cloudsploit icon indicating copy to clipboard operation
cloudsploit copied to clipboard
verified publisher icon aquasecurity

ensure pluginDone is called under all circumstances

Open cmoore1776 opened this issue 4 years ago • 2 comments

Fixes #552, Fixes #557

The implementation of async.mapValuesLimit in engine.collector fails to resolve all of the asynchronous functions. This prevents the callback function from executing, which means outputHandler.close() never gets called. That means output is never written to the console, nor saved to JSON.

If we move the call to pluginDone out of the if statement, it is called under all circumstances, ensuring we get proper output.

cmoore1776 avatar Mar 01 '21 19:03 cmoore1776

CLA assistant check
Thank you for your submission! We really appreciate it. Like many open source projects, we ask that you sign our Contributor License Agreement before we can accept your contribution.
You have signed the CLA already but the status is still pending? Let us recheck it.

CLAassistant avatar Mar 01 '21 19:03 CLAassistant

I think the test case for accessKeysRotated is prone to false negative. The test spec is initialized with:

warnDate.setMonth(warnDate.getMonth() - 3);

and the plugin makes its determination based on > (not >=):

if (helpers.daysAgo(userCreationTime) > config.access_keys_rotated_warn

which means the warnDate in the test case won't actually generate a warning since it's exactly 90 days old. If you change the test spec to, e.g.

warnDate.setMonth(warnDate.getMonth() - 4);

the test passes

cmoore1776 avatar Mar 01 '21 19:03 cmoore1776