core

package
v0.0.0-...-bd16fb0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Apr 18, 2024 License: MIT Imports: 22 Imported by: 0

Documentation

Index

Constants

View Source 
const ScopeChangeNotifierInterval = time.Second * 1

Variables

View Source 
var ErrInvalidPrivilege = fmt.Errorf("invalid privilege secret")
View Source 
var ErrScopeUpdateOngoing = fmt.Errorf("synchronization of scan targets still ongoing")
View Source 
var ErrViewNameExisting = fmt.Errorf("view name already existing")

Functions

func Init 

func Init() error

Init initializes the manager and all of its parameters

func RegisterGobs 

func RegisterGobs()

RegisterGobs registers data structs for RPC to make them transferable as interface variables

func RpcCreateScope 

func RpcCreateScope(
	logger scanUtils.Logger,
	rpc *utils.Client,
	dbServerId uint64,
	name string,
	groupId uint64,
	createdBy string,
	cycles bool,
	cyclesRetention int,
	scopeType string,
	attributes utils.JsonMap,
) (uint64, error)

RpcCreateScope creates a new scope and its corresponding database in the manager's db

func RpcCreateView 

func RpcCreateView(
	logger scanUtils.Logger,
	rpc *utils.Client,
	scopeId uint64,
	viewName string,
	createdBy string,
	filters map[string][]string,
) error

RpcCreateView requests creation of view from the scope manager via RPC

func RpcDeleteAgent 

func RpcDeleteAgent(logger scanUtils.Logger, rpc *utils.Client, agentId uint64) error

RpcDeleteAgent requests the deletion of scan agent stats from the scope manager via RPC

func RpcDeleteScope 

func RpcDeleteScope(logger scanUtils.Logger, rpc *utils.Client, scopeId uint64) error

RpcDeleteScope requests the deletion of a scan scopes from the scope manager via RPC

func RpcDeleteView 

func RpcDeleteView(logger scanUtils.Logger, rpc *utils.Client, viewId uint64) error

RpcDeleteView requests deletion of view, including associated access rights, from the scope manager via RPC

func RpcDisableDbUser 

func RpcDisableDbUser(logger scanUtils.Logger, rpc *utils.Client, username string) error

RpcDisableDbUser requests to disable a user on all DB servers via RPC

func RpcEnableDbUser 

func RpcEnableDbUser(logger scanUtils.Logger, rpc *utils.Client, username string) error

RpcEnableDbUser requests to disable a user on all DB servers via RPC

func RpcGetAgents 

func RpcGetAgents(logger scanUtils.Logger, rpc *utils.Client) ([]database.T_scan_agent, error)

RpcGetAgents requests all scan agents from the scope manager via RPC

func RpcGetScope 

func RpcGetScope(logger scanUtils.Logger, rpc *utils.Client, scopeId uint64) (database.T_scan_scope, error)

RpcGetScope requests a certain scan scopes from the scope manager via RPC

func RpcGetScopeFull 

func RpcGetScopeFull(
	logger scanUtils.Logger,
	rpc *utils.Client,
	managerPrivilegeSecret string,
	scopeSecret string,
) (database.T_scan_scope, error)

func RpcGetScopeTargets 

func RpcGetScopeTargets(logger scanUtils.Logger, rpc *utils.Client, scopeId uint64) (bool, []database.T_discovery, error)

RpcGetScopeTargets requests a list of current scan scope targets

func RpcGetScopes 

func RpcGetScopes(logger scanUtils.Logger, rpc *utils.Client) ([]database.T_scan_scope, error)

RpcGetScopes requests all scan scopes from the scope manager via RPC

func RpcGetScopesOf 

func RpcGetScopesOf(
	logger scanUtils.Logger, rpc *utils.Client, groupIds []uint64) ([]database.T_scan_scope, error)

RpcGetScopesOf requests the scan scopes of given groups from the scope manager via RPC

func RpcGetView 

func RpcGetView(logger scanUtils.Logger, rpc *utils.Client, viewId uint64) (database.T_scope_view, error)

RpcGetView requests the view of a given Id from the scope manager via RPC

func RpcGetViews 

func RpcGetViews(logger scanUtils.Logger, rpc *utils.Client) ([]database.T_scope_view, error)

RpcGetViews requests all views from the scope manager via RPC

func RpcGetViewsGranted 

func RpcGetViewsGranted(
	logger scanUtils.Logger, rpc *utils.Client, username string) ([]database.T_scope_view, error)

RpcGetViewsGranted requests views with access rights for a certain user from the scope manager via RPC

func RpcGetViewsOf 

func RpcGetViewsOf(
	logger scanUtils.Logger, rpc *utils.Client, groupIds []uint64) ([]database.T_scope_view, error)

RpcGetViewsOf requests the views belonging to scopes of given groups from the scope manager via RPC

func RpcGrantToken 

func RpcGrantToken(
	logger scanUtils.Logger,
	rpc *utils.Client,
	viewId uint64,
	description string,
	cratedBy string,
	expiry time.Duration,
) (username string, password string, err error)

RpcGrantToken requests to generate an access token and grant it access for a given view

func RpcGrantUsers 

func RpcGrantUsers(
	logger scanUtils.Logger,
	rpc *utils.Client,
	viewId uint64,
	dbUsers []database.DbCredentials,
	grantedBy string,
) error

RpcGrantUsers requests to grant a list of user access to a given view

func RpcNewCycle 

func RpcNewCycle(
	logger scanUtils.Logger,
	rpc *utils.Client,
	scopeId uint64,
) error

RpcNewCycle updates a certain scope and its scan settings in the manager's db

func RpcResetInput 

func RpcResetInput(logger scanUtils.Logger, rpc *utils.Client, scopeId uint64, input string) error

RpcResetInput requests the reset of a scan scope's input target from the scope manager via RPC

func RpcResetSecret 

func RpcResetSecret(logger scanUtils.Logger, rpc *utils.Client, scopeId uint64) (string, error)

RpcResetSecret requests the reset of a scan scope's secret from the scope manager via RPC

func RpcRevokeGrants 

func RpcRevokeGrants(logger scanUtils.Logger, rpc *utils.Client, viewId uint64, username ...string) error

RpcRevokeGrants requests the revocation of a single user access right on a view from the scope manager via RPC

func RpcSubscribeNotification 

func RpcSubscribeNotification(
	logger scanUtils.Logger,
	rpc *utils.Client,
	ctx context.Context,
) (chan ReplyNotification, chan struct{})

RpcSubscribeNotification initializes a goroutine continuously listening for scope changes on the manager via RPC. This function can be used by other components to subscribe to notifications about scan scope changes. It returns two channels:

  • A channel for notifications about specific scan scopes that changed
  • A channel for re-connect notifications. In this case scan scope changes might have gone unobserved and a complete integrity check is necessary!

func RpcToggleScope 

func RpcToggleScope(logger scanUtils.Logger, rpc *utils.Client, scopeId uint64) error

RpcToggleScope requests to enable/disable a scan scope by the scope manager via RPC

func RpcUpdateAgents 

func RpcUpdateAgents(
	logger scanUtils.Logger,
	rpc *utils.Client,
	agentStatsByScope map[uint64][]database.T_scan_agent,
) error

RpcUpdateAgents updates scan agent stats of a certain scope in the manager's db.

func RpcUpdateScope 

func RpcUpdateScope(
	logger scanUtils.Logger,
	rpc *utils.Client,
	scopeId uint64,
	scopeName string,
	cycles bool,
	cyclesRetention int,
	attributes *utils.JsonMap,
) error

RpcUpdateScope updates a certain scope and its scan settings in the manager's db

func RpcUpdateServerCredentials 

func RpcUpdateServerCredentials(logger scanUtils.Logger, rpc *utils.Client, username string, password string) error

RpcUpdateServerCredentials requests the update of the user's password on all DB servers via RPC

func RpcUpdateSettings 

func RpcUpdateSettings(
	logger scanUtils.Logger,
	rpc *utils.Client,
	scopeId uint64,
	scanSettings database.T_scan_settings,
) error

RpcUpdateSettings updates a certain scope and its scan settings in the manager's db

func RpcUpdateView 

func RpcUpdateView(logger scanUtils.Logger, rpc *utils.Client, viewId uint64, viewName string) error

RpcUpdateView updates a certain view in the manager's db

func Run 

func Run() error

Run loops to accept and process RPC connections until the core context is terminated

func Shutdown 

func Shutdown()

Shutdown terminates the application context, which causes associated components to gracefully shut down.

Types

type ArgsAgentId 

type ArgsAgentId struct {
	AgentId uint64
}

type ArgsCredentials 

type ArgsCredentials struct {
	Username string
	Password string
}

type ArgsGrantToken 

type ArgsGrantToken struct {
	ViewId      uint64
	Description string
	CreatedBy   string
	Expiry      time.Duration
}

type ArgsGrantUsers 

type ArgsGrantUsers struct {
	ViewId        uint64
	DbCredentials []database.DbCredentials
	GrantedBy     string
}

type ArgsGroupIds 

type ArgsGroupIds struct {
	GroupIds []uint64
}

type ArgsRevokeGrants 

type ArgsRevokeGrants struct {
	ViewId    uint64
	Usernames []string
}

type ArgsScopeByIdFull 

type ArgsScopeByIdFull struct {
	PrivilegeSecret string
	ScopeId         uint64
}

type ArgsScopeDetails 

type ArgsScopeDetails struct {
	DbServerId      uint64 // The ID of the scope database server entry to create the scope on
	Name            string
	GroupId         uint64
	CreatedBy       string
	Type            string        // There might be different scope types in the future, e.g. initialized via remote repositories
	Cycles          bool          // Whether scan scope should run in cycles
	CyclesRetention int           // Amount of previous scan cycles to keep. Older ones will be cleaned up.
	Attributes      utils.JsonMap // Key value pairs of scan scope attributes to update
}

type ArgsScopeFull 

type ArgsScopeFull struct {
	PrivilegeSecret string
	ScopeSecret     string
}

type ArgsScopeId 

type ArgsScopeId struct {
	ScopeId uint64
}

type ArgsScopeUpdate 

type ArgsScopeUpdate struct {
	// Pointer values are optional and will not be updated if nil!
	IdTScanScopes   uint64 // The ID of the scan scope to update
	Name            string
	Cycles          bool
	CyclesRetention int            // Amount of previous scan cycles to keep. Older ones will be cleaned up.
	Attributes      *utils.JsonMap // Key value pairs of scan scope attributes to update
}

type ArgsSettingsUpdate 

type ArgsSettingsUpdate struct {
	IdTScanScopes uint64 // The ID of the scan scope to update
	ScanSettings  database.T_scan_settings
}

type ArgsStatsUpdate 

type ArgsStatsUpdate struct {
	ScanAgents map[uint64][]database.T_scan_agent
}

type ArgsTargetReset 

type ArgsTargetReset struct {
	ScopeId uint64 // The ID of the scan scope to update target in
	Input   string
}

type ArgsTargetsUpdate 

type ArgsTargetsUpdate struct {
	IdTScanScopes uint64                 // The ID of the scan scope to update
	Targets       []database.T_discovery // Scope targets to set in the scopedb. Empty list will remove all.
	Blocking      bool                   // Whether to wait for update result
}

type ArgsUsername 

type ArgsUsername struct {
	Username string
}

type ArgsViewDetails 

type ArgsViewDetails struct {
	ScopeId   uint64 // The ID of the scan scope to create the view for
	ViewName  string // Name of the view to describe it
	CreatedBy string
	Filters   map[string][]string
}

type ArgsViewId 

type ArgsViewId struct {
	ViewId uint64
}

type ArgsViewUpdate 

type ArgsViewUpdate struct {
	ViewId uint64 // The ID of the scope view to update
	Name   string
}

type Manager 

type Manager struct{}

Manager is used to implement the manager's RPC interfaces

func (*Manager) CreateScope 

func (s *Manager) CreateScope(rpcArgs *ArgsScopeDetails, rpcReply *ReplyScopeId) error

CreateScope creates a scan scope

func (*Manager) CreateView 

func (s *Manager) CreateView(rpcArgs *ArgsViewDetails, rpcReply *struct{}) error

CreateView creates a view on a scan scope with optional filters. Users can be granted access to views only.

func (*Manager) DeleteAgent 

func (s *Manager) DeleteAgent(rpcArgs *ArgsAgentId, rpcReply *struct{}) error

DeleteAgent removes a scan agent stats entry from the manager db

func (*Manager) DeleteScope 

func (s *Manager) DeleteScope(rpcArgs *ArgsScopeId, rpcReply *struct{}) error

DeleteScope removes a scan scope including associated views and access grants from the scope db and the manager db

func (*Manager) DeleteView 

func (s *Manager) DeleteView(rpcArgs *ArgsViewId, rpcReply *struct{}) error

DeleteView removes a scope view including associated access grants from the scope db and the manager db

func (*Manager) DisableDbCredentials 

func (s *Manager) DisableDbCredentials(rpcArgs *ArgsUsername, rpcReply *struct{}) error

DisableDbCredentials iterates database servers the user has access rights to and disables it's account

func (*Manager) EnableDbCredentials 

func (s *Manager) EnableDbCredentials(rpcArgs *ArgsUsername, rpcReply *struct{}) error

EnableDbCredentials iterates database servers the user has access rights to and enables it's account

func (*Manager) GetAgents 

func (s *Manager) GetAgents(rpcArgs *struct{}, rpcReply *ReplyScanAgents) error

GetAgents returns all available scan agents, referencing their associated scan scope

func (*Manager) GetScope 

func (s *Manager) GetScope(rpcArgs *ArgsScopeId, rpcReply *ReplyScanScope) error

GetScope returns a specific scan scope to an RPC client

func (*Manager) GetScopeFull 

func (s *Manager) GetScopeFull(rpcArgs *ArgsScopeFull, rpcReply *ReplyScanScope) error

GetScopeFull returns a scan scope, identified by its scope secret, with FULL details (secrets, credentials,...) to an RPC client. The RPC client has to provide a valid privilege secret, shared between the client and the manager. ATTENTION: If the supplied scope secret is invalid (unknown), an empty scan scope is returned. The client has to 

check whether the returned scan scope's ID is != 0. No error is returned, because it would trigger a
critical log. End user configuration errors or scan agents left behind, should not flood with critical
log messages.

func (*Manager) GetScopeTargets 

func (s *Manager) GetScopeTargets(rpcArgs *ArgsScopeId, rpcReply *ReplyScopeTargets) error

GetScopeTargets queries the current list of scan targets from a scan scope

func (*Manager) GetScopes 

func (s *Manager) GetScopes(rpcArgs *struct{}, rpcReply *ReplyScanScopes) error

GetScopes returns all available scan scopes to an RPC client

func (*Manager) GetScopesOf 

func (s *Manager) GetScopesOf(rpcArgs *ArgsGroupIds, rpcReply *ReplyScanScopes) error

GetScopesOf returns scan scopes for a given group ID

func (*Manager) GetView 

func (s *Manager) GetView(rpcArgs *ArgsViewId, rpcReply *ReplyScopeView) error

GetView returns view for given view id

func (*Manager) GetViews 

func (s *Manager) GetViews(rpcArgs *struct{}, rpcReply *ReplyScopeViews) error

GetViews returns all available scope views to an RPC client

func (*Manager) GetViewsGranted 

func (s *Manager) GetViewsGranted(rpcArgs *ArgsUsername, rpcReply *ReplyScopeViews) error

GetViewsGranted returns views a user has granted access to

func (*Manager) GetViewsOf 

func (s *Manager) GetViewsOf(rpcArgs *ArgsGroupIds, rpcReply *ReplyScopeViews) error

GetViewsOf returns views of scan scopes for given group ids

func (*Manager) GrantToken 

func (s *Manager) GrantToken(rpcArgs *ArgsGrantToken, rpcReply *ReplyCredentials) error

GrantToken creates a new access token and grants it access rights to the given view and returns the username and password representing the access token

func (*Manager) GrantUsers 

func (s *Manager) GrantUsers(rpcArgs *ArgsGrantUsers, rpcReply *struct{}) error

GrantUsers adds necessary access rights to a scope view (leaves existing ones)

func (*Manager) NewCycle 

func (s *Manager) NewCycle(rpcArgs *ArgsScopeId, rpcReply *struct{}) error

NewCycle initializes a new scan cycle for a given scan scope. All scan progress will be reset, but existing results will be kept.

func (*Manager) ResetInput 

func (s *Manager) ResetInput(rpcArgs *ArgsTargetReset, rpcReply *struct{}) error

ResetInput reset a scan scope's input target to put it back into queue

func (*Manager) ResetSecret 

func (s *Manager) ResetSecret(rpcArgs *ArgsScopeId, rpcReply *ReplyScopeSecret) error

ResetSecret reset the secret of a given scan scope used to associate scan agents

func (*Manager) RevokeGrants 

func (s *Manager) RevokeGrants(rpcArgs *ArgsRevokeGrants, rpcReply *struct{}) error

RevokeGrants removes an access grant (may be a user bound grant or a none user bound access token) from the scope db and the manager db

func (*Manager) SubscribeNotification 

func (s *Manager) SubscribeNotification(rpcArgs struct{}, rpcReply *ReplyNotification) error

SubscribeNotification can be called by a client in order to be notified about changes, e.g. in scan scope's details. The call will not be answered until changes become known. Basically the client's call will block until changes happen. It will then receive a notification. After processing the notification, it should subscribe *again* to receive subsequent/future notifications. The notifier will notify in intervals, so the client has a few seconds to process and re-subscribe.

func (*Manager) ToggleScope 

func (s *Manager) ToggleScope(rpcArgs *ArgsScopeId, rpcReply *struct{}) error

ToggleScope enables/disables a scan scope. Disabled (paused) scan scopes are not processed by the broker. Scan agents will be able to complete running scan tasks, but not receive new ones.

func (*Manager) UpdateAgents 

func (s *Manager) UpdateAgents(rpcArgs *ArgsStatsUpdate, rpcReply *struct{}) error

UpdateAgents updates scan agent stats in the manager's db.

func (*Manager) UpdateScope 

func (s *Manager) UpdateScope(rpcArgs *ArgsScopeUpdate, rpcReply *struct{}) error

UpdateScope updates scan scope details

func (*Manager) UpdateScopeTargets 

func (s *Manager) UpdateScopeTargets(rpcArgs *ArgsTargetsUpdate, rpcReply *ReplyTargetsUpdate) error

UpdateScopeTargets updates scan scope details

func (*Manager) UpdateServerCredentials 

func (s *Manager) UpdateServerCredentials(rpcArgs *ArgsCredentials, rpcReply *struct{}) error

UpdateServerCredentials iterates database servers the user has access rights to and updates the user's password

func (*Manager) UpdateSettings 

func (s *Manager) UpdateSettings(rpcArgs *ArgsSettingsUpdate, rpcReply *struct{}) error

UpdateSettings updates scan scope scan settings, depending on the arguments given

func (*Manager) UpdateView 

func (s *Manager) UpdateView(rpcArgs *ArgsViewUpdate, rpcReply *struct{}) error

UpdateView updates scope view details

type ReplyCredentials 

type ReplyCredentials struct {
	Username string
	Password string
}

type ReplyNotification 

type ReplyNotification struct {
	UpdateScopeIds    []uint64 // The scope IDs that were updated on the manager (those need to be re-loaded)
	RemainingScopeIds []uint64 // The scope IDs that are still existing on the manager (all other can be cleaned)
}

type ReplyScanAgents 

type ReplyScanAgents struct {
	ScanAgents []database.T_scan_agent
}

type ReplyScanScope 

type ReplyScanScope struct {
	ScanScope database.T_scan_scope
}

type ReplyScanScopes 

type ReplyScanScopes struct {
	ScanScopes []database.T_scan_scope
}

type ReplyScopeId 

type ReplyScopeId struct {
	ScopeId uint64
}

type ReplyScopeIds 

type ReplyScopeIds struct {
	ScopeIds []uint64
}

type ReplyScopeSecret 

type ReplyScopeSecret struct {
	ScopeSecret string
}

type ReplyScopeTargets 

type ReplyScopeTargets struct {
	Synchronization bool // Flag indicating whether previous synchronization is still ongoing (no targets in that case)
	Targets         []database.T_discovery
}

type ReplyScopeView 

type ReplyScopeView struct {
	ScopeViews database.T_scope_view
}

type ReplyScopeViews 

type ReplyScopeViews struct {
	ScopeViews []database.T_scope_view
}

type ReplyTargetsUpdate 

type ReplyTargetsUpdate struct {
	Error   string
	Created uint64
	Removed uint64
	Updated uint64
}

func RpcUpdateScopeTargets 

func RpcUpdateScopeTargets(
	logger scanUtils.Logger,
	rpc *utils.Client,
	scopeId uint64,
	targets []database.T_discovery,
	blocking bool,
) (ReplyTargetsUpdate, error)

RpcUpdateScopeTargets updates the input targets of a certain scope in the scopedb. This can only run once in parallel per scan scope.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.