Rewrite stdout json to go (#129)

* make stdout_json consumer in go * cleanup * fix docker deps
thought-machine · Apr 28, 2022 · 6e3447f · 6e3447f
1 parent 19e322c
commit 6e3447f
Show file tree

Hide file tree

Showing 5 changed files with 168 additions and 259 deletions.
diff --git a/consumers/stdout_json/BUILD b/consumers/stdout_json/BUILD
@@ -1,33 +1,22 @@
 subinclude("//third_party/defs:docker")
 
-python_binary(
+go_binary(
     name = "stdout_json",
-    main = "stdout_json.py",
-    deps = [
-        "//api/proto:v1",
-        "//consumers:consumers_base_python",
-        "//third_party/python:protobuf",
-    ],
-)
-
-python_test(
-    name = "stdout_json_test",
     srcs = [
-        "stdout_json_test.py",
+        "main.go",
     ],
     deps = [
-        ":stdout_json",
         "//api/proto:v1",
-        "//consumers:consumers_base_python",
-        "//third_party/python:protobuf",
+        "//consumers",
+        "//third_party/go:protobuf",
     ],
 )
 
 docker_image(
-    name = "dracon-consumer-stdout",
+    name = "image",
     srcs = [
         ":stdout_json",
     ],
-    base_image = "//build/docker:dracon-base-python",
+    base_image = "//build/docker:dracon-base-go",
     image = "dracon-consumer-stdout-json",
 )
diff --git a/consumers/stdout_json/Dockerfile b/consumers/stdout_json/Dockerfile
@@ -1,5 +1,5 @@
-FROM //build/docker:dracon-base-python
+FROM //build/docker:dracon-base-go
 
-COPY /stdout_json.pex /consume.pex
+COPY stdout_json /consume
 
-ENTRYPOINT ["/consume.pex"]
+ENTRYPOINT ["/consume"]
diff --git a/consumers/stdout_json/main.go b/consumers/stdout_json/main.go
@@ -0,0 +1,159 @@
+package main
+
+import (
+	"encoding/json"
+	"fmt"
+	"log"
+	"time"
+
+	"github.com/golang/protobuf/ptypes"
+	v1 "github.com/thought-machine/dracon/api/proto/v1"
+	"github.com/thought-machine/dracon/consumers"
+)
+
+func parseFlags() error {
+	if err := consumers.ParseFlags(); err != nil {
+		return err
+	}
+	return nil
+}
+
+func main() {
+	if err := consumers.ParseFlags(); err != nil {
+		log.Fatal(err)
+	}
+	if consumers.Raw {
+		responses, err := consumers.LoadToolResponse()
+		if err != nil {
+			log.Fatal("could not load raw results, file malformed: ", err)
+		}
+		for _, res := range responses {
+			scanStartTime, _ := ptypes.Timestamp(res.GetScanInfo().GetScanStartTime())
+			for _, iss := range res.GetIssues() {
+				b, err := getRawIssue(scanStartTime, res, iss)
+				if err != nil {
+					log.Fatal("Could not parse raw issue", err)
+				}
+				fmt.Printf("%s", string(b))
+			}
+		}
+	} else {
+		responses, err := consumers.LoadEnrichedToolResponse()
+		if err != nil {
+			log.Fatal("could not load enriched results, file malformed: ", err)
+		}
+		for _, res := range responses {
+			scanStartTime, _ := ptypes.Timestamp(res.GetOriginalResults().GetScanInfo().GetScanStartTime())
+			for _, iss := range res.GetIssues() {
+				b, err := getEnrichedIssue(scanStartTime, res, iss)
+				if err != nil {
+					log.Fatal("Could not parse enriched issue", err)
+				}
+				fmt.Printf("%s", string(b))
+			}
+		}
+	}
+}
+
+func getRawIssue(scanStartTime time.Time, res *v1.LaunchToolResponse, iss *v1.Issue) ([]byte, error) {
+	jBytes, err := json.Marshal(&draconDocument{
+		ScanStartTime: scanStartTime,
+		ScanID:        res.GetScanInfo().GetScanUuid(),
+		ToolName:      res.GetToolName(),
+		Source:        iss.GetSource(),
+		Title:         iss.GetTitle(),
+		Target:        iss.GetTarget(),
+		Type:          iss.GetType(),
+		Severity:      iss.GetSeverity(),
+		CVSS:          iss.GetCvss(),
+		Confidence:    iss.GetConfidence(),
+		Description:   iss.GetDescription(),
+		FirstFound:    scanStartTime,
+		Count:         1,
+		FalsePositive: false,
+		CVE:           iss.GetCve(),
+	})
+	if err != nil {
+		return []byte{}, err
+	}
+	return jBytes, nil
+}
+func severtiyToText(severity v1.Severity) string {
+	switch severity {
+	case v1.Severity_SEVERITY_INFO:
+		return "Info"
+	case v1.Severity_SEVERITY_LOW:
+		return "Low"
+	case v1.Severity_SEVERITY_MEDIUM:
+		return "Medium"
+	case v1.Severity_SEVERITY_HIGH:
+		return "High"
+	case v1.Severity_SEVERITY_CRITICAL:
+		return "Critical"
+	default:
+		return "N/A"
+	}
+}
+func confidenceToText(confidence v1.Confidence) string {
+	switch confidence {
+	case v1.Confidence_CONFIDENCE_INFO:
+		return "Info"
+	case v1.Confidence_CONFIDENCE_LOW:
+		return "Low"
+	case v1.Confidence_CONFIDENCE_MEDIUM:
+		return "Medium"
+	case v1.Confidence_CONFIDENCE_HIGH:
+		return "High"
+	case v1.Confidence_CONFIDENCE_CRITICAL:
+		return "Critical"
+	default:
+		return "N/A"
+	}
+
+}
+func getEnrichedIssue(scanStartTime time.Time, res *v1.EnrichedLaunchToolResponse, iss *v1.EnrichedIssue) ([]byte, error) {
+	firstSeenTime, _ := ptypes.Timestamp(iss.GetFirstSeen())
+	jBytes, err := json.Marshal(&draconDocument{
+		ScanStartTime:  scanStartTime,
+		ScanID:         res.GetOriginalResults().GetScanInfo().GetScanUuid(),
+		ToolName:       res.GetOriginalResults().GetToolName(),
+		Source:         iss.GetRawIssue().GetSource(),
+		Title:          iss.GetRawIssue().GetTitle(),
+		Target:         iss.GetRawIssue().GetTarget(),
+		Type:           iss.GetRawIssue().GetType(),
+		Severity:       iss.GetRawIssue().GetSeverity(),
+		CVSS:           iss.GetRawIssue().GetCvss(),
+		Confidence:     iss.GetRawIssue().GetConfidence(),
+		Description:    iss.GetRawIssue().GetDescription(),
+		FirstFound:     firstSeenTime,
+		Count:          iss.GetCount(),
+		FalsePositive:  iss.GetFalsePositive(),
+		SeverityText:   severtiyToText(iss.GetRawIssue().GetSeverity()),
+		ConfidenceText: confidenceToText(iss.GetRawIssue().GetConfidence()),
+		CVE:            iss.GetRawIssue().GetCve(),
+	})
+	if err != nil {
+		return []byte{}, err
+	}
+	return jBytes, nil
+}
+
+type draconDocument struct {
+	ScanStartTime  time.Time     `json:"scan_start_time"`
+	ScanID         string        `json:"scan_id"`
+	ToolName       string        `json:"tool_name"`
+	Source         string        `json:"source"`
+	Target         string        `json:"target"`
+	Type           string        `json:"type"`
+	Title          string        `json:"title"`
+	Severity       v1.Severity   `json:"severity"`
+	SeverityText   string        `json:"severity_text"`
+	CVSS           float64       `json:"cvss"`
+	Confidence     v1.Confidence `json:"confidence"`
+	ConfidenceText string        `json:"confidence_text"`
+	Description    string        `json:"description"`
+	FirstFound     time.Time     `json:"first_found"`
+	Count          uint64        `json:"count"`
+	FalsePositive  bool          `json:"false_positive"`
+	CVE            string        `json:"cve"`
+}
diff --git a/consumers/stdout_json/stdout_json.py b/consumers/stdout_json/stdout_json.py