Medcify/API
3
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
4470d23d40
API/api.medcify.app/node_modules/snyk/dist/cli/895.index.js

1457 lines
258 KiB
JavaScript
Raw Normal View History

final
2022-09-26 06:11:44 +00:00
"use strict";
exports.id = 895;
exports.ids = [895];
exports.modules = {
/***/ 33111:
/***/ ((__unused_webpack_module, exports, __webpack_require__) => {
Object.defineProperty(exports, "__esModule", ({ value: true }));
exports.InvalidArgumentError = exports.isIacShareResultsOptions = exports.assertIaCOptionsFlags = exports.UnsupportedEntitlementCommandError = exports.UnsupportedEntitlementFlagError = exports.FlagValueError = exports.FeatureFlagError = exports.FlagError = void 0;
const errors_1 = __webpack_require__(55191);
const args_1 = __webpack_require__(94765);
const error_utils_1 = __webpack_require__(36401);
const types_1 = __webpack_require__(94820);
const keys = [
'org',
'debug',
'insecure',
'detectionDepth',
'severityThreshold',
'rules',
'json',
'sarif',
'json-file-output',
'sarif-file-output',
'v',
'version',
'h',
'help',
'q',
'quiet',
'scan',
'report',
// Tags and attributes
'tags',
'project-tags',
'project-environment',
'project-lifecycle',
'project-business-criticality',
'target-reference',
'var-file',
// PolicyOptions
'ignore-policy',
'policy-path',
// Report options
'remote-repo-url',
'target-name',
];
const allowed = new Set(keys);
function camelcaseToDash(key) {
return key.replace(/[A-Z]/g, (m) => '-' + m.toLowerCase());
}
function getFlagName(key) {
const dashes = key.length === 1 ? '-' : '--';
const flag = camelcaseToDash(key);
return `${dashes}${flag}`;
}
class FlagError extends errors_1.CustomError {
constructor(key) {
const flag = getFlagName(key);
const msg = `Unsupported flag "${flag}" provided. Run snyk iac test --help for supported flags`;
super(msg);
this.code = types_1.IaCErrorCodes.FlagError;
this.strCode = error_utils_1.getErrorStringCode(this.code);
this.userMessage = msg;
}
}
exports.FlagError = FlagError;
class FeatureFlagError extends errors_1.CustomError {
constructor(key, featureFlag, hasSnykPreview) {
const flag = getFlagName(key);
let msg;
if (hasSnykPreview) {
msg = `Flag "${flag}" is only supported if feature flag '${featureFlag}' is enabled. The feature flag can be enabled via Snyk Preview if you are on the Enterprise Plan`;
}
else {
msg = `Flag "${flag}" is only supported if feature flag "${featureFlag}" is enabled. To enable it, please contact Snyk support.`;
}
super(msg);
this.code = types_1.IaCErrorCodes.FeatureFlagError;
this.strCode = error_utils_1.getErrorStringCode(this.code);
this.userMessage = msg;
}
}
exports.FeatureFlagError = FeatureFlagError;
class FlagValueError extends errors_1.CustomError {
constructor(key, value) {
const flag = getFlagName(key);
const msg = `Unsupported value "${value}" provided to flag "${flag}".\nSupported values are: ${SUPPORTED_TF_PLAN_SCAN_MODES.join(', ')}`;
super(msg);
this.code = types_1.IaCErrorCodes.FlagValueError;
this.strCode = error_utils_1.getErrorStringCode(this.code);
this.userMessage = msg;
}
}
exports.FlagValueError = FlagValueError;
class UnsupportedEntitlementFlagError extends errors_1.CustomError {
constructor(key, entitlementName) {
const flag = getFlagName(key);
super(`Unsupported flag: ${flag} - Missing the ${entitlementName} entitlement`);
this.code = types_1.IaCErrorCodes.UnsupportedEntitlementFlagError;
this.strCode = error_utils_1.getErrorStringCode(this.code);
this.userMessage = `Flag "${flag}" is currently not supported for this org. To enable it, please contact snyk support.`;
}
}
exports.UnsupportedEntitlementFlagError = UnsupportedEntitlementFlagError;
class UnsupportedEntitlementCommandError extends errors_1.CustomError {
constructor(key, entitlementName) {
super(`Unsupported command: ${key} - Missing the ${entitlementName} entitlement`);
this.code = types_1.IaCErrorCodes.UnsupportedEntitlementFlagError;
this.strCode = error_utils_1.getErrorStringCode(this.code);
this.userMessage = `Command "${key}" is currently not supported for this org. To enable it, please contact snyk support.`;
}
}
exports.UnsupportedEntitlementCommandError = UnsupportedEntitlementCommandError;
/**
* Validates the command line flags passed to the snyk iac test
* command. The current argument parsing is very permissive and
* allows unknown flags to be provided without validation.
*
* For snyk iac we need to explicitly validate the flags to avoid
* misconfigurations and typos. For example, if the --experimental
* flag were to be misspelled we would end up sending the client
* data to our backend rather than running it locally as intended.
* @param argv command line args passed to the process
*/
function assertIaCOptionsFlags(argv) {
// We process the process.argv so we don't get default values.
const parsed = args_1.args(argv);
for (const key of Object.keys(parsed.options)) {
// The _ property is a special case that contains non
// flag strings passed to the command line (usually files)
// and `iac` is the command provided.
if (key !== '_' && key !== 'iac' && !allowed.has(key)) {
throw new FlagError(key);
}
}
if (parsed.options.scan) {
assertTerraformPlanModes(parsed.options.scan);
}
}
exports.assertIaCOptionsFlags = assertIaCOptionsFlags;
const SUPPORTED_TF_PLAN_SCAN_MODES = [
types_1.TerraformPlanScanMode.DeltaScan,
types_1.TerraformPlanScanMode.FullScan,
];
function assertTerraformPlanModes(scanModeArgValue) {
if (!SUPPORTED_TF_PLAN_SCAN_MODES.includes(scanModeArgValue)) {
throw new FlagValueError('scan', scanModeArgValue);
}
}
function isIacShareResultsOptions(options) {
return options.iac && options.report;
}
exports.isIacShareResultsOptions = isIacShareResultsOptions;
class InvalidArgumentError extends errors_1.CustomError {
constructor(key) {
const flag = getFlagName(key);
const msg = `Invalid argument provided to flag "${flag}". Value must be a string`;
super(msg);
this.code = types_1.IaCErrorCodes.InvalidArgumentError;
this.strCode = error_utils_1.getErrorStringCode(this.code);
this.userMessage = msg;
}
}
exports.InvalidArgumentError = InvalidArgumentError;
/***/ }),
/***/ 36401:
/***/ ((__unused_webpack_module, exports, __webpack_require__) => {
Object.defineProperty(exports, "__esModule", ({ value: true }));
exports.getErrorStringCode = void 0;
const types_1 = __webpack_require__(94820);
function getErrorStringCode(code) {
const errorName = types_1.IaCErrorCodes[code];
if (!errorName) {
return 'INVALID_IAC_ERROR';
}
let result = errorName.replace(/([A-Z])/g, '_$1');
if (result.charAt(0) === '_') {
result = result.substring(1);
}
return result.toUpperCase();
}
exports.getErrorStringCode = getErrorStringCode;
/***/ }),
/***/ 11693:
/***/ ((__unused_webpack_module, exports, __webpack_require__) => {
Object.defineProperty(exports, "__esModule", ({ value: true }));
exports.FailedToGetIacOrgSettingsError = exports.getIacOrgSettings = void 0;
const types_1 = __webpack_require__(94820);
const config_1 = __webpack_require__(25425);
const is_ci_1 = __webpack_require__(10090);
const api_token_1 = __webpack_require__(95181);
const request_1 = __webpack_require__(52050);
const errors_1 = __webpack_require__(55191);
const error_utils_1 = __webpack_require__(36401);
function getIacOrgSettings(publicOrgId) {
const payload = {
method: 'get',
url: config_1.default.API + '/iac-org-settings',
json: true,
qs: { org: publicOrgId },
headers: {
'x-is-ci': is_ci_1.isCI(),
authorization: api_token_1.getAuthHeader(),
},
};
return new Promise((resolve, reject) => {
request_1.makeRequest(payload, (error, res) => {
if (error) {
return reject(error);
}
if (res.statusCode < 200 || res.statusCode > 299) {
return reject(new FailedToGetIacOrgSettingsError());
}
resolve(res.body);
});
});
}
exports.getIacOrgSettings = getIacOrgSettings;
class FailedToGetIacOrgSettingsError extends errors_1.CustomError {
constructor(message) {
super(message || 'Failed to fetch IaC organization settings');
this.code = types_1.IaCErrorCodes.FailedToGetIacOrgSettingsError;
this.strCode = error_utils_1.getErrorStringCode(this.code);
this.userMessage =
'We failed to fetch your organization settings, including custom severity overrides for infrastructure-as-code policies. Please run the command again with the `-d` flag and contact support@snyk.io with the contents of the output.';
}
}
exports.FailedToGetIacOrgSettingsError = FailedToGetIacOrgSettingsError;
/***/ }),
/***/ 47658:
/***/ ((__unused_webpack_module, exports, __webpack_require__) => {
Object.defineProperty(exports, "__esModule", ({ value: true }));
exports.DescribeExclusiveArgumentError = void 0;
const custom_error_1 = __webpack_require__(17188);
const drift_1 = __webpack_require__(26445);
class DescribeExclusiveArgumentError extends custom_error_1.CustomError {
constructor() {
super('Please use only one of these arguments: ' +
drift_1.DescribeExclusiveArgs.join(', '));
}
}
exports.DescribeExclusiveArgumentError = DescribeExclusiveArgumentError;
/***/ }),
/***/ 37541:
/***/ ((__unused_webpack_module, exports, __webpack_require__) => {
Object.defineProperty(exports, "__esModule", ({ value: true }));
exports.DescribeRequiredArgumentError = void 0;
const custom_error_1 = __webpack_require__(17188);
const chalk_1 = __webpack_require__(32589);
class DescribeRequiredArgumentError extends custom_error_1.CustomError {
constructor() {
super(chalk_1.default.red('Describe command require one of these arguments:\n' +
' --only-unmanaged: Report resources not under Terraform control\n' +
' --only-managed: Report resources from Terraform states that changed (may take a while)\n' +
' --all: Scan for managed and unmanaged resources (may take a while)'));
}
}
exports.DescribeRequiredArgumentError = DescribeRequiredArgumentError;
/***/ }),
/***/ 24030:
/***/ ((__unused_webpack_module, exports) => {
Object.defineProperty(exports, "__esModule", ({ value: true }));
exports.default = `data:image/svg+xml;base64,PHN2ZyB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciIHhtbG5zOnhsaW5rPSJodHRwOi8vd3d3LnczLm9yZy8xOTk5L3hsaW5rIiB2ZXJzaW9uPSIxLjEiIHdpZHRoPSIxNTYwcHQiIGhlaWdodD0iMjQ0OHB0IiB2aWV3Qm94PSIwIDAgMTU2MCAyNDQ4Ij48ZyBlbmFibGUtYmFja2dyb3VuZD0ibmV3Ij48Zz48ZyBpZD0iTGF5ZXItMSIgZGF0YS1uYW1lPSJBQVBMOlN0eWxlIj48ZyBpZD0iTGF5ZXItMiIgZGF0YS1uYW1lPSJBQVBMOlN0eWxlQ29udGVudCI+PG1hc2sgaWQ9Im1hMCI+PGcgdHJhbnNmb3JtPSJtYXRyaXgoMSwwLDAsLjk5OTk5OTk3LDAsLTQpIj48dXNlIHhsaW5rOmhyZWY9IiNpbTEiIHg9IjAiIHk9IjAiIHdpZHRoPSIxNTYwIiBoZWlnaHQ9IjI0NTYiLz48L2c+PC9tYXNrPjxzeW1ib2wgaWQ9ImltMSIgdmlld0JveD0iMCAwIDE1NjAgMjQ1NiI+PGltYWdlIHdpZHRoPSIxNTYwIiBoZWlnaHQ9IjI0NTYiIHhsaW5rOmhyZWY9ImRhdGE6aW1hZ2UvcG5nO2Jhc2U2NCxpVkJPUncwS0dnb0FBQUFOU1VoRVVnQUFCaGdBQUFtWUNBQUFBQUNtZ2Zsc0FBQUFDWEJJV1hNQUFBN0VBQUFPeEFHVkt3NGJBQUNFRVVsRVFWUjRuT3pkalhiYnRyS0FVZXI5SHpwbjViUzFOZUFBSkNWS0JJaTkxMm5zdU9tZkJmTGpBTXE5andVQW5qeXUvaGNBb0MvQ0FFQWdEQUFFd2dCQUlBd0FCTUpBOUZqK1hQMnZ3SmY5L3k3Z1plZVhNTkJZQlc0V2QrWmxwMFlZSnJkakFiaE4zSStYblNaaG1OaitGOTlONGs1MnYrNWU5bWtKdzZ5T3Z2SnVFdmR3OEhYM3NzOUpHT2IweXV2dUhqRytGMTUzTC91TWhHRktMNzdzN2hGajg3S3prekRNNTQzWDNDMWlaSysvOEY3MzJRakRkTjU2eWQwaHh2WE9DKzkxbjR3d1RPZTlsOXdkWWxSZWQvWVRodG04K1lxN1FZeEtHTmhQR0diejdpdnVEakVtcnpzSENNTmszbjdCM1NER0pBd2NJQXlURVlZNXZYK2hlK0ZuSWd4ek9lSDFkb01Za1JlZUk0UmhLbWU4M080UEl4SUdqaENHcVFqRHJMenlIQ0VNTXpubDFYWjdHSkJYbmtPRVlTYm52TnJ1RCtQeHluT0lNRXprcEJmYjdXRTh3c0Fod2pBUllaaVdsNTVEaEdFZVo3M1c3ZzdqRVFZT0VZWjV0Ri9yOEdlYk53QjNoK0hzZitrM1hseXYvU1NFWVJxdGx6cjVjL1ZiZ0p2RGNCcXYvYUdYM21zL0MyR1lSdldscnYySjJrM0F6V0U0UjE5N1R3V3pFNFpaMUY3cDFncW8zQVhjSEVaVGVaRWJyNzJuZ3JrSnd5UmU2VUx0TnVEbU1KcjhWWDdsdGZmaXowRVlKdkhLcmVHdjdEN2czakNhN0hYZWZPMDlGVXhNR09id2FoZlNHNEY3dzJpU0YvckYxOTZyUHdkaG1NTkxqNHovV044STNCb0c4MklYbEdGZXdqQ0ZIVjE0K21seDVhOXVCTzRNZzFtLy9OVVhmK3UxcjN5Tm14R0dLV3c5TXE3Ky9KL3FUNUtmMDduVnk5dDg4WnV2ZmUxcjNJc3d6R0NqQytraStKTitXdmtDWFN0ZjRLMFgvMC9sOC9xWHVCbGhtRUZ6SzJISDcyOHpNb3l0SG9ZWFh2ejhTOXlMTUV6Z3BTNHN6OWYvanAxbitsVTlVWGpseFUrL3dzMEl3LzIxdXJEejl6Z0p3OUFlbFo4MVgzMWxtSmt3M0Y4akRPbmtrRzBqeER1Qis4SlFhZ05EOXVxbmUwZ09tYVlqRExlM3B3dlZONmI4S2IrUS9Jek9WUWFHMnF1L0RvS1JZVHJDY0h2MTl5bythcjlpcXd4dUMwUEp3MUI5S3RoOExzaSt3TDBJdzkzVkI0Wkg3UmY4MzUvd3djZ3dzUFIzTFRTZUNwYjF5NjRNa3hHR3U2c09ETzB1dE12Z3RqQ1NWaGkyM3E5YXJJTFZuK2VlaE9IbXFnTkRlV1A0NzVQVkRuTjJhM0JiR0VrV2hsVVgvdm1zOXVvcncyU0U0ZVpxQTBOeFl3aS9MTjRNaEdGMDJXOTBmaVEvKzBkeHdGQWJHYXlCV3hPR2U2c05ETFhueG4rRnUwRnlhM0JUR0VoOVlLaTgvTnNQQnVrWHVCRmh1TGZLd0pEZEhvSS9xeCtGWVZUVk1OU1BHWklIQXlQRFZJVGgxdG9iU2ZVdVpQY0VZUmhVc3BQMDd1dWZmNEg3RUlZN2EyOGtQY0l2S1ErZm4rNEdSb2FoMWNLUUhqTmtKd3hHaHZrSXc1MDFONUtxdXduUEhSQ0c4YTNEMEY0QXE5ZmZ5REFmWWJpeDVzQ1FQRFQrS0o4VzdTV05yQktHeGdLb1RBdktNQTlodUxIV3dORHF3cW9Kd2pDeXgrclRueGUvdGdDMm53enlMM0FYd25CZnJZR2gzWVh5bmlBTUE5c2NHSFlzQUdXWWpURGMxOWJBRU80S1A3LzRhWWU1Y1Y5d1J4aEdJd3paQ2dodlBtZzhHdVJmNENhRTRiWjJEUXpaMEpEY0VvUmhYSGtZaWhYdy9Ldkt3MmNqdzRTRTRiWWFBOFBHSHZQNmxtQXZhVnlyTUNRRFE3RUNmbDl1SThPa2hPR3VLZ05EdUNzMHp4Ny9MT1VEb3pDTWFIWDJ2RjRDamJlbEdSbm1KQXgzdFRFd2xGc0ovM3g4M21BV2hudEl3NUF1Z1dlclp3Ty95MjBxd25CVGUwNmVzeTNtNG8ySzFkdUMrOEVvbW1GSWxrRDI3Z09iU2JNUmhudmFPbmx1YkNhbFVSQ0dVYldQR05MZHBQVkdrcEZoTnNKd1R4c0RRM09IK2JrTXdqQzZhaGhhYTJEZnc4R1NmNEViRUlaYjJqRXcxRThleTd0QmVzamdkakNJTkF5VjNhUmYyY1BCK3FEcDZkZHlMOEp3U3djR2h1ZkQ1K0xzT1QrQ2Z2bzE5SzkxeEZEdHd1L3JiV1NZa3pEYzBZR0JvVGhrV0cwdkM4UGc5b2Nobmo1WHgwWmxtSUV3M05IMlcxWHJHOHpGSm9KRGhzSFZ3dERZVVd3L0hRakRESVRoaGpZR2hvMURodlVOUVJnR1ZvWmgvWFNRTElMa2lNSElNQlZodUtIZEEwTisrTHk2SVRoOUhsZnI3TGx4eXJCM2Jueis1ZHlJTU56UHZwUG45ZUZ6Y2ZTYzNST0VZVFF2aHFFOGZGYUd5UWpEL2V3YUdIYWNPd3JERGRUQ3NGNEovMzM0OTRWdFBCNEl3LzBKdyszc0hoaXE1NDZyKzRHM0pRMnJjZlpjZlE5Q2R2aXNESE1SaHJ2Wk9IbGUzeFR5TnlXbFU0TXdER2N6RE9reXFEOGZLTU1jaE9GdXRnZUc5dUh6NmtIUjI1SkcxbjVUVXZXVVlWMEdJOE5VaE9GbWpnd01XMjlLRW9ieDdRbEQ2MjFKUm9ZNUNjUE43RDE1TGg0VS8zNklwNDVPbisrZ2NmYTg0MjFKaDBZR0MrSk9oT0Zlamc0TWxUY2wvWE1ERUliaDdRbkRhaDJFdytkVkhKUmhCc0p3THdjR2h1elVNZDFhcnB3K3V3ME00RkFZZm41eFdZWnNaTENaZEd2Q2NDdVZnZUhwNUhuamtHRzF0ZXh0U1VNcmp4Z3FZVmd0aE5vVGdzMmtTUWpEcmJ3d01CUi9TVDR1Q01PZ3NqQThyNFRxUXNpZUVHd216VU1ZN3FUUmhlU09VSDAzU25IQzRHMUo0eXJERUI0UkdwTmpmdmhzWkppR01Oekl3WlBuOU0wbzRXYXdmbFlVaHJGVX
/***/ }),
/***/ 19679:
/***/ ((__unused_webpack_module, exports) => {
Object.defineProperty(exports, "__esModule", ({ value: true }));
exports.default = `<svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" version="1.1" width="1560pt" height="2448pt" viewBox="0 0 1560 2448"><g enable-background="new"><g><g id="Layer-1" data-name="AAPL:Style"><g id="Layer-2" data-name="AAPL:StyleContent"><mask id="ma0"><g transform="matrix(1,0,0,.99999997,0,-4)"><use xlink:href="#im1" x="0" y="0" width="1560" height="2456"/></g></mask><symbol id="im1" viewBox="0 0 1560 2456"><image width="1560" height="2456" xlink:href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAABhgAAAmYCAAAAACmgflsAAAACXBIWXMAAA7EAAAOxAGVKw4bAACEEUlEQVR4nOzdjXbbtrKAUer9Hzpn5bS1NeAAJCVKBIi912nsuOmfBfLjAMq9jwUAnjyu/hcAoC/CAEAgDAAEwgBAIAwABMJA9Fj+XP2vwJf9/y7gZeeXMNBYBW4Wd+Zlp0YYJrdjAbhN3I+XnSZhmNj+F99N4k52v+5e9mkJw6yOvvJuEvdw8HX3ss9JGOb0yuvuHjG+F153L/uMhGFKL77s7hFj87KzkzDM543X3C1iZK+/8F732QjDdN56yd0hxvXOC+91n4wwTOe9l9wdYlRed/YThtm8+Yq7QYxKGNhPGGbz7ivuDjEmrzsHCMNk3n7B3SDGJAwcIAyTEYY5vX+he+FnIgxzOeH1doMYkReeI4RhKme83O4PIxIGjhCGqQjDrLzyHCEMMznl1XZ7GJBXnkOEYSbnvNruD+PxynOIMEzkpBfb7WE8wsAhwjARYZiWl55DhGEeZ73W7g7jEQYOEYZ5tF/r8GebNwB3h+Hsf+k3Xlyv/SSEYRqtlzr5c/VbgJvDcBqv/aGX3ms/C2GYRvWlrv2J2k3AzWE4R197TwWzE4ZZ1F7p1gqo3AXcHEZTeZEbr72ngrkJwyRe6ULtNuDmMJr8VX7ltffiz0EYJvHKreGv7D7g3jCa7HXefO09FUxMGObwahfSG4F7w2iSF/rF196rPwdhmMNLj4z/WN8I3BoG82IXlGFewjCFHV14+mlx5a9uBO4Mg1m//NUXf+u1r3yNmxGGKWw9Mq7+/J/qT5Kf07nVy9t88Zuvfe1r3IswzGCjC+ki+JN+WvkCXStf4K0X/0/l8/qXuBlhmEFzK2HH728zMoytHoYXXvz8S9yLMEzgpS4sz9f/jp1n+lU9UXjlxU+/ws0Iw/21urDz9zgJw9AelZ81X31lmJkw3F8jDOnkkG0jxDuB+8JQagND9uqne0gOmaYjDLe3pwvVN6b8Kb+Q/IzOVQaG2qu/DoKRYTrCcHv19yo+ar9iqwxuC0PJw1B9Kth8Lsi+wL0Iw93VB4ZH7Rf835/wwcgwsPR3LTSeCpb1y64MkxGGu6sODO0utMvgtjCSVhi23q9arILVn+eehOHmqgNDeWP475PVDnN2a3BbGEkWhlUX/vms9uorw2SE4eZqA0NxYwi/LN4MhGF02W90fiQ/+0dxwFAbGayBWxOGe6sNDLXnxn+Fu0Fya3BTGEh9YKi8/NsPBukXuBFhuLfKwJDdHoI/qx+FYVTVMNSPGZIHAyPDVITh1tobSfUuZPcEYRhUspP07uuff4H7EIY7a28kPcIvKQ+fn+4GRoah1cKQHjNkJwxGhvkIw501N5KquwnPHRCG8a3D0F4Aq9ffyDAfYbix5sCQPDT+KJ8W7SWNrBKGxgKoTAvKMA9huLHWwNDqwqoJwjCyx+rTnxe/tgC2nwzyL3AXwnBfrYGh3YXyniAMA9scGHYsAGWYjTDc19bAEO4KP7/4aYe5cV9wRxhGIwzZCghvPmg8GuRf4CaE4bZ2DQzZ0JDcEoRhXHkYihXw/KvKw2cjw4SE4bYaA8PGHvP6lmAvaVyrMCQDQ7ECfl9uI8OkhOGuKgNDuCs0zx7/LOUDozCMaHX2vF4CjbelGRnmJAx3tTEwlFsJ/3x83mAWhntIw5AugWerZwO/y20qwnBTe06esy3m4o2K1duC+8EommFIlkD27gObSbMRhnvaOnlubCalURCGUbWPGNLdpPVGkpFhNsJwTxsDQ3OH+bkMwjC6ahhaa2Dfw8GSf4EbEIZb2jEw1E8ey7tBesjgdjCINAyV3aRf2cPB+qDp6ddyL8JwSwcGhufD5+LsOT+Cfvo19K91xFDtwu/rbWSYkzDc0YGBoThkWG0vC8Pg9ochnj5Xx0ZlmIEw3NH2W1XrG8zFJoJDhsHVwtDYUWw/HQjDDIThhjYGho1DhvUNQRgGVoZh/XSQLILkiMHIMBVhuKHdA0N++Ly6ITh9Hlfr7LlxyrB3bnz+5dyIMNzPvpPn9eFzcfSc3ROEYTQvhqE8fFaGyQjD/ewaGHacOwrDDdTCsF4J/33494VtPB4Iw/0Jw+3sHhiq546r+4G3JQ2rcfZcfQ9CdvisDHMRhrvZOHle3xTyNyWlU4MwDGczDOkyqD8fKMMchOFutgeG9uHz6kHR25JG1n5TUvWUYV0GI8NUhOFmjgwMW29KEobx7QlD621JRoY5CcPN7D15Lh4U/36Ip45On++gcfa8421Jh0YGC+JOhOFejg4MlTcl/XMDEIbh7QnDah2Ew+dVHJRhBsJwLwcGhuzUMd1arpw+uw0M4FAYfn5xWYZsZLCZdGvCcCuVgeHp5HnjkGG1textSUMrjxgqYVgthNoTgs2kSQjDrbwwMBR/ST4uCMOgsjA8r4TqQsieEGwmzUMY7qTRheSOUH03SnHC4G1J4yrDEB4RGpNjfvhsZJiGMNzIwZPn9M0o4WawflYUhrFUwrBnJVSqYGSYgjDcyN6BYXU3+OdDeuRYPicKw0h2nj0XS+HpdLmypVg9f7YobkIY7uPVgWH9ZpR9hwzuAd3bEYbfrzz9+vQZwWbSRIThPrYHhnYX8hNHp88D2wpDdSnUnhFsJk1CGG7j+MCwPnMMJ47CMLzyiKEahtVS+HmxjQxTEobbaAwMe7uwGhmEYWxZGNZHTdVnBCPDtIThLo4NDE9fDdKj5+cwOGQYSRmGsBgqx8//qe8rtstgVdyBMNzFSwPD6i9abx4UD4rCMJJKGFabSa2HBJtJMxKGm6gMDE8nz7UTx38//ns5/1z56zCs9pLcATq3dfacLoZf9SoYGe5OGG7ijYHh37/09zrPNpKEYUBbYaguht+nhMZm0tMviqyL8QnDPTS6UD1wLE8cf+77e8PgDtC5I2F4xL/i5zGhUQUjw30Jwy0cO3l+vhU8/5XJcaMwjKw8YtgMw9NfsHpMcP48E2G4he2B4Z9bwmpgCH+hMNxMFobV8JiPj7vKIAy3JQx3cM7A8HzB18PgkGEcZRh+10N+9rxeDfUqGBluTRjuYNfAsN2FeCuIH3/uBcIwjkoYasfP2XJw/jwnYbiBlweG1V9Y3AaKMKz2klz+Xds6e872FoOnB4LkGcFm0o0Jww00BoZjXUjD0DhkcPl3bSsMh9eDzaRpCMP4jg0MyZby4+cyPhgGl3/X9oZhcz1sbiYJw90Iw/jeHBj++fC7W/yn2gZhGEt5xBCWw2psqK0HI8OMhGF4lYHhvx+ym8HvcePvX/17gSdHz8IwojIM4VGhFob1gmiPDLUyWBpDE4bhvTUw/P7FRRiWP7UwOGQYRT0M2SlDuSB+b/vVONhMui1hGF2jC2E8KO8Bj/KvLu4D3q86vEoYklOGdEGsV8ShzSRrY2TCMLqTBob8NlCEYbWX5OLv2KP8fEcY4mr67+VubyYZGW5IGAa3PTDs7EK4DWQnDMIwmK0wxI+tFWFkmI4wjG39+h0YGIq/+IUwuPg7tisMzUeFjTLEkUEZ7kQYxnbiwFDcBbI
/***/ }),
/***/ 26445:
/***/ ((__unused_webpack_module, exports, __webpack_require__) => {
Object.defineProperty(exports, "__esModule", ({ value: true }));
exports.processHTMLOutput = exports.processAnalysis = exports.updateExcludeInPolicy = exports.driftignoreFromPolicy = exports.parseDriftAnalysisResults = exports.validateArgs = exports.DescribeRequiredArgs = exports.DescribeExclusiveArgs = void 0;
const fs = __webpack_require__(35747);
const describe_exclusive_argument_error_1 = __webpack_require__(47658);
const describe_required_argument_error_1 = __webpack_require__(37541);
const snyk_logo_1 = __webpack_require__(19679);
const snyk_favicon_1 = __webpack_require__(24030);
const output_1 = __webpack_require__(55659);
const driftctl_1 = __webpack_require__(3659);
exports.DescribeExclusiveArgs = [
'all',
'only-managed',
'drift',
'only-unmanaged',
];
exports.DescribeRequiredArgs = [
'all',
'only-managed',
'drift',
'only-unmanaged',
];
exports.validateArgs = (options) => {
if (options.kind === 'describe') {
return validateDescribeArgs(options);
}
};
const validateDescribeArgs = (options) => {
// Check that there is no more than one of the exclusive arguments
let count = 0;
for (const describeExclusiveArg of exports.DescribeExclusiveArgs) {
if (options[describeExclusiveArg]) {
count++;
}
}
if (count > 1) {
throw new describe_exclusive_argument_error_1.DescribeExclusiveArgumentError();
}
// Check we have one of the required arguments
count = 0;
for (const describeRequiredArgs of exports.DescribeRequiredArgs) {
if (options[describeRequiredArgs]) {
count++;
}
}
if (count === 0) {
throw new describe_required_argument_error_1.DescribeRequiredArgumentError();
}
};
exports.parseDriftAnalysisResults = (input) => {
return JSON.parse(input);
};
function driftignoreFromPolicy(policy) {
const excludeSection = 'iac-drift';
if (!policy || !policy.exclude || !(excludeSection in policy.exclude)) {
return [];
}
return policy.exclude[excludeSection];
}
exports.driftignoreFromPolicy = driftignoreFromPolicy;
exports.updateExcludeInPolicy = (policy, analysis, options) => {
var _a, _b, _c;
const excludedResources = driftignoreFromPolicy(policy);
const addResource = (res) => excludedResources.push(`${res.type}.${res.id}`);
if (!options['exclude-changed'] && analysis.summary.total_changed > 0) {
(_a = analysis.differences) === null || _a === void 0 ? void 0 : _a.forEach((change) => addResource(change.res));
}
if (!options['exclude-missing'] && analysis.summary.total_missing > 0) {
(_b = analysis.missing) === null || _b === void 0 ? void 0 : _b.forEach((res) => addResource(res));
}
if (!options['exclude-unmanaged'] && analysis.summary.total_unmanaged > 0) {
(_c = analysis.unmanaged) === null || _c === void 0 ? void 0 : _c.forEach((res) => addResource(res));
}
if (!policy.exclude) {
policy.exclude = {};
}
policy.exclude['iac-drift'] = excludedResources;
};
async function processAnalysis(options, describe) {
if (options.html || options['html-file-output']) {
// we use fmt for html output
const fmtResult = await driftctl_1.runDriftCTL({
options: { ...options, kind: 'fmt' },
input: describe.stdout,
});
const output = processHTMLOutput(options, fmtResult.stdout);
if (options.html) {
// html on stdout
return output;
}
// should return an empty string if we use the html-file-output flag
return '';
}
if (options.json) {
// json on stdout
return describe.stdout;
}
const analysis = exports.parseDriftAnalysisResults(describe.stdout);
return output_1.getHumanReadableAnalysis(options, analysis);
}
exports.processAnalysis = processAnalysis;
function processHTMLOutput(options, stdout) {
if (options.html) {
stdout = rebrandHTMLOutput(stdout);
}
if (options['html-file-output']) {
const data = fs.readFileSync(options['html-file-output'], {
encoding: 'utf8',
});
fs.writeFileSync(options['html-file-output'], rebrandHTMLOutput(data));
}
return stdout;
}
exports.processHTMLOutput = processHTMLOutput;
function rebrandHTMLOutput(data) {
// Replace favicon
const faviconReplaceRegex = new RegExp('(<link rel="shortcut icon")(.*)(\\/>)', 'g');
data = data.replace(faviconReplaceRegex, `<link rel="shortcut icon" type="image/x-icon" href="${snyk_favicon_1.default}" />`);
// Replace HTML title
const titleReplaceRegex = new RegExp('(<title>)(.*)(<\\/title>)', 'g');
data = data.replace(titleReplaceRegex, `<title>Snyk IaC drift report</title>`);
// Replace header brand logo
const logoReplaceRegex = new RegExp('(<div id="brand_logo">)((.|\\r|\\n)*?)(<\\/div>)', 'g');
data = data.replace(logoReplaceRegex, `<div id="brand_logo">${snyk_logo_1.default}</div>`);
return data;
}
/***/ }),
/***/ 3659:
/***/ ((__unused_webpack_module, exports, __webpack_require__) => {
var _a;
Object.defineProperty(exports, "__esModule", ({ value: true }));
exports.runDriftCTL = exports.translateExitCode = exports.generateArgs = exports.driftctlVersion = exports.DCTL_EXIT_CODES = void 0;
const config_1 = __webpack_require__(25425);
const exit_codes_1 = __webpack_require__(80079);
const env_paths_1 = __webpack_require__(21766);
const metrics_1 = __webpack_require__(32971);
const analytics = __webpack_require__(82744);
const spinner_1 = __webpack_require__(86766);
const service_mappings_1 = __webpack_require__(16228);
const drift_1 = __webpack_require__(26445);
const debugLib = __webpack_require__(15158);
const request_1 = __webpack_require__(52050);
const path = __webpack_require__(85622);
const child_process = __webpack_require__(63129);
const fs = __webpack_require__(35747);
const os = __webpack_require__(12087);
const crypto = __webpack_require__(76417);
const file_utils_1 = __webpack_require__(52761);
const debug = debugLib('driftctl');
const cachePath = (_a = config_1.default.CACHE_PATH) !== null && _a !== void 0 ? _a : env_paths_1.default('snyk').cache;
exports.DCTL_EXIT_CODES = {
EXIT_IN_SYNC: 0,
EXIT_NOT_IN_SYNC: 1,
EXIT_ERROR: 2,
};
exports.driftctlVersion = 'v0.35.2';
const driftctlChecksums = {
driftctl_darwin_amd64: '1e21863bb99d104da8a1e33999563cc172ca51bb5b6ac7d3a4bd9678e0285067',
'driftctl_windows_386.exe': '20dc49a4faebfdbdf9f9198499ba2426ea6cda0666e82d81cd4e08a41516d5e0',
driftctl_darwin_arm64: '37b7a4c72f4db62b056f1b534eb93fbb8dd32c303719ed4af87d9bd4d903fcf6',
driftctl_linux_arm64: '3e6dabf013e097be1aac0e6e0f4ebcc3ada85a1906c6841d57fbe96c9ee9857e',
'driftctl_windows_arm.exe': '480c330fefdc6e1d58de943817556a1cd183d32d58b6cb20c8127cd3b8753dc4',
driftctl_linux_amd64: '80b7b99c343e1502f54321987c9f00fa3c381fbea819b1e440a0377b18706fb1',
'driftctl_windows_amd64.exe': 'bbc71047bd75e1bcd80752b7c03c27c0d8d7d93bec72a70eb8bc8220687805de',
'driftctl_windows_arm64.exe': 'be1a5564ec3351503caa16121d192ad8d8e8f287a5324939214b20177c7363e4',
driftctl_linux_arm: 'd04c911bdb86092743077bfbb025bfb8391978236bb381122594aeaa77f9a68f',
driftctl_linux_386: 'e720c2f3c25594c7b83ffb2123c461283589b6ee73b9a59c1c4f48bb2bac2775',
};
const dctlBaseUrl = 'https://static.snyk.io/cli/driftctl/';
const driftctlPath = path.join(cachePath, 'driftctl_' + exports.driftctlVersion);
const driftctlDefaultOptions = ['--no-version-check'];
let isBinaryDownloaded = false;
exports.generateArgs = async (options, driftIgnore) => {
if (options.kind === 'describe') {
return await generateScanFlags(options, driftIgnore);
}
if (options.kind === 'fmt') {
return generateFmtFlags(options);
}
throw 'Unsupported command';
};
const generateFmtFlags = (options) => {
const args = ['fmt', ...driftctlDefaultOptions];
if (options.json) {
args.push('--output');
args.push('json://stdout');
}
if (options.html) {
args.push('--output');
args.push('html://stdout');
}
if (options['html-file-output']) {
args.push('--output');
args.push('html://' + options['html-file-output']);
}
return args;
};
const generateScanFlags = async (options, driftIgnore) => {
const args = ['scan', ...driftctlDefaultOptions];
if (options.quiet) {
args.push('--quiet');
}
if (options.filter) {
args.push('--filter');
args.push(options.filter);
}
args.push('--output');
args.push('json://stdout');
if (options['fetch-tfstate-headers']) {
args.push('--headers');
args.push(options['fetch-tfstate-headers']);
}
if (options['tfc-token']) {
args.push('--tfc-token');
args.push(options['tfc-token']);
}
if (options['tfc-endpoint']) {
args.push('--tfc-endpoint');
args.push(options['tfc-endpoint']);
}
if (options['tf-provider-version']) {
args.push('--tf-provider-version');
args.push(options['tf-provider-version']);
}
if (options.strict) {
args.push('--strict');
}
if (options.deep || options.all) {
args.push('--deep');
}
if (options['only-managed'] || options.drift) {
args.push('--only-managed');
}
if (options['only-unmanaged']) {
args.push('--only-unmanaged');
}
if (options.driftignore) {
args.push('--driftignore');
args.push(options.driftignore);
}
if (options['tf-lockfile']) {
args.push('--tf-lockfile');
args.push(options['tf-lockfile']);
}
if (driftIgnore && driftIgnore.length > 0) {
args.push('--ignore');
args.push(driftIgnore.join(','));
}
let configDir = cachePath;
await file_utils_1.createDirIfNotExists(cachePath);
if (options['config-dir']) {
configDir = options['config-dir'];
}
args.push('--config-dir');
args.push(configDir);
if (options.from) {
const froms = options.from.split(',');
for (const f of froms) {
args.push('--from');
args.push(f);
}
}
let to = 'aws+tf';
if (options.to) {
to = options.to;
}
args.push('--to');
args.push(to);
if (options.service) {
const services = options.service.split(',');
service_mappings_1.verifyServiceMappingExists(services);
args.push('--ignore');
args.push(service_mappings_1.createIgnorePattern(services));
}
debug(args);
return args;
};
function translateExitCode(exitCode) {
switch (exitCode) {
case exports.DCTL_EXIT_CODES.EXIT_IN_SYNC:
return 0;
case exports.DCTL_EXIT_CODES.EXIT_NOT_IN_SYNC:
return exit_codes_1.EXIT_CODES.VULNS_FOUND;
case exports.DCTL_EXIT_CODES.EXIT_ERROR:
return exit_codes_1.EXIT_CODES.ERROR;
default:
debug('driftctl returned %d', exitCode);
return exit_codes_1.EXIT_CODES.ERROR;
}
}
exports.translateExitCode = translateExitCode;
exports.runDriftCTL = async ({ options, driftIgnore, input, stdio, }) => {
const path = await findOrDownload();
await drift_1.validateArgs(options);
const args = await exports.generateArgs(options, driftIgnore);
if (!stdio) {
stdio = ['pipe', 'pipe', 'inherit'];
}
debug('running driftctl %s ', args.join(' '));
const p = child_process.spawn(path, args, {
stdio,
env: { ...process.env, DCTL_IS_SNYK: 'true' },
});
let stdout = '';
return new Promise((resolve, reject) => {
var _a, _b, _c;
if (input) {
(_a = p.stdin) === null || _a === void 0 ? void 0 : _a.write(input);
(_b = p.stdin) === null || _b === void 0 ? void 0 : _b.end();
}
p.on('error', (error) => {
reject(error);
});
(_c = p.stdout) === null || _c === void 0 ? void 0 : _c.on('data', (data) => {
stdout += data;
});
p.on('exit', (code) => {
resolve({ code: translateExitCode(code), stdout });
});
});
};
async function findOrDownload() {
let dctl = await findDriftCtl();
if (isBinaryDownloaded) {
return dctl;
}
let downloadDuration = 0;
let binaryExist = true;
if (dctl === '') {
binaryExist = false;
try {
await file_utils_1.createDirIfNotExists(cachePath);
dctl = driftctlPath;
const duration = new metrics_1.TimerMetricInstance('driftctl_download');
duration.start();
await download(driftctlUrl(), dctl);
duration.stop();
downloadDuration = Math.round(duration.getValue() / 1000);
}
catch (err) {
return Promise.reject(err);
}
}
analytics.add('iac-drift-binary-already-exist', binaryExist);
analytics.add('iac-drift-binary-download-duration-seconds', downloadDuration);
isBinaryDownloaded = true;
return dctl;
}
async function findDriftCtl() {
// lookup in custom path contained in env var DRIFTCTL_PATH
let dctlPath = config_1.default.DRIFTCTL_PATH;
if (dctlPath != null) {
const exists = await file_utils_1.isExe(dctlPath);
if (exists) {
debug('Found driftctl in $DRIFTCTL_PATH: %s', dctlPath);
return dctlPath;
}
}
// lookup in app cache
dctlPath = driftctlPath;
const exists = await file_utils_1.isExe(dctlPath);
if (exists) {
debug('Found driftctl in cache: %s', dctlPath);
return dctlPath;
}
debug('driftctl not found');
return '';
}
async function download(url, destination) {
debug('downloading driftctl into %s', destination);
const payload = {
method: 'GET',
url: url,
output: destination,
follow: 3,
};
await spinner_1.spinner('Downloading...');
return new Promise((resolve, reject) => {
request_1.makeRequest(payload, function (err, res, body) {
try {
if (err) {
reject(new Error('Could not download driftctl from ' + url + ': ' + err));
return;
}
if (res.statusCode !== 200) {
reject(new Error('Could not download driftctl from ' + url + ': ' + res.statusCode));
return;
}
validateChecksum(body);
fs.writeFileSync(destination, body);
debug('File saved: ' + destination);
fs.chmodSync(destination, 0o744);
resolve(true);
}
finally {
spinner_1.spinner.clearAll();
}
});
});
}
function validateChecksum(body) {
// only validate if we downloaded the official driftctl binary
if (config_1.default.DRIFTCTL_URL || config_1.default.DRIFTCTL_PATH) {
return;
}
const computedHash = crypto
.createHash('sha256')
.update(body)
.digest('hex');
const givenHash = driftctlChecksums[driftctlFileName()];
if (computedHash != givenHash) {
throw new Error('Downloaded file has inconsistent checksum...');
}
}
function driftctlFileName() {
let platform = 'linux';
switch (os.platform()) {
case 'darwin':
platform = 'darwin';
break;
case 'win32':
platform = 'windows';
break;
}
let arch = 'amd64';
switch (os.arch()) {
case 'ia32':
case 'x32':
arch = '386';
break;
case 'arm':
arch = 'arm';
break;
case 'arm64':
arch = 'arm64';
break;
}
let ext = '';
switch (os.platform()) {
case 'win32':
ext = '.exe';
break;
}
return `driftctl_${platform}_${arch}${ext}`;
}
function driftctlUrl() {
if (config_1.default.DRIFTCTL_URL) {
return config_1.default.DRIFTCTL_URL;
}
return `${dctlBaseUrl}/${exports.driftctlVersion}/${driftctlFileName()}`;
}
/***/ }),
/***/ 55659:
/***/ ((__unused_webpack_module, exports, __webpack_require__) => {
Object.defineProperty(exports, "__esModule", ({ value: true }));
exports.getHumanReadableAnalysis = void 0;
const service_mappings_1 = __webpack_require__(16228);
const chalk_1 = __webpack_require__(32589);
const common_1 = __webpack_require__(47724);
const jsondiffpatch_1 = __webpack_require__(79732);
function getHumanReadableAnalysis(option, analysis) {
let output = getHumanReadableHeader();
if (!option['only-unmanaged']) {
output += getHumanReadableManaged(analysis);
}
if (!option['only-managed'] && !option.drift) {
output += getHumanReadableUnmanaged(analysis);
}
output += getHumanReadableSummary(analysis);
return output;
}
exports.getHumanReadableAnalysis = getHumanReadableAnalysis;
function changeAsString(obj) {
if (typeof obj === 'string') {
return obj;
}
return JSON.stringify(obj);
}
function isJsonDiff(driftChange) {
if (!(typeof driftChange.from === 'string')) {
return false;
}
try {
JSON.parse(driftChange.from);
}
catch (e) {
return false;
}
return true;
}
function getNonJsonDiff(driftChange) {
let output = '';
switch (driftChange.type) {
case 'create':
output += chalk_1.default.green('+') + ' ' + driftChange.path.join('.') + ': ';
output +=
chalk_1.default.bold(changeAsString(driftChange.from)) +
' => ' +
chalk_1.default.green(changeAsString(driftChange.to));
break;
case 'update':
output += chalk_1.default.yellow('~') + ' ' + driftChange.path.join('.') + ': ';
output +=
chalk_1.default.bold(changeAsString(driftChange.from)) +
' => ' +
chalk_1.default.yellow(changeAsString(driftChange.to));
break;
case 'delete':
output += chalk_1.default.red('-') + ' ' + driftChange.path.join('.') + ': ';
output += chalk_1.default.red(changeAsString(driftChange.from));
break;
default:
output += driftChange.path.join('.') + ': ';
output +=
chalk_1.default.bold(changeAsString(driftChange.from)) +
' => ' +
chalk_1.default.bold(changeAsString(driftChange.to));
break;
}
output += '\n';
return output;
}
function getJsonDiff(driftChange) {
let output = '';
let from = null;
if (driftChange.from) {
from = JSON.parse(driftChange.from);
}
let to = null;
if (driftChange.to) {
to = JSON.parse(driftChange.to);
}
let diffStr = '';
const diffPatch = jsondiffpatch_1.create().diff(from, to);
if (diffPatch) {
diffStr = jsondiffpatch_1.console.format(diffPatch, from);
}
switch (driftChange.type) {
case 'create':
output += chalk_1.default.green('+') + ' ' + driftChange.path.join('.') + ':\n';
break;
case 'update':
output += chalk_1.default.yellow('~') + ' ' + driftChange.path.join('.') + ':\n';
break;
case 'delete':
output += chalk_1.default.red('-') + ' ' + driftChange.path.join('.') + ':\n';
break;
default:
output += driftChange.path.join('.') + ':\n';
break;
}
for (const elem of diffStr.split('\n')) {
output += addLine(common_1.leftPad(elem, 4));
}
return output;
}
function getHumanReadableDrift(analysis) {
var _a;
let output = '';
if (!analysis.differences || analysis.differences.length <= 0) {
return '';
}
const diffByStates = new Map();
for (const difference of analysis.differences) {
let statefile = 'Generated';
if (difference.res.source) {
statefile = difference.res.source.source;
}
if (!diffByStates.has(statefile)) {
diffByStates.set(statefile, {
diffByType: new Map(),
count: 0,
});
}
const hrDiffs = mustGet(diffByStates, statefile);
const type = difference.res.type;
if (!hrDiffs.diffByType.has(type)) {
hrDiffs.diffByType.set(type, []);
}
(_a = hrDiffs.diffByType.get(type)) === null || _a === void 0 ? void 0 : _a.push(difference);
hrDiffs.count++;
}
output += addLine(chalk_1.default.bold('Changed resources: ' + analysis.differences.length));
output += '\n';
for (const state of [...diffByStates.keys()].sort()) {
const hrDiffs = mustGet(diffByStates, state);
output += addLine(chalk_1.default.blue('State: ' +
chalk_1.default.bold(state) +
' [ Changed Resources: ' +
chalk_1.default.bold(hrDiffs.count.toString()) +
' ]'));
output += '\n';
for (const type of [...hrDiffs.diffByType.keys()].sort()) {
output += addLine(common_1.leftPad('Resource Type: ' + type, 2));
const diffs = mustGet(hrDiffs.diffByType, type);
for (const diff of diffs) {
output += common_1.leftPad('ID: ' + chalk_1.default.bold(diff.res.id), 4);
if (diff.res.human_readable_attributes &&
diff.res.human_readable_attributes.size > 0) {
for (const humanReadableAttribute of [
...diff.res.human_readable_attributes.keys(),
].sort()) {
output +=
' ' +
humanReadableAttribute +
': ' +
diff.res.human_readable_attributes.get(humanReadableAttribute);
}
}
output += '\n';
for (const driftChange of diff.changelog) {
output += common_1.leftPad('');
if (isJsonDiff(driftChange)) {
output += getJsonDiff(driftChange);
}
else {
output += getNonJsonDiff(driftChange);
}
}
output += '\n';
}
}
}
return output;
}
function getHumanReadableMissing(analysis) {
var _a;
let output = '';
if (!analysis.missing || analysis.missing.length <= 0) {
return '';
}
const missingByStates = new Map();
for (const missing of analysis.missing) {
let statefile = 'Generated';
if (missing.source) {
statefile = missing.source.source;
}
if (!missingByStates.has(statefile)) {
missingByStates.set(statefile, {
missingByType: new Map(),
count: 0,
});
}
const hrMissing = mustGet(missingByStates, statefile);
const type = missing.type;
if (!hrMissing.missingByType.has(type)) {
hrMissing.missingByType.set(type, []);
}
(_a = hrMissing.missingByType.get(type)) === null || _a === void 0 ? void 0 : _a.push(missing);
hrMissing.count++;
}
output += addLine(chalk_1.default.bold('Missing resources: ' + analysis.missing.length));
output += '\n';
for (const state of [...missingByStates.keys()].sort()) {
const hrMissing = mustGet(missingByStates, state);
output += addLine(chalk_1.default.blue('State: ' +
chalk_1.default.bold(state) +
' [ Missing Resources: ' +
chalk_1.default.bold(hrMissing.count.toString()) +
' ]'));
output += '\n';
for (const type of [...hrMissing.missingByType.keys()].sort()) {
output += addLine(common_1.leftPad('Resource Type: ' + type, 2));
const driftResources = mustGet(hrMissing.missingByType, type);
output += getHumanReadableResourceList(driftResources) + '\n';
}
}
return output;
}
function getHumanReadableManaged(analysis) {
let output = '';
if (analysis.differences && analysis.differences.length > 0) {
output += getHumanReadableDrift(analysis);
}
if (analysis.missing && analysis.missing.length > 0) {
output += getHumanReadableMissing(analysis);
}
return output;
}
function getHumanReadableResourceList(driftResources) {
let output = '';
for (const res of driftResources) {
output += common_1.leftPad('ID: ' + chalk_1.default.bold(res.id), 4);
if (res.human_readable_attributes &&
res.human_readable_attributes.size > 0) {
for (const humanReadableAttribute of [
...res.human_readable_attributes.keys(),
].sort()) {
output +=
' ' +
humanReadableAttribute +
': ' +
res.human_readable_attributes.get(humanReadableAttribute);
}
}
output += '\n';
}
return output;
}
function getHumanReadableUnmanaged(analysis) {
var _a;
let output = '';
if (!analysis.unmanaged || analysis.unmanaged.length <= 0) {
return '';
}
const unmanagedByServices = new Map();
for (const unmanaged of analysis.unmanaged) {
const service = service_mappings_1.findServiceMappingForType(unmanaged.type);
if (!unmanagedByServices.has(service)) {
unmanagedByServices.set(service, {
unmanagedByType: new Map(),
count: 0,
});
}
const hrUnmanaged = mustGet(unmanagedByServices, service);
const type = unmanaged.type;
if (!hrUnmanaged.unmanagedByType.has(type)) {
hrUnmanaged.unmanagedByType.set(type, []);
}
(_a = hrUnmanaged.unmanagedByType.get(type)) === null || _a === void 0 ? void 0 : _a.push(unmanaged);
hrUnmanaged.count++;
}
output += addLine(chalk_1.default.bold('Unmanaged resources: ' + analysis.unmanaged.length));
output += '\n';
for (let service of [...unmanagedByServices.keys()].sort()) {
const hrUnmanaged = mustGet(unmanagedByServices, service);
if (service === '') {
service = 'Unidentified';
}
output += addLine(chalk_1.default.blue('Service: ' +
chalk_1.default.bold(service) +
' [ Unmanaged Resources: ' +
chalk_1.default.bold(hrUnmanaged.count.toString()) +
' ]'));
output += '\n';
for (const type of [...hrUnmanaged.unmanagedByType.keys()].sort()) {
output += addLine(common_1.leftPad('Resource Type: ' + type, 2));
const driftResources = mustGet(hrUnmanaged.unmanagedByType, type);
output += getHumanReadableResourceList(driftResources) + '\n';
}
}
return output;
}
function getHumanReadableHeader() {
// TODO: driftctl to return number of states and supported resources?
let output = addLine(chalk_1.default.bold('Snyk Scanning Infrastructure As Code Discrepancies...'));
output += '\n';
output += addLine(common_1.leftPad('Info: Resources under IaC, but different to terraform states.', 2));
output += addLine(common_1.leftPad('Resolve: Reapply IaC resources or update into terraform.', 2));
output += '\n';
return output;
}
function getHumanReadableSummary(analysis) {
let output = addLine(chalk_1.default.bold('Test Summary'));
output += '\n';
// TODO: driftctl to return number of states
if (analysis.managed) {
output += addLine(common_1.leftPad('Managed Resources: ' + chalk_1.default.bold(analysis.managed.length.toString()), 2));
}
if (analysis.differences) {
output += addLine(common_1.leftPad('Changed Resources: ' +
chalk_1.default.bold(analysis.differences.length.toString()), 2));
}
if (analysis.missing) {
output += addLine(common_1.leftPad('Missing Resources: ' + chalk_1.default.bold(analysis.missing.length.toString()), 2));
}
if (analysis.unmanaged) {
output += addLine(common_1.leftPad('Unmanaged Resources: ' +
chalk_1.default.bold(analysis.unmanaged.length.toString()), 2));
}
output += '\n';
output += addLine(common_1.leftPad('IaC Coverage: ' + chalk_1.default.bold(analysis.coverage.toString() + '%'), 2));
output += addLine(common_1.leftPad('Info: To reach full coverage, remove resources or move it to Terraform.', 2));
output += '\n';
output += addLine(common_1.leftPad('Tip: Run --help to find out about commands and flags.', 2));
output += addLine(common_1.leftPad('Scanned with ' +
analysis.provider_name +
' provider version ' +
analysis.provider_version +
'. Use --tf-provider-version to update.', 6));
return output;
}
function addLine(line) {
return line + '\n';
}
// Used when we are sure the key exists because we just set it but typescript linter does not see that...
function mustGet(map, key) {
const value = map.get(key);
if (!value) {
throw new Error('Key does not exists');
}
return value;
}
/***/ }),
/***/ 52761:
/***/ ((__unused_webpack_module, exports, __webpack_require__) => {
Object.defineProperty(exports, "__esModule", ({ value: true }));
exports.saveFile = exports.isArchive = exports.isFile = exports.createDirIfNotExists = exports.isExists = exports.isExe = void 0;
const tar = __webpack_require__(97998);
const fs_1 = __webpack_require__(35747);
const util_1 = __webpack_require__(31669);
async function isExe(path) {
try {
await fs_1.promises.access(path, fs_1.constants.X_OK);
return true;
}
catch (err) {
return false;
}
}
exports.isExe = isExe;
async function isExists(path) {
try {
await fs_1.promises.stat(path);
return true;
}
catch (err) {
return false;
}
}
exports.isExists = isExists;
async function createDirIfNotExists(path) {
const isDirExists = await isExists(path);
if (!isDirExists) {
fs_1.promises.mkdir(path, { recursive: true });
}
}
exports.createDirIfNotExists = createDirIfNotExists;
async function isFile(path) {
try {
return (await fs_1.promises.stat(path)).isFile();
}
catch (err) {
return false;
}
}
exports.isFile = isFile;
async function isArchive(path) {
try {
const tarList = util_1.promisify(tar.list);
await tarList({ file: path, strict: true });
return true;
}
catch (e) {
return false;
}
}
exports.isArchive = isArchive;
async function saveFile(dataBuffer, savePath) {
await fs_1.promises.writeFile(savePath, dataBuffer);
await fs_1.promises.chmod(savePath, 0o744);
}
exports.saveFile = saveFile;
/***/ }),
/***/ 16228:
/***/ ((__unused_webpack_module, exports, __webpack_require__) => {
Object.defineProperty(exports, "__esModule", ({ value: true }));
exports.InvalidServiceError = exports.createIgnorePatternWithMap = exports.createIgnorePattern = exports.findServiceMappingForType = exports.verifyServiceMappingExists = exports.services2resources = void 0;
const errors_1 = __webpack_require__(55191);
const types_1 = __webpack_require__(94820);
const error_utils_1 = __webpack_require__(36401);
exports.services2resources = new Map([
// Amazon
[
'aws_s3',
[
'aws_s3_bucket',
'aws_s3_bucket_analytics_configuration',
'aws_s3_bucket_inventory',
'aws_s3_bucket_metric',
'aws_s3_bucket_notification',
'aws_s3_bucket_policy',
],
],
[
'aws_ec2',
[
'aws_instance',
'aws_key_pair',
'aws_ami',
'aws_ebs_snapshot',
'aws_ebs_volume',
'aws_eip',
'aws_eip_association',
'aws_volume_attachment',
'aws_launch_configuration',
'aws_launch_template',
],
],
['aws_lambda', ['aws_lambda_function', 'aws_lambda_event_source_mapping']],
[
'aws_rds',
[
'aws_db_instance',
'aws_db_subnet_group',
'aws_rds_cluster',
'aws_rds_cluster_endpoint',
'aws_rds_cluster_instance',
],
],
['aws_route53', ['aws_route53_record', 'aws_route53_zone']],
[
'aws_iam',
[
'aws_iam_access_key',
'aws_iam_policy',
'aws_iam_policy_attachment',
'aws_iam_role',
'aws_iam_role_policy',
'aws_iam_role_policy_attachment',
'aws_iam_user',
'aws_iam_user_policy',
'aws_iam_user_policy_attachment',
],
],
[
'aws_vpc',
[
'aws_security_group',
'aws_security_group_rule',
'aws_subnet',
'aws_default_vpc',
'aws_vpc',
'aws_default_security_group',
'aws_route_table',
'aws_default_route_table',
'aws_route',
'aws_route_table_association',
'aws_nat_gateway',
'aws_internet_gateway',
],
],
[
'aws_api_gateway',
[
'aws_api_gateway_resource',
'aws_api_gateway_rest_api',
'aws_api_gateway_account',
'aws_api_gateway_api_key',
'aws_api_gateway_authorizer',
'aws_api_gateway_base_path_mapping',
'aws_api_gateway_domain_name',
'aws_api_gateway_gateway_response',
'aws_api_gateway_integration',
'aws_api_gateway_integration_response',
'aws_api_gateway_method',
'aws_api_gateway_method_response',
'aws_api_gateway_method_settings',
'aws_api_gateway_model',
'aws_api_gateway_request_validator',
'aws_api_gateway_rest_api_policy',
'aws_api_gateway_stage',
'aws_api_gateway_vpc_link',
],
],
[
'aws_apigatewayv2',
[
'aws_apigatewayv2_api',
'aws_apigatewayv2_api_mapping',
'aws_apigatewayv2_authorizer',
'aws_apigatewayv2_deployment',
'aws_apigatewayv2_domain_name',
'aws_apigatewayv2_integration',
'aws_apigatewayv2_integration_response',
'aws_apigatewayv2_model',
'aws_apigatewayv2_route',
'aws_apigatewayv2_route_response',
'aws_apigatewayv2_stage',
'aws_apigatewayv2_vpc_link',
],
],
['aws_sqs', ['aws_sqs_queue', 'aws_sqs_queue_policy']],
[
'aws_sns',
['aws_sns_topic', 'aws_sns_topic_policy', 'aws_sns_topic_subscription'],
],
['aws_ecr', ['aws_ecr_repository']],
['aws_cloudfront', ['aws_cloudfront_distribution']],
['aws_kms', ['aws_kms_key', 'aws_kms_alias']],
['aws_dynamodb', ['aws_dynamodb_table']],
// Azure
['azure_base', ['azurerm_resource_group']],
['azure_compute', ['azurerm_image', 'azurerm_ssh_public_key']],
['azure_storage', ['azurerm_storage_account', 'azurerm_storage_container']],
[
'azure_network',
[
'azurerm_resource_group',
'azurerm_subnet',
'azurerm_public_ip',
'azurerm_firewall',
'azurerm_route',
'azurerm_route_table',
'azurerm_network_security_group',
],
],
['azure_container', ['azurerm_container_registry']],
[
'azure_database',
['azurerm_postgresql_server', 'azurerm_postgresql_database'],
],
['azure_loadbalancer', ['azurerm_lb', 'azurerm_lb_rule']],
[
'azure_private_dns',
[
'azurerm_private_dns_a_record',
'azurerm_private_dns_aaaa_record',
'azurerm_private_dns_cname_record',
'azurerm_private_dns_mx_record',
'azurerm_private_dns_ptr_record',
'azurerm_private_dns_srv_record',
'azurerm_private_dns_txt_record',
'azurerm_private_dns_zone',
],
],
// Google
[
'google_cloud_platform',
[
'google_project_iam_binding',
'google_project_iam_member',
'google_project_iam_policy',
],
],
[
'google_cloud_storage',
[
'google_storage_bucket',
'google_storage_bucket_iam_binding',
'google_storage_bucket_iam_member',
'google_storage_bucket_iam_policy',
],
],
[
'google_compute_engine',
[
'google_compute_address',
'google_compute_disk',
'google_compute_global_address',
'google_compute_firewall',
'google_compute_health_check',
'google_compute_image',
'google_compute_instance',
'google_compute_instance_group',
'google_compute_network',
'google_compute_node_group',
'google_compute_router',
'google_compute_subnetwork',
],
],
['google_cloud_dns', ['google_dns_managed_zone']],
[
'google_cloud_bigtable',
['google_bigtable_instance', 'google_bigtable_table'],
],
[
'google_cloud_bigquery',
['google_bigquery_table', 'google_bigquery_dataset'],
],
['google_cloud_functions', ['google_cloudfunctions_function']],
['google_cloud_sql', ['google_sql_database_instance']],
['google_cloud_run', ['google_cloud_run_service']],
]);
function verifyServiceMappingExists(services) {
if (services.length == 0) {
throw new InvalidServiceError('');
}
for (const s of services) {
if (!exports.services2resources.has(s)) {
throw new InvalidServiceError(`We were unable to match service "${s}". Please provide a valid service name: ${existingServiceNames()}`);
}
}
}
exports.verifyServiceMappingExists = verifyServiceMappingExists;
function findServiceMappingForType(type) {
var _a;
for (const service of exports.services2resources.keys()) {
if ((_a = exports.services2resources.get(service)) === null || _a === void 0 ? void 0 : _a.includes(type)) {
return service;
}
}
return '';
}
exports.findServiceMappingForType = findServiceMappingForType;
function existingServiceNames() {
let res = '';
for (const s of exports.services2resources.keys()) {
res += `${s},`;
}
return res.substring(0, res.length - 1);
}
function createIgnorePattern(services) {
return createIgnorePatternWithMap(services, exports.services2resources);
}
exports.createIgnorePattern = createIgnorePattern;
function createIgnorePatternWithMap(services, serviceMap) {
let res = '*';
const seenResources = new Set();
for (const s of services) {
const resourcePatterns = serviceMap.get(s);
for (const rp of resourcePatterns || []) {
// A resource might belong to multiple services, skip it if already processed
if (seenResources.has(rp)) {
continue;
}
res += `,!${rp}`;
seenResources.add(rp);
}
}
return res;
}
exports.createIgnorePatternWithMap = createIgnorePatternWithMap;
class InvalidServiceError extends errors_1.CustomError {
constructor(msg) {
super(msg);
this.code = types_1.IaCErrorCodes.InvalidServiceError;
this.strCode = error_utils_1.getErrorStringCode(this.code);
this.userMessage = msg;
}
}
exports.InvalidServiceError = InvalidServiceError;
/***/ })
};
;
//# sourceMappingURL=895.index.js.map
Reference in New Issue Copy Permalink