@infrascan/aws-cloudfront-scanner/dist/index.js

Infrascan scanner definition for AWS Cloudfront

"use strict";
var __create = Object.create;
var __defProp = Object.defineProperty;
var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
var __getOwnPropNames = Object.getOwnPropertyNames;
var __getProtoOf = Object.getPrototypeOf;
var __hasOwnProp = Object.prototype.hasOwnProperty;
var __export = (target, all) => {
  for (var name in all)
    __defProp(target, name, { get: all[name], enumerable: true });
};
var __copyProps = (to, from, except, desc) => {
  if (from && typeof from === "object" || typeof from === "function") {
    for (let key of __getOwnPropNames(from))
      if (!__hasOwnProp.call(to, key) && key !== except)
        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
  }
  return to;
};
var __toESM = (mod, isNodeMode, target) => (target = mod != null ? __create(__getProtoOf(mod)) : {}, __copyProps(
  // If the importer is in node compatibility mode or this is not an ESM
  // file that has been converted to a CommonJS file using a Babel-
  // compatible transform (i.e. "__esModule" has not been set), then set
  // "default" to the CommonJS "module.exports" for node compatibility.
  isNodeMode || !mod || !mod.__esModule ? __defProp(target, "default", { value: mod, enumerable: true }) : target,
  mod
));
var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);

// src/index.ts
var index_exports = {};
__export(index_exports, {
  default: () => index_default
});
module.exports = __toCommonJS(index_exports);

// src/generated/client.ts
var import_client_cloudfront = require("@aws-sdk/client-cloudfront");
var import_debug = __toESM(require("debug"));
var clientDebug = (0, import_debug.default)("cloudfront:client");
function getClient(credentials, context, retryStrategy) {
  clientDebug("Creating instance with context", context);
  return new import_client_cloudfront.CloudFrontClient({
    credentials,
    region: context.region,
    retryStrategy
  });
}

// src/generated/getters.ts
var import_client_cloudfront2 = require("@aws-sdk/client-cloudfront");
var import_debug2 = __toESM(require("debug"));
async function ListDistributions(client, stateConnector, context) {
  const getterDebug = (0, import_debug2.default)("cloudfront:ListDistributions");
  const state = [];
  getterDebug("ListDistributions");
  const preparedParams = {};
  try {
    const cmd = new import_client_cloudfront2.ListDistributionsCommand(preparedParams);
    const result = await client.send(cmd);
    state.push({
      _metadata: {
        account: context.account,
        region: context.region,
        timestamp: Date.now()
      },
      _parameters: preparedParams,
      _result: result
    });
  } catch (err) {
    if (err instanceof import_client_cloudfront2.CloudFrontServiceException) {
      if (err?.$retryable) {
        console.log("Encountered retryable error", err);
      } else {
        console.log("Encountered unretryable error", err);
      }
    } else {
      console.log("Encountered unexpected error", err);
    }
  }
  getterDebug("Recording state");
  await stateConnector.onServiceScanCompleteCallback(
    context.account,
    context.region,
    "CloudFront",
    "ListDistributions",
    state
  );
}

// src/graph.ts
var import_core = require("@infrascan/core");
var CloudfrontDistributionEntity = {
  version: "0.1.0",
  debugLabel: "cloudfront",
  provider: "aws",
  command: "ListDistributions",
  category: "cloudfront",
  subcategory: "distribution",
  nodeType: "cloudfront-distribution",
  selector: "CloudFront|ListDistributions|[]",
  getState(state, context) {
    return (0, import_core.evaluateSelector)(
      context.account,
      context.region,
      CloudfrontDistributionEntity.selector,
      state
    );
  },
  translate(val) {
    return (val._result.DistributionList?.Items ?? []).map(
      (distribution) => Object.assign(distribution, {
        $metadata: val._metadata,
        $parameters: val._parameters
      })
    );
  },
  components: {
    $metadata(val) {
      return {
        version: CloudfrontDistributionEntity.version,
        timestamp: val.$metadata.timestamp
      };
    },
    $graph(val) {
      return {
        id: val.ARN,
        label: val.DomainName,
        nodeType: CloudfrontDistributionEntity.nodeType,
        parent: val.$metadata.account
      };
    },
    $source(val) {
      return {
        command: CloudfrontDistributionEntity.command,
        parameters: val.$parameters
      };
    },
    dns(val) {
      const domains = [val.DomainName];
      if (val.Aliases?.Items == null) {
        return { domains };
      }
      return {
        domains: domains.concat(val.Aliases.Items)
      };
    },
    tenant(val) {
      return {
        tenantId: val.$metadata.account,
        provider: CloudfrontDistributionEntity.provider,
        partition: val.$metadata.partition
      };
    },
    resource(val) {
      return {
        id: val.ARN,
        name: val.DomainName,
        category: CloudfrontDistributionEntity.category,
        subcategory: CloudfrontDistributionEntity.subcategory,
        description: val.Comment
      };
    },
    distribution(val) {
      return {
        originGroups: val.OriginGroups?.Items,
        cacheBehaviours: val.CacheBehaviors?.Items,
        defaultCacheBehaviour: val.DefaultCacheBehavior
      };
    }
  }
};

// src/edges.ts
var import_core2 = require("@infrascan/core");
var import_minimatch = require("minimatch");
async function generateEdgesForS3BackedDistributions(connector) {
  const cloudfrontS3Edges = [];
  const cloudfrontDistributionsState = await connector.getGlobalStateForServiceFunction(
    "CloudFront",
    "ListDistributions"
  );
  const cloudfrontDistributions = cloudfrontDistributionsState.flatMap(({ _result }) => _result.DistributionList?.Items).filter((distribution) => distribution != null);
  const S3State = await connector.getGlobalStateForServiceFunction("S3", "ListBuckets");
  for (const distribution of cloudfrontDistributions) {
    if (!distribution?.ARN) {
      continue;
    }
    const distributionItems = distribution?.Origins?.Items;
    distributionItems?.forEach((distributionOrigin) => {
      const hasS3Domain = distributionOrigin?.DomainName?.endsWith(".s3.amazonaws.com") || (0, import_minimatch.minimatch)(distributionOrigin?.DomainName ?? "", "*.s3.*.amazonaws.com");
      if (!hasS3Domain) {
        console.log(
          distributionOrigin?.DomainName,
          (0, import_minimatch.minimatch)(
            distributionOrigin?.DomainName ?? "",
            "*.s3.*.amazonaws.com"
          )
        );
        return;
      }
      const bucketName = distributionOrigin?.DomainName?.split(
        "."
      ).shift();
      const relevantS3Bucket = S3State.find(
        ({ _result }) => _result.Buckets?.find((bucket) => bucket.Name)
      );
      if (relevantS3Bucket) {
        const distroTarget = {
          name: `${bucketName} Distribution`,
          target: (0, import_core2.formatS3NodeId)(bucketName)
        };
        cloudfrontS3Edges.push(
          (0, import_core2.formatEdge)(distribution?.ARN, distroTarget)
        );
      }
    });
  }
  return cloudfrontS3Edges;
}
async function getEdges(connector) {
  return generateEdgesForS3BackedDistributions(connector);
}

// src/index.ts
var CloudFrontScanner = {
  provider: "aws",
  service: "cloudfront",
  key: "CloudFront",
  getClient,
  callPerRegion: true,
  getters: [ListDistributions],
  getEdges,
  entities: [CloudfrontDistributionEntity]
};
var index_default = CloudFrontScanner;