Ejemplo n.º 1
0
        private async Task StartAsync(GitHubClient client, long repoId, Guid requestId)
        {
            // download a ZIP
            byte[] buffer = null;
            try
            {
                buffer = await ScanHelper.DownloadRepoZip(client, repoId).ConfigureAwait(false);
            }
            catch (Exception ex)
            {
                throw ex;
            }

            // upload buffer to storage
            string blobUri = await ScanHelper.UploadBufferToStorage(buffer, requestId.ToString());

            // create worker notification message (include the requestId)
            MalwareDeterminationRequest scanRequest = new MalwareDeterminationRequest
            {
                ClientId        = "GitHubScanX",
                FileName        = $"{requestId.ToString()}.zip",
                FileSizeInBytes = 1000, //dummy
                RequestId       = requestId,
                Uri             = new Uri(blobUri)
            };

            // notify worker (aka put the notification message to a queue
            ScanXMock mock = new ScanXMock();

            // Fire and forget (for POC)
            mock.SendScanRequest(scanRequest);
        }
Ejemplo n.º 2
0
        private async Task StartExecution()
        {
            IReadOnlyList <Installation> installations = await this.gitHubAppClient.GitHubApps.GetAllInstallationsForCurrent().ConfigureAwait(false);

            try
            {
                if (!this.IsGitHubInstallationClientValid())
                {
                    throw new InvalidOperationException("Error: gitHubInstallationClient is invalid.");
                }

                if (IsPullRequest)
                {
                    ICheckSuitesClient checkSuiteClient = gitHubInstallationClient.Check.Suite;

                    CheckSuitesResponse x = await checkSuiteClient.GetAllForReference(CurrentRepository.Id, CommitSha).ConfigureAwait(false);

                    if (x.TotalCount > 0)
                    {
                        long checkSuiteId = x.CheckSuites.FirstOrDefault().Id;
                        bool res          = await checkSuiteClient.Rerequest(CurrentRepository.Id, checkSuiteId);
                    }
                    else
                    {
                        var newCheckSuite = new NewCheckSuite(CommitSha);
                        try
                        {
                            CheckSuite suite =
                                await checkSuiteClient.Create(
                                    CurrentRepository.Owner.Login,
                                    CurrentRepository.Name, newCheckSuite)
                                .ConfigureAwait(false);
                        }
                        catch (Exception ex)
                        {
                        }
                    }

                    return;
                }

                ICheckRunsClient checkRunClient = gitHubInstallationClient.Check.Run;

                // Create a new heckRun in GitHub
                var newCheckRun = new NewCheckRun("ScanX", CommitSha)
                {
                    Status = CheckStatus.Queued,
                };

                CheckRun checkRun =
                    await checkRunClient.Create(
                        CurrentRepository.Owner.Login,
                        CurrentRepository.Name,
                        newCheckRun)
                    .ConfigureAwait(false);

                // --- Downoad a ZIP ---
                byte[] buffer = await ScanHelper.DownloadRepoZip(gitHubInstallationClient, CurrentRepository.Id, CommitSha).ConfigureAwait(false);

                int size = buffer.Length;

                // Upload ZIP to a storage blob
                string blobName = $"{RequestId.ToString()}";
                string blobUri  = await ScanHelper.UploadBufferToStorage(buffer, blobName);

                // Update check's status to "in progress"
                CheckRunUpdate checkRunUpdate = new CheckRunUpdate
                {
                    Status = CheckStatus.InProgress,
                    Name   = checkRun.Name
                };
                checkRun = await checkRunClient.Update(CurrentRepository.Id, checkRun.Id, checkRunUpdate).ConfigureAwait(false);

                // --- Start a scan ---
                // Simulate sending of a message to a SB queue
                // Create worker notification message
                MalwareDeterminationRequest scanRequest = new MalwareDeterminationRequest();
                scanRequest.ClientId        = "GitHubScanX";
                scanRequest.FileName        = $"{RequestId.ToString()}.zip";
                scanRequest.FileSizeInBytes = 1000; //dummy
                scanRequest.RequestId       = RequestId;
                scanRequest.Uri             = new Uri(blobUri);

                // Notify worker (aka put the notification message to a queue)
                ScanXMock mock = new ScanXMock();
                await mock.SendScanRequest(scanRequest).ConfigureAwait(false);

                // --- Poll for a scan completion ---
                MalwareDeterminationResult scanResult;
                do
                {
                    await Task.Delay(500).ConfigureAwait(false);

                    if (await mock.TryGetResult(RequestId))
                    {
                        scanResult = await mock.GetResult(RequestId).ConfigureAwait(false);

                        break;
                    }
                }while (true); //!!!! for POC only

                checkRunUpdate.Status      = CheckStatus.Completed;
                checkRunUpdate.CompletedAt = DateTime.UtcNow;
                checkRunUpdate.Conclusion  = scanResult.WorkStatus == WorkStatus.Clean ? CheckConclusion.Success : CheckConclusion.Failure;

                if (checkRunUpdate.Conclusion == CheckConclusion.Failure)
                {
                    checkRunUpdate.Output = new NewCheckRunOutput(
                        "Scan Report",
                        $"GitScan detected {scanResult.ConfirmedMalwares.Count()} infected files. See details below.");

                    checkRunUpdate.Output.Text  = "| File Path| Malware Type| AV Engines|\n";
                    checkRunUpdate.Output.Text += "|:---|:---|:---|\n";

                    foreach (var entry in scanResult.ConfirmedMalwares)
                    {
                        checkRunUpdate.Output.Text += $"|{entry.FileName}|{entry.MalwareInfo}|{string.Join(",", entry.AvEngines.ToArray())}";
                    }
                }

                checkRun = await checkRunClient.Update(CurrentRepository.Id, checkRun.Id, checkRunUpdate).ConfigureAwait(false);
            }
            catch (Exception ex)
            {
                Console.WriteLine($"Exception: {ex.Message}");
            }
        }