mirror of
https://github.com/n8n-io/n8n.git
synced 2025-01-28 21:02:36 -08:00
d548161632
* ✨ Implement security audit * ⚡ Use logger * 🧪 Fix test * ⚡ Switch logger with stdout * 🎨 Set new logo * ⚡ Fill out Public API schema * ✏️ Fix typo * ⚡ Break dependency cycle * ⚡ Add security settings values * 🧪 Test security settings * ⚡ Add publicly accessible instance warning * ⚡ Add metric to CLI command * ✏️ Fix typo * 🔥 Remove unneeded path alias * 📘 Add type import * 🔥 Remove inferrable output type * ⚡ Set description at correct level * ⚡ Rename constant for consistency * ⚡ Sort URLs * ⚡ Rename local var * ⚡ Shorten name * ✏️ Improve phrasing * ⚡ Improve naming * ⚡ Fix casing * ✏️ Add docline * ✏️ Relocate comment * ⚡ Add singular/plurals * 🔥 Remove unneeded await * ✏️ Improve test description * ⚡ Optimize with sets * ⚡ Adjust post master merge * ✏️ Improve naming * ⚡ Adjust in spy * 🧪 Fix outdated instance test * 🧪 Make diagnostics check consistent * ⚡ Refactor `getAllExistingCreds` * ⚡ Create helper `getNodeTypes` * 🐛 Fix `InternalHooksManager` call * 🚚 Rename `execution` to `nodes` risk * ⚡ Add options to CLI command * ⚡ Make days configurable * :revert: Undo changes to `BaseCommand` * ⚡ Improve CLI command UX * ⚡ Change no-report return value Empty array to trigger empty state on FE. * ⚡ Add empty check to `reportInstanceRisk` * 🧪 Extend Jest `expect` * 📘 Augment `jest.Matchers` * 🧪 Set extend as setup file * 🔧 Override lint rule for `.d.ts` * ⚡ Use new matcher * ⚡ Update check * 📘 Improve typings * ⚡ Adjust instance risk check * ✏️ Rename `execution` → `nodes` in Public API schema * ✏️ Add clarifying comment * ✏️ Fix typo * ⚡ Validate categories in CLI command * ✏️ Improve naming * ✏️ Make audit reference consistent * 📘 Fix typing * ⚡ Use `finally` in CLI command
69 lines
2.2 KiB
TypeScript
69 lines
2.2 KiB
TypeScript
import * as Db from '@/Db';
|
|
import { separate } from '@/utils';
|
|
import config from '@/config';
|
|
import { RISK_CATEGORIES } from '@/audit/constants';
|
|
import { toReportTitle } from '@/audit/utils';
|
|
import { reportCredentialsRisk } from '@/audit/risks/credentials.risk';
|
|
import { reportDatabaseRisk } from '@/audit/risks/database.risk';
|
|
import { reportNodesRisk } from '@/audit/risks/nodes.risk';
|
|
import { reportFilesystemRisk } from '@/audit/risks/filesystem.risk';
|
|
import { reportInstanceRisk } from '@/audit/risks/instance.risk';
|
|
import type { Risk } from '@/audit/types';
|
|
|
|
export const SYNC_MAP: Record<string, Risk.SyncReportFn> = {
|
|
database: reportDatabaseRisk,
|
|
filesystem: reportFilesystemRisk,
|
|
};
|
|
|
|
export const ASYNC_MAP: Record<string, Risk.AsyncReportFn> = {
|
|
credentials: reportCredentialsRisk,
|
|
nodes: reportNodesRisk,
|
|
instance: reportInstanceRisk,
|
|
};
|
|
|
|
export const isAsync = (c: Risk.Category) => Object.keys(ASYNC_MAP).includes(c);
|
|
|
|
export async function audit(
|
|
categories: Risk.Category[] = RISK_CATEGORIES,
|
|
daysAbandonedWorkflow?: number,
|
|
) {
|
|
if (categories.length === 0) categories = RISK_CATEGORIES;
|
|
|
|
const daysFromEnv = config.getEnv('security.audit.daysAbandonedWorkflow');
|
|
|
|
if (daysAbandonedWorkflow) {
|
|
config.set('security.audit.daysAbandonedWorkflow', daysAbandonedWorkflow);
|
|
}
|
|
|
|
const workflows = await Db.collections.Workflow.find({
|
|
select: ['id', 'name', 'active', 'nodes', 'connections'],
|
|
});
|
|
|
|
const [asyncCategories, syncCategories] = separate(categories, isAsync);
|
|
|
|
const reports: Risk.Report[] = [];
|
|
|
|
if (asyncCategories.length > 0) {
|
|
const promises = asyncCategories.map(async (c) => ASYNC_MAP[c](workflows));
|
|
const asyncReports = await Promise.all(promises);
|
|
asyncReports.forEach((r) => r !== null && reports.push(r));
|
|
}
|
|
|
|
if (syncCategories.length > 0) {
|
|
const syncReports = syncCategories.map((c) => SYNC_MAP[c](workflows));
|
|
syncReports.forEach((r) => r !== null && reports.push(r));
|
|
}
|
|
|
|
if (daysAbandonedWorkflow) {
|
|
config.set('security.audit.daysAbandonedWorkflow', daysFromEnv); // restore env
|
|
}
|
|
|
|
if (reports.length === 0) return []; // trigger empty state
|
|
|
|
return reports.reduce<Risk.Audit>((acc, cur) => {
|
|
acc[toReportTitle(cur.risk)] = cur;
|
|
|
|
return acc;
|
|
}, {});
|
|
}
|