Listen for events and forward to external security scanning services.
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

events.go 1.7KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657
  1. package main
  2. import (
  3. "encoding/json"
  4. "log"
  5. "strings"
  6. )
  7. // EventProcessor is an Interface for event-specific classes that will process
  8. // events based on their specific fiends.
  9. type EventProcessor interface {
  10. FormatLogs(*Event, []string) ([]string, error)
  11. FillExtraData(*Event, OpenStackActioner) error
  12. }
  13. // Event is a class representing an event accepted from the AMQP, and the
  14. // additional attributes that have been parsed from it.
  15. type Event struct {
  16. EventData *openStackEvent
  17. RawData []byte
  18. IPs map[string][]string
  19. SecurityGroupRules []*osSecurityGroupRule
  20. LogLines []string
  21. Processor EventProcessor
  22. QualysScanID string
  23. QualysScanError string
  24. }
  25. // ParseEvent takes the []byte that has been received from the AMQP message,
  26. // demarshals the JSON, and then returns the event data as well as an event
  27. // processor specific to that type of event.
  28. func ParseEvent(message []byte) (Event, error) {
  29. var osEvent openStackEvent
  30. if err := json.Unmarshal(message, &osEvent); err != nil {
  31. return Event{}, err
  32. }
  33. e := Event{
  34. EventData: &osEvent,
  35. RawData: message,
  36. }
  37. if Debug {
  38. log.Printf("Event detected: %s\n", osEvent.EventType)
  39. }
  40. switch {
  41. case strings.Contains(e.EventData.EventType, "security_group_rule.create.end"):
  42. e.Processor = EventSecurityGroupRuleChange{ChangeType: "sg_rule_add"}
  43. case strings.Contains(e.EventData.EventType, "security_group_rule.delete.end"):
  44. e.Processor = EventSecurityGroupRuleChange{ChangeType: "sg_rule_del"}
  45. // case strings.Contains(e.EventData.EventType, "port.create.end"):
  46. // e.Processor = EventPortChange{ChangeType: "port_create"}
  47. }
  48. return e, nil
  49. }