Add generic-webhook ScanCompletionHook

Author: J12934

hook-sdk/nodejs/hook-wrapper.js

@@ -1,5 +1,5 @@
 const axios = require("axios");
-const { persist } = require("./persistence/persist");
+const { handle } = require("./hook/hook");
 const k8s = require("@kubernetes/client-node");
 
 function downloadFile(url) {
@@ -79,7 +79,7 @@ function uploadFindings() {
 async function main() {
   const scanName = process.env["SCAN_NAME"];
   const namespace = process.env["NAMESPACE"];
-  console.log(`Starting PersistenceProvider for Scan "${scanName}"`);
+  console.log(`Starting hook for Scan "${scanName}"`);
 
   const kc = new k8s.KubeConfig();
   kc.loadFromCluster();
@@ -103,22 +103,20 @@ async function main() {
   }
 
   try {
-    await persist({
-      getRawResult,
+    await handle({
+      getRawResults,
       getFindings,
       uploadRawResults,
       uploadFindings,
       scan,
     });
   } catch (error) {
-    console.error(
-      "Error was thrown while running PersistenceProviders persist function"
-    );
+    console.error("Error was thrown while running hooks handle function");
     console.error(error);
     process.exit(1);
   }
 
-  console.log(`Completed PersistenceProvider`);
+  console.log(`Hook completed`);
 }
 
 main();

hooks/generic-webhook/.dockerignore

@@ -0,0 +1 @@
+node_modules/

hooks/generic-webhook/.gitignore

@@ -0,0 +1 @@
+node_modules

hooks/generic-webhook/.helmignore

@@ -0,0 +1,30 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/
+# Node.js files
+node_modules/*
+package.json
+package-lock.json
+src/*
+config/*
+Dockerfile
+.dockerignore

hooks/generic-webhook/Chart.lock

@@ -0,0 +1,3 @@
+dependencies: []
+digest: sha256:643d5437104296e21d906ecb15b2c96ad278f20cfc4af53b12bb6069bd853726
+generated: "2020-05-26T16:56:03.119255+02:00"

hooks/generic-webhook/Chart.yaml

@@ -0,0 +1,11 @@
+apiVersion: v2
+name: generic-webhook
+description: Lets you send http webhooks after scans are completed
+
+type: application
+
+version: 0.1.0
+
+appVersion: latest
+
+dependencies: []

hooks/generic-webhook/Dockerfile

@@ -0,0 +1,10 @@
+FROM node:12-alpine as build
+RUN mkdir -p /home/app
+WORKDIR /home/app
+COPY package.json package-lock.json ./
+RUN npm ci --production
+
+FROM scbexperimental/hook-sdk-nodejs:latest
+WORKDIR /home/app/hook-wrapper/hook/
+COPY --from=build --chown=app:app /home/app/node_modules/ ./node_modules/
+COPY --chown=app:app ./hook.js ./hook.js

hooks/generic-webhook/__mocks__/axios.js

@@ -0,0 +1 @@
+module.exports.post = jest.fn();

hooks/generic-webhook/hook.js

@@ -0,0 +1,15 @@
+const axios = require("axios");
+
+async function handle({
+  getFindings,
+  scan,
+  webhookUrl = process.env["WEBHOOK_URL"],
+}) {
+  const findings = await getFindings();
+
+  console.log(`Sending ${findings.length} findings to ${webhookUrl}`);
+
+  await axios.post(webhookUrl, { scan, findings });
+}
+module.exports.handle = handle;
+module.exports.axios = axios;

hooks/generic-webhook/hook.test.js

@@ -0,0 +1,34 @@
+const { handle, axios } = require("./hook");
+
+beforeEach(() => {
+  axios.post.mockClear();
+});
+
+test("should send a post request to the url when fired", async () => {
+  const findings = [];
+
+  const getFindings = async () => findings;
+
+  const scan = {
+    metadata: {
+      uid: "09988cdf-1fc7-4f85-95ee-1b1d65dbc7cc",
+      name: "demo-scan",
+      labels: {
+        company: "iteratec",
+      },
+    },
+    spec: {
+      scanType: "Nmap",
+      parameters: ["-Pn", "localhost"],
+    },
+  };
+
+  const webhookUrl = "http://example.com/foo/bar";
+
+  await handle({ getFindings, scan, webhookUrl });
+
+  expect(axios.post).toBeCalledWith(webhookUrl, {
+    scan,
+    findings: [],
+  });
+});