diff --git a/.devcontainer/Dockerfile b/.devcontainer/Dockerfile index 6c78e3e..2b04db0 100644 --- a/.devcontainer/Dockerfile +++ b/.devcontainer/Dockerfile @@ -4,8 +4,8 @@ ARG VARIANT="1.20" FROM mcr.microsoft.com/vscode/devcontainers/go:0-${VARIANT} -COPY --from=aquasec/trivy:0.32.1 /usr/local/bin/trivy /usr/bin/trivy -COPY --from=securego/gosec:2.13.1 /bin/gosec /usr/bin/gosec +COPY --from=aquasec/trivy:0.38.3 /usr/local/bin/trivy /usr/bin/trivy +COPY --from=securego/gosec:2.15.0 /bin/gosec /usr/bin/gosec # [Choice] Node.js version: none, lts/*, 16, 14, 12, 10 ARG NODE_VERSION="none" diff --git a/assets/docker/Dockerfile b/assets/docker/Dockerfile index 5bb9731..1f6c1ba 100644 --- a/assets/docker/Dockerfile +++ b/assets/docker/Dockerfile @@ -1,4 +1,4 @@ -FROM dragonheim/golang:1.20 as builder +FROM nikatjef/golang:1.20 as builder ARG SEMVER=${SEMVER:-0.0.7} WORKDIR /gagent diff --git a/cmd/gagent/main.go b/cmd/gagent/main.go index 0b118da..495e630 100644 --- a/cmd/gagent/main.go +++ b/cmd/gagent/main.go @@ -52,19 +52,27 @@ var environment struct { UUID string `env:"GAGENT_UUID" envDefault:""` } -// This is the application version number. It can be overridden at build time -// using the -ldflags "-X main.semVER=0.0.1" option. +/* + * This is the application version number. It can be overridden at build time + * using the -ldflags "-X main.semVER=0.0.1" option. + */ var semVER = "0.0.6" -// This is the application configuration. It is populated from the configuration -// file and then used throughout the application. +/* + * This is the application configuration. It is populated from the configuration + * file and then used throughout the application. + */ var config gstructs.GagentConfig -// We use a WaitGroup to wait for all goroutines to finish before exiting. +/* + * We use a WaitGroup to wait for all goroutines to finish before exiting. + */ var wg sync.WaitGroup -// This is the main function, and it assumes that the configuration file has -// already been read and parsed by the init() function. +/* + * This is the main function, and it assumes that the configuration file has + * already been read and parsed by the init() function. + */ func main() { log.Printf("[DEBUG] Configuration is %v\n", config) @@ -117,11 +125,12 @@ func main() { os.Exit(0) } -// This is the init() function. It is called before the main() function, and -// it reads the configuration file, parses the command line arguments, and -// reads the environment variables. It also sets up the logging. +/* + * This is the init() function. It is called before the main() function, and + * it reads the configuration file, parses the command line arguments, and + * reads the environment variables. It also sets up the logging. + */ func init() { - // var err error autorestart.StartWatcher() cfg := environment diff --git a/docs/VULNERABILITIES.md b/docs/VULNERABILITIES.md index 75540ae..f715c01 100644 --- a/docs/VULNERABILITIES.md +++ b/docs/VULNERABILITIES.md @@ -1,27 +1,32 @@ ### [Source Code Scan](#source) - -IGNORED: We are not using the protocol buffers provided by gogo/protobuf ``` -2022-03-16T16:27:43.221-0700 INFO Need to update DB -2022-03-16T16:27:43.221-0700 INFO Downloading DB... -26.43 MiB / 26.43 MiB [---------------------------------------------------------------------------------------------------------------------------------------------------------------] 100.00% 5.71 MiB p/s 5s -2022-03-16T16:27:49.073-0700 INFO Number of language-specific files: 1 -2022-03-16T16:27:49.073-0700 INFO Detecting gomod vulnerabilities... +2023-03-15T06:59:15.989-0700 INFO Need to update DB +2023-03-15T06:59:15.989-0700 INFO DB Repository: ghcr.io/aquasecurity/trivy-db +2023-03-15T06:59:15.989-0700 INFO Downloading DB... +36.01 MiB / 36.01 MiB [-----------------------------------------------------------------------------------------------------------------------------------------------------------------] 100.00% 7.93 MiB p/s 4.7s +2023-03-15T06:59:21.791-0700 INFO Vulnerability scanning is enabled +2023-03-15T06:59:21.791-0700 INFO Secret scanning is enabled +2023-03-15T06:59:21.791-0700 INFO If your scanning is slow, please try '--scanners vuln' to disable secret scanning +2023-03-15T06:59:21.791-0700 INFO Please see also https://aquasecurity.github.io/trivy/v0.37/docs/secret/scanning/#recommendation for faster secret detection +2023-03-15T06:59:25.698-0700 INFO Number of language-specific files: 1 +2023-03-15T06:59:25.699-0700 INFO Detecting gomod vulnerabilities... -go.sum (gomod) -============== -Total: 1 (UNKNOWN: 0, LOW: 0, MEDIUM: 0, HIGH: 1, CRITICAL: 0) - -+--------------------------+------------------+----------+-------------------+---------------+--------------------------------------+ -| LIBRARY | VULNERABILITY ID | SEVERITY | INSTALLED VERSION | FIXED VERSION | TITLE | -+--------------------------+------------------+----------+-------------------+---------------+--------------------------------------+ -| github.com/gogo/protobuf | CVE-2021-3121 | HIGH | 1.1.1 | 1.3.2 | gogo/protobuf: | -| | | | | | plugin/unmarshal/unmarshal.go | -| | | | | | lacks certain index validation | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-3121 | -+--------------------------+------------------+----------+-------------------+---------------+--------------------------------------+ +Total: 0 (UNKNOWN: 0, LOW: 0, MEDIUM: 0, HIGH: 0, CRITICAL: 0) ``` + --- ### [Image Scan](#image) +``` +2023-03-15T07:05:44.377-0700 INFO Vulnerability scanning is enabled +2023-03-15T07:05:44.377-0700 INFO Secret scanning is enabled +2023-03-15T07:05:44.377-0700 INFO If your scanning is slow, please try '--scanners vuln' to disable secret scanning +2023-03-15T07:05:44.377-0700 INFO Please see also https://aquasecurity.github.io/trivy/v0.37/docs/secret/scanning/#recommendation for faster secret detection +2023-03-15T07:05:44.731-0700 INFO Detected OS: alpine +2023-03-15T07:05:44.731-0700 INFO Detecting Alpine vulnerabilities... +2023-03-15T07:05:44.732-0700 INFO Number of language-specific files: 1 +2023-03-15T07:05:44.732-0700 INFO Detecting gobinary vulnerabilities... -NONE \ No newline at end of file +dragonheim/gagent:0.0.7 (alpine 3.17.2) + +Total: 0 (UNKNOWN: 0, LOW: 0, MEDIUM: 0, HIGH: 0, CRITICAL: 0) +``` \ No newline at end of file diff --git a/internal/chaindb/chaindb.go b/internal/chaindb/chaindb.go index 7998a14..54c1712 100644 --- a/internal/chaindb/chaindb.go +++ b/internal/chaindb/chaindb.go @@ -9,8 +9,9 @@ import ( gstructs "github.com/dragonheim/gagent/internal/gstructs" hclsimple "github.com/hashicorp/hcl/v2/hclsimple" - // hclwrite "github.com/hashicorp/hcl/v2/hclwrite" -) + /* + * hclwrite "github.com/hashicorp/hcl/v2/hclwrite" + */) type GagentDb struct { chainRow []*gagentDbRow `hcl:"timestamp,block"` diff --git a/internal/client/client.go b/internal/client/client.go index 3ed08a2..413eb93 100644 --- a/internal/client/client.go +++ b/internal/client/client.go @@ -18,13 +18,13 @@ import ( ) /* -Client mode will send an agent file to a router for processing -Clients do not process the agent files, only send them as -requests to a router. If started without arguments, the client -will contact the router and attempt to retrieve the results -of it's most recent request. -Main is the entrypoint for the client process -*/ + * Client mode will send an agent file to a router for processing + * Clients do not process the agent files, only send them as + * requests to a router. If started without arguments, the client + * will contact the router and attempt to retrieve the results + * of it's most recent request. + * Main is the entrypoint for the client process + */ func Main(wg *sync.WaitGroup, config gstructs.GagentConfig) { log.Printf("[INFO] Starting client\n") defer wg.Done() @@ -102,7 +102,6 @@ func sendAgent(wg *sync.WaitGroup, uuid string, connectString string, agent gstr status, err := sock.SendMessage(agent) if err != nil { log.Printf("[ERROR] Failed to send agent to router\n") - // os.Exit(11) return } log.Printf("[DEBUG] Agent send status: %d\n", status) diff --git a/internal/gstructs/gstructs.go b/internal/gstructs/gstructs.go index 342ec70..82faf20 100644 --- a/internal/gstructs/gstructs.go +++ b/internal/gstructs/gstructs.go @@ -1,6 +1,8 @@ package gstructs -// GagentConfig is the primary construct used by all modes +/* + * GagentConfig is the primary construct used by all modes + */ type GagentConfig struct { Name string `hcl:"name,optional"` Mode string `hcl:"mode,attr"` diff --git a/internal/router/router.go b/internal/router/router.go index 9fbda89..8f19480 100644 --- a/internal/router/router.go +++ b/internal/router/router.go @@ -24,13 +24,13 @@ var ( ) /* -The 'router' processes routing requests from the agent. The router does -not handle any of the agent activities beyond processing the agent's -list of tags and passing the agent and it's storage to either a member -or client node. Tags are used by the agent to give hints as to where -it should be routed. -Main is the entrypoint for the router -*/ + * The 'router' processes routing requests from the agent. The router does + * not handle any of the agent activities beyond processing the agent's + * list of tags and passing the agent and it's storage to either a member + * or client node. Tags are used by the agent to give hints as to where + * it should be routed. + * Main is the entrypoint for the router + */ func Main(wg *sync.WaitGroup, config gstructs.GagentConfig) { log.Printf("[INFO] Starting router\n") defer wg.Done() @@ -139,7 +139,9 @@ func unwrap(msg []string) (head string, tail []string) { func answerClient(w http.ResponseWriter, r *http.Request) { if r.URL.Path != "/" { opsProcessed.Inc() - // fmt.Fprintf(w, "%v\n", r) + /* + * fmt.Fprintf(w, "%v\n", r) + */ http.NotFound(w, r) return } diff --git a/internal/setup/setup.go b/internal/setup/setup.go index 983de6b..4350dc1 100644 --- a/internal/setup/setup.go +++ b/internal/setup/setup.go @@ -12,8 +12,8 @@ import ( ) /* -Main is the entrypoint for the setup process -*/ + * Main is the entrypoint for the setup process + */ func Main(wg *sync.WaitGroup, config gs.GagentConfig) { log.Printf("[INFO] Starting setup\n") defer wg.Done() @@ -31,13 +31,15 @@ func Main(wg *sync.WaitGroup, config gs.GagentConfig) { clientBlock1 := rootBody.AppendNewBlock("client", []string{config.Name}) clientBody1 := clientBlock1.Body() - // clientBody1.AppendUnstructuredTokens( - // hclwrite.TokensForTraversal(hcl.Traversal{ - // hcl.TraverseRoot{ - // Name: hcl.CommentGenerator("comment"), - // }, - // }, - // )) + /* + * clientBody1.AppendUnstructuredTokens( + * hclwrite.TokensForTraversal(hcl.Traversal{ + * hcl.TraverseRoot{ + * Name: hcl.CommentGenerator("comment"), + * }, + * }, + * )) + */ clientBody1.SetAttributeValue("clientid", cty.StringVal(config.UUID)) rootBody.AppendNewline() diff --git a/internal/worker/worker.go b/internal/worker/worker.go index 71929f0..8cb4d12 100644 --- a/internal/worker/worker.go +++ b/internal/worker/worker.go @@ -7,7 +7,9 @@ import ( gstructs "github.com/dragonheim/gagent/internal/gstructs" - // picol "github.com/dragonheim/gagent/src/picol" + /* + * picol "github.com/dragonheim/gagent/src/picol" + */ prometheus "github.com/prometheus/client_golang/prometheus" promauto "github.com/prometheus/client_golang/prometheus/promauto" @@ -22,12 +24,12 @@ var ( ) /* -The "worker" processes the agent code. The worker nodes do not know -anything about the network structure. Instead they know only to which -router(s) they are connected. The worker will execute the agent code and -pass the agent and it's results to a router. -Main is the entrypoint for the worker process -*/ + * The "worker" processes the agent code. The worker nodes do not know + * anything about the network structure. Instead they know only to which + * router(s) they are connected. The worker will execute the agent code and + * pass the agent and it's results to a router. + * Main is the entrypoint for the worker process + */ func Main(wg *sync.WaitGroup, config gstructs.GagentConfig) { log.Printf("[INFO] Starting worker\n") defer wg.Done() @@ -46,7 +48,9 @@ func Main(wg *sync.WaitGroup, config gstructs.GagentConfig) { wg.Add(1) go getAgent(wg, config.UUID, connectString) } - // workerListener := fmt.Sprintf("tcp://%s:%d", config.ListenAddr, config.WorkerPort) + /* + * workerListener := fmt.Sprintf("tcp://%s:%d", config.ListenAddr, config.WorkerPort) + */ }