From 4070d3a58802de6dff9837163b8137a337b289f0 Mon Sep 17 00:00:00 2001 From: Kristian Rosland Date: Thu, 14 Mar 2024 13:56:42 +0100 Subject: [PATCH 1/5] =?UTF-8?q?Fors=C3=B8k=20p=C3=A5=20=C3=A5=20fikse=20bu?= =?UTF-8?q?g=20med=20at=20boten=20notifier=20om=20for=20lave=20CVE=20score?= =?UTF-8?q?s?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../no/digipost/github/monitoring/Main.kt | 20 +++++++++++++++---- 1 file changed, 16 insertions(+), 4 deletions(-) diff --git a/src/main/kotlin/no/digipost/github/monitoring/Main.kt b/src/main/kotlin/no/digipost/github/monitoring/Main.kt index b4663a6..28ca183 100644 --- a/src/main/kotlin/no/digipost/github/monitoring/Main.kt +++ b/src/main/kotlin/no/digipost/github/monitoring/Main.kt @@ -3,6 +3,7 @@ package no.digipost.github.monitoring import com.apollographql.apollo3.ApolloClient import com.apollographql.apollo3.api.http.HttpHeader import com.github.graphql.client.type.SecurityAdvisorySeverity +import com.github.graphql.client.type.SecurityAdvisorySeverity.* import io.micrometer.core.instrument.MultiGauge import io.micrometer.core.instrument.Tags import io.micrometer.prometheus.PrometheusConfig @@ -34,6 +35,8 @@ const val DELAY_BETWEEN_PUBLISH_VULNS = 1000L * 60 * 5 var existingVulnerabilities: Map? = null +var VULNERABILITY_ORDERING = listOf(CRITICAL, HIGH, MODERATE, LOW, UNKNOWN__) + suspend fun main(): Unit = coroutineScope { val isLocal = System.getenv("env") == "local" @@ -41,7 +44,9 @@ suspend fun main(): Unit = coroutineScope { Files.readString(GITHUB_SECRET_PATH).trim() } - val slackWebhookUrl: String? = if (isLocal && System.getenv().containsKey("SLACK_WEBHOOK_URL")) System.getenv("SLACK_WEBHOOK_URL") else withContext(Dispatchers.IO) { + val slackWebhookUrl: String? = if (isLocal && System.getenv() + .containsKey("SLACK_WEBHOOK_URL") + ) System.getenv("SLACK_WEBHOOK_URL") else withContext(Dispatchers.IO) { if (Files.exists(SLACK_WEBHOOK_URL_PATH)) { Files.readString(SLACK_WEBHOOK_URL_PATH).trim() } else { @@ -49,7 +54,14 @@ suspend fun main(): Unit = coroutineScope { } } - val severityLimitForNotifications = if (System.getenv().containsKey("severity_limit")) SecurityAdvisorySeverity.safeValueOf(System.getenv("severity_limit")) else SecurityAdvisorySeverity.UNKNOWN__ + if (System.getenv().containsKey("severity_limit")) { + println("Severity limit " + System.getenv("severity_limit")) + } + else { + println("Severity limit ikke satt") + println(System.getenv()) + } + val severityLimitForNotifications = if (System.getenv().containsKey("severity_limit")) SecurityAdvisorySeverity.safeValueOf(System.getenv("severity_limit")) else UNKNOWN__ val logger = LoggerFactory.getLogger("no.digipost.github.monitoring.Main") val prometheusMeterRegistry = PrometheusMeterRegistry(PrometheusConfig.DEFAULT) @@ -111,7 +123,7 @@ fun cachedApolloClientFactory(token: String): () -> ApolloClient { } else { println("Lager ny ApolloClient") client = fakt(token) - age.set(System.currentTimeMillis()); + age.set(System.currentTimeMillis()) client } } @@ -125,7 +137,7 @@ suspend fun publish(apolloClient: ApolloClient, githubApiClient: GithubApiClient .let { repos -> if (existingVulnerabilities != null) { repos.getUniqueCVEs() - .filter { (cve, vulnerability) -> !existingVulnerabilities!!.containsKey(cve) && vulnerability.severity.ordinal <= severityLimit.ordinal } + .filter { (cve, vulnerability) -> !existingVulnerabilities!!.containsKey(cve) && VULNERABILITY_ORDERING.indexOf(vulnerability.severity) <= VULNERABILITY_ORDERING.indexOf(severityLimit) } .forEach { (_, vulnerability) -> println("Ny sårbarhet: $vulnerability") slackClient?.sendToSlack(vulnerability) From 40e46e779c300955f9e4850a402fd15450eebca5 Mon Sep 17 00:00:00 2001 From: Kristian Rosland Date: Thu, 14 Mar 2024 15:59:35 +0100 Subject: [PATCH 2/5] Logger i stedet for println --- .../kotlin/no/digipost/github/monitoring/Main.kt | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/src/main/kotlin/no/digipost/github/monitoring/Main.kt b/src/main/kotlin/no/digipost/github/monitoring/Main.kt index 28ca183..8cc27bc 100644 --- a/src/main/kotlin/no/digipost/github/monitoring/Main.kt +++ b/src/main/kotlin/no/digipost/github/monitoring/Main.kt @@ -54,16 +54,16 @@ suspend fun main(): Unit = coroutineScope { } } + val severityLimitForNotifications = if (System.getenv().containsKey("severity_limit")) SecurityAdvisorySeverity.safeValueOf(System.getenv("severity_limit")) else UNKNOWN__ + val logger = LoggerFactory.getLogger("no.digipost.github.monitoring.Main") + val prometheusMeterRegistry = PrometheusMeterRegistry(PrometheusConfig.DEFAULT) if (System.getenv().containsKey("severity_limit")) { - println("Severity limit " + System.getenv("severity_limit")) + logger.warn("Severity limit " + System.getenv("severity_limit")) } else { - println("Severity limit ikke satt") - println(System.getenv()) + logger.warn("Severity limit ikke satt") + logger.warn(System.getenv().toString()) } - val severityLimitForNotifications = if (System.getenv().containsKey("severity_limit")) SecurityAdvisorySeverity.safeValueOf(System.getenv("severity_limit")) else UNKNOWN__ - val logger = LoggerFactory.getLogger("no.digipost.github.monitoring.Main") - val prometheusMeterRegistry = PrometheusMeterRegistry(PrometheusConfig.DEFAULT) ApplicationInfoMetrics().bindTo(prometheusMeterRegistry) From af2e944da30d35e2435468a8ddb227ccdf91db5f Mon Sep 17 00:00:00 2001 From: Kristian Rosland Date: Thu, 14 Mar 2024 16:33:57 +0100 Subject: [PATCH 3/5] =?UTF-8?q?Test=20=C3=A5=20hente=20severity=20limit=20?= =?UTF-8?q?fra=20props?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../no/digipost/github/monitoring/Main.kt | 35 ++++++++++--------- 1 file changed, 18 insertions(+), 17 deletions(-) diff --git a/src/main/kotlin/no/digipost/github/monitoring/Main.kt b/src/main/kotlin/no/digipost/github/monitoring/Main.kt index 8cc27bc..02add48 100644 --- a/src/main/kotlin/no/digipost/github/monitoring/Main.kt +++ b/src/main/kotlin/no/digipost/github/monitoring/Main.kt @@ -8,21 +8,16 @@ import io.micrometer.core.instrument.MultiGauge import io.micrometer.core.instrument.Tags import io.micrometer.prometheus.PrometheusConfig import io.micrometer.prometheus.PrometheusMeterRegistry -import kotlinx.coroutines.Dispatchers -import kotlinx.coroutines.TimeoutCancellationException +import kotlinx.coroutines.* import kotlinx.coroutines.channels.Channel -import kotlinx.coroutines.coroutineScope -import kotlinx.coroutines.delay -import kotlinx.coroutines.isActive -import kotlinx.coroutines.launch -import kotlinx.coroutines.withContext -import kotlinx.coroutines.withTimeout import no.digipost.monitoring.micrometer.ApplicationInfoMetrics import no.digipost.monitoring.prometheus.SimplePrometheusServer import org.slf4j.LoggerFactory import java.nio.file.Files import java.nio.file.Path +import java.util.* import java.util.concurrent.atomic.AtomicLong +import kotlin.jvm.optionals.getOrNull import kotlin.system.measureTimeMillis val LANGUAGES = setOf("JavaScript", "Java", "TypeScript", "C#", "Kotlin", "Go", "Shell", "Dockerfile") @@ -38,15 +33,13 @@ var existingVulnerabilities: Map? = null var VULNERABILITY_ORDERING = listOf(CRITICAL, HIGH, MODERATE, LOW, UNKNOWN__) suspend fun main(): Unit = coroutineScope { - val isLocal = System.getenv("env") == "local" + val isLocal = getEnvOrProp("env").getOrNull() == "local" - val githubToken = if (isLocal) System.getenv("token") else withContext(Dispatchers.IO) { + val githubToken = if (isLocal) getEnvOrProp("token").get() else withContext(Dispatchers.IO) { Files.readString(GITHUB_SECRET_PATH).trim() } - val slackWebhookUrl: String? = if (isLocal && System.getenv() - .containsKey("SLACK_WEBHOOK_URL") - ) System.getenv("SLACK_WEBHOOK_URL") else withContext(Dispatchers.IO) { + val slackWebhookUrl: String? = if (isLocal) getEnvOrProp("SLACK_WEBHOOK_URL").getOrNull() else withContext(Dispatchers.IO) { if (Files.exists(SLACK_WEBHOOK_URL_PATH)) { Files.readString(SLACK_WEBHOOK_URL_PATH).trim() } else { @@ -54,15 +47,15 @@ suspend fun main(): Unit = coroutineScope { } } - val severityLimitForNotifications = if (System.getenv().containsKey("severity_limit")) SecurityAdvisorySeverity.safeValueOf(System.getenv("severity_limit")) else UNKNOWN__ + val severityLimitForNotifications = SecurityAdvisorySeverity.safeValueOf(getEnvOrProp("severity_limit").orElse("UNKNOWN")) val logger = LoggerFactory.getLogger("no.digipost.github.monitoring.Main") val prometheusMeterRegistry = PrometheusMeterRegistry(PrometheusConfig.DEFAULT) - if (System.getenv().containsKey("severity_limit")) { - logger.warn("Severity limit " + System.getenv("severity_limit")) + if (getEnvOrProp("severity_limit").isPresent) { + logger.warn("Severity limit " + getEnvOrProp("severity_limit").get()) } else { logger.warn("Severity limit ikke satt") - logger.warn(System.getenv().toString()) + System.getProperties() } ApplicationInfoMetrics().bindTo(prometheusMeterRegistry) @@ -194,3 +187,11 @@ suspend fun publish(apolloClient: ApolloClient, githubApiClient: GithubApiClient } } + +private fun getEnvOrProp(propName: String): Optional { + var result = System.getenv(propName) + if (result != null) return Optional.of(result) + result = System.getProperty(propName) + + return Optional.ofNullable(result) +} From 3f0906067a3fde659ef913083f410b823ca9ecde Mon Sep 17 00:00:00 2001 From: Kristian Rosland Date: Thu, 14 Mar 2024 16:36:48 +0100 Subject: [PATCH 4/5] Fjern debug logstatements --- src/main/kotlin/no/digipost/github/monitoring/Main.kt | 7 ------- 1 file changed, 7 deletions(-) diff --git a/src/main/kotlin/no/digipost/github/monitoring/Main.kt b/src/main/kotlin/no/digipost/github/monitoring/Main.kt index 02add48..8f0cff1 100644 --- a/src/main/kotlin/no/digipost/github/monitoring/Main.kt +++ b/src/main/kotlin/no/digipost/github/monitoring/Main.kt @@ -50,13 +50,6 @@ suspend fun main(): Unit = coroutineScope { val severityLimitForNotifications = SecurityAdvisorySeverity.safeValueOf(getEnvOrProp("severity_limit").orElse("UNKNOWN")) val logger = LoggerFactory.getLogger("no.digipost.github.monitoring.Main") val prometheusMeterRegistry = PrometheusMeterRegistry(PrometheusConfig.DEFAULT) - if (getEnvOrProp("severity_limit").isPresent) { - logger.warn("Severity limit " + getEnvOrProp("severity_limit").get()) - } - else { - logger.warn("Severity limit ikke satt") - System.getProperties() - } ApplicationInfoMetrics().bindTo(prometheusMeterRegistry) From f3708fbe5f058f5e04baaf7009cf46c202aad281 Mon Sep 17 00:00:00 2001 From: Kristian Rosland Date: Thu, 14 Mar 2024 16:42:19 +0100 Subject: [PATCH 5/5] Fjern stjerneimports --- .../kotlin/no/digipost/github/monitoring/Main.kt | 14 ++++++++++---- 1 file changed, 10 insertions(+), 4 deletions(-) diff --git a/src/main/kotlin/no/digipost/github/monitoring/Main.kt b/src/main/kotlin/no/digipost/github/monitoring/Main.kt index 8f0cff1..743a4ef 100644 --- a/src/main/kotlin/no/digipost/github/monitoring/Main.kt +++ b/src/main/kotlin/no/digipost/github/monitoring/Main.kt @@ -3,19 +3,25 @@ package no.digipost.github.monitoring import com.apollographql.apollo3.ApolloClient import com.apollographql.apollo3.api.http.HttpHeader import com.github.graphql.client.type.SecurityAdvisorySeverity -import com.github.graphql.client.type.SecurityAdvisorySeverity.* import io.micrometer.core.instrument.MultiGauge import io.micrometer.core.instrument.Tags import io.micrometer.prometheus.PrometheusConfig import io.micrometer.prometheus.PrometheusMeterRegistry -import kotlinx.coroutines.* +import kotlinx.coroutines.Dispatchers +import kotlinx.coroutines.TimeoutCancellationException +import kotlinx.coroutines.isActive +import kotlinx.coroutines.coroutineScope import kotlinx.coroutines.channels.Channel +import kotlinx.coroutines.withContext +import kotlinx.coroutines.withTimeout +import kotlinx.coroutines.launch +import kotlinx.coroutines.delay import no.digipost.monitoring.micrometer.ApplicationInfoMetrics import no.digipost.monitoring.prometheus.SimplePrometheusServer import org.slf4j.LoggerFactory import java.nio.file.Files import java.nio.file.Path -import java.util.* +import java.util.Optional import java.util.concurrent.atomic.AtomicLong import kotlin.jvm.optionals.getOrNull import kotlin.system.measureTimeMillis @@ -30,7 +36,7 @@ const val DELAY_BETWEEN_PUBLISH_VULNS = 1000L * 60 * 5 var existingVulnerabilities: Map? = null -var VULNERABILITY_ORDERING = listOf(CRITICAL, HIGH, MODERATE, LOW, UNKNOWN__) +var VULNERABILITY_ORDERING = listOf(SecurityAdvisorySeverity.CRITICAL, SecurityAdvisorySeverity.HIGH, SecurityAdvisorySeverity.MODERATE, SecurityAdvisorySeverity.LOW, SecurityAdvisorySeverity.UNKNOWN__) suspend fun main(): Unit = coroutineScope { val isLocal = getEnvOrProp("env").getOrNull() == "local"