Skip to content

Commit

Permalink
Merge branch 'main' into fix/clean-bytes-filtering-logic
Browse files Browse the repository at this point in the history
  • Loading branch information
Donnype authored Nov 6, 2023
2 parents 3a5811b + 78dd737 commit be49080
Show file tree
Hide file tree
Showing 104 changed files with 2,721 additions and 622 deletions.
18 changes: 12 additions & 6 deletions .github/workflows/build-rdo-package.yml
Original file line number Diff line number Diff line change
Expand Up @@ -8,6 +8,7 @@ on:
push:
tags:
- v*
workflow_dispatch:

env:
PKGDIR: /home/runner/work/nl-kat-coordination
Expand Down Expand Up @@ -86,7 +87,7 @@ jobs:
run: python3.8 -m venv /var/www/html/.venv

- name: Rocky Install requirements
run: cd /var/www/html; source .venv/bin/activate; pip install --upgrade pip; pip install --requirement requirements.txt; pip install ${{ github.workspace }}/octopoes/dist/octopoes*.whl
run: cd /var/www/html; source .venv/bin/activate; pip install --upgrade pip; grep -v git+https:// requirements.txt | pip install -r /dev/stdin ; grep git+https:// requirements.txt | pip install -r /dev/stdin; pip install ${{ github.workspace }}/octopoes/dist/octopoes*.whl

- name: Rocky Create rocky_venv tarball
run: tar -zcvf ${{ env.PKGDIR }}/rocky_venv_${{ env.RELEASE_VERSION }}.tar.gz -C /var/www/html/ .venv
Expand All @@ -111,13 +112,18 @@ jobs:
shell: bash --login {0}
working-directory: ./rocky

- name: Rocky Collectstatic
run: SECRET_KEY="whatever" /var/www/html/.venv/bin/python3.8 manage.py collectstatic
working-directory: ./rocky

- name: Rocky Compilemessages
run: SECRET_KEY="whatever" /var/www/html/.venv/bin/python3.8 manage.py compilemessages
run: /var/www/html/.venv/bin/python3.8 manage.py collectstatic && /var/www/html/.venv/bin/python3.8 manage.py compress && /var/www/html/.venv/bin/python3.8 manage.py compilemessages
working-directory: ./rocky
env:
BYTES_API: http://bytes:8000
BYTES_PASSWORD: password
BYTES_USERNAME: username
KATALOGUS_API: http://katalogus:8000
KEIKO_API: http://keiko:8000
OCTOPOES_API: http://octopoes_api:80
SCHEDULER_API: http://scheduler:8000
SECRET_KEY: whatever

- name: Rocky Create rocky release
run: tar -cvzf ${{ env.PKGDIR }}/rocky_${{ env.RELEASE_VERSION }}.tar.gz --exclude node_modules --exclude rocky_venv* --exclude=.git* --exclude .parcel-cache --exclude Dockerfile .
Expand Down
14 changes: 12 additions & 2 deletions .pre-commit-config.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -107,10 +107,20 @@ repos:
rev: v1.32.1
hooks:
- id: djlint-reformat-django
files: '^rocky/.*/templates/.*$'
files: |
(?x)(
^rocky/.*/templates/.*$ |
^rocky/reports/report_types/.*/.*\.html
)
exclude: '^rocky/rocky/templates/admin/.*\.html$'

- id: djlint-django
files: '^rocky/.*/templates/.*$'
files: |
(?x)(
^rocky/.*/templates/.*$ |
^rocky/reports/report_types/.*/.*\.html
)
exclude: '^rocky/rocky/templates/admin/.*\.html$'

- repo: https://github.com/thibaudcolas/pre-commit-stylelint
rev: v15.10.1
Expand Down
4 changes: 2 additions & 2 deletions boefjes/boefjes/api.py
Original file line number Diff line number Diff line change
Expand Up @@ -14,14 +14,14 @@
from boefjes.clients.scheduler_client import SchedulerAPIClient, TaskStatus
from boefjes.config import settings
from boefjes.job_handler import (
_collect_default_mime_types,
_find_ooi_in_past,
get_environment_settings,
get_octopoes_api_connector,
serialize_ooi,
)
from boefjes.job_models import BoefjeMeta
from boefjes.katalogus.local_repository import LocalPluginRepository, get_local_repository
from boefjes.plugins.models import _default_meta_mime_types
from octopoes.models import Reference

app = FastAPI(title="Boefje API")
Expand Down Expand Up @@ -128,7 +128,7 @@ async def boefje_output(
bytes_client.save_boefje_meta(boefje_meta)

if boefje_output.files:
mime_types = _collect_default_mime_types(task.p_item.data)
mime_types = _default_meta_mime_types(task.p_item.data)
for file in boefje_output.files:
raw = base64.b64decode(file.content)
# when supported, also save file.name to Bytes
Expand Down
4 changes: 2 additions & 2 deletions boefjes/boefjes/docker_boefjes_runner.py
Original file line number Diff line number Diff line change
Expand Up @@ -31,9 +31,9 @@ def run(self) -> None:
raise RuntimeError("Boefje does not have OCI image")

# local import to prevent circular dependency
from boefjes import job_handler
import boefjes.plugins.models

stderr_mime_types = job_handler._collect_default_mime_types(self.boefje_meta)
stderr_mime_types = boefjes.plugins.models._default_meta_mime_types(self.boefje_meta)

task_id = str(self.boefje_meta.id)
self.scheduler_client.patch_task(task_id, TaskStatus.RUNNING)
Expand Down
27 changes: 3 additions & 24 deletions boefjes/boefjes/job_handler.py
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@
import traceback
from datetime import datetime, timedelta, timezone
from enum import Enum
from typing import Any, Dict, List, Set
from typing import Any, Dict, List

import requests
from pydantic.tools import parse_obj_as
Expand All @@ -18,6 +18,7 @@
NormalizerPlainOOI,
)
from boefjes.katalogus.local_repository import LocalPluginRepository
from boefjes.plugins.models import _default_meta_mime_types
from boefjes.runtime_interfaces import BoefjeJobRunner, Handler, NormalizerJobRunner
from octopoes.api.models import Declaration, Observation
from octopoes.connector.octopoes import OctopoesAPIConnector
Expand Down Expand Up @@ -99,28 +100,6 @@ def get_environment_settings(boefje_meta: BoefjeMeta, environment_keys: List[str
logger.exception("Error getting environment settings")
raise

return {}


def _collect_default_mime_types(boefje_meta: BoefjeMeta) -> Set[str]:
boefje_id = boefje_meta.boefje.id

mime_types = {
boefje_id,
f"boefje/{boefje_id}",
f"boefje/{boefje_id}-{boefje_meta.parameterized_arguments_hash}",
}

if boefje_meta.boefje.version is not None:
mime_types = mime_types.union(
{
f"boefje/{boefje_id}-{boefje_meta.boefje.version}",
f"boefje/{boefje_id}-{boefje_meta.parameterized_arguments_hash}-{boefje_meta.boefje.version}",
}
)

return mime_types


class BoefjeHandler(Handler):
def __init__(self, job_runner, local_repository: LocalPluginRepository):
Expand Down Expand Up @@ -155,7 +134,7 @@ def handle(self, boefje_meta: BoefjeMeta) -> None:
boefje_meta.runnable_hash = boefje_resource.runnable_hash
boefje_meta.environment = get_environment_settings(boefje_meta, env_keys) if env_keys else {}

mime_types = _collect_default_mime_types(boefje_meta)
mime_types = _default_meta_mime_types(boefje_meta)

logger.info("Starting boefje %s[%s]", boefje_meta.boefje.id, str(boefje_meta.id))

Expand Down
47 changes: 5 additions & 42 deletions boefjes/boefjes/katalogus/local_repository.py
Original file line number Diff line number Diff line change
@@ -1,11 +1,10 @@
import hashlib
import json
import logging
import pkgutil
from pathlib import Path
from typing import Dict, List, Optional, Tuple

from boefjes.katalogus.models import RESERVED_LOCAL_ID, Boefje, Normalizer, PluginType
from boefjes.katalogus.models import PluginType
from boefjes.plugins.models import (
BOEFJE_DEFINITION_FILE,
BOEFJES_DIR,
Expand All @@ -27,8 +26,8 @@ def __init__(self, path: Path):
self._cached_normalizers = None

def get_all(self) -> List[PluginType]:
all_plugins = [self._boefje_to_plugin(boefje) for boefje in self.resolve_boefjes().values()]
normalizers = [self._normalizer_to_plugin(normalizer) for normalizer in self.resolve_normalizers().values()]
all_plugins = [boefje_resource.boefje for boefje_resource in self.resolve_boefjes().values()]
normalizers = [normalizer_resource.normalizer for normalizer_resource in self.resolve_normalizers().values()]

all_plugins += normalizers

Expand All @@ -38,12 +37,12 @@ def by_id(self, plugin_id: str) -> PluginType:
boefjes = self.resolve_boefjes()

if plugin_id in boefjes:
return self._boefje_to_plugin(boefjes[plugin_id])
return boefjes[plugin_id].boefje

normalizers = self.resolve_normalizers()

if plugin_id in normalizers:
return self._normalizer_to_plugin(normalizers[plugin_id])
return normalizers[plugin_id].normalizer

raise Exception(f"Can't find plugin {plugin_id}")

Expand Down Expand Up @@ -151,42 +150,6 @@ def create_relative_import_statement_from_cwd(package_dir: Path) -> str:

return f"{relative_path[1:].replace('/', '.')}." # Turns into "boefjes.plugins."

@staticmethod
def _boefje_to_plugin(boefje: BoefjeResource) -> Boefje:
def_file = boefje.path / "boefje.json"
def_obj = json.loads(def_file.read_text())
def_obj["repository_id"] = RESERVED_LOCAL_ID
def_obj["runnable_hash"] = get_runnable_hash(boefje.path)

return Boefje.parse_obj(def_obj)

@staticmethod
def _normalizer_to_plugin(normalizer: NormalizerResource) -> Normalizer:
def_file = normalizer.path / "normalizer.json"
def_obj = json.loads(def_file.read_text())
def_obj["repository_id"] = RESERVED_LOCAL_ID

normalizer: Normalizer = Normalizer.parse_obj(def_obj)
normalizer.consumes.append(f"normalizer/{normalizer.id}")

return normalizer


def get_local_repository():
return LocalPluginRepository(BOEFJES_DIR)


def get_runnable_hash(path: Path) -> str:
"""Returns sha256(file1 + file2 + ...) of all files in the given path."""

folder_hash = hashlib.sha256()

for file in sorted(path.glob("**/*")):
# Note that the hash does not include *.pyc files
# Thus there may be a desync between the source code and the cached, compiled bytecode
if file.is_file() and file.suffix != ".pyc":
with file.open("rb") as f:
while chunk := f.read(32768):
folder_hash.update(chunk)

return folder_hash.hexdigest()
1 change: 1 addition & 0 deletions boefjes/boefjes/katalogus/models.py
Original file line number Diff line number Diff line change
Expand Up @@ -39,6 +39,7 @@ class Boefje(Plugin):
scan_level: int = 1
consumes: Set[str] = Field(default_factory=set)
produces: List[str] = Field(default_factory=list)
mime_types: Set[str] = Field(default_factory=set)
options: Optional[List[str]]
runnable_hash: Optional[str]
oci_image: Optional[str]
Expand Down
14 changes: 14 additions & 0 deletions boefjes/boefjes/katalogus/tests/test_plugins.py
Original file line number Diff line number Diff line change
Expand Up @@ -107,6 +107,20 @@ def test_get_plugin(self):
res = self.client.get("/v1/organisations/test-org/repositories/test-repo/plugins/test-boefje-1")
self.assertEqual(200, res.status_code)

# Simpler endpoint works as well, but due to the mock the default mime_types are not dynamically added
res = self.client.get("/v1/organisations/test-org/plugins/test-boefje-1")
self.assertEqual(200, res.status_code)
assert "mime_types" in res.json()
assert not res.json()["mime_types"]

# For boefjes that are pulled from the local repository, we actually get the default mime_types
assert set(self.client.get("/v1/organisations/test-org/plugins/kat_test").json()["mime_types"]) == set(
[
"kat_test",
"boefje/kat_test",
]
)

def test_non_existing_plugin(self):
res = self.client.get("/v1/organisations/test-org/repositories/test-repo/plugins/future-plugin")
self.assertEqual(404, res.status_code)
Expand Down
1 change: 0 additions & 1 deletion boefjes/boefjes/plugins/kat_adr_finding_types/boefje.json
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,6 @@
"produces": [
"ADRFindingType"
],
"environment_keys": [],
"scan_level": 0,
"enabled": true
}
7 changes: 1 addition & 6 deletions boefjes/boefjes/plugins/kat_adr_validator/main.py
Original file line number Diff line number Diff line change
Expand Up @@ -28,9 +28,4 @@ def run(boefje_meta: BoefjeMeta) -> List[Tuple[set, Union[bytes, str]]]:

output = run_adr_validator(url)

return [
(
set(),
output,
),
]
return [(set(), output)]
3 changes: 3 additions & 0 deletions boefjes/boefjes/plugins/kat_binaryedge/schema.json
Original file line number Diff line number Diff line change
Expand Up @@ -11,5 +11,8 @@
},
"required": [
"BINARYEDGE_API"
],
"secret": [
"BINARYEDGE_API"
]
}
3 changes: 3 additions & 0 deletions boefjes/boefjes/plugins/kat_censys/schema.json
Original file line number Diff line number Diff line change
Expand Up @@ -18,5 +18,8 @@
"required": [
"CENSYS_API_ID",
"CENSYS_API_SECRET"
],
"secret": [
"CENSYS_API_SECRET"
]
}
1 change: 0 additions & 1 deletion boefjes/boefjes/plugins/kat_crt_sh/boefje.json
Original file line number Diff line number Diff line change
Expand Up @@ -9,6 +9,5 @@
"Hostname",
"X509Certificate"
],
"environment_keys": [],
"scan_level": 1
}
1 change: 0 additions & 1 deletion boefjes/boefjes/plugins/kat_cwe_finding_types/boefje.json
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,6 @@
"produces": [
"CWEFindingType"
],
"environment_keys": [],
"scan_level": 0,
"enabled": true
}
1 change: 0 additions & 1 deletion boefjes/boefjes/plugins/kat_dicom/boefje.json
Original file line number Diff line number Diff line change
Expand Up @@ -13,6 +13,5 @@
"Finding",
"Software"
],
"environment_keys": [],
"scan_level": 2
}
1 change: 0 additions & 1 deletion boefjes/boefjes/plugins/kat_dns/boefje.json
Original file line number Diff line number Diff line change
Expand Up @@ -20,6 +20,5 @@
"IPAddressV4",
"DNSZone"
],
"environment_keys": [],
"scan_level": 1
}
1 change: 0 additions & 1 deletion boefjes/boefjes/plugins/kat_dns_zone/boefje.json
Original file line number Diff line number Diff line change
Expand Up @@ -10,6 +10,5 @@
"DNSZone",
"DNSSOARecord"
],
"environment_keys": [],
"scan_level": 1
}
1 change: 0 additions & 1 deletion boefjes/boefjes/plugins/kat_dnssec/boefje.json
Original file line number Diff line number Diff line change
Expand Up @@ -9,6 +9,5 @@
"KATFindingType",
"Finding"
],
"environment_keys": [],
"scan_level": 1
}
2 changes: 1 addition & 1 deletion boefjes/boefjes/plugins/kat_external_db/main.py
Original file line number Diff line number Diff line change
Expand Up @@ -11,7 +11,7 @@ def run(boefje_meta: BoefjeMeta) -> List[Tuple[set, Union[bytes, str]]]:
"""Fetch external database response."""
api_format = getenv(
"DB_ENDPOINT_FORMAT",
"{DB_URL}/api/v1/participants/assets/{DB_ORGANIZATION_IDENTIFIER}?access_token={DB_ACCESS_TOKEN}",
"{DB_URL}/api/v1/organizations/assets/{DB_ORGANIZATION_IDENTIFIER}?access_token={DB_ACCESS_TOKEN}",
)
request_timeout = 100

Expand Down
3 changes: 3 additions & 0 deletions boefjes/boefjes/plugins/kat_external_db/schema.json
Original file line number Diff line number Diff line change
Expand Up @@ -29,5 +29,8 @@
},
"required": [
"DB_URL"
],
"secret": [
"DB_ACCESS_TOKEN"
]
}
1 change: 0 additions & 1 deletion boefjes/boefjes/plugins/kat_fierce/boefje.json
Original file line number Diff line number Diff line change
Expand Up @@ -12,6 +12,5 @@
"DNSAAAARecord",
"IPAddressV4"
],
"environment_keys": [],
"scan_level": 3
}
1 change: 0 additions & 1 deletion boefjes/boefjes/plugins/kat_green_hosting/boefje.json
Original file line number Diff line number Diff line change
Expand Up @@ -9,6 +9,5 @@
"KATFindingType",
"Finding"
],
"environment_keys": [],
"scan_level": 1
}
1 change: 0 additions & 1 deletion boefjes/boefjes/plugins/kat_kat_finding_types/boefje.json
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,6 @@
"produces": [
"KATFindingType"
],
"environment_keys": [],
"scan_level": 0,
"enabled": true
}
3 changes: 3 additions & 0 deletions boefjes/boefjes/plugins/kat_leakix/schema.json
Original file line number Diff line number Diff line change
Expand Up @@ -11,5 +11,8 @@
},
"required": [
"LEAKIX_API"
],
"secret": [
"LEAKIX_API"
]
}
Loading

0 comments on commit be49080

Please sign in to comment.