the principle of "Separation of Duties" is enforced while assigning KMS related roles to users.', + + audit: `**From Console:** + + 1. Go to IAM & Admin/IAM by visiting https://console.cloud.google.com/iam-admin/iam + + 2. Ensure no member has the roles Cloud KMS Admin and any of the Cloud KMS CryptoKey Encrypter/Decrypter, Cloud KMS CryptoKey Encrypter, Cloud KMS CryptoKey Decrypter assigned. + + **From Command Line:** + + 1. List all users and role assignments: + + gcloud projects get-iam-policy PROJECT_ID + + 2. Ensure that there are no common users found in the member section for roles cloudkms.admin and any one of Cloud KMS CryptoKey Encrypter/Decrypter, Cloud KMS CryptoKey Encrypter, Cloud KMS CryptoKey Decrypter`, + + rationale: `The built-in/predefined IAM role Cloud KMS Admin allows the user/identity to create, delete, and manage service account(s). The built-in/predefined IAM role Cloud KMS CryptoKey Encrypter/Decrypter allows the user/identity (with adequate privileges on concerned resources) to encrypt and decrypt data at rest using an encryption key(s). + + The built-in/predefined IAM role Cloud KMS CryptoKey Encrypter allows the user/identity (with adequate privileges on concerned resources) to encrypt data at rest using an encryption key(s). The built-in/predefined IAM role Cloud KMS CryptoKey Decrypter allows the user/identity (with adequate privileges on concerned resources) to decrypt data at rest using an encryption key(s). + + Separation of duties is the concept of ensuring that one individual does not have all necessary permissions to be able to complete a malicious action. In Cloud KMS, this could be an action such as using a key to access and decrypt data a user should not normally have access to. Separation of duties is a business control typically used in larger organizations, meant to help avoid security or privacy incidents and errors. It is considered best practice. + + No user(s) should have Cloud KMS Admin and any of the Cloud KMS CryptoKey Encrypter/Decrypter, Cloud KMS CryptoKey Encrypter, Cloud KMS CryptoKey Decrypter roles assigned at the same time`, + + remediation: `**From Console:** + + 1. Go to IAM & Admin/IAM using https://console.cloud.google.com/iam-admin/iam + + 2. For any member having Cloud KMS Admin and any of the Cloud KMS CryptoKey Encrypter/Decrypter, Cloud KMS CryptoKey Encrypter, Cloud KMS CryptoKey Decrypter roles granted assigned, click the Delete Bin icon to remove the role from the member.`, + + references: ['https://cloud.google.com/kms/docs/separation-of-duties'], + gql: `{ + querygcpIamPolicy { + id + __typename + bindings { + role + members + } + } + }`, + resource: 'querygcpIamPolicy[*]', + severity: 'unknown', + conditions: { + jq: `[({"member" : .bindings[].members[], "roles" : .bindings[].role}) ] + | group_by(.member) + | map({ "member" : .[].member, "roles" : map(.roles) }) + | [.[] + | select(.roles + | contains(["roles/cloudkms.admin", "roles/cloudkms.cryptoKeyEncrypterDecrypter"]) + or contains(["roles/cloudkms.admin", "roles/cloudkms.cryptoKeyEncrypter"]) + or contains(["roles/cloudkms.admin", "roles/cloudkms.cryptoKeyDecrypter"]))] + | {"userHasInvalidRoles": ( (. | length) > 0)}`, + path: '@', + and: [ + { + path: '@.userHasInvalidRoles', + notEqual: true, + }, + ], + }, +} \ No newline at end of file diff --git a/src/gcp/pci-dss-3.2.1/rules/pci-dss-3.2.1-iam-check-2.ts b/src/gcp/pci-dss-3.2.1/rules/pci-dss-3.2.1-iam-check-2.ts new file mode 100644 index 00000000..1d491878 --- /dev/null +++ b/src/gcp/pci-dss-3.2.1/rules/pci-dss-3.2.1-iam-check-2.ts @@ -0,0 +1,119 @@ +// GCP CIS 1.2.0 Rule equivalent 1.6 +export default { + id: 'gcp-pci-dss-3.2.1-iam-check-2', + title: + 'IAM check 2: IAM users should not have project-level "Service Account User" or "Service Account Token Creator" roles', + + description: `It is recommended to assign the Service Account User (iam.serviceAccountUser) and + Service Account Token Creator (iam.serviceAccountTokenCreator) roles to a user for + a specific service account rather than assigning the role to a user at project level.`, + + audit: `**From Console:** + + 1. Go to the IAM page in the GCP Console by visiting https://console.cloud.google.com/iam-admin/iam + 2. Click on the filter table text bar, Type *Role: Service Account User*. + 3. Ensure no user is listed as a result of the filter. + 4. Click on the filter table text bar, Type *Role: Service Account Token Creator*. + 5. Ensure no user is listed as a result of the filter. + + **From Command Line:** + To ensure IAM users are not assigned Service Account User role at the project level: + + gcloud projects get-iam-policy PROJECT_ID --format json | jq '.bindings[].role' | grep "roles/iam.serviceAccountUser" + + gcloud projects get-iam-policy PROJECT_ID --format json | jq '.bindings[].role' | grep "roles/iam.serviceAccountTokenCreator" + + These commands should not return any output.`, + + rationale: `A service account is a special Google account that belongs to an application or a virtual machine (VM), instead of to an individual end-user. Application/VM-Instance uses the service account to call the service's Google API so that users aren't directly involved. In addition to being an identity, a service account is a resource that has IAM policies attached to it. These policies determine who can use the service account. + + Users with IAM roles to update the App Engine and Compute Engine instances (such as App Engine Deployer or Compute Instance Admin) can effectively run code as the service accounts used to run these instances, and indirectly gain access to all the resources for which the service accounts have access. Similarly, SSH access to a Compute Engine instance may also provide the ability to execute code as that instance/Service account. + + Based on business needs, there could be multiple user-managed service accounts configured for a project. Granting the *iam.serviceAccountUser* or *iam.serviceAserviceAccountTokenCreatorccountUser* roles to a user for a project gives the user access to all service accounts in the project, including service accounts that may be created in the future. This can result in elevation of privileges by using service accounts and corresponding *Compute Engine instances*. + + In order to implement *least privileges* best practices, IAM users should not be assigned the *Service Account User* or *Service Account Token Creator* roles at the project level. Instead, these roles should be assigned to a user for a specific service account, giving that user access to the service account. The *Service Account User* allows a user to bind a service account to a long-running job service, whereas the *Service Account Token Creator* role allows a user to directly impersonate (or assert) the identity of a service account.`, + + remediation: `**From Console:** + + 1. Go to the IAM page in the GCP Console by visiting: https://console.cloud.google.com/iam-admin/iam. + 2. Click on the filter table text bar. Type *Role: Service Account User* + 3. Click the *Delete Bin* icon in front of the role *Service Account User* for every user listed as a result of a filter. + 4. Click on the filter table text bar. Type *Role: Service Account Token Creator* + 5. Click the *Delete Bin* icon in front of the role *Service Account Token Creator* for every user listed as a result of a filter. + + **From Command Line:** + + 1. Using a text editor, remove the bindings with the *roles/iam.serviceAccountUser* or *roles/iam.serviceAccountTokenCreator*. + + For example, you can use the iam.json file shown below as follows: + + { + "bindings": [ + { + "members": ["serviceAccount:our-project-123@appspot.gserviceaccount.com"], + "role": "roles/appengine.appViewer" + }, + { + "members": ["user:email1@gmail.com"], + "role": "roles/owner" + }, + { + "members": [ + "serviceAccount:our-project-123@appspot.gserviceaccount.com", + "serviceAccount:123456789012-compute@developer.gserviceaccount.com" + ], + "role": "roles/editor" + } + ], + "etag": "BwUjMhCsNvY=" + } + + 2. Update the project's IAM policy: + + gcloud projects set-iam-policy PROJECT_ID iam.json`, + + references: [ + 'https://cloud.google.com/iam/docs/service-accounts', + 'https://cloud.google.com/iam/docs/granting-roles-to-service-accounts', + 'https://cloud.google.com/iam/docs/understanding-roles', + 'https://cloud.google.com/iam/docs/granting-changing-revoking-access', + 'https://console.cloud.google.com/iam-admin/iam', + ], + gql: `{ + querygcpProject { + id + __typename + iamPolicies { + bindings { + role + members + } + } + } + }`, + resource: 'querygcpProject[*]', + severity: 'unknown', + conditions: { + not: { + path: '@.iamPolicies', + array_any: { + path: '[*].bindings', + array_any: { + and: [ + { + path: '[*].members', + match: /user.*$/, + }, + { + path: '[*].role', + in: [ + 'roles/iam.serviceAccountUser', + 'roles/iam.serviceAccountTokenCreator', + ], + }, + ], + }, + }, + }, + }, +} diff --git a/src/gcp/pci-dss-3.2.1/rules/pci-dss-3.2.1-monitoring-check-1.ts b/src/gcp/pci-dss-3.2.1/rules/pci-dss-3.2.1-monitoring-check-1.ts new file mode 100644 index 00000000..d961bb58 --- /dev/null +++ b/src/gcp/pci-dss-3.2.1/rules/pci-dss-3.2.1-monitoring-check-1.ts @@ -0,0 +1,139 @@ +// GCP CIS 1.2.0 Rule equivalent 2.5 +const filterPatternRegex = + /\s*protoPayload.methodName\s*=\s*"SetIamPolicy"\s*AND\s*protoPayload.serviceData.policyDelta.auditConfigDeltas:*\s*/ + +export default { + id: 'gcp-pci-dss-3.2.1-monitoring-check-1', + title: + 'Monitoring check 1: Logging metric filter and alert for audit configuration changes should be configured', + description: `Google Cloud Platform (GCP) services write audit log entries to the Admin Activity and Data + Access logs to help answer the questions of, "who did what, where, and when?" within GCP + projects. + + Cloud audit logging records information includes the identity of the API caller, the time of + the API call, the source IP address of the API caller, the request parameters, and the + response elements returned by GCP services. Cloud audit logging provides a history of GCP + API calls for an account, including API calls made via the console, SDKs, command-line + tools, and other GCP services.`, + audit: `**From Console: + Ensure the prescribed log metric is present:** + + 1. Go to *Logging/Logs-based Metrics* by visiting https://console.cloud.google.com/logs/metrics. + 2. In the *User-defined Metrics* section, ensure that at least one metric ** is present with the filter text: + + protoPayload.methodName="SetIamPolicy" AND protoPayload.serviceData.policyDelta.auditConfigDeltas:* + + **Ensure that the prescribed alerting policy is present:** + + 3. Go to Alerting by visiting https://console.cloud.google.com/monitoring/alerting. + 4. Under the Policies section, ensure that at least one alert policy exists for the log metric above. Clicking on the policy should show that it is configured with a condition. For example, *Violates when: Any logging.googleapis.com/user/ stream is above a threshold of 0 for greater than zero(0) seconds*, means that the alert will trigger for any new owner change. Verify that the chosen alerting thresholds make sense for the user's organization. + 5. Ensure that appropriate notifications channels have been set up. + + **From Command Line: + Ensure that the prescribed log metric is present:** + + 1. List the log metrics: + + gcloud beta logging metrics list --format json + + 2. Ensure that the output contains at least one metric with the filter set to: + + protoPayload.methodName="SetIamPolicy" AND protoPayload.serviceData.policyDelta.auditConfigDeltas:* + + 3. Note the value of the property *metricDescriptor.type* for the identified metric, in the format *logging.googleapis.com/user/*. + + **Ensure that the prescribed alerting policy is present:** + + 4. List the alerting policies: + + gcloud alpha monitoring policies list --format json + + 5. Ensure that the output contains at least one alert policy where: + + - *conditions.conditionThreshold.filter* is set to *metric.type=\\"logging.googleapis.com/user/\\"* + - AND *enabled* is set to *true*`, + rationale: `Admin activity and data access logs produced by cloud audit logging enable security analysis, resource change tracking, and compliance auditing. + + Configuring the metric filter and alerts for audit configuration changes ensures the recommended state of audit configuration is maintained so that all activities in the project are audit-able at any point in time.`, + remediation: `**From Console: + Create the prescribed log metric:** + + 1. Go to *Logging/Logs-based Metrics* by visiting https://console.cloud.google.com/logs/metrics and click "CREATE METRIC". + 2. Click the down arrow symbol on the *Filter Bar* at the rightmost corner and select *Convert to Advanced Filter*. + 3. Clear any text and add: + + protoPayload.methodName="SetIamPolicy" AND protoPayload.serviceData.policyDelta.auditConfigDeltas:* + + 4. Click *Submit Filter*. Display logs appear based on the filter text entered by the user. + 5. In the *Metric Editor* menu on the right, fill out the name field. Set *Units* to *1* (default) and *Type* to *Counter*. This will ensure that the log metric counts the number of log entries matching the user's advanced logs query. + 6. Click *Create Metric*. + + **Create a prescribed Alert Policy:** + + 1. Identify the new metric the user just created, under the section *User-defined Metrics* at https://console.cloud.google.com/logs/metrics. + 2. Click the 3-dot icon in the rightmost column for the new metric and select *Create alert from Metric*. A new page opens. + 3. Fill out the alert policy configuration and click *Save*. Choose the alerting threshold and configuration that makes sense for the organization. For example, a threshold of zero(0) for the most recent value will ensure that a notification is triggered for every owner change in the project: + + Set 'Aggregator' to 'Count' + + Set 'Configuration': + + - Condition: above + + - Threshold: 0 + + - For: most recent value + + 4. Configure the desired notifications channels in the section *Notifications*. + 5. Name the policy and click *Save*. + + **From Command Line:** + Create a prescribed Log Metric: + + - Use the command: *gcloud beta logging metrics create* + - Reference for command usage: https://cloud.google.com/sdk/gcloud/reference/beta/logging/metrics/create + + + Create prescribed Alert Policy + - Use the command: *gcloud alpha monitoring policies create* + - Reference for command usage: https://cloud.google.com/sdk/gcloud/reference/alpha/monitoring/policies/create`, + references: [ + 'https://cloud.google.com/logging/docs/logs-based-metrics/', + 'https://cloud.google.com/monitoring/custom-metrics/', + 'https://cloud.google.com/monitoring/alerts/', + 'https://cloud.google.com/logging/docs/reference/tools/gcloud-logging', + 'https://cloud.google.com/logging/docs/audit/configure-data-access#getiampolicy-setiampolicy', + ], + gql: `{ + querygcpAlertPolicy { + id + __typename + enabled { + value + } + project { + logMetrics { + filter + } + } + } + }`, + resource: 'querygcpAlertPolicy[*]', + severity: 'medium', + conditions: { + and: [ + { + path: '@.enabled.value', + equal: true, + }, + { + path: '@.project', + jq: '[.[].logMetrics[] | select( "logging.googleapis.com/user/" + .name == .metricDescriptor.type)]', + array_any: { + path: '[*].filter', + match: filterPatternRegex, + }, + }, + ], + }, +} diff --git a/src/gcp/pci-dss-3.2.1/rules/pci-dss-3.2.1-monitoring-check-2.ts b/src/gcp/pci-dss-3.2.1/rules/pci-dss-3.2.1-monitoring-check-2.ts new file mode 100644 index 00000000..99d2e0a4 --- /dev/null +++ b/src/gcp/pci-dss-3.2.1/rules/pci-dss-3.2.1-monitoring-check-2.ts @@ -0,0 +1,145 @@ +// GCP CIS 1.2.0 Rule equivalent 2.6 +const filterPatternRegex = + /\s*resource.type\s*=\s*"iam_role"\s*AND\s*protoPayload.methodName\s*=\s*"google.iam.admin.v1.CreateRole"\s*OR\s*protoPayload.methodName\s*=\s*"google.iam.admin.v1.DeleteRole"\s*OR\s*protoPayload.methodName\s*=\s*"google.iam.admin.v1.UpdateRole"\s*/ + +export default { + id: 'gcp-pci-dss-3.2.1-monitoring-check-2', + title: + 'Monitoring check 2: Logging metric filter and alert for Custom Role changes should be configured', + description: `It is recommended that a metric filter and alarm be established for changes to Identity and + Access Management (IAM) role creation, deletion and updating activities.`, + audit: `**From Console: + Ensure that the prescribed log metric is present:** + + 1. Go to *Logging/Logs-based Metrics* by visiting https://console.cloud.google.com/logs/metrics. + 2. In the *User-defined Metrics* section, ensure that at least one metric ** is present with filter text: + + resource.type="iam_role" + AND protoPayload.methodName = "google.iam.admin.v1.CreateRole" + OR protoPayload.methodName="google.iam.admin.v1.DeleteRole" + OR protoPayload.methodName="google.iam.admin.v1.UpdateRole" + + **Ensure that the prescribed alerting policy is present:** + + 3. Go to Alerting by visiting https://console.cloud.google.com/monitoring/alerting. + + 4. Under the *Policies* section, ensure that at least one alert policy exists for the log metric above. Clicking on the policy should show that it is configured with a condition. For example, *Violates when: Any logging.googleapis.com/user/ stream is above a threshold of zero(0) for greater than zero(0) seconds* means that the alert will trigger for any new owner change. Verify that the chosen alerting thresholds make sense for the user's organization. + 5. Ensure that the appropriate notifications channels have been set up. + + **From Command Line: + Ensure that the prescribed log metric is present:** + + 1. List the log metrics: + + gcloud beta logging metrics list --format json + + 2. Ensure that the output contains at least one metric with the filter set to: + + resource.type="iam_role" AND protoPayload.methodName = "google.iam.admin.v1.CreateRole" OR protoPayload.methodName="google.iam.admin.v1.DeleteRole" OR protoPayload.methodName="google.iam.admin.v1.UpdateRole" + + 3. Note the value of the property *metricDescriptor.type* for the identified metric, in the format *logging.googleapis.com/user/*. + + **Ensure that the prescribed alerting policy is present:** + + 4. List the alerting policies: + + gcloud alpha monitoring policies list --format json + + 5. Ensure that the output contains an least one alert policy where: + + - *conditions.conditionThreshold.filter* is set to *metric.type=\\"logging.googleapis.com/user/\\"* + - AND *enabled* is set to *true*.`, + rationale: 'Google Cloud IAM provides predefined roles that give granular access to specific Google Cloud Platform resources and prevent unwanted access to other resources. However, to cater to organization-specific needs, Cloud IAM also provides the ability to create custom roles. Project owners and administrators with the Organization Role Administrator role or the IAM Role Administrator role can create custom roles. Monitoring role creation, deletion and updating activities will help in identifying any over-privileged role at early stages.', + remediation: `**From Console: + Create the prescribed log metric:** + + 1. Go to *Logging/Logs-based Metrics* by visiting https://console.cloud.google.com/logs/metrics and click "CREATE METRIC". + 2. Click the down arrow symbol on the *Filter Bar* at the rightmost corner and select *Convert to Advanced Filter*. + + 3. Clear any text and add: + + resource.type="iam_role" + AND protoPayload.methodName = "google.iam.admin.v1.CreateRole" OR protoPayload.methodName="google.iam.admin.v1.DeleteRole" + OR protoPayload.methodName="google.iam.admin.v1.UpdateRole" + + 4. Click *Submit Filter*. Display logs appear based on the filter text entered by the + user. + 5. In the *Metric Editor* menu on the right, fill out the name field. Set *Units* to *1* + (default) and *Type* to *Counter*. This ensures that the log metric counts the number of + log entries matching the advanced logs query. + 6. Click *Create Metric*. + + **Create a prescribed Alert Policy:** + + 1. Identify the new metric that was just created under the section *User-defined + Metrics* at https://console.cloud.google.com/logs/metrics. + 2. Click the 3-dot icon in the rightmost column for the metric and select *Create alert + from Metric*. A new page displays. + 3. Fill out the alert policy configuration and click *Save*. Choose the alerting threshold + and configuration that makes sense for the user's organization. For example, a + threshold of zero(0) for the most recent value ensures that a notification is triggered + for every owner change in the project: + + Set 'Aggregator' to 'Count' + + Set 'Configuration': + + - Condition: above + + - Threshold: 0 + + - For: most recent value + + 4. Configure the desired notification channels in the section *Notifications*. + 5. Name the policy and click *Save*. + + **From Command Line:** + Create the prescribed Log Metric: + + - Use the command: *gcloud beta logging metrics create* + - Reference for command usage: https://cloud.google.com/sdk/gcloud/reference/beta/logging/metrics/create + + Create the prescribed Alert Policy: + + - Use the command: *gcloud alpha monitoring policies create* + - Reference for command usage: https://cloud.google.com/sdk/gcloud/reference/alpha/monitoring/policies/create`, + references: [ + 'https://cloud.google.com/logging/docs/logs-based-metrics/', + 'https://cloud.google.com/monitoring/custom-metrics/', + 'https://cloud.google.com/monitoring/alerts/', + 'https://cloud.google.com/logging/docs/reference/tools/gcloud-logging', + 'https://cloud.google.com/iam/docs/understanding-custom-roles', + ], + gql: `{ + querygcpAlertPolicy { + id + __typename + enabled { + value + } + project { + logMetrics { + filter + } + } + } + }`, + resource: 'querygcpAlertPolicy[*]', + severity: 'medium', + conditions: { + and: [ + { + path: '@.enabled.value', + equal: true, + }, + { + path: '@.project', + jq: '[.[].logMetrics[] | select( "logging.googleapis.com/user/" + .name == .metricDescriptor.type)]', + array_any: { + path: '[*].filter', + match: filterPatternRegex, + }, + }, + ], + }, +} diff --git a/src/gcp/pci-dss-3.2.1/rules/pci-dss-3.2.1-monitoring-check-3.ts b/src/gcp/pci-dss-3.2.1/rules/pci-dss-3.2.1-monitoring-check-3.ts new file mode 100644 index 00000000..5d07e76f --- /dev/null +++ b/src/gcp/pci-dss-3.2.1/rules/pci-dss-3.2.1-monitoring-check-3.ts @@ -0,0 +1,153 @@ +// GCP CIS 1.2.0 Rule equivalent 2.9 +const filterPatternRegex = + /\s*resource.type\s*=\s*gce_network\s*AND\s*protoPayload.methodName\s*=\s*"beta.compute.networks.insert"\s*OR\s*protoPayload.methodName\s*=\s*"beta.compute.networks.patch"\s*OR\s*protoPayload.methodName\s*=\s*"v1.compute.networks.delete"\s*OR\s*protoPayload.methodName\s*=\s*"v1.compute.networks.removePeering"\s*OR\s*protoPayload.methodName\s*=\s*"v1.compute.networks.addPeering"\s*/ + +export default { + id: 'gcp-pci-dss-3.2.1-monitoring-check-3', + title: + 'Monitoring check 3: Logging metric filter and alert for network changes should be configured', + description: `It is recommended that a metric filter and alarm be established for Virtual Private Cloud + (VPC) network changes.`, + audit: `**From Console: + Ensure the prescribed log metric is present:** + + 1. Go to *Logging/Logs-based Metrics* by visiting https://console.cloud.google.com/logs/metrics. + 2. In the *User-defined Metrics* section, ensure at least one metric ** is present with filter text: + + resource.type=gce_network + AND protoPayload.methodName="beta.compute.networks.insert" + OR protoPayload.methodName="beta.compute.networks.patch" + OR protoPayload.methodName="v1.compute.networks.delete" + OR protoPayload.methodName="v1.compute.networks.removePeering" + OR protoPayload.methodName="v1.compute.networks.addPeering" + + **Ensure the prescribed alerting policy is present:** + + 3. Go to *Alerting* by visiting https://console.cloud.google.com/monitoring/alerting. + + + 4. Under the *Policies* section, ensure that at least one alert policy exists for the log metric above. Clicking on the policy should show that it is configured with a condition. For example, *Violates when: Any logging.googleapis.com/user/ stream is above a threshold of 0 for greater than 0 seconds* means that the alert will trigger for any new owner change. Verify that the chosen alerting thresholds make sense for the user's organization. + 5. Ensure that appropriate notification channels have been set up. + + **From Command Line: + Ensure the log metric is present:** + + 1. List the log metrics: + + gcloud beta logging metrics list --format json + + 2. Ensure that the output contains at least one metric with filter set to: + + resource.type=gce_network + AND protoPayload.methodName="beta.compute.networks.insert" + OR protoPayload.methodName="beta.compute.networks.patch" + OR protoPayload.methodName="v1.compute.networks.delete" + OR protoPayload.methodName="v1.compute.networks.removePeering" + OR protoPayload.methodName="v1.compute.networks.addPeering" + + 3. Note the value of the property *metricDescriptor.type for* the identified metric, in + the format l*ogging.googleapis.com/user/*. + + **Ensure the prescribed alerting policy is present:** + + 4. List the alerting policies: + + gcloud alpha monitoring policies list --format json + + 5. Ensure that the output contains at least one alert policy where: + + - *conditions.conditionThreshold.filter* is set to *metric.type=\\"logging.googleapis.com/user/\\"* + - AND *enabled* is set to *true*`, + rationale: `It is possible to have more than one VPC within a project. In addition, it is also possible to create a peer connection between two VPCs enabling network traffic to route between VPCs. + + Monitoring changes to a VPC will help ensure VPC traffic flow is not getting impacted.`, + remediation: `**From Console: + Create the prescribed log metric:** + + 1. Go to *Logging/Logs-based Metrics* by visiting https://console.cloud.google.com/logs/metrics and click "CREATE METRIC". + 2. Click the down arrow symbol on *Filter Bar* at the rightmost corner and select *Convert to Advanced Filter*. + + 3. Clear any text and add: + + resource.type=gce_network + AND protoPayload.methodName="beta.compute.networks.insert" + OR protoPayload.methodName="beta.compute.networks.patch" + OR protoPayload.methodName="v1.compute.networks.delete" + OR protoPayload.methodName="v1.compute.networks.removePeering" + OR protoPayload.methodName="v1.compute.networks.addPeering" + + 4. Click *Submit Filter*. Display logs appear based on the filter text entered by the user. + 5. In the *Metric Editor* menu on the right, fill out the name field. Set *Units* to *1* + (default) and *Type* to *Counter*. This ensures that the log metric counts the number of + log entries matching the user's advanced logs query. + 6. Click *Create Metric*. + + **Create the prescribed alert policy:** + + 1. Identify the newly created metric under the section *User-defined Metrics* at https://console.cloud.google.com/logs/metrics. + 2. Click the 3-dot icon in the rightmost column for the new metric and select *Create alert from Metric*. A new page appears. + 3. Fill out the alert policy configuration and click *Save*. Choose the alerting threshold and configuration that makes sense for the user's organization. For example, a threshold of 0 for the most recent value will ensure that a notification is triggered for every owner change in the project: + + Set "Aggregator" to "Count" + + Set "Configuration": + + - Condition: above + + - Threshold: 0 + + - For: most recent value + + 4. Configure the desired notification channels in the section *Notifications*. + 5. Name the policy and click *Save*. + + **From Command Line:** + Create the prescribed Log Metric: + + - Use the command: *gcloud beta logging metrics create* + - Reference for command usage: https://cloud.google.com/sdk/gcloud/reference/beta/logging/metrics/create + + Create the prescribed alert policy: + + - Use the command: *gcloud alpha monitoring policies create* + - Reference for command usage: https://cloud.google.com/sdk/gcloud/reference/alpha/monitoring/policies/create`, + references: [ + 'https://cloud.google.com/logging/docs/logs-based-metrics/', + 'https://cloud.google.com/monitoring/custom-metrics/', + 'https://cloud.google.com/monitoring/alerts/', + 'https://cloud.google.com/logging/docs/reference/tools/gcloud-logging', + 'https://cloud.google.com/vpc/docs/overview', + ], + gql: `{ + querygcpAlertPolicy { + id + __typename + enabled { + value + } + project { + logMetrics { + filter + } + } + } + }`, + resource: 'querygcpAlertPolicy[*]', + severity: 'medium', + conditions: { + and: [ + { + path: '@.enabled.value', + equal: true, + }, + { + path: '@.project', + jq: '[.[].logMetrics[] | select( "logging.googleapis.com/user/" + .name == .metricDescriptor.type)]', + array_any: { + path: '[*].filter', + match: filterPatternRegex, + }, + }, + ], + }, +} diff --git a/src/gcp/pci-dss-3.2.1/rules/pci-dss-3.2.1-monitoring-check-4.ts b/src/gcp/pci-dss-3.2.1/rules/pci-dss-3.2.1-monitoring-check-4.ts new file mode 100644 index 00000000..0b9e339a --- /dev/null +++ b/src/gcp/pci-dss-3.2.1/rules/pci-dss-3.2.1-monitoring-check-4.ts @@ -0,0 +1,137 @@ +// GCP CIS 1.2.0 Rule equivalent 2.7 +const filterPatternRegex = + /\s*resource.type\s*=\s*"gce_firewall_rule"\s*AND\s*protoPayload.methodName\s*=\s*"v1.compute.firewalls.patch"\s*OR\s*protoPayload.methodName\s*=\s*"v1.compute.firewalls.insert"\s*/ + +export default { + id: 'gcp-pci-dss-3.2.1-monitoring-check-4', + title: + 'Monitoring check 4: Logging metric filter and alert for network firewall rule changes should be configured', + description: `It is recommended that a metric filter and alarm be established for changes to Identity and + Access Management (IAM) role creation, deletion and updating activities.`, + audit: `**From Console: + Ensure that the prescribed log metric is present:** + + 1. Go to *Logging/Logs-based Metrics* by visiting https://console.cloud.google.com/logs/metrics. + 2. In the *User-defined Metrics* section, ensure at least one metric ** is present with this filter text: + + resource.type="gce_firewall_rule" AND protoPayload.methodName="v1.compute.firewalls.patch" OR protoPayload.methodName="v1.compute.firewalls.insert" + + **Ensure that the prescribed alerting policy is present:** + + 3. Go to *Alerting* by visiting https://console.cloud.google.com/monitoring/alerting. + 4. Under the *Policies* section, ensure that at least one alert policy exists for the log metric above. Clicking on the policy should show that it is configured with a condition. For example, *Violates when: Any logging.googleapis.com/user/ stream is above a threshold of zero(0) for greater than zero(0) seconds* means that the alert will trigger for any new owner change. Verify that the chosen alerting thresholds make sense for the user's organization. + 5. Ensure that appropriate notification channels have been set up. + + + **From Command Line: + Ensure that the prescribed log metric is present:** + + 1. List the log metrics: + + gcloud beta logging metrics list --format json + + 2. Ensure that the output contains at least one metric with the filter set to: + + resource.type="gce_firewall_rule" AND protoPayload.methodName="v1.compute.firewalls.patch" OR protoPayload.methodName="v1.compute.firewalls.insert" + + 3. Note the value of the property *metricDescriptor.type* for the identified metric, in the format *logging.googleapis.com/user/*. + + **Ensure that the prescribed alerting policy is present:** + + 4. List the alerting policies: + + gcloud alpha monitoring policies list --format json + + 5. Ensure that the output contains an least one alert policy where: + + - *conditions.conditionThreshold.filter* is set to *metric.type=\\"logging.googleapis.com/user/\\"* + - AND *enabled* is set to *true* + `, + rationale: 'Monitoring for Create or Update Firewall rule events gives insight to network access changes and may reduce the time it takes to detect suspicious activity.', + remediation: ` + **From Console: + Create the prescribed log metric:** + + 1. Go to *Logging/Logs-based* Metrics by visiting https://console.cloud.google.com/logs/metrics and click "CREATE METRIC". + 2. Click the down arrow symbol on the *Filter Ba*r at the rightmost corner and select *Convert to Advanced Filter*. + 3. Clear any text and add: + + resource.type="gce_firewall_rule" AND protoPayload.methodName="v1.compute.firewalls.patch" OR protoPayload.methodName="v1.compute.firewalls.insert" + + + 4. Click *Submit Filter*. Display logs appear based on the filter text entered by the user. + 5. In the *Metric Editor* menu on the right, fill out the name field. Set *Units* to *1* (default) and *Type* to *Counter*. This ensures that the log metric counts the number of log entries matching the advanced logs query. + 6. Click *Create Metric*. + + **Create the prescribed Alert Policy:** + + 1. Identify the newly created metric under the section *User-defined Metrics* at https://console.cloud.google.com/logs/metrics. + 2. Click the 3-dot icon in the rightmost column for the new metric and select **Create alert from Metric**. A new page displays. + 3. Fill out the alert policy configuration and click *Save*. Choose the alerting threshold and configuration that makes sense for the user's organization. For example, a threshold of zero(0) for the most recent value ensures that a notification is triggered for every owner change in the project: + + Set "Aggregator" to "Count" + + Set "Configuration": + + - Condition: above + + - Threshold: 0 + + - For: most recent value + + 4. Configure the desired notifications channels in the section *Notifications*. + 5. Name the policy and click *Save*. + + **From Command Line:** + Create the prescribed Log Metric + + + - Use the command: *gcloud beta logging metrics create* + - Reference for command usage: https://cloud.google.com/sdk/gcloud/reference/beta/logging/metrics/create + + Create the prescribed alert policy: + + + - Use the command: *gcloud alpha monitoring policies create* + - Reference for command usage: https://cloud.google.com/sdk/gcloud/reference/alpha/monitoring/policies/create + `, + references: [ + 'https://cloud.google.com/logging/docs/logs-based-metrics/', + 'https://cloud.google.com/monitoring/custom-metrics/', + 'https://cloud.google.com/monitoring/alerts/', + 'https://cloud.google.com/logging/docs/reference/tools/gcloud-logging', + 'https://cloud.google.com/vpc/docs/firewalls', + ], + gql: `{ + querygcpAlertPolicy { + id + __typename + enabled { + value + } + project { + logMetrics { + filter + } + } + } + }`, + resource: 'querygcpAlertPolicy[*]', + severity: 'medium', + conditions: { + and: [ + { + path: '@.enabled.value', + equal: true, + }, + { + path: '@.project', + jq: '[.[].logMetrics[] | select( "logging.googleapis.com/user/" + .name == .metricDescriptor.type)]', + array_any: { + path: '[*].filter', + match: filterPatternRegex, + }, + }, + ], + }, +} diff --git a/src/gcp/pci-dss-3.2.1/rules/pci-dss-3.2.1-monitoring-check-5.ts b/src/gcp/pci-dss-3.2.1/rules/pci-dss-3.2.1-monitoring-check-5.ts new file mode 100644 index 00000000..94a96133 --- /dev/null +++ b/src/gcp/pci-dss-3.2.1/rules/pci-dss-3.2.1-monitoring-check-5.ts @@ -0,0 +1,139 @@ +// GCP CIS 1.2.0 Rule equivalent 2.8 +const filterPatternRegex = + /\s*resource.type\s*=\s*"gce_route"\s*AND\s*protoPayload.methodName\s*=\s*"beta.compute.routes.patch"\s*OR\s*protoPayload.methodName\s*=\s*"beta.compute.routes.insert"\s*/ + +export default { + id: 'gcp-pci-dss-3.2.1-monitoring-check-5', + title: + 'Monitoring check 5: Logging metric filter and alert for network route changes should be configured', + description: `It is recommended that a metric filter and alarm be established for Virtual Private Cloud + (VPC) network route changes.`, + audit: `**From Console: + Ensure that the prescribed Log metric is present:** + + 1. Go to *Logging/Logs-based Metrics* by visiting https://console.cloud.google.com/logs/metrics. + 2. In the *User-defined Metrics* section, ensure that at least one metric ** is present with the filter text: + + resource.type="gce_route" AND protoPayload.methodName="beta.compute.routes.patch" OR protoPayload.methodName="beta.compute.routes.insert" + + **Ensure the prescribed alerting policy is present:** + + 3. Go to *Alerting* by visiting: https://console.cloud.google.com/monitoring/alerting. + 4. Under the *Policies* section, ensure that at least one alert policy exists for the log metric above. Clicking on the policy should show that it is configured with a condition. For example, *Violates when: Any logging.googleapis.com/user/ stream is above a threshold of 0 for greater than zero(0) seconds* means that the alert will trigger for any new owner change. Verify that the chosen alert thresholds make sense for the user's organization. + 5. Ensure that the appropriate notification channels have been set up. + + **From Command Line: + Ensure the prescribed log metric is present:** + + 1. List the log metrics: + + gcloud beta logging metrics list --format json + + 2. Ensure that the output contains at least one metric with the filter set to: + + resource.type="gce_route" AND protoPayload.methodName="beta.compute.routes.patch" OR protoPayload.methodName="beta.compute.routes.insert" + + 3. Note the value of the property *metricDescriptor.type* for the identified metric, in the format *logging.googleapis.com/user/*. + + **Ensure that the prescribed alerting policy is present:** + + 4. List the alerting policies: + + gcloud alpha monitoring policies list --format json + + 5. Ensure that the output contains an least one alert policy where: + + - *conditions.conditionThreshold.filter* is set to *metric.type=\\"logging.googleapis.com/user/\\"* + - AND *enabled* is set to *true*`, + + rationale: `Google Cloud Platform (GCP) routes define the paths network traffic takes from a VM instance to another destination. The other destination can be inside the organization VPC network (such as another VM) or outside of it. Every route consists of a destination and a next hop. Traffic whose destination IP is within the destination range is sent to the next hop for delivery. + + Monitoring changes to route tables will help ensure that all VPC traffic flows through an expected path.`, + + remediation: `**From Console: + Create the prescribed Log Metric:** + + 1. Go to *Logging/Logs-based Metrics* by visiting https://console.cloud.google.com/logs/metrics and click "CREATE METRIC". + 2. Click the down arrow symbol on the *Filter Bar* at the rightmost corner and select *Convert to Advanced Filter* + + 3. Clear any text and add: + + resource.type="gce_route" AND protoPayload.methodName="beta.compute.routes.patch" OR protoPayload.methodName="beta.compute.routes.insert" + + 4. Click *Submit Filter*. Display logs appear based on the filter text entered by the user. + 5. In the *Metric Editor* menu on the right, fill out the name field. Set *Units* to *1* (default) and *Type* to *Counter*. This ensures that the log metric counts the number of log entries matching the user's advanced logs query. + 6. Click *Create Metric*. + + **Create the prescribed alert policy:** + + 1. Identify the newly created metric under the section *User-defined Metrics* at https://console.cloud.google.com/logs/metrics. + 2. Click the 3-dot icon in the rightmost column for the new metric and select *Create alert from Metric*. A new page displays. + 3. Fill out the alert policy configuration and click *Save*. Choose the alerting threshold + and configuration that makes sense for the user's organization. For example, a + threshold of zero(0) for the most recent value ensures that a notification is triggered + for every owner change in the project: + + Set "Aggregator" to "Count" + + Set "Configuration": + + - Condition: above + + - Threshold: 0 + + - For: most recent value + + 4. Configure the desired notification channels in the section *Notifications*. + 5. Name the policy and click *Save*. + + **From Command Line:** + Create the prescribed Log Metric: + + + - Use the command: *gcloud beta logging metrics create* + - Reference for command usage: https://cloud.google.com/sdk/gcloud/reference/beta/logging/metrics/create + + Create the prescribed the alert policy: + - Use the command: *gcloud alpha monitoring policies create* + - Reference for command usage: https://cloud.google.com/sdk/gcloud/reference/alpha/monitoring/policies/create + `, + references: [ + 'https://cloud.google.com/logging/docs/logs-based-metrics/', + 'https://cloud.google.com/monitoring/custom-metrics/', + 'https://cloud.google.com/monitoring/alerts/', + 'https://cloud.google.com/logging/docs/reference/tools/gcloud-logging', + 'https://cloud.google.com/storage/docs/access-control/iam', + ], + gql: `{ + querygcpAlertPolicy { + id + __typename + enabled { + value + } + project { + logMetrics { + filter + } + } + } + }`, + resource: 'querygcpAlertPolicy[*]', + severity: 'medium', + conditions: { + and: [ + { + path: '@.enabled.value', + equal: true, + }, + { + path: '@.project', + jq: '[.[].logMetrics[] | select( "logging.googleapis.com/user/" + .name == .metricDescriptor.type)]', + array_any: { + path: '[*].filter', + match: filterPatternRegex, + }, + }, + ], + }, +} diff --git a/src/gcp/pci-dss-3.2.1/rules/pci-dss-3.2.1-monitoring-check-6.ts b/src/gcp/pci-dss-3.2.1/rules/pci-dss-3.2.1-monitoring-check-6.ts new file mode 100644 index 00000000..88f3bc83 --- /dev/null +++ b/src/gcp/pci-dss-3.2.1/rules/pci-dss-3.2.1-monitoring-check-6.ts @@ -0,0 +1,158 @@ +// GCP CIS 1.2.0 Rule equivalent 2.4 +const filterPatternRegex = + /\s*\(\s*protoPayload.serviceName\s*=\s*"cloudresourcemanager.googleapis.com"\s*\)\s*AND\s*\(\s*ProjectOwnership\s*OR\s*projectOwnerInvitee\s*\)\s*OR\s*\(\s*protoPayload.serviceData.policyDelta.bindingDeltas.action\s*=\s*"REMOVE"\s*AND\s*protoPayload.serviceData.policyDelta.bindingDeltas.role\s*=\s*"roles\/owner"\s*\)\s*OR\s*\(\s*protoPayload.serviceData.policyDelta.bindingDeltas.action\s*=\s*"ADD"\s*AND\s*protoPayload.serviceData.policyDelta.bindingDeltas.role\s*=\s*"roles\/owner"\s*\)\s*/ + +export default { + id: 'gcp-pci-dss-3.2.1-monitoring-check-6', + title: + 'Monitoring check 6: Logging metric filter and alert for project ownership assignments/changes should be configured', + + description: `In order to prevent unnecessary project ownership assignments to users/service-accounts + and further misuses of projects and resources, all roles/Owner assignments should be + monitored.`, + + audit: `**From Console: + Ensure that the prescribed log metric is present:** + + 1. Go to *Logging/Log-based Metrics* by visiting https://console.cloud.google.com/logs/metrics. + 2. In the User-defined Metrics section, ensure that at least one metric ** is present with filter text: + + (protoPayload.serviceName="cloudresourcemanager.googleapis.com") + AND (ProjectOwnership OR projectOwnerInvitee) + OR (protoPayload.serviceData.policyDelta.bindingDeltas.action="REMOVE" + AND protoPayload.serviceData.policyDelta.bindingDeltas.role="roles/owner") + OR (protoPayload.serviceData.policyDelta.bindingDeltas.action="ADD" + AND protoPayload.serviceData.policyDelta.bindingDeltas.role="roles/owner") + + **Ensure that the prescribed Alerting Policy is present:** + + 3. Go to *Alerting* by visiting https://console.cloud.google.com/monitoring/alerting. + 4. Under the Policies section, ensure that at least one alert policy exists for the log metric above. Clicking on the policy should show that it is configured with a condition. For example, *Violates when: Any logging.googleapis.com/user/ stream is above a threshold of zero(0) for greater than zero(0) seconds* means that the alert will trigger for any new owner change. Verify that the chosen alerting thresholds make sense for your organization. + 5. Ensure that the appropriate notifications channels have been set up. + + **From Command Line: + Ensure that the prescribed log metric is present:** + + + 1. List the log metrics: + + gcloud beta logging metrics list --format json + + 2. Ensure that the output contains at least one metric with filter set to: + + (protoPayload.serviceName="cloudresourcemanager.googleapis.com") + AND (ProjectOwnership OR projectOwnerInvitee) + OR (protoPayload.serviceData.policyDelta.bindingDeltas.action="REMOVE" + AND protoPayload.serviceData.policyDelta.bindingDeltas.role="roles/owner") + OR (protoPayload.serviceData.policyDelta.bindingDeltas.action="ADD" + AND protoPayload.serviceData.policyDelta.bindingDeltas.role="roles/owner") + + 3. Note the value of the property *metricDescriptor.type* for the identified metric, in the format *logging.googleapis.com/user/*. + + **Ensure that the prescribed alerting policy is present:** + + 4. List the alerting policies: + + gcloud alpha monitoring policies list --format json + + 5. Ensure that the output contains an least one alert policy where: + + + - conditions.conditionThreshold.filter is set to *metric.type=\\"logging.googleapis.com/user/\\"* + - AND *enabled* is set to *true*`, + + rationale: `Project ownership has the highest level of privileges on a project. To avoid misuse of project resources, the project ownership assignment/change actions mentioned above should be monitored and alerted to concerned recipients. + + - Sending project ownership invites + - Acceptance/Rejection of project ownership invite by user + - Adding 'role/Owner' to a user/service-account + - Removing a user/Service account from 'role/Owner'`, + + remediation: `**From Console: + Create the prescribed log metric:** + + 1. Go to *Logging/Logs-based Metrics* by visiting https://console.cloud.google.com/logs/metrics and click "CREATE METRIC". + 2. Click the down arrow symbol on the *Filter Bar* at the rightmost corner and select *Convert to Advanced Filter*. + 3. Clear any text and add: + + (protoPayload.serviceName="cloudresourcemanager.googleapis.com") + AND (ProjectOwnership OR projectOwnerInvitee) + OR (protoPayload.serviceData.policyDelta.bindingDeltas.action="REMOVE" + AND protoPayload.serviceData.policyDelta.bindingDeltas.role="roles/owner") + OR (protoPayload.serviceData.policyDelta.bindingDeltas.action="ADD" + AND protoPayload.serviceData.policyDelta.bindingDeltas.role="roles/owner") + + 4. Click *Submit Filter*. The logs display based on the filter text entered by the user. + 5. In the *Metric Editor* menu on the right, fill out the name field. Set *Units* to **1** (default) and the *Type* to *Counter*. This ensures that the log metric counts the number of log entries matching the advanced logs query. + 6. Click *Create Metric*. + + **Create the display prescribed Alert Policy:** + + 1. Identify the newly created metric under the section *User-defined Metrics* at https://console.cloud.google.com/logs/metrics. + 2. Click the 3-dot icon in the rightmost column for the desired metric and select *Create alert from Metric*. A new page opens. + 3. Fill out the alert policy configuration and click *Save*. Choose the alerting threshold and configuration that makes sense for the user's organization. For example, a threshold of zero(0) for the most recent value will ensure that a notification is triggered for every owner change in the project: + + Set 'Aggregator' to 'Count' + + Set 'Configuration': + + - Condition: above + + - Threshold: 0 + + - For: most recent value + + 4. Configure the desired notifications channels in the section *Notifications*. + 5. Name the policy and click *Save*. + + **From Command Line:** + Create a prescribed Log Metric: + + + - Use the command: gcloud beta logging metrics create + - Reference for Command Usage: https://cloud.google.com/sdk/gcloud/reference/beta/logging/metrics/create + + Create prescribed Alert Policy + + - Use the command: gcloud alpha monitoring policies create + - Reference for Command Usage: https://cloud.google.com/sdk/gcloud/reference/alpha/monitoring/policies/create`, + + references: [ + 'https://cloud.google.com/logging/docs/logs-based-metrics/', + 'https://cloud.google.com/monitoring/custom-metrics/', + 'https://cloud.google.com/monitoring/alerts/', + 'https://cloud.google.com/logging/docs/reference/tools/gcloud-logging', + ], + gql: `{ + querygcpAlertPolicy { + id + __typename + enabled { + value + } + project { + logMetrics { + filter + } + } + } + }`, + resource: 'querygcpAlertPolicy[*]', + severity: 'high', + conditions: { + and: [ + { + path: '@.enabled.value', + equal: true, + }, + { + path: '@.project', + jq: '[.[].logMetrics[] | select( "logging.googleapis.com/user/" + .name == .metricDescriptor.type)]', + array_any: { + path: '[*].filter', + match: filterPatternRegex, + }, + }, + ], + }, +} diff --git a/src/gcp/pci-dss-3.2.1/rules/pci-dss-3.2.1-monitoring-check-7.ts b/src/gcp/pci-dss-3.2.1/rules/pci-dss-3.2.1-monitoring-check-7.ts new file mode 100644 index 00000000..bb32795f --- /dev/null +++ b/src/gcp/pci-dss-3.2.1/rules/pci-dss-3.2.1-monitoring-check-7.ts @@ -0,0 +1,148 @@ +// GCP CIS 1.2.0 Rule equivalent 2.11 +const filterPatternRegex = + /\s*protoPayload.methodName\s*=\s*"cloudsql.instances.update"\s*/ + +export default { + id: 'gcp-pci-dss-3.2.1-monitoring-check-7', + title: + 'Monitoring check 7: Logging metric filter and alert for SQL instance configuration changes should be configured', + + description: `It is recommended that a metric filter and alarm be established for SQL instance + configuration changes.`, + + audit: `**From Console: + Ensure the prescribed log metric is present:** + + 1. For each project that contains Cloud SQL instances, go to L*ogging/Logs-based Metrics* by visiting https://console.cloud.google.com/logs/metrics. + 2. In the *User-defined Metrics* section, ensure that at least one metric ** is present with the filter text: + + protoPayload.methodName="cloudsql.instances.update" + + **Ensure that the prescribed alerting policy is present:** + + 3. Go to *Alerting* by visiting https://console.cloud.google.com/monitoring/alerting. + 4. Under the Pol*i*cies section, ensure that at least one alert policy exists for the log metric above. Clicking on the policy should show that it is configured with a condition. For example, *Violates when: Any logging.googleapis.com/user/ stream is above a threshold of zero(0) for greater than zero(0) seconds* means that the alert will trigger for any new owner change. Verify that the chosen alerting thresholds make sense for the user's organization. + 5. Ensure that the appropriate notifications channels have been set up. + + **From Command Line: + Ensure that the prescribed log metric is present:** + + 1. List the log metrics: + + gcloud beta logging metrics list --format json + + 2. Ensure that the output contains at least one metric with the filter set to + + protoPayload.methodName="cloudsql.instances.update" + + 3. Note the value of the property *metricDescriptor.type* for the identified metric, in the format *logging.googleapis.com/user/*. + + **Ensure that the prescribed alerting policy is present:** + + 4. List the alerting policies: + + gcloud alpha monitoring policies list --format json + + 5. Ensure that the output contains at least one alert policy where: + + - *conditions.conditionThreshold.filter* is set to *metric.type=\\"logging.googleapis.com/user/\\"* + - AND *enabled* is set to *true*`, + + rationale: `Monitoring changes to SQL instance configuration changes may reduce the time needed to detect and correct misconfigurations done on the SQL server. + + Below are a few of the configurable options which may the impact security posture of an SQL instance: + + - Enable auto backups and high availability: Misconfiguration may adversely impact business continuity, disaster recovery, and high availability + - Authorize networks: Misconfiguration may increase exposure to untrusted networks`, + + remediation: `**From Console: + Create the prescribed Log Metric:** + + 1. Go to *Logging/Logs-based Metrics* by visiting https://console.cloud.google.com/logs/metrics and click "CREATE METRIC". + 2. Click the down arrow symbol on the *Filter Bar* at the rightmost corner and select *Convert to Advanced Filter*. + + 3. Clear any text and add: + + protoPayload.methodName="cloudsql.instances.update" + + 4. Click *Submit Filter*. Display logs appear based on the filter text entered by the user. + 5. In the *Metric Editor* menu on right, fill out the name field. Set *Units* to *1* (default) and *Type* to *Counter*. This ensures that the log metric counts the number of log entries matching the user's advanced logs query. + 6. Click *Create Metric*. + + **Create the prescribed alert policy:** + + 1. Identify the newly created metric under the section *User-defined Metrics* at https://console.cloud.google.com/logs/metrics. + 2. Click the 3-dot icon in the rightmost column for the new metric and select *Create alert from Metric*. A new page appears. + 3. Fill out the alert policy configuration and click *Save*. Choose the alerting threshold and configuration that makes sense for the user's organization. For example, a threshold of zero(0) for the most recent value will ensure that a notification is triggered for every owner change in the user's project: + + Set 'Aggregator' to 'Count' + + Set 'Configuration': + + - Condition: above + + - Threshold: 0 + + - For: most recent value + + 4. Configure the desired notification channels in the section *Notifications*. + 5. Name the policy and click *Save*. + + **From Command Line:** + Create the prescribed log metric: + + - Use the command: *gcloud beta logging metrics create* + - Reference for command usage: https://cloud.google.com/sdk/gcloud/reference/beta/logging/metrics/create + + Create the prescribed alert policy: + - Use the command: *gcloud alpha monitoring policies create* + - Reference for command usage: https://cloud.google.com/sdk/gcloud/reference/alpha/monitoring/policies/create + `, + + references: [ + 'https://cloud.google.com/logging/docs/logs-based-metrics/', + 'https://cloud.google.com/monitoring/custom-metrics/', + 'https://cloud.google.com/monitoring/alerts/', + 'https://cloud.google.com/logging/docs/reference/tools/gcloud-logging', + 'https://cloud.google.com/storage/docs/overview', + 'https://cloud.google.com/sql/docs/', + 'https://cloud.google.com/sql/docs/mysql/', + 'https://cloud.google.com/sql/docs/postgres/', + ], + gql: `{ + querygcpAlertPolicy { + id + __typename + enabled { + value + } + project { + logMetrics { + name + filter + metricDescriptor { + type + } + } + } + } + }`, + resource: 'querygcpAlertPolicy[*]', + severity: 'medium', + conditions: { + and: [ + { + path: '@.enabled.value', + equal: true, + }, + { + path: '@.project', + jq: '[.[].logMetrics[] | select( "logging.googleapis.com/user/" + .name == .metricDescriptor.type)]', + array_any: { + path: '[*].filter', + match: filterPatternRegex, + }, + }, + ], + }, +} diff --git a/src/gcp/pci-dss-3.2.1/rules/pci-dss-3.2.1-monitoring-check-8.ts b/src/gcp/pci-dss-3.2.1/rules/pci-dss-3.2.1-monitoring-check-8.ts new file mode 100644 index 00000000..3c14eb7d --- /dev/null +++ b/src/gcp/pci-dss-3.2.1/rules/pci-dss-3.2.1-monitoring-check-8.ts @@ -0,0 +1,135 @@ +// GCP CIS 1.2.0 Rule equivalent 2.10 +const filterPatternRegex = + /\s*resource.type\s*=\s*gcs_bucket\s*AND\s*protoPayload.methodName\s*=\s*"storage.setIamPermissions"\s*/ + +export default { + id: 'gcp-pci-dss-3.2.1-monitoring-check-8', + title: + 'Monitoring check 8: Logging metric filter and alert for Storage IAM permission changes should be configured', + description: `It is recommended that a metric filter and alarm be established for Cloud Storage Bucket + IAM changes.`, + audit: `**From Console: + Ensure the prescribed log metric is present:** + + 1. For each project that contains cloud storage buckets, go to *Logging/Logs-based Metrics* by visiting https://console.cloud.google.com/logs/metrics. + 2. In the *User-defined Metrics* section, ensure at least one metric ** is present with the filter text: + + resource.type=gcs_bucket AND protoPayload.methodName="storage.setIamPermissions" + + **Ensure that the prescribed alerting policy is present:** + + 3. Go to *Alerting* by visiting https://console.cloud.google.com/monitoring/alerting. + 4. Under the *Policies* section, ensure that at least one alert policy exists for the log metric above. Clicking on the policy should show that it is configured with a condition. For example, *Violates when: Any logging.googleapis.com/user/ stream is above a threshold of 0 for greater than 0 seconds* means that the alert will trigger for any new owner change. Verify that the chosen alerting thresholds make sense for the user's organization. + 5. Ensure that the appropriate notifications channels have been set up. + + **From Command Line: + Ensure that the prescribed log metric is present:** + + 1. List the log metrics: + + gcloud beta logging metrics list --format json + + 2. Ensure that the output contains at least one metric with the filter set to: + + resource.type=gcs_bucket AND protoPayload.methodName="storage.setIamPermissions" + + 3. Note the value of the property *metricDescriptor.type* for the identified metric, in the format *logging.googleapis.com/user/*. + + **Ensure the prescribed alerting policy is present:** + + 4. List the alerting policies: + + gcloud alpha monitoring policies list --format json + + 5. Ensure that the output contains an least one alert policy where: + + - *conditions.conditionThreshold.filter* is set to *metric.type=\\"logging.googleapis.com/user/\\"* + - AND *enabled* is set to *true*`, + rationale: 'Monitoring changes to cloud storage bucket permissions may reduce the time needed to detect and correct permissions on sensitive cloud storage buckets and objects inside the bucket.', + remediation: `**From Console: + Create the prescribed log metric:** + + 1. Go to *Logging/Logs-based Metrics* by visiting https://console.cloud.google.com/logs/metrics and click "CREATE METRIC". + 2. Click the down arrow symbol on the *Filter Bar* at the rightmost corner and select *Convert to Advanced Filter*. + 3. Clear any text and add: + + resource.type=gcs_bucket AND protoPayload.methodName="storage.setIamPermissions" + + 4. Click *Submit Filter*. Display logs appear based on the filter text entered by the user. + 5. In the Metric Editor menu on right, fill out the name field. Set *Units* to *1* (default) and *Type* to *Counter*. This ensures that the log metric counts the number of log entries matching the user's advanced logs query. + 6. Click *Create Metric*. + + **Create the prescribed Alert Policy:** + + 1. Identify the newly created metric under the section *User-defined Metrics* at https://console.cloud.google.com/logs/metrics. + 2. Click the 3-dot icon in the rightmost column for the new metric and select *Create alert from Metric*. A new page appears. + 3. Fill out the alert policy configuration and click *Save*. Choose the alerting threshold and configuration that makes sense for the user's organization. For example, a threshold of zero(0) for the most recent value will ensure that a notification is triggered for every owner change in the project: + + Set 'Aggregator' to 'Count' + + Set 'Configuration': + + - Condition: above + + - Threshold: 0 + + - For: most recent value + + 4. Configure the desired notifications channels in the section *Notifications*. + 5. Name the policy and click *Save*. + + **From Command Line:** + Create the prescribed Log Metric: + + - Use the command: *gcloud beta logging metrics create* + - Reference for command usage: https://cloud.google.com/sdk/gcloud/reference/beta/logging/metrics/create + + Create the prescribed alert policy: + + - Use the command: *gcloud alpha monitoring policies create* + - Reference for command usage: https://cloud.google.com/sdk/gcloud/reference/alpha/monitoring/policies/create`, + references: [ + 'https://cloud.google.com/logging/docs/logs-based-metrics/', + 'https://cloud.google.com/monitoring/custom-metrics/', + 'https://cloud.google.com/monitoring/alerts/', + 'https://cloud.google.com/logging/docs/reference/tools/gcloud-logging', + 'https://cloud.google.com/storage/docs/overview', + 'https://cloud.google.com/storage/docs/access-control/iam-roles', + ], + gql: `{ + querygcpAlertPolicy { + id + __typename + enabled { + value + } + project { + logMetrics { + name + filter + metricDescriptor { + type + } + } + } + } + }`, + resource: 'querygcpAlertPolicy[*]', + severity: 'medium', + conditions: { + and: [ + { + path: '@.enabled.value', + equal: true, + }, + { + path: '@.project', + jq: '[.[].logMetrics[] | select( "logging.googleapis.com/user/" + .name == .metricDescriptor.type)]', + array_any: { + path: '[*].filter', + match: filterPatternRegex, + }, + }, + ], + }, +} diff --git a/src/gcp/pci-dss-3.2.1/rules/pci-dss-3.2.1-networking-check-1.ts b/src/gcp/pci-dss-3.2.1/rules/pci-dss-3.2.1-networking-check-1.ts new file mode 100644 index 00000000..22c47f5b --- /dev/null +++ b/src/gcp/pci-dss-3.2.1/rules/pci-dss-3.2.1-networking-check-1.ts @@ -0,0 +1,134 @@ +// GCP CIS 1.2.0 Rule equivalent 3.6 +export default { + id: 'gcp-pci-dss-3.2.1-networking-check-1', + title: 'Networking check 1: Network firewall rules should not permit ingress from 0.0.0.0/0 to port 22 (SSH)', + + description: `GCP Firewall Rules are specific to a VPC Network. Each rule either allows or denies + traffic when its conditions are met. Its conditions allow the user to specify the type of + traffic, such as ports and protocols, and the source or destination of the traffic, including IP + addresses, subnets, and instances. + + Firewall rules are defined at the VPC network level and are specific to the network in which + they are defined. The rules themselves cannot be shared among networks. Firewall rules + only support IPv4 traffic. When specifying a source for an ingress rule or a destination for + an egress rule by address, only an IPv4 address or IPv4 block in CIDR notation can be + used. Generic (0.0.0.0/0) incoming traffic from the internet to VPC or VM instance using + SSH on Port 22 can be avoided.`, + + audit: `**From the Console:** + + 1. Go to *VPC network*. + 2. Go to the *Firewall Rules*. + 3. Ensure that *Port* is not equal to *22* and *Action* is not set to *Allow*. + 4. Ensure *IP Ranges* is not equal to *0.0.0.0/0* under *Source filters*. + + **From Command Line:** + + gcloud compute firewall-rules list --format=table'(name,direction,sourceRanges,allowed)' + + Ensure that there is no rule matching the below criteria: + + - *SOURCE_RANGES* is 0.0.0.0/0 + - AND *DIRECTION* is *INGRESS* + - AND IPProtocol is *tcp* or ALL + - AND *PORTS* is set to *22* or *range* *containing* *22* or *Null* *(not set)* + + Note: + + - When ALL TCP ports are allowed in a rule, PORT does not have any value set (*NULL*) + - When ALL Protocols are allowed in a rule, PORT does not have any value set (*NULL*)`, + + rationale: 'GCP *Firewall Rules* within a *VPC Network* apply to outgoing (egress) traffic from instances and incoming (ingress) traffic to instances in the network. Egress and ingress traffic flows are controlled even if the traffic stays within the network (for example, instance-to-instance communication). For an instance to have outgoing Internet access, the network must have a valid Internet gateway route or custom route whose destination IP is specified. This route simply defines the path to the Internet, to avoid the most general *(0.0.0.0/0)* destination *IP Range* specified from the Internet through SSH with the default *Port 22*. Generic access from the Internet to a specific IP Range needs to be restricted.', + + remediation: `**From the Console:** + + 1. Go to *VPC Network*. + 2. Go to the *Firewall Rules*. + 3. Click the *Firewall Rule* you want to modify. + 4. Click *Edit*. + 5. Modify *Source IP ranges* to specific *IP*. + 6. Click *Save*. + + **From Command Line:** + 1. Update the Firewall rule with the new *SOURCE_RANGE* from the below command: + + gcloud compute firewall-rules update FirewallName --allow=[PROTOCOL[:PORT[- PORT]],...] --source-ranges=[CIDR_RANGE,...] + `, + references: ['https://cloud.google.com/vpc/docs/firewalls#blockedtraffic'], + gql: `{ + querygcpFirewall(filter: {direction:{eq: "INGRESS"}}){ + id + name + __typename + sourceRanges + direction + allowed{ + ipProtocol + ports + } + } + }`, + resource: 'querygcpFirewall[*]', + severity: 'high', + conditions: { + not: { + path: '@', + and: [ + { + path: '[*].sourceRanges', + jq: 'map({"range": .})', + array_any: { + path: '[*].range', + in: ['0.0.0.0/0', '::/0'], + }, + }, + { + path: '[*].direction', + in: ['INGRESS'], + }, + { + path: '@.allowed', + jq: `[.[] + | { "ipProtocol": .ipProtocol} + + (if .ports | length > 0 then .ports[] else [""][] end | split("-") | {fromPort: (.[0]), toPort: (.[1] // .[0])}) ]`, + array_any: { + and: [ + { + path: '[*].ipProtocol', + in: ['tcp', 'all'], + }, + { + or: [ + { + and: [ + { + path: '[*].fromPort', + equal: null, + }, + { + path: '[*].toPort', + equal: null, + }, + ], + }, + { + and: [ + { + path: '[*].fromPort', + lessThanInclusive: 22, + }, + { + path: '[*].toPort', + greaterThanInclusive: 22, + }, + ], + }, + ], + }, + ], + }, + }, + ], + }, + }, +} diff --git a/src/gcp/pci-dss-3.2.1/rules/pci-dss-3.2.1-networking-check-2.ts b/src/gcp/pci-dss-3.2.1/rules/pci-dss-3.2.1-networking-check-2.ts new file mode 100644 index 00000000..ccdbf88d --- /dev/null +++ b/src/gcp/pci-dss-3.2.1/rules/pci-dss-3.2.1-networking-check-2.ts @@ -0,0 +1,133 @@ +// GCP CIS 1.2.0 Rule equivalent 3.7 +export default { + id: 'gcp-pci-dss-3.2.1-networking-check-2', + title: 'Networking check 2: Network firewall rules should not permit ingress from 0.0.0.0/0 to port 3389 (RDP)', + + description: `GCP Firewall Rules are specific to a VPC Network. Each rule either allows or denies + traffic when its conditions are met. Its conditions allow users to specify the type of traffic, + such as ports and protocols, and the source or destination of the traffic, including IP + addresses, subnets, and instances. + + Firewall rules are defined at the VPC network level and are specific to the network in which + they are defined. The rules themselves cannot be shared among networks. Firewall rules + only support IPv4 traffic. When specifying a source for an ingress rule or a destination for + an egress rule by address, an IPv4 address or IPv4 block in CIDR notation can be used. + Generic (0.0.0.0/0) incoming traffic from the Internet to a VPC or VM instance using RDP + on Port 3389 can be avoided.`, + + audit: `**From the Console:** + + 1. Go to *VPC network*. + 2. Go to the *Firewall Rules*. + 3. Ensure *Port* is not equal to *3389* and *Action* is not *Allow*. + 4. Ensure *IP Ranges* is not equal to *0.0.0.0/0* under *Source filters*. + + **From Command Line:** + + gcloud compute firewall-rules list -- format=table'(name,direction,sourceRanges,allowed.ports)' + + Ensure that there is no rule matching the below criteria: + + - *SOURCE_RANGES* is *0.0.0.0/0* + - AND *DIRECTION* is *INGRESS* + - AND IPProtocol is *TCP* or *ALL* + - AND *PORTS* is set to *3389* or *range containing 3389* or *Null (not set)* + + Note: + + - When ALL TCP ports are allowed in a rule, PORT does not have any value set (*NULL*) + - When ALL Protocols are allowed in a rule, PORT does not have any value set (*NULL*)`, + rationale: 'GCP *Firewall Rule*s within a *VPC Network*. These rules apply to outgoing (egress) traffic from instances and incoming (ingress) traffic to instances in the network. Egress and ingress traffic flows are controlled even if the traffic stays within the network (for example, instance-to-instance communication). For an instance to have outgoing Internet access, the network must have a valid Internet gateway route or custom route whose destination IP is specified. This route simply defines the path to the Internet, to avoid the most general (0.0.0.0/0) destination IP Range specified from the Internet through RDP with the default *Port 3389*. Generic access from the Internet to a specific IP Range should be restricted.', + + remediation: `**From the Console:** + + 1. Go to *VPC Network*. + 2. Go to the *Firewall Rules*. + 3. Click the *Firewall Rule* to be modified. + 4. Click *Edit*. + 5. Modify *Source IP ranges* to specific *IP*. + 6. Click *Save*. + + **From Command Line:** + 1. Update RDP Firewall rule with new *SOURCE_RANGE* from the below command: + + gcloud compute firewall-rules update FirewallName --allow=[PROTOCOL[:PORT[-PORT]],...] --source-ranges=[CIDR_RANGE,...]`, + + references: ['https://cloud.google.com/vpc/docs/firewalls#blockedtraffic'], + gql: `{ + querygcpFirewall(filter: {direction:{eq: "INGRESS"}}){ + id + name + __typename + sourceRanges + direction + allowed{ + ipProtocol + ports + } + } + }`, + resource: 'querygcpFirewall[*]', + severity: 'high', + conditions: { + not: { + path: '@', + and: [ + { + path: '[*].sourceRanges', + jq: 'map({"range": .})', + array_any: { + path: '[*].range', + in: ['0.0.0.0/0', '::/0'], + }, + }, + { + path: '[*].direction', + in: ['INGRESS'], + }, + { + path: '@.allowed', + jq: `[.[] + | { "ipProtocol": .ipProtocol} + + (if .ports | length > 0 then .ports[] else [""][] end | split("-") | {fromPort: (.[0]), toPort: (.[1] // .[0])}) ]`, + array_any: { + and: [ + { + path: '[*].ipProtocol', + in: ['tcp', 'all'], + }, + { + or: [ + { + and: [ + { + path: '[*].fromPort', + equal: null, + }, + { + path: '[*].toPort', + equal: null, + }, + ], + }, + { + and: [ + { + path: '[*].fromPort', + lessThanInclusive: 3389, + }, + { + path: '[*].toPort', + greaterThanInclusive: 3389, + }, + ], + }, + ], + }, + ], + }, + }, + ], + }, + }, +} diff --git a/src/gcp/pci-dss-3.2.1/rules/pci-dss-3.2.1-networking-check-3.ts b/src/gcp/pci-dss-3.2.1/rules/pci-dss-3.2.1-networking-check-3.ts new file mode 100644 index 00000000..a0ece29b --- /dev/null +++ b/src/gcp/pci-dss-3.2.1/rules/pci-dss-3.2.1-networking-check-3.ts @@ -0,0 +1,87 @@ +// GCP CIS 1.2.0 Rule equivalent 3.1 +export default { + id: 'gcp-pci-dss-3.2.1-networking-check-3', + title: + 'Networking check 3: The default network for a project should be deleted', + + description: + 'To prevent use of default network, a project should not have a default network.', + + audit: `**From Console:** + + 1. Go to the *VPC networks* page by visiting: https://console.cloud.google.com/networking/networks/list. + 2. Ensure that a network with the name *default* is not present. + + **From Command Line:** + + 1. Set the project name in the Google Cloud Shell: + + gcloud config set project PROJECT_ID + + 2. List the networks configured in that project: + + gcloud compute networks list + + It should not list *default* as one of the available networks in that project.`, + + rationale: `The *default* network has a preconfigured network configuration and automatically generates the following insecure firewall rules: + + - default-allow-internal: Allows ingress connections for all protocols and ports among instances in the network. + - default-allow-ssh: Allows ingress connections on TCP port 22(SSH) from any source to any instance in the network. + - default-allow-rdp: Allows ingress connections on TCP port 3389(RDP) from any source to any instance in the network. + - default-allow-icmp: Allows ingress ICMP traffic from any source to any instance in the network. + + These automatically created firewall rules do not get audit logged and cannot be configured + to enable firewall rule logging. + + Furthermore, the default network is an auto mode network, which means that its subnets + use the same predefined range of IP addresses, and as a result, it's not possible to use Cloud + VPN or VPC Network Peering with the default network. + + Based on organization security and networking requirements, the organization should + create a new network and delete the *default* network.`, + + remediation: `**From Console:** + + 1. Go to the *VPC networks* page by visiting: https://console.cloud.google.com/networking/networks/list. + 2. Click the network named *default*. + 3. On the network detail page, click *EDIT*. + 4. Click *DELETE VPC NETWORK*. + 5. If needed, create a new network to replace the default network. + + **From Command Line:** + For each Google Cloud Platform project, + + 1. Delete the default network: + + gcloud compute networks delete default + + 2. If needed, create a new network to replace it: + + gcloud compute networks create NETWORK_NAME + + **Prevention:** + The user can prevent the default network and its insecure default firewall rules from being created by setting up an Organization Policy to Skip default network creation at https://console.cloud.google.com/iam-admin/orgpolicies/compute-skipDefaultNetworkCreation.`, + + references: [ + 'https://cloud.google.com/compute/docs/networking#firewall_rules', + 'https://cloud.google.com/compute/docs/reference/latest/networks/insert', + 'https://cloud.google.com/compute/docs/reference/latest/networks/delete', + 'https://cloud.google.com/vpc/docs/firewall-rules-logging', + 'https://cloud.google.com/vpc/docs/vpc#default-network', + 'https://cloud.google.com/sdk/gcloud/reference/compute/networks/delete', + ], + gql: `{ + querygcpNetwork { + id + __typename + name + } + }`, + resource: 'querygcpNetwork[*]', + severity: 'medium', + conditions: { + path: '@.name', + notEqual: 'default', + }, +} diff --git a/src/gcp/pci-dss-3.2.1/rules/pci-dss-3.2.1-networking-check-4.ts b/src/gcp/pci-dss-3.2.1/rules/pci-dss-3.2.1-networking-check-4.ts new file mode 100644 index 00000000..89b7ba7f --- /dev/null +++ b/src/gcp/pci-dss-3.2.1/rules/pci-dss-3.2.1-networking-check-4.ts @@ -0,0 +1,204 @@ +const targetHttpsAndSslProxyConditions = { + and: [ + { + path: '@.sslPolicy', + isEmpty: false, + }, + { + path: '@.sslPolicy', + array_all: { + or: [ + { + and: [ + { + path: '[*].profile', + equal: 'MODERN', + }, + { + path: '[*].minTlsVersion', + equal: 'TLS_1_2', + }, + ], + }, + { + and: [ + { + path: '[*].profile', + equal: 'RESTRICTED', + }, + ], + }, + { + and: [ + { + path: '[*].profile', + equal: 'CUSTOM', + }, + { + path: '[*].enabledFeatures', + array_all: { + path: '[*]', + notIn: [ + 'TLS_RSA_WITH_AES_128_GCM_SHA256', + 'TLS_RSA_WITH_AES_256_GCM_SHA384', + 'TLS_RSA_WITH_AES_128_CBC_SHA', + 'TLS_RSA_WITH_AES_256_CBC_SHA', + 'TLS_RSA_WITH_3DES_EDE_CBC_SHA', + ], + }, + }, + ], + }, + ], + }, + } + ] +} + +// GCP CIS 1.2.0 Rule equivalent 3.9 +export default { + id: 'gcp-pci-dss-3.2.1-networking-check-4', + title: + 'Networking check 4: Load balancer HTTPS or SSL proxy SSL policies should not have weak cipher suites', + + description: `Secure Sockets Layer (SSL) policies determine what port Transport Layer Security (TLS) + features clients are permitted to use when connecting to load balancers. To prevent usage + of insecure features, SSL policies should use (a) at least TLS 1.2 with the MODERN profile; + or (b) the RESTRICTED profile, because it effectively requires clients to use TLS 1.2 + regardless of the chosen minimum TLS version; or (3) a CUSTOM profile that does not + support any of the following features: + + TLS_RSA_WITH_AES_128_GCM_SHA256 + + TLS_RSA_WITH_AES_256_GCM_SHA384 + + TLS_RSA_WITH_AES_128_CBC_SHA + + TLS_RSA_WITH_AES_256_CBC_SHA + + TLS_RSA_WITH_3DES_EDE_CBC_SHA`, + + audit: `**From Console:** + + 1. See all load balancers by visiting https://console.cloud.google.com/net-services/loadbalancing/loadBalancers/list. + 2. For each load balancer for *SSL (Proxy)* or *HTTPS*, click on its name to go the *Load balancer details* page. + 3. Ensure that each target proxy entry in the *Frontend* table has an *SSL Policy* configured. + 4. Click on each SSL policy to go to its *SSL policy details* page. + 5. Ensure that the SSL policy satisfies one of the following conditions: + + + - has a *Min TLS* set to *TLS 1.2* and *Profile* set to *Modern* profile, or + - has *Profile* set to *Restricted*. Note that a Restricted profile effectively requires + clients to use TLS 1.2 regardless of the chosen minimum TLS version, or + - has *Profile* set to *Custom* and the following features are all disabled: + + TLS_RSA_WITH_AES_128_GCM_SHA256 + TLS_RSA_WITH_AES_256_GCM_SHA384 + TLS_RSA_WITH_AES_128_CBC_SHA + TLS_RSA_WITH_AES_256_CBC_SHA + TLS_RSA_WITH_3DES_EDE_CBC_SHA + + **From Command Line:** + + 1. List all TargetHttpsProxies and TargetSslProxies. + + gcloud compute target-https-proxies list + gcloud compute target-ssl-proxies list + + 2. For each target proxy, list its properties: + + gcloud compute target-https-proxies describe TARGET_HTTPS_PROXY_NAME + gcloud compute target-ssl-proxies describe TARGET_SSL_PROXY_NAME + + 3. Ensure that the *sslPolicy* field is present and identifies the name of the SSL policy: + + sslPolicy: https://www.googleapis.com/compute/v1/projects/PROJECT_ID/global/sslPolicies/SSL_POLICY_NAME + + If the *sslPolicy* field is missing from the configuration, it means that the GCP default policy is used, which is insecure. + + 4. Describe the SSL policy: + + gcloud compute ssl-policies describe SSL_POLICY_NAME + + 5. Ensure that the policy satisfies one of the following conditions: + + - has *Profile* set to *Modern* and *minTlsVersion* set to *TLS_1_2*, or + - has *Profile* set to *Restricted*, or + - has *Profile* set to *Custom* and *enabledFeatures* does not contain any of the following values: + + TLS_RSA_WITH_AES_128_GCM_SHA256 + TLS_RSA_WITH_AES_256_GCM_SHA384 + TLS_RSA_WITH_AES_128_CBC_SHA + TLS_RSA_WITH_AES_256_CBC_SHA + TLS_RSA_WITH_3DES_EDE_CBC_SHA`, + + rationale: 'Load balancers are used to efficiently distribute traffic across multiple servers. Both SSL proxy and HTTPS load balancers are external load balancers, meaning they distribute traffic from the Internet to a GCP network. GCP customers can configure load balancer SSL policies with a minimum TLS version (1.0, 1.1, or 1.2) that clients can use to establish a connection, along with a profile (Compatible, Modern, Restricted, or Custom) that specifies permissible cipher suites. To comply with users using outdated protocols, GCP load balancers can be configured to permit insecure cipher suites. In fact, the GCP default SSL policy uses a minimum TLS version of 1.0 and a Compatible profile, which allows the widest range of insecure cipher suites. As a result, it is easy for customers to configure a load balancer without even knowing that they are permitting outdated cipher suites.', + + remediation: `**From Console:** + If the TargetSSLProxy or TargetHttpsProxy does not have an SSL policy configured, create a new SSL policy. Otherwise, modify the existing insecure policy. + + 1. Navigate to the *SSL Policies* page by visiting: https://console.cloud.google.com/net-security/sslpolicies + 2. Click on the name of the insecure policy to go to its *SSL policy details* page. + 3. Click *EDIT*. + 4. Set *Minimum TLS version* to *TLS 1.2*. + 5. Set *Profile* to *Modern* or *Restricted*. + 6. Alternatively, if teh user selects the profile *Custom*, make sure that the following features are disabled: + + TLS_RSA_WITH_AES_128_GCM_SHA256 + TLS_RSA_WITH_AES_256_GCM_SHA384 + TLS_RSA_WITH_AES_128_CBC_SHA + TLS_RSA_WITH_AES_256_CBC_SHA + TLS_RSA_WITH_3DES_EDE_CBC_SHA + + **From Command Line:** + + 1. For each insecure SSL policy, update it to use secure cyphers: + + gcloud compute ssl-policies update NAME [--profile COMPATIBLE|MODERN|RESTRICTED|CUSTOM] --min-tls-version 1.2 [--custom-features FEATURES] + + + 2. If the target proxy has a GCP default SSL policy, use the following command corresponding to the proxy type to update it. + + gcloud compute target-ssl-proxies update TARGET_SSL_PROXY_NAME --ssl-policy SSL_POLICY_NAME + gcloud compute target-https-proxies update TARGET_HTTPS_POLICY_NAME --ssl- policy SSL_POLICY_NAME + `, + references: [ + 'https://cloud.google.com/load-balancing/docs/use-ssl-policies', + 'https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-52r2.pdf', + ], + severity: 'medium', + queries: [ + { + gql: `{ + querygcpTargetHttpsProxy { + id + projectId + __typename + sslPolicy { + profile + enabledFeatures + minTlsVersion + } + } + }`, + resource: 'querygcpTargetHttpsProxy[*]', + conditions: targetHttpsAndSslProxyConditions + }, + { + gql: `{ + querygcpTargetSslProxy { + id + projectId + __typename + sslPolicy { + profile + enabledFeatures + minTlsVersion + } + } + }`, + resource: 'querygcpTargetSslProxy[*]', + conditions: targetHttpsAndSslProxyConditions + }, + ], +} diff --git a/src/gcp/pci-dss-3.2.1/tests/pci-dss-3.2.1-iam-checks.test.ts b/src/gcp/pci-dss-3.2.1/tests/pci-dss-3.2.1-iam-checks.test.ts new file mode 100644 index 00000000..fbb86119 --- /dev/null +++ b/src/gcp/pci-dss-3.2.1/tests/pci-dss-3.2.1-iam-checks.test.ts @@ -0,0 +1,174 @@ +import cuid from 'cuid' +import CloudGraph, { Rule, Result, Engine } from '@cloudgraph/sdk' + +import Gcp_PCI_DSS_321_IAM_1 from '../rules/pci-dss-3.2.1-iam-check-1' +import Gcp_PCI_DSS_321_IAM_2 from '../rules/pci-dss-3.2.1-iam-check-2' + +export interface Bindings { + members: string[] + role?: string +} + +export interface IamPolicy { + kmsCryptoKey?: string + bindings: Bindings[] +} + +export interface ApiKey { + id: string +} + +export interface QuerygcpProject { + id: string + iamPolicies?: IamPolicy[] + apiKeys?: ApiKey[] +} + +export interface QuerygcpIamPolicy { + id: string + bindings: Bindings[] +} + +export interface PCIQueryResponse { + querygcpIamPolicy?: QuerygcpIamPolicy[] + querygcpProject?: QuerygcpProject[] +} + +describe('PCI Data Security Standard: 3.2.1', () => { + let rulesEngine: Engine + beforeAll(() => { + rulesEngine = new CloudGraph.RulesEngine({ providerName: 'gcp', entityName: 'PCI'} ) + }) + + + describe('IAM check 1: IAM users should not have both KMS admin and any of the KMS encrypter/decrypter roles', () => { + const getTestRuleFixture = ( + role: string, + members: string[] + ): PCIQueryResponse => { + return { + querygcpIamPolicy: [ + { + id: cuid(), + bindings: [ + { + role: 'roles/cloudkms.admin', + members: ['user:user1@autocloud.dev'] + }, + { + role, + members, + }, + ], + }, + ], + } + } + + const test111Rule = async ( + data: PCIQueryResponse, + expectedResult: Result + ): Promise => { + // Act + const [processedRule] = await rulesEngine.processRule( + Gcp_PCI_DSS_321_IAM_1 as Rule, + { ...data } + ) + + // Asserts + expect(processedRule.result).toBe(expectedResult) + } + + test('No Security Issue when there is an inbound rule with a user account with kms admin role and without any cryptoKey roles', async () => { + const data: PCIQueryResponse = getTestRuleFixture( + 'roles/editor', ['user:user1@autocloud.dev'] + ) + await test111Rule(data, Result.PASS) + }) + + test('Security Issue when there is an inbound rule with a user account with kms admin role and cryptoKeyEncrypterDecrypter role', async () => { + const data: PCIQueryResponse = getTestRuleFixture( + 'roles/cloudkms.cryptoKeyEncrypterDecrypter', ['user:user1@autocloud.dev'] + ) + await test111Rule(data, Result.FAIL) + }) + + test('Security Issue when there is an inbound rule with a user account with kms admin role and cryptoKeyEncrypter role', async () => { + const data: PCIQueryResponse = getTestRuleFixture( + 'roles/cloudkms.cryptoKeyEncrypter', ['user:user1@autocloud.dev'] + ) + await test111Rule(data, Result.FAIL) + }) + + test('Security Issue when there is an inbound rule with a user account with kms admin role and cryptoKeyDecrypter role', async () => { + const data: PCIQueryResponse = getTestRuleFixture( + 'roles/cloudkms.cryptoKeyDecrypter', ['user:user1@autocloud.dev'] + ) + await test111Rule(data, Result.FAIL) + }) + + }) + + describe('IAM check 2: IAM users should not have project-level "Service Account User" or "Service Account Token Creator" roles', () => { + const getTestRuleFixture = ( + role: string, + projectMembers: string[] + ): PCIQueryResponse => { + return { + querygcpProject: [ + { + id: cuid(), + iamPolicies: [ + { + bindings: [ + { + role, + members: projectMembers, + }, + ], + }, + ], + }, + ], + } + } + + const test16Rule = async ( + data: PCIQueryResponse, + expectedResult: Result + ): Promise => { + // Act + const [processedRule] = await rulesEngine.processRule( + Gcp_PCI_DSS_321_IAM_2 as Rule, + { ...data } + ) + + // Asserts + expect(processedRule.result).toBe(expectedResult) + } + + test('No Security Issue when there is an inbound rule with user accounts with securityReviewer role', async () => { + const data: PCIQueryResponse = getTestRuleFixture( + 'roles/iam.securityReviewer', + ['user:user1@autocloud.dev', 'user:user2@autocloud.dev'] + ) + await test16Rule(data, Result.PASS) + }) + + test('Security Issue when there is an inbound rule with user accounts with serviceAccountUser role', async () => { + const data: PCIQueryResponse = getTestRuleFixture( + 'roles/iam.serviceAccountUser', + ['user:user1@autocloud.dev', 'user:user2@autocloud.dev'] + ) + await test16Rule(data, Result.FAIL) + }) + + test('Security Issue when there is an inbound rule with user accounts with serviceAccountTokenCreator role', async () => { + const data: PCIQueryResponse = getTestRuleFixture( + 'roles/iam.serviceAccountTokenCreator', + ['user:user1@autocloud.dev', 'user:user2@autocloud.dev'] + ) + await test16Rule(data, Result.FAIL) + }) + }) +}) diff --git a/src/gcp/pci-dss-3.2.1/tests/pci-dss-3.2.1-monitoring-checks.test.ts b/src/gcp/pci-dss-3.2.1/tests/pci-dss-3.2.1-monitoring-checks.test.ts new file mode 100644 index 00000000..385d4951 --- /dev/null +++ b/src/gcp/pci-dss-3.2.1/tests/pci-dss-3.2.1-monitoring-checks.test.ts @@ -0,0 +1,837 @@ +import cuid from 'cuid' +import CloudGraph, { Rule, Result, Engine } from '@cloudgraph/sdk' + +import Gcp_PCI_DSS_321_Monitoring_1 from '../rules/pci-dss-3.2.1-monitoring-check-1' +import Gcp_PCI_DSS_321_Monitoring_2 from '../rules/pci-dss-3.2.1-monitoring-check-2' +import Gcp_PCI_DSS_321_Monitoring_3 from '../rules/pci-dss-3.2.1-monitoring-check-3' +import Gcp_PCI_DSS_321_Monitoring_4 from '../rules/pci-dss-3.2.1-monitoring-check-4' +import Gcp_PCI_DSS_321_Monitoring_5 from '../rules/pci-dss-3.2.1-monitoring-check-5' +import Gcp_PCI_DSS_321_Monitoring_6 from '../rules/pci-dss-3.2.1-monitoring-check-6' +import Gcp_PCI_DSS_321_Monitoring_7 from '../rules/pci-dss-3.2.1-monitoring-check-7' +import Gcp_PCI_DSS_321_Monitoring_8 from '../rules/pci-dss-3.2.1-monitoring-check-8' + +const Gcp_PCI_DSS_321_Monitoring_1_Filter = + 'protoPayload.methodName="SetIamPolicy" AND protoPayload.serviceData.policyDelta.auditConfigDeltas:*' +const Gcp_PCI_DSS_321_Monitoring_2_Filter = + 'resource.type="iam_role" AND protoPayload.methodName="google.iam.admin.v1.CreateRole" OR protoPayload.methodName="google.iam.admin.v1.DeleteRole" OR protoPayload.methodName="google.iam.admin.v1.UpdateRole"' +const Gcp_PCI_DSS_321_Monitoring_3_Filter = + 'resource.type=gce_network AND protoPayload.methodName="beta.compute.networks.insert" OR protoPayload.methodName="beta.compute.networks.patch" OR protoPayload.methodName="v1.compute.networks.delete" OR protoPayload.methodName="v1.compute.networks.removePeering" OR protoPayload.methodName="v1.compute.networks.addPeering"' +const Gcp_PCI_DSS_321_Monitoring_4_Filter = + 'resource.type="gce_firewall_rule" AND protoPayload.methodName="v1.compute.firewalls.patch" OR protoPayload.methodName="v1.compute.firewalls.insert"' +const Gcp_PCI_DSS_321_Monitoring_5_Filter = + 'resource.type="gce_route" AND protoPayload.methodName="beta.compute.routes.patch" OR protoPayload.methodName="beta.compute.routes.insert"' +const Gcp_PCI_DSS_321_Monitoring_6_Filter = + '( protoPayload.serviceName="cloudresourcemanager.googleapis.com" ) AND ( ProjectOwnership OR projectOwnerInvitee ) OR ( protoPayload.serviceData.policyDelta.bindingDeltas.action="REMOVE" AND protoPayload.serviceData.policyDelta.bindingDeltas.role="roles/owner" ) OR ( protoPayload.serviceData.policyDelta.bindingDeltas.action="ADD" AND protoPayload.serviceData.policyDelta.bindingDeltas.role="roles/owner" )' +const Gcp_PCI_DSS_321_Monitoring_7_Filter = + 'protoPayload.methodName="cloudsql.instances.update"' +const Gcp_PCI_DSS_321_Monitoring_8_Filter = + 'resource.type=gcs_bucket AND protoPayload.methodName="storage.setIamPermissions"' + + +export interface MetricDescriptor { + type: string +} + +export interface LogMetric { + filter: string + name?: string + metricDescriptor?: MetricDescriptor +} + +export interface Project { + logMetrics?: LogMetric[] +} + +export interface Enabled { + value: boolean +} + +export interface QuerygcpAlertPolicy { + id: string + enabled?: Enabled + project?: Project[] +} + +export interface DnsPolicy { + enableLogging: boolean +} + +export interface QuerygcpNetwork { + id: string + dnsPolicies?: DnsPolicy[] +} + +export interface LogBucket { + name: string + retentionDays: number + locked: boolean +} + +export interface LogSink { + filter?: string + destination?: string +} + +export interface QuerygcpProject { + id: string + logSinks: LogSink[] + logBuckets?: LogBucket[] +} + +export interface AuditLogConfig { + logType: string + exemptedMembers: string[] +} + +export interface AuditConfig { + auditLogConfigs: AuditLogConfig[] + service: string + exemptedMembers: string[] +} + +export interface QuerygcpIamPolicy { + id: string + auditConfigs: AuditConfig[] +} + +export interface PCIQueryResponse { + querygcpAlertPolicy?: QuerygcpAlertPolicy[] + querygcpNetwork?: QuerygcpNetwork[] + querygcpProject?: QuerygcpProject[] + querygcpIamPolicy?: QuerygcpIamPolicy[] +} + +describe('PCI Data Security Standard: 3.2.1', () => { + let rulesEngine: Engine + beforeAll(() => { + rulesEngine = new CloudGraph.RulesEngine({ providerName: 'gcp', entityName: 'PCI'} ) + }) + + describe('Monitoring check 1: Logging metric filter and alert for audit configuration changes should be configured', () => { + const testRule = async ( + enabled: boolean, + filter: string, + metricName: string, + metricType: string, + expectedResult: Result + ): Promise => { + // Arrange + const data: PCIQueryResponse = { + querygcpAlertPolicy: [ + { + id: cuid(), + enabled: { + value: enabled, + }, + project: [ + { + logMetrics: [ + { + filter: 'dummy test filter', + name: 'dummy test name', + metricDescriptor: { + type: 'logging.googleapis.com/user/dummy-test-name', + }, + }, + { + filter, + name: metricName, + metricDescriptor: { + type: `logging.googleapis.com/user/${metricType}`, + }, + }, + ], + }, + ], + }, + ], + } + + // Act + const [processedRule] = await rulesEngine.processRule( + Gcp_PCI_DSS_321_Monitoring_1 as Rule, + { ...data } + ) + + // Asserts + expect(processedRule.result).toBe(expectedResult) + } + + test('No Security Issue when there are metric filters and alerts exist', async () => { + await testRule( + true, + Gcp_PCI_DSS_321_Monitoring_1_Filter, + 'log-metric-1', + 'log-metric-1', + Result.PASS + ) + }) + + test('Security Issue when there metric filters is not found', async () => { + await testRule( + true, + 'dummy metric filter value', + 'log-metric-1', + 'log-metric-1', + Result.FAIL + ) + }) + + test('Security Issue when there are metric filters but not aletrs', async () => { + await testRule( + false, + Gcp_PCI_DSS_321_Monitoring_1_Filter, + 'log-metric-1', + 'log-metric-1', + Result.FAIL + ) + }) + + test('Security Issue when there are metric filters and aletrs but metric desciptor type not match with metric name', async () => { + await testRule( + true, + Gcp_PCI_DSS_321_Monitoring_1_Filter, + 'log-metric-1', + 'log-metric-2', + Result.FAIL + ) + }) + }) + + describe('Monitoring check 2: Logging metric filter and alert for Custom Role changes should be configured', () => { + const testRule = async ( + enabled: boolean, + filter: string, + metricName: string, + metricType: string, + expectedResult: Result + ): Promise => { + // Arrange + const data: PCIQueryResponse = { + querygcpAlertPolicy: [ + { + id: cuid(), + enabled: { + value: enabled, + }, + project: [ + { + logMetrics: [ + { + filter: 'dummy test filter', + name: 'dummy test name', + metricDescriptor: { + type: 'logging.googleapis.com/user/dummy-test-name', + }, + }, + { + filter, + name: metricName, + metricDescriptor: { + type: `logging.googleapis.com/user/${metricType}`, + }, + }, + ], + }, + ], + }, + ], + } + + // Act + const [processedRule] = await rulesEngine.processRule( + Gcp_PCI_DSS_321_Monitoring_2 as Rule, + { ...data } + ) + + // Asserts + expect(processedRule.result).toBe(expectedResult) + } + + test('No Security Issue when there are metric filters and alerts exist', async () => { + await testRule( + true, + Gcp_PCI_DSS_321_Monitoring_2_Filter, + 'log-metric-1', + 'log-metric-1', + Result.PASS + ) + }) + + test('Security Issue when there metric filters is not found', async () => { + await testRule( + true, + 'dummy metric filter value', + 'log-metric-1', + 'log-metric-1', + Result.FAIL + ) + }) + + test('Security Issue when there are metric filters but not aletrs', async () => { + await testRule( + false, + Gcp_PCI_DSS_321_Monitoring_2_Filter, + 'log-metric-1', + 'log-metric-1', + Result.FAIL + ) + }) + + test('Security Issue when there are metric filters and aletrs but metric desciptor type not match with metric name', async () => { + await testRule( + true, + Gcp_PCI_DSS_321_Monitoring_2_Filter, + 'log-metric-1', + 'log-metric-2', + Result.FAIL + ) + }) + }) + + describe('Monitoring check 3: Logging metric filter and alert for network changes should be configured', () => { + const testRule = async ( + enabled: boolean, + filter: string, + metricName: string, + metricType: string, + expectedResult: Result + ): Promise => { + // Arrange + const data: PCIQueryResponse = { + querygcpAlertPolicy: [ + { + id: cuid(), + enabled: { + value: enabled, + }, + project: [ + { + logMetrics: [ + { + filter: 'dummy test filter', + name: 'dummy test name', + metricDescriptor: { + type: 'logging.googleapis.com/user/dummy-test-name', + }, + }, + { + filter, + name: metricName, + metricDescriptor: { + type: `logging.googleapis.com/user/${metricType}`, + }, + }, + ], + }, + ], + }, + ], + } + + // Act + const [processedRule] = await rulesEngine.processRule( + Gcp_PCI_DSS_321_Monitoring_3 as Rule, + { ...data } + ) + + // Asserts + expect(processedRule.result).toBe(expectedResult) + } + + test('No Security Issue when there are metric filters and alerts exist', async () => { + await testRule( + true, + Gcp_PCI_DSS_321_Monitoring_3_Filter, + 'log-metric-1', + 'log-metric-1', + Result.PASS + ) + }) + + test('Security Issue when there metric filters is not found', async () => { + await testRule( + true, + 'dummy metric filter value', + 'log-metric-1', + 'log-metric-1', + Result.FAIL + ) + }) + + test('Security Issue when there are metric filters but not aletrs', async () => { + await testRule( + false, + Gcp_PCI_DSS_321_Monitoring_3_Filter, + 'log-metric-1', + 'log-metric-1', + Result.FAIL + ) + }) + + test('Security Issue when there are metric filters and aletrs but metric desciptor type not match with metric name', async () => { + await testRule( + true, + Gcp_PCI_DSS_321_Monitoring_3_Filter, + 'log-metric-1', + 'log-metric-2', + Result.FAIL + ) + }) + }) + + describe('Monitoring check 4: Logging metric filter and alert for network firewall rule changes should be configured', () => { + const testRule = async ( + enabled: boolean, + filter: string, + metricName: string, + metricType: string, + expectedResult: Result + ): Promise => { + // Arrange + const data: PCIQueryResponse = { + querygcpAlertPolicy: [ + { + id: cuid(), + enabled: { + value: enabled, + }, + project: [ + { + logMetrics: [ + { + filter: 'dummy test filter', + name: 'dummy test name', + metricDescriptor: { + type: 'logging.googleapis.com/user/dummy-test-name', + }, + }, + { + filter, + name: metricName, + metricDescriptor: { + type: `logging.googleapis.com/user/${metricType}`, + }, + }, + ], + }, + ], + }, + ], + } + + // Act + const [processedRule] = await rulesEngine.processRule( + Gcp_PCI_DSS_321_Monitoring_4 as Rule, + { ...data } + ) + + // Asserts + expect(processedRule.result).toBe(expectedResult) + } + + test('No Security Issue when there are metric filters and alerts exist', async () => { + await testRule( + true, + Gcp_PCI_DSS_321_Monitoring_4_Filter, + 'log-metric-1', + 'log-metric-1', + Result.PASS + ) + }) + + test('Security Issue when there metric filters is not found', async () => { + await testRule( + true, + 'dummy metric filter value', + 'log-metric-1', + 'log-metric-1', + Result.FAIL + ) + }) + + test('Security Issue when there are metric filters but not aletrs', async () => { + await testRule( + false, + Gcp_PCI_DSS_321_Monitoring_4_Filter, + 'log-metric-1', + 'log-metric-1', + Result.FAIL + ) + }) + + test('Security Issue when there are metric filters and aletrs but metric desciptor type not match with metric name', async () => { + await testRule( + true, + Gcp_PCI_DSS_321_Monitoring_4_Filter, + 'log-metric-1', + 'log-metric-2', + Result.FAIL + ) + }) + }) + + describe('Monitoring check 5: Logging metric filter and alert for network route changes should be configured', () => { + const testRule = async ( + enabled: boolean, + filter: string, + metricName: string, + metricType: string, + expectedResult: Result + ): Promise => { + // Arrange + const data: PCIQueryResponse = { + querygcpAlertPolicy: [ + { + id: cuid(), + enabled: { + value: enabled, + }, + project: [ + { + logMetrics: [ + { + filter: 'dummy test filter', + name: 'dummy test name', + metricDescriptor: { + type: 'logging.googleapis.com/user/dummy-test-name', + }, + }, + { + filter, + name: metricName, + metricDescriptor: { + type: `logging.googleapis.com/user/${metricType}`, + }, + }, + ], + }, + ], + }, + ], + } + + // Act + const [processedRule] = await rulesEngine.processRule( + Gcp_PCI_DSS_321_Monitoring_5 as Rule, + { ...data } + ) + + // Asserts + expect(processedRule.result).toBe(expectedResult) + } + + test('No Security Issue when there are metric filters and alerts exist', async () => { + await testRule( + true, + Gcp_PCI_DSS_321_Monitoring_5_Filter, + 'log-metric-1', + 'log-metric-1', + Result.PASS + ) + }) + + test('Security Issue when there metric filters is not found', async () => { + await testRule( + true, + 'dummy metric filter value', + 'log-metric-1', + 'log-metric-1', + Result.FAIL + ) + }) + + test('Security Issue when there are metric filters but not aletrs', async () => { + await testRule( + false, + Gcp_PCI_DSS_321_Monitoring_5_Filter, + 'log-metric-1', + 'log-metric-1', + Result.FAIL + ) + }) + + test('Security Issue when there are metric filters and aletrs but metric desciptor type not match with metric name', async () => { + await testRule( + true, + Gcp_PCI_DSS_321_Monitoring_5_Filter, + 'log-metric-1', + 'log-metric-2', + Result.FAIL + ) + }) + }) + + describe('Monitoring check 6: Logging metric filter and alert for project ownership assignments/changes should be configured', () => { + const testRule = async ( + enabled: boolean, + filter: string, + metricName: string, + metricType: string, + expectedResult: Result + ): Promise => { + // Arrange + const data: PCIQueryResponse = { + querygcpAlertPolicy: [ + { + id: cuid(), + enabled: { + value: enabled, + }, + project: [ + { + logMetrics: [ + { + filter: 'dummy test filter', + name: 'dummy test name', + metricDescriptor: { + type: 'logging.googleapis.com/user/dummy-test-name', + }, + }, + { + filter, + name: metricName, + metricDescriptor: { + type: `logging.googleapis.com/user/${metricType}`, + }, + }, + ], + }, + ], + }, + ], + } + + // Act + const [processedRule] = await rulesEngine.processRule( + Gcp_PCI_DSS_321_Monitoring_6 as Rule, + { ...data } + ) + + // Asserts + expect(processedRule.result).toBe(expectedResult) + } + + test('No Security Issue when there are metric filters and alerts exist', async () => { + await testRule( + true, + Gcp_PCI_DSS_321_Monitoring_6_Filter, + 'log-metric-1', + 'log-metric-1', + Result.PASS + ) + }) + + test('Security Issue when there metric filters is not found', async () => { + await testRule( + true, + 'dummy metric filter value', + 'log-metric-1', + 'log-metric-1', + Result.FAIL + ) + }) + + test('Security Issue when there are metric filters but not aletrs', async () => { + await testRule( + false, + Gcp_PCI_DSS_321_Monitoring_6_Filter, + 'log-metric-1', + 'log-metric-1', + Result.FAIL + ) + }) + + test('Security Issue when there are metric filters and aletrs but metric desciptor type not match with metric name', async () => { + await testRule( + true, + Gcp_PCI_DSS_321_Monitoring_6_Filter, + 'log-metric-1', + 'log-metric-2', + Result.FAIL + ) + }) + }) + + describe('Monitoring check 7: Logging metric filter and alert for SQL instance configuration changes should be configured', () => { + const testRule = async ( + enabled: boolean, + filter: string, + metricName: string, + metricType: string, + expectedResult: Result + ): Promise => { + // Arrange + const data: PCIQueryResponse = { + querygcpAlertPolicy: [ + { + id: cuid(), + enabled: { + value: enabled, + }, + project: [ + { + logMetrics: [ + { + filter: 'dummy test filter', + name: 'dummy test name', + metricDescriptor: { + type: 'logging.googleapis.com/user/dummy-test-name', + }, + }, + { + filter, + name: metricName, + metricDescriptor: { + type: `logging.googleapis.com/user/${metricType}`, + }, + }, + ], + }, + ], + }, + ], + } + + // Act + const [processedRule] = await rulesEngine.processRule( + Gcp_PCI_DSS_321_Monitoring_7 as Rule, + { ...data } + ) + + // Asserts + expect(processedRule.result).toBe(expectedResult) + } + + test('No Security Issue when there are metric filters and alerts exist', async () => { + await testRule( + true, + Gcp_PCI_DSS_321_Monitoring_7_Filter, + 'log-metric-1', + 'log-metric-1', + Result.PASS + ) + }) + + test('Security Issue when there metric filters is not found', async () => { + await testRule( + true, + 'dummy metric filter value', + 'log-metric-1', + 'log-metric-1', + Result.FAIL + ) + }) + + test('Security Issue when there are metric filters but not aletrs', async () => { + await testRule( + false, + Gcp_PCI_DSS_321_Monitoring_7_Filter, + 'log-metric-1', + 'log-metric-1', + Result.FAIL + ) + }) + + test('Security Issue when there are metric filters and aletrs but metric desciptor type not match with metric name', async () => { + await testRule( + true, + Gcp_PCI_DSS_321_Monitoring_7_Filter, + 'log-metric-1', + 'log-metric-2', + Result.FAIL + ) + }) + }) + + describe('Monitoring check 8: Logging metric filter and alert for Storage IAM permission changes should be configured', () => { + const testRule = async ( + enabled: boolean, + filter: string, + metricName: string, + metricType: string, + expectedResult: Result + ): Promise => { + // Arrange + const data: PCIQueryResponse = { + querygcpAlertPolicy: [ + { + id: cuid(), + enabled: { + value: enabled, + }, + project: [ + { + logMetrics: [ + { + filter: 'dummy test filter', + name: 'dummy test name', + metricDescriptor: { + type: 'logging.googleapis.com/user/dummy-test-name', + }, + }, + { + filter, + name: metricName, + metricDescriptor: { + type: `logging.googleapis.com/user/${metricType}`, + }, + }, + ], + }, + ], + }, + ], + } + + // Act + const [processedRule] = await rulesEngine.processRule( + Gcp_PCI_DSS_321_Monitoring_8 as Rule, + { ...data } + ) + + // Asserts + expect(processedRule.result).toBe(expectedResult) + } + + test('No Security Issue when there are metric filters and alerts exist', async () => { + await testRule( + true, + Gcp_PCI_DSS_321_Monitoring_8_Filter, + 'log-metric-1', + 'log-metric-1', + Result.PASS + ) + }) + + test('Security Issue when there metric filters is not found', async () => { + await testRule( + true, + 'dummy metric filter value', + 'log-metric-1', + 'log-metric-1', + Result.FAIL + ) + }) + + test('Security Issue when there are metric filters but not aletrs', async () => { + await testRule( + false, + Gcp_PCI_DSS_321_Monitoring_8_Filter, + 'log-metric-1', + 'log-metric-1', + Result.FAIL + ) + }) + + test('Security Issue when there are metric filters and aletrs but metric desciptor type not match with metric name', async () => { + await testRule( + true, + Gcp_PCI_DSS_321_Monitoring_8_Filter, + 'log-metric-1', + 'log-metric-2', + Result.FAIL + ) + }) + }) +}) diff --git a/src/gcp/pci-dss-3.2.1/tests/pci-dss-3.2.1-networking-checks.test.ts b/src/gcp/pci-dss-3.2.1/tests/pci-dss-3.2.1-networking-checks.test.ts new file mode 100644 index 00000000..92144504 --- /dev/null +++ b/src/gcp/pci-dss-3.2.1/tests/pci-dss-3.2.1-networking-checks.test.ts @@ -0,0 +1,500 @@ +/* eslint-disable max-len */ +import cuid from 'cuid' +import CloudGraph, { Rule, Result, Engine } from '@cloudgraph/sdk' +import 'jest' + +import Gcp_PCI_DSS_321_Networking_1 from '../rules/pci-dss-3.2.1-networking-check-1' +import Gcp_PCI_DSS_321_Networking_2 from '../rules/pci-dss-3.2.1-networking-check-2' +import Gcp_PCI_DSS_321_Networking_3 from '../rules/pci-dss-3.2.1-networking-check-3' +import Gcp_PCI_DSS_321_Networking_4 from '../rules/pci-dss-3.2.1-networking-check-4' + +const ipV4WildcardAddress = '0.0.0.0/0' +const ipV6WildcardAddress = '::/0' + +export interface Allowed { + ipProtocol: string + ports: string[] +} + +export interface QuerygcpFirewall { + id: string + sourceRanges: string[] + direction: string + allowed?: Allowed[] +} + +export interface GcpNetworkSubnet { + purpose: string + enableFlowLogs: boolean | null +} + +export interface QuerygcpNetwork { + id: string + subnets?: GcpNetworkSubnet[] + name?: string + ipV4Range?: string | null +} + +export interface DnssecConfigDefaultKeySpecs { + keyType: string + algorithm: string +} + +export interface QuerygcpDnsManagedZone { + id: string + visibility?: string + dnssecConfigState?: string + dnssecConfigDefaultKeySpecs?: DnssecConfigDefaultKeySpecs[] +} + +export interface SslPolicy { + profile: string + enabledFeatures?: string[] + minTlsVersion: string +} + +export interface TargetHttpsProxy { + sslPolicy?: SslPolicy[] +} + +export interface TargetSslProxy { + sslPolicy?: SslPolicy[] +} + +export interface QuerygcpTargetSslProxy { + id: string + sslPolicy?: SslPolicy[] +} +export interface QuerygcpTargetHttpsProxy { + id: string + sslPolicy?: SslPolicy[] +} + +export interface PCIQueryResponse { + querygcpFirewall?: QuerygcpFirewall[] + querygcpNetwork?: QuerygcpNetwork[] + querygcpTargetSslProxy?: QuerygcpTargetSslProxy[] + querygcpTargetHttpsProxy?: QuerygcpTargetHttpsProxy[] +} + +describe('PCI Data Security Standard: 3.2.1', () => { + let rulesEngine: Engine + beforeAll(() => { + rulesEngine = new CloudGraph.RulesEngine({ + providerName: 'gcp', + entityName: 'PCI', + }) + }) + + describe('Networking check 1: Network firewall rules should not permit ingress from 0.0.0.0/0 to port 22 (SSH)', () => { + const testRule = async ( + fromPort: number | undefined, + toPort: number | undefined, + sourceAddress: string, + expectedResult: Result, + protocol?: string + ): Promise => { + // Arrange + const data: PCIQueryResponse = { + querygcpFirewall: [ + { + id: cuid(), + sourceRanges: [sourceAddress], + direction: 'INGRESS', + allowed: [ + { + ipProtocol: 'icmp', + ports: [], + }, + { + ipProtocol: protocol || 'tcp', + ports: fromPort && toPort ? [`${fromPort}-${toPort}`] : [], + }, + { + ipProtocol: 'udp', + ports: ['0-65535'], + }, + ], + }, + ], + } + + // Act + const [processedRule] = await rulesEngine.processRule( + Gcp_PCI_DSS_321_Networking_1 as Rule, + { ...data } + ) + + // Asserts + expect(processedRule.result).toBe(expectedResult) + } + + test('No Security Issue when there is an inbound rule with a random IPv4 address and port 22', async () => { + await testRule(22, 22, '10.10.10.10/16', Result.PASS) + }) + + test('No Security Issue when there is an inbound rule with IPv4 wilcard address and port 80', async () => { + await testRule(80, 80, ipV4WildcardAddress, Result.PASS) + }) + + test('No Security Issue when there is an inbound rule with IPv6 wilcard address and port 80', async () => { + await testRule(80, 80, ipV6WildcardAddress, Result.PASS) + }) + + test('No Security Issue when there is an inbound rule with a random IPv4 and a port range not including the port 22', async () => { + await testRule(1000, 2000, '10.10.10.10/16', Result.PASS) + }) + + test('No Security Issue when there is an inbound rule with IPv4 wilcard address and a port range not including the port 22', async () => { + await testRule(1000, 2000, ipV4WildcardAddress, Result.PASS) + }) + + test('No Security Issue when there is an inbound rule with IPv6 wilcard address and a port range not including the port 22', async () => { + await testRule(1000, 2000, ipV6WildcardAddress, Result.PASS) + }) + + test('Security Issue when IPv4 wilcard address and port 22 and tcp protocol', async () => { + await testRule(22, 22, ipV4WildcardAddress, Result.FAIL) + }) + + test('Security Issue when IPv4 wilcard address and port 22 and all protocol', async () => { + await testRule(22, 22, ipV4WildcardAddress, Result.FAIL, 'all') + }) + + test('Security Issue when IPv6 wilcard address and port 22 and tcp protocol', async () => { + await testRule(22, 22, ipV6WildcardAddress, Result.FAIL) + }) + + test('Security Issue when IPv6 wilcard address and port 22 and all protocol', async () => { + await testRule(22, 22, ipV6WildcardAddress, Result.FAIL, 'all') + }) + + test('Security Issue when there is an inbound rule with IPv4 wilcard address and no port range is specified', async () => { + await testRule(undefined, undefined, ipV4WildcardAddress, Result.FAIL) + }) + + test('Security Issue when there is an inbound rule with IPv6 wilcard address and no port range is specified', async () => { + await testRule(undefined, undefined, ipV6WildcardAddress, Result.FAIL) + }) + + test('Security Issue when there is an inbound rule with IPv4 wilcard address and port range includes the port 22', async () => { + await testRule(0, 1000, ipV4WildcardAddress, Result.FAIL) + }) + + test('Security Issue when there is an inbound rule with IPv6 wilcard address and port range includes the port 22', async () => { + await testRule(0, 1000, ipV6WildcardAddress, Result.FAIL) + }) + }) + + describe('Networking check 2: Network firewall rules should not permit ingress from 0.0.0.0/0 to port 3389 (RDP)', () => { + const testRule = async ( + fromPort: number | undefined, + toPort: number | undefined, + sourceAddress: string, + expectedResult: Result, + protocol?: string + ): Promise => { + // Arrange + const data: PCIQueryResponse = { + querygcpFirewall: [ + { + id: cuid(), + sourceRanges: [sourceAddress], + direction: 'INGRESS', + allowed: [ + { + ipProtocol: 'icmp', + ports: [], + }, + { + ipProtocol: protocol || 'tcp', + ports: fromPort && toPort ? [`${fromPort}-${toPort}`] : [], + }, + { + ipProtocol: 'udp', + ports: ['0-65535'], + }, + ], + }, + ], + } + + // Act + const [processedRule] = await rulesEngine.processRule( + Gcp_PCI_DSS_321_Networking_2 as Rule, + { ...data } + ) + + // Asserts + expect(processedRule.result).toBe(expectedResult) + } + + test('No Security Issue when there is an inbound rule with a random IPv4 address and port 3389', async () => { + await testRule(3389, 3389, '10.10.10.10/16', Result.PASS) + }) + + test('No Security Issue when there is an inbound rule with IPv4 wilcard address and port 80', async () => { + await testRule(80, 80, ipV4WildcardAddress, Result.PASS) + }) + + test('No Security Issue when there is an inbound rule with IPv6 wilcard address and port 80', async () => { + await testRule(80, 80, ipV6WildcardAddress, Result.PASS) + }) + + test('No Security Issue when there is an inbound rule with a random IPv4 and a port range not including the port 3389', async () => { + await testRule(1000, 2000, '10.10.10.10/16', Result.PASS) + }) + + test('No Security Issue when there is an inbound rule with IPv4 wilcard address and a port range not including the port 3389', async () => { + await testRule(1000, 2000, ipV4WildcardAddress, Result.PASS) + }) + + test('No Security Issue when there is an inbound rule with IPv6 wilcard address and a port range not including the port 3389', async () => { + await testRule(1000, 2000, ipV6WildcardAddress, Result.PASS) + }) + + test('Security Issue when IPv4 wilcard address and port 3389 and tcp protocol', async () => { + await testRule(3389, 3389, ipV4WildcardAddress, Result.FAIL) + }) + + test('Security Issue when IPv4 wilcard address and port 3389 and all protocol', async () => { + await testRule(3389, 3389, ipV4WildcardAddress, Result.FAIL, 'all') + }) + + test('Security Issue when IPv6 wilcard address and port 3389 and tcp protocol', async () => { + await testRule(3389, 3389, ipV6WildcardAddress, Result.FAIL) + }) + + test('Security Issue when IPv6 wilcard address and port 3389 and all protocol', async () => { + await testRule(3389, 3389, ipV6WildcardAddress, Result.FAIL, 'all') + }) + + test('Security Issue when there is an inbound rule with IPv4 wilcard address and no port range is specified', async () => { + await testRule(undefined, undefined, ipV4WildcardAddress, Result.FAIL) + }) + + test('Security Issue when there is an inbound rule with IPv6 wilcard address and no port range is specified', async () => { + await testRule(undefined, undefined, ipV6WildcardAddress, Result.FAIL) + }) + + test('Security Issue when there is an inbound rule with IPv4 wilcard address and port range includes the port 3389', async () => { + await testRule(0, 4000, ipV4WildcardAddress, Result.FAIL) + }) + + test('Security Issue when there is an inbound rule with IPv6 wilcard address and port range includes the port 3389', async () => { + await testRule(0, 4000, ipV6WildcardAddress, Result.FAIL) + }) + }) + + describe('Networking check 3: The default network for a project should be deleted', () => { + const testRule = async ( + networkName: string, + expectedResult: Result + ): Promise => { + // Arrange + const data: PCIQueryResponse = { + querygcpNetwork: [ + { + id: cuid(), + name: networkName, + }, + ], + } + + // Act + const [processedRule] = await rulesEngine.processRule( + Gcp_PCI_DSS_321_Networking_3 as Rule, + { ...data } + ) + + // Asserts + expect(processedRule.result).toBe(expectedResult) + } + + test('No Security Issue when there is an inbound rule with a network name that is not equal to default', async () => { + await testRule('test-network', Result.PASS) + }) + + test('Security Issue when there is an inbound rule with a network name that is equal to default', async () => { + await testRule('default', Result.FAIL) + }) + }) + + describe('Networking check 4: Load balancer HTTPS or SSL proxy SSL policies should not have weak cipher suites', () => { + const getTestRuleAFixture = (): PCIQueryResponse => { + return { + querygcpTargetHttpsProxy: [ + { + id: cuid(), + sslPolicy: [ + { + profile: 'MODERN', + minTlsVersion: 'TLS_1_2', + }, + ], + }, + ], + } + } + + const getTestRuleBFixture = (): PCIQueryResponse => { + return { + querygcpTargetSslProxy: [ + { + id: cuid(), + sslPolicy: [ + { + profile: 'MODERN', + minTlsVersion: 'TLS_1_2', + }, + ], + }, + ], + } + } + + const testRule = async ( + data: PCIQueryResponse, + expectedResult: Result, + rule?: Rule + ): Promise => { + // Act + const [processedRule] = await rulesEngine.processRule(rule as Rule, { + ...data, + }) + + // Asserts + expect(processedRule.result).toBe(expectedResult) + } + + describe('querygcpTargetHttpsProxy query:', () => { + let targetHttpsProxyRule: Rule + beforeAll(() => { + const { queries, ...ruleMetadata } = Gcp_PCI_DSS_321_Networking_4 + const query = queries.shift() + targetHttpsProxyRule = { + ...ruleMetadata, + ...query, + } as Rule + }) + + test('No Security Issue when proxies and ssl policies are secure', async () => { + const data: PCIQueryResponse = getTestRuleAFixture() + await testRule(data, Result.PASS, targetHttpsProxyRule) + }) + + test('Security Issue when proxies not have ssl policy', async () => { + const data: PCIQueryResponse = getTestRuleAFixture() + const targetHttpsProxy = data + .querygcpTargetHttpsProxy?.[0] as QuerygcpTargetHttpsProxy + targetHttpsProxy.sslPolicy = [] + await testRule(data, Result.FAIL, targetHttpsProxyRule) + }) + + test('Security Issue when HTTPS-PROXY with MODERN ssl policy and VERSION is NOT TLS_1_2', async () => { + const data: PCIQueryResponse = getTestRuleAFixture() + const targetHttpsProxy = data + .querygcpTargetHttpsProxy?.[0] as QuerygcpTargetHttpsProxy + targetHttpsProxy.sslPolicy = targetHttpsProxy.sslPolicy?.map( + ({ minTlsVersion, ...p }) => { + return { + ...p, + minTlsVersion: 'dummy', + } + } + ) + await testRule(data, Result.FAIL, targetHttpsProxyRule) + }) + + test('Security Issue when HTTPS-PROXY with CUSTOM ssl policy and enabledFeatures contains invalid values', async () => { + const invalidEnabledFeatureValues = [ + 'TLS_RSA_WITH_AES_128_GCM_SHA256', + 'TLS_RSA_WITH_AES_256_GCM_SHA384', + 'TLS_RSA_WITH_AES_128_CBC_SHA', + 'TLS_RSA_WITH_AES_256_CBC_SHA', + 'TLS_RSA_WITH_3DES_EDE_CBC_SHA', + ] + for (const invalidEnabledFeatureValue of invalidEnabledFeatureValues) { + const data: PCIQueryResponse = getTestRuleAFixture() + const targetHttpsProxy = data + .querygcpTargetHttpsProxy?.[0] as QuerygcpTargetHttpsProxy + targetHttpsProxy.sslPolicy = targetHttpsProxy.sslPolicy?.map( + ({ enabledFeatures, profile, ...p }) => { + return { + ...p, + profile: 'CUSTOM', + enabledFeatures: [invalidEnabledFeatureValue], + } + } + ) + await testRule(data, Result.FAIL, targetHttpsProxyRule) + } + }) + }) + + describe('querygcpTargetSslProxy query:', () => { + let targetSslProxyRule: Rule + beforeAll(() => { + const { queries, ...ruleMetadata } = Gcp_PCI_DSS_321_Networking_4 + const query = queries.shift() + targetSslProxyRule = { + ...ruleMetadata, + ...query, + } as Rule + }) + + test('No Security Issue when proxies and ssl policies are secure', async () => { + const data: PCIQueryResponse = getTestRuleBFixture() + await testRule(data, Result.PASS, targetSslProxyRule) + }) + + test('Security Issue when proxies not have ssl policy', async () => { + const data: PCIQueryResponse = getTestRuleBFixture() + const targetSslProxy = data + .querygcpTargetSslProxy?.[0] as QuerygcpTargetHttpsProxy + targetSslProxy.sslPolicy = [] + await testRule(data, Result.FAIL, targetSslProxyRule) + }) + + test('Security Issue when HTTPS-PROXY with MODERN ssl policy and VERSION is NOT TLS_1_2', async () => { + const data: PCIQueryResponse = getTestRuleBFixture() + const targetSslProxy = data + .querygcpTargetSslProxy?.[0] as QuerygcpTargetHttpsProxy + targetSslProxy.sslPolicy = targetSslProxy.sslPolicy?.map( + ({ minTlsVersion, ...p }) => { + return { + ...p, + minTlsVersion: 'dummy', + } + } + ) + await testRule(data, Result.FAIL, targetSslProxyRule) + }) + + test('Security Issue when HTTPS-PROXY with CUSTOM ssl policy and enabledFeatures contains invalid values', async () => { + const invalidEnabledFeatureValues = [ + 'TLS_RSA_WITH_AES_128_GCM_SHA256', + 'TLS_RSA_WITH_AES_256_GCM_SHA384', + 'TLS_RSA_WITH_AES_128_CBC_SHA', + 'TLS_RSA_WITH_AES_256_CBC_SHA', + 'TLS_RSA_WITH_3DES_EDE_CBC_SHA', + ] + for (const invalidEnabledFeatureValue of invalidEnabledFeatureValues) { + const data: PCIQueryResponse = getTestRuleBFixture() + const targetSslProxy = data + .querygcpTargetSslProxy?.[0] as QuerygcpTargetHttpsProxy + targetSslProxy.sslPolicy = targetSslProxy.sslPolicy?.map( + ({ enabledFeatures, profile, ...p }) => { + return { + ...p, + profile: 'CUSTOM', + enabledFeatures: [invalidEnabledFeatureValue], + } + } + ) + await testRule(data, Result.FAIL, targetSslProxyRule) + } + }) + }) + }) +}) diff --git a/src/gcp/pci-dss-3.2.1/tests/pci-dss-3.2.1.test.ts b/src/gcp/pci-dss-3.2.1/tests/pci-dss-3.2.1.test.ts deleted file mode 100644 index 9f42e299..00000000 --- a/src/gcp/pci-dss-3.2.1/tests/pci-dss-3.2.1.test.ts +++ /dev/null @@ -1,18 +0,0 @@ -import CloudGraph, { Rule, Result, Engine } from '@cloudgraph/sdk' - -describe('PCI Data Security Standard: 3.2.1', () => { - let rulesEngine: Engine - beforeAll(() => { - rulesEngine = new CloudGraph.RulesEngine({ - providerName: 'gcp', - entityName: 'PCI', - }) - }) - - // TODO: Change once we have real checks - describe("Dummy Check", () => { - test('Dummy Test', async () => { - expect('PASS').toBe(Result.PASS) - }) - }) -}) From 472cc65a0dc233e3833517903092bfdff4adc225 Mon Sep 17 00:00:00 2001 From: "mariano.pizarro" Date: Tue, 17 May 2022 15:18:29 -0300 Subject: [PATCH 23/30] fet: Support "At least one project-level logging sink should be configured with an empty filter" - Logging --- src/gcp/pci-dss-3.2.1/README.md | 10 +-- src/gcp/pci-dss-3.2.1/rules/index.ts | 4 +- .../rules/pci-dss-3.2.1-logging-check-1.ts | 87 +++++++++++++++++++ .../pci-dss-3.2.1-logging-checks.test.ts | 70 +++++++++++++++ 4 files changed, 164 insertions(+), 7 deletions(-) create mode 100644 src/gcp/pci-dss-3.2.1/rules/pci-dss-3.2.1-logging-check-1.ts create mode 100644 src/gcp/pci-dss-3.2.1/tests/pci-dss-3.2.1-logging-checks.test.ts diff --git a/src/gcp/pci-dss-3.2.1/README.md b/src/gcp/pci-dss-3.2.1/README.md index 4a598cef..72b69fdd 100644 --- a/src/gcp/pci-dss-3.2.1/README.md +++ b/src/gcp/pci-dss-3.2.1/README.md @@ -51,10 +51,8 @@ Policy Pack based on the [PCI DSS version 3.2.1](https://www.pcisecuritystandard } ``` - + +| Rule | Description | +| ------------------ | ----------------------------------------------------------------------------------------------------------------------------- | +| logging-check-1 | At least one project-level logging sink should be configured with an empty filter | \ No newline at end of file diff --git a/src/gcp/pci-dss-3.2.1/rules/index.ts b/src/gcp/pci-dss-3.2.1/rules/index.ts index 44842b4f..2d114b6d 100644 --- a/src/gcp/pci-dss-3.2.1/rules/index.ts +++ b/src/gcp/pci-dss-3.2.1/rules/index.ts @@ -1,3 +1,5 @@ +import Gcp_PCI_DSS_321_Logging_1 from './pci-dss-3.2.1-logging-check-1' + export default [ - // TODO: Add rules to export + Gcp_PCI_DSS_321_Logging_1 ] \ No newline at end of file diff --git a/src/gcp/pci-dss-3.2.1/rules/pci-dss-3.2.1-logging-check-1.ts b/src/gcp/pci-dss-3.2.1/rules/pci-dss-3.2.1-logging-check-1.ts new file mode 100644 index 00000000..adf3e075 --- /dev/null +++ b/src/gcp/pci-dss-3.2.1/rules/pci-dss-3.2.1-logging-check-1.ts @@ -0,0 +1,87 @@ +// GCP CIS 1.2.0 Rule equivalent 2.2 +export default { + id: 'gcp-pci-dss-3.2.1-logging-check-1', + title: 'Logging check 1: At least one project-level logging sink should be configured with an empty filter', + + description: `It is recommended to create a sink that will export copies of all the log entries. This can + help aggregate logs from multiple projects and export them to a Security Information and + Event Management (SIEM).`, + + audit: `**From Console:** + + 1. Go to *Logging/Exports* by visiting https://console.cloud.google.com/logs/exports. + 2. For every sink, click the 3-dot button for Menu options and select *View Filter*. + 3. Ensure there is at least one sink with an *empty* sink filter. + 4. Additionally, ensure that the resource configured as *Destination* exists. + + **From Command Line:** + + 1. Ensure that a sink with an *empty filter* exists. List the sinks for the project, folder or organization. If sinks are configured at a folder or organization level, they do not need to be configured for each project: + + gcloud logging sinks list --folder=FOLDER_ID | --organization=ORGANIZATION_ID | --project=PROJECT_ID + + The output should list at least one sink with an *empty filter*. + + 2. Additionally, ensure that the resource configured as *Destination* exists. + + See https://cloud.google.com/sdk/gcloud/reference/beta/logging/sinks/list for more information.`, + + rationale: 'Log entries are held in Cloud Logging. To aggregate logs, export them to a SIEM. To keep them longer, it is recommended to set up a log sink. Exporting involves writing a filter that selects the log entries to export, and choosing a destination in Cloud Storage, BigQuery, or Cloud Pub/Sub. The filter and destination are held in an object called a sink. To ensure all log entries are exported to sinks, ensure that there is no filter configured for a sink. Sinks can be created in projects, organizations, folders, and billing accounts.', + + remediation: `**From Console:** + + 1. Go to *Logging/Logs* by visiting https://console.cloud.google.com/logs/viewer. + 2. Click the down arrow symbol on *Filter Bar* at the rightmost corner and select + *Convert to Advanced Filter*. + 3. This step converts *Filter Bar* to *Advanced Filter Bar*. + 4. Clear any text from the *Advanced Filter* field. This ensures that the *log-filter* is + set to empty and captures all the logs. + 5. Click *Submit Filter* and the result should display all logs. + 6. Click *Create Sink*, which opens a menu on the right. + 7. Fill out the fields and click *Create Sink*. + + For more information, see https://cloud.google.com/logging/docs/export/configure_export_v2#dest-create. + + **From Command Line:** + To create a sink to export all log entries in a Google Cloud Storage bucket: + + gcloud logging sinks create storage.googleapis.com/DESTINATION_BUCKET_NAME + + Sinks can be created for a folder or organization, which will include all projects. + + gcloud logging sinks create storage.googleapis.com/DESTINATION_BUCKET_NAME --include-children -- folder=FOLDER_ID | --organization=ORGANIZATION_ID + + **Note:** + + 1. A sink created by the command-line above will export logs in storage buckets. However, sinks can be configured to export logs into BigQuery, or Cloud Pub/Sub, or *Custom Destination*. + 2. While creating a sink, the sink option *--log-filter* is not used to ensure the sink exports all log entries. + 3. A sink can be created at a folder or organization level that collects the logs of all the projects underneath bypassing the option *--include-children* in the cloud command.`, + + references: [ + 'https://cloud.google.com/logging/docs/reference/tools/gcloud-logging', + 'https://cloud.google.com/logging/quotas', + 'https://cloud.google.com/logging/docs/export/', + 'https://cloud.google.com/logging/docs/export/using_exported_logs', + 'https://cloud.google.com/logging/docs/export/configure_export_v2', + 'https://cloud.google.com/logging/docs/export/aggregated_exports', + 'https://cloud.google.com/sdk/gcloud/reference/beta/logging/sinks/list', + ], + gql: `{ + querygcpProject { + id + __typename + logSinks { + filter + } + } + }`, + resource: 'querygcpProject[*]', + severity: 'high', + conditions: { + path: '@.logSinks', + array_any: { + path: '[*].filter', + equal: '', + }, + }, +} diff --git a/src/gcp/pci-dss-3.2.1/tests/pci-dss-3.2.1-logging-checks.test.ts b/src/gcp/pci-dss-3.2.1/tests/pci-dss-3.2.1-logging-checks.test.ts new file mode 100644 index 00000000..89d9d478 --- /dev/null +++ b/src/gcp/pci-dss-3.2.1/tests/pci-dss-3.2.1-logging-checks.test.ts @@ -0,0 +1,70 @@ +import cuid from 'cuid' +import CloudGraph, { Rule, Result, Engine } from '@cloudgraph/sdk' + +import Gcp_PCI_DSS_321_Logging_1 from '../rules/pci-dss-3.2.1-logging-check-1' + +export interface LogSink { + filter?: string + destination?: string +} + +export interface QuerygcpProject { + id: string + logSinks: LogSink[] +} + +export interface PCIQueryResponse { + querygcpProject?: QuerygcpProject[] +} + +describe('PCI Data Security Standard: 3.2.1', () => { + let rulesEngine: Engine + beforeAll(() => { + rulesEngine = new CloudGraph.RulesEngine({ providerName: 'gcp', entityName: 'PCI'} ) + }) + + describe('Logging check 1: At least one project-level logging sink should be configured with an empty filter', () => { + const getTestRuleFixture = (filter: string): PCIQueryResponse => { + return { + querygcpProject: [ + { + id: cuid(), + logSinks: [ + { + filter: 'dummy filter', + }, + { + filter, + }, + ], + }, + ], + } + } + + const test22Rule = async ( + data: PCIQueryResponse, + expectedResult: Result + ): Promise => { + // Act + const [processedRule] = await rulesEngine.processRule( + Gcp_PCI_DSS_321_Logging_1 as Rule, + { ...data } + ) + + // Asserts + expect(processedRule.result).toBe(expectedResult) + } + + test('No Security Issue when there is a logSink with an empty filter', async () => { + const data: PCIQueryResponse = getTestRuleFixture('') + await test22Rule(data, Result.PASS) + }) + + test('Security Issue when there is a logSink with an empty filter', async () => { + const data: PCIQueryResponse = getTestRuleFixture('dummy-filter') + await test22Rule(data, Result.FAIL) + }) + }) + +}) From 6bb465729b2111378c5a9d1eb9e91d91951748c1 Mon Sep 17 00:00:00 2001 From: "mariano.pizarro" Date: Fri, 20 May 2022 10:19:32 -0300 Subject: [PATCH 24/30] feat: Support GCP NIST Access Control Configuration, Policies and DNS Best Practices --- src/gcp/nist-800-53-rev4/README.md | 19 +- .../rules/gcp-nist-800-53-rev4-1.1.ts | 109 ++ .../rules/gcp-nist-800-53-rev4-1.2.ts | 126 ++ .../rules/gcp-nist-800-53-rev4-1.3.ts | 128 ++ .../rules/gcp-nist-800-53-rev4-1.4.ts | 123 ++ .../rules/gcp-nist-800-53-rev4-1.5.ts | 114 ++ .../rules/gcp-nist-800-53-rev4-1.6.ts | 78 + .../rules/gcp-nist-800-53-rev4-1.7.ts | 71 + .../rules/gcp-nist-800-53-rev4-2.1.ts | 70 + .../rules/gcp-nist-800-53-rev4-2.2.ts | 76 + .../rules/gcp-nist-800-53-rev4-2.3.ts | 79 + src/gcp/nist-800-53-rev4/rules/index.ts | 22 +- .../tests/nist-800-53-rev4-1.x.test.ts | 1466 +++++++++++++++++ .../tests/nist-800-53-rev4-2.x.test.ts | 180 ++ .../tests/nist-800-53-rev4.test.ts | 18 - 15 files changed, 2654 insertions(+), 25 deletions(-) create mode 100644 src/gcp/nist-800-53-rev4/rules/gcp-nist-800-53-rev4-1.1.ts create mode 100644 src/gcp/nist-800-53-rev4/rules/gcp-nist-800-53-rev4-1.2.ts create mode 100644 src/gcp/nist-800-53-rev4/rules/gcp-nist-800-53-rev4-1.3.ts create mode 100644 src/gcp/nist-800-53-rev4/rules/gcp-nist-800-53-rev4-1.4.ts create mode 100644 src/gcp/nist-800-53-rev4/rules/gcp-nist-800-53-rev4-1.5.ts create mode 100644 src/gcp/nist-800-53-rev4/rules/gcp-nist-800-53-rev4-1.6.ts create mode 100644 src/gcp/nist-800-53-rev4/rules/gcp-nist-800-53-rev4-1.7.ts create mode 100644 src/gcp/nist-800-53-rev4/rules/gcp-nist-800-53-rev4-2.1.ts create mode 100644 src/gcp/nist-800-53-rev4/rules/gcp-nist-800-53-rev4-2.2.ts create mode 100644 src/gcp/nist-800-53-rev4/rules/gcp-nist-800-53-rev4-2.3.ts create mode 100644 src/gcp/nist-800-53-rev4/tests/nist-800-53-rev4-1.x.test.ts create mode 100644 src/gcp/nist-800-53-rev4/tests/nist-800-53-rev4-2.x.test.ts delete mode 100644 src/gcp/nist-800-53-rev4/tests/nist-800-53-rev4.test.ts diff --git a/src/gcp/nist-800-53-rev4/README.md b/src/gcp/nist-800-53-rev4/README.md index e784b489..642b3981 100644 --- a/src/gcp/nist-800-53-rev4/README.md +++ b/src/gcp/nist-800-53-rev4/README.md @@ -51,10 +51,17 @@ Policy Pack based on the [800-53 Rev. 4](https://csrc.nist.gov/publications/deta } ``` - + +| Rule | Description | +| ------------- | ---------------------------------------------------------------------------------------------------------------------------------- | +| AWS NIST 1.1 | Compute instances should not use the default service account | +| AWS NIST 1.2 | Compute instances should not use the default service account with full access to all Cloud APIs | +| AWS NIST 1.3 | Compute instance "block-project-ssh-keys should be enabled | +| AWS NIST 1.4 | Compute instances should not have public IP addresses | +| AWS NIST 1.5 | Compute instances "Enable connecting to serial ports" should not be enabled | +| AWS NIST 1.6 | SQL database instances should not permit access from 0.0.0.0/0 | +| AWS NIST 1.7 | SQL database instances should not have public IPs | +| AWS NIST 2.1 | DNS managed zone DNSSEC should be enabled | +| AWS NIST 2.2 | DNS managed zone DNSSEC key-signing keys should not use RSASHA1 | +| AWS NIST 2.3 | DNS managed zone DNSSEC zone-signing keys should not use RSASHA1 | diff --git a/src/gcp/nist-800-53-rev4/rules/gcp-nist-800-53-rev4-1.1.ts b/src/gcp/nist-800-53-rev4/rules/gcp-nist-800-53-rev4-1.1.ts new file mode 100644 index 00000000..c95da131 --- /dev/null +++ b/src/gcp/nist-800-53-rev4/rules/gcp-nist-800-53-rev4-1.1.ts @@ -0,0 +1,109 @@ +// GCP CIS 1.2.0 Rule equivalent 4.1 +export default { + id: 'gcp-nist-800-53-rev4-1.1', + title: + 'GCP NIST 1.1 Compute instances should not use the default service account', + description: `It is recommended to configure your instance to not use the default Compute Engine + service account because it has the Editor role on the project.`, + audit: `**From Console:** + + 1. Go to the *VM instances* page by visiting: https://console.cloud.google.com/compute/instances. + 2. Click on each instance name to go to its *VM instance details* page. + 3. Under the section *Service Account*, ensure that the default Compute Engine service account is not used. This account is named *[PROJECT_NUMBER]-compute@developer.gserviceaccount.com*. + + **From Command Line:** + + 1. List the instances in your project: + + gcloud compute instances list + + 2. Get the details on each instance: + + gcloud compute instances describe INSTANCE_NAME --zone ZONE + + 3. Ensure that the service account section does not have an email that matches the pattern used does not match the pattern *[PROJECT_NUMBER]-compute@developer.gserviceaccount.com*. + + **Exception:** + VMs created by GKE should be excluded. These VMs have names that start with *gke-* and + are labeled *goog-gke-node*.`, + rationale: `The default Compute Engine service account has the Editor role on the project, which allows read and write access to most Google Cloud Services. To defend against privilege escalations if your VM is compromised and prevent an attacker from gaining access to all of your project, it is recommended to not use the default Compute Engine service account. Instead, you should create a new service account and assigning only the permissions needed by your instance. + + The default Compute Engine service account is named *[PROJECT_NUMBER]- compute@developer.gserviceaccount.com*.`, + remediation: `**From Console:** + + 1. Go to the *VM instances* page by visiting:https://console.cloud.google.com/compute/instances. + 2. Click on the instance name to go to its *VM instance details* page. + 3. Click *STOP* and then click *EDIT*. + 4. Under the section *Service Account*, select a service account other than the default Compute Engine service account. You may first need to create a new service account. + 5. Click *Save* and then click *START*. + + **From Command Line:** + + 1. Stop the instance: + + gcloud compute instances stop INSTANCE_NAME + + 2. Update the instance: + + gcloud compute instances set-service-account INSTANCE_NAME --service-account=SERVICE_ACCOUNT + + 3. Restart the instance: + + gcloud compute instances start INSTANCE_NAME`, + references: [ + 'https://cloud.google.com/compute/docs/access/service-accounts', + 'https://cloud.google.com/compute/docs/access/create-enable-service-accounts-for-instances', + 'https://cloud.google.com/sdk/gcloud/reference/compute/instances/set-service-account', + ], + gql: `{ + querygcpVmInstance{ + __typename + id + project{ + id + } + name + labels{ + value + } + serviceAccounts{ + email + } + } + }`, + resource: 'querygcpVmInstance[*]', + severity: 'medium', + conditions: { + path: '@', + or: [ + { + path: '@', + and: [ + { + path: '[*].name', + match: /^gke-.*$/, + }, + { + path: '[*].labels', + array_any: { + path: '[*].value', + equal: 'goog-gke-node', + }, + }, + ], + }, + { + jq: `[{ "defaultEmail" : (.project[].id | split("/") | .[1] + "-compute@developer.gserviceaccount.com")} + .serviceAccounts[]] + | [.[] | select(.defaultEmail == .email) ] + | {"match" : (length > 0)}`, + path: '@', + and: [ + { + path: '@.match', + notEqual: true, + }, + ], + }, + ], + }, +} diff --git a/src/gcp/nist-800-53-rev4/rules/gcp-nist-800-53-rev4-1.2.ts b/src/gcp/nist-800-53-rev4/rules/gcp-nist-800-53-rev4-1.2.ts new file mode 100644 index 00000000..a657cf58 --- /dev/null +++ b/src/gcp/nist-800-53-rev4/rules/gcp-nist-800-53-rev4-1.2.ts @@ -0,0 +1,126 @@ +// GCP CIS 1.2.0 Rule equivalent 4.2 +export default { + id: 'gcp-nist-800-53-rev4-1.2', + title: + 'GCP NIST 1.2 Compute instances should not use the default service account with full access to all Cloud APIs', + description: `To support principle of least privileges and prevent potential privilege escalation it is + recommended that instances are not assigned to default service account Compute Engine + default service account with Scope Allow full access to all Cloud APIs.`, + audit: `**From Console:** + + 1. Go to the *VM instances* page by visiting: https://console.cloud.google.com/compute/instances. + 2. Click on each instance name to go to its *VM instance details* page. + 3. If the *Default Compute Engine service account* is selected under *Service Account*, ensure that *Cloud API access scopes* is not set to *Allow full access to all Cloud APIs*. + + **From Command Line:** + + 1. List Instances from project + + gcloud compute instances list + + 2. Get the details on each instance: + + gcloud compute instances describe INSTANCE_NAME --zone ZONE + + 3. Ensure that the instance is not configured to allow the https://www.googleapis.com/auth/cloud-platform scope for the default Compute Engine service account: + + serviceAccounts: + - email: [PROJECT_NUMBER]-compute@developer.gserviceaccount.com + scopes: + - https://www.googleapis.com/auth/cloud-platform + + **Exception:** Instances created by GKE should be excluded. These instances have names that + start with "gke-" and are labeled "goog-gke-node"`, + rationale: `Along with ability to optionally create, manage and use user managed custom service accounts, Google Compute Engine provides default service account *Compute Engine default service account* for an instances to access necessary cloud services. *Project Editor* role is assigned to *Compute Engine default service account* hence, This service account has almost all capabilities over all cloud services except billing. However, when *Compute Engine default service account* assigned to an instance it can operate in 3 scopes. + + 1. Allow default access: Allows only minimum access required to run an Instance (Least Privileges) + 2. Allow full access to all Cloud APIs: Allow full access to all the cloud APIs/Services (Too much access) + 3. Set access for each API: Allows Instance administrator to choose only those APIs that are needed to perform specific business functionality expected by instance + + When an instance is configured with *Compute Engine default service account* with Scope *Allow full access to all Cloud APIs*, based on IAM roles assigned to the user(s) accessing Instance, it may allow user to perform cloud operations/API calls that user is not supposed to perform leading to successful privilege escalation.`, + remediation: `**From Console:** + + 1. Go to the *VM instances* page by visiting: https://console.cloud.google.com/compute/instances. + 2. Click on the impacted VM instance. + 3. If the instance is not stopped, click the *Stop* button. Wait for the instance to be stopped. + 4. Next, click the *Edit* button. + 5. Scroll down to the *Service Account* section. + 6. Select a different service account or ensure that *Allow full access to all Cloud APIs* is not selected. + 7. Click the *Save* button to save your changes and then click *START*. + + **From Command Line:** + + 1. Stop the instance: + + gcloud compute instances stop INSTANCE_NAME + + 2. Update the instance: + + gcloud compute instances set-service-account INSTANCE_NAME --service- account=SERVICE_ACCOUNT --scopes [SCOPE1, SCOPE2...] + + 3. Restart the instance: + + gcloud compute instances start INSTANCE_NAME`, + references: [ + 'https://cloud.google.com/compute/docs/access/create-enable-service-accounts-for-instances', + 'https://cloud.google.com/compute/docs/access/service-accounts', + ], + gql: `{ + querygcpVmInstance{ + __typename + id + project{ + id + } + name + labels{ + value + } + serviceAccounts{ + email + scopes + } + } + }`, + resource: 'querygcpVmInstance[*]', + severity: 'medium', + conditions: { + path: '@', + or: [ + { + path: '@', + and: [ + { + path: '[*].name', + match: /^gke-.*$/, + }, + { + path: '[*].labels', + array_any: { + path: '[*].value', + equal: 'goog-gke-node', + }, + }, + ], + }, + { + jq: `[{ "defaultEmail" : (.project[].id | split("/") | .[1] + "-compute@developer.gserviceaccount.com")} + .serviceAccounts[]] + | [.[] | select(.defaultEmail == .email) ] + | {"match" : (length > 0), "scopes": .[].scopes} // {"match" : false, "scopes": []}`, + path: '@', + and: [ + { + path: '@.match', + notEqual: true, + }, + { + path: '[*].scopes', + array_all: { + notEqual: 'https://www.googleapis.com/auth/cloud-platform', + }, + }, + ], + }, + ], + }, +} diff --git a/src/gcp/nist-800-53-rev4/rules/gcp-nist-800-53-rev4-1.3.ts b/src/gcp/nist-800-53-rev4/rules/gcp-nist-800-53-rev4-1.3.ts new file mode 100644 index 00000000..6b9336cf --- /dev/null +++ b/src/gcp/nist-800-53-rev4/rules/gcp-nist-800-53-rev4-1.3.ts @@ -0,0 +1,128 @@ +// GCP CIS 1.2.0 Rule equivalent 4.3 +export default { + id: 'gcp-nist-800-53-rev4-1.3', + title: + 'GCP NIST 1.3 Compute instance "block-project-ssh-keys should be enabled', + description: `It is recommended to use Instance specific SSH key(s) instead of using common/shared + project-wide SSH key(s) to access Instances.`, + audit: `**From Console:** + + 1. Go to the *VM instances* page by visiting https://console.cloud.google.com/compute/instances. It will list all the instances in your project. + 2. For every instance, click on the name of the instance. + 3. Under *SSH Keys*, ensure *Block project-wide SSH keys* is selected. + + **From Command Line:** + + 1. List all instances in a project: + + gcloud compute instances list + + 2. For every instance, get the instance metadata: + + gcloud compute instances describe INSTANCE_NAME + + 3. Ensure key: *block-project-ssh-keys* set to *value*: '*true*'. + + **Exception:** + Instances created by GKE should be excluded. These instances have names that start with + "gke-" and are labeled "goog-gke-node".`, + rationale: 'Project-wide SSH keys are stored in Compute/Project-meta-data. Project wide SSH keys can be used to login into all the instances within project. Using project-wide SSH keys eases the SSH key management but if compromised, poses the security risk which can impact all the instances within project. It is recommended to use Instance specific SSH keys which can limit the attack surface if the SSH keys are compromised.', + remediation: `**From Console:** + + 1. Go to the *VM instances* page by visiting: https://console.cloud.google.com/compute/instances. It will list all the instances in your project. + 2. Click on the name of the Impacted instance + 3. Click *Edit* in the toolbar + 4. Under SSH Keys, go to the *Block project-wide SSH keys* checkbox + 5. To block users with project-wide SSH keys from connecting to this instance, select *Block project-wide SSH keys* + 6. Click *Save* at the bottom of the page + 7. Repeat steps for every impacted Instance + + **From Command Line:** + Block project-wide public SSH keys, set the metadata value to *TRUE*: + + gcloud compute instances add-metadata INSTANCE_NAME --metadata block-project- ssh-keys=TRUE`, + references: [ + 'https://cloud.google.com/compute/docs/instances/adding-removing-ssh-keys', + ], + gql: `{ + querygcpVmInstance{ + __typename + id + project{ + id + } + name + labels{ + value + } + serviceAccounts{ + email + scopes + } + metadata{ + items{ + key + value + } + } + } + }`, + resource: 'querygcpVmInstance[*]', + severity: 'medium', + conditions: { + path: '@', + or: [ + { + path: '@', + and: [ + { + path: '[*].name', + match: /^gke-.*$/, + }, + { + path: '[*].labels', + array_any: { + path: '[*].value', + equal: 'goog-gke-node', + }, + }, + ], + }, + { + path: '[*].metadata.items', + isEmpty: true + }, + { + and: [ + { + path: '[*].metadata.items', + array_any: { + and: [ + { + path: '[*].key', + equal: 'block-project-ssh-keys', + }, + { + path: '[*].value', + equal: 'true', + }, + ], + }, + }, + { + jq: `[{ "defaultEmail" : (.project[].id | split("/") | .[1] + "-compute@developer.gserviceaccount.com")} + .serviceAccounts[]] + | [.[] | select(.defaultEmail == .email) ] + | {"match" : (length > 0)} // {"match" : false}`, + path: '@', + and: [ + { + path: '@.match', + notEqual: true, + }, + ], + }, + ], + }, + ], + }, +} diff --git a/src/gcp/nist-800-53-rev4/rules/gcp-nist-800-53-rev4-1.4.ts b/src/gcp/nist-800-53-rev4/rules/gcp-nist-800-53-rev4-1.4.ts new file mode 100644 index 00000000..728e5b5c --- /dev/null +++ b/src/gcp/nist-800-53-rev4/rules/gcp-nist-800-53-rev4-1.4.ts @@ -0,0 +1,123 @@ +// GCP CIS 1.2.0 Rule equivalent 4.9 +export default { + id: 'gcp-nist-800-53-rev4-1.4', + title: + 'GCP NIST 1.4 Compute instances should not have public IP addresses', + description: + 'Compute instances should not be configured to have external IP addresses.', + audit: `**From Console:** + + 1. Go to the *VM instances* page by visiting: https://console.cloud.google.com/compute/instances. + 2. For every VM, ensure that there is no *External IP* configured. + + **From Command Line:** + + 1. List the instances in your project: + + gcloud compute instances list + + 2. For every instance, list its configuration: + + gcloud compute instances describe INSTANCE_NAME --zone=ZONE + + 3. The output should not contain an *accessConfigs* section under *networkInterfaces*. Note that the *natIP* value is present only for instances that are running or for instances that are stoped but have a static IP address. For instances that are stopped and are configured to have an ephemeral public IP address, the *natIP* field will not be present. Example output: + + networkInterfaces: + - accessConfigs: + - kind: compute#accessConfig + name: External NAT + networkTier: STANDARD + type: ONE_TO_ONE_NAT + + **Exception:** + + Instances created by GKE should be excluded because some of them have external IP + addresses and cannot be changed by editing the instance settings. Instances created by GKE + should be excluded. These instances have names that start with "gke-" and are labeled + "goog-gke-node".`, + rationale: 'To reduce your attack surface, Compute instances should not have public IP addresses. Instead, instances should be configured behind load balancers, to minimize the instance\'s exposure to the internet.', + remediation: `**From Console:** + + 1. Go to the *VM instances* page by visiting: https://console.cloud.google.com/compute/instances. + 2. Click on the instance name to go the the *Instance detail page*. + 3. Click *Edit*. + 4. For each Network interface, ensure that *External IP* is set to *None*. + 5. Click *Done* and then click *Save*. + + **From Command Line:** + + 1. Describe the instance properties: + + gcloud compute instances describe INSTANCE_NAME --zone=ZONE + + 2. Identify the access config name that contains the external IP address. This access config appears in the following format: + + networkInterfaces: + - accessConfigs: + - kind: compute#accessConfig + name: External NAT + natIP: 130.211.181.55 + type: ONE_TO_ONE_NAT + + 2. Delete the access config. + + gcloud compute instances delete-access-config INSTANCE_NAME --zone=ZONE -- access-config-name "ACCESS_CONFIG_NAME" + + + In the above example, the *ACCESS_CONFIG_NAME* is *External NAT*. The name of your access + config might be different. + + **Prevention:** + + You can configure the *Define allowed external IPs for VM instances* Organization Policy to prevent VMs from being configured with public IP addresses. Learn more at: https://console.cloud.google.com/orgpolicies/compute-vmExternalIpAccess`, + references: [ + 'https://cloud.google.com/load-balancing/docs/backend-service#backends_and_external_ip_addresses', + 'https://cloud.google.com/compute/docs/instances/connecting-advanced#sshbetweeninstances', + 'https://cloud.google.com/compute/docs/instances/connecting-to-instance', + 'https://cloud.google.com/compute/docs/ip-addresses/reserve-static-external-ip-address#unassign_ip', + 'https://cloud.google.com/resource-manager/docs/organization-policy/org-policy-constraints', + ], + gql: `{ + querygcpVmInstance { + id + __typename + name + networkInterfaces { + accessConfigs { + name + natIP + } + } + } + }`, + resource: 'querygcpVmInstance[*]', + severity: 'unknown', + conditions: { + not: { + and: [ + { + path: '@.name', + mismatch: /^gke-.*$/, + }, + { + path: '@.networkInterfaces', + array_any: { + path: '[*].accessConfigs', + array_any: { + and: [ + { + path: '[*].natIP', + notEqual: null, + }, + { + path: '[*].natIP', + notEqual: '', + }, + ], + }, + }, + }, + ], + }, + }, +} diff --git a/src/gcp/nist-800-53-rev4/rules/gcp-nist-800-53-rev4-1.5.ts b/src/gcp/nist-800-53-rev4/rules/gcp-nist-800-53-rev4-1.5.ts new file mode 100644 index 00000000..47f31d73 --- /dev/null +++ b/src/gcp/nist-800-53-rev4/rules/gcp-nist-800-53-rev4-1.5.ts @@ -0,0 +1,114 @@ +// GCP CIS 1.2.0 Rule equivalent 4.5 +export default { + id: 'gcp-nist-800-53-rev4-1.5', + title: + 'GCP NIST 1.5 Compute instances "Enable connecting to serial ports" should not be enabled', + description: `Interacting with a serial port is often referred to as the serial console, which is similar to + using a terminal window, in that input and output is entirely in text mode and there is no + graphical interface or mouse support. + + If you enable the interactive serial console on an instance, clients can attempt to connect to + that instance from any IP address. Therefore interactive serial console support should be + disabled.`, + audit: `**From Console:** + + 1. Login to Google Cloud console + 2. Go to Computer Engine + 3. Go to VM instances + 4. Click on the Specific VM + 5. Ensure *Enable connecting to serial ports* below *Remote access* block is + unselected. + + **From Command Line:** + Ensure the below command's output shows *null*: + + gcloud compute instances describe --zone= -- format="json(metadata.items[].key,metadata.items[].value)" + + or *key* and *value* properties from below command's json response are equal to *serial-port-enable* and *0* or *false* respectively. + + { + "metadata": { + "items": [ + { + "key": "serial-port-enable", + "value": "0" + } + ] + } + }`, + rationale: `A virtual machine instance has four virtual serial ports. Interacting with a serial port is similar to using a terminal window, in that input and output is entirely in text mode and there is no graphical interface or mouse support. The instance's operating system, BIOS, and other system-level entities often write output to the serial ports, and can accept input such as commands or answers to prompts. Typically, these system-level entities use the first serial port (port 1) and serial port 1 is often referred to as the serial console. + + The interactive serial console does not support IP-based access restrictions such as IP whitelists. If you enable the interactive serial console on an instance, clients can attempt to connect to that instance from any IP address. This allows anybody to connect to that instance if they know the correct SSH key, username, project ID, zone, and instance name. + + Therefore interactive serial console support should be disabled.`, + remediation: `**From Console:** + + 1. Login to Google Cloud console + 2. Go to Computer Engine + 3. Go to VM instances + 4. Click on the Specific VM + 5. Click *EDIT* + 6. Unselect *Enable connecting to serial ports* below *Remote access* block. + 7. Click *Save* + + **From Command Line:** + Use the below command to disable + + gcloud compute instances add-metadata INSTANCE_NAME --zone=ZONE -- metadata=serial-port-enable=false + + or + + gcloud compute instances add-metadata INSTANCE_NAME --zone=ZONE -- metadata=serial-port-enable=0 + + **Prevention:** + You can prevent VMs from having serial port access enable by *Disable VM serial port + access* organization policy: https://console.cloud.google.com/iam-admin/orgpolicies/compute-disableSerialPortAccess.`, + references: [ + 'https://cloud.google.com/compute/docs/instances/interacting-with-serial-console', + ], + gql: `{ + querygcpVmInstance{ + __typename + id + metadata{ + items{ + key + value + } + } + } + }`, + resource: 'querygcpVmInstance[*]', + severity: 'medium', + conditions: { + path: '@.metadata.items', + array_any: { + or: [ + { + and: [ + { + path: '[*].key', + equal: 'serial-port-enable', + }, + { + path: '[*].value', + equal: '0', + }, + ], + }, + { + and: [ + { + path: '[*].key', + equal: 'serial-port-enable', + }, + { + path: '[*].value', + equal: 'false', + }, + ], + }, + ], + }, + }, +} diff --git a/src/gcp/nist-800-53-rev4/rules/gcp-nist-800-53-rev4-1.6.ts b/src/gcp/nist-800-53-rev4/rules/gcp-nist-800-53-rev4-1.6.ts new file mode 100644 index 00000000..4902c93d --- /dev/null +++ b/src/gcp/nist-800-53-rev4/rules/gcp-nist-800-53-rev4-1.6.ts @@ -0,0 +1,78 @@ +// GCP CIS 1.2.0 Rule equivalent 6.5 +export default { + id: 'gcp-nist-800-53-rev4-1.6', + title: + 'GCP NIST 1.6 SQL database instances should not permit access from 0.0.0.0/0', + description: `Database Server should accept connections only from trusted Network(s)/IP(s) and + restrict access from the world.`, + audit: `**From Console:** + + 1. Go to the Cloud SQL Instances page in the Google Cloud Console by visiting https://console.cloud.google.com/sql/instances. + 2. Click the instance name to open its *Instance details* page. + 3. Under the *Configuration* section click *Edit configurations*. + 4. Under *Configuration options* expand the *Connectivity* section. + 5. Ensure that no authorized network is configured to allow *0.0.0.0/0*. + + **From Command Line:** + + 1. List all Cloud SQL database Instances using the following command: + + gcloud sql instances list + + + 2. Get detailed configuration for every Cloud SQL database instance. + + gcloud sql instances describe INSTANCE_NAME + + Ensure that the section *settings: ipConfiguration : authorizedNetworks* does not have any parameter value containing *0.0.0.0/0*.`, + rationale: `To minimize attack surface on a Database server instance, only trusted/known and required IP(s) should be white-listed to connect to it. + + An authorized network should not have IPs/networks configured to *0.0.0.0/0* which will allow access to the instance from anywhere in the world. Note that authorized networks apply only to instances with public IPs.`, + remediation: `**From Console:** + + 1. Go to the Cloud SQL Instances page in the Google Cloud Console by visiting https://console.cloud.google.com/sql/instances. + 2. Click the instance name to open its *Instance details* page. + 3. Under the *Configuration* section click *Edit configuration*s + 4. Under *Configuration options* expand the *Connectivity* section. + 5. Click the *delete* icon for the authorized network *0.0.0.0/0*. + 6. Click *Save* to update the instance. + + **From Command Line:** + + Update the authorized network list by dropping off any addresses. + + gcloud sql instances patch INSTANCE_NAME --authorized-networks=IP_ADDR1,IP_ADDR2... + + **Prevention:** + + To prevent new SQL instances from being configured to accept incoming connections from any IP addresses, set up a *Restrict Authorized Networks on Cloud SQL instances* Organization Policy at: https://console.cloud.google.com/iam-admin/orgpolicies/sql-restrictAuthorizedNetworks.`, + references: [ + 'https://cloud.google.com/sql/docs/mysql/configure-ip', + 'https://console.cloud.google.com/iam-admin/orgpolicies/sql-restrictAuthorizedNetworks', + 'https://cloud.google.com/resource-manager/docs/organization-policy/org-policy-constraints', + 'https://cloud.google.com/sql/docs/mysql/connection-org-policy', + ], + gql: `{ + querygcpSqlInstance { + id + __typename + name + settings { + ipConfiguration { + authorizedNetworks { + value + } + } + } + } + }`, + resource: 'querygcpSqlInstance[*]', + severity: 'high', + conditions: { + path: '@.settings.ipConfiguration.authorizedNetworks', + array_all: { + path: '[*].value', + notEqual: '0.0.0.0/0', + }, + }, +} diff --git a/src/gcp/nist-800-53-rev4/rules/gcp-nist-800-53-rev4-1.7.ts b/src/gcp/nist-800-53-rev4/rules/gcp-nist-800-53-rev4-1.7.ts new file mode 100644 index 00000000..98aeafb7 --- /dev/null +++ b/src/gcp/nist-800-53-rev4/rules/gcp-nist-800-53-rev4-1.7.ts @@ -0,0 +1,71 @@ +// GCP CIS 1.2.0 Rule equivalent 6.6 +export default { + id: 'gcp-nist-800-53-rev4-1.7', + title: + 'GCP NIST 1.7 SQL database instances should not have public IPs', + description: `It is recommended to configure Second Generation Sql instance to use private IPs instead of + public IPs.`, + audit: `**From Console:** + + 1. Go to the Cloud SQL Instances page in the Google Cloud Console: https://console.cloud.google.com/sql/instances + 2. Ensure that every instance has a private IP address and no public IP address configured. + + **From Command Line:** + + 1. List all Cloud SQL database instances using the following command: + + gcloud sql instances list + + 2. For every instance of type *instanceType: CLOUD_SQL_INSTANCE* with *backendType: SECOND_GEN*, get detailed configuration. Ignore instances of type *READ_REPLICA_INSTANCE* because these instances inherit their settings from the primary instance. Also, note that first generation instances cannot be configured to have a private IP address. + + gcloud sql instances describe INSTANCE_NAME + + 3. Ensure that the setting *ipAddresses* has an IP address configured of *type: PRIVATE* and has no IP address of type: PRIMARY. PRIMARY email addresses are public addresses. An instance can have both a private and public address at the same time. Note also that you cannot use private IP with First Generation instances.`, + rationale: 'To lower the organization\'s attack surface, Cloud SQL databases should not have public IPs. Private IPs provide improved network security and lower latency for your application.', + remediation: `**From Console:** + + 1. Go to the Cloud SQL Instances page in the Google Cloud Console: https://console.cloud.google.com/sql/instances + 2. Click the instance name to open its Instance details page. + 3. Select the *Connections* tab. + 4. Deselect the *Public IP* checkbox. + 5. Click *Save* to update the instance. + + **From Command Line:** + + 1. For every instance remove its public IP and assign a private IP instead: + + gcloud beta sql instances patch INSTANCE_NAME --network=VPC_NETWOR_NAME --no-assign-ip + + 2. Confirm the changes using the following command:: + + gcloud sql instances describe INSTANCE_NAME + + **Prevention:** + + To prevent new SQL instances from getting configured with public IP addresses, set up a *Restrict Public IP access on Cloud SQL instances* Organization policy at: https://console.cloud.google.com/iam-admin/orgpolicies/sql-restrictPublicIp.`, + references: [ + 'https://cloud.google.com/sql/docs/mysql/configure-private-ip', + 'https://cloud.google.com/sql/docs/mysql/private-ip', + 'https://cloud.google.com/resource-manager/docs/organization-policy/org-policy-constraints', + 'https://console.cloud.google.com/iam-admin/orgpolicies/sql-restrictPublicIp', + ], + gql: `{ + querygcpSqlInstance(filter:{instanceType:{eq: "CLOUD_SQL_INSTANCE"}, backendType:{eq: "SECOND_GEN"}}) { + id + __typename + name + ipAddresses{ + type + } + } + }`, + resource: 'querygcpSqlInstance[*]', + severity: 'unknown', + conditions: { + path: '@.ipAddresses', + array_all: { + path: '[*].type', + equal: 'PRIVATE', + }, + }, +} diff --git a/src/gcp/nist-800-53-rev4/rules/gcp-nist-800-53-rev4-2.1.ts b/src/gcp/nist-800-53-rev4/rules/gcp-nist-800-53-rev4-2.1.ts new file mode 100644 index 00000000..85c689d9 --- /dev/null +++ b/src/gcp/nist-800-53-rev4/rules/gcp-nist-800-53-rev4-2.1.ts @@ -0,0 +1,70 @@ +// GCP CIS 1.2.0 Rule equivalent 3.3 +export default { + id: 'gcp-nist-800-53-rev4-2.1', + title: 'GCP NIST 2.1 DNS managed zone DNSSEC should be enabled', + description: `Cloud Domain Name System (DNS) is a fast, reliable and cost-effective domain name system + that powers millions of domains on the internet. Domain Name System Security Extensions + (DNSSEC) in Cloud DNS enables domain owners to take easy steps to protect their domains + against DNS hijacking and man-in-the-middle and other attacks.`, + audit: `**From Console:** + + 1. Go to *Cloud DNS* by visiting https://console.cloud.google.com/net-services/dns/zones. + 2. For each zone of *Type Public*, ensure that *DNSSEC* is set to *On*. + + **From Command Line:** + + 1. List all the Managed Zones in a project: + + gcloud dns managed-zones list + + 2. For each zone of *VISIBILITY public*, get its metadata: + + gcloud dns managed-zones describe ZONE_NAME + + 3. Ensure that *dnssecConfig.state* property is *on*.`, + rationale: 'Domain Name System Security Extensions (DNSSEC) adds security to the DNS protocol by enabling DNS responses to be validated. Having a trustworthy DNS that translates a domain name like www.example.com into its associated IP address is an increasingly important building block of today’s web-based applications. Attackers can hijack this process of domain/IP lookup and redirect users to a malicious site through DNS hijacking and man-in- the-middle attacks. DNSSEC helps mitigate the risk of such attacks by cryptographically signing DNS records. As a result, it prevents attackers from issuing fake DNS responses that may misdirect browsers to nefarious websites.', + remediation: `**From Console:** + + 1. Go to *Cloud DNS* by visiting https://console.cloud.google.com/net-services/dns/zones. + 2. For each zone of *Type Public*, set *DNSSEC* to *On*. + + **From Command Line:** + Use the below command to enable *DNSSEC* for Cloud DNS Zone Name. + + gcloud dns managed-zones update ZONE_NAME --dnssec-state on`, + references: [ + 'https://cloudplatform.googleblog.com/2017/11/DNSSEC-now-available-in-Cloud-DNS.html', + 'https://cloud.google.com/dns/dnssec-config#enabling', + 'https://cloud.google.com/dns/dnssec', + ], + gql: `{ + querygcpDnsManagedZone { + id + __typename + visibility + dnssecConfigState + } + }`, + resource: 'querygcpDnsManagedZone[*]', + severity: 'medium', + conditions: { + or: [ + { + path: '@.visibility', + equal: 'private', + }, + { + and: [ + { + path: '@.visibility', + equal: 'public', + }, + { + path: '@.dnssecConfigState', + equal: 'on', + }, + ], + }, + ], + }, +} diff --git a/src/gcp/nist-800-53-rev4/rules/gcp-nist-800-53-rev4-2.2.ts b/src/gcp/nist-800-53-rev4/rules/gcp-nist-800-53-rev4-2.2.ts new file mode 100644 index 00000000..8f58e315 --- /dev/null +++ b/src/gcp/nist-800-53-rev4/rules/gcp-nist-800-53-rev4-2.2.ts @@ -0,0 +1,76 @@ +// GCP CIS 1.2.0 Rule equivalent 3.4 +export default { + id: 'gcp-nist-800-53-rev4-2.2', + title: + 'GCP NIST 2.2 DNS managed zone DNSSEC key-signing keys should not use RSASHA1', + description: `DNSSEC algorithm numbers in this registry may be used in CERT RRs. Zone signing + (DNSSEC) and transaction security mechanisms (SIG(0) and TSIG) make use of particular + subsets of these algorithms. The algorithm used for key signing should be a recommended + one and it should be strong.`, + audit: `Currently there is no support to audit this setting through console. + + **From Command Line:** + Ensure the property algorithm for keyType keySigning is not using *RSASHA1*. + + gcloud dns managed-zones describe ZONENAME --format="json(dnsName,dnssecConfig.state,dnssecConfig.defaultKeySpecs)"`, + rationale: `Domain Name System Security Extensions (DNSSEC) algorithm numbers in this registry may be used in CERT RRs. Zonesigning (DNSSEC) and transaction security mechanisms (SIG(0) and TSIG) make use of particular subsets of these algorithms. + + The algorithm used for key signing should be a recommended one and it should be strong. When enabling DNSSEC for a managed zone, or creating a managed zone with DNSSEC, the user can select the DNSSEC signing algorithms and the denial-of-existence type. Changing the DNSSEC settings is only effective for a managed zone if DNSSEC is not already enabled. If there is a need to change the settings for a managed zone where it has been enabled, turn DNSSEC off and then re-enable it with different settings.`, + remediation: `1. If it is necessary to change the settings for a managed zone where it has been enabled, NSSEC must be turned off and re-enabled with different settings. To turn off DNSSEC, run the following command: + + gcloud dns managed-zones update ZONE_NAME --dnssec-state off + + +2. To update key-signing for a reported managed DNS Zone, run the following command: + + gcloud dns managed-zones update ZONE_NAME --dnssec-state on --ksk-algorithm KSK_ALGORITHM --ksk-key-length KSK_KEY_LENGTH --zsk-algorithm ZSK_ALGORITHM - -zsk-key-length ZSK_KEY_LENGTH --denial-of-existence DENIAL_OF_EXISTENCE`, + references: [ + 'https://cloud.google.com/dns/dnssec-advanced#advanced_signing_options', + ], + gql: `{ + querygcpDnsManagedZone { + id + __typename + visibility + dnssecConfigDefaultKeySpecs { + keyType + algorithm + } + } + }`, + resource: 'querygcpDnsManagedZone[*]', + severity: 'medium', + conditions: { + or: [ + { + path: '@.visibility', + equal: 'private', + }, + { + and: [ + { + path: '@.visibility', + equal: 'public', + }, + { + not: { + path: '@.dnssecConfigDefaultKeySpecs', + array_any: { + and: [ + { + path: '[*].keyType', + equal: 'keySigning', + }, + { + path: '[*].algorithm', + equal: 'rsasha1', + }, + ], + }, + }, + }, + ], + }, + ], + }, +} diff --git a/src/gcp/nist-800-53-rev4/rules/gcp-nist-800-53-rev4-2.3.ts b/src/gcp/nist-800-53-rev4/rules/gcp-nist-800-53-rev4-2.3.ts new file mode 100644 index 00000000..044a5842 --- /dev/null +++ b/src/gcp/nist-800-53-rev4/rules/gcp-nist-800-53-rev4-2.3.ts @@ -0,0 +1,79 @@ +// GCP CIS 1.2.0 Rule equivalent 3.5 +export default { + id: 'gcp-nist-800-53-rev4-2.3', + title: + 'GCP NIST 2.3 DNS managed zone DNSSEC zone-signing keys should not use RSASHA1', + description: `DNSSEC algorithm numbers in this registry may be used in CERT RRs. Zone signing + (DNSSEC) and transaction security mechanisms (SIG(0) and TSIG) make use of particular + subsets of these algorithms. The algorithm used for key signing should be a recommended + one and it should be strong.`, + audit: `Currently there is no support to audit this setting through the console. + + **From Command Line:** + Ensure the property algorithm for keyType zone signing is not using RSASHA1. + + gcloud dns managed-zones describe --format="json(dnsName,dnssecConfig.state,dnssecConfig.defaultKeySpecs)"`, + rationale: `DNSSEC algorithm numbers in this registry may be used in CERT RRs. Zone signing (DNSSEC) and transaction security mechanisms (SIG(0) and TSIG) make use of particular subsets of these algorithms. + + The algorithm used for key signing should be a recommended one and it should be strong. When enabling DNSSEC for a managed zone, or creating a managed zone with DNSSEC, the DNSSEC signing algorithms and the denial-of-existence type can be selected. Changing the DNSSEC settings is only effective for a managed zone if DNSSEC is not already enabled. If the need exists to change the settings for a managed zone where it has been enabled, turn DNSSEC off and then re-enable it with different settings.`, + remediation: `1. If the need exists to change the settings for a managed zone where it has been + enabled, DNSSEC must be turned off and then re-enabled with different settings. To + turn off DNSSEC, run following command: + + gcloud dns managed-zones update ZONE_NAME --dnssec-state off + + +2. To update zone-signing for a reported managed DNS Zone, run the following + command: + + gcloud dns managed-zones update ZONE_NAME --dnssec-state on --ksk-algorithm KSK_ALGORITHM --ksk-key-length KSK_KEY_LENGTH --zsk-algorithm ZSK_ALGORITHM - -zsk-key-length ZSK_KEY_LENGTH --denial-of-existence DENIAL_OF_EXISTENCE`, + references: [ + 'https://cloud.google.com/dns/dnssec-advanced#advanced_signing_options', + ], + gql: `{ + querygcpDnsManagedZone { + id + __typename + visibility + dnssecConfigDefaultKeySpecs { + keyType + algorithm + } + } + }`, + resource: 'querygcpDnsManagedZone[*]', + severity: 'medium', + conditions: { + or: [ + { + path: '@.visibility', + equal: 'private', + }, + { + and: [ + { + path: '@.visibility', + equal: 'public', + }, + { + not: { + path: '@.dnssecConfigDefaultKeySpecs', + array_any: { + and: [ + { + path: '[*].keyType', + equal: 'zoneSigning', + }, + { + path: '[*].algorithm', + equal: 'rsasha1', + }, + ], + }, + }, + }, + ], + }, + ], + }, +} diff --git a/src/gcp/nist-800-53-rev4/rules/index.ts b/src/gcp/nist-800-53-rev4/rules/index.ts index 44842b4f..65a61b1a 100644 --- a/src/gcp/nist-800-53-rev4/rules/index.ts +++ b/src/gcp/nist-800-53-rev4/rules/index.ts @@ -1,3 +1,23 @@ +import Gcp_NIST_800_53_11 from './gcp-nist-800-53-rev4-1.1' +import Gcp_NIST_800_53_12 from './gcp-nist-800-53-rev4-1.2' +import Gcp_NIST_800_53_13 from './gcp-nist-800-53-rev4-1.3' +import Gcp_NIST_800_53_14 from './gcp-nist-800-53-rev4-1.4' +import Gcp_NIST_800_53_15 from './gcp-nist-800-53-rev4-1.5' +import Gcp_NIST_800_53_16 from './gcp-nist-800-53-rev4-1.6' +import Gcp_NIST_800_53_17 from './gcp-nist-800-53-rev4-1.7' +import Gcp_NIST_800_53_21 from './gcp-nist-800-53-rev4-2.1' +import Gcp_NIST_800_53_22 from './gcp-nist-800-53-rev4-2.2' +import Gcp_NIST_800_53_23 from './gcp-nist-800-53-rev4-2.3' + export default [ - // TODO: Add rules to export + Gcp_NIST_800_53_11, + Gcp_NIST_800_53_12, + Gcp_NIST_800_53_13, + Gcp_NIST_800_53_14, + Gcp_NIST_800_53_15, + Gcp_NIST_800_53_16, + Gcp_NIST_800_53_17, + Gcp_NIST_800_53_21, + Gcp_NIST_800_53_22, + Gcp_NIST_800_53_23. ] \ No newline at end of file diff --git a/src/gcp/nist-800-53-rev4/tests/nist-800-53-rev4-1.x.test.ts b/src/gcp/nist-800-53-rev4/tests/nist-800-53-rev4-1.x.test.ts new file mode 100644 index 00000000..97774375 --- /dev/null +++ b/src/gcp/nist-800-53-rev4/tests/nist-800-53-rev4-1.x.test.ts @@ -0,0 +1,1466 @@ +import cuid from 'cuid' +import CloudGraph, { Rule, Result, Engine } from '@cloudgraph/sdk' + +import Gcp_NIST_800_53_11 from '../rules/gcp-nist-800-53-rev4-1.1' +import Gcp_NIST_800_53_12 from '../rules/gcp-nist-800-53-rev4-1.2' +import Gcp_NIST_800_53_13 from '../rules/gcp-nist-800-53-rev4-1.3' +import Gcp_NIST_800_53_14 from '../rules/gcp-nist-800-53-rev4-1.4' +import Gcp_NIST_800_53_15 from '../rules/gcp-nist-800-53-rev4-1.5' +import Gcp_NIST_800_53_16 from '../rules/gcp-nist-800-53-rev4-1.6' +import Gcp_NIST_800_53_17 from '../rules/gcp-nist-800-53-rev4-1.7' + +export interface DatabaseFlagsItem { + name: string + value: string | null +} + +export interface AuthorizedNetwork { + value: string +} + +export interface IpConfiguration { + requireSsl?: boolean | null + authorizedNetworks?: AuthorizedNetwork[] +} + +export interface BackupConfiguration { + enabled: boolean | null + startTime: string | null +} + +export interface Settings { + databaseFlags: DatabaseFlagsItem[] + ipConfiguration?: IpConfiguration + backupConfiguration?: BackupConfiguration +} + +export interface IpAddress { + type: string +} + +export interface ServiceAccount { + email: string + scopes?: string[] +} + +export interface Label { + value: string +} + +export interface Project { + id: string +} + +export interface MetadataItem { + key: string + value: string +} + +export interface Metadata { + items: MetadataItem[] +} + +export interface DiskEncryptionKey { + sha256: string | null +} + +export interface Disk { + diskEncryptionKey: DiskEncryptionKey | null +} + +export interface AccessConfigs { + natIP: string | null +} + +export interface NetworkInterfaces { + accessConfigs: AccessConfigs[] +} + +export interface ShieldedInstanceConfig { + enableIntegrityMonitoring: boolean + enableVtpm: boolean +} + +export interface ConfidentialInstanceConfig { + enableConfidentialCompute: boolean +} + +export interface QuerygcpVmInstance { + id: string + name?: string + shieldedInstanceConfig?: ShieldedInstanceConfig + confidentialInstanceConfig?: ConfidentialInstanceConfig + networkInterfaces?: NetworkInterfaces[] + canIpForward?: boolean + project?: Project[] + labels?: Label[] + metadata?: Metadata + serviceAccounts?: ServiceAccount[] + disks?: Disk[] +} + +export interface ComputeProject { + commonInstanceMetadata: Metadata +} + +export interface QuerygcpProject { + id: string + computeProject?: ComputeProject[] + vmInstances?: QuerygcpVmInstance[] +} + +export interface QuerygcpSqlInstance { + id?: string + name: string + settings: Settings + ipAddresses?: IpAddress[] +} + +export interface NIST1xQueryResponse { + querygcpVmInstance?: QuerygcpVmInstance[] + querygcpProject?: QuerygcpProject[] + querygcpSqlInstance?: QuerygcpSqlInstance[] +} + +describe('GCP NIST 800-53: Rev. 4', () => { + let rulesEngine: Engine + beforeAll(() => { + rulesEngine = new CloudGraph.RulesEngine({ providerName: 'gcp', entityName: 'NIST'} ) + }) + + describe('GCP NIST 1.1 Compute instances should not use the default service account', () => { + const getTest41RuleFixture = ( + name: string, + projects: Project[], + labels: Label[], + serviceAccounts: ServiceAccount[] + ): NIST1xQueryResponse => { + return { + querygcpVmInstance: [ + { + id: cuid(), + name, + project: projects, + labels, + serviceAccounts, + }, + ], + } + } + + const test41Rule = async ( + data: NIST1xQueryResponse, + expectedResult: Result + ): Promise => { + // Act + const [processedRule] = await rulesEngine.processRule( + Gcp_NIST_800_53_11 as Rule, + { ...data } + ) + + // Asserts + expect(processedRule.result).toBe(expectedResult) + } + + test('No Security Issue when the vm name starts with "gke-", it has a "goog-gke-node" label and the service account is the default compute service account', async () => { + const projectId = 123456789 + const name = 'gke-test' + const projects: Project[] = [{ id: `projects/${projectId}` }] + const labels: Label[] = [ + { + value: 'goog-gke-node', + }, + ] + const serviceAccounts: ServiceAccount[] = [ + { + email: `${projectId}-compute@developer.gserviceaccount.com`, + }, + ] + const data: NIST1xQueryResponse = getTest41RuleFixture( + name, + projects, + labels, + serviceAccounts + ) + await test41Rule(data, Result.PASS) + }) + + test('No Security Issue when the vm name starts with "gke-", it does NOT have a "goog-gke-node" label but the service account is NOT the default compute service account', async () => { + const name = 'gke-test' + const projects: Project[] = [{ id: 'projects/dummy-id' }] + const labels: Label[] = [] + const serviceAccounts: ServiceAccount[] = [ + { + email: 'dummy-compute@test.com', + }, + ] + const data: NIST1xQueryResponse = getTest41RuleFixture( + name, + projects, + labels, + serviceAccounts + ) + await test41Rule(data, Result.PASS) + }) + + test('No Security Issue when the vm name does NOT start with "gke-", it has a "goog-gke-node" label but the service account is NOT the default compute service account', async () => { + const name = 'dummy' + const projects: Project[] = [{ id: 'projects/dummy-id' }] + const labels: Label[] = [ + { + value: 'goog-gke-node', + }, + ] + const serviceAccounts: ServiceAccount[] = [ + { + email: 'dummy-compute@test.com', + }, + ] + const data: NIST1xQueryResponse = getTest41RuleFixture( + name, + projects, + labels, + serviceAccounts + ) + await test41Rule(data, Result.PASS) + }) + + test('No Security Issue when the vm name does NOT start with "gke-", it does NOT have a "goog-gke-node" label but the service account is NOT the default compute service account', async () => { + const name = 'dummy' + const projects: Project[] = [{ id: 'projects/dummy-id' }] + const labels: Label[] = [ + { + value: 'dummy-label', + }, + ] + const serviceAccounts: ServiceAccount[] = [ + { + email: 'dummy-compute@test.com', + }, + ] + const data: NIST1xQueryResponse = getTest41RuleFixture( + name, + projects, + labels, + serviceAccounts + ) + await test41Rule(data, Result.PASS) + }) + + test('Security Issue when the vm name does NOT start with "gke-", it does NOT have a "goog-gke-node" label and the service account is the default compute service account', async () => { + const projectId = 123456789 + const name = 'dummy' + const projects: Project[] = [{ id: `projects/${projectId}` }] + const labels: Label[] = [ + { + value: 'dummy-label', + }, + ] + const serviceAccounts: ServiceAccount[] = [ + { + email: `${projectId}-compute@developer.gserviceaccount.com`, + }, + ] + const data: NIST1xQueryResponse = getTest41RuleFixture( + name, + projects, + labels, + serviceAccounts + ) + await test41Rule(data, Result.FAIL) + }) + + test('Security Issue when the vm name does start with "gke-", it does NOT have a "goog-gke-node" label and the service account is the default compute service account', async () => { + const name = 'gke-test' + const labels: Label[] = [ + { + value: 'dummy-label', + }, + ] + const projectId = 123456789 + const projects: Project[] = [{ id: `projects/${projectId}` }] + const serviceAccounts: ServiceAccount[] = [ + { + email: `${projectId}-compute@developer.gserviceaccount.com`, + }, + ] + const data: NIST1xQueryResponse = getTest41RuleFixture( + name, + projects, + labels, + serviceAccounts + ) + await test41Rule(data, Result.FAIL) + }) + + test('Security Issue when the vm name does start with "gke-", it does NOT have any label and the service account is the default compute service account', async () => { + const name = 'gke-test' + const labels: Label[] = [] + const projectId = 123456789 + const projects: Project[] = [{ id: `projects/${projectId}` }] + const serviceAccounts: ServiceAccount[] = [ + { + email: `${projectId}-compute@developer.gserviceaccount.com`, + }, + ] + const data: NIST1xQueryResponse = getTest41RuleFixture( + name, + projects, + labels, + serviceAccounts + ) + await test41Rule(data, Result.FAIL) + }) + + test('Security Issue when the vm name does NOT start with "gke-", it does have a "goog-gke-node" label and the service account is the default compute service account', async () => { + const name = 'dummy' + const labels: Label[] = [ + { + value: 'dummy-label', + }, + { + value: 'goog-gke-node', + }, + ] + const projectId = 123456789 + const projects: Project[] = [{ id: `projects/${projectId}` }] + const serviceAccounts: ServiceAccount[] = [ + { + email: `${projectId}-compute@developer.gserviceaccount.com`, + }, + ] + const data: NIST1xQueryResponse = getTest41RuleFixture( + name, + projects, + labels, + serviceAccounts + ) + await test41Rule(data, Result.FAIL) + }) + }) + + describe('GCP NIST 1.2 Compute instances should not use the default service account with full access to all Cloud APIs', () => { + const getTest42RuleFixture = ( + name: string, + projects: Project[], + labels: Label[], + serviceAccounts: ServiceAccount[] + ): NIST1xQueryResponse => { + return { + querygcpVmInstance: [ + { + id: cuid(), + name, + project: projects, + labels, + serviceAccounts, + }, + ], + } + } + + const test42Rule = async ( + data: NIST1xQueryResponse, + expectedResult: Result + ): Promise => { + // Act + const [processedRule] = await rulesEngine.processRule( + Gcp_NIST_800_53_12 as Rule, + { ...data } + ) + + // Asserts + expect(processedRule.result).toBe(expectedResult) + } + + test(`No Security Issue when the vm name starts with "gke-", + it has a "goog-gke-node" label + and the service account is the default compute service account + but it does NOT have the "cloud-platform" scope`, async () => { + const projectId = 123456789 + const name = 'gke-test' + const projects: Project[] = [{ id: `projects/${projectId}` }] + const labels: Label[] = [ + { + value: 'goog-gke-node', + }, + ] + const serviceAccounts: ServiceAccount[] = [ + { + email: `${projectId}-compute@developer.gserviceaccount.com`, + scopes: ['https://www.googleapis.com/auth/cloud-platform'], + }, + ] + const data: NIST1xQueryResponse = getTest42RuleFixture( + name, + projects, + labels, + serviceAccounts + ) + await test42Rule(data, Result.PASS) + }) + + test(`No Security Issue when the vm name starts with "gke-", + it does NOT have a "goog-gke-node" label, + the service account is NOT the default compute service account, + and it has the "cloud-platform" scope`, async () => { + const name = 'gke-test' + const projects: Project[] = [{ id: 'projects/dummy-id' }] + const labels: Label[] = [] + const serviceAccounts: ServiceAccount[] = [ + { + email: 'dummy-compute@test.com', + scopes: [], + }, + ] + const data: NIST1xQueryResponse = getTest42RuleFixture( + name, + projects, + labels, + serviceAccounts + ) + await test42Rule(data, Result.PASS) + }) + + test('No Security Issue when the vm name does NOT start with "gke-", it has a "goog-gke-node" label but the service account is NOT the default compute service account', async () => { + const name = 'dummy' + const projects: Project[] = [{ id: 'projects/dummy-id' }] + const labels: Label[] = [ + { + value: 'goog-gke-node', + }, + ] + const serviceAccounts: ServiceAccount[] = [ + { + email: 'dummy-compute@test.com', + scopes: ['https://www.googleapis.com/auth/cloud-platform'], + }, + ] + const data: NIST1xQueryResponse = getTest42RuleFixture( + name, + projects, + labels, + serviceAccounts + ) + await test42Rule(data, Result.PASS) + }) + + test(`No Security Issue when the vm name does NOT start with "gke-", + it does NOT have a "goog-gke-node" label, + the service account is NOT the default compute service account + and it has the "cloud-platform" scope`, async () => { + const name = 'dummy' + const projects: Project[] = [{ id: 'projects/dummy-id' }] + const labels: Label[] = [ + { + value: 'dummy-label', + }, + ] + const serviceAccounts: ServiceAccount[] = [ + { + email: 'dummy-compute@test.com', + scopes: ['https://www.googleapis.com/auth/cloud-platform'], + }, + ] + const data: NIST1xQueryResponse = getTest42RuleFixture( + name, + projects, + labels, + serviceAccounts + ) + await test42Rule(data, Result.PASS) + }) + + test(`Security Issue when the vm name does NOT start with "gke-", + it does NOT have a "goog-gke-node" label, + the service account is the default compute service account, + and it has the "cloud-platform" scope`, async () => { + const projectId = 123456789 + const name = 'dummy' + const projects: Project[] = [{ id: `projects/${projectId}` }] + const labels: Label[] = [ + { + value: 'dummy-label', + }, + ] + const serviceAccounts: ServiceAccount[] = [ + { + email: `${projectId}-compute@developer.gserviceaccount.com`, + scopes: ['https://www.googleapis.com/auth/cloud-platform'], + }, + ] + const data: NIST1xQueryResponse = getTest42RuleFixture( + name, + projects, + labels, + serviceAccounts + ) + await test42Rule(data, Result.FAIL) + }) + + test(`Security Issue when the vm name does start with "gke-", + it does NOT have a "goog-gke-node" label, + the service account is the default compute service account, + and it has the "cloud-platform" scope`, async () => { + const name = 'gke-test' + const labels: Label[] = [ + { + value: 'dummy-label', + }, + ] + const projectId = 123456789 + const projects: Project[] = [{ id: `projects/${projectId}` }] + const serviceAccounts: ServiceAccount[] = [ + { + email: `${projectId}-compute@developer.gserviceaccount.com`, + scopes: ['https://www.googleapis.com/auth/cloud-platform'], + }, + ] + const data: NIST1xQueryResponse = getTest42RuleFixture( + name, + projects, + labels, + serviceAccounts + ) + await test42Rule(data, Result.FAIL) + }) + + test(`Security Issue when the vm name does start with "gke-", + it does NOT have any label, + the service account is the default compute service account, + and it has the "cloud-platform" scope`, async () => { + const name = 'gke-test' + const labels: Label[] = [] + const projectId = 123456789 + const projects: Project[] = [{ id: `projects/${projectId}` }] + const serviceAccounts: ServiceAccount[] = [ + { + email: `${projectId}-compute@developer.gserviceaccount.com`, + scopes: ['https://www.googleapis.com/auth/cloud-platform'], + }, + ] + const data: NIST1xQueryResponse = getTest42RuleFixture( + name, + projects, + labels, + serviceAccounts + ) + await test42Rule(data, Result.FAIL) + }) + + test(`Security Issue when the vm name does NOT start with "gke-", + it does have a "goog-gke-node" label + the service account is the default compute service account + and it has the "cloud-platform" scope`, async () => { + const name = 'dummy' + const labels: Label[] = [ + { + value: 'dummy-label', + }, + { + value: 'goog-gke-node', + }, + ] + const projectId = 123456789 + const projects: Project[] = [{ id: `projects/${projectId}` }] + const serviceAccounts: ServiceAccount[] = [ + { + email: `${projectId}-compute@developer.gserviceaccount.com`, + scopes: ['https://www.googleapis.com/auth/cloud-platform'], + }, + ] + const data: NIST1xQueryResponse = getTest42RuleFixture( + name, + projects, + labels, + serviceAccounts + ) + await test42Rule(data, Result.FAIL) + }) + }) + + describe('GCP NIST 1.3 Compute instance "block-project-ssh-keys should be enabled', () => { + const getTest43RuleFixture = ( + name: string, + projects: Project[], + labels: Label[], + serviceAccounts: ServiceAccount[], + metadataItems: MetadataItem[] + ): NIST1xQueryResponse => { + return { + querygcpVmInstance: [ + { + id: cuid(), + name, + project: projects, + labels, + serviceAccounts, + metadata: { + items: metadataItems, + }, + }, + ], + } + } + + const test43Rule = async ( + data: NIST1xQueryResponse, + expectedResult: Result + ): Promise => { + // Act + const [processedRule] = await rulesEngine.processRule( + Gcp_NIST_800_53_13 as Rule, + { ...data } + ) + + // Asserts + expect(processedRule.result).toBe(expectedResult) + } + + test(`No Security Issue when the vm name starts with "gke-", + it has a "goog-gke-node" label + and the service account is the default compute service account + and it does have the "block-project-ssh-keys" set to true`, async () => { + const projectId = 123456789 + const name = 'gke-test' + const projects: Project[] = [{ id: `projects/${projectId}` }] + const labels: Label[] = [ + { + value: 'goog-gke-node', + }, + ] + const serviceAccounts: ServiceAccount[] = [ + { + email: `${projectId}-compute@developer.gserviceaccount.com`, + }, + ] + const metadataItems: MetadataItem[] = [ + { + key: 'block-project-ssh-keys', + value: 'true', + }, + ] + const data: NIST1xQueryResponse = getTest43RuleFixture( + name, + projects, + labels, + serviceAccounts, + metadataItems + ) + await test43Rule(data, Result.PASS) + }) + + test(`No Security Issue when the vm name starts with "gke-", + it does NOT have a "goog-gke-node" label, + the service account is NOT the default compute service account, + and it does have the "block-project-ssh-keys" set to true`, async () => { + const name = 'gke-test' + const projects: Project[] = [{ id: 'projects/dummy-id' }] + const labels: Label[] = [] + const serviceAccounts: ServiceAccount[] = [ + { + email: 'dummy-compute@test.com', + }, + ] + const metadataItems: MetadataItem[] = [ + { + key: 'block-project-ssh-keys', + value: 'true', + }, + ] + const data: NIST1xQueryResponse = getTest43RuleFixture( + name, + projects, + labels, + serviceAccounts, + metadataItems + ) + await test43Rule(data, Result.PASS) + }) + + test(`No Security Issue when the vm name does NOT start with "gke-", + it has a "goog-gke-node" label, + the service account is NOT the default compute service account + and it does have the "block-project-ssh-keys" set to true`, async () => { + const name = 'dummy' + const projects: Project[] = [{ id: 'projects/dummy-id' }] + const labels: Label[] = [ + { + value: 'goog-gke-node', + }, + ] + const serviceAccounts: ServiceAccount[] = [ + { + email: 'dummy-compute@test.com', + }, + ] + const metadataItems: MetadataItem[] = [ + { + key: 'block-project-ssh-keys', + value: 'true', + }, + ] + const data: NIST1xQueryResponse = getTest43RuleFixture( + name, + projects, + labels, + serviceAccounts, + metadataItems + ) + await test43Rule(data, Result.PASS) + }) + + test(`No Security Issue when the vm name does NOT start with "gke-", + it does NOT have a "goog-gke-node" label, + the service account is NOT the default compute service account + and it does have the "block-project-ssh-keys" set to true`, async () => { + const name = 'dummy' + const projects: Project[] = [{ id: 'projects/dummy-id' }] + const labels: Label[] = [ + { + value: 'dummy-label', + }, + ] + const serviceAccounts: ServiceAccount[] = [ + { + email: 'dummy-compute@test.com', + }, + ] + const metadataItems: MetadataItem[] = [ + { + key: 'block-project-ssh-keys', + value: 'true', + }, + ] + const data: NIST1xQueryResponse = getTest43RuleFixture( + name, + projects, + labels, + serviceAccounts, + metadataItems + ) + await test43Rule(data, Result.PASS) + }) + + test(`No Security Issue when the vm name does NOT start with "gke-", + it does NOT have a "goog-gke-node" label, + the service account is NOT the default compute service account + and it not have metadata`, async () => { + const name = 'dummy' + const projects: Project[] = [{ id: 'projects/dummy-id' }] + const labels: Label[] = [ + { + value: 'dummy-label', + }, + ] + const serviceAccounts: ServiceAccount[] = [ + { + email: 'dummy-compute@test.com', + }, + ] + const metadataItems: MetadataItem[] = [] + const data: NIST1xQueryResponse = getTest43RuleFixture( + name, + projects, + labels, + serviceAccounts, + metadataItems + ) + await test43Rule(data, Result.PASS) + }) + + test(`Security Issue when the vm name does NOT start with "gke-", + it does NOT have a "goog-gke-node" label, + the service account is the default compute service account, + and it does have the "block-project-ssh-keys" set to true`, async () => { + const projectId = 123456789 + const name = 'dummy' + const projects: Project[] = [{ id: `projects/${projectId}` }] + const labels: Label[] = [ + { + value: 'dummy-label', + }, + ] + const serviceAccounts: ServiceAccount[] = [ + { + email: `${projectId}-compute@developer.gserviceaccount.com`, + }, + ] + const metadataItems: MetadataItem[] = [ + { + key: 'block-project-ssh-keys', + value: 'true', + }, + ] + const data: NIST1xQueryResponse = getTest43RuleFixture( + name, + projects, + labels, + serviceAccounts, + metadataItems + ) + await test43Rule(data, Result.FAIL) + }) + + test(`Security Issue when the vm name does start with "gke-", + it does NOT have a "goog-gke-node" label, + the service account is the default compute service account, + and it does have the "block-project-ssh-keys" set to true`, async () => { + const name = 'gke-test' + const labels: Label[] = [ + { + value: 'dummy-label', + }, + ] + const projectId = 123456789 + const projects: Project[] = [{ id: `projects/${projectId}` }] + const serviceAccounts: ServiceAccount[] = [ + { + email: `${projectId}-compute@developer.gserviceaccount.com`, + }, + ] + const metadataItems: MetadataItem[] = [ + { + key: 'block-project-ssh-keys', + value: 'true', + }, + ] + const data: NIST1xQueryResponse = getTest43RuleFixture( + name, + projects, + labels, + serviceAccounts, + metadataItems + ) + await test43Rule(data, Result.FAIL) + }) + + test(`Security Issue when the vm name does start with "gke-", + it does NOT have any label, + the service account is the default compute service account, + and it does have the "block-project-ssh-keys" set to true`, async () => { + const name = 'gke-test' + const labels: Label[] = [] + const projectId = 123456789 + const projects: Project[] = [{ id: `projects/${projectId}` }] + const serviceAccounts: ServiceAccount[] = [ + { + email: `${projectId}-compute@developer.gserviceaccount.com`, + }, + ] + const metadataItems: MetadataItem[] = [ + { + key: 'block-project-ssh-keys', + value: 'true', + }, + ] + const data: NIST1xQueryResponse = getTest43RuleFixture( + name, + projects, + labels, + serviceAccounts, + metadataItems + ) + await test43Rule(data, Result.FAIL) + }) + + test(`Security Issue when the vm name does NOT start with "gke-", + it does have a "goog-gke-node" label + the service account is the default compute service account + and it does have the "block-project-ssh-keys" set to true`, async () => { + const name = 'dummy' + const labels: Label[] = [ + { + value: 'dummy-label', + }, + { + value: 'goog-gke-node', + }, + ] + const projectId = 123456789 + const projects: Project[] = [{ id: `projects/${projectId}` }] + const serviceAccounts: ServiceAccount[] = [ + { + email: `${projectId}-compute@developer.gserviceaccount.com`, + }, + ] + const metadataItems: MetadataItem[] = [ + { + key: 'block-project-ssh-keys', + value: 'true', + }, + ] + const data: NIST1xQueryResponse = getTest43RuleFixture( + name, + projects, + labels, + serviceAccounts, + metadataItems + ) + await test43Rule(data, Result.FAIL) + }) + + test(`Security Issue when the vm name does NOT start with "gke-", + it does NOT have a "goog-gke-node" label, + the service account is NOT default compute service account, + and it does have the "block-project-ssh-keys" set to false`, async () => { + const projectId = 123456789 + const name = 'dummy' + const projects: Project[] = [{ id: `projects/${projectId}` }] + const labels: Label[] = [ + { + value: 'dummy-label', + }, + ] + const serviceAccounts: ServiceAccount[] = [ + { + email: 'dummy@test.com', + }, + ] + const metadataItems: MetadataItem[] = [ + { + key: 'block-project-ssh-keys', + value: 'false', + }, + ] + const data: NIST1xQueryResponse = getTest43RuleFixture( + name, + projects, + labels, + serviceAccounts, + metadataItems + ) + await test43Rule(data, Result.FAIL) + }) + + test(`Security Issue when the vm name does start with "gke-", + it does NOT have a "goog-gke-node" label, + the service account is NOT the default compute service account, + and it does have the "block-project-ssh-keys" set to false`, async () => { + const name = 'gke-test' + const labels: Label[] = [ + { + value: 'dummy-label', + }, + ] + const projectId = 123456789 + const projects: Project[] = [{ id: `projects/${projectId}` }] + const serviceAccounts: ServiceAccount[] = [ + { + email: 'dummy@test.com', + }, + ] + const metadataItems: MetadataItem[] = [ + { + key: 'block-project-ssh-keys', + value: 'false', + }, + ] + const data: NIST1xQueryResponse = getTest43RuleFixture( + name, + projects, + labels, + serviceAccounts, + metadataItems + ) + await test43Rule(data, Result.FAIL) + }) + + test(`Security Issue when the vm name does start with "gke-", + it does NOT have any label, + the service account is NOT the default compute service account, + and it does have the "block-project-ssh-keys" set to false`, async () => { + const name = 'gke-test' + const labels: Label[] = [] + const projectId = 123456789 + const projects: Project[] = [{ id: `projects/${projectId}` }] + const serviceAccounts: ServiceAccount[] = [ + { + email: 'dummy@test.com', + }, + ] + const metadataItems: MetadataItem[] = [ + { + key: 'block-project-ssh-keys', + value: 'false', + }, + ] + const data: NIST1xQueryResponse = getTest43RuleFixture( + name, + projects, + labels, + serviceAccounts, + metadataItems + ) + await test43Rule(data, Result.FAIL) + }) + + test(`Security Issue when the vm name does NOT start with "gke-", + it does have a "goog-gke-node" label + the service account is NOT the default compute service account + and it does have the "block-project-ssh-keys" set to false`, async () => { + const name = 'dummy' + const labels: Label[] = [ + { + value: 'dummy-label', + }, + { + value: 'goog-gke-node', + }, + ] + const projectId = 123456789 + const projects: Project[] = [{ id: `projects/${projectId}` }] + const serviceAccounts: ServiceAccount[] = [ + { + email: 'dummy@test.com', + }, + ] + const metadataItems: MetadataItem[] = [ + { + key: 'block-project-ssh-keys', + value: 'false', + }, + ] + const data: NIST1xQueryResponse = getTest43RuleFixture( + name, + projects, + labels, + serviceAccounts, + metadataItems + ) + await test43Rule(data, Result.FAIL) + }) + + test(`Security Issue when the vm name does NOT start with "gke-", + it does NOT have a "goog-gke-node" label, + the service account is NOT default compute service account, + and the "block-project-ssh-keys" key is not present`, async () => { + const projectId = 123456789 + const name = 'dummy' + const projects: Project[] = [{ id: `projects/${projectId}` }] + const labels: Label[] = [ + { + value: 'dummy-label', + }, + ] + const serviceAccounts: ServiceAccount[] = [ + { + email: 'dummy@test.com', + }, + ] + const metadataItems: MetadataItem[] = [ + { + key: 'dummy-ssh-keys', + value: 'false', + }, + ] + const data: NIST1xQueryResponse = getTest43RuleFixture( + name, + projects, + labels, + serviceAccounts, + metadataItems + ) + await test43Rule(data, Result.FAIL) + }) + + test(`Security Issue when the vm name does start with "gke-", + it does NOT have a "goog-gke-node" label, + the service account is NOT the default compute service account, + and the "block-project-ssh-keys" key is not present`, async () => { + const name = 'gke-test' + const labels: Label[] = [ + { + value: 'dummy-label', + }, + ] + const projectId = 123456789 + const projects: Project[] = [{ id: `projects/${projectId}` }] + const serviceAccounts: ServiceAccount[] = [ + { + email: 'dummy@test.com', + }, + ] + const metadataItems: MetadataItem[] = [ + { + key: 'dummy-ssh-keys', + value: 'false', + }, + ] + const data: NIST1xQueryResponse = getTest43RuleFixture( + name, + projects, + labels, + serviceAccounts, + metadataItems + ) + await test43Rule(data, Result.FAIL) + }) + + test(`Security Issue when the vm name does start with "gke-", + it does NOT have any label, + the service account is NOT the default compute service account, + and the "block-project-ssh-keys" key is not present`, async () => { + const name = 'gke-test' + const labels: Label[] = [] + const projectId = 123456789 + const projects: Project[] = [{ id: `projects/${projectId}` }] + const serviceAccounts: ServiceAccount[] = [ + { + email: 'dummy@test.com', + }, + ] + const metadataItems: MetadataItem[] = [ + { + key: 'dummy-ssh-keys', + value: 'false', + }, + ] + const data: NIST1xQueryResponse = getTest43RuleFixture( + name, + projects, + labels, + serviceAccounts, + metadataItems + ) + await test43Rule(data, Result.FAIL) + }) + + test(`Security Issue when the vm name does NOT start with "gke-", + it does have a "goog-gke-node" label + the service account is NOT the default compute service account + and the "block-project-ssh-keys" key is not present`, async () => { + const name = 'dummy' + const labels: Label[] = [ + { + value: 'dummy-label', + }, + { + value: 'goog-gke-node', + }, + ] + const projectId = 123456789 + const projects: Project[] = [{ id: `projects/${projectId}` }] + const serviceAccounts: ServiceAccount[] = [ + { + email: 'dummy@test.com', + }, + ] + const metadataItems: MetadataItem[] = [ + { + key: 'dummy-ssh-keys', + value: 'false', + }, + ] + const data: NIST1xQueryResponse = getTest43RuleFixture( + name, + projects, + labels, + serviceAccounts, + metadataItems + ) + await test43Rule(data, Result.FAIL) + }) + }) + + describe('GCP NIST 1.4 Compute instances should not have public IP addresses', () => { + const test49Rule = async ( + instanceName: string, + natIP: string | null, + expectedResult: Result + ): Promise => { + // Arrange + const data: NIST1xQueryResponse = { + querygcpVmInstance: [ + { + id: cuid(), + name: instanceName, + networkInterfaces: [ + { + accessConfigs: [ + { + natIP, + }, + ], + }, + ], + }, + ], + } + + // Act + const [processedRule] = await rulesEngine.processRule( + Gcp_NIST_800_53_14 as Rule, + { ...data } + ) + + // Asserts + expect(processedRule.result).toBe(expectedResult) + } + + test('No Security Issue when there is an inbound rule with an instance cretaed by GKE with natIP', async () => { + await test49Rule('gke-instance-1', '34.69.30.133', Result.PASS) + }) + + test('No Security Issue when there is an inbound rule with an instance cretaed by GKE without natIp', async () => { + await test49Rule('gke-instance-1', '34.69.30.133', Result.PASS) + }) + + test('No Security Issue when there is an inbound rule with a random instance without natIP', async () => { + await test49Rule('instance-1', null, Result.PASS) + }) + + test('Security Issue when there is an inbound rule with a random instance with natIP', async () => { + await test49Rule('instance-1', '34.69.30.133', Result.FAIL) + }) + }) + + describe('GCP NIST 1.5 Compute instances "Enable connecting to serial ports" should not be enabled', () => { + const getTest45RuleFixture = ( + metadataItems: MetadataItem[] + ): NIST1xQueryResponse => { + return { + querygcpVmInstance: [ + { + id: cuid(), + name: 'dummy-project-name', + project: [], + labels: [], + serviceAccounts: [], + metadata: { + items: metadataItems, + }, + }, + ], + } + } + + const test45Rule = async ( + data: NIST1xQueryResponse, + expectedResult: Result + ): Promise => { + // Act + const [processedRule] = await rulesEngine.processRule( + Gcp_NIST_800_53_15 as Rule, + { ...data } + ) + + // Asserts + expect(processedRule.result).toBe(expectedResult) + } + + test('No Security Issue when ¨block-project-ssh-keys¨ is set to false', async () => { + const metadataItems: MetadataItem[] = [ + { + key: 'serial-port-enable', + value: 'false', + }, + ] + const data: NIST1xQueryResponse = getTest45RuleFixture(metadataItems) + await test45Rule(data, Result.PASS) + }) + + test('No Security Issue when ¨serial-port-enable¨ is set to 0', async () => { + const metadataItems: MetadataItem[] = [ + { + key: 'serial-port-enable', + value: '0', + }, + ] + const data: NIST1xQueryResponse = getTest45RuleFixture(metadataItems) + await test45Rule(data, Result.PASS) + }) + + test('Security Security Issue when ¨serial-port-enable¨ is set to true', async () => { + const metadataItems: MetadataItem[] = [ + { + key: 'serial-port-enable', + value: 'true', + }, + ] + const data: NIST1xQueryResponse = getTest45RuleFixture(metadataItems) + await test45Rule(data, Result.FAIL) + }) + + test('Security Security Issue when ¨serial-port-enable¨ is set to 1', async () => { + const metadataItems: MetadataItem[] = [ + { + key: 'serial-port-enable', + value: 'true', + }, + ] + const data: NIST1xQueryResponse = getTest45RuleFixture(metadataItems) + await test45Rule(data, Result.FAIL) + }) + + test('Security Security Issue when ¨serial-port-enable¨ is set to 1', async () => { + const metadataItems: MetadataItem[] = [ + { + key: 'serial-port-enable', + value: '1', + }, + ] + const data: NIST1xQueryResponse = getTest45RuleFixture(metadataItems) + await test45Rule(data, Result.FAIL) + }) + + test('Security Security Issue when metadata is empty', async () => { + const metadataItems: MetadataItem[] = [ + { + key: 'serial-port-enable', + value: '1', + }, + ] + const data: NIST1xQueryResponse = getTest45RuleFixture(metadataItems) + await test45Rule(data, Result.FAIL) + }) + + test('Security Security Issue when metadata does NOT contain ¨serial-port-enable¨ key', async () => { + const metadataItems: MetadataItem[] = [ + { + key: 'dummy-key', + value: 'false', + }, + ] + const data: NIST1xQueryResponse = getTest45RuleFixture(metadataItems) + await test45Rule(data, Result.FAIL) + }) + }) + + describe('GCP NIST 1.6 SQL database instances should not permit access from 0.0.0.0/0', () => { + const getRuleFixture = (): NIST1xQueryResponse => { + return { + querygcpSqlInstance: [ + { + id: cuid(), + name: 'test-sql-instance', + settings: { + ipConfiguration: { + authorizedNetworks: [ + { value: '192.168.0.0/24' }, + { value: '192.168.1.0/24' }, + ], + }, + databaseFlags: [], + }, + }, + ], + } + } + + const testRule = async ( + data: NIST1xQueryResponse, + expectedResult: Result + ): Promise => { + // Act + const [processedRule] = await rulesEngine.processRule( + Gcp_NIST_800_53_16 as Rule, + { ...data } + ) + + // Asserts + expect(processedRule.result).toBe(expectedResult) + } + + test("No Security Issue when authorizedNetworks is NOT set to '0.0.0.0/0'", async () => { + const data: NIST1xQueryResponse = getRuleFixture() + await testRule(data, Result.PASS) + }) + + test('No Security Issue when authorizedNetworks is empty', async () => { + const data: NIST1xQueryResponse = getRuleFixture() + const sqlInstance = data.querygcpSqlInstance?.[0] as QuerygcpSqlInstance + sqlInstance.settings = { + ipConfiguration: { + authorizedNetworks: [], + }, + databaseFlags: [], + } + await testRule(data, Result.PASS) + }) + + test("Security Issue when authorizedNetworks is set to '0.0.0.0/0'", async () => { + const data: NIST1xQueryResponse = getRuleFixture() + const sqlInstance = data.querygcpSqlInstance?.[0] as QuerygcpSqlInstance + sqlInstance.settings = { + ipConfiguration: { + authorizedNetworks: [{ value: '0.0.0.0/0' }], + }, + databaseFlags: [], + } + await testRule(data, Result.FAIL) + }) + }) + + describe('GCP NIST 1.7 SQL database instances should not have public IPs', () => { + const getRuleFixture = (): NIST1xQueryResponse => { + return { + querygcpSqlInstance: [ + { + id: cuid(), + name: 'test-sql-instance', + ipAddresses: [ + { + type: 'PRIVATE', + }, + ], + settings: { + databaseFlags: [], + }, + }, + ], + } + } + + const testRule = async ( + data: NIST1xQueryResponse, + expectedResult: Result + ): Promise => { + // Act + const [processedRule] = await rulesEngine.processRule( + Gcp_NIST_800_53_17 as Rule, + { ...data } + ) + + // Asserts + expect(processedRule.result).toBe(expectedResult) + } + + test('No Security Issue when ipAddresses are PRIVATE', async () => { + const data: NIST1xQueryResponse = getRuleFixture() + await testRule(data, Result.PASS) + }) + + test('No Security Issue when ipAddresses are empty', async () => { + const data: NIST1xQueryResponse = getRuleFixture() + const sqlInstance = data.querygcpSqlInstance?.[0] as QuerygcpSqlInstance + sqlInstance.ipAddresses = [] + await testRule(data, Result.PASS) + }) + + test('Security Issue when ipAddresses are PUBLIC', async () => { + const data: NIST1xQueryResponse = getRuleFixture() + const sqlInstance = data.querygcpSqlInstance?.[0] as QuerygcpSqlInstance + sqlInstance.ipAddresses = [ + { + type: 'PUBLIC', + }, + ] + await testRule(data, Result.FAIL) + }) + + test('Security Issue when ipAddresses are PRIVATE and PUBLIC', async () => { + const data: NIST1xQueryResponse = getRuleFixture() + const sqlInstance = data.querygcpSqlInstance?.[0] as QuerygcpSqlInstance + sqlInstance.ipAddresses = [ + { + type: 'PRIVATE', + }, + { + type: 'PUBLIC', + }, + ] + await testRule(data, Result.FAIL) + }) + }) +}) diff --git a/src/gcp/nist-800-53-rev4/tests/nist-800-53-rev4-2.x.test.ts b/src/gcp/nist-800-53-rev4/tests/nist-800-53-rev4-2.x.test.ts new file mode 100644 index 00000000..042dbeb5 --- /dev/null +++ b/src/gcp/nist-800-53-rev4/tests/nist-800-53-rev4-2.x.test.ts @@ -0,0 +1,180 @@ +import cuid from 'cuid' +import CloudGraph, { Rule, Result, Engine } from '@cloudgraph/sdk' + +import Gcp_NIST_800_53_21 from '../rules/gcp-nist-800-53-rev4-2.1' +import Gcp_NIST_800_53_22 from '../rules/gcp-nist-800-53-rev4-2.2' +import Gcp_NIST_800_53_23 from '../rules/gcp-nist-800-53-rev4-2.3' + +export interface DnssecConfigDefaultKeySpecs { + keyType: string + algorithm: string +} + +export interface QuerygcpDnsManagedZone { + id: string + visibility?: string + dnssecConfigState?: string + dnssecConfigDefaultKeySpecs?: DnssecConfigDefaultKeySpecs[] +} + +export interface NIST2xQueryResponse { + querygcpDnsManagedZone?: QuerygcpDnsManagedZone[] +} + +describe('GCP NIST 800-53: Rev. 4', () => { + let rulesEngine: Engine + beforeAll(() => { + rulesEngine = new CloudGraph.RulesEngine({ + providerName: 'gcp', + entityName: 'NIST', + }) + }) + + describe('GCP NIST 2.1 DNS managed zone DNSSEC should be enabled', () => { + const test33Rule = async ( + visibility: string, + dnssecConfigState: string, + expectedResult: Result + ): Promise => { + // Arrange + const data: NIST2xQueryResponse = { + querygcpDnsManagedZone: [ + { + id: cuid(), + visibility, + dnssecConfigState, + }, + ], + } + + // Act + const [processedRule] = await rulesEngine.processRule( + Gcp_NIST_800_53_21 as Rule, + { ...data } + ) + + // Asserts + expect(processedRule.result).toBe(expectedResult) + } + + test('No Security Issue when there is an inbound rule with visibility public and dnssecConfigState is enabled', async () => { + await test33Rule('public', 'on', Result.PASS) + }) + + test('No Security Issue when there is an inbound rule with visibility private and dnssecConfigState is not enabled', async () => { + await test33Rule('private', 'off', Result.PASS) + }) + + test('Security Issue when there is an inbound rule with visibility public and dnssecConfigState is not enabled', async () => { + await test33Rule('public', 'off', Result.FAIL) + }) + }) + + describe('GCP NIST 2.2 DNS managed zone DNSSEC key-signing keys should not use RSASHA1', () => { + const test34Rule = async ( + visibility: string, + keyType: string, + algorithm: string, + expectedResult: Result + ): Promise => { + // Arrange + const data: NIST2xQueryResponse = { + querygcpDnsManagedZone: [ + { + id: cuid(), + visibility, + dnssecConfigDefaultKeySpecs: [ + { + keyType: 'keySigning', + algorithm: 'rsasha512', + }, + { + keyType: 'keyTest', + algorithm: 'rsasha1', + }, + { + keyType, + algorithm, + }, + ], + }, + ], + } + + // Act + const [processedRule] = await rulesEngine.processRule( + Gcp_NIST_800_53_22 as Rule, + { ...data } + ) + + // Asserts + expect(processedRule.result).toBe(expectedResult) + } + + test('No Security Issue when there is an inbound rule with visibility public and keyType keySigning and algorithm type different to rsasha1', async () => { + await test34Rule('public', 'keySigning', 'rsasha256', Result.PASS) + }) + + test('No Security Issue when there is an inbound rule with visibility private and keyType keySigning and algorithm type rsasha1', async () => { + await test34Rule('private', 'keySigning', 'rsasha256', Result.PASS) + }) + + test('Security Issue when there is an inbound rule with visibility public and keyType keySigning and algorithm type rsasha1', async () => { + await test34Rule('public', 'keySigning', 'rsasha1', Result.FAIL) + }) + }) + + describe('GCP NIST 2.3 DNS managed zone DNSSEC zone-signing keys should not use RSASHA1', () => { + const test35Rule = async ( + visibility: string, + keyType: string, + algorithm: string, + expectedResult: Result + ): Promise => { + // Arrange + const data: NIST2xQueryResponse = { + querygcpDnsManagedZone: [ + { + id: cuid(), + visibility, + dnssecConfigDefaultKeySpecs: [ + { + keyType: 'zoneSigning', + algorithm: 'rsasha512', + }, + { + keyType: 'keyTest', + algorithm: 'rsasha1', + }, + { + keyType, + algorithm, + }, + ], + }, + ], + } + + // Act + const [processedRule] = await rulesEngine.processRule( + Gcp_NIST_800_53_23 as Rule, + { ...data } + ) + + // Asserts + expect(processedRule.result).toBe(expectedResult) + } + + test('No Security Issue when there is an inbound rule with visibility public and keyType zoneSigning and algorithm type different to rsasha1', async () => { + await test35Rule('public', 'zoneSigning', 'rsasha256', Result.PASS) + }) + + test('No Security Issue when there is an inbound rule with visibility private and keyType zoneSigning and algorithm type rsasha1', async () => { + await test35Rule('private', 'zoneSigning', 'rsasha256', Result.PASS) + }) + + test('Security Issue when there is an inbound rule with visibility public and keyType zoneSigning and algorithm type rsasha1', async () => { + await test35Rule('public', 'zoneSigning', 'rsasha1', Result.FAIL) + }) + }) +}) diff --git a/src/gcp/nist-800-53-rev4/tests/nist-800-53-rev4.test.ts b/src/gcp/nist-800-53-rev4/tests/nist-800-53-rev4.test.ts deleted file mode 100644 index 03166c72..00000000 --- a/src/gcp/nist-800-53-rev4/tests/nist-800-53-rev4.test.ts +++ /dev/null @@ -1,18 +0,0 @@ -import CloudGraph, { Rule, Result, Engine } from '@cloudgraph/sdk' - -describe('GCP NIST 800-53: Rev. 4', () => { - let rulesEngine: Engine - beforeAll(() => { - rulesEngine = new CloudGraph.RulesEngine({ - providerName: 'gcp', - entityName: 'NIST', - }) - }) - - // TODO: Change once we have real checks - describe('Dummy Check', () => { - test('Dummy Test', async () => { - expect('PASS').toBe(Result.PASS) - }) - }) -}) From 1c258d1f45d9af80aeacfd16a84da49f9286df03 Mon Sep 17 00:00:00 2001 From: "mariano.pizarro" Date: Fri, 20 May 2022 16:04:42 -0300 Subject: [PATCH 25/30] feat(checks): Support GCP NIST Encryption at Rest and in Transit and Logging --- src/gcp/nist-800-53-rev4/README.md | 20 +- .../rules/gcp-nist-800-53-rev4-3.1.ts | 167 ++++ .../rules/gcp-nist-800-53-rev4-3.2.ts | 106 ++ .../rules/gcp-nist-800-53-rev4-3.3.ts | 108 ++ .../rules/gcp-nist-800-53-rev4-3.4.ts | 106 ++ .../rules/gcp-nist-800-53-rev4-3.5.ts | 106 ++ .../rules/gcp-nist-800-53-rev4-3.6.ts | 110 +++ .../rules/gcp-nist-800-53-rev4-3.7.ts | 110 +++ .../rules/gcp-nist-800-53-rev4-3.8.ts | 107 ++ .../rules/gcp-nist-800-53-rev4-3.9.ts | 82 ++ .../rules/gcp-nist-800-53-rev4-4.1.ts | 86 ++ .../rules/gcp-nist-800-53-rev4-4.2.ts | 68 ++ src/gcp/nist-800-53-rev4/rules/index.ts | 24 +- .../tests/nist-800-53-rev4-3.x.test.ts | 934 ++++++++++++++++++ .../tests/nist-800-53-rev4-4.x.test.ts | 244 +++++ .../tests/nist-800-53-rev4.test.ts | 18 - 16 files changed, 2371 insertions(+), 25 deletions(-) create mode 100644 src/gcp/nist-800-53-rev4/rules/gcp-nist-800-53-rev4-3.1.ts create mode 100644 src/gcp/nist-800-53-rev4/rules/gcp-nist-800-53-rev4-3.2.ts create mode 100644 src/gcp/nist-800-53-rev4/rules/gcp-nist-800-53-rev4-3.3.ts create mode 100644 src/gcp/nist-800-53-rev4/rules/gcp-nist-800-53-rev4-3.4.ts create mode 100644 src/gcp/nist-800-53-rev4/rules/gcp-nist-800-53-rev4-3.5.ts create mode 100644 src/gcp/nist-800-53-rev4/rules/gcp-nist-800-53-rev4-3.6.ts create mode 100644 src/gcp/nist-800-53-rev4/rules/gcp-nist-800-53-rev4-3.7.ts create mode 100644 src/gcp/nist-800-53-rev4/rules/gcp-nist-800-53-rev4-3.8.ts create mode 100644 src/gcp/nist-800-53-rev4/rules/gcp-nist-800-53-rev4-3.9.ts create mode 100644 src/gcp/nist-800-53-rev4/rules/gcp-nist-800-53-rev4-4.1.ts create mode 100644 src/gcp/nist-800-53-rev4/rules/gcp-nist-800-53-rev4-4.2.ts create mode 100644 src/gcp/nist-800-53-rev4/tests/nist-800-53-rev4-3.x.test.ts create mode 100644 src/gcp/nist-800-53-rev4/tests/nist-800-53-rev4-4.x.test.ts delete mode 100644 src/gcp/nist-800-53-rev4/tests/nist-800-53-rev4.test.ts diff --git a/src/gcp/nist-800-53-rev4/README.md b/src/gcp/nist-800-53-rev4/README.md index e784b489..f76b1913 100644 --- a/src/gcp/nist-800-53-rev4/README.md +++ b/src/gcp/nist-800-53-rev4/README.md @@ -51,10 +51,18 @@ Policy Pack based on the [800-53 Rev. 4](https://csrc.nist.gov/publications/deta } ``` - + +| Rule | Description | +| ------------- | ---------------------------------------------------------------------------------------------------------------------------------- | +| AWS NIST 3.1 | IAM default audit log config should not exempt any users | +| AWS NIST 3.2 | PostgreSQL database instance 'log_checkpoints' database flag should be set to 'on' | +| AWS NIST 3.3 | PostgreSQL database instance 'log_connections' database flag should be set to 'on' | +| AWS NIST 3.4 | PostgreSQL database instance 'log_disconnections' database flag should be set to 'on' | +| AWS NIST 3.5 | PostgreSQL database instance 'log_lock_waits' database flag should be set to 'on' | +| AWS NIST 3.6 | PostgreSQL database instance 'log_min_error_statement' database flag should be set appropriately | +| AWS NIST 3.7 | PostgreSQL database instance 'log_temp_files' database flag should be set to '0' (on) | +| AWS NIST 3.8 | PostgreSQL database instance 'log_min_duration_statement' database flag should be set to '-1' (disabled) | +| AWS NIST 3.9 | At least one project-level logging sink should be configured with an empty filter | +| AWS NIST 4.1 | Compute instance disks should be encrypted with customer-supplied encryption keys (CSEKs) | +| AWS NIST 4.2 | SQL database instances should require incoming connections to use SSL | diff --git a/src/gcp/nist-800-53-rev4/rules/gcp-nist-800-53-rev4-3.1.ts b/src/gcp/nist-800-53-rev4/rules/gcp-nist-800-53-rev4-3.1.ts new file mode 100644 index 00000000..eb0aa52b --- /dev/null +++ b/src/gcp/nist-800-53-rev4/rules/gcp-nist-800-53-rev4-3.1.ts @@ -0,0 +1,167 @@ + +// GCP CIS 1.2.0 Rule equivalent 2.1 +export default { + id: 'gcp-nist-800-53-rev4-3.1', + title: + 'GCP NIST 3.1 IAM default audit log config should not exempt any users', + description: + 'It is recommended that Cloud Audit Logging is configured to track all admin activities and read, write access to user data.', + audit: `**From Console:** + + 1. Go to Audit Logs by visiting https://console.cloud.google.com/iam-admin/audit. + 2. Ensure that Admin Read, Data Write, and Data Read are enabled for all Google Cloud + services and that no exemptions are allowed. + + **From Command Line:** + + 1. List the Identity and Access Management (IAM) policies for the project, folder, or organization: + + gcloud organizations get-iam-policy ORGANIZATION_ID + gcloud resource-manager folders get-iam-policy FOLDER_ID + gcloud projects get-iam-policy PROJECT_ID + + 2. Policy should have a default auditConfigs section which has the logtype set to + DATA_WRITES and DATA_READ for all services. Note that projects inherit settings + from folders, which in turn inherit settings from the organization. When called, + projects get-iam-policy, the result shows only the policies set in the project, not the + policies inherited from the parent folder or organization. Nevertheless, if the parent + folder has Cloud Audit Logging enabled, the project does as well. + + Sample output for default audit configs may look like this: + + auditConfigs: + - auditLogConfigs: + - logType: ADMIN_READ + - logType: DATA_WRITE + - logType: DATA_READ + service: allServices + + 3. Any of the auditConfigs sections should not have parameter "exemptedMembers:" + set, which will ensure that Logging is enabled for all users and no user is exempted.`, + rationale: `Cloud Audit Logging maintains two audit logs for each project, folder, and organization: + Admin Activity and Data Access. + + 1. Admin Activity logs contain log entries for API calls or other administrative actions + that modify the configuration or metadata of resources. Admin Activity audit logs + are enabled for all services and cannot be configured. + 2. Data Access audit logs record API calls that create, modify, or read user-provided + data. These are disabled by default and should be enabled. + + There are three kinds of Data Access audit log information: + + - Admin read: Records operations that read metadata or configuration + information. Admin Activity audit logs record writes of metadata and + configuration information that cannot be disabled. + - Data read: Records operations that read user-provided data. + - Data write: Records operations that write user-provided data. + + It is recommended to have an effective default audit config configured in such a way that: + + 1. logtype is set to DATA_READ (to log user activity tracking) and DATA_WRITES (to + log changes/tampering to user data). + 2. audit config is enabled for all the services supported by the Data Access audit logs feature. + 3. Logs should be captured for all users, i.e., there are no exempted users in any of the audit config sections. This will ensure overriding the audit config will not contradict the requirement.`, + remediation: `**From Console:** + + 1. Go to Audit Logs by visiting https://console.cloud.google.com/iam-admin/audit. + + + 2. Follow the steps at https://cloud.google.com/logging/docs/audit/configure-data- + access to enable audit logs for all Google Cloud services. Ensure that no exemptions + are allowed. + + **From Command Line:** + + 1. To read the project's IAM policy and store it in a file run a command: + + gcloud projects get-iam-policy PROJECT_ID > /tmp/project_policy.yaml + + Alternatively, the policy can be set at the organization or folder level. If setting the policy at the organization level, it is not necessary to also set it for each folder or project. + + gcloud organizations get-iam-policy ORGANIZATION_ID > /tmp/org_policy.yaml + gcloud resource-manager folders get-iam-policy FOLDER_ID > /tmp/folder_policy.yaml + + 2. Edit policy in /tmp/policy.yaml, adding or changing only the audit logs + configuration to: + + auditConfigs: + - auditLogConfigs: + - logType: DATA_WRITE + - logType: DATA_READ + service: allServices + + **Note:** exemptedMembers: is not set as audit logging should be enabled for all the users + + 3. To write new IAM policy run command: + + gcloud organizations set-iam-policy ORGANIZATION_ID /tmp/org_policy.yaml + gcloud resource-manager folders set-iam-policy FOLDER_ID /tmp/folder_policy.yaml + gcloud projects set-iam-policy PROJECT_ID /tmp/project_policy.yaml + + If the preceding command reports a conflict with another change, then repeat these steps, starting with the first step.`, + references: [ + 'https://cloud.google.com/logging/docs/audit/', + 'https://cloud.google.com/logging/docs/audit/configure-1data-access', + ], + gql: `{ + querygcpIamPolicy{ + id + __typename + auditConfigs{ + auditLogConfigs{ + logType + exemptedMembers + } + service + exemptedMembers + } + } + }`, + resource: 'querygcpIamPolicy[*]', + severity: 'medium', + conditions: { + path: '@.auditConfigs', + array_any: { + and: [ + { + path: '[*].exemptedMembers', + isEmpty: true, + }, + { + path: '[*].service', + equal: 'allServices', + }, + { + path: '[*].auditLogConfigs', + array_any: { + and: [ + { + path: '[*].logType', + equal: 'DATA_WRITE', + }, + { + path: '[*].exemptedMembers', + isEmpty: true, + }, + ], + }, + }, + { + path: '[*].auditLogConfigs', + array_any: { + and: [ + { + path: '[*].logType', + equal: 'DATA_READ', + }, + { + path: '[*].exemptedMembers', + isEmpty: true, + }, + ], + }, + }, + ], + }, + }, +} diff --git a/src/gcp/nist-800-53-rev4/rules/gcp-nist-800-53-rev4-3.2.ts b/src/gcp/nist-800-53-rev4/rules/gcp-nist-800-53-rev4-3.2.ts new file mode 100644 index 00000000..a96bab1a --- /dev/null +++ b/src/gcp/nist-800-53-rev4/rules/gcp-nist-800-53-rev4-3.2.ts @@ -0,0 +1,106 @@ +// GCP CIS 1.2.0 Rule equivalent 6.2.1 +export default { + id: 'gcp-nist-800-53-rev4-3.2', + title: + "GCP NIST 3.2 PostgreSQL database instance 'log_checkpoints' database flag should be set to 'on'", + description: `Ensure that the log_checkpoints database flag for the Cloud SQL PostgreSQL instance is + set to on.`, + audit: `**From Console:** + + 1. Go to the Cloud SQL Instances page in the Google Cloud Console by visiting https://console.cloud.google.com/sql/instances. + 2. Select the instance to open its *Instance Overview* page. + 3. Ensure that the database flag *log_checkpoints* that has been set is listed under the *Database flags* section. + + **From Command Line:** + + 1. List all Cloud SQL database instances using the following command: + + gcloud sql instances list + + 2. Ensure that the below command returns on for every Cloud SQL PostgreSQL + database instance. + + gcloud sql instances describe INSTANCE_NAME --format=json | jq '.settings.databaseFlags[] | select(.name=="log_checkpoints")|.value'`, + rationale: 'Enabling *log_checkpoints* causes checkpoints and restart points to be logged in the server log. Some statistics are included in the log messages, including the number of buffers written and the time spent writing them. This parameter can only be set in the postgresql.conf file or on the server command line. This recommendation is applicable to PostgreSQL database instances.', + remediation: `**From Console:** + + 1. Go to the Cloud SQL Instances page in the Google Cloud Console by visiting https://console.cloud.google.com/sql/instances. + 2. Select the PostgreSQL instance where the database flag needs to be enabled. + 3. Click *Edit*. + 4. Scroll down to the *Flags* section. + 5. To set a flag that has not been set on the instance before, click *Add item*, choose the flag *log_checkpoints* from the drop-down menu, and set its value. + 6. Click *Save*. + 7. Confirm the changes under *Flags* on the Overview page. + + **From Command Line:** + + 1. List all Cloud SQL database instances using the following command: + + gcloud sql instances list + + 2. Configure the *log_checkpoints* database flag for every Cloud SQL PosgreSQL database instance using the below command: + + gcloud sql instances patch INSTANCE_NAME --database-flags log_checkpoints=on + + **Note:** + + This command will overwrite all previously set database flags. To keep those and add new ones, include the values for all flags to be set on the instance. Any flag not specifically included is set to its default value. For flags that do not take a value, specify the flag name followed by an equals sign ("=").`, + references: [ + 'https://www.postgresql.org/docs/9.6/runtime-config-logging.html#RUNTIME-CONFIG-LOGGING-WHAT', + 'https://cloud.google.com/sql/docs/postgres/flags#setting_a_database_flag', + ], + gql: `{ + querygcpProject{ + id + projectId + __typename + sqlInstances(filter:{ databaseVersion: {regexp: "/POSTGRES*/"}}){ + name + settings{ + databaseFlags{ + name + value + } + } + } + } + }`, + resource: 'querygcpProject[*]', + severity: 'medium', + conditions: { + path: '@', + or: [ + { + path: '[*].sqlInstances', + isEmpty: true, + }, + { + path: '[*].sqlInstances', + array_all: { + path: '[*]', + and: [ + { + path: '[*].settings.databaseFlags', + isEmpty: false, + }, + { + path: '[*].settings.databaseFlags', + array_any: { + and: [ + { + path: '[*].name', + equal: 'log_checkpoints', + }, + { + path: '[*].value', + equal: 'on', + }, + ], + }, + }, + ], + }, + }, + ], + }, +} diff --git a/src/gcp/nist-800-53-rev4/rules/gcp-nist-800-53-rev4-3.3.ts b/src/gcp/nist-800-53-rev4/rules/gcp-nist-800-53-rev4-3.3.ts new file mode 100644 index 00000000..0e46868b --- /dev/null +++ b/src/gcp/nist-800-53-rev4/rules/gcp-nist-800-53-rev4-3.3.ts @@ -0,0 +1,108 @@ +// GCP CIS 1.2.0 Rule equivalent 6.2.3 +export default { + id: 'gcp-nist-800-53-rev4-3.3', + title: + "GGCP NIST 3.3 PostgreSQL database instance 'log_connections' database flag should be set to 'on'", + description: `Enabling the log_connections setting causes each attempted connection to the server to + be logged, along with successful completion of client authentication. This parameter cannot + be changed after the session starts.`, + audit: `**From Console:** + + 1. Go to the Cloud SQL Instances page in the Google Cloud Console by visiting https://console.cloud.google.com/sql/instances. + 2. Select the instance to open its *Instance Overview* page. + 3. Go to the *Configuration* card. + 4. Under *Database flags*, check the value of *log_connections* flag to determine if it is configured as expected. + + **From Command Line:** + + 1. List all Cloud SQL database instances using the following command: + + gcloud sql instances list + + 2. Ensure the below command returns *on* for every Cloud SQL PostgreSQL database instance: + + gcloud sql instances describe INSTANCE_NAME --format=json | jq '.settings.databaseFlags[] | select(.name=="log_connections")|.value' + `, + rationale: 'PostgreSQL does not log attempted connections by default. Enabling the *log_connections* setting will create log entries for each attempted connection as well as successful completion of client authentication which can be useful in troubleshooting issues and to determine any unusual connection attempts to the server. This recommendation is applicable to PostgreSQL database instances.', + remediation: `**From Console:** + + 1. Go to the Cloud SQL Instances page in the Google Cloud Console by visiting https://console.cloud.google.com/sql/instances. + 2. Select the PostgreSQL instance for which you want to enable the database flag. + 3. Click *Edit*. + 4. Scroll down to the *Flags* section. + 5. To set a flag that has not been set on the instance before, click *Add item*, choose the flag *log_connections* from the drop-down menu and set the value as *on*. + 6. Click *Save*. + 7. Confirm the changes under *Flags* on the Overview page. + + **From Command Line:** + + 1. List all Cloud SQL database instances using the following command: + + gcloud sql instances list + + 2. Configure the *log_connections* database flag for every Cloud SQL PosgreSQL database instance using the below command. + + gcloud sql instances patch INSTANCE_NAME --database-flags log_connections=on + + **Note:** + + This command will overwrite all previously set database flags. To keep those and add new ones, include the values for all flags to be set on the instance; any flag not specifically included is set to its default value. For flags that do not take a value, specify the flag name followed by an equals sign ("=").`, + references: [ + 'https://cloud.google.com/sql/docs/postgres/flags', + 'https://www.postgresql.org/docs/9.6/runtime-config-logging.html#RUNTIME-CONFIG-LOGGING-WHAT', + ], + gql: `{ + querygcpProject{ + id + projectId + __typename + sqlInstances(filter:{ databaseVersion: {regexp: "/POSTGRES*/"}}){ + name + settings{ + databaseFlags{ + name + value + } + } + } + } + }`, + resource: 'querygcpProject[*]', + severity: 'medium', + conditions: { + path: '@', + or: [ + { + path: '[*].sqlInstances', + isEmpty: true, + }, + { + path: '[*].sqlInstances', + array_all: { + path: '[*]', + and: [ + { + path: '[*].settings.databaseFlags', + isEmpty: false, + }, + { + path: '[*].settings.databaseFlags', + array_any: { + and: [ + { + path: '[*].name', + equal: 'log_connections', + }, + { + path: '[*].value', + equal: 'on', + }, + ], + }, + }, + ], + }, + }, + ], + }, +} diff --git a/src/gcp/nist-800-53-rev4/rules/gcp-nist-800-53-rev4-3.4.ts b/src/gcp/nist-800-53-rev4/rules/gcp-nist-800-53-rev4-3.4.ts new file mode 100644 index 00000000..59302f5d --- /dev/null +++ b/src/gcp/nist-800-53-rev4/rules/gcp-nist-800-53-rev4-3.4.ts @@ -0,0 +1,106 @@ +// GCP CIS 1.2.0 Rule equivalent 6.2.4 +export default { + id: 'gcp-nist-800-53-rev4-3.4', + title: + "GCP NIST 3.4 PostgreSQL database instance 'log_disconnections' database flag should be set to 'on'", + description: `Enabling the log_disconnections setting logs the end of each session, including the + session duration.`, + audit: `**From Console:** + + 1. Go to the Cloud SQL Instances page in the Google Cloud Console by visiting https://console.cloud.google.com/sql/instances. + 2. Select the instance to open its *Instance Overview* page + 3. Go to the *Configuration* card. + 4. Under *Database flags*, check the value of *log_disconnections* flag is configured as expected. + + **From Command Line:** + + 1. List all Cloud SQL database Instances using the following command: + + gcloud sql instances list + + 2. Ensure the below command returns on for every Cloud SQL PostgreSQL database instance: + + gcloud sql instances describe INSTANCE_NAME --format=json | jq '.settings.databaseFlags[] | select(.name=="log_disconnections")|.value'`, + rationale: 'PostgreSQL does not log session details such as duration and session end by default. Enabling the *log_disconnections* setting will create log entries at the end of each session which can be useful in troubleshooting issues and determine any unusual activity across a time period. The *log_disconnections* and *log_connections* work hand in hand and generally, the pair would be enabled/disabled together. This recommendation is applicable to PostgreSQL database instances.', + remediation: `**From Console:** + + 1. Go to the Cloud SQL Instances page in the Google Cloud Console by visiting https://console.cloud.google.com/sql/instances. + 2. Select the PostgreSQL instance where the database flag needs to be enabled. + 3. Click *Edit*. + 4. Scroll down to the *Flags* section. + 5. To set a flag that has not been set on the instance before, click *Add item*, choose the flag *log_disconnections* from the drop-down menu and set the value as *on*. + 6. Click *Save*. + 7. Confirm the changes under *Flags* on the Overview page. + + **From Command Line:** + + 1. List all Cloud SQL database Instances using the following command: + + gcloud sql instances list + + 2. Configure the *log_disconnections* database flag for every Cloud SQL PosgreSQL database instance using the below command: + + gcloud sql instances patch INSTANCE_NAME --database-flags log_disconnections=on + + **Note:** + + This command will overwrite all previously setdatabase flags. To keep those and add new ones, include the values for all flags to be set on the instance; any flag not specifically included is set to its default value. For flags that do not take a value, specify the flag name followed by an equals sign ("=").`, + references: [ + 'https://cloud.google.com/sql/docs/postgres/flags', + 'https://www.postgresql.org/docs/9.6/runtime-config-logging.html#RUNTIME-CONFIG-LOGGING-WHAT', + ], + gql: `{ + querygcpProject{ + id + projectId + __typename + sqlInstances(filter:{ databaseVersion: {regexp: "/POSTGRES*/"}}){ + name + settings{ + databaseFlags{ + name + value + } + } + } + } + }`, + resource: 'querygcpProject[*]', + severity: 'medium', + conditions: { + path: '@', + or: [ + { + path: '[*].sqlInstances', + isEmpty: true, + }, + { + path: '[*].sqlInstances', + array_all: { + path: '[*]', + and: [ + { + path: '[*].settings.databaseFlags', + isEmpty: false, + }, + { + path: '[*].settings.databaseFlags', + array_any: { + and: [ + { + path: '[*].name', + equal: 'log_disconnections', + }, + { + path: '[*].value', + equal: 'on', + }, + ], + }, + }, + ], + }, + }, + ], + }, +} diff --git a/src/gcp/nist-800-53-rev4/rules/gcp-nist-800-53-rev4-3.5.ts b/src/gcp/nist-800-53-rev4/rules/gcp-nist-800-53-rev4-3.5.ts new file mode 100644 index 00000000..ed7c3867 --- /dev/null +++ b/src/gcp/nist-800-53-rev4/rules/gcp-nist-800-53-rev4-3.5.ts @@ -0,0 +1,106 @@ +// GCP CIS 1.2.0 Rule equivalent 6.2.6 +export default { + id: 'gcp-nist-800-53-rev4-3.5', + title: + "GCP NIST 3.5 PostgreSQL database instance 'log_lock_waits' database flag should be set to 'on'", + description: `Enabling the log_lock_waits flag for a PostgreSQL instance creates a log for any session + waits that take longer than the alloted deadlock_timeout time to acquire a lock.`, + audit: `**From Console:** + + 1. Go to the Cloud SQL Instances page in the Google Cloud Console by visiting https://console.cloud.google.com/sql/instances. + 2. Select the instance to open its Instance Overview page. + 3. Go to the *Configuration* card. + 4. Under *Database flags*, check if the value of the *log_lock_waits* flag is configured as expected. + + **From Command Line:** + + 1. List all Cloud SQL database Instances using the following command: + + gcloud sql instances list + + 2. Ensure the below command returns *on* for every Cloud SQL PostgreSQL database instance + + gcloud sql instances describe INSTANCE_NAME --format=json | jq '.settings.databaseFlags[] | select(.name=="log_lock_waits")|.value'`, + rationale: 'The deadlock timeout defines the time to wait on a lock before checking for any conditions. Frequent run overs on deadlock timeout can be an indication of an underlying issue. Logging such waits on locks by enabling the *log_lock_waits* flag can be used to identify poor performance due to locking delays or if a specially-crafted SQL is attempting to starve resources through holding locks for excessive amounts of time. This recommendation is applicable to PostgreSQL database instances.', + remediation: `**From Console:** + + 1. Go to the Cloud SQL Instances page in the Google Cloud Console by visiting https://console.cloud.google.com/sql/instances. + 2. Select the PostgreSQL instance where the database flag needs to be enabled. + 3. Click *Edit*. + 4. Scroll down to the *Flags* section. + 5. To set a flag that has not been set on the instance before, click *Add item*, choose the flag *log_lock_waits* from the drop-down menu and set the value as *on*. + 6. Click *Save*. + 7. Confirm the changes under *Flags* on the Overview page. + + **From Command Line:** + + 1. List all Cloud SQL database instances using the following command: + + gcloud sql instances list + + 2. Configure the *log_lock_waits* database flag for every Cloud SQL PosgreSQL database instance using the below command: + + gcloud sql instances patch INSTANCE_NAME --database-flags log_lock_waits=on + + **Note:** + + This command will overwrite all database flags previously set. To keep those and add new ones, include the values for all flags to be set on the instance; any flag not specifically included is set to its default value. For flags that do not take a value, specify the flag name followed by an equals sign ("=").`, + references: [ + 'https://cloud.google.com/sql/docs/postgres/flags', + 'https://www.postgresql.org/docs/9.6/runtime-config-logging.html#GUC-LOG-MIN-DURATION-STATEMENT', + ], + gql: `{ + querygcpProject{ + id + projectId + __typename + sqlInstances(filter:{ databaseVersion: {regexp: "/POSTGRES*/"}}){ + name + settings{ + databaseFlags{ + name + value + } + } + } + } + }`, + resource: 'querygcpProject[*]', + severity: 'medium', + conditions: { + path: '@', + or: [ + { + path: '[*].sqlInstances', + isEmpty: true, + }, + { + path: '[*].sqlInstances', + array_all: { + path: '[*]', + and: [ + { + path: '[*].settings.databaseFlags', + isEmpty: false, + }, + { + path: '[*].settings.databaseFlags', + array_any: { + and: [ + { + path: '[*].name', + equal: 'log_lock_waits', + }, + { + path: '[*].value', + equal: 'on', + }, + ], + }, + }, + ], + }, + }, + ], + }, +} diff --git a/src/gcp/nist-800-53-rev4/rules/gcp-nist-800-53-rev4-3.6.ts b/src/gcp/nist-800-53-rev4/rules/gcp-nist-800-53-rev4-3.6.ts new file mode 100644 index 00000000..303b44ec --- /dev/null +++ b/src/gcp/nist-800-53-rev4/rules/gcp-nist-800-53-rev4-3.6.ts @@ -0,0 +1,110 @@ +// GCP CIS 1.2.0 Rule equivalent 6.2.14 +export default { + id: 'gcp-nist-800-53-rev4-3.6', + title: + "GCP NIST 3.6 PostgreSQL database instance 'log_min_error_statement' database flag should be set appropriately", + description: `The log_min_error_statement flag defines the minimum message severity level that are + considered as an error statement. Messages for error statements are logged with the SQL + statement. Valid values include DEBUG5, DEBUG4, DEBUG3, DEBUG2, DEBUG1, INFO, NOTICE, + WARNING, ERROR, LOG, FATAL, and PANIC. Each severity level includes the subsequent levels + mentioned above. Ensure a value of ERROR or stricter is set.`, + audit: `**Using Console:** + + 1. Go to the Cloud SQL Instances page in the Google Cloud Console by visiting https://console.cloud.google.com/sql/instances. + 2. Select the instance to open its *Instance Overview* page + 3. Go to *Configuration* card + 4. Under *Database flags*, check the value of *log_min_error_statement* flag is configured as to *ERROR* or stricter. + + **Using Command Line:** + + 1. List all Cloud SQL database Instances + + gcloud sql instances list + + + 2. Use the below command for every Cloud SQL PostgreSQL database instance to verify the value of *log_min_error_statement* is set to *ERROR* or stricter. + + gcloud sql instances describe INSTANCE_NAME --format=json | jq '.settings.databaseFlags[] | select(.name=="log_min_error_statement")|.value'`, + rationale: 'Auditing helps in troubleshooting operational problems and also permits forensic analysis. If *log_min_error_statement* is not set to the correct value, messages may not be classified as error messages appropriately. Considering general log messages as error messages would make is difficult to find actual errors and considering only stricter severity levels as error messages may skip actual errors to log their SQL statements. The *log_min_error_statement* flag should be set to *ERROR* or stricter. This recommendation is applicable to PostgreSQL database instances.', + remediation: `**Using Console:** + + 1. Go to the Cloud SQL Instances page in the Google Cloud Console by visiting https://console.cloud.google.com/sql/instances. + 2. Select the PostgreSQL instance for which you want to enable the database flag. + 3. Click *Edit*. + 4. Scroll down to the *Flags* section. + 5. To set a flag that has not been set on the instance before, click *Add item*, choose the flag *log_min_error_statement* from the drop-down menu and set appropriate value. + 6. Click *Save* to save your changes. + 7. Confirm your changes under *Flags* on the Overview page. + + **Using Command Line:** + + 1. List all Cloud SQL database Instances + + gcloud sql instances list + + 2. Configure the *log_min_error_statement* database flag for every Cloud SQL PosgreSQL database instance using the below command. + + gcloud sql instances patch INSTANCE_NAME --database-flags log_min_error_statement= + + **Note:** + + This command will overwrite all database flags previously set. To keep those and add new ones, include the values for all flags you want set on the instance; any flag not specifically included is set to its default value. For flags that do not take a value, specify the flag name followed by an equals sign ("=").`, + references: [ + 'https://cloud.google.com/sql/docs/postgres/flags', + 'https://www.postgresql.org/docs/9.6/runtime-config-logging.html#RUNTIME-CONFIG-LOGGING-WHEN', + ], + gql: `{ + querygcpProject{ + id + projectId + __typename + sqlInstances(filter:{ databaseVersion: {regexp: "/POSTGRES*/"}}){ + name + settings{ + databaseFlags{ + name + value + } + } + } + } + }`, + resource: 'querygcpProject[*]', + severity: 'medium', + conditions: { + path: '@', + or: [ + { + path: '[*].sqlInstances', + isEmpty: true, + }, + { + path: '[*].sqlInstances', + array_all: { + path: '[*]', + and: [ + { + path: '[*].settings.databaseFlags', + isEmpty: false, + }, + { + path: '[*].settings.databaseFlags', + array_any: { + and: [ + { + path: '[*].name', + equal: 'log_min_error_statement', + }, + { + path: '[*].value', + in: ['error', 'log', 'fatal', 'panic'], + }, + ], + }, + }, + ], + }, + }, + ], + }, +} diff --git a/src/gcp/nist-800-53-rev4/rules/gcp-nist-800-53-rev4-3.7.ts b/src/gcp/nist-800-53-rev4/rules/gcp-nist-800-53-rev4-3.7.ts new file mode 100644 index 00000000..2773eec3 --- /dev/null +++ b/src/gcp/nist-800-53-rev4/rules/gcp-nist-800-53-rev4-3.7.ts @@ -0,0 +1,110 @@ +// GCP CIS 1.2.0 Rule equivalent 6.2.15 +export default { + id: 'gcp-nist-800-53-rev4-3.7', + title: + "GCP NIST 3.7 PostgreSQL database instance 'log_temp_files' database flag should be set to '0' (on)", + description: `PostgreSQL can create a temporary file for actions such as sorting, hashing and temporary + query results when these operations exceed work_mem. The log_temp_files flag controls + logging names and the file size when it is deleted. Configuring log_temp_files to 0 causes + all temporary file information to be logged, while positive values log only files whose size is + greater than or equal to the specified number of kilobytes. A value of - 1 disables temporary + file information logging.`, + audit: `**From Console:** + + 1. Go to the Cloud SQL Instances page in the Google Cloud Console by visiting https://console.cloud.google.com/sql/instances. + 2. Select the instance to open its *Instance Overview* page + 3. Go to the *Configuration* card. + 4. Under *Database flags*, check that the value of *log_temp_files* flag is set to *0*. + + **From Command Line:** + + 1. List all Cloud SQL database Instances using the following command: + + gcloud sql instances list + + 2. Ensure that the below command returns *0* for every Cloud SQL PostgreSQL database instance + + gcloud sql instances describe INSTANCE_NAME --format=json | jq '.settings.databaseFlags[] | select(.name=="log_temp_files")|.value'`, + rationale: 'If all temporary files are not logged, it may be more difficult to identify potential performance issues that may be due to either poor application coding or deliberate resource starvation attempts.', + remediation: `**From Console:** + + 1. Go to the Cloud SQL Instances page in the Google Cloud Console by visiting https://console.cloud.google.com/sql/instances. + 2. Select the PostgreSQL instance where the database flag needs to be enabled. + 3. Click *Edit*. + 4. Scroll down to the *Flags* section. + 5. To set a flag that has not been set on the instance before, click *Add item*, choose the flag *log_temp_files* from the drop-down menu and set the value as *0*. + 6. Click *Save*. + 7. Confirm the changes under *Flags* on the Overview page. + + **From Command Line:** + + 1. List all Cloud SQL database instances using the following command: + + gcloud sql instances list + + 2. Configure the *log_temp_files* database flag for every Cloud SQL PosgreSQL database instance using the below command. + + gcloud sql instances patch INSTANCE_NAME --database-flags log_temp_files='0' + + **Note:** + + This command will overwrite all database flags previously set. To keep those and add new ones, include the values for all flags to be set on the instance; any flag not specifically included is set to its default value. For flags that do not take a value, specify the flag name followed by an equals sign ("=").`, + references: [ + 'https://cloud.google.com/sql/docs/postgres/flags', + 'https://www.postgresql.org/docs/9.6/runtime-config-logging.html#GUC-LOG-TEMP-FILES', + ], + gql: `{ + querygcpProject{ + id + projectId + __typename + sqlInstances(filter:{ databaseVersion: {regexp: "/POSTGRES*/"}}){ + name + settings{ + databaseFlags{ + name + value + } + } + } + } + }`, + resource: 'querygcpProject[*]', + severity: 'medium', + conditions: { + path: '@', + or: [ + { + path: '[*].sqlInstances', + isEmpty: true, + }, + { + path: '[*].sqlInstances', + array_all: { + path: '[*]', + and: [ + { + path: '[*].settings.databaseFlags', + isEmpty: false, + }, + { + path: '[*].settings.databaseFlags', + array_any: { + and: [ + { + path: '[*].name', + equal: 'log_temp_files', + }, + { + path: '[*].value', + equal: '0', + }, + ], + }, + }, + ], + }, + }, + ], + }, +} diff --git a/src/gcp/nist-800-53-rev4/rules/gcp-nist-800-53-rev4-3.8.ts b/src/gcp/nist-800-53-rev4/rules/gcp-nist-800-53-rev4-3.8.ts new file mode 100644 index 00000000..b0b91b2f --- /dev/null +++ b/src/gcp/nist-800-53-rev4/rules/gcp-nist-800-53-rev4-3.8.ts @@ -0,0 +1,107 @@ +// GCP CIS 1.2.0 Rule equivalent 6.2.16 +export default { + id: 'gcp-nist-800-53-rev4-3.8', + title: + "GCP NIST 3.8 PostgreSQL database instance 'log_min_duration_statement' database flag should be set to '-1' (disabled)", + description: `The log_min_duration_statement flag defines the minimum amount of execution time of a + statement in milliseconds where the total duration of the statement is logged. Ensure that + log_min_duration_statement is disabled, i.e., a value of - 1 is set.`, + audit: `**From Console:** + + 1. Go to the Cloud SQL Instances page in the Google Cloud Console by visiting https://console.cloud.google.com/sql/instances. + 2. Select the instance to open its *Instance Overview* page. + 3. Go to the *Configuration* card. + 4. Under* Database flags*, check that the value of *log_min_duration_statement* flag is set to *-1*. + + **From Command Line:** + + 1. List all Cloud SQL database instances using the following command: + + gcloud sql instances list + + 2. Use the below command for every Cloud SQL PostgreSQL database instance to verify the value of *log_min_duration_statement* is set to *-1*. + + gcloud sql instances describe INSTANCE_NAME --format=json | jq '.settings.databaseFlags[] | select(.name=="log_min_duration_statement")|.value'`, + rationale: 'Logging SQL statements may include sensitive information that should not be recorded in logs. This recommendation is applicable to PostgreSQL database instances.', + remediation: `**From Console:** + + 1. Go to the Cloud SQL Instances page in the Google Cloud Console by visiting https://console.cloud.google.com/sql/instances. + 2. Select the PostgreSQL instance where the database flag needs to be enabled. + 3. Click *Edit*. + 4. Scroll down to the *Flags* section. + 5. To set a flag that has not been set on the instance before, click *Add item*, choose the flag *log_min_duration_statement* from the drop-down menu and set a value of *-1*. + 6. Click *Save*. + 7. Confirm the changes under *Flags* on the Overview page. + + **From Command Line:** + + 1. List all Cloud SQL database instances using the following command: + + gcloud sql instances list + + 2. Configure the *log_min_duration_statement* flag for every Cloud SQL PosgreSQL database instance using the below command: + + gcloud sql instances patch INSTANCE_NAME --database-flags log_min_duration_statement=-1 + + **Note:** + + This command will overwrite all database flags previously set. To keep those and add new ones, include the values for all flags to be set on the instance; any flag not specifically included is set to its default value. For flags that do not take a value, specify the flag name followed by an equals sign ("=").`, + references: [ + 'https://cloud.google.com/sql/docs/postgres/flags', + 'https://www.postgresql.org/docs/current/runtime-config-logging.html#RUNTIME-CONFIG-LOGGING-WHAT', + ], + gql: `{ + querygcpProject{ + id + projectId + __typename + sqlInstances(filter:{ databaseVersion: {regexp: "/POSTGRES*/"}}){ + name + settings{ + databaseFlags{ + name + value + } + } + } + } + }`, + resource: 'querygcpProject[*]', + severity: 'medium', + conditions: { + path: '@', + or: [ + { + path: '[*].sqlInstances', + isEmpty: true, + }, + { + path: '[*].sqlInstances', + array_all: { + path: '[*]', + and: [ + { + path: '[*].settings.databaseFlags', + isEmpty: false, + }, + { + path: '[*].settings.databaseFlags', + array_any: { + and: [ + { + path: '[*].name', + equal: 'log_min_duration_statement', + }, + { + path: '[*].value', + equal: '-1', + }, + ], + }, + }, + ], + }, + }, + ], + }, +} diff --git a/src/gcp/nist-800-53-rev4/rules/gcp-nist-800-53-rev4-3.9.ts b/src/gcp/nist-800-53-rev4/rules/gcp-nist-800-53-rev4-3.9.ts new file mode 100644 index 00000000..7c656b2e --- /dev/null +++ b/src/gcp/nist-800-53-rev4/rules/gcp-nist-800-53-rev4-3.9.ts @@ -0,0 +1,82 @@ +// GCP CIS 1.2.0 Rule equivalent 2.2 +export default { + id: 'gcp-nist-800-53-rev4-3.9', + title: 'GCP NIST 3.9 At least one project-level logging sink should be configured with an empty filter', + description: `It is recommended to create a sink that will export copies of all the log entries. This can + help aggregate logs from multiple projects and export them to a Security Information and + Event Management (SIEM).`, + audit: `**From Console:** + + 1. Go to *Logging/Exports* by visiting https://console.cloud.google.com/logs/exports. + 2. For every sink, click the 3-dot button for Menu options and select *View Filter*. + 3. Ensure there is at least one sink with an *empty* sink filter. + 4. Additionally, ensure that the resource configured as *Destination* exists. + + **From Command Line:** + + 1. Ensure that a sink with an *empty filter* exists. List the sinks for the project, folder or organization. If sinks are configured at a folder or organization level, they do not need to be configured for each project: + + gcloud logging sinks list --folder=FOLDER_ID | --organization=ORGANIZATION_ID | --project=PROJECT_ID + + The output should list at least one sink with an *empty filter*. + + 2. Additionally, ensure that the resource configured as *Destination* exists. + + See https://cloud.google.com/sdk/gcloud/reference/beta/logging/sinks/list for more information.`, + rationale: 'Log entries are held in Cloud Logging. To aggregate logs, export them to a SIEM. To keep them longer, it is recommended to set up a log sink. Exporting involves writing a filter that selects the log entries to export, and choosing a destination in Cloud Storage, BigQuery, or Cloud Pub/Sub. The filter and destination are held in an object called a sink. To ensure all log entries are exported to sinks, ensure that there is no filter configured for a sink. Sinks can be created in projects, organizations, folders, and billing accounts.', + remediation: `**From Console:** + + 1. Go to *Logging/Logs* by visiting https://console.cloud.google.com/logs/viewer. + 2. Click the down arrow symbol on *Filter Bar* at the rightmost corner and select + *Convert to Advanced Filter*. + 3. This step converts *Filter Bar* to *Advanced Filter Bar*. + 4. Clear any text from the *Advanced Filter* field. This ensures that the *log-filter* is + set to empty and captures all the logs. + 5. Click *Submit Filter* and the result should display all logs. + 6. Click *Create Sink*, which opens a menu on the right. + 7. Fill out the fields and click *Create Sink*. + + For more information, see https://cloud.google.com/logging/docs/export/configure_export_v2#dest-create. + + **From Command Line:** + To create a sink to export all log entries in a Google Cloud Storage bucket: + + gcloud logging sinks create storage.googleapis.com/DESTINATION_BUCKET_NAME + + Sinks can be created for a folder or organization, which will include all projects. + + gcloud logging sinks create storage.googleapis.com/DESTINATION_BUCKET_NAME --include-children -- folder=FOLDER_ID | --organization=ORGANIZATION_ID + + **Note:** + + 1. A sink created by the command-line above will export logs in storage buckets. However, sinks can be configured to export logs into BigQuery, or Cloud Pub/Sub, or *Custom Destination*. + 2. While creating a sink, the sink option *--log-filter* is not used to ensure the sink exports all log entries. + 3. A sink can be created at a folder or organization level that collects the logs of all the projects underneath bypassing the option *--include-children* in the cloud command.`, + references: [ + 'https://cloud.google.com/logging/docs/reference/tools/gcloud-logging', + 'https://cloud.google.com/logging/quotas', + 'https://cloud.google.com/logging/docs/export/', + 'https://cloud.google.com/logging/docs/export/using_exported_logs', + 'https://cloud.google.com/logging/docs/export/configure_export_v2', + 'https://cloud.google.com/logging/docs/export/aggregated_exports', + 'https://cloud.google.com/sdk/gcloud/reference/beta/logging/sinks/list', + ], + gql: `{ + querygcpProject { + id + __typename + logSinks { + filter + } + } + }`, + resource: 'querygcpProject[*]', + severity: 'high', + conditions: { + path: '@.logSinks', + array_any: { + path: '[*].filter', + equal: '', + }, + }, +} diff --git a/src/gcp/nist-800-53-rev4/rules/gcp-nist-800-53-rev4-4.1.ts b/src/gcp/nist-800-53-rev4/rules/gcp-nist-800-53-rev4-4.1.ts new file mode 100644 index 00000000..b8cbabcd --- /dev/null +++ b/src/gcp/nist-800-53-rev4/rules/gcp-nist-800-53-rev4-4.1.ts @@ -0,0 +1,86 @@ +// GCP CIS 1.2.0 Rule equivalent 4.7 +export default { + id: 'gcp-nist-800-53-rev4-4.1', + title: + 'GCP NIST 4.1 Compute instance disks should be encrypted with customer-supplied encryption keys (CSEKs)', + description: `Customer-Supplied Encryption Keys (CSEK) are a feature in Google Cloud Storage and + Google Compute Engine. If you supply your own encryption keys, Google uses your key to + protect the Google-generated keys used to encrypt and decrypt your data. By default, + Google Compute Engine encrypts all data at rest. Compute Engine handles and manages + this encryption for you without any additional actions on your part. However, if you + wanted to control and manage this encryption yourself, you can provide your own + encryption keys.`, + audit: `**From Console:** + + 1. Go to Compute Engine *Disks* by visiting: + https://console.cloud.google.com/compute/disks. + 2. Click on the disk for your critical VMs to see its configuration details. + 3. Ensure that *Encryption type* is set to *Customer supplied*. + + **From Command Line:** + Ensure *diskEncryptionKey* property in the below command's response is not null, and + contains key *sha256* with corresponding value + + gcloud compute disks describe DISK_NAME --zone ZONE -- format="json(diskEncryptionKey,name)"`, + rationale: `By default, Google Compute Engine encrypts all data at rest. Compute Engine handles and manages this encryption for you without any additional actions on your part. However, if you wanted to control and manage this encryption yourself, you can provide your own encryption keys. + + If you provide your own encryption keys, Compute Engine uses your key to protect the Google-generated keys used to encrypt and decrypt your data. Only users who can provide the correct key can use resources protected by a customer-supplied encryption key. + + Google does not store your keys on its servers and cannot access your protected data unless you provide the key. This also means that if you forget or lose your key, there is no way for Google to recover the key or to recover any data encrypted with the lost key. + + At least business critical VMs should have VM disks encrypted with CSEK.`, + remediation: `**Note:** Currently there is no way to update the encryption of an existing disk. Therefore you should create a new disk with *Encryption* set to *Customer supplied*. + + **From Console:** + + 1. Go to Compute Engine *Disks* by visiting: https://console.cloud.google.com/compute/disks. + 2. Click *CREATE DISK*. + 3. Set *Encryption type* to *Customer supplied*. + 4. Provide the *Key* in the box. + 5. Select *Wrapped key*. + 6. Click *Create*. + + **From Command Line:** + In the gcloud compute tool, encrypt a disk using the --csek-key-file flag during instance + creation. If you are using an RSA-wrapped key, use the gcloud beta component: + + gcloud (beta) compute instances create INSTANCE_NAME --csek-key-file + + + To encrypt a standalone persistent disk: + + gcloud (beta) compute disks create DISK_NAME --csek-key-file { + let rulesEngine: Engine + beforeAll(() => { + rulesEngine = new CloudGraph.RulesEngine({ providerName: 'gcp', entityName: 'NIST'} ) + }) + + describe('GCP NIST 3.1 IAM default audit log config should not exempt any users', () => { + const getTestRuleFixture = (): NIST3xQueryResponse => { + return { + querygcpIamPolicy: [ + { + id: cuid(), + auditConfigs: [ + { + auditLogConfigs: [ + { + logType: 'DATA_WRITE', + exemptedMembers: [], + }, + { + logType: 'DATA_READ', + exemptedMembers: [], + }, + ], + service: 'allServices', + exemptedMembers: [], + }, + ], + }, + ], + } + } + + const test21Rule = async ( + data: NIST3xQueryResponse, + expectedResult: Result + ): Promise => { + // Act + const [processedRule] = await rulesEngine.processRule( + Gcp_NIST_800_53_31 as Rule, + { ...data } + ) + + // Asserts + expect(processedRule.result).toBe(expectedResult) + } + + test('No Security Issue when there is a auditConfig with logtype set to DATA_WRITES and DATA_READ for all services, and exemptedMembers is empty', async () => { + const data: NIST3xQueryResponse = getTestRuleFixture() + await test21Rule(data, Result.PASS) + }) + + test('Security Issue when there is a auditConfig with logtype set to DATA_WRITES and DATA_READ for all services, and exemptedMembers is NOT empty', async () => { + let data: NIST3xQueryResponse = { + querygcpIamPolicy: [ + { + id: cuid(), + auditConfigs: [ + { + auditLogConfigs: [ + { + logType: 'DATA_WRITES', + exemptedMembers: [], + }, + { + logType: 'DATA_READ', + exemptedMembers: [], + }, + ], + service: 'allServices', + exemptedMembers: ['dummy-member'], + }, + ], + }, + ], + } + await test21Rule(data, Result.FAIL) + + data = { + querygcpIamPolicy: [ + { + id: cuid(), + auditConfigs: [ + { + auditLogConfigs: [ + { + logType: 'DATA_WRITES', + exemptedMembers: ['dummy-member'], + }, + { + logType: 'DATA_READ', + exemptedMembers: [], + }, + ], + service: 'allServices', + exemptedMembers: [], + }, + ], + }, + ], + } + await test21Rule(data, Result.FAIL) + data = { + querygcpIamPolicy: [ + { + id: cuid(), + auditConfigs: [ + { + auditLogConfigs: [ + { + logType: 'DATA_WRITES', + exemptedMembers: [], + }, + { + logType: 'DATA_READ', + exemptedMembers: ['dummy-member'], + }, + ], + service: 'allServices', + exemptedMembers: [], + }, + ], + }, + ], + } + await test21Rule(data, Result.FAIL) + }) + + test('Security Issue when there is a auditConfig without logtype set to DATA_WRITES', async () => { + const data: NIST3xQueryResponse = { + querygcpIamPolicy: [ + { + id: cuid(), + auditConfigs: [ + { + auditLogConfigs: [ + { + logType: 'DATA_READ', + exemptedMembers: [], + }, + ], + service: 'allServices', + exemptedMembers: [], + }, + ], + }, + ], + } + await test21Rule(data, Result.FAIL) + }) + + test('Security Issue when there is a auditConfig without logtype set to DATA_READ', async () => { + const data: NIST3xQueryResponse = { + querygcpIamPolicy: [ + { + id: cuid(), + auditConfigs: [ + { + auditLogConfigs: [ + { + logType: 'DATA_WRITES', + exemptedMembers: [], + }, + ], + service: 'allServices', + exemptedMembers: [], + }, + ], + }, + ], + } + await test21Rule(data, Result.FAIL) + }) + + test('Security Issue when there is a auditConfig with logtype set to DATA_WRITES and DATA_READ NOT set to allServices', async () => { + const data: NIST3xQueryResponse = { + querygcpIamPolicy: [ + { + id: cuid(), + auditConfigs: [ + { + auditLogConfigs: [ + { + logType: 'DATA_WRITE', + exemptedMembers: [], + }, + { + logType: 'DATA_READ', + exemptedMembers: [], + }, + ], + service: 'dummy-service', + exemptedMembers: [], + }, + ], + }, + ], + } + await test21Rule(data, Result.FAIL) + }) + }) + + describe("GCP NIST 3.2 PostgreSQL database instance 'log_checkpoints' database flag should be set to 'on'", () => { + const getRuleFixture = (): NIST3xQueryResponse => { + return { + querygcpProject: [ + { + id: cuid(), + sqlInstances: [ + { + name: 'test-postgres-instance', + settings: { + databaseFlags: [ + { + name: 'log_checkpoints', + value: 'on', + }, + ], + }, + }, + ], + }, + ], + } + } + + const testRule = async ( + data: NIST3xQueryResponse, + expectedResult: Result + ): Promise => { + // Act + const [processedRule] = await rulesEngine.processRule( + Gcp_NIST_800_53_32 as Rule, + { ...data } + ) + + // Asserts + expect(processedRule.result).toBe(expectedResult) + } + + test('No Security Issue when there is NO POSTGRES instances', async () => { + const data: NIST3xQueryResponse = getRuleFixture() + const project = data.querygcpProject?.[0] as QuerygcpProject + project.sqlInstances = [] + await testRule(data, Result.PASS) + }) + + test("No Security Issue when all POSTGRES instances have the 'log_checkpoints' set to 'on'", async () => { + const data: NIST3xQueryResponse = getRuleFixture() + const project = data.querygcpProject?.[0] as QuerygcpProject + project.sqlInstances.push({ + name: 'test-postgres-instance', + settings: { + databaseFlags: [ + { + name: 'dummy_key', + value: 'on', + }, + { + name: 'log_checkpoints', + value: 'on', + }, + ], + }, + }) + await testRule(data, Result.PASS) + }) + + test('Security Issue when the POSTGRES instances have no database flags', async () => { + const data: NIST3xQueryResponse = getRuleFixture() + const project = data.querygcpProject?.[0] as QuerygcpProject + project.sqlInstances[0].settings.databaseFlags = [] + await testRule(data, Result.FAIL) + }) + + test("Security Issue when the POSTGRES instances do NOT have a 'log_checkpoints' database flag", async () => { + const data: NIST3xQueryResponse = getRuleFixture() + const project = data.querygcpProject?.[0] as QuerygcpProject + project.sqlInstances[0].settings.databaseFlags = [ + { + name: 'dummy_key', + value: 'on', + }, + ] + await testRule(data, Result.FAIL) + }) + + test("Security Issue when the POSTGRES instances do have a 'log_checkpoints' database flag set to 'off'", async () => { + const data: NIST3xQueryResponse = getRuleFixture() + const project = data.querygcpProject?.[0] as QuerygcpProject + project.sqlInstances[0].settings.databaseFlags[0].value = 'off' + await testRule(data, Result.FAIL) + }) + }) + + describe("GGCP NIST 3.3 PostgreSQL database instance 'log_connections' database flag should be set to 'on'", () => { + const getRuleFixture = (): NIST3xQueryResponse => { + return { + querygcpProject: [ + { + id: cuid(), + sqlInstances: [ + { + name: 'test-postgres-instance', + settings: { + databaseFlags: [ + { + name: 'log_connections', + value: 'on', + }, + ], + }, + }, + ], + }, + ], + } + } + + const testRule = async ( + data: NIST3xQueryResponse, + expectedResult: Result + ): Promise => { + // Act + const [processedRule] = await rulesEngine.processRule( + Gcp_NIST_800_53_33 as Rule, + { ...data } + ) + + // Asserts + expect(processedRule.result).toBe(expectedResult) + } + + test('No Security Issue when there is NO POSTGRES instances', async () => { + const data: NIST3xQueryResponse = getRuleFixture() + const project = data.querygcpProject?.[0] as QuerygcpProject + project.sqlInstances = [] + await testRule(data, Result.PASS) + }) + + test("No Security Issue when all POSTGRES instances have the 'log_connections' set to 'on'", async () => { + const data: NIST3xQueryResponse = getRuleFixture() + const project = data.querygcpProject?.[0] as QuerygcpProject + project.sqlInstances.push({ + name: 'test-postgres-instance', + settings: { + databaseFlags: [ + { + name: 'dummy_key', + value: 'on', + }, + { + name: 'log_connections', + value: 'on', + }, + ], + }, + }) + await testRule(data, Result.PASS) + }) + + test('Security Issue when the POSTGRES instances have no database flags', async () => { + const data: NIST3xQueryResponse = getRuleFixture() + const project = data.querygcpProject?.[0] as QuerygcpProject + project.sqlInstances[0].settings.databaseFlags = [] + await testRule(data, Result.FAIL) + }) + + test("Security Issue when the POSTGRES instances do NOT have a 'log_connections' database flag", async () => { + const data: NIST3xQueryResponse = getRuleFixture() + const project = data.querygcpProject?.[0] as QuerygcpProject + project.sqlInstances[0].settings.databaseFlags = [ + { + name: 'dummy_key', + value: 'on', + }, + ] + await testRule(data, Result.FAIL) + }) + + test("Security Issue when the POSTGRES instances do have a 'log_connections' database flag set to 'off'", async () => { + const data: NIST3xQueryResponse = getRuleFixture() + const project = data.querygcpProject?.[0] as QuerygcpProject + project.sqlInstances[0].settings.databaseFlags[0].value = 'off' + await testRule(data, Result.FAIL) + }) + }) + + describe("GCP NIST 3.4 PostgreSQL database instance 'log_disconnections' database flag should be set to 'on'", () => { + const getRuleFixture = (): NIST3xQueryResponse => { + return { + querygcpProject: [ + { + id: cuid(), + sqlInstances: [ + { + name: 'test-postgres-instance', + settings: { + databaseFlags: [ + { + name: 'log_disconnections', + value: 'on', + }, + ], + }, + }, + ], + }, + ], + } + } + + const testRule = async ( + data: NIST3xQueryResponse, + expectedResult: Result + ): Promise => { + // Act + const [processedRule] = await rulesEngine.processRule( + Gcp_NIST_800_53_34 as Rule, + { ...data } + ) + + // Asserts + expect(processedRule.result).toBe(expectedResult) + } + + test('No Security Issue when there is NO POSTGRES instances', async () => { + const data: NIST3xQueryResponse = getRuleFixture() + const project = data.querygcpProject?.[0] as QuerygcpProject + project.sqlInstances = [] + await testRule(data, Result.PASS) + }) + + test("No Security Issue when all POSTGRES instances have the 'log_disconnections' set to 'on'", async () => { + const data: NIST3xQueryResponse = getRuleFixture() + const project = data.querygcpProject?.[0] as QuerygcpProject + project.sqlInstances.push({ + name: 'test-postgres-instance', + settings: { + databaseFlags: [ + { + name: 'dummy_key', + value: 'on', + }, + { + name: 'log_disconnections', + value: 'on', + }, + ], + }, + }) + await testRule(data, Result.PASS) + }) + + test('Security Issue when the POSTGRES instances have no database flags', async () => { + const data: NIST3xQueryResponse = getRuleFixture() + const project = data.querygcpProject?.[0] as QuerygcpProject + project.sqlInstances[0].settings.databaseFlags = [] + await testRule(data, Result.FAIL) + }) + + test("Security Issue when the POSTGRES instances do NOT have a 'log_disconnections' database flag", async () => { + const data: NIST3xQueryResponse = getRuleFixture() + const project = data.querygcpProject?.[0] as QuerygcpProject + project.sqlInstances[0].settings.databaseFlags = [ + { + name: 'dummy_key', + value: 'on', + }, + ] + await testRule(data, Result.FAIL) + }) + + test("Security Issue when the POSTGRES instances do have a 'log_disconnections' database flag set to 'off'", async () => { + const data: NIST3xQueryResponse = getRuleFixture() + const project = data.querygcpProject?.[0] as QuerygcpProject + project.sqlInstances[0].settings.databaseFlags[0].value = 'off' + await testRule(data, Result.FAIL) + }) + }) + + describe("GCP NIST 3.5 PostgreSQL database instance 'log_lock_waits' database flag should be set to 'on'", () => { + const getRuleFixture = (): NIST3xQueryResponse => { + return { + querygcpProject: [ + { + id: cuid(), + sqlInstances: [ + { + name: 'test-postgres-instance', + settings: { + databaseFlags: [ + { + name: 'log_lock_waits', + value: 'on', + }, + ], + }, + }, + ], + }, + ], + } + } + + const testRule = async ( + data: NIST3xQueryResponse, + expectedResult: Result + ): Promise => { + // Act + const [processedRule] = await rulesEngine.processRule( + Gcp_NIST_800_53_35 as Rule, + { ...data } + ) + + // Asserts + expect(processedRule.result).toBe(expectedResult) + } + + test('No Security Issue when there is NO POSTGRES instances', async () => { + const data: NIST3xQueryResponse = getRuleFixture() + const project = data.querygcpProject?.[0] as QuerygcpProject + project.sqlInstances = [] + await testRule(data, Result.PASS) + }) + + test("No Security Issue when all POSTGRES instances have the 'log_lock_waits' set to 'on'", async () => { + const data: NIST3xQueryResponse = getRuleFixture() + const project = data.querygcpProject?.[0] as QuerygcpProject + project.sqlInstances.push({ + name: 'test-postgres-instance', + settings: { + databaseFlags: [ + { + name: 'dummy_key', + value: 'on', + }, + { + name: 'log_lock_waits', + value: 'on', + }, + ], + }, + }) + await testRule(data, Result.PASS) + }) + + test('Security Issue when the POSTGRES instances have no database flags', async () => { + const data: NIST3xQueryResponse = getRuleFixture() + const project = data.querygcpProject?.[0] as QuerygcpProject + project.sqlInstances[0].settings.databaseFlags = [] + await testRule(data, Result.FAIL) + }) + + test("Security Issue when the POSTGRES instances do NOT have a 'log_lock_waits' database flag", async () => { + const data: NIST3xQueryResponse = getRuleFixture() + const project = data.querygcpProject?.[0] as QuerygcpProject + project.sqlInstances[0].settings.databaseFlags = [ + { + name: 'dummy_key', + value: 'on', + }, + ] + await testRule(data, Result.FAIL) + }) + + test("Security Issue when the POSTGRES instances do have a 'log_lock_waits' database flag set to 'off'", async () => { + const data: NIST3xQueryResponse = getRuleFixture() + const project = data.querygcpProject?.[0] as QuerygcpProject + project.sqlInstances[0].settings.databaseFlags[0].value = 'off' + await testRule(data, Result.FAIL) + }) + }) + + describe("GCP NIST 3.6 PostgreSQL database instance 'log_min_error_statement' database flag should be set appropriately", () => { + const getRuleFixture = (): NIST3xQueryResponse => { + return { + querygcpProject: [ + { + id: cuid(), + sqlInstances: [ + { + name: 'test-postgres-instance', + settings: { + databaseFlags: [ + { + name: 'log_min_error_statement', + value: 'error', + }, + ], + }, + }, + ], + }, + ], + } + } + + const testRule = async ( + data: NIST3xQueryResponse, + expectedResult: Result + ): Promise => { + // Act + const [processedRule] = await rulesEngine.processRule( + Gcp_NIST_800_53_36 as Rule, + { ...data } + ) + + // Asserts + expect(processedRule.result).toBe(expectedResult) + } + + test('No Security Issue when there is NO POSTGRES instances', async () => { + const data: NIST3xQueryResponse = getRuleFixture() + const project = data.querygcpProject?.[0] as QuerygcpProject + project.sqlInstances = [] + await testRule(data, Result.PASS) + }) + + test("No Security Issue when all POSTGRES instances have the 'log_min_error_statement' set to any value: ['error', 'log', 'fatal', 'panic']", async () => { + const validValues = ['error', 'log', 'fatal', 'panic'] + for (const validValue of validValues) { + const data: NIST3xQueryResponse = getRuleFixture() + const project = data.querygcpProject?.[0] as QuerygcpProject + project.sqlInstances[0].settings.databaseFlags[0].value = validValue + project.sqlInstances.push({ + name: 'test-postgres-instance', + settings: { + databaseFlags: [ + { + name: 'dummy_key', + value: 'on', + }, + { + name: 'log_min_error_statement', + value: validValue, + }, + ], + }, + }) + await testRule(data, Result.PASS) + } + }) + + test('Security Issue when the POSTGRES instances have no database flags', async () => { + const data: NIST3xQueryResponse = getRuleFixture() + const project = data.querygcpProject?.[0] as QuerygcpProject + project.sqlInstances[0].settings.databaseFlags = [] + await testRule(data, Result.FAIL) + }) + + test("Security Issue when the POSTGRES instances do NOT have a 'log_min_error_statement' database flag", async () => { + const data: NIST3xQueryResponse = getRuleFixture() + const project = data.querygcpProject?.[0] as QuerygcpProject + project.sqlInstances[0].settings.databaseFlags = [ + { + name: 'dummy_key', + value: 'off', + }, + ] + await testRule(data, Result.FAIL) + }) + + test("Security Issue when the POSTGRES instances do have a 'log_min_error_statement' database flag set to an invalid value", async () => { + const data: NIST3xQueryResponse = getRuleFixture() + const project = data.querygcpProject?.[0] as QuerygcpProject + project.sqlInstances[0].settings.databaseFlags[0].value = 'dummy' + await testRule(data, Result.FAIL) + }) + }) + + describe("GCP NIST 3.7 PostgreSQL database instance 'log_temp_files' database flag should be set to '0' (on)", () => { + const getRuleFixture = (): NIST3xQueryResponse => { + return { + querygcpProject: [ + { + id: cuid(), + sqlInstances: [ + { + name: 'test-postgres-instance', + settings: { + databaseFlags: [ + { + name: 'log_temp_files', + value: '0', + }, + ], + }, + }, + ], + }, + ], + } + } + + const testRule = async ( + data: NIST3xQueryResponse, + expectedResult: Result + ): Promise => { + // Act + const [processedRule] = await rulesEngine.processRule( + Gcp_NIST_800_53_37 as Rule, + { ...data } + ) + + // Asserts + expect(processedRule.result).toBe(expectedResult) + } + + test('No Security Issue when there is NO POSTGRES instances', async () => { + const data: NIST3xQueryResponse = getRuleFixture() + const project = data.querygcpProject?.[0] as QuerygcpProject + project.sqlInstances = [] + await testRule(data, Result.PASS) + }) + + test("No Security Issue when all POSTGRES instances have the 'log_temp_files' set to '0'", async () => { + const data: NIST3xQueryResponse = getRuleFixture() + const project = data.querygcpProject?.[0] as QuerygcpProject + project.sqlInstances.push({ + name: 'test-postgres-instance', + settings: { + databaseFlags: [ + { + name: 'dummy_key', + value: 'on', + }, + { + name: 'log_temp_files', + value: '0', + }, + ], + }, + }) + await testRule(data, Result.PASS) + }) + + test('Security Issue when the POSTGRES instances have no database flags', async () => { + const data: NIST3xQueryResponse = getRuleFixture() + const project = data.querygcpProject?.[0] as QuerygcpProject + project.sqlInstances[0].settings.databaseFlags = [] + await testRule(data, Result.FAIL) + }) + + test("Security Issue when the POSTGRES instances do NOT have a 'log_temp_files' database flag", async () => { + const data: NIST3xQueryResponse = getRuleFixture() + const project = data.querygcpProject?.[0] as QuerygcpProject + project.sqlInstances[0].settings.databaseFlags = [ + { + name: 'dummy_key', + value: 'off', + }, + ] + await testRule(data, Result.FAIL) + }) + + test("Security Issue when the POSTGRES instances do have a 'log_temp_files' database flag set to '1'", async () => { + const data: NIST3xQueryResponse = getRuleFixture() + const project = data.querygcpProject?.[0] as QuerygcpProject + project.sqlInstances[0].settings.databaseFlags[0].value = '1' + await testRule(data, Result.FAIL) + }) + }) + + describe("GCP NIST 3.8 PostgreSQL database instance 'log_min_duration_statement' database flag should be set to '-1' (disabled)", () => { + const getRuleFixture = (): NIST3xQueryResponse => { + return { + querygcpProject: [ + { + id: cuid(), + sqlInstances: [ + { + name: 'test-postgres-instance', + settings: { + databaseFlags: [ + { + name: 'log_min_duration_statement', + value: '-1', + }, + ], + }, + }, + ], + }, + ], + } + } + + const testRule = async ( + data: NIST3xQueryResponse, + expectedResult: Result + ): Promise => { + // Act + const [processedRule] = await rulesEngine.processRule( + Gcp_NIST_800_53_38 as Rule, + { ...data } + ) + + // Asserts + expect(processedRule.result).toBe(expectedResult) + } + + test('No Security Issue when there is NO POSTGRES instances', async () => { + const data: NIST3xQueryResponse = getRuleFixture() + const project = data.querygcpProject?.[0] as QuerygcpProject + project.sqlInstances = [] + await testRule(data, Result.PASS) + }) + + test("No Security Issue when all POSTGRES instances have the 'log_min_duration_statement' set to '-1'", async () => { + const data: NIST3xQueryResponse = getRuleFixture() + const project = data.querygcpProject?.[0] as QuerygcpProject + project.sqlInstances.push({ + name: 'test-postgres-instance', + settings: { + databaseFlags: [ + { + name: 'dummy_key', + value: 'on', + }, + { + name: 'log_min_duration_statement', + value: '-1', + }, + ], + }, + }) + await testRule(data, Result.PASS) + }) + + test('Security Issue when the POSTGRES instances have no database flags', async () => { + const data: NIST3xQueryResponse = getRuleFixture() + const project = data.querygcpProject?.[0] as QuerygcpProject + project.sqlInstances[0].settings.databaseFlags = [] + await testRule(data, Result.FAIL) + }) + + test("Security Issue when the POSTGRES instances do NOT have a 'log_min_duration_statement' database flag", async () => { + const data: NIST3xQueryResponse = getRuleFixture() + const project = data.querygcpProject?.[0] as QuerygcpProject + project.sqlInstances[0].settings.databaseFlags = [ + { + name: 'dummy_key', + value: '-1', + }, + ] + await testRule(data, Result.FAIL) + }) + + test("Security Issue when the POSTGRES instances do have a 'log_min_duration_statement' database flag set to '100'", async () => { + const data: NIST3xQueryResponse = getRuleFixture() + const project = data.querygcpProject?.[0] as QuerygcpProject + project.sqlInstances[0].settings.databaseFlags[0].value = '100' + await testRule(data, Result.FAIL) + }) + }) +}) diff --git a/src/gcp/nist-800-53-rev4/tests/nist-800-53-rev4-4.x.test.ts b/src/gcp/nist-800-53-rev4/tests/nist-800-53-rev4-4.x.test.ts new file mode 100644 index 00000000..5c6c9292 --- /dev/null +++ b/src/gcp/nist-800-53-rev4/tests/nist-800-53-rev4-4.x.test.ts @@ -0,0 +1,244 @@ +import cuid from 'cuid' +import CloudGraph, { Rule, Result, Engine } from '@cloudgraph/sdk' + +import Gcp_NIST_800_53_41 from '../rules/gcp-nist-800-53-rev4-4.1' +import Gcp_NIST_800_53_42 from '../rules/gcp-nist-800-53-rev4-4.2' + + +export interface ServiceAccount { + email: string + scopes?: string[] +} + +export interface Label { + value: string +} + +export interface Project { + id: string +} + +export interface MetadataItem { + key: string + value: string +} + +export interface Metadata { + items: MetadataItem[] +} + +export interface DiskEncryptionKey { + sha256: string | null +} + +export interface Disk { + diskEncryptionKey: DiskEncryptionKey | null +} + +export interface AccessConfigs { + natIP: string | null +} + +export interface NetworkInterfaces { + accessConfigs: AccessConfigs[] +} + +export interface ShieldedInstanceConfig { + enableIntegrityMonitoring: boolean + enableVtpm: boolean +} + +export interface ConfidentialInstanceConfig { + enableConfidentialCompute: boolean +} + +export interface QuerygcpVmInstance { + id: string + name?: string + shieldedInstanceConfig?: ShieldedInstanceConfig + confidentialInstanceConfig?: ConfidentialInstanceConfig + networkInterfaces?: NetworkInterfaces[] + canIpForward?: boolean + project?: Project[] + labels?: Label[] + metadata?: Metadata + serviceAccounts?: ServiceAccount[] + disks?: Disk[] +} + +export interface DatabaseFlagsItem { + name: string + value: string | null +} + +export interface AuthorizedNetwork { + value: string +} + +export interface IpConfiguration { + requireSsl?: boolean | null + authorizedNetworks?: AuthorizedNetwork[] +} + +export interface BackupConfiguration { + enabled: boolean | null + startTime: string | null +} + +export interface Settings { + databaseFlags: DatabaseFlagsItem[] + ipConfiguration?: IpConfiguration + backupConfiguration?: BackupConfiguration +} + +export interface IpAddress { + type: string +} + +export interface QuerygcpSqlInstance { + id?: string + name: string + settings: Settings + ipAddresses?: IpAddress[] +} + +export interface NIST4xQueryResponse { + querygcpVmInstance?: QuerygcpVmInstance[] + querygcpSqlInstance?: QuerygcpSqlInstance[] +} + +describe('GCP NIST 800-53: Rev. 4', () => { + let rulesEngine: Engine + beforeAll(() => { + rulesEngine = new CloudGraph.RulesEngine({ providerName: 'gcp', entityName: 'NIST'} ) + }) + + describe('GCP NIST 4.1 Compute instance disks should be encrypted with customer-supplied encryption keys (CSEKs)', () => { + const getTestRuleFixture = (disk: Disk): NIST4xQueryResponse => { + return { + querygcpVmInstance: [ + { + id: cuid(), + name: 'dummy-project-name', + project: [], + labels: [], + serviceAccounts: [], + disks: [disk], + }, + ], + } + } + + const testRule = async ( + data: NIST4xQueryResponse, + expectedResult: Result + ): Promise => { + // Act + const [processedRule] = await rulesEngine.processRule( + Gcp_NIST_800_53_41 as Rule, + { ...data } + ) + + // Asserts + expect(processedRule.result).toBe(expectedResult) + } + + test('No Security Issue when disk has a sha256 key', async () => { + const disk: Disk = { + diskEncryptionKey: { + sha256: 'dummy', + }, + } + + const data: NIST4xQueryResponse = getTestRuleFixture(disk) + await testRule(data, Result.PASS) + }) + + test('Security Issue when disk diskEncryptionKey is null', async () => { + const disk: Disk = { + diskEncryptionKey: null, + } + + const data: NIST4xQueryResponse = getTestRuleFixture(disk) + await testRule(data, Result.FAIL) + }) + + test('Security Issue when disk diskEncryptionKey sha256 is null', async () => { + const disk: Disk = { + diskEncryptionKey: { + sha256: null, + }, + } + + const data: NIST4xQueryResponse = getTestRuleFixture(disk) + await testRule(data, Result.FAIL) + }) + + test('Security Issue when disk diskEncryptionKey sha256 is empty', async () => { + const disk: Disk = { + diskEncryptionKey: { + sha256: '', + }, + } + + const data: NIST4xQueryResponse = getTestRuleFixture(disk) + await testRule(data, Result.FAIL) + }) + }) + + describe('GCP CIS 6.4 Ensure that the Cloud SQL database instance requires all incoming connections to use SSL', () => { + const getRuleFixture = (): NIST4xQueryResponse => { + return { + querygcpSqlInstance: [ + { + id: cuid(), + name: 'test-sql-instance', + settings: { + ipConfiguration: { + requireSsl: true, + }, + databaseFlags: [], + }, + }, + ], + } + } + + const testRule = async ( + data: NIST4xQueryResponse, + expectedResult: Result + ): Promise => { + // Act + const [processedRule] = await rulesEngine.processRule( + Gcp_NIST_800_53_42 as Rule, + { ...data } + ) + + // Asserts + expect(processedRule.result).toBe(expectedResult) + } + + test('No Security Issue when requireSsl is set to true', async () => { + const data: NIST4xQueryResponse = getRuleFixture() + await testRule(data, Result.PASS) + }) + + test('Security Issue when requireSsl is set to false', async () => { + const data: NIST4xQueryResponse = getRuleFixture() + const sqlInstance = data.querygcpSqlInstance?.[0] as QuerygcpSqlInstance + const ipConfiguration = sqlInstance.settings + .ipConfiguration as IpConfiguration + ipConfiguration.requireSsl = false + await testRule(data, Result.FAIL) + }) + + test('Security Issue when requireSsl is set to null', async () => { + const data: NIST4xQueryResponse = getRuleFixture() + const sqlInstance = data.querygcpSqlInstance?.[0] as QuerygcpSqlInstance + const ipConfiguration = sqlInstance.settings + .ipConfiguration as IpConfiguration + ipConfiguration.requireSsl = null + await testRule(data, Result.FAIL) + }) + }) +}) diff --git a/src/gcp/nist-800-53-rev4/tests/nist-800-53-rev4.test.ts b/src/gcp/nist-800-53-rev4/tests/nist-800-53-rev4.test.ts deleted file mode 100644 index 03166c72..00000000 --- a/src/gcp/nist-800-53-rev4/tests/nist-800-53-rev4.test.ts +++ /dev/null @@ -1,18 +0,0 @@ -import CloudGraph, { Rule, Result, Engine } from '@cloudgraph/sdk' - -describe('GCP NIST 800-53: Rev. 4', () => { - let rulesEngine: Engine - beforeAll(() => { - rulesEngine = new CloudGraph.RulesEngine({ - providerName: 'gcp', - entityName: 'NIST', - }) - }) - - // TODO: Change once we have real checks - describe('Dummy Check', () => { - test('Dummy Test', async () => { - expect('PASS').toBe(Result.PASS) - }) - }) -}) From 5600bb5c30a8eb7c4a9d5969bc68a1753e791add Mon Sep 17 00:00:00 2001 From: "mariano.pizarro" Date: Fri, 20 May 2022 17:56:51 -0300 Subject: [PATCH 26/30] feat(checks): Support GCP NIST Monitoring and Alerting, Network Access Rules, Network Best Practices and Using Updated Policies and Frameworks --- src/gcp/nist-800-53-rev4/README.md | 22 +- .../rules/gcp-nist-800-53-rev4-5.1.ts | 153 +++ .../rules/gcp-nist-800-53-rev4-5.2.ts | 139 +++ .../rules/gcp-nist-800-53-rev4-5.3.ts | 145 +++ .../rules/gcp-nist-800-53-rev4-5.4.ts | 137 +++ .../rules/gcp-nist-800-53-rev4-5.5.ts | 137 +++ .../rules/gcp-nist-800-53-rev4-5.6.ts | 153 +++ .../rules/gcp-nist-800-53-rev4-5.7.ts | 143 +++ .../rules/gcp-nist-800-53-rev4-5.8.ts | 118 +++ .../rules/gcp-nist-800-53-rev4-6.1.ts | 82 ++ .../rules/gcp-nist-800-53-rev4-6.2.ts | 130 +++ .../rules/gcp-nist-800-53-rev4-6.3.ts | 129 +++ .../rules/gcp-nist-800-53-rev4-6.4.ts | 200 ++++ .../rules/gcp-nist-800-53-rev4-6.5.ts | 63 ++ src/gcp/nist-800-53-rev4/rules/index.ts | 28 +- .../tests/nist-800-53-rev4-5.x.test.ts | 888 ++++++++++++++++++ .../tests/nist-800-53-rev4-6.x.test.ts | 595 ++++++++++++ 17 files changed, 3255 insertions(+), 7 deletions(-) create mode 100644 src/gcp/nist-800-53-rev4/rules/gcp-nist-800-53-rev4-5.1.ts create mode 100644 src/gcp/nist-800-53-rev4/rules/gcp-nist-800-53-rev4-5.2.ts create mode 100644 src/gcp/nist-800-53-rev4/rules/gcp-nist-800-53-rev4-5.3.ts create mode 100644 src/gcp/nist-800-53-rev4/rules/gcp-nist-800-53-rev4-5.4.ts create mode 100644 src/gcp/nist-800-53-rev4/rules/gcp-nist-800-53-rev4-5.5.ts create mode 100644 src/gcp/nist-800-53-rev4/rules/gcp-nist-800-53-rev4-5.6.ts create mode 100644 src/gcp/nist-800-53-rev4/rules/gcp-nist-800-53-rev4-5.7.ts create mode 100644 src/gcp/nist-800-53-rev4/rules/gcp-nist-800-53-rev4-5.8.ts create mode 100644 src/gcp/nist-800-53-rev4/rules/gcp-nist-800-53-rev4-6.1.ts create mode 100644 src/gcp/nist-800-53-rev4/rules/gcp-nist-800-53-rev4-6.2.ts create mode 100644 src/gcp/nist-800-53-rev4/rules/gcp-nist-800-53-rev4-6.3.ts create mode 100644 src/gcp/nist-800-53-rev4/rules/gcp-nist-800-53-rev4-6.4.ts create mode 100644 src/gcp/nist-800-53-rev4/rules/gcp-nist-800-53-rev4-6.5.ts create mode 100644 src/gcp/nist-800-53-rev4/tests/nist-800-53-rev4-5.x.test.ts create mode 100644 src/gcp/nist-800-53-rev4/tests/nist-800-53-rev4-6.x.test.ts diff --git a/src/gcp/nist-800-53-rev4/README.md b/src/gcp/nist-800-53-rev4/README.md index e784b489..cbb88eb7 100644 --- a/src/gcp/nist-800-53-rev4/README.md +++ b/src/gcp/nist-800-53-rev4/README.md @@ -51,10 +51,20 @@ Policy Pack based on the [800-53 Rev. 4](https://csrc.nist.gov/publications/deta } ``` - + +| Rule | Description | +| ------------- | ---------------------------------------------------------------------------------------------------------------------------------- | +| GCP NIST 5.1 | Logging metric filter and alert for project ownership assignments/changes should be configured | +| GCP NIST 5.2 | Logging metric filter and alert for audit configuration changes should be configured | +| GCP NIST 5.3 | Logging metric filter and alert for Custom Role changes should be configured | +| GCP NIST 5.4 | Logging metric filter and alert for network firewall rule changes should be configured | +| GCP NIST 5.5 | Logging metric filter and alert for network route changes should be configured | +| GCP NIST 5.6 | Logging metric filter and alert for network changes should be configured | +| GCP NIST 5.7 | Logging metric filter and alert for SQL instance configuration changes should be configured | +| GCP NIST 5.8 | Logging storage bucket retention policies and Bucket Lock should be configured | +| GCP NIST 6.1 | The default network for a project should be deleted | +| GCP NIST 6.2 | Network firewall rules should not permit ingress from 0.0.0.0/0 to port 22 (SSH) | +| GCP NIST 6.3 | Network firewall rules should not permit ingress from 0.0.0.0/0 to port 3389 (RDP) | +| GCP NIST 6.4 | Load balancer HTTPS or SSL proxy SSL policies should not have weak cipher suites | +| GCP NIST 6.5 | Compute instances "IP forwarding" should not be enabled | diff --git a/src/gcp/nist-800-53-rev4/rules/gcp-nist-800-53-rev4-5.1.ts b/src/gcp/nist-800-53-rev4/rules/gcp-nist-800-53-rev4-5.1.ts new file mode 100644 index 00000000..b02de247 --- /dev/null +++ b/src/gcp/nist-800-53-rev4/rules/gcp-nist-800-53-rev4-5.1.ts @@ -0,0 +1,153 @@ +const filterPatternRegex = + /\s*\(\s*protoPayload.serviceName\s*=\s*"cloudresourcemanager.googleapis.com"\s*\)\s*AND\s*\(\s*ProjectOwnership\s*OR\s*projectOwnerInvitee\s*\)\s*OR\s*\(\s*protoPayload.serviceData.policyDelta.bindingDeltas.action\s*=\s*"REMOVE"\s*AND\s*protoPayload.serviceData.policyDelta.bindingDeltas.role\s*=\s*"roles\/owner"\s*\)\s*OR\s*\(\s*protoPayload.serviceData.policyDelta.bindingDeltas.action\s*=\s*"ADD"\s*AND\s*protoPayload.serviceData.policyDelta.bindingDeltas.role\s*=\s*"roles\/owner"\s*\)\s*/ + +// GCP CIS 1.2.0 Rule equivalent 2.4 +export default { + id: 'gcp-nist-800-53-rev4-5.1', + title: + 'GCP NIST 5.1 Logging metric filter and alert for project ownership assignments/changes should be configured', + description: `In order to prevent unnecessary project ownership assignments to users/service-accounts + and further misuses of projects and resources, all roles/Owner assignments should be + monitored.`, + audit: `**From Console: + Ensure that the prescribed log metric is present:** + + 1. Go to *Logging/Log-based Metrics* by visiting https://console.cloud.google.com/logs/metrics. + 2. In the User-defined Metrics section, ensure that at least one metric ** is present with filter text: + + (protoPayload.serviceName="cloudresourcemanager.googleapis.com") + AND (ProjectOwnership OR projectOwnerInvitee) + OR (protoPayload.serviceData.policyDelta.bindingDeltas.action="REMOVE" + AND protoPayload.serviceData.policyDelta.bindingDeltas.role="roles/owner") + OR (protoPayload.serviceData.policyDelta.bindingDeltas.action="ADD" + AND protoPayload.serviceData.policyDelta.bindingDeltas.role="roles/owner") + + **Ensure that the prescribed Alerting Policy is present:** + + 3. Go to *Alerting* by visiting https://console.cloud.google.com/monitoring/alerting. + 4. Under the Policies section, ensure that at least one alert policy exists for the log metric above. Clicking on the policy should show that it is configured with a condition. For example, *Violates when: Any logging.googleapis.com/user/ stream is above a threshold of zero(0) for greater than zero(0) seconds* means that the alert will trigger for any new owner change. Verify that the chosen alerting thresholds make sense for your organization. + 5. Ensure that the appropriate notifications channels have been set up. + + **From Command Line: + Ensure that the prescribed log metric is present:** + + + 1. List the log metrics: + + gcloud beta logging metrics list --format json + + 2. Ensure that the output contains at least one metric with filter set to: + + (protoPayload.serviceName="cloudresourcemanager.googleapis.com") + AND (ProjectOwnership OR projectOwnerInvitee) + OR (protoPayload.serviceData.policyDelta.bindingDeltas.action="REMOVE" + AND protoPayload.serviceData.policyDelta.bindingDeltas.role="roles/owner") + OR (protoPayload.serviceData.policyDelta.bindingDeltas.action="ADD" + AND protoPayload.serviceData.policyDelta.bindingDeltas.role="roles/owner") + + 3. Note the value of the property *metricDescriptor.type* for the identified metric, in the format *logging.googleapis.com/user/*. + + **Ensure that the prescribed alerting policy is present:** + + 4. List the alerting policies: + + gcloud alpha monitoring policies list --format json + + 5. Ensure that the output contains an least one alert policy where: + + + - conditions.conditionThreshold.filter is set to *metric.type=\\"logging.googleapis.com/user/\\"* + - AND *enabled* is set to *true*`, + rationale: `Project ownership has the highest level of privileges on a project. To avoid misuse of project resources, the project ownership assignment/change actions mentioned above should be monitored and alerted to concerned recipients. + + - Sending project ownership invites + - Acceptance/Rejection of project ownership invite by user + - Adding 'role\\Owner' to a user/service-account + - Removing a user/Service account from 'role\\Owner'`, + remediation: `**From Console: + Create the prescribed log metric:** + + 1. Go to *Logging/Logs-based Metrics* by visiting https://console.cloud.google.com/logs/metrics and click "CREATE METRIC". + 2. Click the down arrow symbol on the *Filter Bar* at the rightmost corner and select *Convert to Advanced Filter*. + 3. Clear any text and add: + + (protoPayload.serviceName="cloudresourcemanager.googleapis.com") + AND (ProjectOwnership OR projectOwnerInvitee) + OR (protoPayload.serviceData.policyDelta.bindingDeltas.action="REMOVE" + AND protoPayload.serviceData.policyDelta.bindingDeltas.role="roles/owner") + OR (protoPayload.serviceData.policyDelta.bindingDeltas.action="ADD" + AND protoPayload.serviceData.policyDelta.bindingDeltas.role="roles/owner") + + 4. Click *Submit Filter*. The logs display based on the filter text entered by the user. + 5. In the *Metric Editor* menu on the right, fill out the name field. Set *Units* to **1** (default) and the *Type* to *Counter*. This ensures that the log metric counts the number of log entries matching the advanced logs query. + 6. Click *Create Metric*. + + **Create the display prescribed Alert Policy:** + + 1. Identify the newly created metric under the section *User-defined Metrics* at https://console.cloud.google.com/logs/metrics. + 2. Click the 3-dot icon in the rightmost column for the desired metric and select *Create alert from Metric*. A new page opens. + 3. Fill out the alert policy configuration and click *Save*. Choose the alerting threshold and configuration that makes sense for the user's organization. For example, a threshold of zero(0) for the most recent value will ensure that a notification is triggered for every owner change in the project: + + Set 'Aggregator' to 'Count' + + Set 'Configuration': + + - Condition: above + + - Threshold: 0 + + - For: most recent value + + 4. Configure the desired notifications channels in the section *Notifications*. + 5. Name the policy and click *Save*. + + **From Command Line:** + Create a prescribed Log Metric: + + + - Use the command: gcloud beta logging metrics create + - Reference for Command Usage: https://cloud.google.com/sdk/gcloud/reference/beta/logging/metrics/create + + Create prescribed Alert Policy + + - Use the command: gcloud alpha monitoring policies create + - Reference for Command Usage: https://cloud.google.com/sdk/gcloud/reference/alpha/monitoring/policies/create`, + references: [ + 'https://cloud.google.com/logging/docs/logs-based-metrics/', + 'https://cloud.google.com/monitoring/custom-metrics/', + 'https://cloud.google.com/monitoring/alerts/', + 'https://cloud.google.com/logging/docs/reference/tools/gcloud-logging', + ], + gql: `{ + querygcpAlertPolicy { + id + __typename + enabled { + value + } + project { + logMetrics { + filter + } + } + } + }`, + resource: 'querygcpAlertPolicy[*]', + severity: 'high', + conditions: { + and: [ + { + path: '@.enabled.value', + equal: true, + }, + { + path: '@.project', + jq: '[.[].logMetrics[] | select( "logging.googleapis.com/user/" + .name == .metricDescriptor.type)]', + array_any: { + path: '[*].filter', + match: filterPatternRegex, + }, + }, + ], + }, +} diff --git a/src/gcp/nist-800-53-rev4/rules/gcp-nist-800-53-rev4-5.2.ts b/src/gcp/nist-800-53-rev4/rules/gcp-nist-800-53-rev4-5.2.ts new file mode 100644 index 00000000..0fef551b --- /dev/null +++ b/src/gcp/nist-800-53-rev4/rules/gcp-nist-800-53-rev4-5.2.ts @@ -0,0 +1,139 @@ +const filterPatternRegex = + /\s*protoPayload.methodName\s*=\s*"SetIamPolicy"\s*AND\s*protoPayload.serviceData.policyDelta.auditConfigDeltas:*\s*/ + +// GCP CIS 1.2.0 Rule equivalent 2.5 +export default { + id: 'gcp-nist-800-53-rev4-5.2', + title: + 'GCP NIST 5.2 Logging metric filter and alert for audit configuration changes should be configured', + description: `Google Cloud Platform (GCP) services write audit log entries to the Admin Activity and Data + Access logs to help answer the questions of, "who did what, where, and when?" within GCP + projects. + + Cloud audit logging records information includes the identity of the API caller, the time of + the API call, the source IP address of the API caller, the request parameters, and the + response elements returned by GCP services. Cloud audit logging provides a history of GCP + API calls for an account, including API calls made via the console, SDKs, command-line + tools, and other GCP services.`, + audit: `**From Console: + Ensure the prescribed log metric is present:** + + 1. Go to *Logging/Logs-based Metrics* by visiting https://console.cloud.google.com/logs/metrics. + 2. In the *User-defined Metrics* section, ensure that at least one metric ** is present with the filter text: + + protoPayload.methodName="SetIamPolicy" AND protoPayload.serviceData.policyDelta.auditConfigDeltas:* + + **Ensure that the prescribed alerting policy is present:** + + 3. Go to Alerting by visiting https://console.cloud.google.com/monitoring/alerting. + 4. Under the Policies section, ensure that at least one alert policy exists for the log metric above. Clicking on the policy should show that it is configured with a condition. For example, *Violates when: Any logging.googleapis.com/user/ stream is above a threshold of 0 for greater than zero(0) seconds*, means that the alert will trigger for any new owner change. Verify that the chosen alerting thresholds make sense for the user's organization. + 5. Ensure that appropriate notifications channels have been set up. + + **From Command Line: + Ensure that the prescribed log metric is present:** + + 1. List the log metrics: + + gcloud beta logging metrics list --format json + + 2. Ensure that the output contains at least one metric with the filter set to: + + protoPayload.methodName="SetIamPolicy" AND protoPayload.serviceData.policyDelta.auditConfigDeltas:* + + 3. Note the value of the property *metricDescriptor.type* for the identified metric, in the format *logging.googleapis.com/user/*. + + **Ensure that the prescribed alerting policy is present:** + + 4. List the alerting policies: + + gcloud alpha monitoring policies list --format json + + 5. Ensure that the output contains at least one alert policy where: + + - *conditions.conditionThreshold.filter* is set to *metric.type=\"logging.googleapis.com/user/\"* + - AND *enabled* is set to *true*`, + rationale: `Admin activity and data access logs produced by cloud audit logging enable security analysis, resource change tracking, and compliance auditing. + + Configuring the metric filter and alerts for audit configuration changes ensures the recommended state of audit configuration is maintained so that all activities in the project are audit-able at any point in time.`, + remediation: `**From Console: + Create the prescribed log metric:** + + 1. Go to *Logging/Logs-based Metrics* by visiting https://console.cloud.google.com/logs/metrics and click "CREATE METRIC". + 2. Click the down arrow symbol on the *Filter Bar* at the rightmost corner and select *Convert to Advanced Filter*. + 3. Clear any text and add: + + protoPayload.methodName="SetIamPolicy" AND protoPayload.serviceData.policyDelta.auditConfigDeltas:* + + 4. Click *Submit Filter*. Display logs appear based on the filter text entered by the user. + 5. In the *Metric Editor* menu on the right, fill out the name field. Set *Units* to *1* (default) and *Type* to *Counter*. This will ensure that the log metric counts the number of log entries matching the user's advanced logs query. + 6. Click *Create Metric*. + + **Create a prescribed Alert Policy:** + + 1. Identify the new metric the user just created, under the section *User-defined Metrics* at https://console.cloud.google.com/logs/metrics. + 2. Click the 3-dot icon in the rightmost column for the new metric and select *Create alert from Metric*. A new page opens. + 3. Fill out the alert policy configuration and click *Save*. Choose the alerting threshold and configuration that makes sense for the organization. For example, a threshold of zero(0) for the most recent value will ensure that a notification is triggered for every owner change in the project: + + Set 'Aggregator' to 'Count' + + Set 'Configuration': + + - Condition: above + + - Threshold: 0 + + - For: most recent value + + 4. Configure the desired notifications channels in the section *Notifications*. + 5. Name the policy and click *Save*. + + **From Command Line:** + Create a prescribed Log Metric: + + - Use the command: *gcloud beta logging metrics create* + - Reference for command usage: https://cloud.google.com/sdk/gcloud/reference/beta/logging/metrics/create + + + Create prescribed Alert Policy + - Use the command: *gcloud alpha monitoring policies create* + - Reference for command usage: https://cloud.google.com/sdk/gcloud/reference/alpha/monitoring/policies/create`, + references: [ + `https://cloud.google.com/logging/docs/logs-based-metrics/`, + `https://cloud.google.com/monitoring/custom-metrics/`, + `https://cloud.google.com/monitoring/alerts/`, + `https://cloud.google.com/logging/docs/reference/tools/gcloud-logging`, + `https://cloud.google.com/logging/docs/audit/configure-data-access#getiampolicy-setiampolicy`, + ], + gql: `{ + querygcpAlertPolicy { + id + __typename + enabled { + value + } + project { + logMetrics { + filter + } + } + } + }`, + resource: 'querygcpAlertPolicy[*]', + severity: 'medium', + conditions: { + and: [ + { + path: '@.enabled.value', + equal: true, + }, + { + path: '@.project', + jq: '[.[].logMetrics[] | select( "logging.googleapis.com/user/" + .name == .metricDescriptor.type)]', + array_any: { + path: '[*].filter', + match: filterPatternRegex, + }, + }, + ], + }, +} diff --git a/src/gcp/nist-800-53-rev4/rules/gcp-nist-800-53-rev4-5.3.ts b/src/gcp/nist-800-53-rev4/rules/gcp-nist-800-53-rev4-5.3.ts new file mode 100644 index 00000000..650cd8b1 --- /dev/null +++ b/src/gcp/nist-800-53-rev4/rules/gcp-nist-800-53-rev4-5.3.ts @@ -0,0 +1,145 @@ +const filterPatternRegex = + /\s*resource.type\s*=\s*"iam_role"\s*AND\s*protoPayload.methodName\s*=\s*"google.iam.admin.v1.CreateRole"\s*OR\s*protoPayload.methodName\s*=\s*"google.iam.admin.v1.DeleteRole"\s*OR\s*protoPayload.methodName\s*=\s*"google.iam.admin.v1.UpdateRole"\s*/ + +// GCP CIS 1.2.0 Rule equivalent 2.6 +export default { + id: 'gcp-nist-800-53-rev4-5.3', + title: + 'GCP NIST 5.3 Logging metric filter and alert for Custom Role changes should be configured', + description: `It is recommended that a metric filter and alarm be established for changes to Identity and + Access Management (IAM) role creation, deletion and updating activities.`, + audit: `**From Console: + Ensure that the prescribed log metric is present:** + + 1. Go to *Logging/Logs-based Metrics* by visiting https://console.cloud.google.com/logs/metrics. + 2. In the *User-defined Metrics* section, ensure that at least one metric ** is present with filter text: + + resource.type="iam_role" + AND protoPayload.methodName = "google.iam.admin.v1.CreateRole" + OR protoPayload.methodName="google.iam.admin.v1.DeleteRole" + OR protoPayload.methodName="google.iam.admin.v1.UpdateRole" + + **Ensure that the prescribed alerting policy is present:** + + 3. Go to Alerting by visiting https://console.cloud.google.com/monitoring/alerting. + + 4. Under the *Policies* section, ensure that at least one alert policy exists for the log metric above. Clicking on the policy should show that it is configured with a condition. For example, *Violates when: Any logging.googleapis.com/user/ stream is above a threshold of zero(0) for greater than zero(0) seconds* means that the alert will trigger for any new owner change. Verify that the chosen alerting thresholds make sense for the user's organization. + 5. Ensure that the appropriate notifications channels have been set up. + + **From Command Line: + Ensure that the prescribed log metric is present:** + + 1. List the log metrics: + + gcloud beta logging metrics list --format json + + 2. Ensure that the output contains at least one metric with the filter set to: + + resource.type="iam_role" AND protoPayload.methodName = "google.iam.admin.v1.CreateRole" OR protoPayload.methodName="google.iam.admin.v1.DeleteRole" OR protoPayload.methodName="google.iam.admin.v1.UpdateRole" + + 3. Note the value of the property *metricDescriptor.type* for the identified metric, in the format *logging.googleapis.com/user/*. + + **Ensure that the prescribed alerting policy is present:** + + 4. List the alerting policies: + + gcloud alpha monitoring policies list --format json + + 5. Ensure that the output contains an least one alert policy where: + + - *conditions.conditionThreshold.filter* is set to *metric.type=\\"logging.googleapis.com/user/\\"* + - AND *enabled* is set to *true*.`, + rationale: 'Google Cloud IAM provides predefined roles that give granular access to specific Google Cloud Platform resources and prevent unwanted access to other resources. However, to cater to organization-specific needs, Cloud IAM also provides the ability to create custom roles. Project owners and administrators with the Organization Role Administrator role or the IAM Role Administrator role can create custom roles. Monitoring role creation, deletion and updating activities will help in identifying any over-privileged role at early stages.', + remediation: `**From Console: + Create the prescribed log metric:** + + 1. Go to *Logging/Logs-based Metrics* by visiting https://console.cloud.google.com/logs/metrics and click "CREATE METRIC". + 2. Click the down arrow symbol on the *Filter Bar* at the rightmost corner and select *Convert to Advanced Filter*. + + 3. Clear any text and add: + + resource.type="iam_role" + AND protoPayload.methodName = "google.iam.admin.v1.CreateRole" OR protoPayload.methodName="google.iam.admin.v1.DeleteRole" + OR protoPayload.methodName="google.iam.admin.v1.UpdateRole" + + 4. Click *Submit Filter*. Display logs appear based on the filter text entered by the + user. + 5. In the *Metric Editor* menu on the right, fill out the name field. Set *Units* to *1* + (default) and *Type* to *Counter*. This ensures that the log metric counts the number of + log entries matching the advanced logs query. + 6. Click *Create Metric*. + + **Create a prescribed Alert Policy:** + + 1. Identify the new metric that was just created under the section *User-defined + Metrics* at https://console.cloud.google.com/logs/metrics. + 2. Click the 3-dot icon in the rightmost column for the metric and select *Create alert + from Metric*. A new page displays. + 3. Fill out the alert policy configuration and click *Save*. Choose the alerting threshold + and configuration that makes sense for the user's organization. For example, a + threshold of zero(0) for the most recent value ensures that a notification is triggered + for every owner change in the project: + + Set 'Aggregator' to 'Count' + + Set 'Configuration': + + - Condition: above + + - Threshold: 0 + + - For: most recent value + + 4. Configure the desired notification channels in the section *Notifications*. + 5. Name the policy and click *Save*. + + **From Command Line:** + Create the prescribed Log Metric: + + - Use the command: *gcloud beta logging metrics create* + - Reference for command usage: https://cloud.google.com/sdk/gcloud/reference/beta/logging/metrics/create + + Create the prescribed Alert Policy: + + - Use the command: *gcloud alpha monitoring policies create* + - Reference for command usage: https://cloud.google.com/sdk/gcloud/reference/alpha/monitoring/policies/create`, + references: [ + 'https://cloud.google.com/logging/docs/logs-based-metrics/', + 'https://cloud.google.com/monitoring/custom-metrics/', + 'https://cloud.google.com/monitoring/alerts/', + 'https://cloud.google.com/logging/docs/reference/tools/gcloud-logging', + 'https://cloud.google.com/iam/docs/understanding-custom-roles', + ], + gql: `{ + querygcpAlertPolicy { + id + __typename + enabled { + value + } + project { + logMetrics { + filter + } + } + } + }`, + resource: 'querygcpAlertPolicy[*]', + severity: 'medium', + conditions: { + and: [ + { + path: '@.enabled.value', + equal: true, + }, + { + path: '@.project', + jq: '[.[].logMetrics[] | select( "logging.googleapis.com/user/" + .name == .metricDescriptor.type)]', + array_any: { + path: '[*].filter', + match: filterPatternRegex, + }, + }, + ], + }, +} diff --git a/src/gcp/nist-800-53-rev4/rules/gcp-nist-800-53-rev4-5.4.ts b/src/gcp/nist-800-53-rev4/rules/gcp-nist-800-53-rev4-5.4.ts new file mode 100644 index 00000000..6ad34330 --- /dev/null +++ b/src/gcp/nist-800-53-rev4/rules/gcp-nist-800-53-rev4-5.4.ts @@ -0,0 +1,137 @@ +const filterPatternRegex = + /\s*resource.type\s*=\s*"gce_firewall_rule"\s*AND\s*protoPayload.methodName\s*=\s*"v1.compute.firewalls.patch"\s*OR\s*protoPayload.methodName\s*=\s*"v1.compute.firewalls.insert"\s*/ + +// GCP CIS 1.2.0 Rule equivalent 2.7 +export default { + id: 'gcp-nist-800-53-rev4-5.4', + title: + 'GCP NIST 5.4 Logging metric filter and alert for network firewall rule changes should be configured', + description: `It is recommended that a metric filter and alarm be established for changes to Identity and + Access Management (IAM) role creation, deletion and updating activities.`, + audit: `**From Console: + Ensure that the prescribed log metric is present:** + + 1. Go to *Logging/Logs-based Metrics* by visiting https://console.cloud.google.com/logs/metrics. + 2. In the *User-defined Metrics* section, ensure at least one metric ** is present with this filter text: + + resource.type="gce_firewall_rule" AND protoPayload.methodName="v1.compute.firewalls.patch" OR protoPayload.methodName="v1.compute.firewalls.insert" + + **Ensure that the prescribed alerting policy is present:** + + 3. Go to *Alerting* by visiting https://console.cloud.google.com/monitoring/alerting. + 4. Under the *Policies* section, ensure that at least one alert policy exists for the log metric above. Clicking on the policy should show that it is configured with a condition. For example, *Violates when: Any logging.googleapis.com/user/ stream is above a threshold of zero(0) for greater than zero(0) seconds* means that the alert will trigger for any new owner change. Verify that the chosen alerting thresholds make sense for the user's organization. + 5. Ensure that appropriate notification channels have been set up. + + + **From Command Line: + Ensure that the prescribed log metric is present:** + + 1. List the log metrics: + + gcloud beta logging metrics list --format json + + 2. Ensure that the output contains at least one metric with the filter set to: + + resource.type="gce_firewall_rule" AND protoPayload.methodName="v1.compute.firewalls.patch" OR protoPayload.methodName="v1.compute.firewalls.insert" + + 3. Note the value of the property *metricDescriptor.type* for the identified metric, in the format *logging.googleapis.com/user/*. + + **Ensure that the prescribed alerting policy is present:** + + 4. List the alerting policies: + + gcloud alpha monitoring policies list --format json + + 5. Ensure that the output contains an least one alert policy where: + + - *conditions.conditionThreshold.filter* is set to *metric.type=\\"logging.googleapis.com/user/\\"* + - AND *enabled* is set to *true* + `, + rationale: 'Monitoring for Create or Update Firewall rule events gives insight to network access changes and may reduce the time it takes to detect suspicious activity.', + remediation: ` + **From Console: + Create the prescribed log metric:** + + 1. Go to *Logging/Logs-based* Metrics by visiting https://console.cloud.google.com/logs/metrics and click "CREATE METRIC". + 2. Click the down arrow symbol on the *Filter Ba*r at the rightmost corner and select *Convert to Advanced Filter*. + 3. Clear any text and add: + + resource.type="gce_firewall_rule" AND protoPayload.methodName="v1.compute.firewalls.patch" OR protoPayload.methodName="v1.compute.firewalls.insert" + + + 4. Click *Submit Filter*. Display logs appear based on the filter text entered by the user. + 5. In the *Metric Editor* menu on the right, fill out the name field. Set *Units* to *1* (default) and *Type* to *Counter*. This ensures that the log metric counts the number of log entries matching the advanced logs query. + 6. Click *Create Metric*. + + **Create the prescribed Alert Policy:** + + 1. Identify the newly created metric under the section *User-defined Metrics* at https://console.cloud.google.com/logs/metrics. + 2. Click the 3-dot icon in the rightmost column for the new metric and select **Create alert from Metric**. A new page displays. + 3. Fill out the alert policy configuration and click *Save*. Choose the alerting threshold and configuration that makes sense for the user's organization. For example, a threshold of zero(0) for the most recent value ensures that a notification is triggered for every owner change in the project: + + Set "Aggregator" to "Count" + + Set "Configuration": + + - Condition: above + + - Threshold: 0 + + - For: most recent value + + 4. Configure the desired notifications channels in the section *Notifications*. + 5. Name the policy and click *Save*. + + **From Command Line:** + Create the prescribed Log Metric + + + - Use the command: *gcloud beta logging metrics create* + - Reference for command usage: https://cloud.google.com/sdk/gcloud/reference/beta/logging/metrics/create + + Create the prescribed alert policy: + + + - Use the command: *gcloud alpha monitoring policies create* + - Reference for command usage: https://cloud.google.com/sdk/gcloud/reference/alpha/monitoring/policies/create + `, + references: [ + 'https://cloud.google.com/logging/docs/logs-based-metrics/', + 'https://cloud.google.com/monitoring/custom-metrics/', + 'https://cloud.google.com/monitoring/alerts/', + 'https://cloud.google.com/logging/docs/reference/tools/gcloud-logging', + 'https://cloud.google.com/vpc/docs/firewalls', + ], + gql: `{ + querygcpAlertPolicy { + id + __typename + enabled { + value + } + project { + logMetrics { + filter + } + } + } + }`, + resource: 'querygcpAlertPolicy[*]', + severity: 'medium', + conditions: { + and: [ + { + path: '@.enabled.value', + equal: true, + }, + { + path: '@.project', + jq: '[.[].logMetrics[] | select( "logging.googleapis.com/user/" + .name == .metricDescriptor.type)]', + array_any: { + path: '[*].filter', + match: filterPatternRegex, + }, + }, + ], + }, +} diff --git a/src/gcp/nist-800-53-rev4/rules/gcp-nist-800-53-rev4-5.5.ts b/src/gcp/nist-800-53-rev4/rules/gcp-nist-800-53-rev4-5.5.ts new file mode 100644 index 00000000..4a52eb0e --- /dev/null +++ b/src/gcp/nist-800-53-rev4/rules/gcp-nist-800-53-rev4-5.5.ts @@ -0,0 +1,137 @@ +const filterPatternRegex = + /\s*resource.type\s*=\s*"gce_route"\s*AND\s*protoPayload.methodName\s*=\s*"beta.compute.routes.patch"\s*OR\s*protoPayload.methodName\s*=\s*"beta.compute.routes.insert"\s*/ + +// GCP CIS 1.2.0 Rule equivalent 2.8 +export default { + id: 'gcp-nist-800-53-rev4-5.5', + title: + 'GCP NIST 5.5 Logging metric filter and alert for network route changes should be configured', + description: `It is recommended that a metric filter and alarm be established for Virtual Private Cloud + (VPC) network route changes.`, + audit: `**From Console: + Ensure that the prescribed Log metric is present:** + + 1. Go to *Logging/Logs-based Metrics* by visiting https://console.cloud.google.com/logs/metrics. + 2. In the *User-defined Metrics* section, ensure that at least one metric ** is present with the filter text: + + resource.type="gce_route" AND protoPayload.methodName="beta.compute.routes.patch" OR protoPayload.methodName="beta.compute.routes.insert" + + **Ensure the prescribed alerting policy is present:** + + 3. Go to *Alerting* by visiting: https://console.cloud.google.com/monitoring/alerting. + 4. Under the *Policies* section, ensure that at least one alert policy exists for the log metric above. Clicking on the policy should show that it is configured with a condition. For example, *Violates when: Any logging.googleapis.com/user/ stream is above a threshold of 0 for greater than zero(0) seconds* means that the alert will trigger for any new owner change. Verify that the chosen alert thresholds make sense for the user's organization. + 5. Ensure that the appropriate notification channels have been set up. + + **From Command Line: + Ensure the prescribed log metric is present:** + + 1. List the log metrics: + + gcloud beta logging metrics list --format json + + 2. Ensure that the output contains at least one metric with the filter set to: + + resource.type="gce_route" AND protoPayload.methodName="beta.compute.routes.patch" OR protoPayload.methodName="beta.compute.routes.insert" + + 3. Note the value of the property *metricDescriptor.type* for the identified metric, in the format *logging.googleapis.com/user/*. + + **Ensure that the prescribed alerting policy is present:** + + 4. List the alerting policies: + + gcloud alpha monitoring policies list --format json + + 5. Ensure that the output contains an least one alert policy where: + + - *conditions.conditionThreshold.filter* is set to *metric.type=\\"logging.googleapis.com/user/\\"* + - AND *enabled* is set to *true*`, + rationale: `Google Cloud Platform (GCP) routes define the paths network traffic takes from a VM instance to another destination. The other destination can be inside the organization VPC network (such as another VM) or outside of it. Every route consists of a destination and a next hop. Traffic whose destination IP is within the destination range is sent to the next hop for delivery. + + Monitoring changes to route tables will help ensure that all VPC traffic flows through an expected path.`, + remediation: `**From Console: + Create the prescribed Log Metric:** + + 1. Go to *Logging/Logs-based Metrics* by visiting https://console.cloud.google.com/logs/metrics and click "CREATE METRIC". + 2. Click the down arrow symbol on the *Filter Bar* at the rightmost corner and select *Convert to Advanced Filter* + + 3. Clear any text and add: + + resource.type="gce_route" AND protoPayload.methodName="beta.compute.routes.patch" OR protoPayload.methodName="beta.compute.routes.insert" + + 4. Click *Submit Filter*. Display logs appear based on the filter text entered by the user. + 5. In the *Metric Editor* menu on the right, fill out the name field. Set *Units* to *1* (default) and *Type* to *Counter*. This ensures that the log metric counts the number of log entries matching the user's advanced logs query. + 6. Click *Create Metric*. + + **Create the prescribed alert policy:** + + 1. Identify the newly created metric under the section *User-defined Metrics* at https://console.cloud.google.com/logs/metrics. + 2. Click the 3-dot icon in the rightmost column for the new metric and select *Create alert from Metric*. A new page displays. + 3. Fill out the alert policy configuration and click *Save*. Choose the alerting threshold + and configuration that makes sense for the user's organization. For example, a + threshold of zero(0) for the most recent value ensures that a notification is triggered + for every owner change in the project: + + Set "Aggregator" to "Count" + + Set "Configuration": + + - Condition: above + + - Threshold: 0 + + - For: most recent value + + 4. Configure the desired notification channels in the section *Notifications*. + 5. Name the policy and click *Save*. + + **From Command Line:** + Create the prescribed Log Metric: + + + - Use the command: *gcloud beta logging metrics create* + - Reference for command usage: https://cloud.google.com/sdk/gcloud/reference/beta/logging/metrics/create + + Create the prescribed the alert policy: + - Use the command: *gcloud alpha monitoring policies create* + - Reference for command usage: https://cloud.google.com/sdk/gcloud/reference/alpha/monitoring/policies/create + `, + references: [ + 'https://cloud.google.com/logging/docs/logs-based-metrics/', + 'https://cloud.google.com/monitoring/custom-metrics/', + 'https://cloud.google.com/monitoring/alerts/', + 'https://cloud.google.com/logging/docs/reference/tools/gcloud-logging', + 'https://cloud.google.com/storage/docs/access-control/iam', + ], + gql: `{ + querygcpAlertPolicy { + id + __typename + enabled { + value + } + project { + logMetrics { + filter + } + } + } + }`, + resource: 'querygcpAlertPolicy[*]', + severity: 'medium', + conditions: { + and: [ + { + path: '@.enabled.value', + equal: true, + }, + { + path: '@.project', + jq: '[.[].logMetrics[] | select( "logging.googleapis.com/user/" + .name == .metricDescriptor.type)]', + array_any: { + path: '[*].filter', + match: filterPatternRegex, + }, + }, + ], + }, +} diff --git a/src/gcp/nist-800-53-rev4/rules/gcp-nist-800-53-rev4-5.6.ts b/src/gcp/nist-800-53-rev4/rules/gcp-nist-800-53-rev4-5.6.ts new file mode 100644 index 00000000..bd145bbd --- /dev/null +++ b/src/gcp/nist-800-53-rev4/rules/gcp-nist-800-53-rev4-5.6.ts @@ -0,0 +1,153 @@ +const filterPatternRegex = + /\s*resource.type\s*=\s*gce_network\s*AND\s*protoPayload.methodName\s*=\s*"beta.compute.networks.insert"\s*OR\s*protoPayload.methodName\s*=\s*"beta.compute.networks.patch"\s*OR\s*protoPayload.methodName\s*=\s*"v1.compute.networks.delete"\s*OR\s*protoPayload.methodName\s*=\s*"v1.compute.networks.removePeering"\s*OR\s*protoPayload.methodName\s*=\s*"v1.compute.networks.addPeering"\s*/ + +// GCP CIS 1.2.0 Rule equivalent 2.9 +export default { + id: 'gcp-nist-800-53-rev4-5.6', + title: + 'GCP NIST 5.6 Logging metric filter and alert for network changes should be configured', + description: `It is recommended that a metric filter and alarm be established for Virtual Private Cloud + (VPC) network changes.`, + audit: `**From Console: + Ensure the prescribed log metric is present:** + + 1. Go to *Logging/Logs-based Metrics* by visiting https://console.cloud.google.com/logs/metrics. + 2. In the *User-defined Metrics* section, ensure at least one metric ** is present with filter text: + + resource.type=gce_network + AND protoPayload.methodName="beta.compute.networks.insert" + OR protoPayload.methodName="beta.compute.networks.patch" + OR protoPayload.methodName="v1.compute.networks.delete" + OR protoPayload.methodName="v1.compute.networks.removePeering" + OR protoPayload.methodName="v1.compute.networks.addPeering" + + **Ensure the prescribed alerting policy is present:** + + 3. Go to *Alerting* by visiting https://console.cloud.google.com/monitoring/alerting. + + + 4. Under the *Policies* section, ensure that at least one alert policy exists for the log metric above. Clicking on the policy should show that it is configured with a condition. For example, *Violates when: Any logging.googleapis.com/user/ stream is above a threshold of 0 for greater than 0 seconds* means that the alert will trigger for any new owner change. Verify that the chosen alerting thresholds make sense for the user's organization. + 5. Ensure that appropriate notification channels have been set up. + + **From Command Line: + Ensure the log metric is present:** + + 1. List the log metrics: + + gcloud beta logging metrics list --format json + + 2. Ensure that the output contains at least one metric with filter set to: + + resource.type=gce_network + AND protoPayload.methodName="beta.compute.networks.insert" + OR protoPayload.methodName="beta.compute.networks.patch" + OR protoPayload.methodName="v1.compute.networks.delete" + OR protoPayload.methodName="v1.compute.networks.removePeering" + OR protoPayload.methodName="v1.compute.networks.addPeering" + + 3. Note the value of the property *metricDescriptor.type for* the identified metric, in + the format l*ogging.googleapis.com/user/*. + + **Ensure the prescribed alerting policy is present:** + + 4. List the alerting policies: + + gcloud alpha monitoring policies list --format json + + 5. Ensure that the output contains at least one alert policy where: + + - *conditions.conditionThreshold.filter* is set to *metric.type=\\"logging.googleapis.com/user/\\"* + - AND *enabled* is set to *true*`, + rationale: `It is possible to have more than one VPC within a project. In addition, it is also possible to create a peer connection between two VPCs enabling network traffic to route between VPCs. + + Monitoring changes to a VPC will help ensure VPC traffic flow is not getting impacted.`, + remediation: `**From Console: + Create the prescribed log metric:** + + 1. Go to *Logging/Logs-based Metrics* by visiting https://console.cloud.google.com/logs/metrics and click "CREATE METRIC". + 2. Click the down arrow symbol on *Filter Bar* at the rightmost corner and select *Convert to Advanced Filter*. + + 3. Clear any text and add: + + resource.type=gce_network + AND protoPayload.methodName="beta.compute.networks.insert" + OR protoPayload.methodName="beta.compute.networks.patch" + OR protoPayload.methodName="v1.compute.networks.delete" + OR protoPayload.methodName="v1.compute.networks.removePeering" + OR protoPayload.methodName="v1.compute.networks.addPeering" + + 4. Click *Submit Filter*. Display logs appear based on the filter text entered by the user. + 5. In the *Metric Editor* menu on the right, fill out the name field. Set *Units* to *1* + (default) and *Type* to *Counter*. This ensures that the log metric counts the number of + log entries matching the user's advanced logs query. + 6. Click *Create Metric*. + + **Create the prescribed alert policy:** + + 1. Identify the newly created metric under the section *User-defined Metrics* at https://console.cloud.google.com/logs/metrics. + 2. Click the 3-dot icon in the rightmost column for the new metric and select *Create alert from Metric*. A new page appears. + 3. Fill out the alert policy configuration and click *Save*. Choose the alerting threshold and configuration that makes sense for the user's organization. For example, a threshold of 0 for the most recent value will ensure that a notification is triggered for every owner change in the project: + + Set "Aggregator" to "Count" + + Set "Configuration": + + - Condition: above + + - Threshold: 0 + + - For: most recent value + + 4. Configure the desired notification channels in the section *Notifications*. + 5. Name the policy and click *Save*. + + **From Command Line:** + Create the prescribed Log Metric: + + - Use the command: *gcloud beta logging metrics create* + - Reference for command usage: https://cloud.google.com/sdk/gcloud/reference/beta/logging/metrics/create + + Create the prescribed alert policy: + + - Use the command: *gcloud alpha monitoring policies create* + - Reference for command usage: https://cloud.google.com/sdk/gcloud/reference/alpha/monitoring/policies/create`, + references: [ + 'https://cloud.google.com/logging/docs/logs-based-metrics/', + 'https://cloud.google.com/monitoring/custom-metrics/', + 'https://cloud.google.com/monitoring/alerts/', + 'https://cloud.google.com/logging/docs/reference/tools/gcloud-logging', + 'https://cloud.google.com/vpc/docs/overview', + ], + gql: `{ + querygcpAlertPolicy { + id + __typename + enabled { + value + } + project { + logMetrics { + filter + } + } + } + }`, + resource: 'querygcpAlertPolicy[*]', + severity: 'medium', + conditions: { + and: [ + { + path: '@.enabled.value', + equal: true, + }, + { + path: '@.project', + jq: '[.[].logMetrics[] | select( "logging.googleapis.com/user/" + .name == .metricDescriptor.type)]', + array_any: { + path: '[*].filter', + match: filterPatternRegex, + }, + }, + ], + }, +} diff --git a/src/gcp/nist-800-53-rev4/rules/gcp-nist-800-53-rev4-5.7.ts b/src/gcp/nist-800-53-rev4/rules/gcp-nist-800-53-rev4-5.7.ts new file mode 100644 index 00000000..b691e302 --- /dev/null +++ b/src/gcp/nist-800-53-rev4/rules/gcp-nist-800-53-rev4-5.7.ts @@ -0,0 +1,143 @@ +const filterPatternRegex = + /\s*protoPayload.methodName\s*=\s*"cloudsql.instances.update"\s*/ + +// GCP CIS 1.2.0 Rule equivalent 2.11 +export default { + id: 'gcp-nist-800-53-rev4-5.7', + title: + 'GCP NIST 5.7 Logging metric filter and alert for SQL instance configuration changes should be configured', + description: `It is recommended that a metric filter and alarm be established for SQL instance + configuration changes.`, + audit: `**From Console: + Ensure the prescribed log metric is present:** + + 1. For each project that contains Cloud SQL instances, go to L*ogging/Logs-based Metrics* by visiting https://console.cloud.google.com/logs/metrics. + 2. In the *User-defined Metrics* section, ensure that at least one metric ** is present with the filter text: + + protoPayload.methodName="cloudsql.instances.update" + + **Ensure that the prescribed alerting policy is present:** + + 3. Go to *Alerting* by visiting https://console.cloud.google.com/monitoring/alerting. + 4. Under the Pol*i*cies section, ensure that at least one alert policy exists for the log metric above. Clicking on the policy should show that it is configured with a condition. For example, *Violates when: Any logging.googleapis.com/user/ stream is above a threshold of zero(0) for greater than zero(0) seconds* means that the alert will trigger for any new owner change. Verify that the chosen alerting thresholds make sense for the user's organization. + 5. Ensure that the appropriate notifications channels have been set up. + + **From Command Line: + Ensure that the prescribed log metric is present:** + + 1. List the log metrics: + + gcloud beta logging metrics list --format json + + 2. Ensure that the output contains at least one metric with the filter set to + + protoPayload.methodName="cloudsql.instances.update" + + 3. Note the value of the property *metricDescriptor.type* for the identified metric, in the format *logging.googleapis.com/user/*. + + **Ensure that the prescribed alerting policy is present:** + + 4. List the alerting policies: + + gcloud alpha monitoring policies list --format json + + 5. Ensure that the output contains at least one alert policy where: + + - *conditions.conditionThreshold.filter* is set to *metric.type=\\"logging.googleapis.com/user/\\"* + - AND *enabled* is set to *true*`, + rationale: `Monitoring changes to SQL instance configuration changes may reduce the time needed to detect and correct misconfigurations done on the SQL server. + + Below are a few of the configurable options which may the impact security posture of an SQL instance: + + - Enable auto backups and high availability: Misconfiguration may adversely impact business continuity, disaster recovery, and high availability + - Authorize networks: Misconfiguration may increase exposure to untrusted networks`, + remediation: `**From Console: + Create the prescribed Log Metric:** + + 1. Go to *Logging/Logs-based Metrics* by visiting https://console.cloud.google.com/logs/metrics and click "CREATE METRIC". + 2. Click the down arrow symbol on the *Filter Bar* at the rightmost corner and select *Convert to Advanced Filter*. + + 3. Clear any text and add: + + protoPayload.methodName="cloudsql.instances.update" + + 4. Click *Submit Filter*. Display logs appear based on the filter text entered by the user. + 5. In the *Metric Editor* menu on right, fill out the name field. Set *Units* to *1* (default) and *Type* to *Counter*. This ensures that the log metric counts the number of log entries matching the user's advanced logs query. + 6. Click *Create Metric*. + + **Create the prescribed alert policy:** + + 1. Identify the newly created metric under the section *User-defined Metrics* at https://console.cloud.google.com/logs/metrics. + 2. Click the 3-dot icon in the rightmost column for the new metric and select *Create alert from Metric*. A new page appears. + 3. Fill out the alert policy configuration and click *Save*. Choose the alerting threshold and configuration that makes sense for the user's organization. For example, a threshold of zero(0) for the most recent value will ensure that a notification is triggered for every owner change in the user's project: + + Set 'Aggregator' to 'Count' + + Set 'Configuration': + + - Condition: above + + - Threshold: 0 + + - For: most recent value + + 4. Configure the desired notification channels in the section *Notifications*. + 5. Name the policy and click *Save*. + + **From Command Line:** + Create the prescribed log metric: + + - Use the command: *gcloud beta logging metrics create* + - Reference for command usage: https://cloud.google.com/sdk/gcloud/reference/beta/logging/metrics/create + + Create the prescribed alert policy: + - Use the command: *gcloud alpha monitoring policies create* + - Reference for command usage: https://cloud.google.com/sdk/gcloud/reference/alpha/monitoring/policies/create + `, + references: [ + 'https://cloud.google.com/logging/docs/logs-based-metrics/', + 'https://cloud.google.com/monitoring/custom-metrics/', + 'https://cloud.google.com/monitoring/alerts/', + 'https://cloud.google.com/logging/docs/reference/tools/gcloud-logging', + 'https://cloud.google.com/storage/docs/overview', + 'https://cloud.google.com/sql/docs/', + 'https://cloud.google.com/sql/docs/mysql/', + 'https://cloud.google.com/sql/docs/postgres/', + ], + gql: `{ + querygcpAlertPolicy { + id + __typename + enabled { + value + } + project { + logMetrics { + name + filter + metricDescriptor { + type + } + } + } + } + }`, + resource: 'querygcpAlertPolicy[*]', + severity: 'medium', + conditions: { + and: [ + { + path: '@.enabled.value', + equal: true, + }, + { + path: '@.project', + jq: '[.[].logMetrics[] | select( "logging.googleapis.com/user/" + .name == .metricDescriptor.type)]', + array_any: { + path: '[*].filter', + match: filterPatternRegex, + }, + }, + ], + }, +} diff --git a/src/gcp/nist-800-53-rev4/rules/gcp-nist-800-53-rev4-5.8.ts b/src/gcp/nist-800-53-rev4/rules/gcp-nist-800-53-rev4-5.8.ts new file mode 100644 index 00000000..fbb9c874 --- /dev/null +++ b/src/gcp/nist-800-53-rev4/rules/gcp-nist-800-53-rev4-5.8.ts @@ -0,0 +1,118 @@ +// GCP CIS 1.2.0 Rule equivalent 2.3 +export default { + id: 'gcp-nist-800-53-rev4-5.8', + title: + 'GCP NIST 5.8 Logging storage bucket retention policies and Bucket Lock should be configured', + description: `Enabling retention policies on log buckets will protect logs stored in cloud storage buckets + from being overwritten or accidentally deleted. It is recommended to set up retention + policies and configure Bucket Lock on all storage buckets that are used as log sinks.`, + audit: `**From Console:** + + 1. Open the Cloud Storage browser in the Google Cloud Console by visiting https://console.cloud.google.com/storage/browser. + 2. In the Column display options menu, make sure *Retention policy* is checked. + 3. In the list of buckets, the retention period of each bucket is found in the *Retention policy* column. If the retention policy is locked, an image of a lock appears directly to the left of the retention period. + + + **From Command Line:** + + 1. To list all sinks destined to storage buckets: + + gcloud logging sinks list --folder=FOLDER_ID | --organization=ORGANIZATION_ID | --project=PROJECT_ID + + 2. For every storage bucket listed above, verify that retention policies and Bucket Lock + are enabled: + + gsutil retention get gs://BUCKET_NAME + + For more information, see https://cloud.google.com/storage/docs/using-bucket-lock#view-policy.`, + rationale: `Logs can be exported by creating one or more sinks that include a log filter and a destination. As Cloud Logging receives new log entries, they are compared against each sink. If a log entry matches a sink's filter, then a copy of the log entry is written to the destination. + + Sinks can be configured to export logs in storage buckets. It is recommended to configure a data retention policy for these cloud storage buckets and to lock the data retention policy; thus permanently preventing the policy from being reduced or removed. This way, if the system is ever compromised by an attacker or a malicious insider who wants to cover their tracks, the activity logs are definitely preserved for forensics and security investigations.`, + remediation: `**From Console:** + + 1. If sinks are **not** configured, first follow the instructions in the recommendation: *Ensure that sinks are configured for all Log entries.* + 2. For each storage bucket configured as a sink, go to the Cloud Storage browser at https://console.cloud.google.com/storage/browser/. + 3. Select the Bucket Lock tab near the top of the page. + 4. In the Retention policy entry, click the Add Duration link. The *Set a retention policy* dialog box appears. + 5. Enter the desired length of time for the retention period and click *Save policy*. + 6. Set the *Lock status* for this retention policy to *Locked*. + + **From Command Line:** + + 1. To list all sinks destined to storage buckets: + + gcloud logging sinks list --folder=FOLDER_ID | --organization=ORGANIZATION_ID | --project=PROJECT_ID + + 2. For each storage bucket listed above, set a retention policy and lock it: + + gsutil retention set [TIME_DURATION] gs://[BUCKET_NAME] + gsutil retention lock gs://[BUCKET_NAME] + + For more information, visit https://cloud.google.com/storage/docs/using-bucket-lock#set-policy.`, + references: [ + 'https://cloud.google.com/storage/docs/bucket-lock', + 'https://cloud.google.com/storage/docs/using-bucket-lock', + ], + gql: `{ + querygcpProject { + id + __typename + logSinks { + destination + } + logBuckets { + name + retentionDays + locked + } + } + }`, + resource: 'querygcpProject[*]', + severity: 'unknown', + conditions: { + jq: ` { + "id": .id, + "logSinks" : [ + { + "destination" : + .logSinks[].destination + | select(startswith("storage.googleapis.com/")) + | sub("storage.googleapis.com/"; "") , + "logBuckets" :.logBuckets + } + ] | map({ + "destination" : .destination, + "logBuckets" : [. as $parent | .logBuckets[] | select($parent.destination == .name)] + }) + }`, + path: '@', + and: [ + { + path: '[*].logSinks', + array_all: { + and: [ + { + path: '[*].logBuckets', + isEmpty: false, + }, + { + path: '[*].logBuckets', + array_any: { + and: [ + { + path: '[*].retentionDays', + greaterThan: 0, + }, + { + path: '[*].locked', + equal: true, + }, + ], + }, + }, + ], + }, + }, + ], + }, +} diff --git a/src/gcp/nist-800-53-rev4/rules/gcp-nist-800-53-rev4-6.1.ts b/src/gcp/nist-800-53-rev4/rules/gcp-nist-800-53-rev4-6.1.ts new file mode 100644 index 00000000..21deb331 --- /dev/null +++ b/src/gcp/nist-800-53-rev4/rules/gcp-nist-800-53-rev4-6.1.ts @@ -0,0 +1,82 @@ +// GCP CIS 1.2.0 Rule equivalent 3.1 +export default { + id: 'gcp-nist-800-53-rev4-6.1', + title: + 'GCP NIST 6.1 The default network for a project should be deleted', + description: + 'To prevent use of default network, a project should not have a default network.', + audit: `**From Console:** + + 1. Go to the *VPC networks* page by visiting: https://console.cloud.google.com/networking/networks/list. + 2. Ensure that a network with the name *default* is not present. + + **From Command Line:** + + 1. Set the project name in the Google Cloud Shell: + + gcloud config set project PROJECT_ID + + 2. List the networks configured in that project: + + gcloud compute networks list + + It should not list *default* as one of the available networks in that project.`, + rationale: `The *default* network has a preconfigured network configuration and automatically generates the following insecure firewall rules: + + - default-allow-internal: Allows ingress connections for all protocols and ports among instances in the network. + - default-allow-ssh: Allows ingress connections on TCP port 22(SSH) from any source to any instance in the network. + - default-allow-rdp: Allows ingress connections on TCP port 3389(RDP) from any source to any instance in the network. + - default-allow-icmp: Allows ingress ICMP traffic from any source to any instance in the network. + + These automatically created firewall rules do not get audit logged and cannot be configured + to enable firewall rule logging. + + Furthermore, the default network is an auto mode network, which means that its subnets + use the same predefined range of IP addresses, and as a result, it's not possible to use Cloud + VPN or VPC Network Peering with the default network. + + Based on organization security and networking requirements, the organization should + create a new network and delete the *default* network.`, + remediation: `**From Console:** + + 1. Go to the *VPC networks* page by visiting: https://console.cloud.google.com/networking/networks/list. + 2. Click the network named *default*. + 3. On the network detail page, click *EDIT*. + 4. Click *DELETE VPC NETWORK*. + 5. If needed, create a new network to replace the default network. + + **From Command Line:** + For each Google Cloud Platform project, + + 1. Delete the default network: + + gcloud compute networks delete default + + 2. If needed, create a new network to replace it: + + gcloud compute networks create NETWORK_NAME + + **Prevention:** + The user can prevent the default network and its insecure default firewall rules from being created by setting up an Organization Policy to Skip default network creation at https://console.cloud.google.com/iam-admin/orgpolicies/compute-skipDefaultNetworkCreation.`, + references: [ + 'https://cloud.google.com/compute/docs/networking#firewall_rules', + 'https://cloud.google.com/compute/docs/reference/latest/networks/insert', + 'https://cloud.google.com/compute/docs/reference/latest/networks/delete', + 'https://cloud.google.com/vpc/docs/firewall-rules-logging', + 'https://cloud.google.com/vpc/docs/vpc#default-network', + 'https://cloud.google.com/sdk/gcloud/reference/compute/networks/delete', + ], + gql: `{ + querygcpNetwork { + id + __typename + name + } + }`, + resource: 'querygcpNetwork[*]', + severity: 'medium', + conditions: { + path: '@.name', + notEqual: 'default', + }, +} diff --git a/src/gcp/nist-800-53-rev4/rules/gcp-nist-800-53-rev4-6.2.ts b/src/gcp/nist-800-53-rev4/rules/gcp-nist-800-53-rev4-6.2.ts new file mode 100644 index 00000000..c2745e28 --- /dev/null +++ b/src/gcp/nist-800-53-rev4/rules/gcp-nist-800-53-rev4-6.2.ts @@ -0,0 +1,130 @@ +// GCP CIS 1.2.0 Rule equivalent 3.6 +export default { + id: 'gcp-nist-800-53-rev4-6.2', + title: 'GCP NIST 6.2 Network firewall rules should not permit ingress from 0.0.0.0/0 to port 22 (SSH)', + description: `GCP Firewall Rules are specific to a VPC Network. Each rule either allows or denies + traffic when its conditions are met. Its conditions allow the user to specify the type of + traffic, such as ports and protocols, and the source or destination of the traffic, including IP + addresses, subnets, and instances. + + Firewall rules are defined at the VPC network level and are specific to the network in which + they are defined. The rules themselves cannot be shared among networks. Firewall rules + only support IPv4 traffic. When specifying a source for an ingress rule or a destination for + an egress rule by address, only an IPv4 address or IPv4 block in CIDR notation can be + used. Generic (0.0.0.0/0) incoming traffic from the internet to VPC or VM instance using + SSH on Port 22 can be avoided.`, + audit: `**From the Console:** + + 1. Go to *VPC network*. + 2. Go to the *Firewall Rules*. + 3. Ensure that *Port* is not equal to *22* and *Action* is not set to *Allow*. + 4. Ensure *IP Ranges* is not equal to *0.0.0.0/0* under *Source filters*. + + **From Command Line:** + + gcloud compute firewall-rules list --format=table'(name,direction,sourceRanges,allowed)' + + Ensure that there is no rule matching the below criteria: + + - *SOURCE_RANGES* is 0.0.0.0/0 + - AND *DIRECTION* is *INGRESS* + - AND IPProtocol is *tcp* or ALL + - AND *PORTS* is set to *22* or *range* *containing* *22* or *Null* *(not set)* + + Note: + + - When ALL TCP ports are allowed in a rule, PORT does not have any value set (*NULL*) + - When ALL Protocols are allowed in a rule, PORT does not have any value set (*NULL*)`, + rationale: 'GCP *Firewall Rules* within a *VPC Network* apply to outgoing (egress) traffic from instances and incoming (ingress) traffic to instances in the network. Egress and ingress traffic flows are controlled even if the traffic stays within the network (for example, instance-to-instance communication). For an instance to have outgoing Internet access, the network must have a valid Internet gateway route or custom route whose destination IP is specified. This route simply defines the path to the Internet, to avoid the most general *(0.0.0.0/0)* destination *IP Range* specified from the Internet through SSH with the default *Port 22*. Generic access from the Internet to a specific IP Range needs to be restricted.', + remediation: `**From the Console:** + + 1. Go to *VPC Network*. + 2. Go to the *Firewall Rules*. + 3. Click the *Firewall Rule* you want to modify. + 4. Click *Edit*. + 5. Modify *Source IP ranges* to specific *IP*. + 6. Click *Save*. + + **From Command Line:** + 1. Update the Firewall rule with the new *SOURCE_RANGE* from the below command: + + gcloud compute firewall-rules update FirewallName --allow=[PROTOCOL[:PORT[- PORT]],...] --source-ranges=[CIDR_RANGE,...] + `, + references: ['https://cloud.google.com/vpc/docs/firewalls#blockedtraffic'], + gql: `{ + querygcpFirewall(filter: {direction:{eq: "INGRESS"}}){ + id + name + __typename + sourceRanges + direction + allowed{ + ipProtocol + ports + } + } + }`, + resource: 'querygcpFirewall[*]', + severity: 'high', + conditions: { + not: { + path: '@', + and: [ + { + path: '[*].sourceRanges', + jq: 'map({"range": .})', + array_any: { + path: '[*].range', + in: ['0.0.0.0/0', '::/0'], + }, + }, + { + path: '[*].direction', + in: ['INGRESS'], + }, + { + path: '@.allowed', + jq: `[.[] + | { "ipProtocol": .ipProtocol} + + (if .ports | length > 0 then .ports[] else [""][] end | split("-") | {fromPort: (.[0]), toPort: (.[1] // .[0])}) ]`, + array_any: { + and: [ + { + path: '[*].ipProtocol', + in: ['tcp', 'all'], + }, + { + or: [ + { + and: [ + { + path: '[*].fromPort', + equal: null, + }, + { + path: '[*].toPort', + equal: null, + }, + ], + }, + { + and: [ + { + path: '[*].fromPort', + lessThanInclusive: 22, + }, + { + path: '[*].toPort', + greaterThanInclusive: 22, + }, + ], + }, + ], + }, + ], + }, + }, + ], + }, + }, +} diff --git a/src/gcp/nist-800-53-rev4/rules/gcp-nist-800-53-rev4-6.3.ts b/src/gcp/nist-800-53-rev4/rules/gcp-nist-800-53-rev4-6.3.ts new file mode 100644 index 00000000..a7776b7d --- /dev/null +++ b/src/gcp/nist-800-53-rev4/rules/gcp-nist-800-53-rev4-6.3.ts @@ -0,0 +1,129 @@ +// GCP CIS 1.2.0 Rule equivalent 3.7 +export default { + id: 'gcp-nist-800-53-rev4-6.3', + title: 'GCP NIST 6.3 Network firewall rules should not permit ingress from 0.0.0.0/0 to port 3389 (RDP)', + description: `GCP Firewall Rules are specific to a VPC Network. Each rule either allows or denies + traffic when its conditions are met. Its conditions allow users to specify the type of traffic, + such as ports and protocols, and the source or destination of the traffic, including IP + addresses, subnets, and instances. + + Firewall rules are defined at the VPC network level and are specific to the network in which + they are defined. The rules themselves cannot be shared among networks. Firewall rules + only support IPv4 traffic. When specifying a source for an ingress rule or a destination for + an egress rule by address, an IPv4 address or IPv4 block in CIDR notation can be used. + Generic (0.0.0.0/0) incoming traffic from the Internet to a VPC or VM instance using RDP + on Port 3389 can be avoided.`, + audit: `**From the Console:** + + 1. Go to *VPC network*. + 2. Go to the *Firewall Rules*. + 3. Ensure *Port* is not equal to *3389* and *Action* is not *Allow*. + 4. Ensure *IP Ranges* is not equal to *0.0.0.0/0* under *Source filters*. + + **From Command Line:** + + gcloud compute firewall-rules list -- format=table'(name,direction,sourceRanges,allowed.ports)' + + Ensure that there is no rule matching the below criteria: + + - *SOURCE_RANGES* is *0.0.0.0/0* + - AND *DIRECTION* is *INGRESS* + - AND IPProtocol is *TCP* or *ALL* + - AND *PORTS* is set to *3389* or *range containing 3389* or *Null (not set)* + + Note: + + - When ALL TCP ports are allowed in a rule, PORT does not have any value set (*NULL*) + - When ALL Protocols are allowed in a rule, PORT does not have any value set (*NULL*)`, + rationale: 'GCP *Firewall Rule*s within a *VPC Network*. These rules apply to outgoing (egress) traffic from instances and incoming (ingress) traffic to instances in the network. Egress and ingress traffic flows are controlled even if the traffic stays within the network (for example, instance-to-instance communication). For an instance to have outgoing Internet access, the network must have a valid Internet gateway route or custom route whose destination IP is specified. This route simply defines the path to the Internet, to avoid the most general (0.0.0.0/0) destination IP Range specified from the Internet through RDP with the default *Port 3389*. Generic access from the Internet to a specific IP Range should be restricted.', + remediation: `**From the Console:** + + 1. Go to *VPC Network*. + 2. Go to the *Firewall Rules*. + 3. Click the *Firewall Rule* to be modified. + 4. Click *Edit*. + 5. Modify *Source IP ranges* to specific *IP*. + 6. Click *Save*. + + **From Command Line:** + 1. Update RDP Firewall rule with new *SOURCE_RANGE* from the below command: + + gcloud compute firewall-rules update FirewallName --allow=[PROTOCOL[:PORT[-PORT]],...] --source-ranges=[CIDR_RANGE,...]`, + references: ['https://cloud.google.com/vpc/docs/firewalls#blockedtraffic'], + gql: `{ + querygcpFirewall(filter: {direction:{eq: "INGRESS"}}){ + id + name + __typename + sourceRanges + direction + allowed{ + ipProtocol + ports + } + } + }`, + resource: 'querygcpFirewall[*]', + severity: 'high', + conditions: { + not: { + path: '@', + and: [ + { + path: '[*].sourceRanges', + jq: 'map({"range": .})', + array_any: { + path: '[*].range', + in: ['0.0.0.0/0', '::/0'], + }, + }, + { + path: '[*].direction', + in: ['INGRESS'], + }, + { + path: '@.allowed', + jq: `[.[] + | { "ipProtocol": .ipProtocol} + + (if .ports | length > 0 then .ports[] else [""][] end | split("-") | {fromPort: (.[0]), toPort: (.[1] // .[0])}) ]`, + array_any: { + and: [ + { + path: '[*].ipProtocol', + in: ['tcp', 'all'], + }, + { + or: [ + { + and: [ + { + path: '[*].fromPort', + equal: null, + }, + { + path: '[*].toPort', + equal: null, + }, + ], + }, + { + and: [ + { + path: '[*].fromPort', + lessThanInclusive: 3389, + }, + { + path: '[*].toPort', + greaterThanInclusive: 3389, + }, + ], + }, + ], + }, + ], + }, + }, + ], + }, + }, +} diff --git a/src/gcp/nist-800-53-rev4/rules/gcp-nist-800-53-rev4-6.4.ts b/src/gcp/nist-800-53-rev4/rules/gcp-nist-800-53-rev4-6.4.ts new file mode 100644 index 00000000..d8ce2859 --- /dev/null +++ b/src/gcp/nist-800-53-rev4/rules/gcp-nist-800-53-rev4-6.4.ts @@ -0,0 +1,200 @@ +const targetHttpsAndSslProxyConditions = { + and: [ + { + path: '@.sslPolicy', + isEmpty: false, + }, + { + path: '@.sslPolicy', + array_all: { + or: [ + { + and: [ + { + path: '[*].profile', + equal: 'MODERN', + }, + { + path: '[*].minTlsVersion', + equal: 'TLS_1_2', + }, + ], + }, + { + and: [ + { + path: '[*].profile', + equal: 'RESTRICTED', + }, + ], + }, + { + and: [ + { + path: '[*].profile', + equal: 'CUSTOM', + }, + { + path: '[*].enabledFeatures', + array_all: { + path: '[*]', + notIn: [ + 'TLS_RSA_WITH_AES_128_GCM_SHA256', + 'TLS_RSA_WITH_AES_256_GCM_SHA384', + 'TLS_RSA_WITH_AES_128_CBC_SHA', + 'TLS_RSA_WITH_AES_256_CBC_SHA', + 'TLS_RSA_WITH_3DES_EDE_CBC_SHA', + ], + }, + }, + ], + }, + ], + }, + } + ] +} + +// GCP CIS 1.2.0 Rule equivalent 3.9 +export default { + id: 'gcp-nist-800-53-rev4-6.4', + title: + 'GCP NIST 6.4 Load balancer HTTPS or SSL proxy SSL policies should not have weak cipher suites', + description: `Secure Sockets Layer (SSL) policies determine what port Transport Layer Security (TLS) + features clients are permitted to use when connecting to load balancers. To prevent usage + of insecure features, SSL policies should use (a) at least TLS 1.2 with the MODERN profile; + or (b) the RESTRICTED profile, because it effectively requires clients to use TLS 1.2 + regardless of the chosen minimum TLS version; or (3) a CUSTOM profile that does not + support any of the following features: + + TLS_RSA_WITH_AES_128_GCM_SHA256 + + TLS_RSA_WITH_AES_256_GCM_SHA384 + + TLS_RSA_WITH_AES_128_CBC_SHA + + TLS_RSA_WITH_AES_256_CBC_SHA + + TLS_RSA_WITH_3DES_EDE_CBC_SHA`, + audit: `**From Console:** + + 1. See all load balancers by visiting https://console.cloud.google.com/net-services/loadbalancing/loadBalancers/list. + 2. For each load balancer for *SSL (Proxy)* or *HTTPS*, click on its name to go the *Load balancer details* page. + 3. Ensure that each target proxy entry in the *Frontend* table has an *SSL Policy* configured. + 4. Click on each SSL policy to go to its *SSL policy details* page. + 5. Ensure that the SSL policy satisfies one of the following conditions: + + + - has a *Min TLS* set to *TLS 1.2* and *Profile* set to *Modern* profile, or + - has *Profile* set to *Restricted*. Note that a Restricted profile effectively requires + clients to use TLS 1.2 regardless of the chosen minimum TLS version, or + - has *Profile* set to *Custom* and the following features are all disabled: + + TLS_RSA_WITH_AES_128_GCM_SHA256 + TLS_RSA_WITH_AES_256_GCM_SHA384 + TLS_RSA_WITH_AES_128_CBC_SHA + TLS_RSA_WITH_AES_256_CBC_SHA + TLS_RSA_WITH_3DES_EDE_CBC_SHA + + **From Command Line:** + + 1. List all TargetHttpsProxies and TargetSslProxies. + + gcloud compute target-https-proxies list + gcloud compute target-ssl-proxies list + + 2. For each target proxy, list its properties: + + gcloud compute target-https-proxies describe TARGET_HTTPS_PROXY_NAME + gcloud compute target-ssl-proxies describe TARGET_SSL_PROXY_NAME + + 3. Ensure that the *sslPolicy* field is present and identifies the name of the SSL policy: + + sslPolicy: https://www.googleapis.com/compute/v1/projects/PROJECT_ID/global/sslPolicies/SSL_POLICY_NAME + + If the *sslPolicy* field is missing from the configuration, it means that the GCP default policy is used, which is insecure. + + 4. Describe the SSL policy: + + gcloud compute ssl-policies describe SSL_POLICY_NAME + + 5. Ensure that the policy satisfies one of the following conditions: + + - has *Profile* set to *Modern* and *minTlsVersion* set to *TLS_1_2*, or + - has *Profile* set to *Restricted*, or + - has *Profile* set to *Custom* and *enabledFeatures* does not contain any of the following values: + + TLS_RSA_WITH_AES_128_GCM_SHA256 + TLS_RSA_WITH_AES_256_GCM_SHA384 + TLS_RSA_WITH_AES_128_CBC_SHA + TLS_RSA_WITH_AES_256_CBC_SHA + TLS_RSA_WITH_3DES_EDE_CBC_SHA`, + rationale: 'Load balancers are used to efficiently distribute traffic across multiple servers. Both SSL proxy and HTTPS load balancers are external load balancers, meaning they distribute traffic from the Internet to a GCP network. GCP customers can configure load balancer SSL policies with a minimum TLS version (1.0, 1.1, or 1.2) that clients can use to establish a connection, along with a profile (Compatible, Modern, Restricted, or Custom) that specifies permissible cipher suites. To comply with users using outdated protocols, GCP load balancers can be configured to permit insecure cipher suites. In fact, the GCP default SSL policy uses a minimum TLS version of 1.0 and a Compatible profile, which allows the widest range of insecure cipher suites. As a result, it is easy for customers to configure a load balancer without even knowing that they are permitting outdated cipher suites.', + remediation: `**From Console:** + If the TargetSSLProxy or TargetHttpsProxy does not have an SSL policy configured, create a new SSL policy. Otherwise, modify the existing insecure policy. + + 1. Navigate to the *SSL Policies* page by visiting: https://console.cloud.google.com/net-security/sslpolicies + 2. Click on the name of the insecure policy to go to its *SSL policy details* page. + 3. Click *EDIT*. + 4. Set *Minimum TLS version* to *TLS 1.2*. + 5. Set *Profile* to *Modern* or *Restricted*. + 6. Alternatively, if teh user selects the profile *Custom*, make sure that the following features are disabled: + + TLS_RSA_WITH_AES_128_GCM_SHA256 + TLS_RSA_WITH_AES_256_GCM_SHA384 + TLS_RSA_WITH_AES_128_CBC_SHA + TLS_RSA_WITH_AES_256_CBC_SHA + TLS_RSA_WITH_3DES_EDE_CBC_SHA + + **From Command Line:** + + 1. For each insecure SSL policy, update it to use secure cyphers: + + gcloud compute ssl-policies update NAME [--profile COMPATIBLE|MODERN|RESTRICTED|CUSTOM] --min-tls-version 1.2 [--custom-features FEATURES] + + + 2. If the target proxy has a GCP default SSL policy, use the following command corresponding to the proxy type to update it. + + gcloud compute target-ssl-proxies update TARGET_SSL_PROXY_NAME --ssl-policy SSL_POLICY_NAME + gcloud compute target-https-proxies update TARGET_HTTPS_POLICY_NAME --ssl- policy SSL_POLICY_NAME + `, + references: [ + 'https://cloud.google.com/load-balancing/docs/use-ssl-policies', + 'https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-52r2.pdf', + ], + severity: 'medium', + queries: [ + { + gql: `{ + querygcpTargetHttpsProxy { + id + projectId + __typename + sslPolicy { + profile + enabledFeatures + minTlsVersion + } + } + }`, + resource: 'querygcpTargetHttpsProxy[*]', + conditions: targetHttpsAndSslProxyConditions + }, + { + gql: `{ + querygcpTargetSslProxy { + id + projectId + __typename + sslPolicy { + profile + enabledFeatures + minTlsVersion + } + } + }`, + resource: 'querygcpTargetSslProxy[*]', + conditions: targetHttpsAndSslProxyConditions + }, + ], +} diff --git a/src/gcp/nist-800-53-rev4/rules/gcp-nist-800-53-rev4-6.5.ts b/src/gcp/nist-800-53-rev4/rules/gcp-nist-800-53-rev4-6.5.ts new file mode 100644 index 00000000..ec17339d --- /dev/null +++ b/src/gcp/nist-800-53-rev4/rules/gcp-nist-800-53-rev4-6.5.ts @@ -0,0 +1,63 @@ +// GCP CIS 1.2.0 Rule equivalent 4.6 +export default { + id: 'gcp-nist-800-53-rev4-6.5', + title: 'GCP NIST 6.5 Compute instances "IP forwarding" should not be enabled', + description: `Compute Engine instance cannot forward a packet unless the source IP address of the + packet matches the IP address of the instance. Similarly, GCP won't deliver a packet whose + destination IP address is different than the IP address of the instance receiving the packet. + However, both capabilities are required if you want to use instances to help route packets. + + Forwarding of data packets should be disabled to prevent data loss or information + disclosure.`, + audit: `**From Console:** + + 1. Go to the *VM Instances* page by visiting: https://pantheon.corp.google.com/compute/instances. + 2. For every instance, click on its name to go to the *VM instance details* page. + 3. Under the Network interfaces section, ensure that *IP forwarding* is set to *Off* for every network interface. + + **From Command Line:** + + 1. List all instances: + + gcloud compute instances list --format='table(name,canIpForward)' + + 2. Ensure that *CAN_IP_FORWARD* column in the output of above command does not contain *True* for any VM instance. + + **Exception:** + Instances created by GKE should be excluded because they need to have IP forwarding enabled and cannot be changed. Instances created by GKE have names that start with "gke-".`, + rationale: 'Compute Engine instance cannot forward a packet unless the source IP address of the packet matches the IP address of the instance. Similarly, GCP won\'t deliver a packet whose destination IP address is different than the IP address of the instance receiving the packet. However, both capabilities are required if you want to use instances to help route packets. To enable this source and destination IP check, disable the canIpForward field, which allows an instance to send and receive packets with non-matching destination or source IPs.', + remediation: `**Note:** You only edit the *canIpForward* setting at instance creation time. Therefore, you need to + delete the instance and create a new one where *canIpForward* is set to *false*. + + **From Console:** + + 1. Go to the *VM Instances* page by visiting: https://pantheon.corp.google.com/compute/instances. + 2. Select the *VM Instance* you want to remediate. + 3. Click the *Delete* button. + 4. On the 'VM Instances' page, click 'CREATE INSTANCE'. + 5. Create a new instance with the desired configuration. By default, the instance is configured to not allow IP forwarding. + + **From Command Line:** + + 1. Delete the instance: + + gcloud compute instances delete INSTANCE_NAME + + 2. Create a new instance to replace it, with *IP forwarding* set to *Off* + + gcloud compute instances create`, + references: ['https://cloud.google.com/vpc/docs/using-routes#canipforward'], + gql: `{ + querygcpVmInstance{ + __typename + id + canIpForward + } + }`, + resource: 'querygcpVmInstance[*]', + severity: 'medium', + conditions: { + path: '@.canIpForward', + equal: false, + }, +} diff --git a/src/gcp/nist-800-53-rev4/rules/index.ts b/src/gcp/nist-800-53-rev4/rules/index.ts index 44842b4f..97cfd348 100644 --- a/src/gcp/nist-800-53-rev4/rules/index.ts +++ b/src/gcp/nist-800-53-rev4/rules/index.ts @@ -1,3 +1,29 @@ +import Gcp_NIST_800_53_51 from './gcp-nist-800-53-rev4-5.1' +import Gcp_NIST_800_53_52 from './gcp-nist-800-53-rev4-5.2' +import Gcp_NIST_800_53_53 from './gcp-nist-800-53-rev4-5.3' +import Gcp_NIST_800_53_54 from './gcp-nist-800-53-rev4-5.4' +import Gcp_NIST_800_53_55 from './gcp-nist-800-53-rev4-5.5' +import Gcp_NIST_800_53_56 from './gcp-nist-800-53-rev4-5.6' +import Gcp_NIST_800_53_57 from './gcp-nist-800-53-rev4-5.7' +import Gcp_NIST_800_53_58 from './gcp-nist-800-53-rev4-5.8' +import Gcp_NIST_800_53_61 from './gcp-nist-800-53-rev4-6.1' +import Gcp_NIST_800_53_62 from './gcp-nist-800-53-rev4-6.2' +import Gcp_NIST_800_53_63 from './gcp-nist-800-53-rev4-6.3' +import Gcp_NIST_800_53_64 from './gcp-nist-800-53-rev4-6.4' +import Gcp_NIST_800_53_65 from './gcp-nist-800-53-rev4-6.5' + export default [ - // TODO: Add rules to export + Gcp_NIST_800_53_51, + Gcp_NIST_800_53_52, + Gcp_NIST_800_53_53, + Gcp_NIST_800_53_54, + Gcp_NIST_800_53_55, + Gcp_NIST_800_53_56, + Gcp_NIST_800_53_57, + Gcp_NIST_800_53_58, + Gcp_NIST_800_53_61, + Gcp_NIST_800_53_62, + Gcp_NIST_800_53_63, + Gcp_NIST_800_53_64, + Gcp_NIST_800_53_65, ] \ No newline at end of file diff --git a/src/gcp/nist-800-53-rev4/tests/nist-800-53-rev4-5.x.test.ts b/src/gcp/nist-800-53-rev4/tests/nist-800-53-rev4-5.x.test.ts new file mode 100644 index 00000000..62349150 --- /dev/null +++ b/src/gcp/nist-800-53-rev4/tests/nist-800-53-rev4-5.x.test.ts @@ -0,0 +1,888 @@ +import cuid from 'cuid' +import CloudGraph, { Rule, Result, Engine } from '@cloudgraph/sdk' + +import Gcp_NIST_800_53_51 from '../rules/gcp-nist-800-53-rev4-5.1' +import Gcp_NIST_800_53_52 from '../rules/gcp-nist-800-53-rev4-5.2' +import Gcp_NIST_800_53_53 from '../rules/gcp-nist-800-53-rev4-5.3' +import Gcp_NIST_800_53_54 from '../rules/gcp-nist-800-53-rev4-5.4' +import Gcp_NIST_800_53_55 from '../rules/gcp-nist-800-53-rev4-5.5' +import Gcp_NIST_800_53_56 from '../rules/gcp-nist-800-53-rev4-5.6' +import Gcp_NIST_800_53_57 from '../rules/gcp-nist-800-53-rev4-5.7' +import Gcp_NIST_800_53_58 from '../rules/gcp-nist-800-53-rev4-5.8' + +const Gcp_NIST_800_53_51_Filter = + '( protoPayload.serviceName="cloudresourcemanager.googleapis.com" ) AND ( ProjectOwnership OR projectOwnerInvitee ) OR ( protoPayload.serviceData.policyDelta.bindingDeltas.action="REMOVE" AND protoPayload.serviceData.policyDelta.bindingDeltas.role="roles/owner" ) OR ( protoPayload.serviceData.policyDelta.bindingDeltas.action="ADD" AND protoPayload.serviceData.policyDelta.bindingDeltas.role="roles/owner" )' +const Gcp_NIST_800_53_52_Filter = + 'protoPayload.methodName="SetIamPolicy" AND protoPayload.serviceData.policyDelta.auditConfigDeltas:*' +const Gcp_NIST_800_53_53_Filter = + 'resource.type="iam_role" AND protoPayload.methodName="google.iam.admin.v1.CreateRole" OR protoPayload.methodName="google.iam.admin.v1.DeleteRole" OR protoPayload.methodName="google.iam.admin.v1.UpdateRole"' +const Gcp_NIST_800_53_54_Filter = + 'resource.type="gce_firewall_rule" AND protoPayload.methodName="v1.compute.firewalls.patch" OR protoPayload.methodName="v1.compute.firewalls.insert"' +const Gcp_NIST_800_53_55_Filter = + 'resource.type="gce_route" AND protoPayload.methodName="beta.compute.routes.patch" OR protoPayload.methodName="beta.compute.routes.insert"' +const Gcp_NIST_800_53_56_Filter = + 'resource.type=gce_network AND protoPayload.methodName="beta.compute.networks.insert" OR protoPayload.methodName="beta.compute.networks.patch" OR protoPayload.methodName="v1.compute.networks.delete" OR protoPayload.methodName="v1.compute.networks.removePeering" OR protoPayload.methodName="v1.compute.networks.addPeering"' +const Gcp_NIST_800_53_57_Filter = + 'protoPayload.methodName="cloudsql.instances.update"' + +export interface MetricDescriptor { + type: string +} + +export interface LogMetric { + filter: string + name?: string + metricDescriptor?: MetricDescriptor +} + +export interface Project { + logMetrics?: LogMetric[] +} + +export interface Enabled { + value: boolean +} + +export interface QuerygcpAlertPolicy { + id: string + enabled?: Enabled + project?: Project[] +} + +export interface DnsPolicy { + enableLogging: boolean +} + +export interface QuerygcpNetwork { + id: string + dnsPolicies?: DnsPolicy[] +} + +export interface LogBucket { + name: string + retentionDays: number + locked: boolean +} + +export interface LogSink { + filter?: string + destination?: string +} + +export interface QuerygcpProject { + id: string + logSinks: LogSink[] + logBuckets?: LogBucket[] +} + +export interface AuditLogConfig { + logType: string + exemptedMembers: string[] +} + +export interface AuditConfig { + auditLogConfigs: AuditLogConfig[] + service: string + exemptedMembers: string[] +} + +export interface QuerygcpIamPolicy { + id: string + auditConfigs: AuditConfig[] +} + +export interface NIST5xQueryResponse { + querygcpAlertPolicy?: QuerygcpAlertPolicy[] + querygcpNetwork?: QuerygcpNetwork[] + querygcpProject?: QuerygcpProject[] + querygcpIamPolicy?: QuerygcpIamPolicy[] +} + +describe('GCP NIST 800-53: Rev. 4', () => { + let rulesEngine: Engine + beforeAll(() => { + rulesEngine = new CloudGraph.RulesEngine({ providerName: 'gcp', entityName: 'NIST'} ) + }) + + describe('GCP NIST 5.1 Logging metric filter and alert for project ownership assignments/changes should be configured', () => { + const testRule = async ( + enabled: boolean, + filter: string, + metricName: string, + metricType: string, + expectedResult: Result + ): Promise => { + // Arrange + const data: NIST5xQueryResponse = { + querygcpAlertPolicy: [ + { + id: cuid(), + enabled: { + value: enabled, + }, + project: [ + { + logMetrics: [ + { + filter: 'dummy test filter', + name: 'dummy test name', + metricDescriptor: { + type: 'logging.googleapis.com/user/dummy-test-name', + }, + }, + { + filter, + name: metricName, + metricDescriptor: { + type: `logging.googleapis.com/user/${metricType}`, + }, + }, + ], + }, + ], + }, + ], + } + + // Act + const [processedRule] = await rulesEngine.processRule( + Gcp_NIST_800_53_51 as Rule, + { ...data } + ) + + // Asserts + expect(processedRule.result).toBe(expectedResult) + } + + test('No Security Issue when there are metric filters and alerts exist', async () => { + await testRule( + true, + Gcp_NIST_800_53_51_Filter, + 'log-metric-1', + 'log-metric-1', + Result.PASS + ) + }) + + test('Security Issue when there metric filters is not found', async () => { + await testRule( + true, + 'dummy metric filter value', + 'log-metric-1', + 'log-metric-1', + Result.FAIL + ) + }) + + test('Security Issue when there are metric filters but not aletrs', async () => { + await testRule( + false, + Gcp_NIST_800_53_51_Filter, + 'log-metric-1', + 'log-metric-1', + Result.FAIL + ) + }) + + test('Security Issue when there are metric filters and aletrs but metric desciptor type not match with metric name', async () => { + await testRule( + true, + Gcp_NIST_800_53_51_Filter, + 'log-metric-1', + 'log-metric-2', + Result.FAIL + ) + }) + }) + + describe('GCP NIST 5.2 Logging metric filter and alert for audit configuration changes should be configured', () => { + const testRule = async ( + enabled: boolean, + filter: string, + metricName: string, + metricType: string, + expectedResult: Result + ): Promise => { + // Arrange + const data: NIST5xQueryResponse = { + querygcpAlertPolicy: [ + { + id: cuid(), + enabled: { + value: enabled, + }, + project: [ + { + logMetrics: [ + { + filter: 'dummy test filter', + name: 'dummy test name', + metricDescriptor: { + type: 'logging.googleapis.com/user/dummy-test-name', + }, + }, + { + filter, + name: metricName, + metricDescriptor: { + type: `logging.googleapis.com/user/${metricType}`, + }, + }, + ], + }, + ], + }, + ], + } + + // Act + const [processedRule] = await rulesEngine.processRule( + Gcp_NIST_800_53_52 as Rule, + { ...data } + ) + + // Asserts + expect(processedRule.result).toBe(expectedResult) + } + + test('No Security Issue when there are metric filters and alerts exist', async () => { + await testRule( + true, + Gcp_NIST_800_53_52_Filter, + 'log-metric-1', + 'log-metric-1', + Result.PASS + ) + }) + + test('Security Issue when there metric filters is not found', async () => { + await testRule( + true, + 'dummy metric filter value', + 'log-metric-1', + 'log-metric-1', + Result.FAIL + ) + }) + + test('Security Issue when there are metric filters but not aletrs', async () => { + await testRule( + false, + Gcp_NIST_800_53_52_Filter, + 'log-metric-1', + 'log-metric-1', + Result.FAIL + ) + }) + + test('Security Issue when there are metric filters and aletrs but metric desciptor type not match with metric name', async () => { + await testRule( + true, + Gcp_NIST_800_53_52_Filter, + 'log-metric-1', + 'log-metric-2', + Result.FAIL + ) + }) + }) + + describe('GCP NIST 5.3 Logging metric filter and alert for Custom Role changes should be configured', () => { + const testRule = async ( + enabled: boolean, + filter: string, + metricName: string, + metricType: string, + expectedResult: Result + ): Promise => { + // Arrange + const data: NIST5xQueryResponse = { + querygcpAlertPolicy: [ + { + id: cuid(), + enabled: { + value: enabled, + }, + project: [ + { + logMetrics: [ + { + filter: 'dummy test filter', + name: 'dummy test name', + metricDescriptor: { + type: 'logging.googleapis.com/user/dummy-test-name', + }, + }, + { + filter, + name: metricName, + metricDescriptor: { + type: `logging.googleapis.com/user/${metricType}`, + }, + }, + ], + }, + ], + }, + ], + } + + // Act + const [processedRule] = await rulesEngine.processRule( + Gcp_NIST_800_53_53 as Rule, + { ...data } + ) + + // Asserts + expect(processedRule.result).toBe(expectedResult) + } + + test('No Security Issue when there are metric filters and alerts exist', async () => { + await testRule( + true, + Gcp_NIST_800_53_53_Filter, + 'log-metric-1', + 'log-metric-1', + Result.PASS + ) + }) + + test('Security Issue when there metric filters is not found', async () => { + await testRule( + true, + 'dummy metric filter value', + 'log-metric-1', + 'log-metric-1', + Result.FAIL + ) + }) + + test('Security Issue when there are metric filters but not aletrs', async () => { + await testRule( + false, + Gcp_NIST_800_53_53_Filter, + 'log-metric-1', + 'log-metric-1', + Result.FAIL + ) + }) + + test('Security Issue when there are metric filters and aletrs but metric desciptor type not match with metric name', async () => { + await testRule( + true, + Gcp_NIST_800_53_53_Filter, + 'log-metric-1', + 'log-metric-2', + Result.FAIL + ) + }) + }) + + describe('GCP NIST 5.4 Logging metric filter and alert for network firewall rule changes should be configured', () => { + const testRule = async ( + enabled: boolean, + filter: string, + metricName: string, + metricType: string, + expectedResult: Result + ): Promise => { + // Arrange + const data: NIST5xQueryResponse = { + querygcpAlertPolicy: [ + { + id: cuid(), + enabled: { + value: enabled, + }, + project: [ + { + logMetrics: [ + { + filter: 'dummy test filter', + name: 'dummy test name', + metricDescriptor: { + type: 'logging.googleapis.com/user/dummy-test-name', + }, + }, + { + filter, + name: metricName, + metricDescriptor: { + type: `logging.googleapis.com/user/${metricType}`, + }, + }, + ], + }, + ], + }, + ], + } + + // Act + const [processedRule] = await rulesEngine.processRule( + Gcp_NIST_800_53_54 as Rule, + { ...data } + ) + + // Asserts + expect(processedRule.result).toBe(expectedResult) + } + + test('No Security Issue when there are metric filters and alerts exist', async () => { + await testRule( + true, + Gcp_NIST_800_53_54_Filter, + 'log-metric-1', + 'log-metric-1', + Result.PASS + ) + }) + + test('Security Issue when there metric filters is not found', async () => { + await testRule( + true, + 'dummy metric filter value', + 'log-metric-1', + 'log-metric-1', + Result.FAIL + ) + }) + + test('Security Issue when there are metric filters but not aletrs', async () => { + await testRule( + false, + Gcp_NIST_800_53_54_Filter, + 'log-metric-1', + 'log-metric-1', + Result.FAIL + ) + }) + + test('Security Issue when there are metric filters and aletrs but metric desciptor type not match with metric name', async () => { + await testRule( + true, + Gcp_NIST_800_53_54_Filter, + 'log-metric-1', + 'log-metric-2', + Result.FAIL + ) + }) + }) + + describe('GCP NIST 5.5 Logging metric filter and alert for network route changes should be configured', () => { + const testRule = async ( + enabled: boolean, + filter: string, + metricName: string, + metricType: string, + expectedResult: Result + ): Promise => { + // Arrange + const data: NIST5xQueryResponse = { + querygcpAlertPolicy: [ + { + id: cuid(), + enabled: { + value: enabled, + }, + project: [ + { + logMetrics: [ + { + filter: 'dummy test filter', + name: 'dummy test name', + metricDescriptor: { + type: 'logging.googleapis.com/user/dummy-test-name', + }, + }, + { + filter, + name: metricName, + metricDescriptor: { + type: `logging.googleapis.com/user/${metricType}`, + }, + }, + ], + }, + ], + }, + ], + } + + // Act + const [processedRule] = await rulesEngine.processRule( + Gcp_NIST_800_53_55 as Rule, + { ...data } + ) + + // Asserts + expect(processedRule.result).toBe(expectedResult) + } + + test('No Security Issue when there are metric filters and alerts exist', async () => { + await testRule( + true, + Gcp_NIST_800_53_55_Filter, + 'log-metric-1', + 'log-metric-1', + Result.PASS + ) + }) + + test('Security Issue when there metric filters is not found', async () => { + await testRule( + true, + 'dummy metric filter value', + 'log-metric-1', + 'log-metric-1', + Result.FAIL + ) + }) + + test('Security Issue when there are metric filters but not aletrs', async () => { + await testRule( + false, + Gcp_NIST_800_53_55_Filter, + 'log-metric-1', + 'log-metric-1', + Result.FAIL + ) + }) + + test('Security Issue when there are metric filters and aletrs but metric desciptor type not match with metric name', async () => { + await testRule( + true, + Gcp_NIST_800_53_55_Filter, + 'log-metric-1', + 'log-metric-2', + Result.FAIL + ) + }) + }) + + describe('GCP NIST 5.6 Logging metric filter and alert for network changes should be configured', () => { + const testRule = async ( + enabled: boolean, + filter: string, + metricName: string, + metricType: string, + expectedResult: Result + ): Promise => { + // Arrange + const data: NIST5xQueryResponse = { + querygcpAlertPolicy: [ + { + id: cuid(), + enabled: { + value: enabled, + }, + project: [ + { + logMetrics: [ + { + filter: 'dummy test filter', + name: 'dummy test name', + metricDescriptor: { + type: 'logging.googleapis.com/user/dummy-test-name', + }, + }, + { + filter, + name: metricName, + metricDescriptor: { + type: `logging.googleapis.com/user/${metricType}`, + }, + }, + ], + }, + ], + }, + ], + } + + // Act + const [processedRule] = await rulesEngine.processRule( + Gcp_NIST_800_53_56 as Rule, + { ...data } + ) + + // Asserts + expect(processedRule.result).toBe(expectedResult) + } + + test('No Security Issue when there are metric filters and alerts exist', async () => { + await testRule( + true, + Gcp_NIST_800_53_56_Filter, + 'log-metric-1', + 'log-metric-1', + Result.PASS + ) + }) + + test('Security Issue when there metric filters is not found', async () => { + await testRule( + true, + 'dummy metric filter value', + 'log-metric-1', + 'log-metric-1', + Result.FAIL + ) + }) + + test('Security Issue when there are metric filters but not aletrs', async () => { + await testRule( + false, + Gcp_NIST_800_53_56_Filter, + 'log-metric-1', + 'log-metric-1', + Result.FAIL + ) + }) + + test('Security Issue when there are metric filters and aletrs but metric desciptor type not match with metric name', async () => { + await testRule( + true, + Gcp_NIST_800_53_56_Filter, + 'log-metric-1', + 'log-metric-2', + Result.FAIL + ) + }) + }) + + describe('GCP NIST 5.7 Logging metric filter and alert for SQL instance configuration changes should be configured', () => { + const testRule = async ( + enabled: boolean, + filter: string, + metricName: string, + metricType: string, + expectedResult: Result + ): Promise => { + // Arrange + const data: NIST5xQueryResponse = { + querygcpAlertPolicy: [ + { + id: cuid(), + enabled: { + value: enabled, + }, + project: [ + { + logMetrics: [ + { + filter: 'dummy test filter', + name: 'dummy test name', + metricDescriptor: { + type: 'logging.googleapis.com/user/dummy-test-name', + }, + }, + { + filter, + name: metricName, + metricDescriptor: { + type: `logging.googleapis.com/user/${metricType}`, + }, + }, + ], + }, + ], + }, + ], + } + + // Act + const [processedRule] = await rulesEngine.processRule( + Gcp_NIST_800_53_57 as Rule, + { ...data } + ) + + // Asserts + expect(processedRule.result).toBe(expectedResult) + } + + test('No Security Issue when there are metric filters and alerts exist', async () => { + await testRule( + true, + Gcp_NIST_800_53_57_Filter, + 'log-metric-1', + 'log-metric-1', + Result.PASS + ) + }) + + test('Security Issue when there metric filters is not found', async () => { + await testRule( + true, + 'dummy metric filter value', + 'log-metric-1', + 'log-metric-1', + Result.FAIL + ) + }) + + test('Security Issue when there are metric filters but not aletrs', async () => { + await testRule( + false, + Gcp_NIST_800_53_57_Filter, + 'log-metric-1', + 'log-metric-1', + Result.FAIL + ) + }) + + test('Security Issue when there are metric filters and aletrs but metric desciptor type not match with metric name', async () => { + await testRule( + true, + Gcp_NIST_800_53_57_Filter, + 'log-metric-1', + 'log-metric-2', + Result.FAIL + ) + }) + }) + + describe('GCP NIST 5.8 Logging storage bucket retention policies and Bucket Lock should be configured', () => { + const getTestRuleFixture = ( + querygcpProjects: QuerygcpProject[] + ): NIST5xQueryResponse => { + return { + querygcpProject: querygcpProjects, + } + } + + const testRule = async ( + data: NIST5xQueryResponse, + expectedResult: Result + ): Promise => { + // Act + const [processedRule] = await rulesEngine.processRule( + Gcp_NIST_800_53_58 as Rule, + { ...data } + ) + + // Asserts + expect(processedRule.result).toBe(expectedResult) + } + + test('No Security Issue when all Sinks destined to storage buckets have retention policies and Bucket Lock are enabled', async () => { + const projectData = [ + { + id: cuid(), + logSinks: [ + { + destination: 'logging.googleapis.com/projects/dummy', + }, + { + destination: 'storage.googleapis.com/projects/storage-project', + }, + ], + logBuckets: [ + { + name: 'projects/dummy', + retentionDays: 30, + locked: false, + }, + { + name: 'projects/storage-project', + retentionDays: 30, + locked: true, + }, + ], + }, + ] + const data: NIST5xQueryResponse = getTestRuleFixture(projectData) + await testRule(data, Result.PASS) + }) + + test('No Security Issue when all Sinks destined to storage buckets have retention policies and Bucket Lock are enabled (multiple sinks)', async () => { + const projectData = [ + { + id: cuid(), + logSinks: [ + { + destination: 'storage.googleapis.com/projects/storage-project', + }, + { + destination: 'storage.googleapis.com/projects/storage-project2', + }, + ], + logBuckets: [ + { + name: 'projects/storage-project', + retentionDays: 30, + locked: true, + }, + { + name: 'projects/storage-project2', + retentionDays: 30, + locked: true, + }, + ], + }, + ] + const data: NIST5xQueryResponse = getTestRuleFixture(projectData) + await testRule(data, Result.PASS) + }) + + test('Security Issue when no Sinks destined to storage buckets', async () => { + const projectData = [ + { + id: cuid(), + logSinks: [ + { + destination: 'storage.googleapis.com/projects/storage-project', + }, + ], + logBuckets: [], + }, + ] + const data: NIST5xQueryResponse = getTestRuleFixture(projectData) + await testRule(data, Result.FAIL) + }) + + test('Security Issue when the Sinks destined to storage buckets have NO retention policies', async () => { + const projectData = [ + { + id: cuid(), + logSinks: [ + { + destination: 'storage.googleapis.com/projects/storage-project', + }, + ], + logBuckets: [ + { + name: 'projects/storage-project', + retentionDays: 0, + locked: true, + }, + ], + }, + ] + const data: NIST5xQueryResponse = getTestRuleFixture(projectData) + await testRule(data, Result.FAIL) + }) + + test('Security Issue when the Sinks destined to storage buckets have Bucket Lock set to false', async () => { + const projectData = [ + { + id: cuid(), + logSinks: [ + { + destination: 'storage.googleapis.com/projects/storage-project', + }, + ], + logBuckets: [ + { + name: 'projects/storage-project', + retentionDays: 30, + locked: false, + }, + ], + }, + ] + const data: NIST5xQueryResponse = getTestRuleFixture(projectData) + await testRule(data, Result.FAIL) + }) + }) + +}) diff --git a/src/gcp/nist-800-53-rev4/tests/nist-800-53-rev4-6.x.test.ts b/src/gcp/nist-800-53-rev4/tests/nist-800-53-rev4-6.x.test.ts new file mode 100644 index 00000000..c04b123f --- /dev/null +++ b/src/gcp/nist-800-53-rev4/tests/nist-800-53-rev4-6.x.test.ts @@ -0,0 +1,595 @@ +/* eslint-disable max-len */ +import cuid from 'cuid' +import CloudGraph, { Rule, Result, Engine } from '@cloudgraph/sdk' +import 'jest' + +import Gcp_NIST_800_53_61 from '../rules/gcp-nist-800-53-rev4-6.1' +import Gcp_NIST_800_53_62 from '../rules/gcp-nist-800-53-rev4-6.2' +import Gcp_NIST_800_53_63 from '../rules/gcp-nist-800-53-rev4-6.3' +import Gcp_NIST_800_53_64 from '../rules/gcp-nist-800-53-rev4-6.4' +import Gcp_NIST_800_53_65 from '../rules/gcp-nist-800-53-rev4-6.5' + + +const ipV4WildcardAddress = '0.0.0.0/0' +const ipV6WildcardAddress = '::/0' + +export interface ServiceAccount { + email: string + scopes?: string[] +} + +export interface Label { + value: string +} + +export interface Project { + id: string +} + +export interface MetadataItem { + key: string + value: string +} + +export interface Metadata { + items: MetadataItem[] +} + +export interface DiskEncryptionKey { + sha256: string | null +} + +export interface Disk { + diskEncryptionKey: DiskEncryptionKey | null +} + +export interface AccessConfigs { + natIP: string | null +} + +export interface NetworkInterfaces { + accessConfigs: AccessConfigs[] +} + +export interface ShieldedInstanceConfig { + enableIntegrityMonitoring: boolean + enableVtpm: boolean +} + +export interface ConfidentialInstanceConfig { + enableConfidentialCompute: boolean +} + +export interface QuerygcpVmInstance { + id: string + name?: string + shieldedInstanceConfig?: ShieldedInstanceConfig + confidentialInstanceConfig?: ConfidentialInstanceConfig + networkInterfaces?: NetworkInterfaces[] + canIpForward?: boolean + project?: Project[] + labels?: Label[] + metadata?: Metadata + serviceAccounts?: ServiceAccount[] + disks?: Disk[] +} + +export interface Allowed { + ipProtocol: string + ports: string[] +} + +export interface QuerygcpFirewall { + id: string + sourceRanges: string[] + direction: string + allowed?: Allowed[] +} + +export interface GcpNetworkSubnet { + purpose: string + enableFlowLogs: boolean | null +} + +export interface QuerygcpNetwork { + id: string + subnets?: GcpNetworkSubnet[] + name?: string + ipV4Range?: string | null +} + +export interface SslPolicy { + profile: string + enabledFeatures?: string[] + minTlsVersion: string +} + +export interface TargetHttpsProxy { + sslPolicy?: SslPolicy[] +} + +export interface TargetSslProxy { + sslPolicy?: SslPolicy[] +} + +export interface QuerygcpTargetSslProxy { + id: string + sslPolicy?: SslPolicy[] +} +export interface QuerygcpTargetHttpsProxy { + id: string + sslPolicy?: SslPolicy[] +} + +export interface NIST6xQueryResponse { + querygcpFirewall?: QuerygcpFirewall[] + querygcpNetwork?: QuerygcpNetwork[] + querygcpTargetSslProxy?: QuerygcpTargetSslProxy[] + querygcpTargetHttpsProxy?: QuerygcpTargetHttpsProxy[] + querygcpVmInstance?: QuerygcpVmInstance[] +} + +describe('GCP NIST 800-53: Rev. 4', () => { + let rulesEngine: Engine + beforeAll(() => { + rulesEngine = new CloudGraph.RulesEngine({ + providerName: 'gcp', + entityName: 'NIST', + }) + }) + + describe('GCP NIST 6.1 The default network for a project should be deleted', () => { + const testRule = async ( + networkName: string, + expectedResult: Result + ): Promise => { + // Arrange + const data: NIST6xQueryResponse = { + querygcpNetwork: [ + { + id: cuid(), + name: networkName, + }, + ], + } + + // Act + const [processedRule] = await rulesEngine.processRule( + Gcp_NIST_800_53_61 as Rule, + { ...data } + ) + + // Asserts + expect(processedRule.result).toBe(expectedResult) + } + + test('No Security Issue when there is an inbound rule with a network name that is not equal to default', async () => { + await testRule('test-network', Result.PASS) + }) + + test('Security Issue when there is an inbound rule with a network name that is equal to default', async () => { + await testRule('default', Result.FAIL) + }) + }) + + describe('GCP NIST 6.2 Network firewall rules should not permit ingress from 0.0.0.0/0 to port 22 (SSH)', () => { + const testRule = async ( + fromPort: number | undefined, + toPort: number | undefined, + sourceAddress: string, + expectedResult: Result, + protocol?: string + ): Promise => { + // Arrange + const data: NIST6xQueryResponse = { + querygcpFirewall: [ + { + id: cuid(), + sourceRanges: [sourceAddress], + direction: 'INGRESS', + allowed: [ + { + ipProtocol: 'icmp', + ports: [], + }, + { + ipProtocol: protocol || 'tcp', + ports: fromPort && toPort ? [`${fromPort}-${toPort}`] : [], + }, + { + ipProtocol: 'udp', + ports: ['0-65535'], + }, + ], + }, + ], + } + + // Act + const [processedRule] = await rulesEngine.processRule( + Gcp_NIST_800_53_62 as Rule, + { ...data } + ) + + // Asserts + expect(processedRule.result).toBe(expectedResult) + } + + test('No Security Issue when there is an inbound rule with a random IPv4 address and port 22', async () => { + await testRule(22, 22, '10.10.10.10/16', Result.PASS) + }) + + test('No Security Issue when there is an inbound rule with IPv4 wilcard address and port 80', async () => { + await testRule(80, 80, ipV4WildcardAddress, Result.PASS) + }) + + test('No Security Issue when there is an inbound rule with IPv6 wilcard address and port 80', async () => { + await testRule(80, 80, ipV6WildcardAddress, Result.PASS) + }) + + test('No Security Issue when there is an inbound rule with a random IPv4 and a port range not including the port 22', async () => { + await testRule(1000, 2000, '10.10.10.10/16', Result.PASS) + }) + + test('No Security Issue when there is an inbound rule with IPv4 wilcard address and a port range not including the port 22', async () => { + await testRule(1000, 2000, ipV4WildcardAddress, Result.PASS) + }) + + test('No Security Issue when there is an inbound rule with IPv6 wilcard address and a port range not including the port 22', async () => { + await testRule(1000, 2000, ipV6WildcardAddress, Result.PASS) + }) + + test('Security Issue when IPv4 wilcard address and port 22 and tcp protocol', async () => { + await testRule(22, 22, ipV4WildcardAddress, Result.FAIL) + }) + + test('Security Issue when IPv4 wilcard address and port 22 and all protocol', async () => { + await testRule(22, 22, ipV4WildcardAddress, Result.FAIL, 'all') + }) + + test('Security Issue when IPv6 wilcard address and port 22 and tcp protocol', async () => { + await testRule(22, 22, ipV6WildcardAddress, Result.FAIL) + }) + + test('Security Issue when IPv6 wilcard address and port 22 and all protocol', async () => { + await testRule(22, 22, ipV6WildcardAddress, Result.FAIL, 'all') + }) + + test('Security Issue when there is an inbound rule with IPv4 wilcard address and no port range is specified', async () => { + await testRule(undefined, undefined, ipV4WildcardAddress, Result.FAIL) + }) + + test('Security Issue when there is an inbound rule with IPv6 wilcard address and no port range is specified', async () => { + await testRule(undefined, undefined, ipV6WildcardAddress, Result.FAIL) + }) + + test('Security Issue when there is an inbound rule with IPv4 wilcard address and port range includes the port 22', async () => { + await testRule(0, 1000, ipV4WildcardAddress, Result.FAIL) + }) + + test('Security Issue when there is an inbound rule with IPv6 wilcard address and port range includes the port 22', async () => { + await testRule(0, 1000, ipV6WildcardAddress, Result.FAIL) + }) + }) + + describe('GCP NIST 6.3 Network firewall rules should not permit ingress from 0.0.0.0/0 to port 3389 (RDP)', () => { + const testRule = async ( + fromPort: number | undefined, + toPort: number | undefined, + sourceAddress: string, + expectedResult: Result, + protocol?: string + ): Promise => { + // Arrange + const data: NIST6xQueryResponse = { + querygcpFirewall: [ + { + id: cuid(), + sourceRanges: [sourceAddress], + direction: 'INGRESS', + allowed: [ + { + ipProtocol: 'icmp', + ports: [], + }, + { + ipProtocol: protocol || 'tcp', + ports: fromPort && toPort ? [`${fromPort}-${toPort}`] : [], + }, + { + ipProtocol: 'udp', + ports: ['0-65535'], + }, + ], + }, + ], + } + + // Act + const [processedRule] = await rulesEngine.processRule( + Gcp_NIST_800_53_63 as Rule, + { ...data } + ) + + // Asserts + expect(processedRule.result).toBe(expectedResult) + } + + test('No Security Issue when there is an inbound rule with a random IPv4 address and port 3389', async () => { + await testRule(3389, 3389, '10.10.10.10/16', Result.PASS) + }) + + test('No Security Issue when there is an inbound rule with IPv4 wilcard address and port 80', async () => { + await testRule(80, 80, ipV4WildcardAddress, Result.PASS) + }) + + test('No Security Issue when there is an inbound rule with IPv6 wilcard address and port 80', async () => { + await testRule(80, 80, ipV6WildcardAddress, Result.PASS) + }) + + test('No Security Issue when there is an inbound rule with a random IPv4 and a port range not including the port 3389', async () => { + await testRule(1000, 2000, '10.10.10.10/16', Result.PASS) + }) + + test('No Security Issue when there is an inbound rule with IPv4 wilcard address and a port range not including the port 3389', async () => { + await testRule(1000, 2000, ipV4WildcardAddress, Result.PASS) + }) + + test('No Security Issue when there is an inbound rule with IPv6 wilcard address and a port range not including the port 3389', async () => { + await testRule(1000, 2000, ipV6WildcardAddress, Result.PASS) + }) + + test('Security Issue when IPv4 wilcard address and port 3389 and tcp protocol', async () => { + await testRule(3389, 3389, ipV4WildcardAddress, Result.FAIL) + }) + + test('Security Issue when IPv4 wilcard address and port 3389 and all protocol', async () => { + await testRule(3389, 3389, ipV4WildcardAddress, Result.FAIL, 'all') + }) + + test('Security Issue when IPv6 wilcard address and port 3389 and tcp protocol', async () => { + await testRule(3389, 3389, ipV6WildcardAddress, Result.FAIL) + }) + + test('Security Issue when IPv6 wilcard address and port 3389 and all protocol', async () => { + await testRule(3389, 3389, ipV6WildcardAddress, Result.FAIL, 'all') + }) + + test('Security Issue when there is an inbound rule with IPv4 wilcard address and no port range is specified', async () => { + await testRule(undefined, undefined, ipV4WildcardAddress, Result.FAIL) + }) + + test('Security Issue when there is an inbound rule with IPv6 wilcard address and no port range is specified', async () => { + await testRule(undefined, undefined, ipV6WildcardAddress, Result.FAIL) + }) + + test('Security Issue when there is an inbound rule with IPv4 wilcard address and port range includes the port 3389', async () => { + await testRule(0, 4000, ipV4WildcardAddress, Result.FAIL) + }) + + test('Security Issue when there is an inbound rule with IPv6 wilcard address and port range includes the port 3389', async () => { + await testRule(0, 4000, ipV6WildcardAddress, Result.FAIL) + }) + }) + + describe('GCP NIST 6.4 Load balancer HTTPS or SSL proxy SSL policies should not have weak cipher suites', () => { + + const getTestRuleAFixture = (): NIST6xQueryResponse => { + return { + querygcpTargetHttpsProxy: [ + { + id: cuid(), + sslPolicy: [ + { + profile: 'MODERN', + minTlsVersion: 'TLS_1_2', + }, + ], + }, + ], + } + } + + const getTestRuleBFixture = (): NIST6xQueryResponse => { + return { + querygcpTargetSslProxy: [ + { + id: cuid(), + sslPolicy: [ + { + profile: 'MODERN', + minTlsVersion: 'TLS_1_2', + }, + ], + }, + ], + } + } + + const testRule = async ( + data: NIST6xQueryResponse, + expectedResult: Result, + rule?: any + ): Promise => { + // Act + const [processedRule] = await rulesEngine.processRule(rule as Rule, { + ...data, + }) + + // Asserts + expect(processedRule.result).toBe(expectedResult) + } + + describe('querygcpTargetHttpsProxy query:', () => { + let targetHttpsProxyRule: Rule + beforeAll(() => { + const { queries, ...ruleMetadata} = Gcp_NIST_800_53_64 + const query = queries.shift() + targetHttpsProxyRule = { + ...ruleMetadata, + ...query + } as Rule + }) + + test('No Security Issue when proxies and ssl policies are secure', async () => { + const data: NIST6xQueryResponse = getTestRuleAFixture() + await testRule(data, Result.PASS, targetHttpsProxyRule) + }) + + test('Security Issue when proxies not have ssl policy', async () => { + const data: NIST6xQueryResponse = getTestRuleAFixture() + const targetHttpsProxy = data + .querygcpTargetHttpsProxy?.[0] as QuerygcpTargetHttpsProxy + targetHttpsProxy.sslPolicy = [] + await testRule(data, Result.FAIL, targetHttpsProxyRule) + }) + + test('Security Issue when HTTPS-PROXY with MODERN ssl policy and VERSION is NOT TLS_1_2', async () => { + const data: NIST6xQueryResponse = getTestRuleAFixture() + const targetHttpsProxy = data + .querygcpTargetHttpsProxy?.[0] as QuerygcpTargetHttpsProxy + targetHttpsProxy.sslPolicy = targetHttpsProxy.sslPolicy?.map( + ({ minTlsVersion, ...p }) => { + return { + ...p, + minTlsVersion: 'dummy', + } + } + ) + await testRule(data, Result.FAIL, targetHttpsProxyRule) + }) + + test('Security Issue when HTTPS-PROXY with CUSTOM ssl policy and enabledFeatures contains invalid values', async () => { + const invalidEnabledFeatureValues = [ + 'TLS_RSA_WITH_AES_128_GCM_SHA256', + 'TLS_RSA_WITH_AES_256_GCM_SHA384', + 'TLS_RSA_WITH_AES_128_CBC_SHA', + 'TLS_RSA_WITH_AES_256_CBC_SHA', + 'TLS_RSA_WITH_3DES_EDE_CBC_SHA', + ] + for (const invalidEnabledFeatureValue of invalidEnabledFeatureValues) { + const data: NIST6xQueryResponse = getTestRuleAFixture() + const targetHttpsProxy = data + .querygcpTargetHttpsProxy?.[0] as QuerygcpTargetHttpsProxy + targetHttpsProxy.sslPolicy = targetHttpsProxy.sslPolicy?.map( + ({ enabledFeatures, profile, ...p }) => { + return { + ...p, + profile: 'CUSTOM', + enabledFeatures: [invalidEnabledFeatureValue], + } + } + ) + await testRule(data, Result.FAIL, targetHttpsProxyRule) + } + }) + }) + + describe('querygcpTargetSslProxy query:', () => { + let targetSslProxyRule: Rule + beforeAll(() => { + const { queries, ...ruleMetadata} = Gcp_NIST_800_53_64 + const query = queries.shift() + targetSslProxyRule = { + ...ruleMetadata, + ...query + } as Rule + }) + + test('No Security Issue when proxies and ssl policies are secure', async () => { + const data: NIST6xQueryResponse = getTestRuleBFixture() + await testRule(data, Result.PASS, targetSslProxyRule) + }) + + test('Security Issue when proxies not have ssl policy', async () => { + const data: NIST6xQueryResponse = getTestRuleBFixture() + const targetSslProxy = data + .querygcpTargetSslProxy?.[0] as QuerygcpTargetHttpsProxy + targetSslProxy.sslPolicy = [] + await testRule(data, Result.FAIL, targetSslProxyRule) + }) + + test('Security Issue when HTTPS-PROXY with MODERN ssl policy and VERSION is NOT TLS_1_2', async () => { + const data: NIST6xQueryResponse = getTestRuleBFixture() + const targetSslProxy = data + .querygcpTargetSslProxy?.[0] as QuerygcpTargetHttpsProxy + targetSslProxy.sslPolicy = targetSslProxy.sslPolicy?.map( + ({ minTlsVersion, ...p }) => { + return { + ...p, + minTlsVersion: 'dummy', + } + } + ) + await testRule(data, Result.FAIL, targetSslProxyRule) + }) + + test('Security Issue when HTTPS-PROXY with CUSTOM ssl policy and enabledFeatures contains invalid values', async () => { + const invalidEnabledFeatureValues = [ + 'TLS_RSA_WITH_AES_128_GCM_SHA256', + 'TLS_RSA_WITH_AES_256_GCM_SHA384', + 'TLS_RSA_WITH_AES_128_CBC_SHA', + 'TLS_RSA_WITH_AES_256_CBC_SHA', + 'TLS_RSA_WITH_3DES_EDE_CBC_SHA', + ] + for (const invalidEnabledFeatureValue of invalidEnabledFeatureValues) { + const data: NIST6xQueryResponse = getTestRuleBFixture() + const targetSslProxy = data + .querygcpTargetSslProxy?.[0] as QuerygcpTargetHttpsProxy + targetSslProxy.sslPolicy = targetSslProxy.sslPolicy?.map( + ({ enabledFeatures, profile, ...p }) => { + return { + ...p, + profile: 'CUSTOM', + enabledFeatures: [invalidEnabledFeatureValue], + } + } + ) + await testRule(data, Result.FAIL, targetSslProxyRule) + } + }) + }) + }) + + describe('GCP NIST 6.5 Compute instances "IP forwarding" should not be enabled', () => { + const getTestRuleFixture = ( + canIpForward: boolean + ): NIST6xQueryResponse => { + return { + querygcpVmInstance: [ + { + id: cuid(), + name: 'dummy-project-name', + canIpForward, + project: [], + labels: [], + }, + ], + } + } + + const test46Rule = async ( + data: NIST6xQueryResponse, + expectedResult: Result + ): Promise => { + // Act + const [processedRule] = await rulesEngine.processRule( + Gcp_NIST_800_53_65 as Rule, + { ...data } + ) + + // Asserts + expect(processedRule.result).toBe(expectedResult) + } + + test('No Security Issue when canIpForward is false', async () => { + const data: NIST6xQueryResponse = getTestRuleFixture(false) + await test46Rule(data, Result.PASS) + }) + + test('Security Issue when canIpForward is true', async () => { + const data: NIST6xQueryResponse = getTestRuleFixture(true) + await test46Rule(data, Result.FAIL) + }) + }) +}) From 660e2f31726a3b04a335a27fb6bb3fed1ff84b6b Mon Sep 17 00:00:00 2001 From: "mariano.pizarro" Date: Fri, 20 May 2022 18:02:11 -0300 Subject: [PATCH 27/30] feat(checks): Updated README file --- src/gcp/nist-800-53-rev4/README.md | 42 +++++++++++++++--------------- 1 file changed, 21 insertions(+), 21 deletions(-) diff --git a/src/gcp/nist-800-53-rev4/README.md b/src/gcp/nist-800-53-rev4/README.md index 90f1bbdf..ff241408 100644 --- a/src/gcp/nist-800-53-rev4/README.md +++ b/src/gcp/nist-800-53-rev4/README.md @@ -55,24 +55,24 @@ Policy Pack based on the [800-53 Rev. 4](https://csrc.nist.gov/publications/deta | Rule | Description | | ------------- | ---------------------------------------------------------------------------------------------------------------------------------- | -| AWS NIST 1.1 | Compute instances should not use the default service account | -| AWS NIST 1.2 | Compute instances should not use the default service account with full access to all Cloud APIs | -| AWS NIST 1.3 | Compute instance "block-project-ssh-keys should be enabled | -| AWS NIST 1.4 | Compute instances should not have public IP addresses | -| AWS NIST 1.5 | Compute instances "Enable connecting to serial ports" should not be enabled | -| AWS NIST 1.6 | SQL database instances should not permit access from 0.0.0.0/0 | -| AWS NIST 1.7 | SQL database instances should not have public IPs | -| AWS NIST 2.1 | DNS managed zone DNSSEC should be enabled | -| AWS NIST 2.2 | DNS managed zone DNSSEC key-signing keys should not use RSASHA1 | -| AWS NIST 2.3 | DNS managed zone DNSSEC zone-signing keys should not use RSASHA1 | -| AWS NIST 3.1 | IAM default audit log config should not exempt any users | -| AWS NIST 3.2 | PostgreSQL database instance 'log_checkpoints' database flag should be set to 'on' | -| AWS NIST 3.3 | PostgreSQL database instance 'log_connections' database flag should be set to 'on' | -| AWS NIST 3.4 | PostgreSQL database instance 'log_disconnections' database flag should be set to 'on' | -| AWS NIST 3.5 | PostgreSQL database instance 'log_lock_waits' database flag should be set to 'on' | -| AWS NIST 3.6 | PostgreSQL database instance 'log_min_error_statement' database flag should be set appropriately | -| AWS NIST 3.7 | PostgreSQL database instance 'log_temp_files' database flag should be set to '0' (on) | -| AWS NIST 3.8 | PostgreSQL database instance 'log_min_duration_statement' database flag should be set to '-1' (disabled) | -| AWS NIST 3.9 | At least one project-level logging sink should be configured with an empty filter | -| AWS NIST 4.1 | Compute instance disks should be encrypted with customer-supplied encryption keys (CSEKs) | -| AWS NIST 4.2 | SQL database instances should require incoming connections to use SSL | +| GCP NIST 1.1 | Compute instances should not use the default service account | +| GCP NIST 1.2 | Compute instances should not use the default service account with full access to all Cloud APIs | +| GCP NIST 1.3 | Compute instance "block-project-ssh-keys should be enabled | +| GCP NIST 1.4 | Compute instances should not have public IP addresses | +| GCP NIST 1.5 | Compute instances "Enable connecting to serial ports" should not be enabled | +| GCP NIST 1.6 | SQL database instances should not permit access from 0.0.0.0/0 | +| GCP NIST 1.7 | SQL database instances should not have public IPs | +| GCP NIST 2.1 | DNS managed zone DNSSEC should be enabled | +| GCP NIST 2.2 | DNS managed zone DNSSEC key-signing keys should not use RSASHA1 | +| GCP NIST 2.3 | DNS managed zone DNSSEC zone-signing keys should not use RSASHA1 | +| GCP NIST 3.1 | IAM default audit log config should not exempt any users | +| GCP NIST 3.2 | PostgreSQL database instance 'log_checkpoints' database flag should be set to 'on' | +| GCP NIST 3.3 | PostgreSQL database instance 'log_connections' database flag should be set to 'on' | +| GCP NIST 3.4 | PostgreSQL database instance 'log_disconnections' database flag should be set to 'on' | +| GCP NIST 3.5 | PostgreSQL database instance 'log_lock_waits' database flag should be set to 'on' | +| GCP NIST 3.6 | PostgreSQL database instance 'log_min_error_statement' database flag should be set appropriately | +| GCP NIST 3.7 | PostgreSQL database instance 'log_temp_files' database flag should be set to '0' (on) | +| GCP NIST 3.8 | PostgreSQL database instance 'log_min_duration_statement' database flag should be set to '-1' (disabled) | +| GCP NIST 3.9 | At least one project-level logging sink should be configured with an empty filter | +| GCP NIST 4.1 | Compute instance disks should be encrypted with customer-supplied encryption keys (CSEKs) | +| GCP NIST 4.2 | SQL database instances should require incoming connections to use SSL | From 1f47a98968346e22e92f6a29df1c697eca2b46cc Mon Sep 17 00:00:00 2001 From: "mariano.pizarro" Date: Fri, 20 May 2022 18:30:05 -0300 Subject: [PATCH 28/30] feat(checks): Added 3.10 rule --- src/gcp/nist-800-53-rev4/README.md | 1 + .../rules/gcp-nist-800-53-rev4-3.10.ts | 90 ++++++++++ src/gcp/nist-800-53-rev4/rules/index.ts | 2 + .../tests/nist-800-53-rev4-3.x.test.ts | 154 +++++++++++++++++- 4 files changed, 245 insertions(+), 2 deletions(-) create mode 100644 src/gcp/nist-800-53-rev4/rules/gcp-nist-800-53-rev4-3.10.ts diff --git a/src/gcp/nist-800-53-rev4/README.md b/src/gcp/nist-800-53-rev4/README.md index ff241408..bc66b7b9 100644 --- a/src/gcp/nist-800-53-rev4/README.md +++ b/src/gcp/nist-800-53-rev4/README.md @@ -74,5 +74,6 @@ Policy Pack based on the [800-53 Rev. 4](https://csrc.nist.gov/publications/deta | GCP NIST 3.7 | PostgreSQL database instance 'log_temp_files' database flag should be set to '0' (on) | | GCP NIST 3.8 | PostgreSQL database instance 'log_min_duration_statement' database flag should be set to '-1' (disabled) | | GCP NIST 3.9 | At least one project-level logging sink should be configured with an empty filter | +| GCP NIST 3.10 | Network subnet flow logs should be enabled | | GCP NIST 4.1 | Compute instance disks should be encrypted with customer-supplied encryption keys (CSEKs) | | GCP NIST 4.2 | SQL database instances should require incoming connections to use SSL | diff --git a/src/gcp/nist-800-53-rev4/rules/gcp-nist-800-53-rev4-3.10.ts b/src/gcp/nist-800-53-rev4/rules/gcp-nist-800-53-rev4-3.10.ts new file mode 100644 index 00000000..207cd2c4 --- /dev/null +++ b/src/gcp/nist-800-53-rev4/rules/gcp-nist-800-53-rev4-3.10.ts @@ -0,0 +1,90 @@ +// GCP CIS 1.2.0 Rule equivalent 3.8 +export default { + id: 'gcp-nist-800-53-rev4-3.10', + title: + 'GCP NIST 3.10 Network subnet flow logs should be enabled', + description: `Flow Logs is a feature that enables users to capture information about the IP traffic going to + and from network interfaces in the organization's VPC Subnets. Once a flow log is created, + the user can view and retrieve its data in Stackdriver Logging. It is recommended that Flow + Logs be enabled for every business-critical VPC subnet.`, + + audit: `**From Console:** + + 1. Go to the VPC network GCP Console visiting https://console.cloud.google.com/networking/networks/list + 2. From the list of network subnets, + make sure for each subnet *Flow Logs* is set to *On* + + **From Command Line:** + + gcloud compute networks list --format json | \\ jq -r '.[].subnetworks | .[]' | \ + xargs -I {} gcloud compute networks subnets describe {} --format json | \ + jq -r '. | "Subnet: \\(.name) Purpose: \\(.purpose) VPC Flow Log Enabled: \\(has("enableFlowLogs"))"' + + The output of the above command will list each subnet, the subnet's purpose, and a *true* or *false* value if *Flow Logs* are enabled. + If the subnet's purpose is *PRIVATE* then *Flow Logs* should be *true*. + `, + rationale: `VPC networks and subnetworks not reserved for internal HTTP(S) load balancing provide logically isolated and secure network partitions where GCP resources can be launched. When Flow Logs are enabled for a subnet, VMs within that subnet start reporting on all Transmission Control Protocol (TCP) and User Datagram Protocol (UDP) flows. Each VM samples the TCP and UDP flows it sees, inbound and outbound, whether the flow is to or from another VM, a host in the on-premises datacenter, a Google service, or a host on the Internet. If two GCP VMs are communicating, and both are in subnets that have VPC Flow Logs enabled, both VMs report the flows. + + Flow Logs supports the following use cases: + + - Network monitoring + - Understanding network usage and optimizing network traffic expenses + - Network forensics + - Real-time security analysis + + Flow Logs provide visibility into network traffic for each VM inside the subnet and can be used to detect + anomalous traffic or provide insight during security workflows. + + Note: Subnets reserved for use by internal HTTP(S) load balancers do not support VPC flow logs.`, + remediation: `**From Console:** + + 1. Go to the VPC network GCP Console visiting https://console.cloud.google.com/networking/networks/list + 2. Click the name of a subnet, The *Subnet details* page displays. + 3. Click the *EDIT* button. + 4. Set *Flow Logs* to *On*. + 5. Click Save. + + **From Command Line:** + To set Private Google access for a network subnet, run the following command: + + gcloud compute networks subnets update [SUBNET_NAME] --region [REGION] --enable-flow-logs`, + references: [ + 'https://cloud.google.com/vpc/docs/using-flow-logs#enabling_vpc_flow_logging', + 'https://cloud.google.com/vpc/', + ], + gql: `{ + querygcpNetwork{ + id + __typename + subnets{ + purpose + enableFlowLogs + } + } + }`, + resource: 'querygcpNetwork[*]', + severity: 'high', + conditions: { + path: '@.subnets', + array_all: { + or: [ + { + path: '[*].purpose', + notEqual: 'PRIVATE', + }, + { + and: [ + { + path: '[*].purpose', + equal: 'PRIVATE', + }, + { + path: '[*].enableFlowLogs', + equal: true, + }, + ], + }, + ], + }, + }, +} diff --git a/src/gcp/nist-800-53-rev4/rules/index.ts b/src/gcp/nist-800-53-rev4/rules/index.ts index 81225432..9007efab 100644 --- a/src/gcp/nist-800-53-rev4/rules/index.ts +++ b/src/gcp/nist-800-53-rev4/rules/index.ts @@ -17,6 +17,7 @@ import Gcp_NIST_800_53_36 from './gcp-nist-800-53-rev4-3.6' import Gcp_NIST_800_53_37 from './gcp-nist-800-53-rev4-3.7' import Gcp_NIST_800_53_38 from './gcp-nist-800-53-rev4-3.8' import Gcp_NIST_800_53_39 from './gcp-nist-800-53-rev4-3.9' +import Gcp_NIST_800_53_310 from './gcp-nist-800-53-rev4-3.10' import Gcp_NIST_800_53_41 from './gcp-nist-800-53-rev4-4.1' import Gcp_NIST_800_53_42 from './gcp-nist-800-53-rev4-4.2' @@ -40,6 +41,7 @@ export default [ Gcp_NIST_800_53_37, Gcp_NIST_800_53_38, Gcp_NIST_800_53_39, + Gcp_NIST_800_53_310, Gcp_NIST_800_53_41, Gcp_NIST_800_53_42, ] \ No newline at end of file diff --git a/src/gcp/nist-800-53-rev4/tests/nist-800-53-rev4-3.x.test.ts b/src/gcp/nist-800-53-rev4/tests/nist-800-53-rev4-3.x.test.ts index 51a29a5d..26930931 100644 --- a/src/gcp/nist-800-53-rev4/tests/nist-800-53-rev4-3.x.test.ts +++ b/src/gcp/nist-800-53-rev4/tests/nist-800-53-rev4-3.x.test.ts @@ -1,7 +1,5 @@ -/* eslint-disable max-len */ import cuid from 'cuid' import CloudGraph, { Rule, Result, Engine } from '@cloudgraph/sdk' -import 'jest' import Gcp_NIST_800_53_31 from '../rules/gcp-nist-800-53-rev4-3.1' import Gcp_NIST_800_53_32 from '../rules/gcp-nist-800-53-rev4-3.2' @@ -11,6 +9,8 @@ import Gcp_NIST_800_53_35 from '../rules/gcp-nist-800-53-rev4-3.5' import Gcp_NIST_800_53_36 from '../rules/gcp-nist-800-53-rev4-3.6' import Gcp_NIST_800_53_37 from '../rules/gcp-nist-800-53-rev4-3.7' import Gcp_NIST_800_53_38 from '../rules/gcp-nist-800-53-rev4-3.8' +import Gcp_NIST_800_53_39 from '../rules/gcp-nist-800-53-rev4-3.9' +import Gcp_NIST_800_53_310 from '../rules/gcp-nist-800-53-rev4-3.10' export interface DatabaseFlagsItem { name: string @@ -48,9 +48,22 @@ export interface SqlInstances { ipAddresses?: IpAddress[] } +export interface LogBucket { + name: string + retentionDays: number + locked: boolean +} + +export interface LogSink { + filter?: string + destination?: string +} + export interface QuerygcpProject { id: string sqlInstances: SqlInstances[] + logSinks?: LogSink[] + logBuckets?: LogBucket[] } export interface AuditLogConfig { @@ -69,10 +82,22 @@ export interface QuerygcpIamPolicy { auditConfigs: AuditConfig[] } +export interface GcpNetworkSubnet { + purpose: string + enableFlowLogs: boolean | null +} + +export interface QuerygcpNetwork { + id: string + subnets?: GcpNetworkSubnet[] + name?: string + ipV4Range?: string | null +} export interface NIST3xQueryResponse { querygcpProject?: QuerygcpProject[] querygcpSqlInstance?: SqlInstances[] querygcpIamPolicy?: QuerygcpIamPolicy[] + querygcpNetwork?: QuerygcpNetwork[] } describe('GCP NIST 800-53: Rev. 4', () => { @@ -931,4 +956,129 @@ describe('GCP NIST 800-53: Rev. 4', () => { await testRule(data, Result.FAIL) }) }) + + describe('GCP NIST 3.9 At least one project-level logging sink should be configured with an empty filter', () => { + const getTestRuleFixture = (filter: string): NIST3xQueryResponse => { + return { + querygcpProject: [ + { + id: cuid(), + sqlInstances: [], + logSinks: [ + { + filter: 'dummy filter', + }, + { + filter, + }, + ], + }, + ], + } + } + + const testRule = async ( + data: NIST3xQueryResponse, + expectedResult: Result + ): Promise => { + // Act + const [processedRule] = await rulesEngine.processRule( + Gcp_NIST_800_53_39 as Rule, + { ...data } + ) + + // Asserts + expect(processedRule.result).toBe(expectedResult) + } + + test('No Security Issue when there is a logSink with an empty filter', async () => { + const data: NIST3xQueryResponse = getTestRuleFixture('') + await testRule(data, Result.PASS) + }) + + test('Security Issue when there is a logSink with an empty filter', async () => { + const data: NIST3xQueryResponse = getTestRuleFixture('dummy-filter') + await testRule(data, Result.FAIL) + }) + }) + + + describe('GCP NIST 3.10 Network subnet flow logs should be enabled', () => { + const testRule = async ( + subnets: GcpNetworkSubnet[], + expectedResult: Result + ): Promise => { + // Arrange + const data: NIST3xQueryResponse = { + querygcpNetwork: [ + { + id: cuid(), + subnets, + }, + ], + } + + // Act + const [processedRule] = await rulesEngine.processRule( + Gcp_NIST_800_53_310 as Rule, + { ...data } + ) + + // Asserts + expect(processedRule.result).toBe(expectedResult) + } + + test('No Security Issue when all PRIVATE subnets have enableFlowLogs set to true', async () => { + const subnets: GcpNetworkSubnet[] = [ + { + purpose: 'PRIVATE', + enableFlowLogs: true, + }, + { + purpose: 'PRIVATE', + enableFlowLogs: true, + }, + { + purpose: 'DUMMY', + enableFlowLogs: null, + }, + { + purpose: 'DUMMY', + enableFlowLogs: true, + }, + { + purpose: 'DUMMY', + enableFlowLogs: false, + }, + ] + await testRule(subnets, Result.PASS) + }) + + test('Security Issue when at least 1 PRIVATE subnet has enableFlowLogs set to false', async () => { + const subnets: GcpNetworkSubnet[] = [ + { + purpose: 'PRIVATE', + enableFlowLogs: true, + }, + { + purpose: 'PRIVATE', + enableFlowLogs: false, + }, + ] + await testRule(subnets, Result.FAIL) + }) + test('Security Issue when at least 1 PRIVATE subnet has enableFlowLogs set to null', async () => { + const subnets: GcpNetworkSubnet[] = [ + { + purpose: 'PRIVATE', + enableFlowLogs: true, + }, + { + purpose: 'PRIVATE', + enableFlowLogs: null, + }, + ] + await testRule(subnets, Result.FAIL) + }) + }) }) From e27efdbb93c820bc39c7e09aae751da7dbdffc5f Mon Sep 17 00:00:00 2001 From: "mariano.pizarro" Date: Mon, 23 May 2022 18:44:04 -0300 Subject: [PATCH 29/30] fix: Azure CIS 1.3.1 rule 9.6 has the wrong title number --- src/azure/cis-1.3.1/rules/azure-cis-1.3.1-9.6.ts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/azure/cis-1.3.1/rules/azure-cis-1.3.1-9.6.ts b/src/azure/cis-1.3.1/rules/azure-cis-1.3.1-9.6.ts index 00abec3c..5e1ddea5 100644 --- a/src/azure/cis-1.3.1/rules/azure-cis-1.3.1-9.6.ts +++ b/src/azure/cis-1.3.1/rules/azure-cis-1.3.1-9.6.ts @@ -1,6 +1,6 @@ export default { id: 'azure-cis-1.3.1-9.6', - title: 'Azure CIS 9.2 Ensure that \'PHP version\' is the latest, if used to run the web app (Manual)', + title: 'Azure CIS 9.6 Ensure that \'PHP version\' is the latest, if used to run the web app (Manual)', description: 'Periodically newer versions are released for PHP software either due to security flaws or to include additional functionality. Using the latest PHP version for web apps is recommended in order to take advantage of security fixes, if any, and/or additional functionalities of the newer version.', From 74c4de6b62d9fd275ac3190b5a234d2351621b5b Mon Sep 17 00:00:00 2001 From: tyler dunkel Date: Wed, 25 May 2022 10:14:30 -0500 Subject: [PATCH 30/30] chore(readme): update readme for policy pack links --- README.md | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 609de506..f1f08c9f 100644 --- a/README.md +++ b/README.md @@ -27,7 +27,9 @@ cg scan aws gcp azure | Benchmark | | --------------------------- | [CIS Amazon Web Services Foundations 1.2.0](https://www.npmjs.com/package/@cloudgraph/policy-pack-aws-cis-1.2.0) | +| [CIS Amazon Web Services Foundations 1.3.0](https://www.npmjs.com/package/@cloudgraph/policy-pack-aws-cis-1.3.0) | +| [CIS Amazon Web Services Foundations 1.4.0](https://www.npmjs.com/package/@cloudgraph/policy-pack-aws-cis-1.4.0) | | [CIS Google Cloud Platform Foundations 1.2.0](https://www.npmjs.com/package/@cloudgraph/policy-pack-gcp-cis-1.2.0) | | [CIS Microsoft Azure Foundations 1.3.1](https://www.npmjs.com/package/@cloudgraph/policy-pack-azure-cis-1.3.1) | -| [PCI Data Security Standard version 3.2.1](https://www.npmjs.com/package/@cloudgraph/policy-pack-aws-pci-dss-3.2.1) | +| [AWS PCI Data Security Standard version 3.2.1](https://www.npmjs.com/package/@cloudgraph/policy-pack-aws-pci-dss-3.2.1) | | [NIST 800-53 Rev. 4 for Amazon Web Services](https://www.npmjs.com/package/@cloudgraph/policy-pack-aws-nist-800-53-rev4) |