This repository has been archived by the owner on Oct 17, 2024. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 13
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
* make stdout_json consumer in go * cleanup * fix docker deps
- Loading branch information
1 parent
19e322c
commit 6e3447f
Showing
5 changed files
with
168 additions
and
259 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,33 +1,22 @@ | ||
| subinclude("//third_party/defs:docker") | ||
|
|
||
| python_binary( | ||
| go_binary( | ||
| name = "stdout_json", | ||
| main = "stdout_json.py", | ||
| deps = [ | ||
| "//api/proto:v1", | ||
| "//consumers:consumers_base_python", | ||
| "//third_party/python:protobuf", | ||
| ], | ||
| ) | ||
|
|
||
| python_test( | ||
| name = "stdout_json_test", | ||
| srcs = [ | ||
| "stdout_json_test.py", | ||
| "main.go", | ||
| ], | ||
| deps = [ | ||
| ":stdout_json", | ||
| "//api/proto:v1", | ||
| "//consumers:consumers_base_python", | ||
| "//third_party/python:protobuf", | ||
| "//consumers", | ||
| "//third_party/go:protobuf", | ||
| ], | ||
| ) | ||
|
|
||
| docker_image( | ||
| name = "dracon-consumer-stdout", | ||
| name = "image", | ||
| srcs = [ | ||
| ":stdout_json", | ||
| ], | ||
| base_image = "//build/docker:dracon-base-python", | ||
| base_image = "//build/docker:dracon-base-go", | ||
| image = "dracon-consumer-stdout-json", | ||
| ) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,5 +1,5 @@ | ||
| FROM //build/docker:dracon-base-python | ||
| FROM //build/docker:dracon-base-go | ||
|
|
||
| COPY /stdout_json.pex /consume.pex | ||
| COPY stdout_json /consume | ||
|
|
||
| ENTRYPOINT ["/consume.pex"] | ||
| ENTRYPOINT ["/consume"] |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,159 @@ | ||
| package main | ||
|
|
||
| import ( | ||
| "encoding/json" | ||
| "fmt" | ||
| "log" | ||
| "time" | ||
|
|
||
| "github.com/golang/protobuf/ptypes" | ||
| v1 "github.com/thought-machine/dracon/api/proto/v1" | ||
| "github.com/thought-machine/dracon/consumers" | ||
| ) | ||
|
|
||
| func parseFlags() error { | ||
| if err := consumers.ParseFlags(); err != nil { | ||
| return err | ||
| } | ||
| return nil | ||
| } | ||
|
|
||
| func main() { | ||
| if err := consumers.ParseFlags(); err != nil { | ||
| log.Fatal(err) | ||
| } | ||
| if consumers.Raw { | ||
| responses, err := consumers.LoadToolResponse() | ||
| if err != nil { | ||
| log.Fatal("could not load raw results, file malformed: ", err) | ||
| } | ||
| for _, res := range responses { | ||
| scanStartTime, _ := ptypes.Timestamp(res.GetScanInfo().GetScanStartTime()) | ||
| for _, iss := range res.GetIssues() { | ||
| b, err := getRawIssue(scanStartTime, res, iss) | ||
| if err != nil { | ||
| log.Fatal("Could not parse raw issue", err) | ||
| } | ||
| fmt.Printf("%s", string(b)) | ||
| } | ||
| } | ||
| } else { | ||
| responses, err := consumers.LoadEnrichedToolResponse() | ||
| if err != nil { | ||
| log.Fatal("could not load enriched results, file malformed: ", err) | ||
| } | ||
| for _, res := range responses { | ||
| scanStartTime, _ := ptypes.Timestamp(res.GetOriginalResults().GetScanInfo().GetScanStartTime()) | ||
| for _, iss := range res.GetIssues() { | ||
| b, err := getEnrichedIssue(scanStartTime, res, iss) | ||
| if err != nil { | ||
| log.Fatal("Could not parse enriched issue", err) | ||
| } | ||
| fmt.Printf("%s", string(b)) | ||
| } | ||
| } | ||
| } | ||
| } | ||
|
|
||
| func getRawIssue(scanStartTime time.Time, res *v1.LaunchToolResponse, iss *v1.Issue) ([]byte, error) { | ||
| jBytes, err := json.Marshal(&draconDocument{ | ||
| ScanStartTime: scanStartTime, | ||
| ScanID: res.GetScanInfo().GetScanUuid(), | ||
| ToolName: res.GetToolName(), | ||
| Source: iss.GetSource(), | ||
| Title: iss.GetTitle(), | ||
| Target: iss.GetTarget(), | ||
| Type: iss.GetType(), | ||
| Severity: iss.GetSeverity(), | ||
| CVSS: iss.GetCvss(), | ||
| Confidence: iss.GetConfidence(), | ||
| Description: iss.GetDescription(), | ||
| FirstFound: scanStartTime, | ||
| Count: 1, | ||
| FalsePositive: false, | ||
| CVE: iss.GetCve(), | ||
| }) | ||
| if err != nil { | ||
| return []byte{}, err | ||
| } | ||
| return jBytes, nil | ||
| } | ||
| func severtiyToText(severity v1.Severity) string { | ||
| switch severity { | ||
| case v1.Severity_SEVERITY_INFO: | ||
| return "Info" | ||
| case v1.Severity_SEVERITY_LOW: | ||
| return "Low" | ||
| case v1.Severity_SEVERITY_MEDIUM: | ||
| return "Medium" | ||
| case v1.Severity_SEVERITY_HIGH: | ||
| return "High" | ||
| case v1.Severity_SEVERITY_CRITICAL: | ||
| return "Critical" | ||
| default: | ||
| return "N/A" | ||
| } | ||
| } | ||
| func confidenceToText(confidence v1.Confidence) string { | ||
| switch confidence { | ||
| case v1.Confidence_CONFIDENCE_INFO: | ||
| return "Info" | ||
| case v1.Confidence_CONFIDENCE_LOW: | ||
| return "Low" | ||
| case v1.Confidence_CONFIDENCE_MEDIUM: | ||
| return "Medium" | ||
| case v1.Confidence_CONFIDENCE_HIGH: | ||
| return "High" | ||
| case v1.Confidence_CONFIDENCE_CRITICAL: | ||
| return "Critical" | ||
| default: | ||
| return "N/A" | ||
| } | ||
|
|
||
| } | ||
| func getEnrichedIssue(scanStartTime time.Time, res *v1.EnrichedLaunchToolResponse, iss *v1.EnrichedIssue) ([]byte, error) { | ||
| firstSeenTime, _ := ptypes.Timestamp(iss.GetFirstSeen()) | ||
| jBytes, err := json.Marshal(&draconDocument{ | ||
| ScanStartTime: scanStartTime, | ||
| ScanID: res.GetOriginalResults().GetScanInfo().GetScanUuid(), | ||
| ToolName: res.GetOriginalResults().GetToolName(), | ||
| Source: iss.GetRawIssue().GetSource(), | ||
| Title: iss.GetRawIssue().GetTitle(), | ||
| Target: iss.GetRawIssue().GetTarget(), | ||
| Type: iss.GetRawIssue().GetType(), | ||
| Severity: iss.GetRawIssue().GetSeverity(), | ||
| CVSS: iss.GetRawIssue().GetCvss(), | ||
| Confidence: iss.GetRawIssue().GetConfidence(), | ||
| Description: iss.GetRawIssue().GetDescription(), | ||
| FirstFound: firstSeenTime, | ||
| Count: iss.GetCount(), | ||
| FalsePositive: iss.GetFalsePositive(), | ||
| SeverityText: severtiyToText(iss.GetRawIssue().GetSeverity()), | ||
| ConfidenceText: confidenceToText(iss.GetRawIssue().GetConfidence()), | ||
| CVE: iss.GetRawIssue().GetCve(), | ||
| }) | ||
| if err != nil { | ||
| return []byte{}, err | ||
| } | ||
| return jBytes, nil | ||
| } | ||
|
|
||
| type draconDocument struct { | ||
| ScanStartTime time.Time `json:"scan_start_time"` | ||
| ScanID string `json:"scan_id"` | ||
| ToolName string `json:"tool_name"` | ||
| Source string `json:"source"` | ||
| Target string `json:"target"` | ||
| Type string `json:"type"` | ||
| Title string `json:"title"` | ||
| Severity v1.Severity `json:"severity"` | ||
| SeverityText string `json:"severity_text"` | ||
| CVSS float64 `json:"cvss"` | ||
| Confidence v1.Confidence `json:"confidence"` | ||
| ConfidenceText string `json:"confidence_text"` | ||
| Description string `json:"description"` | ||
| FirstFound time.Time `json:"first_found"` | ||
| Count uint64 `json:"count"` | ||
| FalsePositive bool `json:"false_positive"` | ||
| CVE string `json:"cve"` | ||
| } |
This file was deleted.
Oops, something went wrong.
Oops, something went wrong.