Support a reporting via Syslog (#604)
* Support a reporting via syslog * Update dependencies
This commit is contained in:
Teppei Fukuda
committed by
Kota Kanbe
Kota Kanbe
parent
0653656526
commit
b08969ad89
97
report/syslog.go
Normal file
97
report/syslog.go
Normal file
@@ -0,0 +1,97 @@
|
||||
/* Vuls - Vulnerability Scanner
|
||||
Copyright (C) 2018 Future Architect, Inc. Japan.
|
||||
|
||||
This program is free software: you can redistribute it and/or modify
|
||||
it under the terms of the GNU General Public License as published by
|
||||
the Free Software Foundation, either version 3 of the License, or
|
||||
(at your option) any later version.
|
||||
|
||||
This program is distributed in the hope that it will be useful,
|
||||
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
GNU General Public License for more details.
|
||||
|
||||
You should have received a copy of the GNU General Public License
|
||||
along with this program. If not, see <http://www.gnu.org/licenses/>.
|
||||
*/
|
||||
|
||||
package report
|
||||
|
||||
import (
|
||||
"fmt"
|
||||
"log/syslog"
|
||||
"strings"
|
||||
|
||||
"github.com/pkg/errors"
|
||||
|
||||
"github.com/future-architect/vuls/config"
|
||||
"github.com/future-architect/vuls/models"
|
||||
)
|
||||
|
||||
// SyslogWriter send report to syslog
|
||||
type SyslogWriter struct{}
|
||||
|
||||
func (w SyslogWriter) Write(rs ...models.ScanResult) (err error) {
|
||||
conf := config.Conf.Syslog
|
||||
facility, _ := conf.GetFacility()
|
||||
severity, _ := conf.GetSeverity()
|
||||
raddr := fmt.Sprintf("%s:%s", conf.Host, conf.Port)
|
||||
|
||||
sysLog, err := syslog.Dial(conf.Protocol, raddr, severity|facility, conf.Tag)
|
||||
if err != nil {
|
||||
return errors.Wrap(err, "Failed to initialize syslog client")
|
||||
}
|
||||
|
||||
for _, r := range rs {
|
||||
messages := w.encodeSyslog(r)
|
||||
for _, m := range messages {
|
||||
if _, err = fmt.Fprintf(sysLog, m); err != nil {
|
||||
return err
|
||||
}
|
||||
}
|
||||
}
|
||||
return nil
|
||||
}
|
||||
|
||||
func (w SyslogWriter) encodeSyslog(result models.ScanResult) (messages []string) {
|
||||
ipv4Addrs := strings.Join(result.IPv4Addrs, ",")
|
||||
ipv6Addrs := strings.Join(result.IPv6Addrs, ",")
|
||||
|
||||
for cveID, vinfo := range result.ScannedCves {
|
||||
var kvPairs []string
|
||||
kvPairs = append(kvPairs, fmt.Sprintf(`server_name="%s"`, result.ServerName))
|
||||
kvPairs = append(kvPairs, fmt.Sprintf(`os_family="%s"`, result.Family))
|
||||
kvPairs = append(kvPairs, fmt.Sprintf(`os_release="%s"`, result.Release))
|
||||
kvPairs = append(kvPairs, fmt.Sprintf(`ipv4_addr="%s"`, ipv4Addrs))
|
||||
kvPairs = append(kvPairs, fmt.Sprintf(`ipv6_addr="%s"`, ipv6Addrs))
|
||||
|
||||
var pkgNames []string
|
||||
for _, pkg := range vinfo.AffectedPackages {
|
||||
pkgNames = append(pkgNames, pkg.Name)
|
||||
}
|
||||
pkgs := strings.Join(pkgNames, ",")
|
||||
kvPairs = append(kvPairs, fmt.Sprintf(`packages="%s"`, pkgs))
|
||||
|
||||
kvPairs = append(kvPairs, fmt.Sprintf(`cve_id="%s"`, cveID))
|
||||
for _, cvss := range vinfo.Cvss2Scores() {
|
||||
if cvss.Type != models.NVD {
|
||||
continue
|
||||
}
|
||||
kvPairs = append(kvPairs, fmt.Sprintf(`severity="%s"`, cvss.Value.Severity))
|
||||
kvPairs = append(kvPairs, fmt.Sprintf(`cvss_score_v2="%.2f"`, cvss.Value.Score))
|
||||
kvPairs = append(kvPairs, fmt.Sprintf(`cvss_vector_v2="%s"`, cvss.Value.Vector))
|
||||
}
|
||||
|
||||
if content, ok := vinfo.CveContents[models.NVD]; ok {
|
||||
kvPairs = append(kvPairs, fmt.Sprintf(`cwe_id="%s"`, content.CweID))
|
||||
if config.Conf.Syslog.Verbose {
|
||||
kvPairs = append(kvPairs, fmt.Sprintf(`source_link="%s"`, content.SourceLink))
|
||||
kvPairs = append(kvPairs, fmt.Sprintf(`summary="%s"`, content.Summary))
|
||||
}
|
||||
}
|
||||
|
||||
// message: key1="value1" key2="value2"...
|
||||
messages = append(messages, strings.Join(kvPairs, " "))
|
||||
}
|
||||
return messages
|
||||
}
|
||||
93
report/syslog_test.go
Normal file
93
report/syslog_test.go
Normal file
@@ -0,0 +1,93 @@
|
||||
package report
|
||||
|
||||
import (
|
||||
"sort"
|
||||
"testing"
|
||||
|
||||
"github.com/future-architect/vuls/models"
|
||||
)
|
||||
|
||||
func TestSyslogWriterEncodeSyslog(t *testing.T) {
|
||||
var tests = []struct {
|
||||
result models.ScanResult
|
||||
expectedMessages []string
|
||||
}{
|
||||
{
|
||||
result: models.ScanResult{
|
||||
ServerName: "teste01",
|
||||
Family: "ubuntu",
|
||||
Release: "16.04",
|
||||
IPv4Addrs: []string{"192.168.0.1", "10.0.2.15"},
|
||||
ScannedCves: models.VulnInfos{
|
||||
"CVE-2017-0001": models.VulnInfo{
|
||||
AffectedPackages: models.PackageStatuses{
|
||||
models.PackageStatus{Name: "pkg1"},
|
||||
models.PackageStatus{Name: "pkg2"},
|
||||
},
|
||||
},
|
||||
"CVE-2017-0002": models.VulnInfo{
|
||||
AffectedPackages: models.PackageStatuses{
|
||||
models.PackageStatus{Name: "pkg3"},
|
||||
models.PackageStatus{Name: "pkg4"},
|
||||
},
|
||||
CveContents: models.CveContents{
|
||||
models.NVD: models.CveContent{
|
||||
Cvss2Score: 5.0,
|
||||
Cvss2Vector: "AV:L/AC:L/Au:N/C:N/I:N/A:C",
|
||||
CweID: "CWE-20",
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
expectedMessages: []string{
|
||||
`server_name="teste01" os_family="ubuntu" os_release="16.04" ipv4_addr="192.168.0.1,10.0.2.15" ipv6_addr="" packages="pkg1,pkg2" cve_id="CVE-2017-0001"`,
|
||||
`server_name="teste01" os_family="ubuntu" os_release="16.04" ipv4_addr="192.168.0.1,10.0.2.15" ipv6_addr="" packages="pkg3,pkg4" cve_id="CVE-2017-0002" severity="MEDIUM" cvss_score_v2="5.00" cvss_vector_v2="AV:L/AC:L/Au:N/C:N/I:N/A:C" cwe_id="CWE-20"`,
|
||||
},
|
||||
},
|
||||
{
|
||||
result: models.ScanResult{
|
||||
ServerName: "teste02",
|
||||
Family: "centos",
|
||||
Release: "6",
|
||||
IPv6Addrs: []string{"2001:0DB8::1"},
|
||||
ScannedCves: models.VulnInfos{
|
||||
"CVE-2017-0003": models.VulnInfo{
|
||||
AffectedPackages: models.PackageStatuses{
|
||||
models.PackageStatus{Name: "pkg5"},
|
||||
},
|
||||
CveContents: models.CveContents{
|
||||
models.RedHat: models.CveContent{
|
||||
Cvss3Score: 5.0,
|
||||
Cvss3Vector: "AV:L/AC:L/Au:N/C:N/I:N/A:C",
|
||||
CweID: "CWE-284",
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
expectedMessages: []string{
|
||||
`server_name="teste02" os_family="centos" os_release="6" ipv4_addr="" ipv6_addr="2001:0DB8::1" packages="pkg5" cve_id="CVE-2017-0003"`,
|
||||
},
|
||||
},
|
||||
}
|
||||
|
||||
for i, tt := range tests {
|
||||
messages := SyslogWriter{}.encodeSyslog(tt.result)
|
||||
if len(messages) != len(tt.expectedMessages) {
|
||||
t.Fatalf("test: %d, Message Length: expected %d, actual: %d",
|
||||
i, len(tt.expectedMessages), len(messages))
|
||||
}
|
||||
|
||||
sort.Slice(messages, func(i, j int) bool {
|
||||
return messages[i] < messages[j]
|
||||
})
|
||||
|
||||
for j, m := range messages {
|
||||
e := tt.expectedMessages[j]
|
||||
if e != m {
|
||||
t.Errorf("test: %d, Messsage %d: expected %s, actual %s", i, j, e, m)
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
Reference in New Issue
Block a user