Skip to content

Commit

Permalink
Merge pull request #18 from aws-solutions/release/v1.0.3
Browse files Browse the repository at this point in the history
Updated to version v1.0.3
  • Loading branch information
aijunpeng authored Oct 27, 2023
2 parents ec20b08 + 741e007 commit 801b365
Show file tree
Hide file tree
Showing 16 changed files with 2,569 additions and 9,067 deletions.
21 changes: 17 additions & 4 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
@@ -1,21 +1,34 @@
# Change Log

All notable changes to this project will be documented in this file.

The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).

## [1.0.3] - 2023-10-27

### Changed

- Library updates to address [Babel vulnerable to arbitrary code execution when compiling specifically crafted malicious code](https://nvd.nist.gov/vuln/detail/CVE-2023-45133)
- Library updates to address [xml2js vulnerable to improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')](https://nvd.nist.gov/vuln/detail/CVE-2023-0842)

## [1.0.2] - 2022-12-19
### Updated

### Changed

- Name change to Firewall Automation for Network Traffic on AWS
- Upgrade to CDK v2
- Fix NPM security warnings
- Fix SonarQube bugs and increase unit test coverage

## [1.0.1] - 2021-04-10
### Updated
- Updated default branch name to 'main'. [Change branch settings in your
existing AWS CodeCommit repository.](https://docs.aws.amazon.com/codecommit/latest/userguide/how-to-change-branch.html)

### Changed

- Updated default branch name to 'main'. [Change branch settings in your existing AWS CodeCommit repository.](https://docs.aws.amazon.com/codecommit/latest/userguide/how-to-change-branch.html)

## [1.0.0] - 2021-02-24

### Added

- New solution AWS Network Firewall Deployment Automations for AWS Transit Gateway, initial version
2 changes: 1 addition & 1 deletion CODE_OF_CONDUCT.md
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
## Code of Conduct
This project has adopted the [Amazon Open Source Code of Conduct](https://aws.github.io/code-of-conduct).
For more information see the [Code of Conduct FAQ](https://aws.github.io/code-of-conduct-faq) or contact
[email protected] with any additional questions or comments.
[email protected] with any additional questions or comments.
17 changes: 8 additions & 9 deletions CONTRIBUTING.md
Original file line number Diff line number Diff line change
Expand Up @@ -23,19 +23,18 @@ reported the issue. Please try to include as much information as you can. Detail
## Contributing via Pull Requests
Contributions via pull requests are much appreciated. Before sending us a pull request, please ensure that:

1. You are working against the latest source on the *master* branch.
1. You are working against the latest source on the *main* branch.
2. You check existing open, and recently merged, pull requests to make sure someone else hasn't addressed the problem already.
3. You open an issue to discuss any significant work - we would hate for your time to be wasted.

To send us a pull request, please:

1. Fork the repository.
2. Modify the source; please focus on the specific change you are contributing. If you also reformat all the code, it will be hard for us to focus on your change.
3. Ensure all build processes execute successfully (see README.md for additional guidance).
4. Ensure all unit, integration, and/or snapshot tests pass, as applicable.
5. Commit to your fork using clear commit messages.
6. Send us a pull request, answering any default questions in the pull request interface.
7. Pay attention to any automated CI failures reported in the pull request, and stay involved in the conversation.
3. Ensure local tests pass.
4. Commit to your fork using clear commit messages.
5. Send us a pull request, answering any default questions in the pull request interface.
6. Pay attention to any automated CI failures reported in the pull request, and stay involved in the conversation.

GitHub provides additional document on [forking a repository](https://help.github.com/articles/fork-a-repo/) and
[creating a pull request](https://help.github.com/articles/creating-a-pull-request/).
Expand All @@ -52,11 +51,11 @@ [email protected] with any additional questions or comments.


## Security issue notifications
If you discover a potential security issue in this project we ask that you notify AWS/Amazon Security via our [vulnerability reporting page](http://aws.amazon.com/security/vulnerability-reporting/). Please do **not** create a public GitHub issue.
If you discover a potential security issue in this project we ask that you notify AWS/Amazon Security via our [vulnerability reporting page](http://aws.amazon.com/security/vulnerability-reporting/). Please do **not** create a public github issue.


## Licensing

See the [LICENSE](https://github.com/aws-solutions/firewall-automation-for-network-traffic-on-aws/blob/master/LICENSE) file for our project's licensing. We will ask you to confirm the licensing of your contribution.
See the [LICENSE](https://github.com/aws-solutions/firewall-automation-for-network-traffic-on-aws/blob/main/LICENSE.txt) file for our project's licensing. We will ask you to confirm the licensing of your contribution.

We may ask you to sign a [Contributor License Agreement (CLA)](http://en.wikipedia.org/wiki/Contributor_License_Agreement) for larger changes.
We may ask you to sign a [Contributor License Agreement (CLA)](http://en.wikipedia.org/wiki/Contributor_License_Agreement) for larger changes.
7 changes: 6 additions & 1 deletion NOTICE.txt
Original file line number Diff line number Diff line change
@@ -1,6 +1,11 @@
Firewall Automation for Network Traffic on AWS

Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
SPDX-License-Identifier: Apache-2.0
Licensed under the Apache License Version 2.0 (the "License"). You may not use this file except
in compliance with the License. A copy of the License is located at http://www.apache.org/licenses/
or in the "license" file accompanying this file. This file is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, express or implied. See the License for the
specific language governing permissions and limitations under the License.

**********************
THIRD PARTY COMPONENTS
Expand Down
5 changes: 3 additions & 2 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -54,8 +54,9 @@ chmod +x ./build-s3-dist.sh
Run the unit tests

```
cd source/
chmod +x ./run-all-tests.sh
cd <rootDir>/deployment
chmod +x ./run-unit-tests.sh
./run-unit-tests.sh
```

<a name="deploy"></a>
Expand Down
77 changes: 77 additions & 0 deletions deployment/run-unit-tests.sh
Original file line number Diff line number Diff line change
@@ -0,0 +1,77 @@
#!/bin/bash
#
# This script runs all tests for the root CDK project, as well as any microservices, Lambda functions, or dependency
# source code packages. These include unit tests, integration tests, and snapshot tests.
#
# This script is called by the ../initialize-repo.sh file and the buildspec.yml file. It is important that this script
# be tested and validated to ensure that all available test fixtures are run.
#
# The if/then blocks are for error handling. They will cause the script to stop executing if an error is thrown from the
# node process running the test case(s). Removing them or not using them for additional calls with result in the
# script continuing to execute despite an error being thrown.

[ "$DEBUG" == 'true' ] && set -x
set -e

prepare_jest_coverage_report() {
local component_name=$1

# prepare coverage reports
rm -fr coverage/lcov-report
mkdir -p $coverage_reports_top_path/jest
coverage_report_path=$coverage_reports_top_path/jest/$component_name
rm -fr $coverage_report_path
mv coverage $coverage_report_path
}

run_javascript_test() {
local component_path=$1
local component_name=$2

echo "------------------------------------------------------------------------------"
echo "[Test] Run javascript unit test with coverage"
echo "------------------------------------------------------------------------------"
echo "cd $component_path"
cd $component_path

# run unittest
npm run test

# prepare coverage reports
prepare_jest_coverage_report $component_name
}

run_cdk_project_test() {
local component_path=$1
local component_name=solutions-constructs
echo "------------------------------------------------------------------------------"
echo "[Test] $component_name"
echo "------------------------------------------------------------------------------"
cd $component_path

npm install
npm run build

## Option to suppress the Override Warning messages while synthesizing using CDK
# export overrideWarningsEnabled=false

npm run test -- -u

# prepare coverage reports
prepare_jest_coverage_report $component_name
}

# Run unit tests
echo "Running unit tests"

# Get reference for source folder
source_dir="$(cd $PWD/../source; pwd -P)"
coverage_reports_top_path=$source_dir/test/coverage-reports

#Run the npm install for the lambda projects
run_javascript_test $source_dir/networkFirewallAutomation networkFirewallAutomation

run_cdk_project_test $source_dir

# Return to the source/ level
cd $source_dir
9 changes: 9 additions & 0 deletions solution-manifest.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,9 @@
---
id: SO0108 # Solution Id
name: firewall-automation-for-network-traffic-on-aws # trademarked name
version: v1.0.3 # current version of the solution. Used to verify template headers
cloudformation_templates: # This list should match with AWS CloudFormation templates section of IG
- template: firewall-automation-for-network-traffic-on-aws.template
main_template: true
build_environment:
build_image: 'aws/codebuild/standard:7.0' # Options include: 'aws/codebuild/standard:5.0','aws/codebuild/standard:6.0','aws/codebuild/standard:7.0','aws/codebuild/amazonlinux2-x86_64-standard:4.0','aws/codebuild/amazonlinux2-x86_64-standard:5.0'
12 changes: 9 additions & 3 deletions source/lib/network-firewall-automation-solution-stack.ts
Original file line number Diff line number Diff line change
Expand Up @@ -62,7 +62,7 @@ export class NetworkFirewallAutomationStack extends Stack {

const cidrBlock = new CfnParameter(this, 'cidrBlock', {
type: 'String',
default: '192.168.1.0/26',
default: '192.168.1.0/26', //NOSONAR
description: 'CIDR Block for VPC. Must be /26 or larger CIDR block.',
allowedPattern: '^(?:[0-9]{1,3}.){3}[0-9]{1,3}[/]([0-9]?[0-6]?|[1][7-9])$',
});
Expand Down Expand Up @@ -295,7 +295,10 @@ export class NetworkFirewallAutomationStack extends Stack {

cloudWatchLogGroup.cfnOptions.condition = isLoggingInCloudWatch;

const logsBucket = new Bucket(this, 'Logs', {
// enforceSSL cannot be set to true for this resource, as the bucket is conditional and that condition is not passed to the created policy.
// we add a manual policy to enforce SSL later in the stack
// prettier-ignore
const logsBucket = new Bucket(this, 'Logs', { //NOSONAR
encryption: BucketEncryption.KMS,
encryptionKey: KMSKeyForNetworkFirewallBuckets,
publicReadAccess: false,
Expand Down Expand Up @@ -544,7 +547,10 @@ export class NetworkFirewallAutomationStack extends Stack {
codeCommitRepo_cfn_ref.addOverride('DeletionPolicy', 'Retain');
codeCommitRepo_cfn_ref.addOverride('UpdateReplacePolicy', 'Retain');

const codeBuildStagesSourceCodeBucket = new Bucket(this, 'CodeBuildStagesSourceCodeBucket', {
// enforceSSL cannot be set to true for this resource, it will create deploy time errors.
// we add a manual policy to enforce SSL later in the stack
// prettier-ignore
const codeBuildStagesSourceCodeBucket = new Bucket(this, 'CodeBuildStagesSourceCodeBucket', { //NOSONAR
publicReadAccess: false,
blockPublicAccess: BlockPublicAccess.BLOCK_ALL,
});
Expand Down
Loading

0 comments on commit 801b365

Please sign in to comment.