mohiit1502/Automata
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
Files
db49f052bc3791d4279ff8b35a1507069cedb8db
Automata/packages/cli/src/audit/constants.ts
Iván Ovejero d548161632 feat(core): Security audit (#5034) 
*  Implement security audit

*  Use logger

* 🧪 Fix test

*  Switch logger with stdout

* 🎨 Set new logo

*  Fill out Public API schema

* ✏️ Fix typo

*  Break dependency cycle

*  Add security settings values

* 🧪 Test security settings

*  Add publicly accessible instance warning

*  Add metric to CLI command

* ✏️ Fix typo

* 🔥 Remove unneeded path alias

* 📘 Add type import

* 🔥 Remove inferrable output type

*  Set description at correct level

*  Rename constant for consistency

*  Sort URLs

*  Rename local var

*  Shorten name

* ✏️ Improve phrasing

*  Improve naming

*  Fix casing

* ✏️ Add docline

* ✏️ Relocate comment

*  Add singular/plurals

* 🔥 Remove unneeded await

* ✏️ Improve test description

*  Optimize with sets

*  Adjust post master merge

* ✏️ Improve naming

*  Adjust in spy

* 🧪 Fix outdated instance test

* 🧪 Make diagnostics check consistent

*  Refactor `getAllExistingCreds`

*  Create helper `getNodeTypes`

* 🐛 Fix `InternalHooksManager` call

* 🚚 Rename `execution` to `nodes` risk

*  Add options to CLI command

*  Make days configurable

* :revert: Undo changes to `BaseCommand`

*  Improve CLI command UX

*  Change no-report return value

Empty array to trigger empty state on FE.

*  Add empty check to `reportInstanceRisk`

* 🧪 Extend Jest `expect`

* 📘 Augment `jest.Matchers`

* 🧪 Set extend as setup file

* 🔧 Override lint rule for `.d.ts`

*  Use new matcher

*  Update check

* 📘 Improve typings

*  Adjust instance risk check

* ✏️ Rename `execution` → `nodes` in Public API schema

* ✏️ Add clarifying comment

* ✏️ Fix typo

*  Validate categories in CLI command

* ✏️ Improve naming

* ✏️ Make audit reference consistent

* 📘 Fix typing

*  Use `finally` in CLI command
2023-01-05 13:28:40 +01:00

122 lines
3.0 KiB
TypeScript
Raw Blame History

import type { Risk } from '@/audit/types';
/**
* Risk categories
*/
export const RISK_CATEGORIES: Risk.Category[] = [
'credentials',
'database',
'nodes',
'instance',
'filesystem',
];
/**
* Node types
*/
export const SQL_NODE_TYPES_WITH_QUERY_PARAMS = new Set([
'n8n-nodes-base.postgres',
'n8n-nodes-base.crateDb',
'n8n-nodes-base.questDb',
'n8n-nodes-base.timescaleDb',
]);
export const SQL_NODE_TYPES = new Set([
...SQL_NODE_TYPES_WITH_QUERY_PARAMS,
'n8n-nodes-base.mySql',
'n8n-nodes-base.microsoftSql',
'n8n-nodes-base.snowflake',
]);
export const WEBHOOK_NODE_TYPE = 'n8n-nodes-base.webhook';
export const WEBHOOK_VALIDATOR_NODE_TYPES = new Set([
'n8n-nodes-base.if',
'n8n-nodes-base.switch',
'n8n-nodes-base.code',
'n8n-nodes-base.function',
'n8n-nodes-base.functionItem',
]);
export const FILESYSTEM_INTERACTION_NODE_TYPES = new Set([
'n8n-nodes-base.readPdf',
'n8n-nodes-base.readBinaryFile',
'n8n-nodes-base.readBinaryFiles',
'n8n-nodes-base.spreadsheetFile',
'n8n-nodes-base.writeBinaryFile',
]);
export const OFFICIAL_RISKY_NODE_TYPES = new Set([
'n8n-nodes-base.executeCommand',
'n8n-nodes-base.code',
'n8n-nodes-base.function',
'n8n-nodes-base.functionItem',
'n8n-nodes-base.httpRequest',
'n8n-nodes-base.ssh',
'n8n-nodes-base.ftp',
]);
/**
* Risk reports
*/
export const DATABASE_REPORT = {
RISK: 'database',
SECTIONS: {
EXPRESSIONS_IN_QUERIES: 'Expressions in "Execute Query" fields in SQL nodes',
EXPRESSIONS_IN_QUERY_PARAMS: 'Expressions in "Query Parameters" fields in SQL nodes',
UNUSED_QUERY_PARAMS: 'Unused "Query Parameters" fields in SQL nodes',
},
} as const;
export const CREDENTIALS_REPORT = {
RISK: 'credentials',
SECTIONS: {
CREDS_NOT_IN_ANY_USE: 'Credentials not used in any workflow',
CREDS_NOT_IN_ACTIVE_USE: 'Credentials not used in any active workflow',
CREDS_NOT_RECENTLY_EXECUTED: 'Credentials not used in recently executed workflows',
},
} as const;
export const FILESYSTEM_REPORT = {
RISK: 'filesystem',
SECTIONS: {
FILESYSTEM_INTERACTION_NODES: 'Nodes that interact with the filesystem',
},
} as const;
export const NODES_REPORT = {
RISK: 'nodes',
SECTIONS: {
OFFICIAL_RISKY_NODES: 'Official risky nodes',
COMMUNITY_NODES: 'Community nodes',
CUSTOM_NODES: 'Custom nodes',
},
} as const;
export const INSTANCE_REPORT = {
RISK: 'instance',
SECTIONS: {
UNPROTECTED_WEBHOOKS: 'Unprotected webhooks in instance',
OUTDATED_INSTANCE: 'Outdated instance',
SECURITY_SETTINGS: 'Security settings',
},
} as const;
/**
* URLs
*/
export const ENV_VARS_DOCS_URL = 'https://docs.n8n.io/reference/environment-variables.html';
export const DB_QUERY_PARAMS_DOCS_URL =
'https://docs.n8n.io/integrations/builtin/app-nodes/n8n-nodes-base.postgres#use-query-parameters';
export const COMMUNITY_NODES_RISKS_URL = 'https://docs.n8n.io/integrations/community-nodes/risks';
export const SELF_HOSTED_AUTH_DOCS_URL = 'https://docs.n8n.io/hosting/authentication';
export const NPM_PACKAGE_URL = 'https://www.npmjs.com/package';
Reference in New Issue View Git Blame Copy Permalink