From 913f3abafa2dd952e6d55f75ad91b56162971f1c Mon Sep 17 00:00:00 2001 From: sg Date: Thu, 26 Sep 2024 12:19:26 +0100 Subject: [PATCH] fix #379, add significantly more error logging to the elasticsearch consumer --- components/consumers/elasticsearch/main.go | 79 ++++++++++++++-------- 1 file changed, 50 insertions(+), 29 deletions(-) diff --git a/components/consumers/elasticsearch/main.go b/components/consumers/elasticsearch/main.go index 81c3d3c5a..760a44315 100644 --- a/components/consumers/elasticsearch/main.go +++ b/components/consumers/elasticsearch/main.go @@ -10,12 +10,15 @@ import ( "strings" "time" + "github.com/go-errors/errors" + v1 "github.com/ocurity/dracon/api/proto/v1" "github.com/ocurity/dracon/components/consumers" "github.com/ocurity/dracon/pkg/enumtransformers" "github.com/ocurity/dracon/pkg/templating" elasticsearch "github.com/elastic/go-elasticsearch/v8" + "github.com/elastic/go-elasticsearch/v8/esapi" ) var ( @@ -61,19 +64,24 @@ func main() { flag.Parse() if err := parseFlags(); err != nil { + slog.Error("could not parse incoming flags", slog.Any("error", err)) log.Fatal(err) } + slog.Debug("connecting to elasticsearch") es, err := getESClient() if err != nil { - log.Fatal("could not contact remote Elasticsearch: ", err) + slog.Error("could not contact remote Elasticsearch: ", slog.Any("error", err)) + log.Fatal(err) } + slog.Debug("successfully connected to elasticsearch") if consumers.Raw { slog.Debug("Parsing Raw results") responses, err := consumers.LoadToolResponse() if err != nil { - log.Fatal("could not load raw results, file malformed: ", err) + slog.Error("could not load raw results, file malformed: ", slog.Any("error", err)) + log.Fatal(err) } numIssues := 0 for _, res := range responses { @@ -85,18 +93,19 @@ func main() { log.Fatal("Could not parse raw issue", err) } res, err := es.Index(esIndex, bytes.NewBuffer(b)) - log.Printf("%+v", res) - if err != nil { - log.Fatal("Could not push raw issue", err) + if err != nil || res.StatusCode != 200 || res.IsError() { + slog.Error("could not push raw issue", slog.Any("error", err), slog.Int("status code received", res.StatusCode), slog.String("elasticsearch result", dumpStringResponse(res)), "to", slog.String("index", esIndex)) + log.Fatal(err) } } } - slog.Info("Pushed", "numIssues", numIssues, "issues to Elasticsearch", "") + slog.Info("Pushed issues to Elasticsearch", slog.Int("numIssues", numIssues)) } else { - log.Print("Parsing Enriched results") + slog.Debug("Parsing Enriched results") responses, err := consumers.LoadEnrichedToolResponse() if err != nil { - log.Fatal("could not load enriched results, file malformed: ", err) + slog.Error("could not load enriched results, file malformed: ", slog.Any("error", err)) + log.Fatal(err) } numIssues := 0 for _, res := range responses { @@ -105,22 +114,26 @@ func main() { for _, iss := range res.GetIssues() { b, err := getEnrichedIssue(scanStartTime, res, iss) if err != nil { - log.Fatal("Could not parse enriched issue", err) + slog.Error("Could not parse enriched issue", slog.Any("error", err)) + log.Fatal(err) } res, err := es.Index(esIndex, bytes.NewBuffer(b)) - if err != nil || res.IsError() { - log.Fatal("Could not push enriched issue", err, "received", res.StatusCode) + if err != nil || res.StatusCode != 200 || res.IsError() { + slog.Error("could not push enriched issue", slog.Any("error", err), slog.Int("status code received", res.StatusCode), slog.String("elasticsearch result", dumpStringResponse(res)), "to", slog.String("index", esIndex)) + log.Fatal(err) } } } - slog.Info("Pushed", "numIssues", numIssues, "issues to Elasticsearch", "") + slog.Info("Pushed issues to Elasticsearch", slog.Int("numIssues", numIssues)) } } - +func dumpStringResponse(res *esapi.Response) string { + return res.String() +} func getRawIssue(scanStartTime time.Time, res *v1.LaunchToolResponse, iss *v1.Issue) ([]byte, error) { description, err := templating.TemplateStringRaw(issueTemplate, iss) if err != nil { - log.Fatal("Could not template raw issue ", err) + return nil, errors.Errorf("Could not template raw issue %w", err) } jBytes, err := json.Marshal(&esDocument{ ScanStartTime: scanStartTime, @@ -140,7 +153,7 @@ func getRawIssue(scanStartTime time.Time, res *v1.LaunchToolResponse, iss *v1.Is CVE: iss.GetCve(), }) if err != nil { - return []byte{}, err + return nil, errors.Errorf("could not marshal elasticsearch document, err: %w", err) } return jBytes, nil } @@ -148,7 +161,7 @@ func getRawIssue(scanStartTime time.Time, res *v1.LaunchToolResponse, iss *v1.Is func getEnrichedIssue(scanStartTime time.Time, res *v1.EnrichedLaunchToolResponse, iss *v1.EnrichedIssue) ([]byte, error) { description, err := templating.TemplateStringEnriched(issueTemplate, iss) if err != nil { - log.Fatal("Could not template raw issue ", err) + return nil, errors.Errorf("Could not template raw issue %w", err) } firstSeenTime := iss.GetFirstSeen().AsTime() jBytes, err := json.Marshal(&esDocument{ @@ -172,7 +185,7 @@ func getEnrichedIssue(scanStartTime time.Time, res *v1.EnrichedLaunchToolRespons Annotations: iss.GetAnnotations(), }) if err != nil { - return []byte{}, err + return nil, errors.Errorf("could not marshal elasticsearch document, err: %w", err) } return jBytes, nil } @@ -202,6 +215,11 @@ func getESClient() (*elasticsearch.Client, error) { var es *elasticsearch.Client var err error var esConfig elasticsearch.Config = elasticsearch.Config{} + type esInfo struct { + Version struct { + Number string `json:"number"` + } `json:"version"` + } if basicAuthUser != "" && basicAuthPass != "" { esConfig.Username = basicAuthUser @@ -219,24 +237,27 @@ func getESClient() (*elasticsearch.Client, error) { es, err = elasticsearch.NewClient(esConfig) if err != nil { - return nil, err - } - type esInfo struct { - Version struct { - Number string `json:"number"` - } `json:"version"` + return nil, errors.Errorf("could not get elasticsearch client err: %w", err) } + // prove connection by attempting to retrieve cluster info, this requires read access to the cluster info + var info esInfo res, err := es.Info() if err != nil { - return nil, err + return nil, errors.Errorf("could not get cluster information as proof of connection, err: %w, raw response: %s", err, dumpStringResponse(res)) } - var info esInfo - if err := json.NewDecoder(res.Body).Decode(&info); err != nil { - return nil, err + if res.StatusCode != 200 || res.IsError() { + return nil, errors.Errorf("could not contact Elasticsearch, attempted to retrieve cluster info and got status code: %d as a result, body: %s", res.StatusCode, dumpStringResponse(res)) } + + slog.Debug("received info from elasticsearch successfully") + body := json.NewDecoder(res.Body) + if err := body.Decode(&info); err != nil { + return nil, errors.Errorf("could not decode elasticsearch cluster information %w", err) + } + if info.Version.Number[0] != '8' { - return nil, fmt.Errorf("unsupported ES Server version %s", info.Version.Number) + return nil, errors.Errorf("unsupported elasticsearch server version %s only version 8.x is supported, got %s instead", info.Version.Number, info.Version.Number) } - return es, err + return es, nil }