-
Notifications
You must be signed in to change notification settings - Fork 0
/
main.go
120 lines (103 loc) · 2.78 KB
/
main.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
package main
import (
"context"
"encoding/json"
"fmt"
"io"
"net/http"
"os"
"sort"
"strings"
"time"
"github.com/google/go-github/v47/github"
log "github.com/sirupsen/logrus"
"golang.org/x/oauth2"
)
type CVEInfo struct {
ID string `json:"id"`
GithubUrl string `json:"url"`
ExternalUrl string `json:"external_url"`
Summary string `json:"summary"`
}
type K8sCVEs struct {
Items []CVEInfo `json:"items"`
}
type ById []CVEInfo
func (a ById) Len() int { return len(a) }
func (a ById) Swap(i, j int) { a[i], a[j] = a[j], a[i] }
func (a ById) Less(i, j int) bool { return a[i].ID > a[j].ID }
func init() {
log.SetFormatter(&log.JSONFormatter{})
log.SetOutput(os.Stdout)
log.SetLevel(log.InfoLevel)
}
func main() {
url := os.Getenv("CVE_FEED")
httpClient := http.Client{
Timeout: time.Second * 10,
}
req, err := http.NewRequest(http.MethodGet, url, nil)
if err != nil {
log.Fatal(err)
}
req.Header.Set("User-Agent", "kubernetes-sec-alert")
res, err := httpClient.Do(req)
if err != nil {
log.Fatal(err)
}
if res.Body != nil {
defer res.Body.Close()
}
body, readErr := io.ReadAll(res.Body)
if readErr != nil {
log.Fatal(readErr)
}
var k8scves K8sCVEs
err = json.Unmarshal(body, &k8scves)
if err != nil {
log.Fatal(err)
}
sort.Sort(sort.Reverse(ById(k8scves.Items)))
ctx := context.Background()
ts := oauth2.StaticTokenSource(
&oauth2.Token{AccessToken: os.Getenv("GH_TOKEN")},
)
tc := oauth2.NewClient(ctx, ts)
client := github.NewClient(tc)
for _, cve := range k8scves.Items {
issueLabel := strings.ToLower(cve.ID)
_, _, err := client.Issues.GetLabel(ctx, os.Getenv("REPO_OWNER"), os.Getenv("REPO_NAME"), issueLabel)
if err != nil {
labelColor := "d82521"
label := &github.Label{Name: &issueLabel, Color: &labelColor}
_, _, err = client.Issues.CreateLabel(ctx, os.Getenv("REPO_OWNER"), os.Getenv("REPO_NAME"), label)
if err != nil {
log.Warn("Failed to create label, ", err)
} else {
log.Info("Label " + issueLabel + " created")
}
}
searchQuery := "user:" + os.Getenv("REPO_OWNER") + " repo:" + os.Getenv("REPO_NAME") + " label:" + issueLabel
existingIssues, _, err := client.Search.Issues(ctx, searchQuery, nil)
if err != nil {
log.Warn(err)
}
totalIssues := existingIssues.Total
if int(*totalIssues) == 0 {
issueTitle := cve.ID + ": " + cve.Summary
issueBody := fmt.Sprintf("Github URL: %s", cve.GithubUrl)
issue := &github.IssueRequest{
Title: &issueTitle,
Labels: &[]string{issueLabel},
Body: &issueBody,
}
_, _, err := client.Issues.Create(ctx, os.Getenv("REPO_OWNER"), os.Getenv("REPO_NAME"), issue)
if err != nil {
log.Warn("Failed to issue, ", err)
} else {
log.Info("Issue " + issueLabel + " created")
}
}
time.Sleep(5 * time.Second)
}
}