def main(parsed_args):
# -- Init
cmd = parsed_args.get_command()
parsed_args = parsed_args.get_extra_args()
# Executes start sub-command
if cmd == 'start':
ds = DagdaServer(dagda_server_host=parsed_args.get_server_host(),
dagda_server_port=parsed_args.get_server_port(),
mongodb_host=parsed_args.get_mongodb_host(),
mongodb_port=parsed_args.get_mongodb_port())
ds.run()
else:
dagda_base_url = get_dagda_base_url()
# -- Executes vuln sub-command
if cmd == 'vuln':
if parsed_args.is_initialization_required():
# Init db
r = requests.post(dagda_base_url + '/vuln/init')
elif parsed_args.is_init_status_requested():
# Retrieves the init status
r = requests.get(dagda_base_url + '/vuln/init-status')
else:
if parsed_args.get_cve():
# Gets products by CVE
r = requests.get(dagda_base_url + '/vuln/cve/' +
parsed_args.get_cve())
elif parsed_args.get_bid():
# Gets products by BID
r = requests.get(dagda_base_url + '/vuln/bid/' +
str(parsed_args.get_bid()))
elif parsed_args.get_exploit_db_id():
# Gets products by Exploit DB Id
r = requests.get(dagda_base_url + '/vuln/exploit/' +
str(parsed_args.get_exploit_db_id()))
else:
# Gets CVEs, BIDs and Exploit_DB Ids by product and version
if not parsed_args.get_product_version():
r = requests.get(dagda_base_url + '/vuln/products/' +
parsed_args.get_product())
else:
r = requests.get(dagda_base_url + '/vuln/products/' +
parsed_args.get_product() + '/' +
parsed_args.get_product_version())
# Executes check sub-command
elif cmd == 'check':
if parsed_args.get_docker_image_name():
r = requests.post(dagda_base_url + '/check/images/' +
parsed_args.get_docker_image_name())
else:
r = requests.post(dagda_base_url + '/check/containers/' +
parsed_args.get_container_id())
# Executes history sub-command
elif cmd == 'history':
# Gets the history
query_params = ''
if parsed_args.get_report_id() is not None:
query_params = '?id=' + parsed_args.get_report_id()
r = requests.get(dagda_base_url + '/history/' +
parsed_args.get_docker_image_name() +
query_params)
# Executes monitor sub-command
elif cmd == 'monitor':
if parsed_args.is_start():
r = requests.post(dagda_base_url + '/monitor/containers/' +
parsed_args.get_container_id() + '/start')
elif parsed_args.is_stop():
r = requests.post(dagda_base_url + '/monitor/containers/' +
parsed_args.get_container_id() + '/stop')
# -- Print cmd output
if r is not None:
print(
json.dumps(json.loads(r.content.decode('utf-8')),
sort_keys=True,
indent=4))
def execute_dagda_cmd(cmd, args):
# Init
r = None
# Executes start sub-command
if cmd == 'start':
from api.dagda_server import DagdaServer
ds = DagdaServer(dagda_server_host=args.get_server_host(),
dagda_server_port=args.get_server_port(),
mongodb_host=args.get_mongodb_host(),
mongodb_port=args.get_mongodb_port(),
mongodb_ssl=args.is_mongodb_ssl_enabled(),
mongodb_user=args.get_mongodb_user(),
mongodb_pass=args.get_mongodb_pass(),
falco_rules_filename=args.get_falco_rules_filename(),
external_falco_output_filename=args.get_external_falco_output_filename(),
debug_logging=args.is_debug_logging_required())
ds.run()
# Executes agent sub-command
elif cmd == 'agent':
from remote.agent import Agent
agent = Agent(dagda_server_url='http://' + args.get_dagda_server() + '/v1')
agent.run_static_analysis(image_name=args.get_docker_image_name(),
container_id=args.get_container_id())
# CLI commands
else:
dagda_base_url = _get_dagda_base_url()
# -- Executes vuln sub-command
if cmd == 'vuln':
if args.is_initialization_required():
# Init db
r = requests.post(dagda_base_url + '/vuln/init')
elif args.is_init_status_requested():
# Retrieves the init status
r = requests.get(dagda_base_url + '/vuln/init-status')
else:
if args.get_cve():
# Gets products by CVE
r = requests.get(dagda_base_url + '/vuln/cve/' + args.get_cve())
elif args.get_cve_info():
# Gets CVE details
r = requests.get(dagda_base_url + '/vuln/cve/' + args.get_cve_info() + '/details')
elif args.get_bid():
# Gets products by BID
r = requests.get(dagda_base_url + '/vuln/bid/' + str(args.get_bid()))
elif args.get_bid_info():
# Gets BID details
r = requests.get(dagda_base_url + '/vuln/bid/' + str(args.get_bid_info()) + '/details')
elif args.get_exploit_db_id():
# Gets products by Exploit DB Id
r = requests.get(dagda_base_url + '/vuln/exploit/' + str(args.get_exploit_db_id()))
elif args.get_exploit_db_info_id():
# Gets Exploit details
r = requests.get(dagda_base_url + '/vuln/exploit/' + str(args.get_exploit_db_info_id()) +
'/details')
elif args.get_rhsa():
# Gets products by RHSA
r = requests.get(dagda_base_url + '/vuln/rhsa/' + args.get_rhsa())
elif args.get_rhsa_info():
# Gets RHSA details
r = requests.get(dagda_base_url + '/vuln/rhsa/' + args.get_rhsa_info() + '/details')
elif args.get_rhba():
# Gets products by RHBA
r = requests.get(dagda_base_url + '/vuln/rhba/' + args.get_rhba())
elif args.get_rhba_info():
# Gets RHBA details
r = requests.get(dagda_base_url + '/vuln/rhba/' + args.get_rhba_info() + '/details')
else:
# Gets CVEs, BIDs, RHBAs, RHSAs and Exploit_DB Ids by product and version
if not args.get_product_version():
r = requests.get(dagda_base_url + '/vuln/products/' + args.get_product())
else:
r = requests.get(dagda_base_url + '/vuln/products/' + args.get_product() + '/' +
args.get_product_version())
# Executes check sub-command
elif cmd == 'check':
if args.get_docker_image_name():
r = requests.post(dagda_base_url + '/check/images/' + args.get_docker_image_name())
else:
r = requests.post(dagda_base_url + '/check/containers/' + args.get_container_id())
# Executes history sub-command
elif cmd == 'history':
# Gets the global history
if not args.get_docker_image_name():
r = requests.get(dagda_base_url + '/history')
else:
# Updates product vulnerability as false positive
if args.get_fp() is not None:
fp_product, fp_version = args.get_fp()
if fp_version is not None:
fp_product += '/' + fp_version
r = requests.patch(dagda_base_url + '/history/' + args.get_docker_image_name() + '/fp/'
+ fp_product)
# Checks if a product vulnerability is a false positive
if args.get_is_fp() is not None:
fp_product, fp_version = args.get_is_fp()
if fp_version is not None:
fp_product += '/' + fp_version
r = requests.get(dagda_base_url + '/history/' + args.get_docker_image_name() + '/fp/'
+ fp_product)
# Gets the image history
else:
query_params = ''
if args.get_report_id() is not None:
query_params = '?id=' + args.get_report_id()
r = requests.get(dagda_base_url + '/history/' + args.get_docker_image_name() + query_params)
# Executes monitor sub-command
elif cmd == 'monitor':
if args.is_start():
r = requests.post(dagda_base_url + '/monitor/containers/' + args.get_container_id() + '/start')
elif args.is_stop():
r = requests.post(dagda_base_url + '/monitor/containers/' + args.get_container_id() + '/stop')
# Executes docker sub-command
elif cmd == 'docker':
query_params = ''
if args.get_command() == 'events':
if args.get_event_action() or args.get_event_from() or args.get_event_type():
query_params = '?'
if args.get_event_action():
query_params += 'event_action=' + args.get_event_action()
if args.get_event_from():
if query_params != '?':
query_params += '&'
query_params += 'event_from=' + args.get_event_from()
if args.get_event_type():
if query_params != '?':
query_params += '&'
query_params += 'event_type=' + args.get_event_type()
r = requests.get(dagda_base_url + '/docker/' + args.get_command() + query_params)
# Return
return r
def execute_dagda_cmd(cmd, args):
# Init
r = None
# Executes start sub-command
if cmd == 'start':
from api.dagda_server import DagdaServer
ds = DagdaServer(dagda_server_host=args.get_server_host(),
dagda_server_port=args.get_server_port(),
mongodb_host=args.get_mongodb_host(),
mongodb_port=args.get_mongodb_port(),
mongodb_ssl=args.is_mongodb_ssl_enabled(),
mongodb_user=args.get_mongodb_user(),
mongodb_pass=args.get_mongodb_pass(),
falco_rules_filename=args.get_falco_rules_filename())
ds.run()
# Executes agent sub-command
elif cmd == 'agent':
from remote.agent import Agent
agent = Agent(dagda_server_url='http://' + args.get_dagda_server() +
'/v1')
agent.run_static_analysis(image_name=args.get_docker_image_name(),
container_id=args.get_container_id())
# CLI commands
else:
dagda_base_url = _get_dagda_base_url()
# -- Executes vuln sub-command
if cmd == 'vuln':
if args.is_initialization_required():
# Init db
r = requests.post(dagda_base_url + '/vuln/init')
elif args.is_init_status_requested():
# Retrieves the init status
r = requests.get(dagda_base_url + '/vuln/init-status')
else:
if args.get_cve():
# Gets products by CVE
r = requests.get(dagda_base_url + '/vuln/cve/' +
args.get_cve())
elif args.get_cve_info():
# Gets CVE details
r = requests.get(dagda_base_url + '/vuln/cve/' +
args.get_cve_info() + '/details')
elif args.get_bid():
# Gets products by BID
r = requests.get(dagda_base_url + '/vuln/bid/' +
str(args.get_bid()))
elif args.get_bid_info():
# Gets BID details
r = requests.get(dagda_base_url + '/vuln/bid/' +
str(args.get_bid_info()) + '/details')
elif args.get_exploit_db_id():
# Gets products by Exploit DB Id
r = requests.get(dagda_base_url + '/vuln/exploit/' +
str(args.get_exploit_db_id()))
elif args.get_exploit_db_info_id():
# Gets Exploit details
r = requests.get(dagda_base_url + '/vuln/exploit/' +
str(args.get_exploit_db_info_id()) +
'/details')
elif args.get_rhsa():
# Gets products by RHSA
r = requests.get(dagda_base_url + '/vuln/rhsa/' +
args.get_rhsa())
elif args.get_rhsa_info():
# Gets RHSA details
r = requests.get(dagda_base_url + '/vuln/rhsa/' +
args.get_rhsa_info() + '/details')
elif args.get_rhba():
# Gets products by RHBA
r = requests.get(dagda_base_url + '/vuln/rhba/' +
args.get_rhba())
elif args.get_rhba_info():
# Gets RHBA details
r = requests.get(dagda_base_url + '/vuln/rhba/' +
args.get_rhba_info() + '/details')
else:
# Gets CVEs, BIDs, RHBAs, RHSAs and Exploit_DB Ids by product and version
if not args.get_product_version():
r = requests.get(dagda_base_url + '/vuln/products/' +
args.get_product())
else:
r = requests.get(dagda_base_url + '/vuln/products/' +
args.get_product() + '/' +
args.get_product_version())
# Executes check sub-command
elif cmd == 'check':
if args.get_docker_image_name():
r = requests.post(dagda_base_url + '/check/images/' +
args.get_docker_image_name())
else:
r = requests.post(dagda_base_url + '/check/containers/' +
args.get_container_id())
# Executes history sub-command
elif cmd == 'history':
# Gets the global history
if not args.get_docker_image_name():
r = requests.get(dagda_base_url + '/history')
else:
# Updates product vulnerability as false positive
if args.get_fp() is not None:
fp_product, fp_version = args.get_fp()
if fp_version is not None:
fp_product += '/' + fp_version
r = requests.patch(dagda_base_url + '/history/' +
args.get_docker_image_name() + '/fp/' +
fp_product)
# Checks if a product vulnerability is a false positive
if args.get_is_fp() is not None:
fp_product, fp_version = args.get_is_fp()
if fp_version is not None:
fp_product += '/' + fp_version
r = requests.get(dagda_base_url + '/history/' +
args.get_docker_image_name() + '/fp/' +
fp_product)
# Gets the image history
else:
query_params = ''
if args.get_report_id() is not None:
query_params = '?id=' + args.get_report_id()
r = requests.get(dagda_base_url + '/history/' +
args.get_docker_image_name() +
query_params)
# Executes monitor sub-command
elif cmd == 'monitor':
if args.is_start():
r = requests.post(dagda_base_url + '/monitor/containers/' +
args.get_container_id() + '/start')
elif args.is_stop():
r = requests.post(dagda_base_url + '/monitor/containers/' +
args.get_container_id() + '/stop')
# Executes docker sub-command
elif cmd == 'docker':
r = requests.get(dagda_base_url + '/docker/' + args.get_command())
# Return
return r
def main(parsed_args):
# -- Init
cmd = parsed_args.get_command()
parsed_args = parsed_args.get_extra_args()
# Executes start sub-command
if cmd == 'start':
from api.dagda_server import DagdaServer
ds = DagdaServer(
dagda_server_host=parsed_args.get_server_host(),
dagda_server_port=parsed_args.get_server_port(),
mongodb_host=parsed_args.get_mongodb_host(),
mongodb_port=parsed_args.get_mongodb_port(),
mongodb_ssl=parsed_args.is_mongodb_ssl_enabled(),
mongodb_user=parsed_args.get_mongodb_user(),
mongodb_pass=parsed_args.get_mongodb_pass(),
falco_rules_filename=parsed_args.get_falco_rules_filename())
ds.run()
# Executes agent sub-command
elif cmd == 'agent':
from remote.agent import Agent
agent = Agent(dagda_server_url='http://' +
parsed_args.get_dagda_server() + '/v1')
agent.run_static_analysis(
image_name=parsed_args.get_docker_image_name(),
container_id=parsed_args.get_container_id())
# CLI commands
else:
dagda_base_url = get_dagda_base_url()
# -- Executes vuln sub-command
if cmd == 'vuln':
if parsed_args.is_initialization_required():
# Init db
r = requests.post(dagda_base_url + '/vuln/init')
elif parsed_args.is_init_status_requested():
# Retrieves the init status
r = requests.get(dagda_base_url + '/vuln/init-status')
else:
if parsed_args.get_cve():
# Gets products by CVE
r = requests.get(dagda_base_url + '/vuln/cve/' +
parsed_args.get_cve())
elif parsed_args.get_cve_info():
# Gets CVE details
r = requests.get(dagda_base_url + '/vuln/cve/' +
parsed_args.get_cve_info() + '/details')
elif parsed_args.get_bid():
# Gets products by BID
r = requests.get(dagda_base_url + '/vuln/bid/' +
str(parsed_args.get_bid()))
elif parsed_args.get_bid_info():
# Gets BID details
r = requests.get(dagda_base_url + '/vuln/bid/' +
str(parsed_args.get_bid_info()) +
'/details')
elif parsed_args.get_exploit_db_id():
# Gets products by Exploit DB Id
r = requests.get(dagda_base_url + '/vuln/exploit/' +
str(parsed_args.get_exploit_db_id()))
elif parsed_args.get_exploit_db_info_id():
# Gets Exploit details
r = requests.get(
dagda_base_url + '/vuln/exploit/' +
str(parsed_args.get_exploit_db_info_id()) + '/details')
else:
# Gets CVEs, BIDs and Exploit_DB Ids by product and version
if not parsed_args.get_product_version():
r = requests.get(dagda_base_url + '/vuln/products/' +
parsed_args.get_product())
else:
r = requests.get(dagda_base_url + '/vuln/products/' +
parsed_args.get_product() + '/' +
parsed_args.get_product_version())
# Executes check sub-command
elif cmd == 'check':
if parsed_args.get_docker_image_name():
r = requests.post(dagda_base_url + '/check/images/' +
parsed_args.get_docker_image_name())
else:
r = requests.post(dagda_base_url + '/check/containers/' +
parsed_args.get_container_id())
# Executes history sub-command
elif cmd == 'history':
# Gets the global history
if not parsed_args.get_docker_image_name():
r = requests.get(dagda_base_url + '/history')
else:
# Updates product vulnerability as false positive
if parsed_args.get_fp() is not None:
fp_product, fp_version = parsed_args.get_fp()
if fp_version is not None:
fp_product += '/' + fp_version
r = requests.patch(dagda_base_url + '/history/' +
parsed_args.get_docker_image_name() +
'/fp/' + fp_product)
# Checks if a product vulnerability is a false positive
if parsed_args.get_is_fp() is not None:
fp_product, fp_version = parsed_args.get_is_fp()
if fp_version is not None:
fp_product += '/' + fp_version
r = requests.get(dagda_base_url + '/history/' +
parsed_args.get_docker_image_name() +
'/fp/' + fp_product)
# Gets the image history
else:
query_params = ''
if parsed_args.get_report_id() is not None:
query_params = '?id=' + parsed_args.get_report_id()
r = requests.get(dagda_base_url + '/history/' +
parsed_args.get_docker_image_name() +
query_params)
# Executes monitor sub-command
elif cmd == 'monitor':
if parsed_args.is_start():
r = requests.post(dagda_base_url + '/monitor/containers/' +
parsed_args.get_container_id() + '/start')
elif parsed_args.is_stop():
r = requests.post(dagda_base_url + '/monitor/containers/' +
parsed_args.get_container_id() + '/stop')
# Executes docker sub-command
elif cmd == 'docker':
r = requests.get(dagda_base_url + '/docker/' +
parsed_args.get_command())
# -- Print cmd output
if r is not None and r.content:
print(
json.dumps(json.loads(r.content.decode('utf-8')),
sort_keys=True,
indent=4))