From 8744de031ae86bf71eb3df5521c38ecb107d0a05 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jakub=20Dugovi=C4=8D?= Date: Fri, 15 Nov 2024 18:46:17 +0100 Subject: [PATCH] feat(webapp): add go controller for cves endpoint RHINENG-13545 --- deploy/clowdapp.yaml | 5 ++++ vmaas-go/base/utils/config.go | 2 ++ vmaas-go/base/utils/gin.go | 21 +++++++++++++ vmaas-go/go.mod | 2 +- vmaas-go/go.sum | 4 +-- vmaas-go/webapp/controllers/cves.go | 44 ++++++++++++++++++++++++++++ vmaas-go/webapp/controllers/utils.go | 18 +++++++----- vmaas-go/webapp/routes/routes.go | 6 ++++ 8 files changed, 91 insertions(+), 11 deletions(-) create mode 100644 vmaas-go/webapp/controllers/cves.go diff --git a/deploy/clowdapp.yaml b/deploy/clowdapp.yaml index c18c7d679..ea82e1616 100644 --- a/deploy/clowdapp.yaml +++ b/deploy/clowdapp.yaml @@ -51,6 +51,8 @@ objects: value: ${NEWER_RELEASEVER_REPOS} - name: NEWER_RELEASEVER_CSAF value: ${NEWER_RELEASEVER_CSAF} + - name: ENABLE_GO_CVES + value: ${ENABLE_GO_CVES} resources: limits: cpu: ${CPU_LIMIT_WEBAPP_GO} @@ -494,3 +496,6 @@ parameters: value: "true" - name: DB_DUMP_BUCKET value: insights-vmaas-dump-storage +- name: ENABLE_GO_CVES + description: Enable go implementation of the cves endpoint + value: "false" diff --git a/vmaas-go/base/utils/config.go b/vmaas-go/base/utils/config.go index 3fda49ccb..cca8fd67a 100644 --- a/vmaas-go/base/utils/config.go +++ b/vmaas-go/base/utils/config.go @@ -45,6 +45,7 @@ type Config struct { LogStyle string CacheRefreshInterval time.Duration EnableProfiler bool + EnableGoCves bool // lib UnfixedEvalEnabled bool @@ -134,6 +135,7 @@ func initEnv() { Cfg.VmaasLibMaxGoroutines = GetIntEnvOrDefault("VMAAS_LIB_MAX_GOROUTINES", 20) Cfg.NewerReleaseverRepos = GetBoolEnvOrDefault("NEWER_RELEASEVER_REPOS", true) Cfg.NewerReleaseverCsaf = GetBoolEnvOrDefault("NEWER_RELEASEVER_CSAF", true) + Cfg.EnableGoCves = GetBoolEnvOrDefault("ENABLE_GO_CVES", false) } func (e *Endpoint) BuildURL(scheme string) string { diff --git a/vmaas-go/base/utils/gin.go b/vmaas-go/base/utils/gin.go index 0403ff45e..a363707f9 100644 --- a/vmaas-go/base/utils/gin.go +++ b/vmaas-go/base/utils/gin.go @@ -5,6 +5,7 @@ import ( "fmt" "net/http" "strconv" + "strings" "time" "github.com/gin-gonic/gin" @@ -105,6 +106,25 @@ func respStatusError(c *gin.Context, code int, err error) { }) } +func processBadRequestErrMessage(err error) error { + errMessage := err.Error() + if strings.HasPrefix(errMessage, "parsing time") { + parts := strings.Split(errMessage, `"`) + if len(parts) < 2 { + return errors.New("Wrong date format (not ISO format with timezone)") + } + return errors.New("Wrong date format (not ISO format with timezone): " + parts[1]) + } + if strings.HasSuffix(errMessage, "looking for beginning of value") { + parts := strings.Split(errMessage, ` `) + if len(parts) < 3 { + return errors.New("malformed input") + } + return errors.New("malformed input: invalid character " + parts[2]) + } + return err +} + func LogAndRespError(c *gin.Context, err error) { if errors.Is(err, vmaas.ErrProcessingInput) { // if error is from processing the request, we should return 400 @@ -116,6 +136,7 @@ func LogAndRespError(c *gin.Context, err error) { } func LogAndRespBadRequest(c *gin.Context, err error) { + err = processBadRequestErrMessage(err) LogWarn("err", err.Error()) respStatusError(c, http.StatusBadRequest, err) } diff --git a/vmaas-go/go.mod b/vmaas-go/go.mod index 130372ae5..665815acf 100644 --- a/vmaas-go/go.mod +++ b/vmaas-go/go.mod @@ -13,7 +13,7 @@ require ( github.com/prometheus/client_golang v1.20.5 github.com/redhatinsights/app-common-go v1.6.8 github.com/redhatinsights/platform-go-middlewares v1.0.0 - github.com/redhatinsights/vmaas-lib v1.14.5 + github.com/redhatinsights/vmaas-lib v1.14.6 github.com/sirupsen/logrus v1.9.3 github.com/stretchr/testify v1.9.0 github.com/zsais/go-gin-prometheus v0.1.0 diff --git a/vmaas-go/go.sum b/vmaas-go/go.sum index 348b4d99b..95e892b95 100644 --- a/vmaas-go/go.sum +++ b/vmaas-go/go.sum @@ -116,8 +116,8 @@ github.com/redhatinsights/app-common-go v1.6.8 h1:hyExMp6WHprlGkHKElQvSFF2ZPX8XT github.com/redhatinsights/app-common-go v1.6.8/go.mod h1:KW0BK+bnhp3kXU8BFwebQXqCqjdkcRewZsDlXCSNMyo= github.com/redhatinsights/platform-go-middlewares v1.0.0 h1:OxyiYt+VmNo+UucK/ey0b6UDFnpCni6JoGPeisGmmNI= github.com/redhatinsights/platform-go-middlewares v1.0.0/go.mod h1:dRH6XOjiZDbw8STvk6NNC7mMwqhTaV7X+1tn1oXOs24= -github.com/redhatinsights/vmaas-lib v1.14.5 h1:5n2Rq0gzCZzsz/yU4pcaZLTZ9uKSDdpqu18Du6v7KtA= -github.com/redhatinsights/vmaas-lib v1.14.5/go.mod h1:fCpKKAkaxgxSSLTgJYPgA4xi3qizDiUiboeDWst1j2Q= +github.com/redhatinsights/vmaas-lib v1.14.6 h1:w3hqNztwA0ArliwySlqDYws4fzs0bbNcK2qp1AQsOdQ= +github.com/redhatinsights/vmaas-lib v1.14.6/go.mod h1:fCpKKAkaxgxSSLTgJYPgA4xi3qizDiUiboeDWst1j2Q= github.com/rogpeppe/go-internal v1.10.0 h1:TMyTOH3F/DB16zRVcYyreMH6GnZZrwQVAoYjRBZyWFQ= github.com/rogpeppe/go-internal v1.10.0/go.mod h1:UQnix2H7Ngw/k4C5ijL5+65zddjncjaFoBhdsK/akog= github.com/sirupsen/logrus v1.8.1/go.mod h1:yWOB1SBYBC5VeMP7gHvWumXLIWorT60ONWic61uBYv0= diff --git a/vmaas-go/webapp/controllers/cves.go b/vmaas-go/webapp/controllers/cves.go new file mode 100644 index 000000000..a744489f7 --- /dev/null +++ b/vmaas-go/webapp/controllers/cves.go @@ -0,0 +1,44 @@ +package controllers + +import ( + "net/http" + + "github.com/gin-gonic/gin" + "github.com/redhatinsights/vmaas-lib/vmaas" + "github.com/redhatinsights/vmaas/base/core" + "github.com/redhatinsights/vmaas/base/utils" +) + +func CvesHandler(c *gin.Context) { + if !isCacheLoaded(c) { + return + } + cve := c.Param("cve") + req := vmaas.CvesRequest{Cves: []string{cve}} + + res, err := core.VmaasAPI.Cves(&req) + if err != nil { + utils.LogAndRespError(c, err) + return + } + c.JSON(http.StatusOK, res) +} + +func CvesPostHandler(c *gin.Context) { + if !isCacheLoaded(c) { + return + } + req := vmaas.CvesRequest{} + err := bindValidateJSON(c, &req) + if err != nil { + utils.LogAndRespBadRequest(c, err) + return + } + + cves, err := core.VmaasAPI.Cves(&req) + if err != nil { + utils.LogAndRespError(c, err) + return + } + c.JSON(http.StatusOK, cves) +} diff --git a/vmaas-go/webapp/controllers/utils.go b/vmaas-go/webapp/controllers/utils.go index 3264f3a8a..a5ff8c4da 100644 --- a/vmaas-go/webapp/controllers/utils.go +++ b/vmaas-go/webapp/controllers/utils.go @@ -10,20 +10,22 @@ import ( "github.com/redhatinsights/vmaas/base/utils" ) -func bindValidateJSON(c *gin.Context, request *vmaas.Request) error { +func bindValidateJSON(c *gin.Context, request interface{}) error { if request == nil { return fmt.Errorf("nil vmaas request") } if err := c.BindJSON(request); err != nil { return err } - // validate module name:stream - for i, m := range request.Modules { - if m.Module == nil { - return fmt.Errorf("'module_name' is a required property - 'modules_list.%d'", i) - } - if m.Stream == nil { - return fmt.Errorf("'module_stream' is a required property - 'modules_list.%d'", i) + + if reqest, ok := (request).(*vmaas.Request); ok { + for i, m := range reqest.Modules { + if m.Module == nil { + return fmt.Errorf("'module_name' is a required property - 'modules_list.%d'", i) + } + if m.Stream == nil { + return fmt.Errorf("'module_stream' is a required property - 'modules_list.%d'", i) + } } } return nil diff --git a/vmaas-go/webapp/routes/routes.go b/vmaas-go/webapp/routes/routes.go index 4b86ffb5b..f6a2461f5 100644 --- a/vmaas-go/webapp/routes/routes.go +++ b/vmaas-go/webapp/routes/routes.go @@ -3,6 +3,7 @@ package routes import ( "github.com/gin-contrib/gzip" "github.com/gin-gonic/gin" + "github.com/redhatinsights/vmaas/base/utils" "github.com/redhatinsights/vmaas/webapp/controllers" ) @@ -12,4 +13,9 @@ func InitAPI(api *gin.RouterGroup) { api.POST("/updates", controllers.UpdatesPostHandler) api.GET("/vulnerabilities/:package", controllers.VulnerabilitiesHandler) api.POST("/vulnerabilities", controllers.VulnerabilitiesPostHandler) + + if utils.Cfg.EnableGoCves { + api.GET("/cves/:cve", controllers.CvesHandler) + api.POST("/cves", controllers.CvesPostHandler) + } }