mirror of
https://github.com/n8n-io/n8n.git
synced 2025-01-12 05:17:28 -08:00
097f93564c
Some checks are pending
Test Master / install-and-build (push) Waiting to run
Test Master / Unit tests (18.x) (push) Blocked by required conditions
Test Master / Unit tests (20.x) (push) Blocked by required conditions
Test Master / Unit tests (22.4) (push) Blocked by required conditions
Test Master / Lint (push) Blocked by required conditions
Test Master / Notify Slack on failure (push) Blocked by required conditions
71 lines
2.1 KiB
TypeScript
71 lines
2.1 KiB
TypeScript
import { SecurityConfig } from '@n8n/config';
|
|
import { Flags } from '@oclif/core';
|
|
import { ApplicationError } from 'n8n-workflow';
|
|
import { Container } from 'typedi';
|
|
|
|
import { RISK_CATEGORIES } from '@/security-audit/constants';
|
|
import { SecurityAuditService } from '@/security-audit/security-audit.service';
|
|
import type { Risk } from '@/security-audit/types';
|
|
|
|
import { BaseCommand } from './base-command';
|
|
|
|
export class SecurityAudit extends BaseCommand {
|
|
static description = 'Generate a security audit report for this n8n instance';
|
|
|
|
static examples = [
|
|
'$ n8n audit',
|
|
'$ n8n audit --categories=database,credentials',
|
|
'$ n8n audit --days-abandoned-workflow=10',
|
|
];
|
|
|
|
static flags = {
|
|
help: Flags.help({ char: 'h' }),
|
|
categories: Flags.string({
|
|
default: RISK_CATEGORIES.join(','),
|
|
description: 'Comma-separated list of categories to include in the audit',
|
|
}),
|
|
|
|
'days-abandoned-workflow': Flags.integer({
|
|
default: Container.get(SecurityConfig).daysAbandonedWorkflow,
|
|
description: 'Days for a workflow to be considered abandoned if not executed',
|
|
}),
|
|
};
|
|
|
|
async run() {
|
|
const { flags: auditFlags } = await this.parse(SecurityAudit);
|
|
|
|
const categories =
|
|
auditFlags.categories?.split(',').filter((c): c is Risk.Category => c !== '') ??
|
|
RISK_CATEGORIES;
|
|
|
|
const invalidCategories = categories.filter((c) => !RISK_CATEGORIES.includes(c));
|
|
|
|
if (invalidCategories.length > 0) {
|
|
const message =
|
|
invalidCategories.length > 1
|
|
? `Invalid categories received: ${invalidCategories.join(', ')}`
|
|
: `Invalid category received: ${invalidCategories[0]}`;
|
|
|
|
const hint = `Valid categories are: ${RISK_CATEGORIES.join(', ')}`;
|
|
|
|
throw new ApplicationError([message, hint].join('. '));
|
|
}
|
|
|
|
const result = await Container.get(SecurityAuditService).run(
|
|
categories,
|
|
auditFlags['days-abandoned-workflow'],
|
|
);
|
|
|
|
if (Array.isArray(result) && result.length === 0) {
|
|
this.logger.info('No security issues found');
|
|
} else {
|
|
process.stdout.write(JSON.stringify(result, null, 2));
|
|
}
|
|
}
|
|
|
|
async catch(error: Error) {
|
|
this.logger.error('Failed to generate security audit');
|
|
this.logger.error(error.message);
|
|
}
|
|
}
|