1 | /* Vuls - Vulnerability Scanner |
||
2 | Copyright (C) 2016 Future Corporation , Japan. |
||
3 | |||
4 | This program is free software: you can redistribute it and/or modify |
||
5 | it under the terms of the GNU General Public License as published by |
||
6 | the Free Software Foundation, either version 3 of the License, or |
||
7 | (at your option) any later version. |
||
8 | |||
9 | This program is distributed in the hope that it will be useful, |
||
10 | but WITHOUT ANY WARRANTY; without even the implied warranty of |
||
11 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
||
12 | GNU General Public License for more details. |
||
13 | |||
14 | You should have received a copy of the GNU General Public License |
||
15 | along with this program. If not, see <http://www.gnu.org/licenses/>. |
||
16 | */ |
||
17 | |||
18 | package report |
||
19 | |||
20 | import ( |
||
21 | "bytes" |
||
22 | "encoding/json" |
||
23 | "encoding/xml" |
||
24 | "fmt" |
||
25 | "path" |
||
26 | "time" |
||
27 | |||
28 | "github.com/aws/aws-sdk-go/aws" |
||
29 | "github.com/aws/aws-sdk-go/aws/credentials" |
||
30 | "github.com/aws/aws-sdk-go/aws/credentials/ec2rolecreds" |
||
31 | "github.com/aws/aws-sdk-go/aws/ec2metadata" |
||
32 | "github.com/aws/aws-sdk-go/aws/session" |
||
33 | "github.com/aws/aws-sdk-go/service/s3" |
||
34 | "golang.org/x/xerrors" |
||
35 | |||
36 | c "github.com/future-architect/vuls/config" |
||
37 | "github.com/future-architect/vuls/models" |
||
38 | ) |
||
39 | |||
40 | // S3Writer writes results to S3 |
||
41 | type S3Writer struct{} |
||
42 | |||
43 | func getS3() *s3.S3 { |
||
44 | Config := &aws.Config{ |
||
45 | Region: aws.String(c.Conf.AWS.Region), |
||
46 | Credentials: credentials.NewChainCredentials([]credentials.Provider{ |
||
47 | &credentials.EnvProvider{}, |
||
48 | &credentials.SharedCredentialsProvider{Filename: "", Profile: c.Conf.AWS.Profile}, |
||
49 | &ec2rolecreds.EC2RoleProvider{Client: ec2metadata.New(session.New())}, |
||
50 | }), |
||
51 | } |
||
52 | return s3.New(session.New(Config)) |
||
53 | } |
||
54 | |||
55 | // Write results to S3 |
||
56 | // http://docs.aws.amazon.com/sdk-for-go/latest/v1/developerguide/common-examples.title.html |
||
57 | func (w S3Writer) Write(rs ...models.ScanResult) (err error) { |
||
58 | if len(rs) == 0 { |
||
59 | return nil |
||
60 | } |
||
61 | |||
62 | svc := getS3() |
||
63 | |||
64 | if c.Conf.FormatOneLineText { |
||
65 | timestr := rs[0].ScannedAt.Format(time.RFC3339) |
||
66 | k := fmt.Sprintf(timestr + "/summary.txt") |
||
0 ignored issues
–
show
introduced
by
![]() |
|||
67 | text := formatOneLineSummary(rs...) |
||
68 | if err := putObject(svc, k, []byte(text)); err != nil { |
||
69 | return err |
||
70 | } |
||
71 | } |
||
72 | |||
73 | for _, r := range rs { |
||
74 | key := r.ReportKeyName() |
||
75 | if c.Conf.FormatJSON { |
||
76 | k := key + ".json" |
||
77 | var b []byte |
||
78 | if b, err = json.Marshal(r); err != nil { |
||
79 | return xerrors.Errorf("Failed to Marshal to JSON: %w", err) |
||
0 ignored issues
–
show
|
|||
80 | } |
||
81 | if err := putObject(svc, k, b); err != nil { |
||
82 | return err |
||
83 | } |
||
84 | } |
||
85 | |||
86 | if c.Conf.FormatList { |
||
87 | k := key + "_short.txt" |
||
88 | text := formatList(r) |
||
89 | if err := putObject(svc, k, []byte(text)); err != nil { |
||
90 | return err |
||
91 | } |
||
92 | } |
||
93 | |||
94 | if c.Conf.FormatFullText { |
||
95 | k := key + "_full.txt" |
||
96 | text := formatFullPlainText(r) |
||
97 | if err := putObject(svc, k, []byte(text)); err != nil { |
||
98 | return err |
||
99 | } |
||
100 | } |
||
101 | |||
102 | if c.Conf.FormatXML { |
||
103 | k := key + ".xml" |
||
104 | var b []byte |
||
105 | if b, err = xml.Marshal(r); err != nil { |
||
106 | return xerrors.Errorf("Failed to Marshal to XML: %w", err) |
||
0 ignored issues
–
show
|
|||
107 | } |
||
108 | allBytes := bytes.Join([][]byte{[]byte(xml.Header + vulsOpenTag), b, []byte(vulsCloseTag)}, []byte{}) |
||
109 | if err := putObject(svc, k, allBytes); err != nil { |
||
110 | return err |
||
111 | } |
||
112 | } |
||
113 | } |
||
114 | return nil |
||
115 | } |
||
116 | |||
117 | // CheckIfBucketExists check the existence of S3 bucket |
||
118 | func CheckIfBucketExists() error { |
||
119 | svc := getS3() |
||
120 | result, err := svc.ListBuckets(&s3.ListBucketsInput{}) |
||
121 | if err != nil { |
||
122 | return xerrors.Errorf( |
||
0 ignored issues
–
show
|
|||
123 | "Failed to list buckets. err: %w, profile: %s, region: %s", |
||
124 | err, c.Conf.AWS.Profile, c.Conf.AWS.Region) |
||
125 | } |
||
126 | |||
127 | found := false |
||
128 | for _, bucket := range result.Buckets { |
||
129 | if *bucket.Name == c.Conf.AWS.S3Bucket { |
||
130 | found = true |
||
131 | break |
||
132 | } |
||
133 | } |
||
134 | if !found { |
||
135 | return xerrors.Errorf( |
||
136 | "Failed to find the buckets. profile: %s, region: %s, bucket: %s", |
||
137 | c.Conf.AWS.Profile, c.Conf.AWS.Region, c.Conf.AWS.S3Bucket) |
||
138 | } |
||
139 | return nil |
||
140 | } |
||
141 | |||
142 | func putObject(svc *s3.S3, k string, b []byte) error { |
||
143 | var err error |
||
144 | if c.Conf.GZIP { |
||
145 | if b, err = gz(b); err != nil { |
||
146 | return err |
||
147 | } |
||
148 | k += ".gz" |
||
149 | } |
||
150 | |||
151 | putObjectInput := &s3.PutObjectInput{ |
||
152 | Bucket: aws.String(c.Conf.AWS.S3Bucket), |
||
153 | Key: aws.String(path.Join(c.Conf.AWS.S3ResultsDir, k)), |
||
154 | Body: bytes.NewReader(b), |
||
155 | } |
||
156 | |||
157 | if c.Conf.AWS.S3ServerSideEncryption != "" { |
||
158 | putObjectInput.ServerSideEncryption = aws.String(c.Conf.AWS.S3ServerSideEncryption) |
||
159 | } |
||
160 | |||
161 | if _, err := svc.PutObject(putObjectInput); err != nil { |
||
162 | return xerrors.Errorf("Failed to upload data to %s/%s, err: %w", |
||
0 ignored issues
–
show
|
|||
163 | c.Conf.AWS.S3Bucket, k, err) |
||
164 | } |
||
165 | return nil |
||
166 | } |
||
167 |