From d9561d5d22f2f01adc3f1004577bb28e327bcd1c Mon Sep 17 00:00:00 2001
From: n4ch04 <59198746+n4ch04@users.noreply.github.com>
Date: Wed, 2 Feb 2022 17:09:38 +0100
Subject: [PATCH] fix(check32): filterName base64encoded to avoid space
 problems in filter names (#1020)

* fix(check32): filterName base64encoded to avoid space problems in filter names

* fix(check32): base64 decoding atomic expression

* fix(check32): Variable enclosing

Co-authored-by: Nacho Rivera <nachor1992@gmail>
---
 include/check3x | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

diff --git a/include/check3x b/include/check3x
index 29de748e..1f6ac4a6 100644
--- a/include/check3x
+++ b/include/check3x
@@ -39,11 +39,12 @@ check3x(){
       if [ "$CLOUDWATCH_LOGGROUP_ACCOUNT" == "$CURRENT_ACCOUNT_ID" ];then
         # Filter control and whitespace from .metricFilters[*].filterPattern for easier matching later
         METRICFILTER_CACHE=$($AWSCLI logs describe-metric-filters --log-group-name "$CLOUDWATCH_LOGGROUP_NAME" $PROFILE_OPT --region "$CLOUDWATCH_LOGGROUP_REGION"|jq '.metricFilters|=map(.filterPattern|=gsub("[[:space:]]+"; " "))')
-        METRICFILTER_SET=$(echo $METRICFILTER_CACHE | jq -r --arg re "$grep_filter" '.metricFilters[]|select(.filterPattern|test($re))|.filterName')
+        METRICFILTER_SET=$(echo "${METRICFILTER_CACHE}" | jq -r --arg re "${grep_filter}" '.metricFilters[]|select(.filterPattern|test($re))|.filterName|@base64')
       fi
       if [[ $METRICFILTER_SET ]];then
         for metric in $METRICFILTER_SET; do
-          metric_name=$(echo $METRICFILTER_CACHE | jq -r --arg name $metric '.metricFilters[]|select(.filterName==$name)|.metricTransformations[0].metricName')
+          metric_decode=$(base64 -d <<< "${metric}")
+          metric_name=$(echo "${METRICFILTER_CACHE}" | jq -r --arg name "${metric_decode}" '.metricFilters[]|select(.filterName==$name)|.metricTransformations[0].metricName')
           HAS_ALARM_ASSOCIATED=$($AWSCLI cloudwatch describe-alarms $PROFILE_OPT --region "$CLOUDWATCH_LOGGROUP_REGION" --query 'MetricAlarms[?MetricName==`'"$metric_name"'`]' --output text)
           if [[ $HAS_ALARM_ASSOCIATED ]];then
             CHECK_OK="$CHECK_OK $CLOUDWATCH_LOGGROUP_NAME:$metric"
@@ -61,7 +62,7 @@ check3x(){
 
     if [[ $CHECK_OK ]]; then
       for group in $CHECK_OK; do
-        metric=${group#*:}
+        metric=$(base64 -d <<< "${group#*:}")
         group=${group%:*}
         textPass "$REGION: CloudWatch group $group found with metric filter $metric and alarms set" "$REGION" "$group"
       done
@@ -69,7 +70,7 @@ check3x(){
     if [[ $CHECK_WARN ]]; then
       for group in $CHECK_WARN; do
         case $group in
-           *:*) metric=${group#*:}
+           *:*) metric=$(base64 -d <<< "${group#*:}")
                 group=${group%:*}
                 if [[ $pass_count == 0 ]]; then
                   textFail "$REGION: CloudWatch group $group found with metric filter $metric but no alarms associated" "$REGION" "$group"