Merge pull request #22 from cloudgraphdev/fix/EP-1988-remove-nodejq-implementation

fix: remove node-jq implementation

Author: tyler-dunkel

.github/workflows/publish.yml

@@ -41,9 +41,6 @@ jobs:
         # See https://github.com/actions/setup-node/blob/main/docs/advanced-usage.md#use-private-packages
         run: yarn install --frozen-lockfile --prefer-offline --ignore-scripts
 
-      - name: Install jq for tests
-        run: node -r node-jq/scripts/install-binary.js
-
       - name: Build
         run: yarn prepack
 

package.json

@@ -29,7 +29,6 @@
     "inquirer": "^8.1.2",
     "jsonpath": "^1.1.1",
     "lodash": "^4.17.21",
-    "node-jq": "^2.3.0",
     "ora": "^5.4.1"
   },
   "devDependencies": {

src/plugins/policyPack/index.ts

@@ -316,7 +316,7 @@ export default class PolicyPackPlugin extends Plugin {
         ])
 
         // Format metadata and link connections
-        const linkedData = getLinkedData(providerData)
+        const linkedData = getLinkedData(providerData, this.provider.schemasMap)
 
         const findings = await this.executeRule({
           data: linkedData,

src/rules-engine/evaluators/json-evaluator.ts

@@ -1,5 +1,5 @@
 import lodash from 'lodash'
-import * as jqNode from 'node-jq'
+
 import {
   Condition,
   JsonRule,
@@ -122,10 +122,9 @@ export default class JsonEvaluator implements RuleEvaluator<JsonRule> {
     _data: _ResourceData
   ): Promise<number | boolean> {
     const condition = { ..._condition }
-    const { path, value, jq: jqQuery } = condition
+    const { path, value } = condition
     delete condition.path
     delete condition.value
-    delete condition.jq
     // remaining field should be the op name
     const op = Object.keys(condition)[0] //
     const operator = this.operators[op]
@@ -158,25 +157,6 @@ export default class JsonEvaluator implements RuleEvaluator<JsonRule> {
       firstArg = value
     }
 
-    if (firstArg && jqQuery) {
-      firstArg = await this.runJq(firstArg, jqQuery)
-      data.data = lodash.cloneDeep(data.data)
-      lodash.set(data.data, data.elementPath, firstArg)
-    }
-
     return operator(firstArg, otherArgs, data)
   }
-
-  async runJq(data: unknown, jqQuery: string): Promise<unknown> {
-    try {
-      const json = (await jqNode.run(jqQuery, data, {
-        input: 'json',
-        output: 'json',
-      })) as unknown
-
-      return json || data
-    } catch (e) {
-      return data
-    }
-  }
 }

src/rules-engine/types.ts

@@ -9,7 +9,6 @@ export type ResourceData = {
 export type Condition = {
   path?: string
   value?: string | number | Condition | (string | number)[]
-  jq?: string
   [operationId: string]: any
 }
 

src/utils/data.ts

@@ -1,6 +1,6 @@
-import { ProviderData } from '../types'
+import { ProviderData, SchemaMap } from '../types'
 
-const getLinkedData = (providerData: ProviderData): any => {
+const getLinkedData = (providerData: ProviderData, schemasMap?: SchemaMap): any => {
   const linkedData = {}
   const allEntities = providerData?.entities || []
   const allConnections = providerData?.connections || {}
@@ -42,11 +42,12 @@ const getLinkedData = (providerData: ProviderData): any => {
         }
         entity[conn.field].push(targetEntity)
         // inverse relation
-        // const inverseConnField = this.schemasMap[entity.__typename] || 'account' // @TODO: account doesn't have a name
-        // if (!targetEntity[inverseConnField]) {
-        //   targetEntity[inverseConnField] = []
-        // }
-        // targetEntity[inverseConnField].push(entity)
+        // eslint-disable-next-line no-underscore-dangle
+        const inverseConnField = schemasMap && schemasMap[entity.__typename] || 'account' // @TODO: account doesn't have a name
+        if (!targetEntity[inverseConnField]) {
+          targetEntity[inverseConnField] = []
+        }
+        targetEntity[inverseConnField].push(entity)
       } // else parent relation.. is not used atm
     }
   }

tests/evaluators/json-evaluator.test.ts

@@ -369,125 +369,6 @@ describe('JsonEvaluator', () => {
     expect(finding.result).toBe(Result.PASS)
   })
 
-  test('should support jq on array operators', async () => {
-    const data = {
-      data: {
-        a: {
-          b: [{ color: 'red' }, { color: 'green' }, { color: 'blue' }],
-          c: [{ fruit: 'apple' }, { fruit: 'orange' }, { fruit: 'banana' }],
-        },
-      },
-      resource: {
-        id: cuid(),
-      },
-    } as any
-    const rule: any = {
-      jq: '[.b[] + .c[]]',
-      path: 'a',
-      array_any: {
-        path: '[*]',
-        and: [
-          {
-            path: '[*].color',
-            equal: 'green',
-          },
-          {
-            path: '[*].fruit',
-            equal: 'orange',
-          },
-        ],
-      },
-    }
-
-    const finding = await evaluator.evaluateSingleResource(
-      { conditions: rule } as any,
-      data
-    )
-
-    expect(finding.result).toBe(Result.PASS)
-  })
-
-  test('should support jq on array with nested operators', async () => {
-    const data = {
-      data: {
-        cloudwatchLog: [
-          {
-            metricFilters: [
-              {
-                filterName: 'KmsDeletion',
-                filterPattern:
-                  '{($.eventSource = kms.amazonaws.com) && (($.eventName=DisableKey)||($.eventName=ScheduleKeyDeletion)) }',
-                metricTransformations: [
-                  {
-                    metricName: 'KmsDeletionCount',
-                  },
-                ],
-              },
-              {
-                filterName: 'ConsoleSignInFailures',
-                filterPattern:
-                  '{ ($.eventName = ConsoleLogin) && ($.errorMessage = "Failed authentication") }',
-                metricTransformations: [
-                  {
-                    metricName: 'ConsoleSignInFailureCount',
-                  },
-                ],
-              },
-            ],
-            cloudwatch: [
-              {
-                metric: 'KmsDeletionCount',
-                sns: [
-                  {
-                    arn: 'arn:aws:sns:us-east-1:...',
-                    subscriptions: [
-                      {
-                        arn: 'arn:aws:...',
-                      },
-                    ],
-                  },
-                ],
-              },
-            ],
-          },
-        ],
-      },
-      resource: {
-        id: cuid(),
-      },
-    } as any
-    const rule: any = {
-      path: 'cloudwatchLog',
-      jq: '[.[].metricFilters[] + .[].cloudwatch[] | select(.metricTransformations[].metricName == .metric)]',
-      array_any: {
-        and: [
-          {
-            path: '[*].filterPattern',
-            equal:
-              '{($.eventSource = kms.amazonaws.com) && (($.eventName=DisableKey)||($.eventName=ScheduleKeyDeletion)) }',
-          },
-          {
-            path: '[*].sns',
-            array_any: {
-              path: '[*].subscriptions',
-              array_any: {
-                path: '[*].arn',
-                match: /^arn:aws:.*$/,
-              },
-            },
-          },
-        ],
-      },
-    }
-
-    const finding = await evaluator.evaluateSingleResource(
-      { conditions: rule } as any,
-      data
-    )
-
-    expect(finding.result).toBe(Result.PASS)
-  })
-
   test('Should pass using the same value for the equal operator with the same path', async () => {
     const data = {
       data: { a: { b: [0, { e: 'same value', d: 'same value' }] } },