Skip to main content

Utils

isProtocol

isProtocol: function(protocol: string,
    FirewallRule: OutputInstanceNetworkInterfaceFirewallFirewallRule): boolean

Return true if the given FirewallRule accept the given protocol

isContainPort

isContainPort: function(port: number,
    FirewallRule:OutputInstanceNetworkInterfaceFirewallFirewallRule): boolean

Return true if the given FirewallRule accept the given port

isCIDROpenToAll

isCIDROpenToAll: function(CIDR: string) : boolean

Return true if given CIDR is zero

  • CIDR : string an ip address in CIDR format (e.g. 0.0.0.0/0)

isPortOpen

isPortOpen: function(obj: Output,
    protocol: string,
    port: number,
    callback: (firewall: OutputInstanceNetworkInterfaceFirewall,
    ingressFirewallRule: OutputInstanceNetworkInterfaceFirewallFirewallRule,
    ipRange : number ) => void): boolean

Call the callback function if given port is open

isPortOpenToPublic

isPortOpenToPublic: function(obj: Output,
    protocol: string,
    port: number,
    callback: (firewall: OutputInstanceNetworkInterfaceFirewall,
    ingressFirewallRule: OutputInstanceNetworkInterfaceFirewallFirewallRule,
    ipRange : number ) => void): boolean

Call the callback function if given port is open to public

formatPort

formatPort : function(fromPort: number, toPort: number): string

Convert port to print out format

  • if fromPort === toPort, then simply return toPort
  • otherwise, return "fromPort-toPort"
  • fromPort : number
  • toPort : number

printFirewallRules

printFirewallRules: function(type: string,
    FirewallRule: OutputInstanceNetworkInterfaceFirewallFirewallRule,
    CIDR: string)

Convert given FirewallRule to print out format

  • output is in format return ${type} ${Protocol}/${Port} ${CIDR}, where Protocol = FirewallRule.Protocol, and Port is formatted from FirewallRule.fromPort and FirewallRule.toPort using the formatPort function

  • type : string, either "Ingress" or "Egress"

  • FirewallRule : OutputInstanceNetworkInterfaceFirewallFirewallRule e.g. Generic.Firewalls[0].IngressFirewallRules[0]

  • CIDR : string, an ip address in CIDR format (e.g. 0.0.0.0/0)

getElements

getElements: function(obj: any, key: string): any

Return object with key if found; Otherwise, return a empty array. This function is usually used in legacy js utils code, or when obj is the raw attribute of cloud resource.

  • obj: any, any kind of cloud resource object
  • key: string, attribute to get

getIAMListAdditionalRaw

getIAMListAdditionalRaw: function(obj: Output, name: string): any

Get AdditionalRaw in IAMList and return it as an array

  • obj : Output , AWS, Azure or Generic constant
  • name: string, either PasswordPolicy or AccountSummary. The result will only return list of raw that belongs to OutputIamListIamAdditionalRaw instance with Name property equal to parameter name

toAWSIamListAffectedResouceFormat

toAWSIamListAffectedResouceFormat: function(type: string,
    account_id: number, resource: any, key: string): any

Convert affected resource to audit report understanble format. Usually the output is placed into the result function

  • type: string, the type you want to classify about the resource (e.g. PasswordPolicy)
  • account_id: number, i-th affected resource (count from 0)
  • resource: any, the affected resource, usually is part of Output instance
  • key: string, which field you want to highlight

For example:

// AWS_CIS_ 1.6: Ensure IAM password policy require at least one lowercase letter (Scored)
var PasswordPolicy = Utils.getIAMListAdditionalRaw(AWS, "PasswordPolicy");

PasswordPolicy.forEach((pp, i) => {
 var affectedResouce = Utils.toAWSIamListAffectedResouceFormat("AWSPasswordPolicy", i, pp, "RequireLowercaseCharacters");
 var action = "The password policy should require at least one lowercase letter";

 if (pp == null) {
  var remark = "Password policy has not been set";
  result("High", [affectedResouce], action, remark);
 }
 else if (!pp.RequireLowercaseCharacters) {
  result("High", [affectedResouce], action);
 }
});