/
client.go
95 lines (81 loc) · 2.17 KB
/
client.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
package scanner
import (
"encoding/json"
"errors"
"fmt"
"github.com/drewbernetes/baski/pkg/trivy"
"github.com/drewbernetes/baski/pkg/util/interfaces"
"log"
"os"
"time"
)
type BaseScanner struct {
ResultsFile string
MetaTag string
Vulns []trivy.ScanFailedReport
}
// fetchResultsFromServer pulls the results.json from the remote scanning server.
func fetchResultsFromServer(client interfaces.SSHInterface, imgID string) error {
log.Println("Successfully connected to ssh server")
log.Println("checking for scan completion")
retries := 20
for !hasScanCompleted(client) {
if retries <= 0 {
return errors.New("couldn't fetch the results - timed out waiting for condition")
}
log.Printf("scan still running... %d retries left\n", retries)
time.Sleep(10 * time.Second)
retries -= 1
}
log.Println("scan completed, fetching results")
_, err := client.CopyFromRemoteServer("/tmp/results.json", fmt.Sprintf("/tmp/%s.json", imgID))
if err != nil {
log.Println(err.Error())
return err
}
return nil
}
func hasScanCompleted(client interfaces.SSHInterface) bool {
status, err := client.CopyFromRemoteServer("/tmp/finished", "/tmp/finished")
if err != nil {
return false
}
fi, err := os.Stat(status.Name())
if err != nil {
log.Println(err.Error())
return false
}
if fi.Size() == 0 {
return false
}
return true
}
// parsingVulnerabilities will read the results file and parse it into a more user-friendly format.
func parsingVulnerabilities(resultsFile string) ([]trivy.ScanFailedReport, error) {
log.Println("checking results")
rf, err := os.ReadFile(resultsFile)
if err != nil {
return nil, err
}
report := &trivy.Report{}
err = json.Unmarshal(rf, report)
if err != nil {
return nil, err
}
var vf []trivy.ScanFailedReport
for _, r := range report.Results {
for _, v := range r.Vulnerabilities {
vuln := trivy.ScanFailedReport{
VulnerabilityID: v.VulnerabilityID,
Description: v.Description,
PkgName: v.PkgName,
InstalledVersion: v.InstalledVersion,
FixedVersion: v.FixedVersion,
Severity: v.Severity,
Cvss: v.Cvss,
}
vf = append(vf, vuln)
}
}
return vf, nil
}