From b369c2251ebb8e3529ed21a0fabbea98ce79aa72 Mon Sep 17 00:00:00 2001 From: imranalisyed506 <105209301+imranalisyed506@users.noreply.github.com> Date: Mon, 18 Sep 2023 14:49:18 +0530 Subject: [PATCH 1/2] Update cfn template with node18 code changes and bump al-aws-collector-js version --- cfn/guardduty.template | 130 +++++++++++++++++++++++++++++------------ package.json | 6 +- 2 files changed, 96 insertions(+), 40 deletions(-) diff --git a/cfn/guardduty.template b/cfn/guardduty.template index 7ec71fc..14ad390 100644 --- a/cfn/guardduty.template +++ b/cfn/guardduty.template @@ -328,43 +328,99 @@ }, "Code":{ "ZipFile": { - "Fn::Join": [ - "", - [ - "const AWS = require('aws-sdk');\n", - "const response = require('./cfn-response');\n", - "\n", - "\n", - "function encrypt(event, context) {\n", - " const params = {\n", - " KeyId: event.ResourceProperties.KeyId,\n", - " Plaintext: event.ResourceProperties.Plaintext\n", - " };\n", - " const kms = new AWS.KMS();\n", - " kms.encrypt(params, function(err, data) {\n", - " if (err) {\n", - " console.log(err, err.stack); // an error occurred\n", - " return response.send(event, context, response.FAILED);\n", - " }\n", - " var base64 = Buffer.from(data.CiphertextBlob).toString('base64');\n", - " var responseData = {\n", - " EncryptedText : base64\n", - " };\n", - " return response.send(event, context, response.SUCCESS, responseData);\n", - " });\n", - "}\n", - "\n", - "\n", - "exports.handler = (event, context, callback) => {\n", - " if (event.ResourceType == 'AWS::CloudFormation::CustomResource' &&\n", - " event.RequestType == 'Create') {\n", - " return encrypt(event, context);\n", - " }\n", - " return response.send(event, context, response.SUCCESS);\n", - "}" - ] - ] - } + "Fn::Join": [ + "\n", + [ + "const { KMSClient, EncryptCommand } = require(\"@aws-sdk/client-kms\");", + "", + "exports.handler = async (event, context) => {", + " const SUCCESS = \"SUCCESS\";", + " const FAILED = \"FAILED\";", + "", + " function sendResponse(event, context, responseStatus, responseData, physicalResourceId, noEcho) {", + " const responseBody = JSON.stringify({", + " Status: responseStatus,", + " Reason: `See the details in CloudWatch Log Stream: ${context.logStreamName}`,", + " PhysicalResourceId: physicalResourceId || context.logStreamName,", + " StackId: event.StackId,", + " RequestId: event.RequestId,", + " LogicalResourceId: event.LogicalResourceId,", + " NoEcho: noEcho || false,", + " Data: responseData", + " });", + "", + " console.log(`Response body:\\n${responseBody} ${JSON.stringify(event)}`);", + "", + " if (!event.ResponseURL) {", + " console.error(\"ResponseURL is missing in the event object.\");", + " context.done();", + " return;", + " }", + "", + " const https = require(\"https\");", + " const url = require(\"url\");", + "", + " const parsedUrl = url.parse(event.ResponseURL);", + " const options = {", + " hostname: parsedUrl.hostname,", + " port: 443,", + " path: parsedUrl.path,", + " method: \"PUT\",", + " headers: {", + " \"content-type\": \"\",", + " \"content-length\": responseBody.length", + " }", + " };", + "", + " const request = https.request(options, function (response) {", + " console.log(`Status code: ${response.statusCode}`);", + " console.log(`Status message: ${response.statusMessage}`);", + " context.done();", + " });", + "", + " request.on(\"error\", function (error) {", + " console.error(`sendResponse(..) failed executing https.request(..): ${error}`);", + " context.done();", + " });", + "", + " request.write(responseBody);", + " request.end();", + " }", + "", + " async function encrypt(event, context) {", + " const params = {", + " KeyId: event.ResourceProperties.KeyId,", + " Plaintext: event.ResourceProperties.Plaintext", + " };", + "", + " const kmsClient = new KMSClient({});", + "", + " try {", + " const data = await kmsClient.send(new EncryptCommand(params));", + " const base64 = Buffer.from(data.CiphertextBlob).toString(\"base64\");", + " const responseData = {", + " EncryptedText: base64", + " };", + "", + " sendResponse(event, context, SUCCESS, responseData);", + " } catch (err) {", + " console.error(err, err.stack);", + " sendResponse(event, context, FAILED);", + " }", + " }", + "", + " if (", + " event.ResourceType === \"AWS::CloudFormation::CustomResource\" &&", + " event.RequestType === \"Create\"", + " ) {", + " await encrypt(event, context);", + " } else {", + " sendResponse(event, context, SUCCESS);", + " }", + "};" + ] + ] + } }, "Handler":"index.handler", "Runtime":"nodejs18.x", diff --git a/package.json b/package.json index 07db51b..7386d16 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "al-cwe-collector", - "version": "1.3.20", + "version": "1.3.21", "license": "MIT", "description": "Alert Logic CloudWatch Events Collector", "repository": { @@ -21,7 +21,6 @@ } ], "devDependencies": { - "aws-sdk": "^2.1454.0", "aws-sdk-mock": "^5.8.0", "clone": "^2.1.2", "dotenv": "^16.3.1", @@ -33,9 +32,10 @@ "sinon": "^15.2.0" }, "dependencies": { - "@alertlogic/al-aws-collector-js": "4.1.21", + "@alertlogic/al-aws-collector-js": "4.1.22", "@alertlogic/al-collector-js": "3.0.10", "async": "^3.2.4", + "aws-sdk": "^2.1454.0", "cfn-response": "^1.0.1", "debug": "^4.3.4", "moment": "^2.29.4" From 07f16d326e4bcdde04df7463cdc22a7ec799b8bd Mon Sep 17 00:00:00 2001 From: imranalisyed506 <105209301+imranalisyed506@users.noreply.github.com> Date: Mon, 18 Sep 2023 14:59:17 +0530 Subject: [PATCH 2/2] Update cfn template with node18 code changes and bump al-aws-collector-js version --- cfn/guardduty.template | 130 ++++++++++++----------------------------- 1 file changed, 38 insertions(+), 92 deletions(-) diff --git a/cfn/guardduty.template b/cfn/guardduty.template index 14ad390..f3b6251 100644 --- a/cfn/guardduty.template +++ b/cfn/guardduty.template @@ -328,98 +328,44 @@ }, "Code":{ "ZipFile": { - "Fn::Join": [ - "\n", - [ - "const { KMSClient, EncryptCommand } = require(\"@aws-sdk/client-kms\");", - "", - "exports.handler = async (event, context) => {", - " const SUCCESS = \"SUCCESS\";", - " const FAILED = \"FAILED\";", - "", - " function sendResponse(event, context, responseStatus, responseData, physicalResourceId, noEcho) {", - " const responseBody = JSON.stringify({", - " Status: responseStatus,", - " Reason: `See the details in CloudWatch Log Stream: ${context.logStreamName}`,", - " PhysicalResourceId: physicalResourceId || context.logStreamName,", - " StackId: event.StackId,", - " RequestId: event.RequestId,", - " LogicalResourceId: event.LogicalResourceId,", - " NoEcho: noEcho || false,", - " Data: responseData", - " });", - "", - " console.log(`Response body:\\n${responseBody} ${JSON.stringify(event)}`);", - "", - " if (!event.ResponseURL) {", - " console.error(\"ResponseURL is missing in the event object.\");", - " context.done();", - " return;", - " }", - "", - " const https = require(\"https\");", - " const url = require(\"url\");", - "", - " const parsedUrl = url.parse(event.ResponseURL);", - " const options = {", - " hostname: parsedUrl.hostname,", - " port: 443,", - " path: parsedUrl.path,", - " method: \"PUT\",", - " headers: {", - " \"content-type\": \"\",", - " \"content-length\": responseBody.length", - " }", - " };", - "", - " const request = https.request(options, function (response) {", - " console.log(`Status code: ${response.statusCode}`);", - " console.log(`Status message: ${response.statusMessage}`);", - " context.done();", - " });", - "", - " request.on(\"error\", function (error) {", - " console.error(`sendResponse(..) failed executing https.request(..): ${error}`);", - " context.done();", - " });", - "", - " request.write(responseBody);", - " request.end();", - " }", - "", - " async function encrypt(event, context) {", - " const params = {", - " KeyId: event.ResourceProperties.KeyId,", - " Plaintext: event.ResourceProperties.Plaintext", - " };", - "", - " const kmsClient = new KMSClient({});", - "", - " try {", - " const data = await kmsClient.send(new EncryptCommand(params));", - " const base64 = Buffer.from(data.CiphertextBlob).toString(\"base64\");", - " const responseData = {", - " EncryptedText: base64", - " };", - "", - " sendResponse(event, context, SUCCESS, responseData);", - " } catch (err) {", - " console.error(err, err.stack);", - " sendResponse(event, context, FAILED);", - " }", - " }", - "", - " if (", - " event.ResourceType === \"AWS::CloudFormation::CustomResource\" &&", - " event.RequestType === \"Create\"", - " ) {", - " await encrypt(event, context);", - " } else {", - " sendResponse(event, context, SUCCESS);", - " }", - "};" - ] - ] + "Fn::Join": [ + "", + [ + "const { KMSClient, EncryptCommand } = require('@aws-sdk/client-kms');\n", + "const response = require('./cfn-response');\n", + "async function encrypt(event, context) {\n", + " const params = {\n", + " KeyId: event.ResourceProperties.KeyId,\n", + " Plaintext: new TextEncoder().encode(event.ResourceProperties.Plaintext)\n", + " };\n", + " const kms = new KMSClient({});\n", + " try{\n", + " const encryptParams = new EncryptCommand(params);\n", + " const data = await kms.send(encryptParams);\n", + " if(data.CiphertextBlob){\n", + " var base64 = Buffer.from(data.CiphertextBlob).toString('base64');\n", + " var responseData = {\n", + " EncryptedText : base64\n", + " };\n", + " return response.send(event, context, response.SUCCESS, responseData);\n", + " } else {\n", + " return response.send(event, context, response.FAILED);\n", + " }\n", + " }catch(err){\n", + " console.log(err, err.stack); // an error occurred\n", + " return response.send(event, context, response.FAILED);\n", + " }\n", + "}\n", + "exports.handler = async(event, context, callback) => {\n", + " if (event.ResourceType == 'AWS::CloudFormation::CustomResource' &&\n", + " (event.RequestType == 'Create' || event.RequestType == 'Update')) {\n", + " await encrypt(event, context);\n", + " } else {\n", + " return response.send(event, context, response.SUCCESS);\n", + " }\n", + "}" + ] + ] } }, "Handler":"index.handler",