From b81383d510cdfdf38e01897527a14f6aa829b788 Mon Sep 17 00:00:00 2001 From: CodeGlitch0 <11563989+CodeGlitch0@users.noreply.github.com> Date: Thu, 21 Nov 2019 11:44:25 -0700 Subject: [PATCH 1/7] Added an Azure Storage push provider. --- Dockerfile | 2 ++ README.md | 16 ++++++++++++++++ az_push.py | 19 +++++++++++++++++++ deployment.yaml | 2 +- run.sh | 3 +++ 5 files changed, 41 insertions(+), 1 deletion(-) create mode 100644 az_push.py diff --git a/Dockerfile b/Dockerfile index 47dc0e8..630c9e5 100644 --- a/Dockerfile +++ b/Dockerfile @@ -7,6 +7,7 @@ RUN apk add git RUN pip install xmltodict RUN pip install google-cloud-storage RUN pip install boto3 +RUN pip install azure-storage-blob RUN git clone https://github.com/vulnersCom/nmap-vulners /usr/share/nmap/scripts/vulners RUN nmap --script-updatedb @@ -17,6 +18,7 @@ COPY output_report.py / COPY latex_header.tex / COPY gcp_push.py / COPY aws_push.py / +COPY az_push.py / COPY shared /shared RUN chmod +x /run.sh diff --git a/README.md b/README.md index 176e08a..15be66d 100644 --- a/README.md +++ b/README.md @@ -95,6 +95,22 @@ docker run --name \ flan_scan +``` + +### Example Azure Storage Configuration + +Set the `AZURE_ACCOUNT_NAME` and `AZURE_ACCOUNT_KEY` environment variables to the corresponding variables for your Azure storage account. + +```bash +docker run --name \ + -v $(pwd)/shared:/shared \ + -e upload=az \ + -e bucket= \ + -e AZURE_ACCOUNT_NAME= \ + -e AZURE_ACCOUNT_KEY= \ + flan_scan + + ``` Deploying on Kubernetes diff --git a/az_push.py b/az_push.py new file mode 100644 index 0000000..7dc3c16 --- /dev/null +++ b/az_push.py @@ -0,0 +1,19 @@ +import sys +import os +from azure.storage.blob import BlockBlobService, PublicAccess, ContentSettings + +filename = sys.argv[1] + +account_name = os.getenv('AZURE_ACCOUNT_NAME') +account_key = os.getenv('AZURE_ACCOUNT_KEY') +container_name = os.getenv('bucket') + +try: + blob_service = BlockBlobService(account_name, account_key) + blob_client = blob_service_client.get_blob_client(container=container_name, blob=filename) + + with open(filename, "rb") as data: + blob_client.upload_blob(data) +except Exception, e: + print('Error uploading to azure') + print(e) diff --git a/deployment.yaml b/deployment.yaml index 8f6a363..24cd125 100644 --- a/deployment.yaml +++ b/deployment.yaml @@ -32,6 +32,6 @@ spec: mountPath: /shared env: - name: upload - value: + value: - name: bucket value: diff --git a/run.sh b/run.sh index d056c48..d2c44da 100755 --- a/run.sh +++ b/run.sh @@ -23,6 +23,9 @@ function upload { elif [ $upload = "gcp" ] then python /gcp_push.py $1 + elif [ $upload = "az" ] + then + python /az_push.py $1 fi } From 9b091eb3877b23f59ea7633564c20ee47e8a2be2 Mon Sep 17 00:00:00 2001 From: CodeGlitch0 <11563989+CodeGlitch0@users.noreply.github.com> Date: Thu, 21 Nov 2019 12:06:54 -0700 Subject: [PATCH 2/7] fixed client bugs --- README.md | 4 ++-- az_push.py | 6 +++--- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/README.md b/README.md index 15be66d..78165e4 100644 --- a/README.md +++ b/README.md @@ -106,8 +106,8 @@ docker run --name \ -v $(pwd)/shared:/shared \ -e upload=az \ -e bucket= \ - -e AZURE_ACCOUNT_NAME= \ - -e AZURE_ACCOUNT_KEY= \ + -e AZURE_ACCOUNT_URL= \ + -e AZURE_ACCOUNT_KEY= \ flan_scan diff --git a/az_push.py b/az_push.py index 7dc3c16..d766586 100644 --- a/az_push.py +++ b/az_push.py @@ -1,15 +1,15 @@ import sys import os -from azure.storage.blob import BlockBlobService, PublicAccess, ContentSettings +from azure.storage.blob import BlockBlobService filename = sys.argv[1] -account_name = os.getenv('AZURE_ACCOUNT_NAME') +account_url = os.getenv('AZURE_ACCOUNT_URL') account_key = os.getenv('AZURE_ACCOUNT_KEY') container_name = os.getenv('bucket') try: - blob_service = BlockBlobService(account_name, account_key) + blob_service_client = BlobServiceClient(account_url=account_url, credential=account_key) blob_client = blob_service_client.get_blob_client(container=container_name, blob=filename) with open(filename, "rb") as data: From 8278a1fd222d7aff9961be9ac9ae2bf094fa48ec Mon Sep 17 00:00:00 2001 From: CodeGlitch0 <11563989+CodeGlitch0@users.noreply.github.com> Date: Thu, 21 Nov 2019 12:33:37 -0700 Subject: [PATCH 3/7] Fixed bugs with Azure upload --- Dockerfile | 1 + az_push.py | 4 ++-- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/Dockerfile b/Dockerfile index 630c9e5..7ea4479 100644 --- a/Dockerfile +++ b/Dockerfile @@ -3,6 +3,7 @@ FROM python:3.5-alpine RUN apk add nmap RUN apk add nmap-scripts RUN apk add git +RUN apk add build-base libffi-dev openssl-dev RUN pip install xmltodict RUN pip install google-cloud-storage diff --git a/az_push.py b/az_push.py index d766586..15f723d 100644 --- a/az_push.py +++ b/az_push.py @@ -1,6 +1,6 @@ import sys import os -from azure.storage.blob import BlockBlobService +from azure.storage.blob import BlobServiceClient filename = sys.argv[1] @@ -14,6 +14,6 @@ with open(filename, "rb") as data: blob_client.upload_blob(data) -except Exception, e: +except Exception as e: print('Error uploading to azure') print(e) From 5d1ac48a6ee33c090943a8d10ef386fa890397b1 Mon Sep 17 00:00:00 2001 From: CodeGlitch0 <11563989+CodeGlitch0@users.noreply.github.com> Date: Thu, 21 Nov 2019 12:45:48 -0700 Subject: [PATCH 4/7] Added improved Azure references to readme --- README.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index 78165e4..08c44c8 100644 --- a/README.md +++ b/README.md @@ -51,16 +51,16 @@ $ docker run -v $(shell pwd)/shared:/shared flan_scan Pushing Results to the Cloud ---------------------------- -Flan Scan currently supports pushing Latex reports and raw XML Nmap output files to a GCS Bucket or to an AWS S3 Bucket. Flan Scan requires 2 environment variables to push results to the cloud. The first is `upload` which takes one of two values `gcp` or `aws`. The second is `bucket` and the value is the name of the S3 or GCS Bucket to upload the results to. To set the environment variables, after running `make build` run the container setting the environment variables like so: +Flan Scan currently supports pushing Latex reports and raw XML Nmap output files to a GCS Bucket, AWS S3 Bucket, or an Azure Storage account. Flan Scan requires 2 environment variables to push results to the cloud. The first is `upload` which takes one of three values `gcp` or `aws` or `az`. The second is `bucket` and the value is the name of the S3 or GCS Bucket or Azure Container to upload the results to. To set the environment variables, after running `make build` run the container setting the environment variables like so: ```bash $ docker run --name \ -v $(pwd)/shared:/shared \ - -e upload= \ + -e upload= \ -e bucket= \ flan_scan ``` -Below are some examples for adding the necessary AWS or GCP authentication keys as environment variables in container. However, this can also be accomplished with a secret in Kubernetes that exposes the necessary environment variables or with other secrets management tools. +Below are some examples for adding the necessary AWS, GCP, or Azure authentication keys as environment variables in container. However, this can also be accomplished with a secret in Kubernetes that exposes the necessary environment variables or with other secrets management tools. ### Example GCS Bucket Configuration From 0487e411eb17968deb23b475d34e9d7c6a283496 Mon Sep 17 00:00:00 2001 From: CodeGlitch0 <11563989+CodeGlitch0@users.noreply.github.com> Date: Thu, 21 Nov 2019 14:15:34 -0700 Subject: [PATCH 5/7] Remove compilers after pip install. --- Dockerfile | 2 ++ 1 file changed, 2 insertions(+) diff --git a/Dockerfile b/Dockerfile index 7ea4479..4eccab4 100644 --- a/Dockerfile +++ b/Dockerfile @@ -10,6 +10,8 @@ RUN pip install google-cloud-storage RUN pip install boto3 RUN pip install azure-storage-blob +RUN apk del build-base + RUN git clone https://github.com/vulnersCom/nmap-vulners /usr/share/nmap/scripts/vulners RUN nmap --script-updatedb RUN mkdir /shared From b0f2ad243afd4402ea54b8afadeff90d802c4553 Mon Sep 17 00:00:00 2001 From: CodeGlitch0 <11563989+CodeGlitch0@users.noreply.github.com> Date: Thu, 21 Nov 2019 17:24:22 -0700 Subject: [PATCH 6/7] Python line length corrections. --- az_push.py | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/az_push.py b/az_push.py index 15f723d..16429a6 100644 --- a/az_push.py +++ b/az_push.py @@ -9,8 +9,12 @@ container_name = os.getenv('bucket') try: - blob_service_client = BlobServiceClient(account_url=account_url, credential=account_key) - blob_client = blob_service_client.get_blob_client(container=container_name, blob=filename) + blob_service_client = BlobServiceClient( + account_url=account_url, credential=account_key + ) + blob_client = blob_service_client.get_blob_client( + container=container_name, blob=filename + ) with open(filename, "rb") as data: blob_client.upload_blob(data) From f2a23d479b04d25d120eab2cd9b60abde2b465ee Mon Sep 17 00:00:00 2001 From: CodeGlitch0 <11563989+CodeGlitch0@users.noreply.github.com> Date: Tue, 19 Sep 2023 14:38:46 -0600 Subject: [PATCH 7/7] updated readme to match --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index 81ad062..2a1dd7e 100644 --- a/README.md +++ b/README.md @@ -116,6 +116,7 @@ docker run --name \ -e bucket= \ -e AZURE_ACCOUNT_URL= \ -e AZURE_ACCOUNT_KEY= \ + -e format= \ flan_scan