cloudsploit icon indicating copy to clipboard operation
cloudsploit copied to clipboard

Published 20 hours ago verified publisher icon aquasecurity

TypeError: newData.forEach is not a function

Open uri-dor opened this issue 3 years ago • 12 comments

INFO: No config file provided, using default AWS credential chain. INFO: Skipping AWS pagination mode INFO: Determining API calls to make... INFO: Found 192 API calls to make for aws plugins INFO: Collecting metadata. This may take several minutes... INFO: Metadata collection complete. Analyzing... INFO: Analysis complete. Scan report to follow... Plugin Web-Tier Auto Scaling Group Associated ELB returned no results. There may be a problem with this plugin. Plugin App-Tier ASG Launch Configurations Approved AMIs returned no results. There may be a problem with this plugin. Plugin Web-Tier ASG Launch Configurations Approved AMIs returned no results. There may be a problem with this plugin. Plugin App-Tier Auto Scaling Group CloudWatch Logs Enabled returned no results. There may be a problem with this plugin. Plugin Web-Tier Auto Scaling Group CloudWatch Logs Enabled returned no results. There may be a problem with this plugin. Plugin Web-Tier Launch Configurations IAM Roles returned no results. There may be a problem with this plugin. Plugin App-Tier Launch Configurations IAM Roles returned no results. There may be a problem with this plugin. INFO: Using custom ASL for plugin: CloudFront Logging Enabled Plugin CloudTrail S3 Bucket returned no results. There may be a problem with this plugin. Plugin App-Tier EC2 Instance IAM Role returned no results. There may be a problem with this plugin. Plugin Open Custom Ports returned no results. There may be a problem with this plugin. Plugin Allowed Custom Ports returned no results. There may be a problem with this plugin. Plugin Web-Tier EC2 Instance IAM Role returned no results. There may be a problem with this plugin. Plugin VPN Tunnel State returned no results. There may be a problem with this plugin. Plugin App-Tier ELB Security Policy returned no results. There may be a problem with this plugin. Plugin ElasticSearch Access From IP Addresses returned no results. There may be a problem with this plugin. INFO: Using custom ASL for plugin: Access Keys Extra INFO: Using custom ASL for plugin: Access Keys Last Used INFO: Using custom ASL for plugin: Certificate Expiry INFO: Using custom ASL for plugin: Empty Groups /Users/uridor/clients/cloudsploit_test/cloudsploit/helpers/asl/asl-1.js:374 newData.forEach(element =>{ ^

TypeError: newData.forEach is not a function at /Users/uridor/clients/cloudsploit_test/cloudsploit/helpers/asl/asl-1.js:374:25 at Array.forEach () at runConditions (/Users/uridor/clients/cloudsploit_test/cloudsploit/helpers/asl/asl-1.js:339:27) at asl (/Users/uridor/clients/cloudsploit_test/cloudsploit/helpers/asl/asl-1.js:444:25) at /Users/uridor/clients/cloudsploit_test/cloudsploit/engine.js:221:21 at /Users/uridor/clients/cloudsploit_test/cloudsploit/node_modules/async/dist/async.js:3682:9 at replenish (/Users/uridor/clients/cloudsploit_test/cloudsploit/node_modules/async/dist/async.js:1011:17) at iterateeCallback (/Users/uridor/clients/cloudsploit_test/cloudsploit/node_modules/async/dist/async.js:995:17) at /Users/uridor/clients/cloudsploit_test/cloudsploit/node_modules/async/dist/async.js:969:16 at /Users/uridor/clients/cloudsploit_test/cloudsploit/node_modules/async/dist/async.js:3685:13

can someone assist?

uri-dor avatar Jun 15 '21 15:06 uri-dor

I think something is broken in the master branch. I cloned v2.0.0 and ran it in the exact same way and it worked. If you need to run it urgently you could try this.

pbickerd avatar Jun 17 '21 13:06 pbickerd

I cloned v2.0.0 and the issue persists. any other ideas?

`Plugin Web-Tier EC2 Instance IAM Role returned no results. There may be a problem with this plugin. INFO: Using custom ASL for plugin: Access Keys Extra INFO: Using custom ASL for plugin: Access Keys Last Used INFO: Using custom ASL for plugin: Certificate Expiry INFO: Using custom ASL for plugin: Empty Groups /opt/cloudsploit/helpers/asl/asl-1.js:374 newData.forEach(element =>{ ^

TypeError: newData.forEach is not a function at localInput.conditions.forEach.condition (/opt/cloudsploit/helpers/asl/asl-1.js:374:25) at Array.forEach () at runConditions (/opt/cloudsploit/helpers/asl/asl-1.js:339:27) at asl (/opt/cloudsploit/helpers/asl/asl-1.js:444:25) at /opt/cloudsploit/engine.js:221:21 at /opt/cloudsploit/node_modules/async/dist/async.js:3682:9 at replenish (/opt/cloudsploit/node_modules/async/dist/async.js:1011:17) at iterateeCallback (/opt/cloudsploit/node_modules/async/dist/async.js:995:17) at /opt/cloudsploit/node_modules/async/dist/async.js:969:16 at /opt/cloudsploit/node_modules/async/dist/async.js:3685:13`

anergiti avatar Jun 23 '21 19:06 anergiti

@uri-dor @anergiti I am also having this same issue, so it is still persisting.

justhereforthecroissants avatar Jun 28 '21 17:06 justhereforthecroissants

I am seeing this issue as well.

vannovv avatar Jul 06 '21 16:07 vannovv

I'm having the same error. It's happening in half the accounts I'm testing.

zortraxfiap avatar Aug 04 '21 18:08 zortraxfiap

I am also experiencing this issue.

MattCaleb165 avatar Aug 18 '21 16:08 MattCaleb165

I was able to run cloudsploit using a version from the end of April. It seems some change after this date is causing the issue.

zortraxfiap avatar Aug 25 '21 23:08 zortraxfiap

workaround - use v.2.0.0 branch

git clone --single-branch --branch v2.0.0 https://github.com/aquasecurity/cloudsploit.git

daniloasfigueiredo avatar Aug 27 '21 01:08 daniloasfigueiredo

I just cloned now and worked fine. Are you guys running npm install when cloning or using git pull at root clone directory ?

It's insane to run this too old version like 2.0.0, look number of checks you are missing.

v2.0

Total aws checks: 171 Total azure checks: 131 Total github checks: 10 Total google checks: 88 Total oracle checks: 65

Current Version

Total alibaba checks: 57 Total aws checks: 321 Total azure checks: 182 Total github checks: 10 Total google checks: 130 Total oracle checks: 66

Hope it helps!

Regards

spookerlabs avatar Aug 28 '21 23:08 spookerlabs

I'm also experiencing this on clone from master (@ commit 7789c352146bbb0680faab0b75e04a5d10717c7b) with a fresh npm install. 2.0.0 works as suggested but missing checks so not really ideal.

PercussiveElbow avatar Sep 01 '21 13:09 PercussiveElbow

What I tested and kind of worked, but I'm not sure how this would break some possible detection, is to use old asl.js version.

Basically

cd cloudsploit/helpers/asl mv asl-1.js asl-1.js-OK cp ../asl.js asl-1.js

So if you run your scan, it will run fine. But as I said, not sure if it will break any check/alert. Believe it's better then use 2.0.0 anyway

Regards

spookerlabs avatar Sep 01 '21 14:09 spookerlabs

Looks like helpers/asl/asl-1.js has received a few updates since the last update to this issue, is anyone still seeing this problem on latest master?

steers avatar Jan 19 '22 19:01 steers