You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
168 lines
4.1 KiB
168 lines
4.1 KiB
8 years ago
|
// Copyright 2017 clair authors
|
||
9 years ago
|
//
|
||
|
// Licensed under the Apache License, Version 2.0 (the "License");
|
||
|
// you may not use this file except in compliance with the License.
|
||
|
// You may obtain a copy of the License at
|
||
|
//
|
||
|
// http://www.apache.org/licenses/LICENSE-2.0
|
||
|
//
|
||
|
// Unless required by applicable law or agreed to in writing, software
|
||
|
// distributed under the License is distributed on an "AS IS" BASIS,
|
||
|
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||
|
// See the License for the specific language governing permissions and
|
||
|
// limitations under the License.
|
||
|
|
||
8 years ago
|
// Package webhook implements a notification sender for HTTP JSON webhooks.
|
||
|
package webhook
|
||
9 years ago
|
|
||
|
import (
|
||
|
"bytes"
|
||
|
"crypto/tls"
|
||
|
"crypto/x509"
|
||
|
"encoding/json"
|
||
|
"errors"
|
||
|
"fmt"
|
||
|
"io/ioutil"
|
||
|
"net/http"
|
||
|
"net/url"
|
||
9 years ago
|
"time"
|
||
9 years ago
|
|
||
|
"gopkg.in/yaml.v2"
|
||
|
|
||
|
"github.com/coreos/clair/config"
|
||
9 years ago
|
"github.com/coreos/clair/database"
|
||
8 years ago
|
"github.com/coreos/clair/ext/notification"
|
||
9 years ago
|
)
|
||
|
|
||
9 years ago
|
const timeout = 5 * time.Second
|
||
|
|
||
8 years ago
|
type sender struct {
|
||
9 years ago
|
endpoint string
|
||
|
client *http.Client
|
||
|
}
|
||
|
|
||
8 years ago
|
// Config represents the configuration of a Webhook Sender.
|
||
|
type Config struct {
|
||
9 years ago
|
Endpoint string
|
||
|
ServerName string
|
||
|
CertFile string
|
||
|
KeyFile string
|
||
|
CAFile string
|
||
9 years ago
|
Proxy string
|
||
9 years ago
|
}
|
||
|
|
||
|
func init() {
|
||
8 years ago
|
notification.RegisterSender("webhook", &sender{})
|
||
9 years ago
|
}
|
||
|
|
||
8 years ago
|
func (s *sender) Configure(config *config.NotifierConfig) (bool, error) {
|
||
9 years ago
|
// Get configuration
|
||
8 years ago
|
var httpConfig Config
|
||
9 years ago
|
if config == nil {
|
||
|
return false, nil
|
||
|
}
|
||
|
if _, ok := config.Params["http"]; !ok {
|
||
|
return false, nil
|
||
|
}
|
||
|
yamlConfig, err := yaml.Marshal(config.Params["http"])
|
||
|
if err != nil {
|
||
|
return false, errors.New("invalid configuration")
|
||
|
}
|
||
|
err = yaml.Unmarshal(yamlConfig, &httpConfig)
|
||
|
if err != nil {
|
||
|
return false, errors.New("invalid configuration")
|
||
|
}
|
||
|
|
||
|
// Validate endpoint URL.
|
||
|
if httpConfig.Endpoint == "" {
|
||
|
return false, nil
|
||
|
}
|
||
9 years ago
|
if _, err := url.ParseRequestURI(httpConfig.Endpoint); err != nil {
|
||
9 years ago
|
return false, fmt.Errorf("could not parse endpoint URL: %s\n", err)
|
||
9 years ago
|
}
|
||
8 years ago
|
s.endpoint = httpConfig.Endpoint
|
||
9 years ago
|
|
||
9 years ago
|
// Setup HTTP client.
|
||
|
transport := &http.Transport{}
|
||
8 years ago
|
s.client = &http.Client{
|
||
9 years ago
|
Transport: transport,
|
||
|
Timeout: timeout,
|
||
|
}
|
||
|
|
||
9 years ago
|
// Initialize TLS.
|
||
9 years ago
|
transport.TLSClientConfig, err = loadTLSClientConfig(&httpConfig)
|
||
9 years ago
|
if err != nil {
|
||
|
return false, fmt.Errorf("could not initialize client cert auth: %s\n", err)
|
||
|
}
|
||
|
|
||
9 years ago
|
// Set proxy.
|
||
|
if httpConfig.Proxy != "" {
|
||
|
proxyURL, err := url.ParseRequestURI(httpConfig.Proxy)
|
||
|
if err != nil {
|
||
|
return false, fmt.Errorf("could not parse proxy URL: %s\n", err)
|
||
|
}
|
||
|
transport.Proxy = http.ProxyURL(proxyURL)
|
||
9 years ago
|
}
|
||
9 years ago
|
|
||
9 years ago
|
return true, nil
|
||
|
}
|
||
|
|
||
9 years ago
|
type notificationEnvelope struct {
|
||
|
Notification struct {
|
||
|
Name string
|
||
|
}
|
||
|
}
|
||
|
|
||
8 years ago
|
func (s *sender) Send(notification database.VulnerabilityNotification) error {
|
||
9 years ago
|
// Marshal notification.
|
||
9 years ago
|
jsonNotification, err := json.Marshal(notificationEnvelope{struct{ Name string }{notification.Name}})
|
||
9 years ago
|
if err != nil {
|
||
|
return fmt.Errorf("could not marshal: %s", err)
|
||
|
}
|
||
|
|
||
9 years ago
|
// Send notification via HTTP POST.
|
||
8 years ago
|
resp, err := s.client.Post(s.endpoint, "application/json", bytes.NewBuffer(jsonNotification))
|
||
9 years ago
|
if err != nil || resp == nil || (resp.StatusCode != 200 && resp.StatusCode != 201) {
|
||
|
if resp != nil {
|
||
9 years ago
|
return fmt.Errorf("got status %d, expected 200/201", resp.StatusCode)
|
||
9 years ago
|
}
|
||
|
return err
|
||
|
}
|
||
|
defer resp.Body.Close()
|
||
|
|
||
|
return nil
|
||
|
}
|
||
|
|
||
8 years ago
|
// loadTLSClientConfig initializes a *tls.Config using the given Config.
|
||
9 years ago
|
//
|
||
|
// If no certificates are given, (nil, nil) is returned.
|
||
|
// The CA certificate is optional and falls back to the system default.
|
||
8 years ago
|
func loadTLSClientConfig(cfg *Config) (*tls.Config, error) {
|
||
9 years ago
|
if cfg.CertFile == "" || cfg.KeyFile == "" {
|
||
|
return nil, nil
|
||
|
}
|
||
|
|
||
|
cert, err := tls.LoadX509KeyPair(cfg.CertFile, cfg.KeyFile)
|
||
|
if err != nil {
|
||
|
return nil, err
|
||
|
}
|
||
|
|
||
|
var caCertPool *x509.CertPool
|
||
|
if cfg.CAFile != "" {
|
||
|
caCert, err := ioutil.ReadFile(cfg.CAFile)
|
||
|
if err != nil {
|
||
|
return nil, err
|
||
|
}
|
||
|
caCertPool = x509.NewCertPool()
|
||
|
caCertPool.AppendCertsFromPEM(caCert)
|
||
|
}
|
||
|
|
||
|
tlsConfig := &tls.Config{
|
||
|
ServerName: cfg.ServerName,
|
||
|
Certificates: []tls.Certificate{cert},
|
||
|
RootCAs: caCertPool,
|
||
|
}
|
||
|
|
||
|
return tlsConfig, nil
|
||
|
}
|