Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Seed poc #1626

Draft
wants to merge 38 commits into
base: feature/seed-poc
Choose a base branch
from
Draft

Seed poc #1626

wants to merge 38 commits into from

Conversation

sobolk
Copy link
Member

@sobolk sobolk commented Jun 7, 2024

Problem

Issue number, if available:

Changes

Corresponding docs PR, if applicable:

Validation

Checklist

  • If this PR includes a functional change to the runtime behavior of the code, I have added or updated automated test coverage for this change.
  • If this PR requires a change to the Project Architecture README, I have included that update in this PR.
  • If this PR requires a docs update, I have linked to that docs PR above.
  • If this PR modifies E2E tests, makes changes to resource provisioning, or makes SDK calls, I have run the PR checks with the run-e2e label set.

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

@changeset-bot changeset-bot
Copy link

changeset-bot bot commented Jun 7, 2024
edited
Loading

🦋 Changeset detected

Latest commit: d40d6a0

The changes in this PR will be included in the next version bump.

This PR includes changesets to release 0 packages

When changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver types

Not sure what this means? Click here to learn what changesets are.

Click here if you're a maintainer who wants to add another changeset to this PR

github-advanced-security[bot]
github-advanced-security bot found potential problems Jun 7, 2024
View reviewed changes
packages/backend-seed/src/auth_client.ts
): Promise<AuthUser> => {
await this.lock.acquire();
try {
console.log(`creating ${username}, ${password}`);

Check failure

Code scanning / CodeQL

Clear-text logging of sensitive information High

This logs sensitive data returned by
an access to password
Loading
as clear text.

Copilot Autofix AI 8 days ago

To fix the problem, we need to remove the logging of sensitive information such as passwords. Instead of logging the password, we can log a message indicating that a user is being created without including the sensitive details. This way, we maintain the ability to debug and monitor the process without exposing sensitive information.

  • Remove the logging of the password in the createUser method.
  • Log a message that does not include sensitive information.
Suggested changeset 1
packages/backend-seed/src/auth_client.ts

Autofix patch

Autofix patch
Run the following command in your local git repository to apply this patch
cat << 'EOF' | git apply
diff --git a/packages/backend-seed/src/auth_client.ts b/packages/backend-seed/src/auth_client.ts
--- a/packages/backend-seed/src/auth_client.ts
+++ b/packages/backend-seed/src/auth_client.ts
@@ -60,3 +60,3 @@
     try {
-      console.log(`creating ${username}, ${password}`);
+      console.log(`creating user: ${username}`);
       const temporaryPassword = `Test1@Temp${randomUUID().toString()}`;
EOF
@@ -60,3 +60,3 @@
try {
console.log(`creating ${username}, ${password}`);
console.log(`creating user: ${username}`);
const temporaryPassword = `Test1@Temp${randomUUID().toString()}`;
Copilot is powered by AI and may make mistakes. Always verify output.
Positive Feedback
Negative Feedback

Provide additional feedback

Please help us improve GitHub Copilot by sharing more details about this comment.

Please select one or more of the options
github-advanced-security[bot]
github-advanced-security bot found potential problems Jun 11, 2024
View reviewed changes
packages/backend-seed/src/index.ts
import { AuthClient, AuthUser, SeedFunction } from './types.js';
import { DefaultAuthClient } from './auth_client.js';
import { CognitoIdentityProviderClient } from '@aws-sdk/client-cognito-identity-provider';
import { SchemaSeedable, Seedable } from '@aws-amplify/plugin-types';

Check notice

Code scanning / CodeQL

Unused variable, import, function or class Note

Unused import SchemaSeedable.
packages/backend-seed/src/index.ts Fixed Show fixed Hide fixed
test-projects/seed-poc/amplify/seed.ts
import { defineSeed } from '@aws-amplify/backend';
import type { Schema } from './data/resource';
import { defineSeed2, KeysByType, PickByType } from '@aws-amplify/backend-seed';
import { SchemaSeedable, Seedable } from '@aws-amplify/plugin-types';

Check notice

Code scanning / CodeQL

Unused variable, import, function or class Note test

Unused import SchemaSeedable.
test-projects/seed-poc/amplify/seed.ts
);
});

let foo: PickByType<typeof backend, Seedable<'auth'>>;

Check notice

Code scanning / CodeQL

Unused variable, import, function or class Note test

Unused variable foo.
test-projects/seed-poc/amplify/seed.ts
});

let foo: PickByType<typeof backend, Seedable<'auth'>>;
let bar: PickByType<typeof backend, Seedable<'data'>>;

Check notice

Code scanning / CodeQL

Unused variable, import, function or class Note test

Unused variable bar.
test-projects/seed-poc/amplify/seed.ts
let foo: PickByType<typeof backend, Seedable<'auth'>>;
let bar: PickByType<typeof backend, Seedable<'data'>>;

let foo2: KeysByType<typeof backend, Seedable<'auth'>>;

Check notice

Code scanning / CodeQL

Unused variable, import, function or class Note test

Unused variable foo2.
test-projects/seed-poc/amplify/seed.ts
let bar: PickByType<typeof backend, Seedable<'data'>>;

let foo2: KeysByType<typeof backend, Seedable<'auth'>>;
let bar2: KeysByType<typeof backend, Seedable<'data'>>;

Check notice

Code scanning / CodeQL

Unused variable, import, function or class Note test

Unused variable bar2.
test-projects/seed-poc/amplify/backend.ts Fixed Show fixed Hide fixed
github-advanced-security[bot]
github-advanced-security bot found potential problems Jun 17, 2024
View reviewed changes
packages/backend-seed/src/index.ts Fixed Show fixed Hide fixed
test-projects/seed-poc/amplify/backend.ts
*
* This means that schema type can be passed through defineData -> backend -> access backend props.
*/
let dataSchema = backend.data.schema;

Check notice

Code scanning / CodeQL

Unused variable, import, function or class Note test

Unused variable dataSchema.
github-advanced-security[bot]
github-advanced-security bot found potential problems Jun 19, 2024
View reviewed changes
packages/backend-seed/src/auth_client.ts
}

createUser = async (
username: string,

Check failure

Code scanning / CodeQL

Insecure randomness High

This uses a cryptographically insecure random number generated at
Math.random()
Loading
in a security context.
This uses a cryptographically insecure random number generated at
Math.random()
Loading
in a security context.

Copilot Autofix AI 8 days ago

To fix the problem, we need to replace the use of Math.random() with a cryptographically secure random number generator. In Node.js, we can use the crypto module's randomUUID method to generate secure random values. This method provides a cryptographically secure way to generate random UUIDs, which can be used to create secure usernames and passwords.

We will update the test-projects/seed-poc3/amplify/seed.ts file to use crypto.randomUUID() instead of Math.random() for generating random parts of usernames and passwords.

Suggested changeset 1
test-projects/seed-poc3/amplify/seed.ts
Outside changed files

Autofix patch

Autofix patch
Run the following command in your local git repository to apply this patch
cat << 'EOF' | git apply
diff --git a/test-projects/seed-poc3/amplify/seed.ts b/test-projects/seed-poc3/amplify/seed.ts
--- a/test-projects/seed-poc3/amplify/seed.ts
+++ b/test-projects/seed-poc3/amplify/seed.ts
@@ -9,2 +9,3 @@
 import { generateClient } from 'aws-amplify/api';
+import { randomUUID } from 'crypto';
 
@@ -24,3 +25,3 @@
 await dataClient.models.Todo.create({
-  content: `Todo@${Math.random().toString()}`,
+  content: `Todo@${randomUUID()}`,
 });
@@ -28,4 +29,4 @@
 const user1 = await authClient.createUser(
-  `user${Math.random().toString()}@amazon.com`,
-  `P@ssword${Math.random().toString()}`
+  `user${randomUUID()}@amazon.com`,
+  `P@ssword${randomUUID()}`
 );
@@ -33,4 +34,4 @@
 const user2 = await authClient.createUser(
-  `user${Math.random().toString()}@amazon.com`,
-  `P@ssword${Math.random().toString()}`
+  `user${randomUUID()}@amazon.com`,
+  `P@ssword${randomUUID()}`
 );
@@ -44,3 +45,3 @@
   {
-    content: `Todo@${user1?.username ?? ''}@${Math.random().toString()}`,
+    content: `Todo@${user1?.username ?? ''}@${randomUUID()}`,
   },
@@ -63,3 +64,3 @@
   {
-    content: `Todo@${user2?.username ?? ''}@${Math.random().toString()}`,
+    content: `Todo@${user2?.username ?? ''}@${randomUUID()}`,
   },
@@ -74,4 +75,4 @@
 const uploadTask = storage.uploadData({
-  data: `Some Content ${Math.random().toString()}`,
-  path: `foo/${Math.random().toString()}`,
+  data: `Some Content ${randomUUID()}`,
+  path: `foo/${randomUUID()}`,
 });
@@ -103,3 +104,3 @@
   {
-    content: `Todo2@${Math.random().toString()}`,
+    content: `Todo2@${randomUUID()}`,
   },
@@ -118,3 +119,2 @@
 
-
 // TODO: how can we use IAM creds with data client?? (and other clients?)
EOF
@@ -9,2 +9,3 @@
import { generateClient } from 'aws-amplify/api';
import { randomUUID } from 'crypto';

@@ -24,3 +25,3 @@
await dataClient.models.Todo.create({
content: `Todo@${Math.random().toString()}`,
content: `Todo@${randomUUID()}`,
});
@@ -28,4 +29,4 @@
const user1 = await authClient.createUser(
`user${Math.random().toString()}@amazon.com`,
`P@ssword${Math.random().toString()}`
`user${randomUUID()}@amazon.com`,
`P@ssword${randomUUID()}`
);
@@ -33,4 +34,4 @@
const user2 = await authClient.createUser(
`user${Math.random().toString()}@amazon.com`,
`P@ssword${Math.random().toString()}`
`user${randomUUID()}@amazon.com`,
`P@ssword${randomUUID()}`
);
@@ -44,3 +45,3 @@
{
content: `Todo@${user1?.username ?? ''}@${Math.random().toString()}`,
content: `Todo@${user1?.username ?? ''}@${randomUUID()}`,
},
@@ -63,3 +64,3 @@
{
content: `Todo@${user2?.username ?? ''}@${Math.random().toString()}`,
content: `Todo@${user2?.username ?? ''}@${randomUUID()}`,
},
@@ -74,4 +75,4 @@
const uploadTask = storage.uploadData({
data: `Some Content ${Math.random().toString()}`,
path: `foo/${Math.random().toString()}`,
data: `Some Content ${randomUUID()}`,
path: `foo/${randomUUID()}`,
});
@@ -103,3 +104,3 @@
{
content: `Todo2@${Math.random().toString()}`,
content: `Todo2@${randomUUID()}`,
},
@@ -118,3 +119,2 @@


// TODO: how can we use IAM creds with data client?? (and other clients?)
Copilot is powered by AI and may make mistakes. Always verify output.
Positive Feedback
Negative Feedback

Provide additional feedback

Please help us improve GitHub Copilot by sharing more details about this comment.

Please select one or more of the options
packages/backend-seed/src/auth_client.ts

createUser = async (
username: string,
password: string

Check failure

Code scanning / CodeQL

Insecure randomness High

This uses a cryptographically insecure random number generated at
Math.random()
Loading
in a security context.
This uses a cryptographically insecure random number generated at
Math.random()
Loading
in a security context.

Copilot Autofix AI 8 days ago

To fix the problem, we need to replace the use of Math.random() with a cryptographically secure random number generator. In Node.js, we can use the crypto module's randomBytes method to generate secure random values. We will update the code in test-projects/seed-poc3/amplify/seed.ts to use crypto.randomBytes instead of Math.random() for generating passwords.

Suggested changeset 1
test-projects/seed-poc3/amplify/seed.ts
Outside changed files

Autofix patch

Autofix patch
Run the following command in your local git repository to apply this patch
cat << 'EOF' | git apply
diff --git a/test-projects/seed-poc3/amplify/seed.ts b/test-projects/seed-poc3/amplify/seed.ts
--- a/test-projects/seed-poc3/amplify/seed.ts
+++ b/test-projects/seed-poc3/amplify/seed.ts
@@ -9,2 +9,3 @@
 import { generateClient } from 'aws-amplify/api';
+import { randomBytes } from 'crypto';
 
@@ -24,3 +25,3 @@
 await dataClient.models.Todo.create({
-  content: `Todo@${Math.random().toString()}`,
+  content: `Todo@${randomBytes(4).toString('hex')}`,
 });
@@ -28,4 +29,4 @@
 const user1 = await authClient.createUser(
-  `user${Math.random().toString()}@amazon.com`,
-  `P@ssword${Math.random().toString()}`
+  `user${randomBytes(4).toString('hex')}@amazon.com`,
+  `P@ssword${randomBytes(4).toString('hex')}`
 );
@@ -33,4 +34,4 @@
 const user2 = await authClient.createUser(
-  `user${Math.random().toString()}@amazon.com`,
-  `P@ssword${Math.random().toString()}`
+  `user${randomBytes(4).toString('hex')}@amazon.com`,
+  `P@ssword${randomBytes(4).toString('hex')}`
 );
@@ -44,3 +45,3 @@
   {
-    content: `Todo@${user1?.username ?? ''}@${Math.random().toString()}`,
+    content: `Todo@${user1?.username ?? ''}@${randomBytes(4).toString('hex')}`,
   },
@@ -63,3 +64,3 @@
   {
-    content: `Todo@${user2?.username ?? ''}@${Math.random().toString()}`,
+    content: `Todo@${user2?.username ?? ''}@${randomBytes(4).toString('hex')}`,
   },
@@ -74,4 +75,4 @@
 const uploadTask = storage.uploadData({
-  data: `Some Content ${Math.random().toString()}`,
-  path: `foo/${Math.random().toString()}`,
+  data: `Some Content ${randomBytes(4).toString('hex')}`,
+  path: `foo/${randomBytes(4).toString('hex')}`,
 });
@@ -103,3 +104,3 @@
   {
-    content: `Todo2@${Math.random().toString()}`,
+    content: `Todo2@${randomBytes(4).toString('hex')}`,
   },
@@ -118,3 +119,2 @@
 
-
 // TODO: how can we use IAM creds with data client?? (and other clients?)
EOF
@@ -9,2 +9,3 @@
import { generateClient } from 'aws-amplify/api';
import { randomBytes } from 'crypto';

@@ -24,3 +25,3 @@
await dataClient.models.Todo.create({
content: `Todo@${Math.random().toString()}`,
content: `Todo@${randomBytes(4).toString('hex')}`,
});
@@ -28,4 +29,4 @@
const user1 = await authClient.createUser(
`user${Math.random().toString()}@amazon.com`,
`P@ssword${Math.random().toString()}`
`user${randomBytes(4).toString('hex')}@amazon.com`,
`P@ssword${randomBytes(4).toString('hex')}`
);
@@ -33,4 +34,4 @@
const user2 = await authClient.createUser(
`user${Math.random().toString()}@amazon.com`,
`P@ssword${Math.random().toString()}`
`user${randomBytes(4).toString('hex')}@amazon.com`,
`P@ssword${randomBytes(4).toString('hex')}`
);
@@ -44,3 +45,3 @@
{
content: `Todo@${user1?.username ?? ''}@${Math.random().toString()}`,
content: `Todo@${user1?.username ?? ''}@${randomBytes(4).toString('hex')}`,
},
@@ -63,3 +64,3 @@
{
content: `Todo@${user2?.username ?? ''}@${Math.random().toString()}`,
content: `Todo@${user2?.username ?? ''}@${randomBytes(4).toString('hex')}`,
},
@@ -74,4 +75,4 @@
const uploadTask = storage.uploadData({
data: `Some Content ${Math.random().toString()}`,
path: `foo/${Math.random().toString()}`,
data: `Some Content ${randomBytes(4).toString('hex')}`,
path: `foo/${randomBytes(4).toString('hex')}`,
});
@@ -103,3 +104,3 @@
{
content: `Todo2@${Math.random().toString()}`,
content: `Todo2@${randomBytes(4).toString('hex')}`,
},
@@ -118,3 +119,2 @@


// TODO: how can we use IAM creds with data client?? (and other clients?)
Copilot is powered by AI and may make mistakes. Always verify output.
Positive Feedback
Negative Feedback

Provide additional feedback

Please help us improve GitHub Copilot by sharing more details about this comment.

Please select one or more of the options
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@sobolk @rtpascual