From eb30242fe1190f622a8adbde1380ba699412a0d1 Mon Sep 17 00:00:00 2001 From: Minhyeok Park Date: Thu, 26 Dec 2024 11:53:29 +0900 Subject: [PATCH] fix: fix wrong client selection --- src/Memorizer.ts | 9 ++++++--- src/bpsets/iam/IAMPolicyNoStatementsWithAdminAccess.ts | 6 +++--- src/bpsets/s3/S3LastBackupRecoveryPointCreated.ts | 2 +- src/bpsets/waf/WAFv2LoggingEnabled.ts | 2 +- src/bpsets/waf/WAFv2RuleGroupLoggingEnabled.ts | 2 +- src/bpsets/waf/WAFv2RuleGroupNotEmpty.ts | 2 +- src/bpsets/waf/WAFv2WebACLNotEmpty.ts | 2 +- 7 files changed, 14 insertions(+), 11 deletions(-) diff --git a/src/Memorizer.ts b/src/Memorizer.ts index ca268f9..8390b8e 100644 --- a/src/Memorizer.ts +++ b/src/Memorizer.ts @@ -15,14 +15,17 @@ import shajs from 'sha.js' export class Memorizer { private static memorized = new Map() - public static memo (client: Client) { - const memorized = this.memorized.get(client.constructor.name) + public static memo (client: Client, salt = '') { + const serialized = JSON.stringify([client.constructor.name, salt]) + const hashed = shajs('sha256').update(serialized).digest('hex') + + const memorized = this.memorized.get(hashed) if (memorized !== undefined) return memorized const newMemo = new Memorizer(client) - this.memorized.set(client.constructor.name, newMemo) + this.memorized.set(hashed, newMemo) return newMemo } diff --git a/src/bpsets/iam/IAMPolicyNoStatementsWithAdminAccess.ts b/src/bpsets/iam/IAMPolicyNoStatementsWithAdminAccess.ts index a9b1460..97429c3 100644 --- a/src/bpsets/iam/IAMPolicyNoStatementsWithAdminAccess.ts +++ b/src/bpsets/iam/IAMPolicyNoStatementsWithAdminAccess.ts @@ -38,9 +38,9 @@ export class IAMPolicyNoStatementsWithAdminAccess implements BPSet { for (const statement of statements) { if ( - statement.Action === '*' && - statement.Resource === '*' && - statement.Effect === 'Allow' + statement?.Action === '*' && + statement?.Resource === '*' && + statement?.Effect === 'Allow' ) { nonCompliantResources.push(policy.Arn!) break diff --git a/src/bpsets/s3/S3LastBackupRecoveryPointCreated.ts b/src/bpsets/s3/S3LastBackupRecoveryPointCreated.ts index 418fb4c..fe9dc6f 100644 --- a/src/bpsets/s3/S3LastBackupRecoveryPointCreated.ts +++ b/src/bpsets/s3/S3LastBackupRecoveryPointCreated.ts @@ -26,7 +26,7 @@ export class S3LastBackupRecoveryPointCreated implements BPSet { const buckets = await this.getBuckets() for (const bucket of buckets) { - const recoveryPoints = await this.memoClient.send( + const recoveryPoints = await this.backupClient.send( new ListRecoveryPointsByResourceCommand({ ResourceArn: `arn:aws:s3:::${bucket.Name!}` }) diff --git a/src/bpsets/waf/WAFv2LoggingEnabled.ts b/src/bpsets/waf/WAFv2LoggingEnabled.ts index 9d6bffc..2d0eb5b 100644 --- a/src/bpsets/waf/WAFv2LoggingEnabled.ts +++ b/src/bpsets/waf/WAFv2LoggingEnabled.ts @@ -11,7 +11,7 @@ export class WAFv2LoggingEnabled implements BPSet { private readonly regionalClient = new WAFV2Client({}); private readonly globalClient = new WAFV2Client({ region: 'us-east-1' }); private readonly memoRegionalClient = Memorizer.memo(this.regionalClient); - private readonly memoGlobalClient = Memorizer.memo(this.globalClient); + private readonly memoGlobalClient = Memorizer.memo(this.globalClient, 'global'); private readonly getWebACLs = async (scope: 'REGIONAL' | 'CLOUDFRONT') => { const client = scope === 'REGIONAL' ? this.memoRegionalClient : this.memoGlobalClient; diff --git a/src/bpsets/waf/WAFv2RuleGroupLoggingEnabled.ts b/src/bpsets/waf/WAFv2RuleGroupLoggingEnabled.ts index cd2c863..63a0890 100644 --- a/src/bpsets/waf/WAFv2RuleGroupLoggingEnabled.ts +++ b/src/bpsets/waf/WAFv2RuleGroupLoggingEnabled.ts @@ -11,7 +11,7 @@ export class WAFv2RuleGroupLoggingEnabled implements BPSet { private readonly regionalClient = new WAFV2Client({}); private readonly globalClient = new WAFV2Client({ region: 'us-east-1' }); private readonly memoRegionalClient = Memorizer.memo(this.regionalClient); - private readonly memoGlobalClient = Memorizer.memo(this.globalClient); + private readonly memoGlobalClient = Memorizer.memo(this.globalClient, 'global'); private readonly getRuleGroups = async (scope: 'REGIONAL' | 'CLOUDFRONT') => { const client = scope === 'REGIONAL' ? this.memoRegionalClient : this.memoGlobalClient; diff --git a/src/bpsets/waf/WAFv2RuleGroupNotEmpty.ts b/src/bpsets/waf/WAFv2RuleGroupNotEmpty.ts index 71b71b4..a6136b5 100644 --- a/src/bpsets/waf/WAFv2RuleGroupNotEmpty.ts +++ b/src/bpsets/waf/WAFv2RuleGroupNotEmpty.ts @@ -11,7 +11,7 @@ export class WAFv2RuleGroupNotEmpty implements BPSet { private readonly regionalClient = new WAFV2Client({}); private readonly globalClient = new WAFV2Client({ region: 'us-east-1' }); private readonly memoRegionalClient = Memorizer.memo(this.regionalClient); - private readonly memoGlobalClient = Memorizer.memo(this.globalClient); + private readonly memoGlobalClient = Memorizer.memo(this.globalClient, 'global'); private readonly getRuleGroups = async (scope: 'REGIONAL' | 'CLOUDFRONT') => { const client = scope === 'REGIONAL' ? this.memoRegionalClient : this.memoGlobalClient; diff --git a/src/bpsets/waf/WAFv2WebACLNotEmpty.ts b/src/bpsets/waf/WAFv2WebACLNotEmpty.ts index 968b046..3a03562 100644 --- a/src/bpsets/waf/WAFv2WebACLNotEmpty.ts +++ b/src/bpsets/waf/WAFv2WebACLNotEmpty.ts @@ -11,7 +11,7 @@ export class WAFv2WebACLNotEmpty implements BPSet { private readonly regionalClient = new WAFV2Client({}); private readonly globalClient = new WAFV2Client({ region: 'us-east-1' }); private readonly memoRegionalClient = Memorizer.memo(this.regionalClient); - private readonly memoGlobalClient = Memorizer.memo(this.globalClient); + private readonly memoGlobalClient = Memorizer.memo(this.globalClient, 'global'); private readonly getWebACLs = async (scope: 'REGIONAL' | 'CLOUDFRONT') => { const client = scope === 'REGIONAL' ? this.memoRegionalClient : this.memoGlobalClient;