From ee3afb6b0e2c8e1f34a8b502830ee2c7ae855d8b Mon Sep 17 00:00:00 2001 From: Maarten de Kruijf Date: Mon, 6 May 2024 15:41:47 +0200 Subject: [PATCH] Added HTTP_SKIP_CERT_VALIDATION and http implementation to http util --- .env.example | 4 +++- docker-compose.yaml | 1 + docker/soarca/docker-compose.yml | 1 + internal/controller/controller.go | 3 +++ utils/http/http.go | 15 +++++++++++++-- 5 files changed, 21 insertions(+), 3 deletions(-) diff --git a/.env.example b/.env.example index 19ac3430..58b5f0d3 100644 --- a/.env.example +++ b/.env.example @@ -16,4 +16,6 @@ LOG_FORMAT: "json" ENABLE_FINS: false MQTT_BROKER: "localhost" -MQTT_PORT: 1883 \ No newline at end of file +MQTT_PORT: 1883 + +HTTP_SKIP_CERT_VALIDATION: false \ No newline at end of file diff --git a/docker-compose.yaml b/docker-compose.yaml index dd6ebcba..df1465c6 100644 --- a/docker-compose.yaml +++ b/docker-compose.yaml @@ -27,6 +27,7 @@ services: DB_PASSWORD: "rootpassword" PLAYBOOK_API_LOG_LEVEL: trace DATABASE: "false" + HTTP_SKIP_CERT_VALIDATION: false ports: - 127.0.0.1:8080:8080 depends_on: diff --git a/docker/soarca/docker-compose.yml b/docker/soarca/docker-compose.yml index e85ff61f..d5e0dc92 100644 --- a/docker/soarca/docker-compose.yml +++ b/docker/soarca/docker-compose.yml @@ -58,6 +58,7 @@ services: ENABLE_FINS: true MQTT_BROKER: "mosquitto" MQTT_PORT: 1883 + HTTP_SKIP_CERT_VALIDATION: false networks: - db-net ports: diff --git a/internal/controller/controller.go b/internal/controller/controller.go index c4563d8b..757ac379 100644 --- a/internal/controller/controller.go +++ b/internal/controller/controller.go @@ -51,7 +51,10 @@ func (controller *Controller) NewDecomposer() decomposer.IDecomposer { ssh := new(ssh.SshCapability) capabilities := map[string]capability.ICapability{ssh.GetType(): ssh} + skip, _ := strconv.ParseBool(utils.GetEnv("HTTP_SKIP_CERT_VALIDATION", "false")) + httpUtil := new(httpUtil.HttpRequest) + httpUtil.SkipCertificateValidation(skip) http := http.New(httpUtil) capabilities[http.GetType()] = http diff --git a/utils/http/http.go b/utils/http/http.go index aead1c08..60caeada 100644 --- a/utils/http/http.go +++ b/utils/http/http.go @@ -2,6 +2,7 @@ package http import ( "bytes" + "crypto/tls" "encoding/base64" "errors" "fmt" @@ -35,7 +36,9 @@ type IHttpRequest interface { Request(httpOptions HttpOptions) ([]byte, error) } -type HttpRequest struct{} +type HttpRequest struct { + skipCertificateValidation bool +} // https://gist.githubusercontent.com/ahmetozer/ffa4cd0b319aff32ea9ed0068c8b81cf/raw/fc8742e6e087451e954bf0da214794a620356a4d/IPv4-IPv6-domain-regex.go const ( @@ -44,6 +47,10 @@ const ( domainRegex = `^(?:[a-z0-9](?:[a-z0-9-]{0,61}[a-z0-9])?\.)+[a-z0-9][a-z0-9-]{0,61}[a-z0-9]$` ) +func (httpRequest *HttpRequest) SkipCertificateValidation(skip bool) { + httpRequest.skipCertificateValidation = skip +} + func (httpRequest *HttpRequest) Request(httpOptions HttpOptions) ([]byte, error) { log = logger.Logger(component, logger.Info, "", logger.Json) request, err := httpOptions.setupRequest() @@ -51,7 +58,11 @@ func (httpRequest *HttpRequest) Request(httpOptions HttpOptions) ([]byte, error) return []byte{}, err } - client := &http.Client{} + transport := &http.Transport{ + TLSClientConfig: &tls.Config{InsecureSkipVerify: httpRequest.skipCertificateValidation}, + } + + client := &http.Client{Transport: transport} log.Trace(request) response, err := client.Do(request) if err != nil {