ca0e1ca769
This is an initial import of the osel codebase. The osel tool is a tool that initiates external security scans (initially through Qualys) upon reciept of AMQP events that indicate certain sensitive events have occurred, like a security group rule change. The commit history had to be thrown away because it contained some non-public data, so I would like to call out the following contributors: This uses go 1.10 and vgo for dependency management. Co-Authored-By: Charles Bitter <Charles_Bitter@cable.comcast.com> Co-Authored-By: Olivier Gagnon <Olivier_Gagnon@cable.comcast.com> Co-Authored-By: Joseph Sleiman <Joseph_Sleiman@comcast.com> Change-Id: Ib6abe2024fd91978b783ceee4cff8bb4678d7b15
58 lines
1.7 KiB
Go
58 lines
1.7 KiB
Go
package main
|
|
|
|
import (
|
|
"encoding/json"
|
|
"log"
|
|
"strings"
|
|
)
|
|
|
|
// EventProcessor is an Interface for event-specific classes that will process
|
|
// events based on their specific fiends.
|
|
type EventProcessor interface {
|
|
FormatLogs(*Event, []string) ([]string, error)
|
|
FillExtraData(*Event, OpenStackActioner) error
|
|
}
|
|
|
|
// Event is a class representing an event accepted from the AMQP, and the
|
|
// additional attributes that have been parsed from it.
|
|
type Event struct {
|
|
EventData *openStackEvent
|
|
RawData []byte
|
|
IPs map[string][]string
|
|
SecurityGroupRules []*osSecurityGroupRule
|
|
LogLines []string
|
|
Processor EventProcessor
|
|
QualysScanID string
|
|
QualysScanError string
|
|
}
|
|
|
|
// ParseEvent takes the []byte that has been received from the AMQP message,
|
|
// demarshals the JSON, and then returns the event data as well as an event
|
|
// processor specific to that type of event.
|
|
func ParseEvent(message []byte) (Event, error) {
|
|
var osEvent openStackEvent
|
|
if err := json.Unmarshal(message, &osEvent); err != nil {
|
|
return Event{}, err
|
|
}
|
|
|
|
e := Event{
|
|
EventData: &osEvent,
|
|
RawData: message,
|
|
}
|
|
|
|
if Debug {
|
|
log.Printf("Event detected: %s\n", osEvent.EventType)
|
|
}
|
|
|
|
switch {
|
|
case strings.Contains(e.EventData.EventType, "security_group_rule.create.end"):
|
|
e.Processor = EventSecurityGroupRuleChange{ChangeType: "sg_rule_add"}
|
|
case strings.Contains(e.EventData.EventType, "security_group_rule.delete.end"):
|
|
e.Processor = EventSecurityGroupRuleChange{ChangeType: "sg_rule_del"}
|
|
// case strings.Contains(e.EventData.EventType, "port.create.end"):
|
|
// e.Processor = EventPortChange{ChangeType: "port_create"}
|
|
}
|
|
|
|
return e, nil
|
|
}
|