-
Notifications
You must be signed in to change notification settings - Fork 7
/
falcon_supported_kernels.rs
119 lines (104 loc) · 3.31 KB
/
falcon_supported_kernels.rs
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
use clap::Parser;
use rusty_falcon::apis::sensor_update_policies_api;
use rusty_falcon::easy::client::FalconHandle;
use std::collections::HashSet;
use std::io;
use std::io::Write;
#[derive(Parser, Debug)]
#[command(author, version, about, long_about = None)]
struct Args {
#[arg(short, long)]
distro: Option<String>,
#[arg(short, long)]
arch: Option<String>,
}
#[tokio::main]
async fn main() {
let args = Args::parse();
let falcon = FalconHandle::from_env()
.await
.expect("Could not authenticate with CrowdStrike API");
let offset = 0;
let limit = 100;
let kernels = sensor_update_policies_api::query_combined_sensor_update_kernels(
&falcon.cfg,
None,
Some(offset),
Some(limit),
)
.await
.expect("Could not fetch sensor update policy.");
let mut arch_set = HashSet::new();
let mut distro_set = HashSet::new();
for kernel in kernels.resources.unwrap() {
arch_set.insert(kernel.architecture);
distro_set.insert(kernel.distro);
}
let mut valid_archs = Vec::from_iter(arch_set);
let mut valid_distros = Vec::from_iter(distro_set);
valid_archs.sort_by_key(|name| name.to_lowercase());
valid_distros.sort_by_key(|name| name.to_lowercase());
let mut distro = String::new();
if args.distro.is_none() {
println!(
"Missing --distro command-line option. Available distributions are: {valid_distros:?}"
);
print!("Selected distro: ");
io::stdout().flush().unwrap();
let mut input = String::new();
let _ = io::stdin().read_line(&mut input);
distro.push_str(input.trim());
}
let mut arch = String::new();
if args.arch.is_none() {
println!(
"Missing --arch command-line option. Available architectures are: {valid_archs:?}"
);
print!("Selected architecture: ");
io::stdout().flush().unwrap();
let mut input = String::new();
let _ = io::stdin().read_line(&mut input);
arch.push_str(input.trim());
}
let mut filter = String::new();
if args.distro.is_some() && args.arch.is_some() {
filter.push_str(
format!(
"distro:'{}'+architecture:'{}'",
args.distro.as_deref().unwrap_or_default(),
args.arch.as_deref().unwrap_or_default()
)
.as_str(),
);
} else {
filter.push_str(format!("distro:'{distro}'+architecture:'{arch}'").as_str());
}
let offset = 0;
let limit = 100;
let response = sensor_update_policies_api::query_combined_sensor_update_kernels(
&falcon.cfg,
Some(filter.as_str()),
Some(offset),
Some(limit),
)
.await
.expect("Could not fetch sensor update policy.");
if !response.errors.is_empty() {
eprintln!(
"Errors occurred while getting Falcon CCID: {:?}",
response.errors
);
}
if response.resources.is_none() {
eprintln!("No CCID returned");
return;
}
let releases = response
.resources
.expect("Could not find the releases.")
.into_iter()
.map(|obj| obj.release)
.collect::<Vec<String>>();
let json = serde_json::to_string_pretty(&releases).unwrap();
println!("{json}");
}