2014-07-18 02:51:58 +00:00
|
|
|
import logging
|
2015-06-17 03:16:36 +00:00
|
|
|
import time
|
2015-11-10 20:08:14 +00:00
|
|
|
import json
|
2016-09-14 20:48:17 +00:00
|
|
|
import re
|
2014-07-18 02:51:58 +00:00
|
|
|
|
2015-06-17 03:16:36 +00:00
|
|
|
from datetime import datetime
|
2014-07-29 17:39:26 +00:00
|
|
|
from notificationhelper import build_event_data
|
2014-10-22 23:01:56 +00:00
|
|
|
from util.jinjautil import get_template_env
|
2016-02-24 21:01:27 +00:00
|
|
|
from util.secscan import PRIORITY_LEVELS, get_priority_for_index
|
2014-07-29 17:39:26 +00:00
|
|
|
|
2014-10-22 23:01:56 +00:00
|
|
|
template_env = get_template_env("events")
|
2014-07-18 02:51:58 +00:00
|
|
|
logger = logging.getLogger(__name__)
|
|
|
|
|
|
|
|
class InvalidNotificationEventException(Exception):
|
|
|
|
pass
|
|
|
|
|
|
|
|
class NotificationEvent(object):
|
|
|
|
def __init__(self):
|
|
|
|
pass
|
|
|
|
|
2014-08-19 21:40:36 +00:00
|
|
|
def get_level(self, event_data, notification_data):
|
|
|
|
"""
|
|
|
|
Returns a 'level' representing the severity of the event.
|
2014-10-22 23:01:56 +00:00
|
|
|
Valid values are: 'info', 'warning', 'error', 'primary', 'success'
|
2014-08-19 21:40:36 +00:00
|
|
|
"""
|
|
|
|
raise NotImplementedError
|
|
|
|
|
2014-07-18 19:58:18 +00:00
|
|
|
def get_summary(self, event_data, notification_data):
|
2014-07-18 02:51:58 +00:00
|
|
|
"""
|
|
|
|
Returns a human readable one-line summary for the given notification data.
|
|
|
|
"""
|
|
|
|
raise NotImplementedError
|
|
|
|
|
2014-07-18 19:58:18 +00:00
|
|
|
def get_message(self, event_data, notification_data):
|
2014-07-18 02:51:58 +00:00
|
|
|
"""
|
|
|
|
Returns a human readable HTML message for the given notification data.
|
|
|
|
"""
|
2014-10-22 23:01:56 +00:00
|
|
|
return template_env.get_template(self.event_name() + '.html').render({
|
|
|
|
'event_data': event_data,
|
|
|
|
'notification_data': notification_data
|
|
|
|
})
|
2014-07-18 02:51:58 +00:00
|
|
|
|
2015-11-10 20:08:14 +00:00
|
|
|
def get_sample_data(self, notification):
|
2014-07-18 02:51:58 +00:00
|
|
|
"""
|
2015-11-10 20:08:14 +00:00
|
|
|
Returns sample data for testing the raising of this notification, with an example notification.
|
2014-07-18 02:51:58 +00:00
|
|
|
"""
|
|
|
|
raise NotImplementedError
|
|
|
|
|
2015-11-10 20:08:14 +00:00
|
|
|
def should_perform(self, event_data, notification_data):
|
|
|
|
"""
|
|
|
|
Whether a notification for this event should be performed. By default returns True.
|
|
|
|
"""
|
|
|
|
return True
|
|
|
|
|
2014-07-18 02:51:58 +00:00
|
|
|
@classmethod
|
|
|
|
def event_name(cls):
|
|
|
|
"""
|
|
|
|
Particular event implemented by subclasses.
|
|
|
|
"""
|
|
|
|
raise NotImplementedError
|
|
|
|
|
|
|
|
@classmethod
|
|
|
|
def get_event(cls, eventname):
|
2016-09-21 18:37:23 +00:00
|
|
|
found = NotificationEvent._get_event(cls, eventname)
|
|
|
|
if found is not None:
|
|
|
|
return found
|
2014-07-18 02:51:58 +00:00
|
|
|
|
|
|
|
raise InvalidNotificationEventException('Unable to find event: %s' % eventname)
|
|
|
|
|
|
|
|
|
2016-09-21 18:37:23 +00:00
|
|
|
@staticmethod
|
|
|
|
def _get_event(cls, eventname):
|
|
|
|
for subc in cls.__subclasses__():
|
|
|
|
if subc.event_name() is None:
|
|
|
|
found = NotificationEvent._get_event(subc, eventname)
|
|
|
|
if found is not None:
|
|
|
|
return found
|
|
|
|
elif subc.event_name() == eventname:
|
|
|
|
return subc()
|
|
|
|
|
|
|
|
|
2014-07-18 02:51:58 +00:00
|
|
|
class RepoPushEvent(NotificationEvent):
|
|
|
|
@classmethod
|
|
|
|
def event_name(cls):
|
|
|
|
return 'repo_push'
|
|
|
|
|
2014-08-19 21:40:36 +00:00
|
|
|
def get_level(self, event_data, notification_data):
|
2014-10-22 23:01:56 +00:00
|
|
|
return 'primary'
|
2014-08-19 21:40:36 +00:00
|
|
|
|
2014-07-18 19:58:18 +00:00
|
|
|
def get_summary(self, event_data, notification_data):
|
|
|
|
return 'Repository %s updated' % (event_data['repository'])
|
2014-07-18 02:51:58 +00:00
|
|
|
|
2015-11-10 20:08:14 +00:00
|
|
|
def get_sample_data(self, notification):
|
|
|
|
return build_event_data(notification.repository, {
|
2014-08-05 21:45:40 +00:00
|
|
|
'updated_tags': {'latest': 'someimageid', 'foo': 'anotherimage'},
|
2014-07-18 02:51:58 +00:00
|
|
|
'pruned_image_count': 3
|
2014-07-29 17:39:26 +00:00
|
|
|
})
|
2014-07-18 02:51:58 +00:00
|
|
|
|
|
|
|
|
2015-06-17 03:16:36 +00:00
|
|
|
def _build_summary(event_data):
|
|
|
|
""" Returns a summary string for the build data found in the event data block. """
|
|
|
|
summary = 'for repository %s [%s]' % (event_data['repository'], event_data['build_id'][0:7])
|
|
|
|
return summary
|
|
|
|
|
|
|
|
|
2015-10-13 22:14:52 +00:00
|
|
|
class VulnerabilityFoundEvent(NotificationEvent):
|
|
|
|
@classmethod
|
|
|
|
def event_name(cls):
|
|
|
|
return 'vulnerability_found'
|
|
|
|
|
|
|
|
def get_level(self, event_data, notification_data):
|
|
|
|
priority = event_data['vulnerability']['priority']
|
|
|
|
if priority == 'Defcon1' or priority == 'Critical':
|
|
|
|
return 'error'
|
|
|
|
|
|
|
|
if priority == 'Medium' or priority == 'High':
|
|
|
|
return 'warning'
|
|
|
|
|
|
|
|
return 'info'
|
|
|
|
|
2015-11-10 20:08:14 +00:00
|
|
|
def get_sample_data(self, notification):
|
|
|
|
event_config = json.loads(notification.event_config_json)
|
|
|
|
|
|
|
|
return build_event_data(notification.repository, {
|
2015-10-13 22:14:52 +00:00
|
|
|
'tags': ['latest', 'prod'],
|
|
|
|
'image': 'some-image-id',
|
|
|
|
'vulnerability': {
|
|
|
|
'id': 'CVE-FAKE-CVE',
|
|
|
|
'description': 'A futurist vulnerability',
|
|
|
|
'link': 'https://security-tracker.debian.org/tracker/CVE-FAKE-CVE',
|
2015-11-10 20:08:14 +00:00
|
|
|
'priority': get_priority_for_index(event_config['level'])
|
2015-10-13 22:14:52 +00:00
|
|
|
},
|
|
|
|
})
|
|
|
|
|
2015-11-10 20:08:14 +00:00
|
|
|
def should_perform(self, event_data, notification_data):
|
|
|
|
event_config = json.loads(notification_data.event_config_json)
|
2016-03-17 16:59:27 +00:00
|
|
|
filter_level_index = int(event_config['level'])
|
|
|
|
|
|
|
|
event_severity = PRIORITY_LEVELS.get(event_data['vulnerability']['priority'])
|
|
|
|
if event_severity is None:
|
|
|
|
return False
|
|
|
|
|
|
|
|
actual_level_index = int(event_severity['index'])
|
|
|
|
return actual_level_index <= filter_level_index
|
2015-11-10 20:08:14 +00:00
|
|
|
|
2015-10-13 22:14:52 +00:00
|
|
|
def get_summary(self, event_data, notification_data):
|
|
|
|
msg = '%s vulnerability detected in repository %s in tags %s'
|
|
|
|
return msg % (event_data['vulnerability']['priority'],
|
|
|
|
event_data['repository'],
|
|
|
|
', '.join(event_data['tags']))
|
|
|
|
|
|
|
|
|
2016-09-14 20:48:17 +00:00
|
|
|
class BaseBuildEvent(NotificationEvent):
|
2016-09-21 18:37:23 +00:00
|
|
|
@classmethod
|
|
|
|
def event_name(cls):
|
|
|
|
return None
|
|
|
|
|
2016-09-14 20:48:17 +00:00
|
|
|
def should_perform(self, event_data, notification_data):
|
|
|
|
event_config = json.loads(notification_data.event_config_json)
|
|
|
|
ref_regex = event_config.get('ref-regex') or None
|
|
|
|
if ref_regex is None:
|
|
|
|
return True
|
|
|
|
|
|
|
|
# Lookup the ref. If none, this is a non-git build and we should not fire the event.
|
|
|
|
ref = event_data.get('trigger_metadata', {}).get('ref', None)
|
|
|
|
if ref is None:
|
|
|
|
return False
|
|
|
|
|
|
|
|
# Try parsing the regex string as a regular expression. If we fail, we fail to fire
|
|
|
|
# the event.
|
|
|
|
try:
|
|
|
|
return bool(re.compile(str(ref_regex)).match(ref))
|
|
|
|
except Exception:
|
|
|
|
logger.warning('Regular expression error for build event filter: %s', ref_regex)
|
|
|
|
return False
|
|
|
|
|
|
|
|
|
|
|
|
class BuildQueueEvent(BaseBuildEvent):
|
2014-07-18 19:58:18 +00:00
|
|
|
@classmethod
|
|
|
|
def event_name(cls):
|
|
|
|
return 'build_queued'
|
2014-08-19 21:40:36 +00:00
|
|
|
|
|
|
|
def get_level(self, event_data, notification_data):
|
|
|
|
return 'info'
|
2014-11-24 21:07:38 +00:00
|
|
|
|
2015-11-10 20:08:14 +00:00
|
|
|
def get_sample_data(self, notification):
|
2014-07-18 19:58:18 +00:00
|
|
|
build_uuid = 'fake-build-id'
|
2014-07-29 17:39:26 +00:00
|
|
|
|
2015-11-10 20:08:14 +00:00
|
|
|
return build_event_data(notification.repository, {
|
2014-07-18 19:58:18 +00:00
|
|
|
'is_manual': False,
|
|
|
|
'build_id': build_uuid,
|
|
|
|
'build_name': 'some-fake-build',
|
|
|
|
'docker_tags': ['latest', 'foo', 'bar'],
|
2015-06-17 03:16:36 +00:00
|
|
|
'trigger_id': '1245634',
|
2015-02-24 20:13:51 +00:00
|
|
|
'trigger_kind': 'GitHub',
|
|
|
|
'trigger_metadata': {
|
|
|
|
"default_branch": "master",
|
|
|
|
"ref": "refs/heads/somebranch",
|
2015-06-17 03:16:36 +00:00
|
|
|
"commit": "42d4a62c53350993ea41069e9f2cfdefb0df097d",
|
|
|
|
"commit_info": {
|
|
|
|
'url': 'http://path/to/the/commit',
|
|
|
|
'message': 'Some commit message',
|
|
|
|
'date': time.mktime(datetime.now().timetuple()),
|
|
|
|
'author': {
|
|
|
|
'username': 'fakeauthor',
|
|
|
|
'url': 'http://path/to/fake/author/in/scm',
|
|
|
|
'avatar_url': 'http://www.gravatar.com/avatar/fakehash'
|
|
|
|
}
|
|
|
|
}
|
2015-02-24 20:13:51 +00:00
|
|
|
}
|
2015-06-17 03:16:36 +00:00
|
|
|
}, subpage='/build/%s' % build_uuid)
|
2014-11-24 21:07:38 +00:00
|
|
|
|
2014-07-18 19:58:18 +00:00
|
|
|
def get_summary(self, event_data, notification_data):
|
2015-06-17 03:16:36 +00:00
|
|
|
return 'Build queued ' + _build_summary(event_data)
|
2014-07-18 19:58:18 +00:00
|
|
|
|
|
|
|
|
2016-09-14 20:48:17 +00:00
|
|
|
class BuildStartEvent(BaseBuildEvent):
|
2014-07-18 02:51:58 +00:00
|
|
|
@classmethod
|
|
|
|
def event_name(cls):
|
|
|
|
return 'build_start'
|
|
|
|
|
2014-08-19 21:40:36 +00:00
|
|
|
def get_level(self, event_data, notification_data):
|
|
|
|
return 'info'
|
|
|
|
|
2015-11-10 20:08:14 +00:00
|
|
|
def get_sample_data(self, notification):
|
2014-07-18 19:58:18 +00:00
|
|
|
build_uuid = 'fake-build-id'
|
2014-07-29 17:39:26 +00:00
|
|
|
|
2015-11-10 20:08:14 +00:00
|
|
|
return build_event_data(notification.repository, {
|
2014-07-18 19:58:18 +00:00
|
|
|
'build_id': build_uuid,
|
|
|
|
'build_name': 'some-fake-build',
|
|
|
|
'docker_tags': ['latest', 'foo', 'bar'],
|
2015-06-17 03:16:36 +00:00
|
|
|
'trigger_id': '1245634',
|
2015-02-24 20:13:51 +00:00
|
|
|
'trigger_kind': 'GitHub',
|
|
|
|
'trigger_metadata': {
|
|
|
|
"default_branch": "master",
|
|
|
|
"ref": "refs/heads/somebranch",
|
2015-06-17 03:16:36 +00:00
|
|
|
"commit": "42d4a62c53350993ea41069e9f2cfdefb0df097d"
|
2015-02-24 20:13:51 +00:00
|
|
|
}
|
2015-06-17 03:16:36 +00:00
|
|
|
}, subpage='/build/%s' % build_uuid)
|
2014-11-24 21:07:38 +00:00
|
|
|
|
2014-07-18 19:58:18 +00:00
|
|
|
def get_summary(self, event_data, notification_data):
|
2015-06-17 03:16:36 +00:00
|
|
|
return 'Build started ' + _build_summary(event_data)
|
2014-07-18 19:58:18 +00:00
|
|
|
|
2014-07-18 02:51:58 +00:00
|
|
|
|
2016-09-14 20:48:17 +00:00
|
|
|
class BuildSuccessEvent(BaseBuildEvent):
|
2014-07-18 02:51:58 +00:00
|
|
|
@classmethod
|
|
|
|
def event_name(cls):
|
|
|
|
return 'build_success'
|
|
|
|
|
2014-08-19 21:40:36 +00:00
|
|
|
def get_level(self, event_data, notification_data):
|
2014-10-22 23:01:56 +00:00
|
|
|
return 'success'
|
2014-08-19 21:40:36 +00:00
|
|
|
|
2015-11-10 20:08:14 +00:00
|
|
|
def get_sample_data(self, notification):
|
2014-07-18 19:58:18 +00:00
|
|
|
build_uuid = 'fake-build-id'
|
2014-07-29 17:39:26 +00:00
|
|
|
|
2015-11-10 20:08:14 +00:00
|
|
|
return build_event_data(notification.repository, {
|
2014-07-18 19:58:18 +00:00
|
|
|
'build_id': build_uuid,
|
|
|
|
'build_name': 'some-fake-build',
|
|
|
|
'docker_tags': ['latest', 'foo', 'bar'],
|
2015-06-17 03:16:36 +00:00
|
|
|
'trigger_id': '1245634',
|
2015-02-24 20:13:51 +00:00
|
|
|
'trigger_kind': 'GitHub',
|
|
|
|
'trigger_metadata': {
|
|
|
|
"default_branch": "master",
|
|
|
|
"ref": "refs/heads/somebranch",
|
2015-06-17 03:16:36 +00:00
|
|
|
"commit": "42d4a62c53350993ea41069e9f2cfdefb0df097d"
|
2015-02-24 20:13:51 +00:00
|
|
|
},
|
|
|
|
'image_id': '1245657346'
|
2015-06-17 03:16:36 +00:00
|
|
|
}, subpage='/build/%s' % build_uuid)
|
2014-07-29 17:39:26 +00:00
|
|
|
|
2014-07-18 19:58:18 +00:00
|
|
|
def get_summary(self, event_data, notification_data):
|
2015-06-17 03:16:36 +00:00
|
|
|
return 'Build succeeded ' + _build_summary(event_data)
|
2014-07-18 19:58:18 +00:00
|
|
|
|
2014-07-18 02:51:58 +00:00
|
|
|
|
2016-09-14 20:48:17 +00:00
|
|
|
class BuildFailureEvent(BaseBuildEvent):
|
2014-07-18 02:51:58 +00:00
|
|
|
@classmethod
|
|
|
|
def event_name(cls):
|
|
|
|
return 'build_failure'
|
|
|
|
|
2014-08-19 21:40:36 +00:00
|
|
|
def get_level(self, event_data, notification_data):
|
|
|
|
return 'error'
|
|
|
|
|
2015-11-10 20:08:14 +00:00
|
|
|
def get_sample_data(self, notification):
|
2014-08-19 18:33:33 +00:00
|
|
|
build_uuid = 'fake-build-id'
|
|
|
|
|
2015-11-10 20:08:14 +00:00
|
|
|
return build_event_data(notification.repository, {
|
2014-07-18 19:58:18 +00:00
|
|
|
'build_id': build_uuid,
|
|
|
|
'build_name': 'some-fake-build',
|
|
|
|
'docker_tags': ['latest', 'foo', 'bar'],
|
|
|
|
'trigger_kind': 'GitHub',
|
2015-02-24 20:13:51 +00:00
|
|
|
'error_message': 'This is a fake error message',
|
2015-06-17 03:16:36 +00:00
|
|
|
'trigger_id': '1245634',
|
|
|
|
'trigger_kind': 'GitHub',
|
2015-02-24 20:13:51 +00:00
|
|
|
'trigger_metadata': {
|
|
|
|
"default_branch": "master",
|
|
|
|
"ref": "refs/heads/somebranch",
|
2015-06-17 03:16:36 +00:00
|
|
|
"commit": "42d4a62c53350993ea41069e9f2cfdefb0df097d",
|
|
|
|
"commit_info": {
|
|
|
|
'url': 'http://path/to/the/commit',
|
|
|
|
'message': 'Some commit message',
|
|
|
|
'date': time.mktime(datetime.now().timetuple()),
|
|
|
|
'author': {
|
|
|
|
'username': 'fakeauthor',
|
|
|
|
'url': 'http://path/to/fake/author/in/scm',
|
|
|
|
'avatar_url': 'http://www.gravatar.com/avatar/fakehash'
|
|
|
|
}
|
|
|
|
}
|
2015-02-24 20:13:51 +00:00
|
|
|
}
|
2014-07-29 17:39:26 +00:00
|
|
|
}, subpage='/build?current=%s' % build_uuid)
|
2014-11-24 21:07:38 +00:00
|
|
|
|
2014-07-18 19:58:18 +00:00
|
|
|
def get_summary(self, event_data, notification_data):
|
2015-06-17 03:16:36 +00:00
|
|
|
return 'Build failure ' + _build_summary(event_data)
|
2014-07-18 19:58:18 +00:00
|
|
|
|