n8n/packages/cli/src/audit/constants.ts

import type { Risk } from '@/audit/types';

/**
 * Risk categories
 */

export const RISK_CATEGORIES: Risk.Category[] = [
	'credentials',
	'database',
	'nodes',
	'instance',
	'filesystem',
];

/**
 * Node types
 */

export const SQL_NODE_TYPES_WITH_QUERY_PARAMS = new Set([
	'n8n-nodes-base.postgres',
	'n8n-nodes-base.crateDb',
	'n8n-nodes-base.questDb',
	'n8n-nodes-base.timescaleDb',
]);

export const SQL_NODE_TYPES = new Set([
	...SQL_NODE_TYPES_WITH_QUERY_PARAMS,
	'n8n-nodes-base.mySql',
	'n8n-nodes-base.microsoftSql',
	'n8n-nodes-base.snowflake',
]);

export const WEBHOOK_NODE_TYPE = 'n8n-nodes-base.webhook';

export const WEBHOOK_VALIDATOR_NODE_TYPES = new Set([
	'n8n-nodes-base.if',
	'n8n-nodes-base.switch',
	'n8n-nodes-base.code',
	'n8n-nodes-base.function',
	'n8n-nodes-base.functionItem',
]);

export const FILESYSTEM_INTERACTION_NODE_TYPES = new Set([
	'n8n-nodes-base.readPdf',
	'n8n-nodes-base.readBinaryFile',
	'n8n-nodes-base.readBinaryFiles',
	'n8n-nodes-base.spreadsheetFile',
	'n8n-nodes-base.writeBinaryFile',
]);

export const OFFICIAL_RISKY_NODE_TYPES = new Set([
	'n8n-nodes-base.executeCommand',
	'n8n-nodes-base.code',
	'n8n-nodes-base.function',
	'n8n-nodes-base.functionItem',
	'n8n-nodes-base.httpRequest',
	'n8n-nodes-base.ssh',
	'n8n-nodes-base.ftp',
]);

/**
 * Risk reports
 */

export const DATABASE_REPORT = {
	RISK: 'database',
	SECTIONS: {
		EXPRESSIONS_IN_QUERIES: 'Expressions in "Execute Query" fields in SQL nodes',
		EXPRESSIONS_IN_QUERY_PARAMS: 'Expressions in "Query Parameters" fields in SQL nodes',
		UNUSED_QUERY_PARAMS: 'Unused "Query Parameters" fields in SQL nodes',
	},
} as const;

export const CREDENTIALS_REPORT = {
	RISK: 'credentials',
	SECTIONS: {
		CREDS_NOT_IN_ANY_USE: 'Credentials not used in any workflow',
		CREDS_NOT_IN_ACTIVE_USE: 'Credentials not used in any active workflow',
		CREDS_NOT_RECENTLY_EXECUTED: 'Credentials not used in recently executed workflows',
	},
} as const;

export const FILESYSTEM_REPORT = {
	RISK: 'filesystem',
	SECTIONS: {
		FILESYSTEM_INTERACTION_NODES: 'Nodes that interact with the filesystem',
	},
} as const;

export const NODES_REPORT = {
	RISK: 'nodes',
	SECTIONS: {
		OFFICIAL_RISKY_NODES: 'Official risky nodes',
		COMMUNITY_NODES: 'Community nodes',
		CUSTOM_NODES: 'Custom nodes',
	},
} as const;

export const INSTANCE_REPORT = {
	RISK: 'instance',
	SECTIONS: {
		UNPROTECTED_WEBHOOKS: 'Unprotected webhooks in instance',
		OUTDATED_INSTANCE: 'Outdated instance',
		SECURITY_SETTINGS: 'Security settings',
	},
} as const;

/**
 * URLs
 */

export const ENV_VARS_DOCS_URL = 'https://docs.n8n.io/reference/environment-variables.html';

export const DB_QUERY_PARAMS_DOCS_URL =
	'https://docs.n8n.io/integrations/builtin/app-nodes/n8n-nodes-base.postgres#use-query-parameters';

export const COMMUNITY_NODES_RISKS_URL = 'https://docs.n8n.io/integrations/community-nodes/risks';

export const NPM_PACKAGE_URL = 'https://www.npmjs.com/package';
feat(core): Security audit (#5034) * :sparkles: Implement security audit * :zap: Use logger * :test_tube: Fix test * :zap: Switch logger with stdout * :art: Set new logo * :zap: Fill out Public API schema * :pencil2: Fix typo * :zap: Break dependency cycle * :zap: Add security settings values * :test_tube: Test security settings * :zap: Add publicly accessible instance warning * :zap: Add metric to CLI command * :pencil2: Fix typo * :fire: Remove unneeded path alias * :blue_book: Add type import * :fire: Remove inferrable output type * :zap: Set description at correct level * :zap: Rename constant for consistency * :zap: Sort URLs * :zap: Rename local var * :zap: Shorten name * :pencil2: Improve phrasing * :zap: Improve naming * :zap: Fix casing * :pencil2: Add docline * :pencil2: Relocate comment * :zap: Add singular/plurals * :fire: Remove unneeded await * :pencil2: Improve test description * :zap: Optimize with sets * :zap: Adjust post master merge * :pencil2: Improve naming * :zap: Adjust in spy * :test_tube: Fix outdated instance test * :test_tube: Make diagnostics check consistent * :zap: Refactor `getAllExistingCreds` * :zap: Create helper `getNodeTypes` * :bug: Fix `InternalHooksManager` call * :truck: Rename `execution` to `nodes` risk * :zap: Add options to CLI command * :zap: Make days configurable * :revert: Undo changes to `BaseCommand` * :zap: Improve CLI command UX * :zap: Change no-report return value Empty array to trigger empty state on FE. * :zap: Add empty check to `reportInstanceRisk` * :test_tube: Extend Jest `expect` * :blue_book: Augment `jest.Matchers` * :test_tube: Set extend as setup file * :wrench: Override lint rule for `.d.ts` * :zap: Use new matcher * :zap: Update check * :blue_book: Improve typings * :zap: Adjust instance risk check * :pencil2: Rename `execution` → `nodes` in Public API schema * :pencil2: Add clarifying comment * :pencil2: Fix typo * :zap: Validate categories in CLI command * :pencil2: Improve naming * :pencil2: Make audit reference consistent * :blue_book: Fix typing * :zap: Use `finally` in CLI command 2023-01-05 04:28:40 -08:00			`import type { Risk } from '@/audit/types';`

			`/**`
			`* Risk categories`
			`*/`

			`export const RISK_CATEGORIES: Risk.Category[] = [`
			`'credentials',`
			`'database',`
			`'nodes',`
			`'instance',`
			`'filesystem',`
			`];`

			`/**`
			`* Node types`
			`*/`

			`export const SQL_NODE_TYPES_WITH_QUERY_PARAMS = new Set([`
			`'n8n-nodes-base.postgres',`
			`'n8n-nodes-base.crateDb',`
			`'n8n-nodes-base.questDb',`
			`'n8n-nodes-base.timescaleDb',`
			`]);`

			`export const SQL_NODE_TYPES = new Set([`
			`...SQL_NODE_TYPES_WITH_QUERY_PARAMS,`
			`'n8n-nodes-base.mySql',`
			`'n8n-nodes-base.microsoftSql',`
			`'n8n-nodes-base.snowflake',`
			`]);`

			`export const WEBHOOK_NODE_TYPE = 'n8n-nodes-base.webhook';`

			`export const WEBHOOK_VALIDATOR_NODE_TYPES = new Set([`
			`'n8n-nodes-base.if',`
			`'n8n-nodes-base.switch',`
			`'n8n-nodes-base.code',`
			`'n8n-nodes-base.function',`
			`'n8n-nodes-base.functionItem',`
			`]);`

			`export const FILESYSTEM_INTERACTION_NODE_TYPES = new Set([`
			`'n8n-nodes-base.readPdf',`
			`'n8n-nodes-base.readBinaryFile',`
			`'n8n-nodes-base.readBinaryFiles',`
			`'n8n-nodes-base.spreadsheetFile',`
			`'n8n-nodes-base.writeBinaryFile',`
			`]);`

			`export const OFFICIAL_RISKY_NODE_TYPES = new Set([`
			`'n8n-nodes-base.executeCommand',`
			`'n8n-nodes-base.code',`
			`'n8n-nodes-base.function',`
			`'n8n-nodes-base.functionItem',`
			`'n8n-nodes-base.httpRequest',`
			`'n8n-nodes-base.ssh',`
			`'n8n-nodes-base.ftp',`
			`]);`

			`/**`
			`* Risk reports`
			`*/`

			`export const DATABASE_REPORT = {`
			`RISK: 'database',`
			`SECTIONS: {`
			`EXPRESSIONS_IN_QUERIES: 'Expressions in "Execute Query" fields in SQL nodes',`
			`EXPRESSIONS_IN_QUERY_PARAMS: 'Expressions in "Query Parameters" fields in SQL nodes',`
			`UNUSED_QUERY_PARAMS: 'Unused "Query Parameters" fields in SQL nodes',`
			`},`
			`} as const;`

			`export const CREDENTIALS_REPORT = {`
			`RISK: 'credentials',`
			`SECTIONS: {`
			`CREDS_NOT_IN_ANY_USE: 'Credentials not used in any workflow',`
			`CREDS_NOT_IN_ACTIVE_USE: 'Credentials not used in any active workflow',`
			`CREDS_NOT_RECENTLY_EXECUTED: 'Credentials not used in recently executed workflows',`
			`},`
			`} as const;`

			`export const FILESYSTEM_REPORT = {`
			`RISK: 'filesystem',`
			`SECTIONS: {`
			`FILESYSTEM_INTERACTION_NODES: 'Nodes that interact with the filesystem',`
			`},`
			`} as const;`

			`export const NODES_REPORT = {`
			`RISK: 'nodes',`
			`SECTIONS: {`
			`OFFICIAL_RISKY_NODES: 'Official risky nodes',`
			`COMMUNITY_NODES: 'Community nodes',`
			`CUSTOM_NODES: 'Custom nodes',`
			`},`
			`} as const;`

			`export const INSTANCE_REPORT = {`
			`RISK: 'instance',`
			`SECTIONS: {`
			`UNPROTECTED_WEBHOOKS: 'Unprotected webhooks in instance',`
			`OUTDATED_INSTANCE: 'Outdated instance',`
			`SECURITY_SETTINGS: 'Security settings',`
			`},`
			`} as const;`

			`/**`
			`* URLs`
			`*/`

			`export const ENV_VARS_DOCS_URL = 'https://docs.n8n.io/reference/environment-variables.html';`

			`export const DB_QUERY_PARAMS_DOCS_URL =`
			`'https://docs.n8n.io/integrations/builtin/app-nodes/n8n-nodes-base.postgres#use-query-parameters';`

			`export const COMMUNITY_NODES_RISKS_URL = 'https://docs.n8n.io/integrations/community-nodes/risks';`

			`export const NPM_PACKAGE_URL = 'https://www.npmjs.com/package';`