辅助函数
isProtocol
isProtocol: function(protocol: string,
FirewallRule: OutputInstanceNetworkInterfaceFirewallFirewallRule): boolean
如果给定的 FirewallRule 接受给定的协议(protocol),则返回 true
protocol:string, 值是"tcp"或者"udp"FirewallRule: OutputInstanceNetworkInterfaceFirewallFirewallRule 如Generic.Firewalls[0].IngressFirewallRules[0]
isContainPort
isContainPort: function(port: number,
FirewallRule:OutputInstanceNetworkInterfaceFirewallFirewallRule): boolean
如果给定的 FirewallRule 接受给定的端口(port),则返回 true
port:number, 0 - 65535FirewallRule: OutputInstanceNetworkInterfaceFirewallFirewallRule 如Generic.Firewalls[0].IngressFirewallRules[0]
isCIDROpenToAll
isCIDROpenToAll: function(CIDR: string) : boolean
如果给定的CIDR为0, 则返回 true
CIDR:stringCIDR 格式的 IP 地址(例如 0.0.0.0/0)
isPortOpen
isPortOpen: function(obj: Output,
protocol: string,
port: number,
callback: (firewall: OutputInstanceNetworkInterfaceFirewall,
ingressFirewallRule: OutputInstanceNetworkInterfaceFirewallFirewallRule,
ipRange : number ) => void): boolean
如果给定端口打开, 则调用回调函数(callback)
obj: Output ,AWS,Azure或者Generic常量protocol:string, 值是"tcp"或者"udp"port:number, 0 - 65535callback: 回调函数,入参为 OutputInstanceNetworkInterfaceFirewall 对象, OutputInstanceNetworkInterfaceFirewallFirewallRule 对象, 以及 OutputInstanceNetworkInterfaceFirewallFirewallRuleIPRange 数字
isPortOpenToPublic
isPortOpenToPublic: function(obj: Output,
protocol: string,
port: number,
callback: (firewall: OutputInstanceNetworkInterfaceFirewall,
ingressFirewallRule: OutputInstanceNetworkInterfaceFirewallFirewallRule,
ipRange : number ) => void): boolean
如果给定端口对公开放,则调用回调函数(callback)
obj: Output ,AWS,Azure或者Generic常量protocol:string, 值是"tcp"或者"udp"port:number, 0 - 65535callback: 回调函数,入参为 OutputInstanceNetworkInterfaceFirewall 对象, OutputInstanceNetworkInterfaceFirewallFirewallRule 对象, 以及 OutputInstanceNetworkInterfaceFirewallFirewallRuleIPRange 数字
formatPort
formatPort : function(fromPort: number, toPort: number): string
将端口转换为打印输出格式(字符串)
- 如果
fromPort === toPort, 直接返回toPort - 否则返回
"fromPort-toPort" fromPort:numbertoPort:number
printFirewallRules
printFirewallRules: function(type: string,
FirewallRule: OutputInstanceNetworkInterfaceFirewallFirewallRule,
CIDR: string)
将给定的FirewallRule 入参转换为打印输出格式(字符串)
-
输出格式为
return ${type} ${Protocol}/${Port} ${CIDR}, 其中Protocol = FirewallRule.Protocol,Port为使用 formatPort 函数的输出(入参为FirewallRule.fromPort以及FirewallRule.toPort) -
type:string, either"Ingress"or"Egress" -
FirewallRule: OutputInstanceNetworkInterfaceFirewallFirewallRule e.g.Generic.Firewalls[0].IngressFirewallRules[0] -
CIDR:stringCIDR 格式的 IP 地址(例如 0.0.0.0/0)
getElements
getElements: function(obj: any, key: string): any
若找到对应key的属性则返回,否则返回空数组
此函数通常用于遗留 js utils 代码,或者当 obj 是云资源的原始数据(Raw)时。
obj:any, 任何云资源实例key:string, 想要访问的属性
getIAMListAdditionalRaw
getIAMListAdditionalRaw: function(obj: Output, name: string): any
获取 IAMList 中符合条件的 AdditionalRaw属性,并返回数组
obj: Output ,AWS,Azure或Generic常量name:string,PasswordPolicy或者AccountSummary. 结果数组只包含 OutputIamListIamAdditionalRaw 中Name属性等于入参name的 对应Raw对象
toAWSIamListAffectedResouceFormat
toAWSIamListAffectedResouceFormat: function(type: string,
account_id: number, resource: any, key: string): any
将受影响的资源转换为审计报告可理解的格式。通常输出被放入 结果函数
type:string,你想对资源进行分类的类型(例如PasswordPolicy)account_id:number,第 i 个受影响的资源(从 0 开始计数)resource:any,受影响的资源,通常是 Output 实例的一部分key:string, 您要突出显示的字段
实例:
// AWS_CIS_ 1.6: Ensure IAM password policy require at least one lowercase letter (Scored)
var PasswordPolicy = Utils.getIAMListAdditionalRaw(AWS, "PasswordPolicy");
PasswordPolicy.forEach((pp, i) => {
var affectedResouce = Utils.toAWSIamListAffectedResouceFormat("AWSPasswordPolicy", i, pp, "RequireLowercaseCharacters");
var action = "The password policy should require at least one lowercase letter";
if (pp == null) {
var remark = "Password policy has not been set";
result("High", [affectedResouce], action, remark);
}
else if (!pp.RequireLowercaseCharacters) {
result("High", [affectedResouce], action);
}
});