github.com/greenboxal/deis@v1.12.1/builder/src/publish-release-controller.go

github.com/greenboxal/deis@v1.12.1/builder/src/publish-release-controller.go (about)

     1  package main
     2  
     3  import (
     4  	"encoding/json"
     5  	"flag"
     6  	"fmt"
     7  	"io/ioutil"
     8  	"log"
     9  	"net/http"
    10  	"os"
    11  	"regexp"
    12  	"strings"
    13  )
    14  
    15  const (
    16  	contentType string = "application/json"
    17  	userAgent   string = "deis-builder"
    18  )
    19  
    20  func init() {
    21  	flag.Usage = func() {
    22  		fmt.Fprintf(os.Stderr, "Usage: [options]\n\n")
    23  		flag.PrintDefaults()
    24  	}
    25  }
    26  
    27  func main() {
    28  	url := flag.String("url", "", "Controller hook URL")
    29  	builderKey := flag.String("key", "", "Builder Key")
    30  
    31  	flag.Parse()
    32  
    33  	if flag.NFlag() < 2 {
    34  		flag.Usage()
    35  		os.Exit(1)
    36  	}
    37  
    38  	if *url == "" {
    39  		fmt.Println("invalid url")
    40  		os.Exit(1)
    41  	}
    42  
    43  	if *builderKey == "" {
    44  		fmt.Println("invalid builder key")
    45  		os.Exit(1)
    46  	}
    47  
    48  	bytes, err := ioutil.ReadAll(os.Stdin)
    49  	if err != nil {
    50  		fmt.Println("invalid json payload")
    51  		os.Exit(1)
    52  	}
    53  
    54  	postBody := strings.Replace(string(bytes), "'", "", -1)
    55  
    56  	// Check for a variable trying to exploit Shellshock.
    57  	potentialExploit := regexp.MustCompile(`\(\)\s+\{[^\}]+\};\s+(.*)`)
    58  	if potentialExploit.MatchString(postBody) {
    59  		fmt.Println("")
    60  		fmt.Println("ATTENTION: an environment variable in the app is trying to exploit Shellshock. Aborting...")
    61  		fmt.Println("")
    62  		os.Exit(1)
    63  	}
    64  
    65  	b := strings.NewReader(postBody)
    66  	client := &http.Client{}
    67  	req, err := http.NewRequest("POST", *url, b)
    68  
    69  	if err != nil {
    70  		fmt.Println(err)
    71  		os.Exit(1)
    72  	}
    73  
    74  	req.Header.Add("Content-Type", contentType)
    75  	req.Header.Add("Accept", contentType)
    76  	req.Header.Add("User-Agent", userAgent)
    77  	req.Header.Add("X-Deis-Builder-Auth", *builderKey)
    78  
    79  	res, err := client.Do(req)
    80  
    81  	if err != nil {
    82  		log.Fatalln(err)
    83  	}
    84  
    85  	defer res.Body.Close()
    86  
    87  	body, err := ioutil.ReadAll(res.Body)
    88  	if err != nil {
    89  		fmt.Println(err)
    90  		os.Exit(1)
    91  	}
    92  
    93  	if res.StatusCode == 503 {
    94  		log.Fatalln("check the controller. is it running?")
    95  	} else if res.StatusCode != 200 {
    96  		log.Fatalf("failed retrieving config from controller: %s\n", body)
    97  	}
    98  
    99  	var response map[string]interface{}
   100  	if err := json.Unmarshal(body, &response); err != nil {
   101  		fmt.Println("invalid controller json response")
   102  		fmt.Println(string(body))
   103  		os.Exit(1)
   104  	}
   105  
   106  	toString, _ := json.Marshal(response)
   107  	fmt.Println(string(toString))
   108  	os.Exit(0)
   109  }