Cr 3219 - security vulnerabilities (#66)

* fix security vunrabilities

* downgrade node to 10

* bump

* trigger ci

* moving to eslint

* fix mocha

* wip

Co-authored-by: Oren Gurfinkel <[email protected]>

.eslintrc

@@ -1,18 +1,29 @@
-// Codefresh Code Style - eslint ruleset
-// Based on AirBnB.
-//
-// More details: https://codefresh-io.atlassian.net/wiki/display/COD/Code+Style+Guide
 {
-
   "extends": "airbnb",
+  "ignorePatterns":[
+    "node_modules"
+  ],
   "parserOptions": {
-    "ecmaVersion": 6,
+    "ecmaVersion": 2018,
     "sourceType": "script",
     "ecmaFeatures": {
-      "jsx": true
+      "impliedStrict": true
     }
   },
 
+  "env": {
+    "node": true,
+    "mocha": true
+  },
+
+  "plugins": [
+    "chai-friendly",
+    "import",
+    "mocha",
+    "node",
+    "promise"
+  ],
+
   "rules": {
     "indent": [
       "error",
@@ -33,15 +44,27 @@
         "allowTemplateLiterals": true
       }
     ],
+    "max-len": [
+      2,
+      {
+        "code": 180,
+        "tabWidth": 4,
+        "ignoreUrls": true
+      }
+    ],
+    "no-use-before-define": "off",
+    "no-plusplus": "off",
+    "consistent-return": "warn",
+    "class-methods-use-this": "off",
     "no-underscore-dangle": "off",
+    "no-multi-spaces": "off",
     "no-param-reassign": "off",
     "no-else-return": "off",
     "arrow-body-style": "off",
     "strict": [
       "error",
       "global"
     ],
-    "no-multi-spaces": "off",
     "padded-blocks": "off",
     "import/no-extraneous-dependencies": [
       2,
@@ -52,6 +75,41 @@
     "guard-for-in": "error",
     "no-console": "off",
     "comma-dangle": ["error", "only-multiline"],
-    "quote-props": ["error", "consistent"]
-  }
+    "quote-props": ["error", "consistent"],
+
+    "promise/catch-or-return": ["error", { "allowThen": true }],
+    "promise/no-native": "error",
+
+    "mocha/no-exclusive-tests": "error",
+
+    "no-unused-expressions": "off",
+    "chai-friendly/no-unused-expressions": "error",
+
+    "node/no-unsupported-features": "error",
+    "node/process-exit-as-throw": "error",
+    "node/shebang": "warn",
+    "node/no-deprecated-api": "warn",
+    "no-useless-constructor": "warn",
+    "no-return-await": "off"
+  },
+  "overrides": [
+    {
+      "plugins": ["jest"],
+      "env": {
+        "jest": true
+      },
+      "files": [
+        "**/__tests__/**/*.[jt]s?(x)",
+        "__mocks__/**/*.js",
+        "**/__mocks__/**/*.js"
+      ],
+      "rules": {
+        "jest/no-disabled-tests": "warn",
+        "jest/no-focused-tests": "error",
+        "jest/no-identical-title": "error",
+        "jest/prefer-to-have-length": "warn",
+        "jest/valid-expect": "error"
+      }
+    }
+  ]
 }

Dockerfile

@@ -1,7 +1,9 @@
-FROM node:11.10.0-alpine
+FROM node:10.24.0-alpine3.11
 
 WORKDIR /root/cf-runtime
 
+RUN apk -U upgrade
+
 RUN apk add --no-cache bash git openssh-client tini
 
 COPY package.json ./

lib/ContainerLogger.js

@@ -1,11 +1,9 @@
-'use strict';
-
 const EventEmitter   = require('events');
 const Q              = require('q');
 const logger         = require('cf-logs').Logger('codefresh:containerLogger');
 const CFError        = require('cf-errors');
-const LoggerStrategy = require('./enums').LoggerStrategy;
 const { Transform } = require('stream');
+const { LoggerStrategy } = require('./enums');
 
 class ContainerLogger extends EventEmitter {
 
@@ -104,7 +102,7 @@ class ContainerLogger extends EventEmitter {
         logger.info(`Piping stdout and stderr step streams`);
 
         const stepLoggerWritableStream = this.stepLogger.writeStream();
-        stepLoggerWritableStream.on('error', err => logger.error(`stepLoggerWritableStream: ${err}`));
+        stepLoggerWritableStream.on('error', (err) => logger.error(`stepLoggerWritableStream: ${err}`));
 
         // Attention(!) all streams piped to step logger writable stream must be a new streams(!) in order to avoid message piping twice to writable stream.
         // { end = false } on the stepLoggerWritableStream because there is only one instance of it for all the steps.
@@ -113,9 +111,8 @@ class ContainerLogger extends EventEmitter {
             .pipe(this._logSizeLimitStream())
             .pipe(this.stepLogger.createMaskingStream())
             .pipe(this.stepLogger.stepNameTransformStream().once('end', this._handleFinished.bind(this)))
-            .pipe(stepLoggerWritableStream, {end: false});
+            .pipe(stepLoggerWritableStream, { end: false });
 
-
         if (!stderr) {
             return;
         }
@@ -126,7 +123,7 @@ class ContainerLogger extends EventEmitter {
             .pipe(this._errorTransformerStream())
             .pipe(this.stepLogger.createMaskingStream())
             .pipe(this.stepLogger.stepNameTransformStream().once('end', this._handleFinished.bind(this)))
-            .pipe(stepLoggerWritableStream, {end: false});
+            .pipe(stepLoggerWritableStream, { end: false });
 
         stderr.once('end', () => {
             this.stepFinished = true;
@@ -150,9 +147,7 @@ class ContainerLogger extends EventEmitter {
         this.handledStreams++;
         stream.on('end', this._handleFinished.bind(this));
         stream.on('data', (chunk) => {
-            const buf     = new Buffer(chunk);
-            const message = buf.toString('utf8');
-            this._logMessage(message, isError);
+            this._logMessage(Buffer.from(chunk).toString('utf-8'), isError);
         });
         logger.info(`Listening on stream 'data' event for container: ${this.containerId}`);
     }
@@ -166,7 +161,7 @@ class ContainerLogger extends EventEmitter {
                 if (payload === null) {
                     break;
                 }
-                this._logMessage(new Buffer(payload).toString('utf8'), isError);
+                this._logMessage(Buffer.from(payload).toString('utf8'), isError);
                 header = stream.read(8);
             }
         });
@@ -182,7 +177,9 @@ class ContainerLogger extends EventEmitter {
         if (this.logSizeLimit && (this._stepLogSizeExceeded() || this.isWorkflowLogSizeExceeded()) && !isError) {
             if (!this.logExceededLimitsNotified) {
                 this.logExceededLimitsNotified = true;
-                message = `\x1B[01;93mLog size exceeded for ${this._stepLogSizeExceeded() ? 'this step' : 'the workflow'}.\nThe step will continue to execute until it finished but new logs will not be stored.\x1B[0m\r\n`;
+                message = `\x1B[01;93mLog size exceeded for ${this._stepLogSizeExceeded()
+                    ? 'this step'
+                    : 'the workflow'}.\nThe step will continue to execute until it finished but new logs will not be stored.\x1B[0m\r\n`;
             } else {
                 return;
             }
@@ -216,7 +213,9 @@ class ContainerLogger extends EventEmitter {
                 if (this.logSizeLimit && (this._stepLogSizeExceeded() || this.isWorkflowLogSizeExceeded())) {
                     if (!this.logExceededLimitsNotified) {
                         this.logExceededLimitsNotified = true;
-                        const message = `\x1B[01;93mLog size exceeded for ${this._stepLogSizeExceeded() ? 'this step' : 'the workflow'}.\nThe step will continue to execute until it finished but new logs will not be stored.\x1B[0m\r\n`;
+                        const message = `\x1B[01;93mLog size exceeded for ${this._stepLogSizeExceeded()
+                            ? 'this step'
+                            : 'the workflow'}.\nThe step will continue to execute until it finished but new logs will not be stored.\x1B[0m\r\n`;
                         done(null, Buffer.from(message));
                         return;
                     }

lib/addNewMask.js

@@ -1,10 +1,9 @@
 const rp = require('request-promise');
 
-
 function updateMasks(secret) {
     const port = process.env.PORT || 8080;
     const host = process.env.HOST || 'localhost';
-    
+
     const opt = {
         uri: `http://${host}:${port}/secrets`,
         method: 'POST',
@@ -39,4 +38,4 @@ if (require.main === module) {
     updateMasks({ key, value });
 } else {
     module.exports = updateMasks;
-}
+}

lib/enums.js

@@ -1,5 +1,3 @@
-'use strict';
-
 const ContainerStatus         = {
     CREATE: 'create'
 };
@@ -13,10 +11,8 @@ const ContainerHandlingStatus = {
     LISTENING: 'listening'
 };
 
-
 module.exports = {
     ContainerStatus,
     LoggerStrategy,
     ContainerHandlingStatus
 };
-

lib/index.js

@@ -1,5 +1,3 @@
-'use strict';
-
 const path   = require('path');
 const cflogs = require('cf-logs');
 const Q = require('q');
@@ -16,15 +14,16 @@ const loggerOptions = {
 cflogs.init(loggerOptions);
 
 const Logger = require('./logger');
+
 const buildFinishedPromise = Q.defer();
 
 const logger = new Logger({
     loggerId: process.env.LOGGER_ID,
     taskLoggerConfig: JSON.parse(process.env.TASK_LOGGER_CONFIG),
     findExistingContainers: process.env.LISTEN_ON_EXISTING,
-    logSizeLimit: process.env.LOG_SIZE_LIMIT ? (parseInt(process.env.LOG_SIZE_LIMIT) * 1000000) : undefined,
+    logSizeLimit: process.env.LOG_SIZE_LIMIT ? (parseInt(process.env.LOG_SIZE_LIMIT, 10) * 1000000) : undefined,
     buildFinishedPromise: buildFinishedPromise.promise,
-    showProgress: process.env.SHOW_PROGRESS === 'true' ? true : false,
+    showProgress: process.env.SHOW_PROGRESS === 'true',
 });
 
 logger.validate();
@@ -56,4 +55,4 @@ process.on('unhandledRejection', (reason) => {
     console.log(`unhandledRejection: ${reason}`);
     logger.state.unhandledRejection = reason;
     logger._writeNewState();
-});
+});