Skip to content

Add presigned head url to scan object #690

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
J12934 merged 3 commits into from
Oct 6, 2021
Merged

Add presigned head url to scan object #690

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
bf9de1c
Add presigned head url to scan object
Sep 30, 2021
316cd10
Update operator/apis/execution/v1/scan_types.go
EndPositive Oct 5, 2021
9420983
Regenerate CRD's
Oct 5, 2021
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
5 changes: 5 additions & 0 deletions operator/apis/execution/v1/scan_types.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -81,6 +81,11 @@ type ScanStatus struct {
// RawResultDownloadLink link to download the raw result file from. Valid for 7 days
RawResultDownloadLink string `json:"rawResultDownloadLink,omitempty"`

// FindingHeadLink link to send HEAD request to the finding json file. Valid for 7 days
FindingHeadLink string `json:"findingHeadLink,omitempty"`
// RawResultHeadLink link to send HEAD request to raw result file. Valid for 7 days
RawResultHeadLink string `json:"rawResultHeadLink,omitempty"`

Findings FindingStats `json:"findings,omitempty"`

ReadAndWriteHookStatus []HookStatus `json:"readAndWriteHookStatus,omitempty"`
Expand Down
8 changes: 8 additions & 0 deletions operator/config/crd/bases/execution.securecodebox.io_scans.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1717,6 +1717,10 @@ spec:
description: FindingDownloadLink link to download the finding json
file from. Valid for 7 days
type: string
findingHeadLink:
description: FindingHeadLink link to send HEAD request to the finding
json file. Valid for 7 days
type: string
findings:
description: FindingStats contains the general stats about the results
of the scan
Expand Down Expand Up @@ -1764,6 +1768,10 @@ spec:
description: RawResultFile Filename of the result file of the scanner.
e.g. `nmap-result.xml`
type: string
rawResultHeadLink:
description: RawResultHeadLink link to send HEAD request to raw result
file. Valid for 7 days
type: string
rawResultType:
description: RawResultType determines which kind of ParseDefinition
will be used to turn the raw results of the scanner into findings
Expand Down
12 changes: 12 additions & 0 deletions operator/controllers/execution/scans/scan_controller.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -162,6 +162,18 @@ func (r *ScanReconciler) PresignedPutURL(scanID types.UID, filename string, dura
return rawResultDownloadURL.String(), nil
}

// PresignedHeadURL returns a presigned URL from the s3 (or compatible) serice.
func (r *ScanReconciler) PresignedHeadURL(scanID types.UID, filename string, duration time.Duration) (string, error) {
bucketName := os.Getenv("S3_BUCKET")

rawResultHeadURL, err := r.MinioClient.PresignedHeadObject(context.Background(), bucketName, fmt.Sprintf("scan-%s/%s", string(scanID), filename), duration, nil)
if err != nil {
r.Log.Error(err, "Could not get presigned url from s3 or compatible storage provider")
return "", err
}
return rawResultHeadURL.String(), nil
}

func (r *ScanReconciler) initS3Connection() *minio.Client {
endpoint := os.Getenv("S3_ENDPOINT")
if os.Getenv("S3_PORT") != "" {
Expand Down
14 changes: 14 additions & 0 deletions operator/controllers/execution/scans/scan_reconciler.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -107,6 +107,20 @@ func (r *ScanReconciler) startScan(scan *executionv1.Scan) error {
}
scan.Status.RawResultDownloadLink = rawResultDownloadURL

findingsHeadURL, err := r.PresignedHeadURL(scan.UID, "findings.json", 7*24*time.Hour)
if err != nil {
r.Log.Error(err, "Could not get presigned head url from s3 or compatible storage provider")
return err
}
scan.Status.FindingHeadLink = findingsHeadURL

rawResultsHeadURL, err := r.PresignedHeadURL(scan.UID, scan.Status.RawResultFile, 7*24*time.Hour)
if err != nil {
r.Log.Error(err, "Could not get presigned head url from s3 or compatible storage provider")
return err
}
scan.Status.RawResultHeadLink = rawResultsHeadURL

if err := r.Status().Update(ctx, scan); err != nil {
log.Error(err, "unable to update Scan status")
return err
Expand Down
8 changes: 8 additions & 0 deletions operator/crds/execution.securecodebox.io_scans.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1724,6 +1724,10 @@ spec:
description: FindingDownloadLink link to download the finding json
file from. Valid for 7 days
type: string
findingHeadLink:
description: FindingHeadLink link to send HEAD request to the finding
json file. Valid for 7 days
type: string
findings:
description: FindingStats contains the general stats about the results
of the scan
Expand Down Expand Up @@ -1771,6 +1775,10 @@ spec:
description: RawResultFile Filename of the result file of the scanner.
e.g. `nmap-result.xml`
type: string
rawResultHeadLink:
description: RawResultHeadLink link to send HEAD request to raw result
file. Valid for 7 days
type: string
rawResultType:
description: RawResultType determines which kind of ParseDefinition
will be used to turn the raw results of the scanner into findings
Expand Down