From b369c2251ebb8e3529ed21a0fabbea98ce79aa72 Mon Sep 17 00:00:00 2001
From: imranalisyed506 <105209301+imranalisyed506@users.noreply.github.com>
Date: Mon, 18 Sep 2023 14:49:18 +0530
Subject: [PATCH 1/2] Update cfn template with node18 code changes and bump
 al-aws-collector-js version

---
 cfn/guardduty.template | 130 +++++++++++++++++++++++++++++------------
 package.json           |   6 +-
 2 files changed, 96 insertions(+), 40 deletions(-)

diff --git a/cfn/guardduty.template b/cfn/guardduty.template
index 7ec71fc..14ad390 100644
--- a/cfn/guardduty.template
+++ b/cfn/guardduty.template
@@ -328,43 +328,99 @@
                 },
                 "Code":{
                     "ZipFile": {
-                       "Fn::Join": [
-                           "",
-                           [
-                                "const AWS = require('aws-sdk');\n",
-                                "const response = require('./cfn-response');\n",
-                                "\n",
-                                "\n",
-                                "function encrypt(event, context) {\n",
-                                "    const params = {\n",
-                                "        KeyId: event.ResourceProperties.KeyId,\n",
-                                "        Plaintext: event.ResourceProperties.Plaintext\n",
-                                "    };\n",
-                                "    const kms = new AWS.KMS();\n",
-                                "    kms.encrypt(params, function(err, data) {\n",
-                                "        if (err) {\n",
-                                "            console.log(err, err.stack); // an error occurred\n",
-                                "            return response.send(event, context, response.FAILED);\n",
-                                "        }\n",
-                                "        var base64 = Buffer.from(data.CiphertextBlob).toString('base64');\n",
-                                "        var responseData = {\n",
-                                "            EncryptedText : base64\n",
-                                "        };\n",
-                                "        return response.send(event, context, response.SUCCESS, responseData);\n",
-                                "    });\n",
-                                "}\n",
-                                "\n",
-                                "\n",
-                                "exports.handler = (event, context, callback) => {\n",
-                                "    if (event.ResourceType == 'AWS::CloudFormation::CustomResource' &&\n",
-                                "        event.RequestType == 'Create') {\n",
-                                "        return encrypt(event, context);\n",
-                                "    }\n",
-                                "    return response.send(event, context, response.SUCCESS);\n",
-                                "}"
-                            ]
-                        ]
-                    }
+                              "Fn::Join": [
+                     "\n",
+                     [
+                        "const { KMSClient, EncryptCommand } = require(\"@aws-sdk/client-kms\");",
+                        "",
+                        "exports.handler = async (event, context) => {",
+                        "  const SUCCESS = \"SUCCESS\";",
+                        "  const FAILED = \"FAILED\";",
+                        "",
+                        "  function sendResponse(event, context, responseStatus, responseData, physicalResourceId, noEcho) {",
+                        "    const responseBody = JSON.stringify({",
+                        "      Status: responseStatus,",
+                        "      Reason: `See the details in CloudWatch Log Stream: ${context.logStreamName}`,",
+                        "      PhysicalResourceId: physicalResourceId || context.logStreamName,",
+                        "      StackId: event.StackId,",
+                        "      RequestId: event.RequestId,",
+                        "      LogicalResourceId: event.LogicalResourceId,",
+                        "      NoEcho: noEcho || false,",
+                        "      Data: responseData",
+                        "    });",
+                        "",
+                        "    console.log(`Response body:\\n${responseBody} ${JSON.stringify(event)}`);",
+                        "",
+                        "    if (!event.ResponseURL) {",
+                        "      console.error(\"ResponseURL is missing in the event object.\");",
+                        "      context.done();",
+                        "      return;",
+                        "    }",
+                        "",
+                        "    const https = require(\"https\");",
+                        "    const url = require(\"url\");",
+                        "",
+                        "    const parsedUrl = url.parse(event.ResponseURL);",
+                        "    const options = {",
+                        "      hostname: parsedUrl.hostname,",
+                        "      port: 443,",
+                        "      path: parsedUrl.path,",
+                        "      method: \"PUT\",",
+                        "      headers: {",
+                        "        \"content-type\": \"\",",
+                        "        \"content-length\": responseBody.length",
+                        "      }",
+                        "    };",
+                        "",
+                        "    const request = https.request(options, function (response) {",
+                        "      console.log(`Status code: ${response.statusCode}`);",
+                        "      console.log(`Status message: ${response.statusMessage}`);",
+                        "      context.done();",
+                        "    });",
+                        "",
+                        "    request.on(\"error\", function (error) {",
+                        "      console.error(`sendResponse(..) failed executing https.request(..): ${error}`);",
+                        "      context.done();",
+                        "    });",
+                        "",
+                        "    request.write(responseBody);",
+                        "    request.end();",
+                        "  }",
+                        "",
+                        "  async function encrypt(event, context) {",
+                        "    const params = {",
+                        "      KeyId: event.ResourceProperties.KeyId,",
+                        "      Plaintext: event.ResourceProperties.Plaintext",
+                        "    };",
+                        "",
+                        "    const kmsClient = new KMSClient({});",
+                        "",
+                        "    try {",
+                        "      const data = await kmsClient.send(new EncryptCommand(params));",
+                        "      const base64 = Buffer.from(data.CiphertextBlob).toString(\"base64\");",
+                        "      const responseData = {",
+                        "        EncryptedText: base64",
+                        "      };",
+                        "",
+                        "      sendResponse(event, context, SUCCESS, responseData);",
+                        "    } catch (err) {",
+                        "      console.error(err, err.stack);",
+                        "      sendResponse(event, context, FAILED);",
+                        "    }",
+                        "  }",
+                        "",
+                        "  if (",
+                        "    event.ResourceType === \"AWS::CloudFormation::CustomResource\" &&",
+                        "    event.RequestType === \"Create\"",
+                        "  ) {",
+                        "    await encrypt(event, context);",
+                        "  } else {",
+                        "    sendResponse(event, context, SUCCESS);",
+                        "  }",
+                        "};"
+                     ]
+                   ]
+                  }
                 },
                 "Handler":"index.handler",
                 "Runtime":"nodejs18.x",
diff --git a/package.json b/package.json
index 07db51b..7386d16 100644
--- a/package.json
+++ b/package.json
@@ -1,6 +1,6 @@
 {
   "name": "al-cwe-collector",
-  "version": "1.3.20",
+  "version": "1.3.21",
   "license": "MIT",
   "description": "Alert Logic CloudWatch Events Collector",
   "repository": {
@@ -21,7 +21,6 @@
     }
   ],
   "devDependencies": {
-    "aws-sdk": "^2.1454.0",
     "aws-sdk-mock": "^5.8.0",
     "clone": "^2.1.2",
     "dotenv": "^16.3.1",
@@ -33,9 +32,10 @@
     "sinon": "^15.2.0"
   },
   "dependencies": {
-    "@alertlogic/al-aws-collector-js": "4.1.21",
+    "@alertlogic/al-aws-collector-js": "4.1.22",
     "@alertlogic/al-collector-js": "3.0.10",
     "async": "^3.2.4",
+    "aws-sdk": "^2.1454.0",
     "cfn-response": "^1.0.1",
     "debug": "^4.3.4",
     "moment": "^2.29.4"

From 07f16d326e4bcdde04df7463cdc22a7ec799b8bd Mon Sep 17 00:00:00 2001
From: imranalisyed506 <105209301+imranalisyed506@users.noreply.github.com>
Date: Mon, 18 Sep 2023 14:59:17 +0530
Subject: [PATCH 2/2] Update cfn template with node18 code changes and bump
 al-aws-collector-js version

---
 cfn/guardduty.template | 130 ++++++++++++-----------------------------
 1 file changed, 38 insertions(+), 92 deletions(-)

diff --git a/cfn/guardduty.template b/cfn/guardduty.template
index 14ad390..f3b6251 100644
--- a/cfn/guardduty.template
+++ b/cfn/guardduty.template
@@ -328,98 +328,44 @@
                 },
                 "Code":{
                     "ZipFile": {
-                              "Fn::Join": [
-                     "\n",
-                     [
-                        "const { KMSClient, EncryptCommand } = require(\"@aws-sdk/client-kms\");",
-                        "",
-                        "exports.handler = async (event, context) => {",
-                        "  const SUCCESS = \"SUCCESS\";",
-                        "  const FAILED = \"FAILED\";",
-                        "",
-                        "  function sendResponse(event, context, responseStatus, responseData, physicalResourceId, noEcho) {",
-                        "    const responseBody = JSON.stringify({",
-                        "      Status: responseStatus,",
-                        "      Reason: `See the details in CloudWatch Log Stream: ${context.logStreamName}`,",
-                        "      PhysicalResourceId: physicalResourceId || context.logStreamName,",
-                        "      StackId: event.StackId,",
-                        "      RequestId: event.RequestId,",
-                        "      LogicalResourceId: event.LogicalResourceId,",
-                        "      NoEcho: noEcho || false,",
-                        "      Data: responseData",
-                        "    });",
-                        "",
-                        "    console.log(`Response body:\\n${responseBody} ${JSON.stringify(event)}`);",
-                        "",
-                        "    if (!event.ResponseURL) {",
-                        "      console.error(\"ResponseURL is missing in the event object.\");",
-                        "      context.done();",
-                        "      return;",
-                        "    }",
-                        "",
-                        "    const https = require(\"https\");",
-                        "    const url = require(\"url\");",
-                        "",
-                        "    const parsedUrl = url.parse(event.ResponseURL);",
-                        "    const options = {",
-                        "      hostname: parsedUrl.hostname,",
-                        "      port: 443,",
-                        "      path: parsedUrl.path,",
-                        "      method: \"PUT\",",
-                        "      headers: {",
-                        "        \"content-type\": \"\",",
-                        "        \"content-length\": responseBody.length",
-                        "      }",
-                        "    };",
-                        "",
-                        "    const request = https.request(options, function (response) {",
-                        "      console.log(`Status code: ${response.statusCode}`);",
-                        "      console.log(`Status message: ${response.statusMessage}`);",
-                        "      context.done();",
-                        "    });",
-                        "",
-                        "    request.on(\"error\", function (error) {",
-                        "      console.error(`sendResponse(..) failed executing https.request(..): ${error}`);",
-                        "      context.done();",
-                        "    });",
-                        "",
-                        "    request.write(responseBody);",
-                        "    request.end();",
-                        "  }",
-                        "",
-                        "  async function encrypt(event, context) {",
-                        "    const params = {",
-                        "      KeyId: event.ResourceProperties.KeyId,",
-                        "      Plaintext: event.ResourceProperties.Plaintext",
-                        "    };",
-                        "",
-                        "    const kmsClient = new KMSClient({});",
-                        "",
-                        "    try {",
-                        "      const data = await kmsClient.send(new EncryptCommand(params));",
-                        "      const base64 = Buffer.from(data.CiphertextBlob).toString(\"base64\");",
-                        "      const responseData = {",
-                        "        EncryptedText: base64",
-                        "      };",
-                        "",
-                        "      sendResponse(event, context, SUCCESS, responseData);",
-                        "    } catch (err) {",
-                        "      console.error(err, err.stack);",
-                        "      sendResponse(event, context, FAILED);",
-                        "    }",
-                        "  }",
-                        "",
-                        "  if (",
-                        "    event.ResourceType === \"AWS::CloudFormation::CustomResource\" &&",
-                        "    event.RequestType === \"Create\"",
-                        "  ) {",
-                        "    await encrypt(event, context);",
-                        "  } else {",
-                        "    sendResponse(event, context, SUCCESS);",
-                        "  }",
-                        "};"
-                     ]
-                   ]
+                        "Fn::Join": [
+                           "",
+                           [
+                              "const { KMSClient, EncryptCommand } = require('@aws-sdk/client-kms');\n",
+                              "const response = require('./cfn-response');\n",
+                              "async function encrypt(event, context) {\n",
+                              "    const params = {\n",
+                              "        KeyId: event.ResourceProperties.KeyId,\n",
+                              "        Plaintext: new TextEncoder().encode(event.ResourceProperties.Plaintext)\n",
+                              "    };\n",
+                              "    const kms = new KMSClient({});\n",
+                              "     try{\n",
+                              "       const encryptParams = new EncryptCommand(params);\n",
+                              "       const data = await kms.send(encryptParams);\n",
+                              "       if(data.CiphertextBlob){\n",
+                              "           var base64 = Buffer.from(data.CiphertextBlob).toString('base64');\n",
+                              "           var responseData = {\n",
+                              "               EncryptedText : base64\n",
+                              "           };\n",
+                              "           return response.send(event, context, response.SUCCESS, responseData);\n",
+                              "       } else {\n",
+                              "           return response.send(event, context, response.FAILED);\n",
+                              "       }\n",
+                              "   }catch(err){\n",
+                              "       console.log(err, err.stack); // an error occurred\n",
+                              "        return response.send(event, context, response.FAILED);\n",
+                              "   }\n",
+                              "}\n",
+                              "exports.handler = async(event, context, callback) => {\n",
+                              "    if (event.ResourceType == 'AWS::CloudFormation::CustomResource' &&\n",
+                              "        (event.RequestType == 'Create' || event.RequestType == 'Update')) {\n",
+                              "        await encrypt(event, context);\n",
+                              "    } else {\n",
+                              "    return response.send(event, context, response.SUCCESS);\n",
+                              "     }\n",
+                              "}"
+                           ]
+                        ]
                   }
                 },
                 "Handler":"index.handler",