fixes to ensure values are being set correctly when using environment…

… variables
njohnstone2 · Aug 31, 2024 · 9619367 · 9619367
1 parent 2d3f82b
commit 9619367
Show file tree

Hide file tree

Showing 5 changed files with 61 additions and 20 deletions.
diff --git a/cmd/cve-watch/config.go b/cmd/cve-watch/config.go
@@ -17,7 +17,8 @@ type Config struct {
 
 func DefaultConfig() Config {
 	return Config{
-		LogLevel:     "INFO",
+		LogLevel:     "info",
+		LogFormat:    "text",
 		IntervalMins: 5,
 		HTTPPort:     8080,
 	}
@@ -43,11 +44,18 @@ func (config *Config) Parameters() []cli.Flag {
 		},
 		&cli.StringFlag{
 			Name:        "log-level",
-			Usage:       "Application log level. Default: INFO",
+			Usage:       "Application log level. Default: info",
 			EnvVars:     []string{"LOG_LEVEL"},
 			Value:       defaults.LogLevel,
 			Destination: &config.LogLevel,
 		},
+		&cli.StringFlag{
+			Name:        "log-format",
+			Usage:       "Application log format. Default: text",
+			EnvVars:     []string{"LOG_FORMAT"},
+			Value:       defaults.LogFormat,
+			Destination: &config.LogFormat,
+		},
 		&cli.IntFlag{
 			Name:        "interval-mins",
 			Usage:       "Frequency the NVD API should be polled. Deault: 5",

diff --git a/cmd/cve-watch/main.go b/cmd/cve-watch/main.go
@@ -4,7 +4,7 @@ import (
 	"context"
 	"encoding/json"
 	"fmt"
-	"io/ioutil"
+	"io"
 	"net/http"
 	"os"
 	"os/signal"
@@ -14,7 +14,6 @@ import (
 
 	"github.com/njohnstone2/cve-watch/internal/handlers"
 	"github.com/njohnstone2/cve-watch/internal/nvd"
-	"github.com/sirupsen/logrus"
 	log "github.com/sirupsen/logrus"
 	"github.com/slack-go/slack"
 	"github.com/urfave/cli/v2"
@@ -25,6 +24,31 @@ const (
 	baseUrl    = "https://services.nvd.nist.gov/rest/json/cves/2.0"
 )
 
+func setLogger(format, level string) {
+	if strings.ToLower(format) == "json" {
+		log.SetFormatter(&log.JSONFormatter{})
+	}
+
+	switch strings.ToLower(level) {
+	case "trace":
+		log.SetLevel(log.TraceLevel)
+	case "debug":
+		log.SetLevel(log.DebugLevel)
+	case "info":
+		log.SetLevel(log.InfoLevel)
+	case "warn":
+		log.SetLevel(log.WarnLevel)
+	case "error":
+		log.SetLevel(log.ErrorLevel)
+	case "fatal":
+		log.SetLevel(log.FatalLevel)
+	case "panic":
+		log.SetLevel(log.PanicLevel)
+	default:
+		log.SetLevel(log.InfoLevel)
+	}
+}
+
 func main() {
 	config := DefaultConfig()
 	nvdConfig := nvd.DefaultConfig()
@@ -43,7 +67,16 @@ func main() {
 		Usage: "monitors the National Vulnerability Database (NVD) for new CVE's",
 		Flags: params,
 		Action: func(c *cli.Context) error {
+			setLogger(config.LogFormat, config.LogLevel)
 			nvdConfig.IncludeFilters = c.StringSlice("include-filters")
+			nvdConfig.ExcludeFilters = c.StringSlice("exclude-filters")
+			log.WithFields(log.Fields{
+				"log_level":       config.LogLevel,
+				"log_format":      config.LogFormat,
+				"include_filters": nvdConfig.IncludeFilters,
+				"exclude_filters": nvdConfig.ExcludeFilters,
+				"severities":      nvdConfig.CveSeverities,
+			}).Debug("config_values")
 
 			for _, c := range configItems {
 				validationError := c.Validate()
@@ -78,11 +111,6 @@ func main() {
 
 			severities := strings.Split(nvdConfig.CveSeverities, ",")
 			client := nvd.NewClient(nvdConfig, nvdConfig.IncludeFilters, nvdConfig.ExcludeFilters)
-			log.WithFields(logrus.Fields{
-				"include_filters": nvdConfig.IncludeFilters,
-				"exclude_filters": nvdConfig.ExcludeFilters,
-				"severities":      nvdConfig.CveSeverities,
-			}).Debug("config_values")
 
 			// Run the query every minute
 			go func() {
@@ -143,7 +171,7 @@ func fetchCves(config Config, client nvd.NVDClient, interval time.Duration, seve
 	}
 
 	// Read the response body
-	body, err := ioutil.ReadAll(response.Body)
+	body, err := io.ReadAll(response.Body)
 	if err != nil {
 		return err
 	}
@@ -168,6 +196,8 @@ func fetchCves(config Config, client nvd.NVDClient, interval time.Duration, seve
 
 	if len(data.Vulnerabilities) == 0 {
 		log.Info("No new CVEs found")
+	} else if len(cves) == 0 {
+		log.Info("Found CVEs did not match filters")
 	}
 
 	return nil

diff --git a/internal/nvd/config.go b/internal/nvd/config.go
@@ -7,10 +7,10 @@ import (
 )
 
 type NVDConfig struct {
-	NvdApiKey      string `json:"nvd_api_key"`
-	CveSeverities  string `json:"cve_severities"`
-	IncludeFilters []string
-	ExcludeFilters []string
+	NvdApiKey      string   `json:"nvd_api_key"`
+	CveSeverities  string   `json:"cve_severities"`
+	IncludeFilters []string `json:"include_filters"`
+	ExcludeFilters []string `json:"exclude_filters"`
 }
 
 func DefaultConfig() NVDConfig {

diff --git a/internal/nvd/nvd.go b/internal/nvd/nvd.go
@@ -41,13 +41,14 @@ func (c *NVDClient) Do(req *http.Request) (*http.Response, error) {
 
 func (n *NVDClient) FilterCVEs(v []Vulnerability) []CVE {
 	cves := make([]CVE, 0)
-	log.WithFields(log.Fields{
-		"include": n.inclFilters,
-		"exclude": n.exclFilters,
-	}).Debug("filters")
+	log.WithField("count", len(v)).Info("Total CVEs")
 
 	for _, item := range v {
-		log.WithField("id", item.CVE.ID).Debug("processing_cve")
+		log.WithFields(log.Fields{
+			"id":              item.CVE.ID,
+			"include_filters": len(n.inclFilters),
+			"exclude_filters": len(n.exclFilters),
+		}).Debug("processing_cve")
 
 		hasMatch := false
 		exclude := false

diff --git a/scripts/run_local.sh b/scripts/run_local.sh
@@ -2,7 +2,8 @@
 set -e
 cd cmd/cve-watch
 
-export LOG_LEVEL="INFO"
+export LOG_LEVEL="debug"
+export LOG_FORMAT="text"
 export INTERVAL_MINS=2
 
 export SLACK_TOKEN=""
@@ -11,6 +12,7 @@ export SLACK_CHANNEL_ID=""
 export NVD_API_KEY=""
 export CVE_SEVERITIES="HIGH"
 export INCLUDE_FILTERS=""
+# export EXCLUDE_FILTERS=""
 
 go build
 ./cve-watch