api/v0/scan: accept request body (#25)

* api/v0/scan: accept request body * add future note
shinobistack · Oct 21, 2024 · 2f5b0ed · 2f5b0ed
1 parent 2872ea2
commit 2f5b0ed
Show file tree

Hide file tree

Showing 3 changed files with 37 additions and 11 deletions.
diff --git a/go.mod b/go.mod
@@ -16,5 +16,6 @@ require (
 	github.com/rogpeppe/go-internal v1.12.0 // indirect
 	github.com/spf13/cobra v1.8.1 // indirect
 	github.com/spf13/pflag v1.0.5 // indirect
+	golang.org/x/exp v0.0.0-20241009180824-f66d83c29e7c // indirect
 	gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c // indirect
 )
diff --git a/go.sum b/go.sum
@@ -22,6 +22,8 @@ github.com/spf13/cobra v1.8.1 h1:e5/vxKd/rZsfSJMUX1agtjeTDf+qv1/JdBF8gg5k9ZM=
 github.com/spf13/cobra v1.8.1/go.mod h1:wHxEcudfqmLYa8iTfL+OuZPbBZkmvliBWKIezN3kD9Y=
 github.com/spf13/pflag v1.0.5 h1:iy+VFUOCP1a+8yFto/drg2CJ5u0yRoB7fZw3DKv/JXA=
 github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg=
+golang.org/x/exp v0.0.0-20241009180824-f66d83c29e7c h1:7dEasQXItcW1xKJ2+gg5VOiBnqWrJc+rq0DPKyvvdbY=
+golang.org/x/exp v0.0.0-20241009180824-f66d83c29e7c/go.mod h1:NQtJDoLvd6faHhE7m4T/1IY708gDefGGjR/iUW8yQQ8=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk=
 gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q=

diff --git a/pkg/api/scan.go b/pkg/api/scan.go
@@ -17,6 +17,7 @@ import (
 	"github.com/ashwiniag/goKakashi/pkg/scanner"
 	"github.com/ashwiniag/goKakashi/pkg/utils"
 	_ "github.com/ashwiniag/goKakashi/pkg/utils"
+	"golang.org/x/exp/maps"
 )
 
 var (
@@ -25,6 +26,12 @@ var (
 	statusMutex     = &sync.Mutex{}
 )
 
+type ScanRequest struct {
+	Image    string `json:"image"`
+	Severity string `json:"severity"`
+	Publish  string `json:"publish"`
+}
+
 type ScanResponse struct {
 	ScanID string `json:"scan_id"`
 	Status string `json:"status"`
@@ -61,21 +68,37 @@ func updateScanStatus(scanID string, status ScanStatus) {
 
 // StartSingleImageScan POST /api/v0/scan?image=<>&severity=<>&publish=<>
 func StartScan(w http.ResponseWriter, r *http.Request, websites map[string]config.Website) {
-	image := r.URL.Query().Get("image")
-	if image == "" {
+	var req ScanRequest
+
+	err := json.NewDecoder(r.Body).Decode(&req)
+	if err != nil {
+		// Check request params if there is no valid request body
+		// TODO: get rid of this block after doing https://github.com/shinobistack/gokakashi-scan-action/issues/6
+		req.Image = r.URL.Query().Get("image")
+		req.Severity = r.URL.Query().Get("severity")
+		req.Publish = r.URL.Query().Get("publish")
+	}
+
+	if req.Image == "" {
 		http.Error(w, jsonErrorResponse("Image is missing"), http.StatusBadRequest)
 		return
 	}
 
-	// Ensure it can take severity is either HIGH or CRITICAL or HIGH,CRITICAL
-	severity := r.URL.Query().Get("severity")
-	if severity == "" || !(severity == "HIGH" || severity == "CRITICAL" || severity == "HIGH,CRITICAL") {
-		http.Error(w, jsonErrorResponse("Severity must be HIGH, CRITICAL, or HIGH,CRITICAL"), http.StatusBadRequest)
+	allowedSev := map[string]struct{}{"HIGH": {}, "CRITICAL": {}}
+	validSev := true
+	for _, sev := range strings.Split(req.Severity, ",") {
+		if _, exists := allowedSev[sev]; !exists {
+			validSev = false
+			break
+		}
+	}
+	if !validSev {
+		http.Error(w, jsonErrorResponse(fmt.Sprintf("Severity must be %s", strings.Join(maps.Keys(allowedSev), ","))), http.StatusBadRequest)
 		return
 	}
+
 	// Publish to mentioned website.ReportSubDir
-	publishTarget := r.URL.Query().Get("publish")
-	if publishTarget == "" {
+	if req.Publish == "" {
 		http.Error(w, jsonErrorResponse("publish field is missing, report will not be saved"), http.StatusBadRequest)
 		return
 	}
@@ -84,17 +107,17 @@ func StartScan(w http.ResponseWriter, r *http.Request, websites map[string]confi
 	scanID := generateScanID()
 	updateScanStatus(scanID, StatusQueued)
 
-	log.Printf("Initiating scan for image %s with severity %s", image, severity)
+	log.Printf("Initiating scan for image %s with severity %s", req.Image, req.Severity)
 
 	// Start the scan asynchronously
-	go runScan(scanID, image, severity, publishTarget, websites)
+	go runScan(scanID, req.Image, req.Severity, req.Publish, websites)
 
 	response := ScanResponse{
 		ScanID: scanID,
 		Status: string(StatusQueued),
 	}
 	w.Header().Set("Content-Type", "application/json")
-	err := json.NewEncoder(w).Encode(response)
+	err = json.NewEncoder(w).Encode(response)
 	if err != nil {
 		log.Println("Error responding json", err)
 		return