move fsbpfinding query to common (#1195)

packages/cli/src/aws.ts

@@ -14,8 +14,8 @@ import {
 } from '@aws-sdk/client-secrets-manager';
 import { GetParameterCommand, SSMClient } from '@aws-sdk/client-ssm';
 import { awsClientConfig } from 'common/aws';
-import type { DatabaseConfig } from 'common/database';
 import { getCentralElkLink } from 'common/logs';
+import type { DatabaseConfig } from 'common/src/database-setup';
 import terminalLink from 'terminal-link';
 
 interface EcsResourceTags {

packages/cli/src/database.ts

@@ -1,5 +1,5 @@
 import type { SecretsManagerClient } from '@aws-sdk/client-secrets-manager';
-import { getDatabaseConnectionString } from 'common/database';
+import { getDatabaseConnectionString } from 'common/src/database-setup';
 import { $ } from 'execa';
 import { getRdsConfig } from './aws';
 

packages/cloudbuster/src/config.ts

@@ -1,11 +1,11 @@
-import type { PrismaConfig } from 'common/database';
+import { getEnvOrThrow } from 'common/functions';
+import type { PrismaConfig } from 'common/src/database-setup';
 import {
 	getDatabaseConfig,
 	getDatabaseConnectionString,
 	getDevDatabaseConfig,
-} from 'common/database';
-import { getEnvOrThrow } from 'common/functions';
-import type { SecurityHubSeverity } from './types';
+} from 'common/src/database-setup';
+import type { SecurityHubSeverity } from 'common/src/types';
 
 export interface Config extends PrismaConfig {
 	/**

packages/cloudbuster/src/findings.ts

@@ -1,33 +1,11 @@
-import type { aws_securityhub_findings, PrismaClient } from '@prisma/client';
-import type { Finding, GroupedFindings, SecurityHubSeverity } from './types';
-
-/**
- * Queries the database for FSBP findings
- */
-export async function getFsbpFindings(
-	prisma: PrismaClient,
-	severities: SecurityHubSeverity[],
-): Promise<Finding[]> {
-	const findings = await prisma.aws_securityhub_findings.findMany({
-		where: {
-			OR: severities.map((s) => ({
-				severity: { path: ['Label'], equals: s },
-			})),
-			AND: {
-				generator_id: {
-					startsWith: 'aws-foundational-security-best-practices/v/1.0.0',
-				},
-			},
-		},
-	});
-
-	return findings.map(transformFinding);
-}
+import type { aws_securityhub_findings } from '@prisma/client';
+import type { SecurityHubSeverity } from 'common/src/types';
+import type { Finding, GroupedFindings } from './types';
 
 /**
  * Transforms a SQL row into a finding
  */
-function transformFinding(finding: aws_securityhub_findings): Finding {
+export function transformFinding(finding: aws_securityhub_findings): Finding {
 	let severity = null;
 	let priority = null;
 	let remediationUrl = null;

packages/cloudbuster/src/index.ts

@@ -1,13 +1,16 @@
-import { getPrismaClient } from 'common/database';
+import { getFsbpFindings } from 'common/src/database-queries';
+import { getPrismaClient } from 'common/src/database-setup';
 import { getConfig } from './config';
 import { createDigestsFromFindings } from './digests';
-import { getFsbpFindings } from './findings';
+import { transformFinding } from './findings';
 
 export async function main() {
 	const config = await getConfig();
 	const prisma = getPrismaClient(config);
 
-	const findings = await getFsbpFindings(prisma, config.severities);
+	const findings = (await getFsbpFindings(prisma, config.severities)).map((f) =>
+		transformFinding(f),
+	);
 	const digests = createDigestsFromFindings(findings);
 
 	for (const digest of digests) {

packages/cloudbuster/src/types.ts

@@ -1,3 +1,5 @@
+import type { SecurityHubSeverity } from 'common/src/types';
+
 export interface Finding {
 	awsAccountId: string;
 	awsAccountName: string | null;
@@ -15,11 +17,4 @@ export interface Digest {
 	message: string;
 }
 
-export type SecurityHubSeverity =
-	| 'CRITICAL'
-	| 'HIGH'
-	| 'INFORMATION'
-	| 'LOW'
-	| 'MEDIUM';
-
 export type GroupedFindings = Record<string, Finding[]>;

packages/common/src/database-queries.ts

@@ -0,0 +1,24 @@
+import type { aws_securityhub_findings, PrismaClient } from '@prisma/client';
+import type { SecurityHubSeverity } from './types';
+/**
+ * Queries the database for FSBP findings
+ */
+export async function getFsbpFindings(
+	prisma: PrismaClient,
+	severities: SecurityHubSeverity[],
+): Promise<aws_securityhub_findings[]> {
+	const findings = await prisma.aws_securityhub_findings.findMany({
+		where: {
+			OR: severities.map((s) => ({
+				severity: { path: ['Label'], equals: s },
+			})),
+			AND: {
+				generator_id: {
+					startsWith: 'aws-foundational-security-best-practices/v/1.0.0',
+				},
+			},
+		},
+	});
+
+	return findings;
+}

packages/common/src/types.ts

@@ -4,6 +4,13 @@ import type {
 	repocop_vulnerabilities,
 } from '@prisma/client';
 
+export type SecurityHubSeverity =
+	| 'CRITICAL'
+	| 'HIGH'
+	| 'INFORMATION'
+	| 'LOW'
+	| 'MEDIUM';
+
 export type GithubAppSecret = {
 	appId: string;
 	base64PrivateKey: string;

packages/data-audit/src/config.ts

@@ -1,11 +1,11 @@
 import process from 'process';
-import type { DatabaseConfig, PrismaConfig } from 'common/database';
+import { getEnvOrThrow } from 'common/functions';
+import type { DatabaseConfig, PrismaConfig } from 'common/src/database-setup';
 import {
 	getDatabaseConfig,
 	getDatabaseConnectionString,
 	getDevDatabaseConfig,
-} from 'common/database';
-import { getEnvOrThrow } from 'common/functions';
+} from 'common/src/database-setup';
 
 export interface Config extends PrismaConfig {
 	/**

packages/data-audit/src/index.ts

@@ -4,7 +4,7 @@ import {
 	paginateListAccounts,
 } from '@aws-sdk/client-organizations';
 import { awsClientConfig } from 'common/aws';
-import { getPrismaClient } from 'common/database';
+import { getPrismaClient } from 'common/src/database-setup';
 import { auditAwsAccounts } from './audit/aws-accounts';
 import { auditLambdaFunctions } from './audit/aws-lambda';
 import { auditS3Buckets } from './audit/aws-s3-buckets';

packages/github-actions-usage/src/config.ts

@@ -1,10 +1,10 @@
-import type { DatabaseConfig, PrismaConfig } from 'common/database';
+import { getEnvOrThrow } from 'common/functions';
+import type { DatabaseConfig, PrismaConfig } from 'common/src/database-setup';
 import {
 	getDatabaseConfig,
 	getDatabaseConnectionString,
 	getDevDatabaseConfig,
-} from 'common/database';
-import { getEnvOrThrow } from 'common/functions';
+} from 'common/src/database-setup';
 
 export interface Config extends PrismaConfig {
 	/**

packages/github-actions-usage/src/index.ts

@@ -1,4 +1,4 @@
-import { getPrismaClient } from 'common/database';
+import { getPrismaClient } from 'common/src/database-setup';
 import { getConfig } from './config';
 import { getWorkflows } from './db-read';
 import { saveResults } from './db-write';

packages/obligatron/src/config.ts

@@ -1,10 +1,10 @@
-import type { PrismaConfig } from 'common/database';
+import { getEnvOrThrow } from 'common/functions';
+import type { PrismaConfig } from 'common/src/database-setup';
 import {
 	getDatabaseConfig,
 	getDatabaseConnectionString,
 	getDevDatabaseConfig,
-} from 'common/database';
-import { getEnvOrThrow } from 'common/functions';
+} from 'common/src/database-setup';
 
 export interface Config extends PrismaConfig {
 	/**

packages/obligatron/src/index.ts

@@ -1,6 +1,6 @@
 import type { PrismaClient } from '@prisma/client';
-import { getPrismaClient } from 'common/database';
 import { logger } from 'common/logs';
+import { getPrismaClient } from 'common/src/database-setup';
 import { config } from 'dotenv';
 import { getConfig } from './config';
 import {

packages/refresh-materialized-view/src/config.ts

@@ -1,10 +1,10 @@
-import type { DatabaseConfig, PrismaConfig } from 'common/database';
+import { getEnvOrThrow } from 'common/functions';
+import type { DatabaseConfig, PrismaConfig } from 'common/src/database-setup';
 import {
 	getDatabaseConfig,
 	getDatabaseConnectionString,
 	getDevDatabaseConfig,
-} from 'common/database';
-import { getEnvOrThrow } from 'common/functions';
+} from 'common/src/database-setup';
 
 export interface Config extends PrismaConfig {
 	/**

packages/refresh-materialized-view/src/index.ts

@@ -1,4 +1,4 @@
-import { getPrismaClient } from 'common/database';
+import { getPrismaClient } from 'common/src/database-setup';
 import { getConfig } from './config';
 
 export async function main(...args: unknown[]) {

packages/repocop/src/config.ts

@@ -1,11 +1,11 @@
 import * as process from 'process';
+import { getEnvOrThrow } from 'common/functions';
 import {
 	getDatabaseConfig,
 	getDatabaseConnectionString,
 	getDevDatabaseConfig,
-} from 'common/database';
-import type { DatabaseConfig, PrismaConfig } from 'common/database';
-import { getEnvOrThrow } from 'common/functions';
+} from 'common/src/database-setup';
+import type { DatabaseConfig, PrismaConfig } from 'common/src/database-setup';
 
 export interface Config extends PrismaConfig {
 	/**

packages/repocop/src/index.ts

@@ -6,8 +6,8 @@ import type {
 	view_repo_ownership,
 } from '@prisma/client';
 import { awsClientConfig } from 'common/aws';
-import { getPrismaClient } from 'common/database';
 import { partition, stageAwareOctokit } from 'common/functions';
+import { getPrismaClient } from 'common/src/database-setup';
 import type { RepocopVulnerability } from 'common/src/types';
 import type { Config } from './config';
 import { getConfig } from './config';