Merge pull request #10 from becksteadn/build

Add logdna logging with AWS Secrets Manager
scriptingislife · Feb 6, 2020 · 8db4292 · 8db4292
2 parents 855ed76 + bfc84a1
commit 8db4292
Show file tree

Hide file tree

Showing 5 changed files with 176 additions and 69 deletions.
diff --git a/.travis.yml b/.travis.yml
@@ -1,8 +1,6 @@
 language: python
-
 services:
 - docker
-
 env:
   global:
   - PATH=$HOME/.local/bin:$PATH
@@ -11,79 +9,74 @@ env:
   - TEST_FUNCTION_NAME=glimpseTest
   - RUN_FUNCTION_DIR=run/function
   - RUN_FUNCTION_NAME=glimpseRun
-  - secure: "H4K4IjdpfjJfQEtvXHx4lcHq+ru9XfyN0HSvrFKxSgA4raFSSoW07gum1EkirLXakOag8uFstAZokCf4LyFoe0AsdvE8x7TQ7OR7i2d6Lyv4P96SL16E7f5ZItA3dNiBKt9FudWGXbaTrQ71QcubzKrI9KRBM5LOGAQnhwU2cGQzcw8YAWpDxPHKJd+ZZ/zXtNhkLo5R9ZEg6yuoJpZdiPyEWknsYjDIwdIX3wB/AAeBa179IU4DQ2HxLGsPX/CBwXZ6eJWEwVL9Eb1fmiOtJG3LhVEbdZ2Jp8RpYbowjhM9uaIsLAQLJrB6tJ5f1lAhlkC/o8bs8SCNDLNIVqI1hyqk2QYn9ztRd9lXiQiQU8zJeadJ+BU1LnDln9zmY1FszRx3qX7V2nDaCMKpuRtICEL6DTeq/cX5UypaprGlo6Nqk4u28dsnFMkNwYS+ncUR4IZlvPRbXxY/9U5jbiav3Mf2OFTGpqBtd/fS7+8uGmKKm7YFNKcIXJZEk+ekUgXmAxWiB4MWcOCfvMObMJT3oQHWmjBCazH545d9XwZv4KGeiZslboTogQTat84yw5AXszwFJ+PUuvPd1MjCxIF5l16Qmmzk/KqJtSogTI1zJLLiuwgFJ474wdYouDysV3qvv91EQVzV9S1REMAtLajLAhbeXvlhZWT9fZVKkyuDXnI="
-  - secure: "jgHbSu95AWrI7UxSsgJzCwMYpRBewJ87MkhZBfzsDHt3y0thVJHX1553JITAqPDGVv7gHwEPa6JAy0FiXT6KPiCBopGz7LStVfumFNGwd5BKL4JF1ye+Nif+X3cZoETPPrOXUb2olWXL1ldP95VrfHJtzJYjBn2dBa/GuV8zYvXRTsbLNhKMI0QnYj3UqJYqDyXmgxew4C/d3L4FyAmeyWWDmHREAV5OZLhP0pVGC90ns+m2lOTXO16HBmC3ix64bCbbS0UfE/0wS4VdN5BZhe/PA5jw52YRO1lCcM8ILhhnNSnbIykkOuscLlwoVXmz9D3NOas24/cpT0mH11mjHMGmMRwr0w9+AosH+dzAAKQU/czrmWAF0tPC0CE+9ps+O+hV9xoiI9YHi8BfCyecm9m9a0hLxu2/ahXYg6cD2P03JXphHhI7gj1LzzAZxgXipJjj4RNPzQC/yBaUO+dG4M2u5u0/9hRRAjCmm7i23Pr4r5lGveQUHDA5O34GCy1VJBBvv+xwuZlCeD6tboAaNpzqEr9UKIoRdSVvWt22OesEGdLe0pmvm8usi8Gh4Piaq/K7U4oCt6lFTFnENffRfQ13huvah3L0WHDtDgxk7x0iZMmGU2kAatRpXVnWE0E5FaNj//hZszblTUBccH2VvmM3yDg4hWwhjyr46onQ2cA="
+  - LOGGING_KEY=LogDNAIngestionKey
   - AWS_DEFAULT_REGION=us-east-1
-
+  - secure: j2P03KgHjWbas4Q6swpS0Mq2TQRLOFm+Dc13K4cPTqE8YHOQHq50nOGslFQn6K3C2QfqXR4y7kbsH9HU8tdrhy3EAXfekxN2BhSGD1BecuXzbauH7kTXVKY5HozwtxJ1TgP4uig5jaw/XnOL1SFn+TTkXv5H8NCkm4iOIxH4MgMiAPnuoePVJmIIm9hW4OBn4sLS3cbjWL9Y3qrOJbnjASkoIF9Yj9dzlgD2pq/v3hwYyJHfg/If018wcRQqGk8BAIScJrVnj63xdRn6jJGi6cJisQKKCxjJXegeCZ2R3CmRD+wWZ3z3318daPovlK9hvCsAY91x9Q1SVgj2lfau2evDdjVnjnDMOYmU3V93lhRAn4RDt8Jkhr5aYhukmh1Ca5u5T+SOpNjVoOKqCjfzM/VVP5qW4WmYplgoIWMhhfZSFBU2ta6SOcf7g0NusaWnTY1YiAqRlXT+MLnyFMsDhEhUsn0+soOfXSeThFn1aFUT4jHbU2wxdm/beA67KFvkL3HTFn2f5K2T3uvs8tYDFZB9Zjk0iukCC57r0iHa/esf/ENR1we7Bkw1WLGU21eL/hCJEk5NEf+Vf/kgFY2wZagVr+lKS1WMIS5BG3jm1ByNzmFZe+N3IlYH/hQkqPVJh4klj2MNgqRtSknpNl4xRGjLKI4B++7M1h6LC8iQn7I=
+  - secure: Famc1ERr8UfOaU8MCMri2IXiR6rZ1+WKXu7VMJHGoU9G/CM5X/S/ScfK8uesEGRgHfDljpNMdwKkrMnM5Wn3d6r6LrontOi7DKGuBe174h6r9o448UtEaU9ceiEWKOgT/NLplcBBoCTOiYryQF20sgGFJmZeEYc2U034Ic5reqF3bdN12JaQJiK+UemFK5/9PwdYVPUSs6o4Rwb+RHmcFmh6kVeTBQWtxZYlxuJtyeRY7EjVKsKTYdUuvo7fITlNbvXxk8LWiXNxOz9Tq955ZNso23pPTBGN0zMu2QiEi1cGFnZjPfkilGDoDXWdKlAwH3D0ds+t4bCHpFoQsvU1e6u/dl8P8oC9hG6IYTN3z+9L1IVlLYcfqyq2PJtZkgAKBCNV6WQPwR0vMgXgZbXdJs/vcbgg7VeXwDR5Zpnpt3tHYFhKOVsAohh8Fpq5Ka5fF4724/h4Y6APb0LSwcKPezXHzhEIoIboEQfIUqhh/k2S/vBHAhS2QC9AOPp5wHMUC8fYWW3K+IYkyNFkJMTfZijF+7pmw7aVf8vd4PoXzW8fXTWBu9kays0pkPDazJ0zh0AkENyKIyOLYp8CRBrhwCdplYKbsCh96WQbUYKl4UUSFPl+w/rYv7QeQROikn9pwZwAuFX/GUv0noCELnjj6sVyzis0kn87ZF1REfDxH/k=
 install:
-  - pip install awscli
-
+- pip install awscli
 before_script:
-  - make build
-
+- make build
 script:
-  - make run URL="https://google.com"
-  - make update URL="https://google.com"
-  - make update URL="1.1.1.1"
-  - make update URL="http://letmeoutofyour.net:8081/"
-  - make update URL="httpbin.org/anything/$(cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold
-    -w 32 | head -n 1)"
-  - make update URL="httpbin.org/redirect/6"
-  - make update URL="https://httpbin.org/image/png"
-  - make update URL="https://httpbin.org/headers"
-  - make update URL="https://self-signed.badssl.com/"
-  - make update URL="https://expired.badssl.com/"
-  - make ua UA="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.77 Safari/537.36"
-  - make ua UA="Mozilla/5.0 (Windows NT 6.1; WOW64; rv:64.0) Gecko/20100101 Firefox/64.0"
-  - make ua UA="curl/7.9.8 (i686-pc-linux-gnu) libcurl 7.9.8 (OpenSSL 0.9.6b) (ipv6 enabled)"
-  - make ua UA="python-requests/1.2.0"
-  - make ua UA="Googlebot/2.1 (+http://www.googlebot.com/bot.html)"
-  - make ua UA="Screw you webmaster!!!!"
-  #- make ua UA="Im gonna mess\n\ryou up"
-  - make ua UA=""
-  - make run URL="" || echo "SAVED - Made to fail"
-  - make run URL="file:///etc/passwd" || echo "SAVED - Made to fail"
-  - make run URL="gibberish" || echo "SAVED - Made to fail"
-  - make run URL="mjnjvfidrilyenbbvjwisyzdpycppftjombbxqrtvkcpsbxdnllqupptmhancjqimgcpsfuhzjpdkiaibkcigwyrmaajjszyxvyjekbobdzluepicwnelaaljhkqzmqdupjbhercywvvomwzfszzeptaeaiofiohixlzfwjnlgvilyklivymuknqybunftprnvotjviimcttlyjqfhdefapbpzvzugghzaisdyrmebjurqtzbbheomgmentccdekijireporxxmvqneebbrfzhvgbydzmiaewpqopnxzdsrt" || echo "Made to fail"
-
+- make run URL="https://google.com"
+- make update URL="https://google.com"
+- make update URL="1.1.1.1"
+- make update URL="http://letmeoutofyour.net:8081/"
+- make update URL="httpbin.org/anything/$(cat /dev/urandom | tr -dc 'a-zA-Z0-9' |
+  fold -w 32 | head -n 1)"
+- make update URL="httpbin.org/redirect/6"
+- make update URL="https://httpbin.org/image/png"
+- make update URL="https://httpbin.org/headers"
+- make update URL="https://self-signed.badssl.com/"
+- make update URL="https://expired.badssl.com/"
+- make ua UA="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML,
+  like Gecko) Chrome/70.0.3538.77 Safari/537.36"
+- make ua UA="Mozilla/5.0 (Windows NT 6.1; WOW64; rv:64.0) Gecko/20100101 Firefox/64.0"
+- make ua UA="curl/7.9.8 (i686-pc-linux-gnu) libcurl 7.9.8 (OpenSSL 0.9.6b) (ipv6
+  enabled)"
+- make ua UA="python-requests/1.2.0"
+- make ua UA="Googlebot/2.1 (+http://www.googlebot.com/bot.html)"
+- make ua UA="Screw you webmaster!!!!"
+- make ua UA=""
+- make run URL="" || echo "SAVED - Made to fail"
+- make run URL="file:///etc/passwd" || echo "SAVED - Made to fail"
+- make run URL="gibberish" || echo "SAVED - Made to fail"
+- make run URL="mjnjvfidrilyenbbvjwisyzdpycppftjombbxqrtvkcpsbxdnllqupptmhancjqimgcpsfuhzjpdkiaibkcigwyrmaajjszyxvyjekbobdzluepicwnelaaljhkqzmqdupjbhercywvvomwzfszzeptaeaiofiohixlzfwjnlgvilyklivymuknqybunftprnvotjviimcttlyjqfhdefapbpzvzugghzaisdyrmebjurqtzbbheomgmentccdekijireporxxmvqneebbrfzhvgbydzmiaewpqopnxzdsrt"
+  || echo "Made to fail"
 before_deploy:
-  - make pack
-
+- make pack
 deploy:
-  - provider: s3
-    access_key_id: "$AWS_ACCESS_KEY_ID"
-    secret_access_key: "$AWS_SECRET_ACCESS_KEY"
-    bucket: "$BUCKET_NAME"
-    region: us-east-1
-    upload_dir: "$TEST_FUNCTION_DIR"
-    local_dir: dist/function
-    skip_cleanup: true
-    on:
-      branch: build
-  - provider: s3
-    access_key_id: "$AWS_ACCESS_KEY_ID"
-    secret_access_key: "$AWS_SECRET_ACCESS_KEY"
-    bucket: "$BUCKET_NAME"
-    region: us-east-1
-    upload_dir: "$RUN_FUNCTION_DIR"
-    local_dir: dist/function
-    skip_cleanup: true
-    on:
-      branch: master
-
+- provider: s3
+  access_key_id: "$AWS_ACCESS_KEY_ID"
+  secret_access_key: "$AWS_SECRET_ACCESS_KEY"
+  bucket: "$BUCKET_NAME"
+  region: us-east-1
+  upload_dir: "$TEST_FUNCTION_DIR"
+  local_dir: dist/function
+  skip_cleanup: true
+  on:
+    branch: build
+- provider: s3
+  access_key_id: "$AWS_ACCESS_KEY_ID"
+  secret_access_key: "$AWS_SECRET_ACCESS_KEY"
+  bucket: "$BUCKET_NAME"
+  region: us-east-1
+  upload_dir: "$RUN_FUNCTION_DIR"
+  local_dir: dist/function
+  skip_cleanup: true
+  on:
+    branch: master
 after_deploy:
-  - if [ $TRAVIS_BRANCH == "build" ]; then
-      aws lambda update-function-code --function-name $TEST_FUNCTION_NAME --s3-bucket $BUCKET_NAME --s3-key $TEST_FUNCTION_DIR/build.zip;
-    else echo "Skipping Lambda update for $TEST_FUNCTION_NAME.";
-    fi
-  - if [ $TRAVIS_BRANCH == "master" ]; then
-      aws lambda update-function-code --function-name $RUN_FUNCTION_NAME --s3-bucket $BUCKET_NAME --s3-key $RUN_FUNCTION_DIR/build.zip;
-    else echo "Skipping Lambda update for $RUN_FUNCTION_NAME.";
-    fi
-
+- if [ $TRAVIS_BRANCH == "build" ]; then aws lambda update-function-code --function-name
+  $TEST_FUNCTION_NAME --s3-bucket $BUCKET_NAME --s3-key $TEST_FUNCTION_DIR/build.zip;
+  else echo "Skipping Lambda update for $TEST_FUNCTION_NAME."; fi
+- if [ $TRAVIS_BRANCH == "master" ]; then aws lambda update-function-code --function-name
+  $RUN_FUNCTION_NAME --s3-bucket $BUCKET_NAME --s3-key $RUN_FUNCTION_DIR/build.zip;
+  else echo "Skipping Lambda update for $RUN_FUNCTION_NAME."; fi
 notifications:
   slack:
     template:
-        - "Build <%{build_url}|#%{build_number}> (<%{compare_url}|%{commit}>) of *%{repository_slug}* @ %{branch} %{result} in %{duration}"
+    - Build <%{build_url}|#%{build_number}> (<%{compare_url}|%{commit}>) of *%{repository_slug}*
+      @ %{branch} %{result} in %{duration}
     rooms:
-      secure: t5ThZ20j8M5RwvJQQYyN+0MYjqefgrv7OtdUYDpzpxCCB2o9lGTYmIuQrLRZY7BIA1SZS3nIiZvwudR41ibcjfF/Np5W0FntezLRmfpPCic4V8aG4F0iTINNJPK6+6KDHmKEylSjtB30lhp2Xa/4uXvrcHRbFct/+QDAD6WtjkKQvm1OFRFq7GVkWCHp5AyQRzaJaKGJ9OjWJAHaYxN+QTuubLW0PVjbeb/3b7qt3v/iqCngmynaan5xghy2P9RiMo9ll5aTSiSrtQC1s1o2uR4ISheZ5BJPT6yypemlxPUWMBe1t48JZXp2HQCm4yncgqlavwmeWffw/cN7vYYjuQeNhgWUYVI03PbbNvF/yX1a++PFtnL4Q1/6ZKo/xcQG74fVCmnVzdBQ9s3I4JybgRTyQyXpQbmRQRmZkQKojCtenycc8ShtkRyRN/H05yq1gmRd55qBxZb2rzaFmd+uKnM1NbQmPzhR7Dn1YRLPpFBFlOVYl7xlDi8ITpdxUJvjjjbgIkTn0UamYjdG1MjXWOFgi+qQfPnQ5vYWGNOxiGOQ7uGlD8pvatyzFJkPhMBSU3QNm5OB7hTlPJDwZCMmtvV+uO4itXU6dfPO1SZdtgshUi1hUNtuu7r1JsAtq7zGXaYjLhk7feNJ6z3oq6V8DVd7HQK+TkEUN6OghAFae20=
+      secure: t5ThZ20j8M5RwvJQQYyN+0MYjqefgrv7OtdUYDpzpxCCB2o9lGTYmIuQrLRZY7BIA1SZS3nIiZvwudR41ibcjfF/Np5W0FntezLRmfpPCic4V8aG4F0iTINNJPK6+6KDHmKEylSjtB30lhp2Xa/4uXvrcHRbFct/+QDAD6WtjkKQvm1OFRFq7GVkWCHp5AyQRzaJaKGJ9OjWJAHaYxN+QTuubLW0PVjbeb/3b7qt3v/iqCngmynaan5xghy2P9RiMo9ll5aTSiSrtQC1s1o2uR4ISheZ5BJPT6yypemlxPUWMBe1t48JZXp2HQCm4yncgqlavwmeWffw/cN7vYYjuQeNhgWUYVI03PbbNvF/yX1a++PFtnL4Q1/6ZKo/xcQG74fVCmnVzdBQ9s3I4JybgRTyQyXpQbmRQRmZkQKojCtenycc8ShtkRyRN/H05yq1gmRd55qBxZb2rzaFmd+uKnM1NbQmPzhR7Dn1YRLPpFBFlOVYl7xlDi8ITpdxUJvjjjbgIkTn0UamYjdG1MjXWOFgi+qQfPnQ5vYWGNOxiGOQ7uGlD8pvatyzFJkPhMBSU3QNm5OB7hTlPJDwZCMmtvV+uO4itXU6dfPO1SZdtgshUi1hUNtuu7r1JsAtq7zGXaYjLhk7feNJ6z3oq6V8DVd7HQK+TkEUN6OghAFae20=
diff --git a/Makefile b/Makefile
@@ -89,8 +89,8 @@ pack: clean fetch-dependencies
 # Update the test Lambda function with the current local code
 #
 deploy-test: pack
-	aws s3 cp ./build.zip s3://${S3_BUCKET}/${TEST_S3_KEY} --profile ${AWS_USER}
-	aws lambda update-function-code --function-name ${TEST_FUNCTION_NAME} --s3-bucket ${S3_BUCKET} --s3-key ${TEST_S3_KEY} --profile ${AWS_USER} 
+	aws s3 cp ./dist/function/build.zip s3://${S3_BUCKET}/${TEST_S3_KEY} --profile ${AWS_USER}
+	aws --region us-east-1 lambda update-function-code --function-name ${TEST_FUNCTION_NAME} --s3-bucket ${S3_BUCKET} --s3-key ${TEST_S3_KEY} --profile ${AWS_USER} 
 
 #
 # Copy the code from the test environment to

diff --git a/docker-compose.yml b/docker-compose.yml
@@ -8,6 +8,7 @@ services:
       - PATH=/var/task/bin
       - AWS_ACCESS_KEY_ID
       - AWS_SECRET_ACCESS_KEY
+      - CI
       - GLIMPSE_BUCKET_NAME=glimpsefiles
       - GLIMPSE_SCREENSHOT_DIR=test/screenshots/  
       - GLIMPSE_DB_TABLE=glimpsetest

diff --git a/src/lambda_function.py b/src/lambda_function.py
@@ -7,6 +7,7 @@
 import glimpse_driver as gd
 from s3_help import S3
 from db_help import DynamoDB
+import logging_help
 from selenium.common.exceptions import WebDriverException
 
 # MD5 hash a string like the URL
@@ -121,6 +122,9 @@ def lambda_handler(event, context):
 
         db.put(db_data)
 
+        print('[!] Logging Scan')
+        logging_help.log_scan(db_data)
+
         return return_data
 
     except WebDriverException as e:

diff --git a/src/logging_help.py b/src/logging_help.py
@@ -0,0 +1,109 @@
+# Use this code snippet in your app.
+# If you need more information about configurations or implementing the sample code, visit the AWS docs:   
+# https://aws.amazon.com/developers/getting-started/python/
+
+import os
+import boto3
+import json
+import base64
+import requests
+from requests.auth import HTTPBasicAuth
+from botocore.exceptions import ClientError
+
+def get_secret():
+
+    secret_name = 'LogDNAIngestionKey' # os.environ['LOGGING_KEY']
+    region_name = "us-east-1"
+
+
+    #secrets_client = boto3.client('secretsmanager')
+    #secret_arn = "arn:aws:secretsmanager:us-east-1:358663747217:secret:LogDNAIngestionKey-HEKYmj"
+    #auth_token = secrets_client.get_secret_value(SecretId=secret_arn).get('logdna-ingestion')
+
+    #return auth_token
+
+
+    # Create a Secrets Manager client
+    session = boto3.session.Session()
+    client = session.client(
+        service_name='secretsmanager',
+        region_name=region_name
+    )
+
+    # In this sample we only handle the specific exceptions for the 'GetSecretValue' API.
+    # See https://docs.aws.amazon.com/secretsmanager/latest/apireference/API_GetSecretValue.html
+    # We rethrow the exception by default.
+
+    secret = '{}'
+
+    try:
+        get_secret_value_response = client.get_secret_value(
+            SecretId=secret_name
+        )
+    except ClientError as e:
+        if e.response['Error']['Code'] == 'DecryptionFailureException':
+            # Secrets Manager can't decrypt the protected secret text using the provided KMS key.
+            # Deal with the exception here, and/or rethrow at your discretion.
+            raise e
+        elif e.response['Error']['Code'] == 'InternalServiceErrorException':
+            # An error occurred on the server side.
+            # Deal with the exception here, and/or rethrow at your discretion.
+            raise e
+        elif e.response['Error']['Code'] == 'InvalidParameterException':
+            # You provided an invalid value for a parameter.
+            # Deal with the exception here, and/or rethrow at your discretion.
+            raise e
+        elif e.response['Error']['Code'] == 'InvalidRequestException':
+            # You provided a parameter value that is not valid for the current state of the resource.
+            # Deal with the exception here, and/or rethrow at your discretion.
+            raise e
+        elif e.response['Error']['Code'] == 'ResourceNotFoundException':
+            # We can't find the resource that you asked for.
+            # Deal with the exception here, and/or rethrow at your discretion.
+            raise e
+    else:
+        # Decrypts secret using the associated KMS CMK.
+        # Depending on whether the secret is a string or binary, one of these fields will be populated.
+        if 'SecretString' in get_secret_value_response:
+            secret = get_secret_value_response['SecretString']
+        else:
+            secret = base64.b64decode(get_secret_value_response['SecretBinary'])
+
+    return json.loads(secret).get('logdna-ingestion')
+
+def log_scan(db_data):
+
+    log_env = "unknown"
+
+    if "CI" in os.environ and os.environ.get("CI") == "true":
+        log_env = "test"
+    else:
+        log_env = "production"
+
+    logdna = get_secret()
+
+    logdata = {
+        "lines": [
+            {
+                "line": "A new scan was initiated | {}".format(db_data["title"]),
+                "app": "glimpse",
+                "level": "INFO",
+                "env": log_env,
+                "meta": {
+                    "urlhash": db_data["urlhash"],
+                    "url": db_data["url"],
+                    "effectiveurl": db_data["effectiveurl"],
+                    "title": db_data["title"],
+                    "timescanned": db_data["timescanned"],
+                    "numscans": int(db_data["numscans"])
+                }
+            }
+        ]
+    }
+
+    h_data = {"Content-Type": "application/json; charset=UTF-8"}
+
+    submission = requests.post('https://logs.logdna.com/logs/ingest?hostname=GLIMPSE', json=logdata, headers=h_data, auth=HTTPBasicAuth(logdna, ''))
+
+    if submission.status_code != 200: # or submission.json['status'] != "ok":
+        raise ValueError('Got status {}'.format(submission.status_code))