2023-10-17 14:17:37 +00:00
|
|
|
package cwhub
|
|
|
|
|
|
|
|
|
|
import (
|
2023-10-20 12:32:35 +00:00
|
|
|
"bytes"
|
2023-10-17 14:17:37 +00:00
|
|
|
"encoding/json"
|
2023-10-20 12:32:35 +00:00
|
|
|
"errors"
|
2023-10-17 14:17:37 +00:00
|
|
|
"fmt"
|
2023-10-20 12:32:35 +00:00
|
|
|
"io"
|
|
|
|
|
"net/http"
|
|
|
|
|
"os"
|
2023-10-17 14:17:37 +00:00
|
|
|
"strings"
|
|
|
|
|
|
|
|
|
|
log "github.com/sirupsen/logrus"
|
|
|
|
|
|
2023-10-19 10:04:29 +00:00
|
|
|
"github.com/crowdsecurity/crowdsec/pkg/csconfig"
|
|
|
|
|
)
|
2023-10-17 14:17:37 +00:00
|
|
|
|
2023-10-27 08:25:29 +00:00
|
|
|
// const HubIndexFile = ".index.json"
|
2023-10-17 14:17:37 +00:00
|
|
|
|
2023-10-30 16:23:50 +00:00
|
|
|
// RemoteHubCfg contains where to find the remote hub, which branch etc.
|
|
|
|
|
type RemoteHubCfg struct {
|
|
|
|
|
Branch string
|
|
|
|
|
URLTemplate string
|
|
|
|
|
IndexPath string
|
|
|
|
|
}
|
|
|
|
|
|
2023-10-19 10:04:29 +00:00
|
|
|
type Hub struct {
|
|
|
|
|
Items HubItems
|
2023-10-30 16:23:50 +00:00
|
|
|
local *csconfig.LocalHubCfg
|
|
|
|
|
remote *RemoteHubCfg
|
2023-10-17 14:17:37 +00:00
|
|
|
skippedLocal int
|
|
|
|
|
skippedTainted int
|
|
|
|
|
}
|
|
|
|
|
|
2023-10-20 12:32:35 +00:00
|
|
|
var (
|
|
|
|
|
theHub *Hub
|
|
|
|
|
ErrIndexNotFound = fmt.Errorf("index not found")
|
|
|
|
|
)
|
2023-10-19 10:04:29 +00:00
|
|
|
|
|
|
|
|
// GetHub returns the hub singleton
|
|
|
|
|
// it returns an error if it's not initialized to avoid nil dereference
|
2023-10-30 16:23:50 +00:00
|
|
|
// XXX: convenience function that we should get rid of at some point
|
2023-10-19 10:04:29 +00:00
|
|
|
func GetHub() (*Hub, error) {
|
|
|
|
|
if theHub == nil {
|
|
|
|
|
return nil, fmt.Errorf("hub not initialized")
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return theHub, nil
|
|
|
|
|
}
|
|
|
|
|
|
2023-10-20 12:32:35 +00:00
|
|
|
// InitHub initializes the Hub, syncs the local state and returns the singleton for immediate use
|
2023-10-30 16:23:50 +00:00
|
|
|
func InitHub(local *csconfig.LocalHubCfg, remote *RemoteHubCfg) (*Hub, error) {
|
|
|
|
|
if local == nil {
|
|
|
|
|
return nil, fmt.Errorf("no hub configuration found")
|
2023-10-17 14:17:37 +00:00
|
|
|
}
|
|
|
|
|
|
2023-10-30 16:23:50 +00:00
|
|
|
log.Debugf("loading hub idx %s", local.HubIndexFile)
|
2023-10-20 12:32:35 +00:00
|
|
|
|
2023-10-30 16:23:50 +00:00
|
|
|
bidx, err := os.ReadFile(local.HubIndexFile)
|
2023-10-20 12:32:35 +00:00
|
|
|
if err != nil {
|
|
|
|
|
return nil, fmt.Errorf("unable to read index file: %w", err)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
ret, err := ParseIndex(bidx)
|
|
|
|
|
if err != nil {
|
|
|
|
|
if !errors.Is(err, ErrMissingReference) {
|
|
|
|
|
return nil, fmt.Errorf("unable to load existing index: %w", err)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// XXX: why the error check if we bail out anyway?
|
|
|
|
|
return nil, err
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
theHub = &Hub{
|
2023-10-30 16:23:50 +00:00
|
|
|
Items: ret,
|
|
|
|
|
local: local,
|
|
|
|
|
remote: remote,
|
2023-10-17 14:17:37 +00:00
|
|
|
}
|
2023-10-20 12:32:35 +00:00
|
|
|
|
|
|
|
|
_, err = theHub.LocalSync()
|
|
|
|
|
if err != nil {
|
|
|
|
|
return nil, fmt.Errorf("failed to sync Hub index with local deployment : %w", err)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return theHub, nil
|
2023-10-17 14:17:37 +00:00
|
|
|
}
|
|
|
|
|
|
2023-10-20 12:32:35 +00:00
|
|
|
// InitHubUpdate is like InitHub but downloads and updates the index instead of reading from the disk
|
|
|
|
|
// It is used to inizialize the hub when there is no index file yet
|
2023-10-30 16:23:50 +00:00
|
|
|
func InitHubUpdate(local *csconfig.LocalHubCfg, remote *RemoteHubCfg) (*Hub, error) {
|
|
|
|
|
if local == nil {
|
2023-10-20 12:32:35 +00:00
|
|
|
return nil, fmt.Errorf("no configuration found for hub")
|
|
|
|
|
}
|
|
|
|
|
|
2023-10-30 16:23:50 +00:00
|
|
|
bidx, err := remote.DownloadIndex(local.HubIndexFile)
|
2023-10-19 10:04:29 +00:00
|
|
|
if err != nil {
|
2023-10-20 12:32:35 +00:00
|
|
|
return nil, fmt.Errorf("failed to download index: %w", err)
|
2023-10-19 10:04:29 +00:00
|
|
|
}
|
2023-10-20 12:32:35 +00:00
|
|
|
|
|
|
|
|
ret, err := ParseIndex(bidx)
|
|
|
|
|
if err != nil {
|
|
|
|
|
if !errors.Is(err, ErrMissingReference) {
|
|
|
|
|
return nil, fmt.Errorf("failed to read index: %w", err)
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
theHub = &Hub{
|
2023-10-30 16:23:50 +00:00
|
|
|
Items: ret,
|
|
|
|
|
local: local,
|
|
|
|
|
remote: remote,
|
2023-10-20 12:32:35 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if _, err := theHub.LocalSync(); err != nil {
|
|
|
|
|
return nil, fmt.Errorf("failed to sync: %w", err)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return theHub, nil
|
2023-10-17 14:17:37 +00:00
|
|
|
}
|
|
|
|
|
|
2023-10-30 16:23:50 +00:00
|
|
|
func (r RemoteHubCfg) urlTo(remotePath string) (string, error) {
|
|
|
|
|
if fmt.Sprintf(r.URLTemplate, "%s", "%s") != r.URLTemplate {
|
|
|
|
|
return "", fmt.Errorf("invalid URL template '%s'", r.URLTemplate)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return fmt.Sprintf(r.URLTemplate, r.Branch, remotePath), nil
|
|
|
|
|
}
|
|
|
|
|
|
2023-10-20 12:32:35 +00:00
|
|
|
// DownloadIndex downloads the latest version of the index and returns the content
|
2023-10-30 16:23:50 +00:00
|
|
|
func (r RemoteHubCfg) DownloadIndex(localPath string) ([]byte, error) {
|
|
|
|
|
url, err := r.urlTo(r.IndexPath)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return nil, fmt.Errorf("failed to build hub index request: %w", err)
|
|
|
|
|
}
|
2023-10-20 12:32:35 +00:00
|
|
|
|
2023-10-27 08:25:29 +00:00
|
|
|
req, err := http.NewRequest(http.MethodGet, url, nil)
|
2023-10-20 12:32:35 +00:00
|
|
|
if err != nil {
|
|
|
|
|
return nil, fmt.Errorf("failed to build request for hub index: %w", err)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
resp, err := http.DefaultClient.Do(req)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return nil, fmt.Errorf("failed http request for hub index: %w", err)
|
|
|
|
|
}
|
|
|
|
|
defer resp.Body.Close()
|
|
|
|
|
|
|
|
|
|
if resp.StatusCode != http.StatusOK {
|
|
|
|
|
if resp.StatusCode == http.StatusNotFound {
|
|
|
|
|
return nil, ErrIndexNotFound
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return nil, fmt.Errorf("bad http code %d while requesting %s", resp.StatusCode, req.URL.String())
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
body, err := io.ReadAll(resp.Body)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return nil, fmt.Errorf("failed to read request answer for hub index: %w", err)
|
|
|
|
|
}
|
|
|
|
|
|
2023-10-27 08:25:29 +00:00
|
|
|
oldContent, err := os.ReadFile(localPath)
|
2023-10-20 12:32:35 +00:00
|
|
|
if err != nil {
|
|
|
|
|
if !os.IsNotExist(err) {
|
|
|
|
|
log.Warningf("failed to read hub index: %s", err)
|
|
|
|
|
}
|
|
|
|
|
} else if bytes.Equal(body, oldContent) {
|
|
|
|
|
log.Info("hub index is up to date")
|
2023-10-27 08:25:29 +00:00
|
|
|
return body, nil
|
2023-10-20 12:32:35 +00:00
|
|
|
}
|
|
|
|
|
|
2023-10-27 08:25:29 +00:00
|
|
|
file, err := os.OpenFile(localPath, os.O_CREATE|os.O_WRONLY|os.O_TRUNC, 0o644)
|
2023-10-20 12:32:35 +00:00
|
|
|
|
|
|
|
|
if err != nil {
|
|
|
|
|
return nil, fmt.Errorf("while opening hub index file: %w", err)
|
|
|
|
|
}
|
|
|
|
|
defer file.Close()
|
|
|
|
|
|
|
|
|
|
wsize, err := file.Write(body)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return nil, fmt.Errorf("while writing hub index file: %w", err)
|
|
|
|
|
}
|
|
|
|
|
|
2023-10-27 08:25:29 +00:00
|
|
|
log.Infof("Wrote index to %s, %d bytes", localPath, wsize)
|
2023-10-20 12:32:35 +00:00
|
|
|
|
|
|
|
|
return body, nil
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// ParseIndex takes the content of an index file and returns the map of associated parsers/scenarios/collections
|
2023-10-17 14:17:37 +00:00
|
|
|
func ParseIndex(buff []byte) (HubItems, error) {
|
|
|
|
|
var (
|
|
|
|
|
RawIndex HubItems
|
|
|
|
|
missingItems []string
|
|
|
|
|
)
|
|
|
|
|
|
|
|
|
|
if err := json.Unmarshal(buff, &RawIndex); err != nil {
|
|
|
|
|
return nil, fmt.Errorf("failed to unmarshal index: %w", err)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
log.Debugf("%d item types in hub index", len(ItemTypes))
|
|
|
|
|
|
|
|
|
|
// Iterate over the different types to complete the struct
|
|
|
|
|
for _, itemType := range ItemTypes {
|
|
|
|
|
log.Tracef("%s: %d items", itemType, len(RawIndex[itemType]))
|
|
|
|
|
|
|
|
|
|
for name, item := range RawIndex[itemType] {
|
|
|
|
|
item.Name = name
|
|
|
|
|
item.Type = itemType
|
|
|
|
|
x := strings.Split(item.RemotePath, "/")
|
|
|
|
|
item.FileName = x[len(x)-1]
|
|
|
|
|
RawIndex[itemType][name] = item
|
|
|
|
|
|
|
|
|
|
if itemType != COLLECTIONS {
|
|
|
|
|
continue
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// if it's a collection, check its sub-items are present
|
|
|
|
|
// XXX should be done later
|
2023-10-20 12:32:35 +00:00
|
|
|
for _, sub := range item.SubItems() {
|
|
|
|
|
if _, ok := RawIndex[sub.Type][sub.Name]; !ok {
|
|
|
|
|
log.Errorf("Referred %s %s in collection %s doesn't exist.", sub.Type, sub.Name, item.Name)
|
|
|
|
|
missingItems = append(missingItems, sub.Name)
|
2023-10-17 14:17:37 +00:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if len(missingItems) > 0 {
|
|
|
|
|
return RawIndex, fmt.Errorf("%q: %w", missingItems, ErrMissingReference)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return RawIndex, nil
|
|
|
|
|
}
|
2023-10-20 12:32:35 +00:00
|
|
|
|
|
|
|
|
// ItemStats returns total counts of the hub items
|
2023-10-27 08:25:29 +00:00
|
|
|
func (h *Hub) ItemStats() []string {
|
2023-10-20 12:32:35 +00:00
|
|
|
loaded := ""
|
2023-10-30 16:23:50 +00:00
|
|
|
|
2023-10-20 12:32:35 +00:00
|
|
|
for _, itemType := range ItemTypes {
|
|
|
|
|
// ensure the order is always the same
|
|
|
|
|
if h.Items[itemType] == nil {
|
|
|
|
|
continue
|
|
|
|
|
}
|
2023-10-30 16:23:50 +00:00
|
|
|
|
2023-10-20 12:32:35 +00:00
|
|
|
if len(h.Items[itemType]) == 0 {
|
|
|
|
|
continue
|
|
|
|
|
}
|
2023-10-30 16:23:50 +00:00
|
|
|
|
2023-10-20 12:32:35 +00:00
|
|
|
loaded += fmt.Sprintf("%d %s, ", len(h.Items[itemType]), itemType)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
loaded = strings.Trim(loaded, ", ")
|
|
|
|
|
if loaded == "" {
|
|
|
|
|
// empty hub
|
|
|
|
|
loaded = "0 items"
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
ret := []string{
|
|
|
|
|
fmt.Sprintf("Loaded: %s", loaded),
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if h.skippedLocal > 0 || h.skippedTainted > 0 {
|
|
|
|
|
ret = append(ret, fmt.Sprintf("Unmanaged items: %d local, %d tainted", h.skippedLocal, h.skippedTainted))
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return ret
|
|
|
|
|
}
|
