Make cve-search endpoint configurable

https://cve.circl.lu/ disabled the public API due to misuse so please bring up your own instance configurable via --cve-url Signed-off-by: Markus Blaschke <[email protected]>
webdevops · Jun 29, 2020 · 0c79ba7 · 0c79ba7
1 parent d681f8b
commit 0c79ba7
Show file tree

Hide file tree

Showing 5 changed files with 31 additions and 33 deletions.
diff --git a/README.md b/README.md
@@ -7,25 +7,31 @@ AppRelease and CVE Exporter
 
 Prometheus exporter for Application releases supports Docker and GitHub and is able to fetch CVE reports via [https://cve.circl.lu/](https://cve.circl.lu/).
 
-Configuration
--------------
-
-Normally no configuration is needed but can be customized using environment variables.
-
-| Environment variable              | DefaultValue                | Description                                                       |
-|-----------------------------------|-----------------------------|-------------------------------------------------------------------|
-| `CONFIG`                          | `empty`                     | Path to configuration yaml, eg. see `example.yaml`                |
-| `SCRAPE_TIME`                     | `12h`                       | Default scrape time (time.Duration)                               |
-| `SCRAPE_TIME_DOCKER`              | -> SCRAPE_TIME              | Scrape time for Docker releases                                   |
-| `SCRAPE_TIME_GITHUB  `            | -> SCRAPE_TIME              | Scrape time for GitHub releases                                   |
-| `SERVER_BIND`                     | `:8080`                     | IP/Port binding                                                   |
-| `DISABLE_CVE`                     | `empty`                     | Disable CVE report fetching (even if configured)                  |
-| `GITHUB_PERSONALACCESSTOKEN`      | `empty`                     | GitHub personal access token for avoiding rate limit              |
-| `GITHUB_SCRAPEWAIT`               | `2s`                        | Wait time between release scrapings to releax api stress          |
-| `GITHUB_LIMIT`                    | `25`                        | Number of releases to fetch (only first page is scraped)          |
-| `DOCKER_LIMIT`                    | `25`                        | Number of releases to fetch (only first page is scraped)          |
-| `CACHE_PATH`                      | `empty`                     | Path where CVE json files should be stored                        |
-| `CACHE_TTL`                       | `24h`                       | TTL (time.Duration) when cached CVE reports should be fetched again |
+Usage
+-----
+
+```
+Usage:
+  apprelease-exporter [OPTIONS]
+
+Application Options:
+  -v, --verbose                     Verbose mode [$VERBOSE]
+  -c, --config=                     Config path [$CONFIG]
+      --bind=                       Server address (default: :8080) [$SERVER_BIND]
+      --scrape-time=                Default scrape time (time.duration) (default: 12h) [$SCRAPE_TIME]
+      --scrape-time.docker=         Scrape time for Docker (time.duration) [$SCRAPE_TIME_DOCKER]
+      --scrape-time.github=         Scrape time for Github (time.duration) [$SCRAPE_TIME_GITHUB]
+      --cve.url=                    URL to cve-search instance (see https://github.com/cve-search/cve-search) [$CVE_URL]
+      --github.personalaccesstoken= GitHub personal access token [$GITHUB_PERSONALACCESSTOKEN]
+      --github.scrape-wait=         Wait number between project waits (default: 2s) [$GITHUB_SCRAPEWAIT]
+      --github.limit=               Number of results fetched from GitHub (default: 25) [$GITHUB_LIMIT]
+      --docker.limit=               Number of tags fetched from Docker (default: 25) [$DOCKER_LIMIT]
+      --cache.path=                 Cache path [$CACHE_PATH]
+      --cache.ttl=                  Cache expiry (default: 24h) [$CACHE_TTL]
+
+Help Options:
+  -h, --help                        Show this help message
+```
 
 Configuration file
 ------------------

diff --git a/config.go b/config.go
@@ -114,7 +114,7 @@ func (r *ConfigProjectCommonReplacement) Apply(val string) string {
 }
 
 func (p *ConfigProjectCommon) CveReportClient() (client *CveClient) {
-	if !opts.DisableCve && p.Cve.Vendor != "" && p.Cve.Product != "" {
+	if opts.CveUrl != "" && p.Cve.Vendor != "" && p.Cve.Product != "" {
 		client = NewCveClient(p.Cve)
 	}
 

diff --git a/main.go b/main.go
@@ -41,7 +41,7 @@ var opts struct {
 	ScrapeTimeGithub *time.Duration `long:"scrape-time.github"  env:"SCRAPE_TIME_GITHUB"    description:"Scrape time for Github (time.duration)"`
 
 	// settings
-	DisableCve bool `long:"disable.cve"  env:"DISABLE_CVE"    description:"Disable CVE reports"`
+	CveUrl string `long:"cve.url"  env:"CVE_URL"    description:"URL to cve-search instance (see https://github.com/cve-search/cve-search)"`
 
 	// github
 	GithubPersonalAccessToken *string       `long:"github.personalaccesstoken"  env:"GITHUB_PERSONALACCESSTOKEN" description:"GitHub personal access token"`
@@ -79,10 +79,10 @@ func main() {
 		Logger.Infof("   cache ttl: %v", opts.CacheTtl.String())
 	}
 
-	if opts.DisableCve {
-		Logger.Infof("  cve report: disabled")
+	if opts.CveUrl != "" {
+		Logger.Infof("  cve endpoint: %s", opts.CveUrl)
 	} else {
-		Logger.Infof("  cve report: enabled")
+		Logger.Infof("  cve report: disabled")
 	}
 
 	initMetricCollector()

diff --git a/misc.go b/misc.go
@@ -1,16 +1,8 @@
 package main
 
-import (
-	"time"
-)
-
 func boolToString(b bool) string {
 	if b {
 		return "true"
 	}
 	return "false"
 }
-
-func timeToFloat64(v time.Time) float64 {
-	return float64(v.Unix())
-}
diff --git a/service-cve.go b/service-cve.go
@@ -81,7 +81,7 @@ func NewCveClient(conf ConfigProjectCommonCve) *CveClient {
 
 	c.restClient = resty.New()
 	c.restClient.SetHeader("User-Agent", fmt.Sprintf("apprelease-exporter/%s", gitTag))
-	c.restClient.SetHostURL("https://cve.circl.lu/")
+	c.restClient.SetHostURL(opts.CveUrl)
 	c.restClient.SetHeader("Accept", "application/json")
 
 	return c