/
client.go
133 lines (113 loc) · 3.75 KB
/
client.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
// Copyright (c) Facebook, Inc. and its affiliates.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
package api
import (
"bytes"
"context"
"crypto/hmac"
"crypto/sha256"
"encoding/hex"
"encoding/json"
"fmt"
"hash"
"io"
"net/http"
"sync"
"time"
"github.com/pkg/errors"
"github.com/facebookincubator/nvdtools/providers/fireeye/schema"
"github.com/facebookincubator/nvdtools/providers/lib/client"
"github.com/facebookincubator/nvdtools/stats"
)
const (
acceptVersion = "2.6"
)
// Client struct
type Client struct {
client.Client
hash hash.Hash
publicKey string
baseURL string
m sync.Mutex
}
// NewClient creates an object which is used to query the FireEye API
func NewClient(c client.Client, baseURL, publicKey, privateKey string) *Client {
return &Client{
Client: c,
hash: hmac.New(sha256.New, []byte(privateKey)),
publicKey: publicKey,
baseURL: baseURL,
}
}
// Request will fetch the given endpoint and return the response
func (c *Client) Request(ctx context.Context, endpoint string) (io.Reader, error) {
req, err := http.NewRequest("GET", c.baseURL+endpoint, nil)
if err != nil {
return nil, errors.Wrap(err, "cannot create http get request")
}
req = req.WithContext(ctx)
acceptHeader := "application/json"
timestamp := time.Now().Format(time.RFC1123)
auth := c.getHash("%s%s%s%s", endpoint, acceptVersion, acceptHeader, timestamp)
// FireEye required
req.Header.Set("Accept", acceptHeader)
req.Header.Set("Accept-Version", acceptVersion)
req.Header.Set("X-Auth", c.publicKey)
req.Header.Set("X-Auth-Hash", auth)
req.Header.Set("Date", timestamp)
// execute the request
stats.IncrementCounter("request")
resp, err := c.Do(req)
if err != nil {
stats.IncrementCounter("request.error")
return nil, errors.Wrap(err, "cannot get url")
}
defer resp.Body.Close()
stats.IncrementCounter(fmt.Sprintf("request.code.%d", resp.StatusCode))
if resp.StatusCode != http.StatusOK {
return nil, fmt.Errorf("%d - %s", resp.StatusCode, http.StatusText(resp.StatusCode))
}
// response is always {success:boolean, message:something}
// First we decode this from response, and fail fast if success = false
// Otherwise, we return the message only
var fireeyeResult schema.Result
body := io.LimitReader(resp.Body, 2<<30) // 1 GB
if err := json.NewDecoder(body).Decode(&fireeyeResult); err != nil {
stats.IncrementCounter("request.feed.error")
return nil, errors.Wrap(err, "couldn't decode result")
}
var buff bytes.Buffer
if err := json.NewEncoder(&buff).Encode(fireeyeResult.Message); err != nil {
stats.IncrementCounter("request.feed.error")
return nil, errors.Wrap(err, "couldn't encode message back to buffer")
}
if !fireeyeResult.Success {
stats.IncrementCounter("request.feed.error")
var errorMessage schema.ResultErrorMessage
if err := json.Unmarshal(buff.Bytes(), &errorMessage); err != nil {
return nil, errors.Wrap(err, "failed to decode error message")
}
return nil, fmt.Errorf("%s: %s", errorMessage.Error, errorMessage.Description)
}
stats.IncrementCounter("request.success")
return &buff, nil
}
func (c *Client) getHash(format string, a ...interface{}) string {
c.m.Lock()
defer c.m.Unlock()
fmt.Fprintf(c.hash, format, a...)
b := c.hash.Sum(nil)
c.hash.Reset()
return hex.EncodeToString(b)
}