nuclei/pkg/reporting/exporters/es/elasticsearch.go

package es

import (
	"bytes"
	"crypto/tls"
	"encoding/base64"
	"fmt"
	"io"
	"net/http"
	"time"

	"github.com/pkg/errors"

	"github.com/projectdiscovery/nuclei/v3/pkg/output"
	"github.com/projectdiscovery/nuclei/v3/pkg/protocols/common/protocolstate"
	"github.com/projectdiscovery/nuclei/v3/pkg/utils/json"
	"github.com/projectdiscovery/retryablehttp-go"
	"github.com/projectdiscovery/useragent"
)

// Options contains necessary options required for elasticsearch communication
type Options struct {
	// Host is the hostname of the elasticsearch instance
	Host string `yaml:"host" validate:"required_without=IP"`
	// IP for elasticsearch instance
	IP string `yaml:"ip" validate:"required,ip"`
	// Port is the port of elasticsearch instance
	Port int `yaml:"port" validate:"gte=0,lte=65535"`
	// SSL (optional) enables ssl for elasticsearch connection
	SSL bool `yaml:"ssl"`
	// SSLVerification (optional) disables SSL verification for elasticsearch
	SSLVerification bool `yaml:"ssl-verification"`
	// Username for the elasticsearch instance
	Username string `yaml:"username"  validate:"required"`
	// Password is the password for elasticsearch instance
	Password string `yaml:"password"  validate:"required"`
	// IndexName is the name of the elasticsearch index
	IndexName string `yaml:"index-name"  validate:"required"`

	HttpClient *retryablehttp.Client `yaml:"-"`
}

type data struct {
	Event     *output.ResultEvent `json:"event"`
	Timestamp string              `json:"@timestamp"`
}

// Exporter type for elasticsearch
type Exporter struct {
	url            string
	authentication string
	elasticsearch  *http.Client
}

// New creates and returns a new exporter for elasticsearch
func New(option *Options) (*Exporter, error) {
	var ei *Exporter

	var client *http.Client
	if option.HttpClient != nil {
		client = option.HttpClient.HTTPClient
	} else {
		client = &http.Client{
			Timeout: 5 * time.Second,
			Transport: &http.Transport{
				MaxIdleConns:        10,
				MaxIdleConnsPerHost: 10,
				DialContext:         protocolstate.Dialer.Dial,
				DialTLSContext:      protocolstate.Dialer.DialTLS,
				TLSClientConfig:     &tls.Config{InsecureSkipVerify: option.SSLVerification},
			},
		}
	}

	// preparing url for elasticsearch
	scheme := "http://"
	if option.SSL {
		scheme = "https://"
	}
	// if authentication is required
	var authentication string
	if len(option.Username) > 0 && len(option.Password) > 0 {
		auth := base64.StdEncoding.EncodeToString([]byte(option.Username + ":" + option.Password))
		auth = "Basic " + auth
		authentication = auth
	}
	var addr string
	if option.Host != "" {
		addr = option.Host
	} else {
		addr = option.IP
	}
	if option.Port != 0 {
		addr += fmt.Sprintf(":%d", option.Port)
	}
	url := fmt.Sprintf("%s%s/%s/_doc", scheme, addr, option.IndexName)

	ei = &Exporter{
		url:            url,
		authentication: authentication,
		elasticsearch:  client,
	}
	return ei, nil
}

// Export exports a passed result event to elasticsearch
func (exporter *Exporter) Export(event *output.ResultEvent) error {
	// creating a request
	req, err := http.NewRequest(http.MethodPost, exporter.url, nil)
	if err != nil {
		return errors.Wrap(err, "could not make request")
	}
	if len(exporter.authentication) > 0 {
		req.Header.Add("Authorization", exporter.authentication)
	}
	userAgent := useragent.PickRandom()
	req.Header.Set("User-Agent", userAgent.Raw)
	req.Header.Add("Content-Type", "application/json")

	d := data{
		Event:     event,
		Timestamp: time.Now().Format(time.RFC3339),
	}
	b, err := json.Marshal(&d)
	if err != nil {
		return err
	}
	req.Body = io.NopCloser(bytes.NewReader(b))

	res, err := exporter.elasticsearch.Do(req)
	if err != nil {
		return err
	}
	defer res.Body.Close()

	b, err = io.ReadAll(res.Body)
	if err != nil {
		return errors.New(err.Error() + "error thrown by elasticsearch " + string(b))
	}

	if res.StatusCode >= 300 {
		return errors.New("elasticsearch responded with an error: " + string(b))
	}
	return nil
}

// Close closes the exporter after operation
func (exporter *Exporter) Close() error {
	return nil
}
elasticsearch package added, other changes needs to be shifted 2021-08-20 06:58:58 -05:00			`package es`

			`import (`
Removed es exporter cli args + misc changes 2021-08-25 13:53:44 +05:30			`"bytes"`
elasticsearch package added, other changes needs to be shifted 2021-08-20 06:58:58 -05:00			`"crypto/tls"`
refactor: renamed misleading receiver names 2021-12-07 18:01:34 +02:00			`"encoding/base64"`
elasticsearch package added, other changes needs to be shifted 2021-08-20 06:58:58 -05:00			`"fmt"`
Refactoring file templates to handle large files in chunks + removing deprecated io methods 2022-02-23 13:54:46 +01:00			`"io"`
elasticsearch package added, other changes needs to be shifted 2021-08-20 06:58:58 -05:00			`"net/http"`
			`"time"`

Removed es exporter cli args + misc changes 2021-08-25 13:53:44 +05:30			`"github.com/pkg/errors"`
refactor: renamed misleading receiver names 2021-12-07 18:01:34 +02:00
nuclei v3 : misc updates (#4247) * use parsed options while signing * update project layout to v3 * fix .gitignore * remove example template * misc updates * bump tlsx version * hide template sig warning with env * js: retain value while using log * fix nil pointer derefernce * misc doc update --------- Co-authored-by: sandeep <8293321+ehsandeep@users.noreply.github.com> 2023-10-17 17:44:13 +05:30			`"github.com/projectdiscovery/nuclei/v3/pkg/output"`
			`"github.com/projectdiscovery/nuclei/v3/pkg/protocols/common/protocolstate"`
perf(): replace `encoding/json` w/ `sonic` or `go-json` (fallback) (#6019) perf(): replace `encoding/json` w/ sonic Signed-off-by: Dwi Siswanto <git@dw1.io> feat(utils): add `json` pkg (sonic wrapper) Signed-off-by: Dwi Siswanto <git@dw1.io> * chore(): use `sonic` wrapper instead Signed-off-by: Dwi Siswanto <git@dw1.io> chore(): replace `sonic.ConfigStd` -> `json` (wrapper) Signed-off-by: Dwi Siswanto <git@dw1.io> test(model): adjust expected marshal'd JSON Signed-off-by: Dwi Siswanto <git@dw1.io> * feat(json): dynamic backend; `sonic` -> `go-json` (fallback) Signed-off-by: Dwi Siswanto <git@dw1.io> * chore(json): merge config - as its not usable Signed-off-by: Dwi Siswanto <git@dw1.io> * chore(json): rm go version constraints Signed-off-by: Dwi Siswanto <git@dw1.io> * chore: go mod tidy Signed-off-by: Dwi Siswanto <git@dw1.io> --------- Signed-off-by: Dwi Siswanto <git@dw1.io> 2025-02-11 04:31:37 +07:00			`"github.com/projectdiscovery/nuclei/v3/pkg/utils/json"`
Adding proxy support for internal standard HTTP requests 2022-03-09 12:31:12 +01:00			`"github.com/projectdiscovery/retryablehttp-go"`
use projectdiscovery/useragent (#4708) * use projectdiscovery/useragent * minor 2024-02-01 00:42:38 +03:00			`"github.com/projectdiscovery/useragent"`
elasticsearch package added, other changes needs to be shifted 2021-08-20 06:58:58 -05:00			`)`

refactor/documentation: typos and grammatical errors 2021-11-25 18:54:16 +02:00			`// Options contains necessary options required for elasticsearch communication`
elasticsearch package added, other changes needs to be shifted 2021-08-20 06:58:58 -05:00			`type Options struct {`
Added elasticsearch host reporting field support 2022-09-28 01:25:51 +05:30			`// Host is the hostname of the elasticsearch instance`
			Host string `yaml:"host" validate:"required_without=IP"`
chore: fix pr comment 2021-10-19 17:15:58 +02:00			`// IP for elasticsearch instance`
Added elasticsearch host reporting field support 2022-09-28 01:25:51 +05:30			IP string `yaml:"ip" validate:"required,ip"`
chore: fix pr comment 2021-10-19 17:15:58 +02:00			`// Port is the port of elasticsearch instance`
Added elasticsearch host reporting field support 2022-09-28 01:25:51 +05:30			Port int `yaml:"port" validate:"gte=0,lte=65535"`
chore: fix pr comment 2021-10-18 20:54:30 +02:00			`// SSL (optional) enables ssl for elasticsearch connection`
Removed es exporter cli args + misc changes 2021-08-25 13:53:44 +05:30			SSL bool `yaml:"ssl"`
chore: fix pr comment 2021-10-18 20:54:30 +02:00			`// SSLVerification (optional) disables SSL verification for elasticsearch`
Removed es exporter cli args + misc changes 2021-08-25 13:53:44 +05:30			SSLVerification bool `yaml:"ssl-verification"`
chore: fix pr comment 2021-10-19 17:15:58 +02:00			`// Username for the elasticsearch instance`
Tag based struct validation (#1256) * Added tag based struct validation 2021-11-20 13:25:27 +05:30			Username string `yaml:"username" validate:"required"`
chore: fix pr comment 2021-10-19 17:15:58 +02:00			`// Password is the password for elasticsearch instance`
Tag based struct validation (#1256) * Added tag based struct validation 2021-11-20 13:25:27 +05:30			Password string `yaml:"password" validate:"required"`
chore: fix pr comment 2021-10-19 17:15:58 +02:00			`// IndexName is the name of the elasticsearch index`
Added default config generation for reporting options (#2605) 2022-09-27 02:40:34 +05:30			IndexName string `yaml:"index-name" validate:"required"`

			HttpClient *retryablehttp.Client `yaml:"-"`
elasticsearch package added, other changes needs to be shifted 2021-08-20 06:58:58 -05:00			`}`

			`type data struct {`
			Event *output.ResultEvent `json:"event"`
			Timestamp string `json:"@timestamp"`
			`}`

			`// Exporter type for elasticsearch`
			`type Exporter struct {`
Removed es exporter cli args + misc changes 2021-08-25 13:53:44 +05:30			`url string`
			`authentication string`
			`elasticsearch *http.Client`
elasticsearch package added, other changes needs to be shifted 2021-08-20 06:58:58 -05:00			`}`

			`// New creates and returns a new exporter for elasticsearch`
			`func New(option Options) (Exporter, error) {`
			`var ei *Exporter`

Adding proxy support for internal standard HTTP requests 2022-03-09 12:31:12 +01:00			`var client *http.Client`
			`if option.HttpClient != nil {`
			`client = option.HttpClient.HTTPClient`
			`} else {`
			`client = &http.Client{`
			`Timeout: 5 * time.Second,`
			`Transport: &http.Transport{`
			`MaxIdleConns: 10,`
			`MaxIdleConnsPerHost: 10,`
			`DialContext: protocolstate.Dialer.Dial,`
Adding SNI override via request annotations (#1970) * Adding SNI override via request annotations * adding cli flag priority 2022-05-12 13:13:56 +02:00			`DialTLSContext: protocolstate.Dialer.DialTLS,`
Adding proxy support for internal standard HTTP requests 2022-03-09 12:31:12 +01:00			`TLSClientConfig: &tls.Config{InsecureSkipVerify: option.SSLVerification},`
			`},`
			`}`
elasticsearch package added, other changes needs to be shifted 2021-08-20 06:58:58 -05:00			`}`
Adding proxy support for internal standard HTTP requests 2022-03-09 12:31:12 +01:00
elasticsearch package added, other changes needs to be shifted 2021-08-20 06:58:58 -05:00			`// preparing url for elasticsearch`
Removed es exporter cli args + misc changes 2021-08-25 13:53:44 +05:30			`scheme := "http://"`
			`if option.SSL {`
			`scheme = "https://"`
elasticsearch package added, other changes needs to be shifted 2021-08-20 06:58:58 -05:00			`}`
			`// if authentication is required`
Removed es exporter cli args + misc changes 2021-08-25 13:53:44 +05:30			`var authentication string`
			`if len(option.Username) > 0 && len(option.Password) > 0 {`
			`auth := base64.StdEncoding.EncodeToString([]byte(option.Username + ":" + option.Password))`
elasticsearch package added, other changes needs to be shifted 2021-08-20 06:58:58 -05:00			`auth = "Basic " + auth`
Removed es exporter cli args + misc changes 2021-08-25 13:53:44 +05:30			`authentication = auth`
elasticsearch package added, other changes needs to be shifted 2021-08-20 06:58:58 -05:00			`}`
Added elasticsearch host reporting field support 2022-09-28 01:25:51 +05:30			`var addr string`
			`if option.Host != "" {`
			`addr = option.Host`
			`} else {`
			`addr = option.IP`
			`}`
			`if option.Port != 0 {`
			`addr += fmt.Sprintf(":%d", option.Port)`
			`}`
			`url := fmt.Sprintf("%s%s/%s/_doc", scheme, addr, option.IndexName)`
elasticsearch package added, other changes needs to be shifted 2021-08-20 06:58:58 -05:00
			`ei = &Exporter{`
Removed es exporter cli args + misc changes 2021-08-25 13:53:44 +05:30			`url: url,`
			`authentication: authentication,`
			`elasticsearch: client,`
elasticsearch package added, other changes needs to be shifted 2021-08-20 06:58:58 -05:00			`}`
			`return ei, nil`
			`}`

disk cleanups 2021-09-19 16:26:47 +05:30			`// Export exports a passed result event to elasticsearch`
refactor: renamed misleading receiver names 2021-12-07 18:01:34 +02:00			`func (exporter Exporter) Export(event output.ResultEvent) error {`
Removed es exporter cli args + misc changes 2021-08-25 13:53:44 +05:30			`// creating a request`
refactor: renamed misleading receiver names 2021-12-07 18:01:34 +02:00			`req, err := http.NewRequest(http.MethodPost, exporter.url, nil)`
Removed es exporter cli args + misc changes 2021-08-25 13:53:44 +05:30			`if err != nil {`
			`return errors.Wrap(err, "could not make request")`
			`}`
refactor: renamed misleading receiver names 2021-12-07 18:01:34 +02:00			`if len(exporter.authentication) > 0 {`
			`req.Header.Add("Authorization", exporter.authentication)`
Removed es exporter cli args + misc changes 2021-08-25 13:53:44 +05:30			`}`
use projectdiscovery/useragent (#4708) * use projectdiscovery/useragent * minor 2024-02-01 00:42:38 +03:00			`userAgent := useragent.PickRandom()`
			`req.Header.Set("User-Agent", userAgent.Raw)`
Removed es exporter cli args + misc changes 2021-08-25 13:53:44 +05:30			`req.Header.Add("Content-Type", "application/json")`
elasticsearch package added, other changes needs to be shifted 2021-08-20 06:58:58 -05:00
			`d := data{`
			`Event: event,`
testing done and also checked 2021-08-21 08:33:27 +05:45			`Timestamp: time.Now().Format(time.RFC3339),`
elasticsearch package added, other changes needs to be shifted 2021-08-20 06:58:58 -05:00			`}`
			`b, err := json.Marshal(&d)`
			`if err != nil {`
			`return err`
			`}`
Adding advanced template filtering (#2374) * Adding advanced template filtering * fixing bug in slice * refactoring tests * adding test cases * increasing error verbosity * fixing quoted fields with spaces * adding more test cases * fixing merge error * fixing lint errors * switching to []string * updating tag filter tests * updating functional tests * fixing functional test cases * updating syntax 2022-08-25 13:22:08 +02:00			`req.Body = io.NopCloser(bytes.NewReader(b))`
elasticsearch package added, other changes needs to be shifted 2021-08-20 06:58:58 -05:00
refactor: renamed misleading receiver names 2021-12-07 18:01:34 +02:00			`res, err := exporter.elasticsearch.Do(req)`
Update elasticsearch.go 2021-09-18 15:59:01 +05:30			`if err != nil {`
chore: fix pr comments 2021-10-18 20:45:46 +02:00			`return err`
Update elasticsearch.go 2021-09-18 15:59:01 +05:30			`}`
perf(): replace `encoding/json` w/ `sonic` or `go-json` (fallback) (#6019) perf(): replace `encoding/json` w/ sonic Signed-off-by: Dwi Siswanto <git@dw1.io> feat(utils): add `json` pkg (sonic wrapper) Signed-off-by: Dwi Siswanto <git@dw1.io> * chore(): use `sonic` wrapper instead Signed-off-by: Dwi Siswanto <git@dw1.io> chore(): replace `sonic.ConfigStd` -> `json` (wrapper) Signed-off-by: Dwi Siswanto <git@dw1.io> test(model): adjust expected marshal'd JSON Signed-off-by: Dwi Siswanto <git@dw1.io> * feat(json): dynamic backend; `sonic` -> `go-json` (fallback) Signed-off-by: Dwi Siswanto <git@dw1.io> * chore(json): merge config - as its not usable Signed-off-by: Dwi Siswanto <git@dw1.io> * chore(json): rm go version constraints Signed-off-by: Dwi Siswanto <git@dw1.io> * chore: go mod tidy Signed-off-by: Dwi Siswanto <git@dw1.io> --------- Signed-off-by: Dwi Siswanto <git@dw1.io> 2025-02-11 04:31:37 +07:00			`defer res.Body.Close()`

Refactoring file templates to handle large files in chunks + removing deprecated io methods 2022-02-23 13:54:46 +01:00			`b, err = io.ReadAll(res.Body)`
elasticsearch package added, other changes needs to be shifted 2021-08-20 06:58:58 -05:00			`if err != nil {`
			`return errors.New(err.Error() + "error thrown by elasticsearch " + string(b))`
			`}`

			`if res.StatusCode >= 300 {`
			`return errors.New("elasticsearch responded with an error: " + string(b))`
			`}`
			`return nil`
			`}`

			`// Close closes the exporter after operation`
refactor: renamed misleading receiver names 2021-12-07 18:01:34 +02:00			`func (exporter *Exporter) Close() error {`
elasticsearch package added, other changes needs to be shifted 2021-08-20 06:58:58 -05:00			`return nil`
			`}`