Skip to content

Commit

Permalink
Add files via upload
Browse files Browse the repository at this point in the history
  • Loading branch information
@rohitcoder
rohitcoder authored Aug 21, 2024
0 parents commit b273bdc
Show file tree
Hide file tree
Showing 8 changed files with 2,135 additions and 0 deletions.
17 changes: 17 additions & 0 deletions Dockerfile
Original file line number Diff line number Diff line change
@@ -0,0 +1,17 @@
FROM node

# Create app directory
WORKDIR /app

# Install app dependencies
COPY package.json /app
RUN npm install

# Bundle app source
COPY . /app

# Expose the port the app runs on
EXPOSE 4001

# Run the app
CMD ["npm", "start"]
2 changes: 2 additions & 0 deletions README.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,2 @@
# hela-api
This is the main repo for hela-api code which schedules scan jobs within k8s with hela scanner
13 changes: 13 additions & 0 deletions db.js
Original file line number Diff line number Diff line change
@@ -0,0 +1,13 @@
const mongodb = require('mongodb').MongoClient;
let env = require('dotenv');
env.config({ path: '.env' });

const db = mongodb.connect(process.env.MONGO_URI).then(client => {
console.log('Connected to MongoDB');
return client.db('code-security-open-source');
}).catch(err => {
console.log(err);
});
module.exports = {
db
}
9 changes: 9 additions & 0 deletions helper/functions.js
Original file line number Diff line number Diff line change
@@ -0,0 +1,9 @@
exports.generateRandomString = (length) => {
let result = '';
const characters = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789';
const charactersLength = characters.length;
for (let i = 0; i < length; i++) {
result += characters.charAt(Math.floor(Math.random() * charactersLength));
}
return result;
}
21 changes: 21 additions & 0 deletions helper/k8s.js
Original file line number Diff line number Diff line change
@@ -0,0 +1,21 @@
const k8s = require('@kubernetes/client-node');

exports.sendJobToK8S = async(job_json) => {
const kc = new k8s.KubeConfig();
kc.loadFromCluster();
const k8sApi = kc.makeApiClient(k8s.CoreV1Api);
const k8s2Api = kc.makeApiClient(k8s.BatchV1Api);
try {
const podsRes = await k8sApi.listNamespacedPod("security-team");
console.log(podsRes.body);
} catch (err) {
console.error(err);
}
try {
const res = await k8s2Api.createNamespacedJob("security-team", job_json);
return res;
} catch (err) {
console.log(err);
throw (err);
}
}
140 changes: 140 additions & 0 deletions index.js
Original file line number Diff line number Diff line change
@@ -0,0 +1,140 @@
const express = require('express');
const db = require('./db').db;
const { generateRandomString } = require('./helper/functions');
const { sendJobToK8S } = require('./helper/k8s');
const dotenv = require('dotenv').config();
const app = express();
const port = 4001;
app.use(express.json());

const env = process.env;
app.get('/status', (req, res) => {
res.status(200).json({
message: "Server is running",
env
});
});

app.get('/async-status', async (req, res) => {
let status = await new Promise((resolve, reject) => {
setTimeout(() => {
resolve("Server is running");
}, 1000);
});
res.status(200).json({
message: status
});
});

app.post('/git-scan/', async (req, res) => {
let job_name = `scanjob${generateRandomString(5).toLowerCase()}`;
let product_name = req.body.product_name;
let branch = req.body.branch;
let engagement_name = req.body.engagement_name;
let commit_id = req.body.commit_id;
let repository_link = req.body.repository_link;
let modules = req.body.modules;
let slack_url = req.body.slack_url;
let policy_url = req.body.policy_url;
let job_args = [
"--code-path=" + repository_link,
"--commit-id=" + commit_id,
"--branch=" + branch,
"--job-id=" + job_name,
]
if (product_name) {
job_args.push("--product-name=" + product_name);
}
if (policy_url) {
job_args.push("--policy-url=" + policy_url);
}
if (engagement_name) {
job_args.push("--engagement-name=" + engagement_name);
}
if (modules && modules.length > 0) {
modules = modules.map(module => module.toUpperCase());
if (modules.includes("SAST")) {
job_args.push("--sast");
}
if (modules.includes("SCA")) {
job_args.push("--sca");
}
if (modules.includes("SECRET")) {
job_args.push("--secret");
}
if (process.env.MONGO_URI) {
job_args.push("--mongo-uri=" + process.env.MONGO_URI);
}
if (process.env.DEFECTDOJO_URL) {
job_args.push("--defectdojo-url=" + process.env.DEFECTDOJO_URL);
}
if (process.env.DEFECTDOJO_API) {
job_args.push("--defectdojo-token=" + process.env.DEFECTDOJO_API);
}
}
if (slack_url) {
job_args.push("--slack-url=" + slack_url);
}

// Let's write a scan job to the k8s cluster
let scanJob = {
"kind": "Job",
"metadata": {
"name": job_name
},
"spec": {
"ttlSecondsAfterFinished": 60,
"template": {
"spec": {
"containers": [
{
"name": "scanjob",
"image": "asia.gcr.io/mgmt-infra-applayer-01-0864/hela:0.2",
"imagePullPolicy": "Always",
"args": job_args,
}
],
"restartPolicy": "Never"
}
}
}
}
try {
let resp = await sendJobToK8S(scanJob);
res.status(200).json({
message: `Scan job ${job_name} started successfully!`,
});
}
catch (err) {
console.log(err);
res.status(500).json({
message: "Failed to start scan job",
error: err
});
}
});

app.get('/job-status', async (req, res) => {
try {
const job_id = req.query.job_id;

const client = await db;
// also to save space lets delete all records which are older than 1 day
await client.collection("jobs").deleteMany({ created_at: { $lt: new Date(Date.now() - 24 * 60 * 60 * 1000) } });
const job = await client.collection("jobs").findOne({ job_id: job_id });

if (job) {
res.status(200).json({ "status_code": 200, ...job });
} else {
res.status(404).json({ error: "Job not found, maybe its still processing?", "status_code": 404 });
}
} catch (error) {
console.error("Error fetching job status:", error);
res.status(500).json({ error: "Internal server error" });
}
});


app.listen(port, () => {
console.log(`Server is running on http://localhost:${port}`);
});
Loading

0 comments on commit b273bdc

Please sign in to comment.