[dev] [tofikwest] feat/support-gov-cloud-aws#2808
Merged
Conversation
- Introduced functions to infer AWS partition and region based on findings. - Updated remediation prompts to include AWS execution context. - Enhanced ARN normalization for AWS and GovCloud. - Added validation for AWS partition configurations. - Implemented tests for AWS partition utilities. - Updated various services and controllers to support AWS partitioning and GovCloud integration.
- Refactored the CloudTestsSection component for better readability by adjusting line breaks and indentation. - Removed redundant imports and organized existing imports for clarity. - Enhanced filtering logic for findings to streamline the code. - Ensured consistent formatting across severity styles and service names for maintainability.
Contributor
|
Preview deployment for your docs. Learn more about Mintlify Previews.
💡 Tip: Enable Workflows to automatically generate PRs for you. |
|
The latest updates on your projects. Learn more about Vercel for GitHub.
|
![cubic-dev-ai[bot]](https://avatars.githubusercontent.com/in/1082092?s=60&v=4){kind=small}
Contributor
There was a problem hiding this comment.
2 issues found across 22 files
Confidence score: 3/5
- There is concrete user-impact risk: in
apps/app/src/app/(app)/[orgId]/integrations/[slug]/components/EmptyStateOnboarding.tsx, region-clearing is wired inCredentialSetupinstead ofCloudSetup, so switching AWS Commercial/GovCloud can retain stale region state and lead to incorrect selections. apps/app/src/app/(app)/[orgId]/integrations/[slug]/components/aws-account-settings-body.tsxstill contains a productionconsole.logthat exposes connection metadata (including ARNs/account IDs) in browser logs, which should be removed before merge.- Given two high-confidence issues with severities 7/10 and 6/10, this sits in moderate merge-risk territory until these are addressed.
- Pay close attention to
apps/app/src/app/(app)/[orgId]/integrations/[slug]/components/EmptyStateOnboarding.tsxandapps/app/src/app/(app)/[orgId]/integrations/[slug]/components/aws-account-settings-body.tsx- fix AWS environment/region state handling and remove metadata-leaking debug logging.
Prompt for AI agents (unresolved issues)
Check if these issues are valid — if so, understand the root cause of each and fix them. If appropriate, use sub-agents to investigate and fix each issue separately.
<file name="apps/app/src/app/(app)/[orgId]/integrations/[slug]/components/aws-account-settings-body.tsx">
<violation number="1" location="apps/app/src/app/(app)/[orgId]/integrations/[slug]/components/aws-account-settings-body.tsx:86">
P2: Remove this debug `console.log` before merging. It leaks connection metadata (including ARNs and account IDs) to the browser console in production.</violation>
</file>
<file name="apps/app/src/app/(app)/[orgId]/integrations/[slug]/components/EmptyStateOnboarding.tsx">
<violation number="1" location="apps/app/src/app/(app)/[orgId]/integrations/[slug]/components/EmptyStateOnboarding.tsx:367">
P1: Region-clearing logic on `awsType` change is in `CredentialSetup` (which never handles AWS) instead of `CloudSetup` (which does). When a user switches between Commercial and GovCloud environments, previously-selected regions from the other partition remain in state and may be submitted.</violation>
</file>
Reply with feedback, questions, or to request a fix. Tag @cubic-dev-ai to re-run a review, or fix all with cubic.
…ntial update logic - Removed unnecessary console log from AwsAccountSettingsBody component. - Simplified the updateCredential function in EmptyStateOnboarding and CloudSetup components by removing redundant logic for awsType, ensuring cleaner state management.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This is an automated pull request to merge feat/support-gov-cloud-aws into dev.
It was created by the [Auto Pull Request] action.
Summary by cubic
Adds full AWS GovCloud support with partition-aware credentials, ARNs, and regions across API and app. Enables scanning and remediation in GovCloud with correct CloudShell URLs/scripts and a simpler AWS settings setup.
New Features
AWSSecurityService/executor handleaws-us-govARNs/regions; block unsupported services (CloudFront, Shield); default region uses partition.awsType; controllers parse accountId fromarn:(aws|aws-us-gov):....aws-us-gov.@trycompai/integration-platform: exportgetAwsCloudShellUrl,getAwsCloudShellScript,getAwsRemediationScript,normalizeAwsEnvironment; credentials manifest supports GovCloud.SECURITY_HUB_GOVCLOUD_*variables; role-assumer ARN selection based on partition.awsType) in onboarding and AWS account settings.Migration
SECURITY_HUB_GOVCLOUD_ROLE_ASSUMER_ARN(and optionalSECURITY_HUB_GOVCLOUD_ACCESS_KEY_ID,SECURITY_HUB_GOVCLOUD_SECRET_ACCESS_KEY,SECURITY_HUB_GOVCLOUD_SESSION_TOKEN).credentials.awsTypetoaws-us-govand use GovCloud role ARNs; Commercial (aws) remains default.Written for commit 44d7cbd. Summary will update on new commits.