Skip to content

fix(cloud-tests): harden aws validation paths#2905

Merged
tofikwest merged 2 commits into
mainfrom
tofik/remediation-release-review
May 22, 2026
Merged

fix(cloud-tests): harden aws validation paths#2905
tofikwest merged 2 commits into
mainfrom
tofik/remediation-release-review

Conversation

@tofikwest
Copy link
Copy Markdown
Contributor

@tofikwest tofikwest commented May 22, 2026
edited by cubic-dev-ai Bot
Loading

Summary

  • keep IAM MFA scans running when GetLoginProfile fails with an unexpected/non-NoSuchEntity error
  • validate RevokeSecurityGroupIngressCommand differently for rule-ID-only revokes vs property-based revokes
  • add regression coverage for both Cubic findings

Verification

  • bunx jest src/cloud-security/aws-command-executor.spec.ts src/cloud-security/providers/aws/iam.adapter.spec.ts --passWithNoTests
  • bunx prettier --check apps/api/src/cloud-security/aws-command-executor.ts apps/api/src/cloud-security/aws-command-executor.spec.ts apps/api/src/cloud-security/providers/aws/iam.adapter.ts apps/api/src/cloud-security/providers/aws/iam.adapter.spec.ts
  • git diff --check

Notes

  • bunx turbo run typecheck --filter=@trycompai/api currently fails on existing baseline errors outside this patch, including AI SDK LanguageModelV3 vs LanguageModelV2 assignments and unrelated spec signature drift.

Summary by cubic

Hardened AWS validation and IAM MFA scanning to prevent false negatives and keep scans running. Correctly validates RevokeSecurityGroupIngressCommand inputs and continues MFA checks when console-access probes fail unexpectedly.

  • Bug Fixes
    • RevokeSecurityGroupIngressCommand: Require GroupId or GroupName only for property-based revokes; allow rule-ID-only revokes without a group. SecurityGroupRuleIds no longer satisfy the group requirement when rule properties are present. Updated error messages.
    • IAM: When GetLoginProfile throws non-NoSuchEntity errors (e.g., AccessDeniedException), continue MFA checks and treat console access as present to avoid suppressing findings.
    • S3 CreateBucket: Safer bucket name normalization (coerce string/number, lower-case, replace underscores).
    • Tests: Added coverage for both SG revoke validation paths and the console-probe error flow.

Written for commit 5a79bcb. Summary will update on new commits. Review in cubic

@vercel
Copy link
Copy Markdown

vercel Bot commented May 22, 2026
edited
Loading

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Actions Updated (UTC)
comp-framework-editor Ready Ready Preview, Comment May 22, 2026 12:33am
2 Skipped Deployments
Project Deployment Actions Updated (UTC)
app Skipped Skipped May 22, 2026 12:33am
portal Skipped Skipped May 22, 2026 12:33am

Request Review

cubic-dev-ai[bot]
cubic-dev-ai Bot reviewed May 22, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@cubic-dev-ai cubic-dev-ai Bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

No issues found across 4 files

Confidence score: 5/5

  • Automated review surfaced no issues in the provided summaries.
  • No files require special attention.

Re-trigger cubic

@vercel vercel Bot temporarily deployed to Preview – app May 22, 2026 00:32 Inactive
@vercel vercel Bot temporarily deployed to Preview – portal May 22, 2026 00:32 Inactive
@tofikwest tofikwest merged commit b17a66c into main May 22, 2026
11 checks passed
@tofikwest tofikwest deleted the tofik/remediation-release-review branch May 22, 2026 00:40
@claudfuen
Copy link
Copy Markdown
Contributor

claudfuen commented May 22, 2026

🎉 This PR is included in version 3.62.1 🎉

The release is available on GitHub release

Your semantic-release bot 📦🚀

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@cubic-dev-ai cubic-dev-ai[bot] cubic-dev-ai[bot] left review comments

Assignees

No one assigned

Labels

released

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@tofikwest @claudfuen