536f6249a6
Some checks failed
Docs CI / lint-and-preview (push) Has been cancelled
- Created CycloneDX and SPDX SBOM files for both reachable and unreachable images. - Added symbols.json detailing function entry and sink points in the WordPress code. - Included runtime traces for function calls in both reachable and unreachable scenarios. - Developed OpenVEX files indicating vulnerability status and justification for both cases. - Updated README for evaluator harness to guide integration with scanner output.
157 lines
6.1 KiB
C#
157 lines
6.1 KiB
C#
using System.Diagnostics;
|
|
using Microsoft.Extensions.DependencyInjection;
|
|
using Microsoft.Extensions.Hosting;
|
|
using Microsoft.Extensions.Logging;
|
|
using Microsoft.Extensions.Options;
|
|
using Microsoft.Extensions.DependencyInjection.Extensions;
|
|
using StellaOps.Auth.Client;
|
|
using StellaOps.Configuration;
|
|
using StellaOps.Scanner.Cache;
|
|
using StellaOps.Scanner.Analyzers.OS.Plugin;
|
|
using StellaOps.Scanner.Analyzers.Lang.Plugin;
|
|
using StellaOps.Scanner.EntryTrace;
|
|
using StellaOps.Scanner.Core.Security;
|
|
using StellaOps.Scanner.Surface.Env;
|
|
using StellaOps.Scanner.Surface.FS;
|
|
using StellaOps.Scanner.Surface.Secrets;
|
|
using StellaOps.Scanner.Surface.Validation;
|
|
using StellaOps.Scanner.Worker.Diagnostics;
|
|
using StellaOps.Scanner.Worker.Hosting;
|
|
using StellaOps.Scanner.Worker.Options;
|
|
using StellaOps.Scanner.Worker.Processing;
|
|
using StellaOps.Scanner.Worker.Processing.Surface;
|
|
using StellaOps.Scanner.Storage.Extensions;
|
|
using StellaOps.Scanner.Storage;
|
|
|
|
var builder = Host.CreateApplicationBuilder(args);
|
|
|
|
builder.Services.AddOptions<ScannerWorkerOptions>()
|
|
.BindConfiguration(ScannerWorkerOptions.SectionName)
|
|
.ValidateOnStart();
|
|
|
|
builder.Services.AddSingleton<IValidateOptions<ScannerWorkerOptions>, ScannerWorkerOptionsValidator>();
|
|
builder.Services.AddSingleton(TimeProvider.System);
|
|
builder.Services.AddScannerCache(builder.Configuration);
|
|
builder.Services.AddSurfaceEnvironment(options =>
|
|
{
|
|
options.ComponentName = "Scanner.Worker";
|
|
});
|
|
builder.Services.AddSurfaceValidation();
|
|
builder.Services.AddSurfaceFileCache();
|
|
builder.Services.AddSurfaceSecrets();
|
|
builder.Services.AddSingleton<IConfigureOptions<SurfaceCacheOptions>>(sp =>
|
|
new SurfaceCacheOptionsConfigurator(sp.GetRequiredService<ISurfaceEnvironment>()));
|
|
builder.Services.AddSingleton<ScannerWorkerMetrics>();
|
|
builder.Services.AddSingleton<ScanProgressReporter>();
|
|
builder.Services.AddSingleton<ScanJobProcessor>();
|
|
builder.Services.AddSingleton<LeaseHeartbeatService>();
|
|
builder.Services.AddSingleton<IDelayScheduler, SystemDelayScheduler>();
|
|
|
|
builder.Services.AddEntryTraceAnalyzer();
|
|
builder.Services.AddSingleton<IEntryTraceExecutionService, EntryTraceExecutionService>();
|
|
|
|
var storageSection = builder.Configuration.GetSection("ScannerStorage");
|
|
var connectionString = storageSection.GetValue<string>("Mongo:ConnectionString");
|
|
if (!string.IsNullOrWhiteSpace(connectionString))
|
|
{
|
|
builder.Services.AddScannerStorage(storageSection);
|
|
builder.Services.AddSingleton<IConfigureOptions<ScannerStorageOptions>, ScannerStorageSurfaceSecretConfigurator>();
|
|
builder.Services.AddSingleton<ISurfaceManifestPublisher, SurfaceManifestPublisher>();
|
|
builder.Services.AddSingleton<IScanStageExecutor, SurfaceManifestStageExecutor>();
|
|
}
|
|
|
|
builder.Services.TryAddSingleton<IScanJobSource, NullScanJobSource>();
|
|
builder.Services.TryAddSingleton<IPluginCatalogGuard, RestartOnlyPluginGuard>();
|
|
builder.Services.AddSingleton<IOSAnalyzerPluginCatalog, OsAnalyzerPluginCatalog>();
|
|
builder.Services.AddSingleton<ILanguageAnalyzerPluginCatalog, LanguageAnalyzerPluginCatalog>();
|
|
builder.Services.AddSingleton<IScanAnalyzerDispatcher, CompositeScanAnalyzerDispatcher>();
|
|
builder.Services.AddSingleton<IScanStageExecutor, RegistrySecretStageExecutor>();
|
|
builder.Services.AddSingleton<IScanStageExecutor, AnalyzerStageExecutor>();
|
|
|
|
builder.Services.AddSingleton<ScannerWorkerHostedService>();
|
|
builder.Services.AddHostedService(sp => sp.GetRequiredService<ScannerWorkerHostedService>());
|
|
|
|
var workerOptions = builder.Configuration.GetSection(ScannerWorkerOptions.SectionName).Get<ScannerWorkerOptions>() ?? new ScannerWorkerOptions();
|
|
builder.Services.AddStellaOpsCrypto(workerOptions.Crypto);
|
|
|
|
builder.Services.Configure<HostOptions>(options =>
|
|
{
|
|
options.ShutdownTimeout = workerOptions.Shutdown.Timeout;
|
|
});
|
|
|
|
builder.ConfigureScannerWorkerTelemetry(workerOptions);
|
|
|
|
if (workerOptions.Authority.Enabled)
|
|
{
|
|
builder.Services.AddStellaOpsAuthClient(clientOptions =>
|
|
{
|
|
clientOptions.Authority = workerOptions.Authority.Issuer?.Trim() ?? string.Empty;
|
|
clientOptions.ClientId = workerOptions.Authority.ClientId?.Trim() ?? string.Empty;
|
|
clientOptions.ClientSecret = workerOptions.Authority.ClientSecret;
|
|
clientOptions.EnableRetries = workerOptions.Authority.Resilience.EnableRetries ?? true;
|
|
clientOptions.HttpTimeout = TimeSpan.FromSeconds(workerOptions.Authority.BackchannelTimeoutSeconds);
|
|
|
|
clientOptions.DefaultScopes.Clear();
|
|
foreach (var scope in workerOptions.Authority.Scopes)
|
|
{
|
|
if (string.IsNullOrWhiteSpace(scope))
|
|
{
|
|
continue;
|
|
}
|
|
|
|
clientOptions.DefaultScopes.Add(scope);
|
|
}
|
|
|
|
clientOptions.RetryDelays.Clear();
|
|
foreach (var delay in workerOptions.Authority.Resilience.RetryDelays)
|
|
{
|
|
if (delay <= TimeSpan.Zero)
|
|
{
|
|
continue;
|
|
}
|
|
|
|
clientOptions.RetryDelays.Add(delay);
|
|
}
|
|
|
|
if (workerOptions.Authority.Resilience.AllowOfflineCacheFallback is bool allowOffline)
|
|
{
|
|
clientOptions.AllowOfflineCacheFallback = allowOffline;
|
|
}
|
|
|
|
if (workerOptions.Authority.Resilience.OfflineCacheTolerance is { } tolerance && tolerance > TimeSpan.Zero)
|
|
{
|
|
clientOptions.OfflineCacheTolerance = tolerance;
|
|
}
|
|
});
|
|
}
|
|
|
|
builder.Logging.Configure(options =>
|
|
{
|
|
options.ActivityTrackingOptions = ActivityTrackingOptions.SpanId
|
|
| ActivityTrackingOptions.TraceId
|
|
| ActivityTrackingOptions.ParentId;
|
|
});
|
|
|
|
var host = builder.Build();
|
|
|
|
await host.RunAsync();
|
|
|
|
public partial class Program;
|
|
|
|
internal sealed class SurfaceCacheOptionsConfigurator : IConfigureOptions<SurfaceCacheOptions>
|
|
{
|
|
private readonly ISurfaceEnvironment _surfaceEnvironment;
|
|
|
|
public SurfaceCacheOptionsConfigurator(ISurfaceEnvironment surfaceEnvironment)
|
|
{
|
|
_surfaceEnvironment = surfaceEnvironment ?? throw new ArgumentNullException(nameof(surfaceEnvironment));
|
|
}
|
|
|
|
public void Configure(SurfaceCacheOptions options)
|
|
{
|
|
ArgumentNullException.ThrowIfNull(options);
|
|
var settings = _surfaceEnvironment.Settings;
|
|
options.RootDirectory = settings.CacheRoot.FullName;
|
|
}
|
|
}
|