Update

hahwul · Jan 14, 2022 · 18590ef · 18590ef
1 parent df8bab3
commit 18590ef
Show file tree

Hide file tree

Showing 4 changed files with 54 additions and 22 deletions.
diff --git a/go.sum b/go.sum
@@ -243,6 +243,8 @@ github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORN
 github.com/kr/pretty v0.2.0/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI=
 github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ=
 github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI=
+github.com/logrusorgru/aurora v2.0.3+incompatible h1:tOpm7WcpBTn4fjmVfgpQq0EfczGlG91VSDkswnjF5A8=
+github.com/logrusorgru/aurora v2.0.3+incompatible/go.mod h1:7rIyQOR62GCctdiQpZ/zOJlFyk6y+94wXzv6RNZgaR4=
 github.com/lyft/protoc-gen-star v0.5.3/go.mod h1:V0xaHgaf5oCCqmcxYcWiDfTiKsZsRc87/1qhoTACD8w=
 github.com/magiconair/properties v1.8.5/go.mod h1:y3VJvCyxH9uVvJTWEGAELF3aiYNyPKd5NZ3oSwXrF60=
 github.com/mattn/go-colorable v0.0.9/go.mod h1:9vuHe8Xs5qXnSaW/c/ABM9alt+Vo+STaOChaDxuIBZU=

diff --git a/pkg/logger/logger.go b/pkg/logger/logger.go
@@ -9,7 +9,7 @@ func GetLogger(debug bool) *logrus.Logger {
 	log := logrus.New()
 	log.SetFormatter(&nested.Formatter{
 		HideKeys:    true,
-		FieldsOrder: []string{"status", "size", "alias"},
+		FieldsOrder: []string{"index", "type", "status", "role", "alias", "url"},
 	})
 	if debug {
 		log.Level = logrus.DebugLevel

diff --git a/pkg/models/url.go b/pkg/models/url.go
@@ -8,4 +8,5 @@ type URL struct {
 	AllowRole   []string `yaml:"allowRole"`
 	DenyRole    []string `yaml:"denyRole"`
 	Alias       string   `yaml:"alias"`
+	Index       int
 }
diff --git a/pkg/scan/scan.go b/pkg/scan/scan.go
@@ -2,6 +2,7 @@ package scan
 
 import (
 	"strconv"
+	"strings"
 	"sync"
 
 	"github.com/hahwul/authz0/pkg/authz0"
@@ -99,34 +100,61 @@ func Run(filename string, arguments ScanArguments, debug bool) []models.Result {
 					Result:          rlt,
 				}
 				results = append(results, result)
-				logField := logrus.Fields{
-					"status": result.StatusCode,
-				}
-				if arguments.RoleName != "" {
-					logField["rlt"] = "role-match: " + rlt
-				}
+				iLog := log.WithField("index", "#"+strconv.Itoa(reqURL.Index))
 				if result.Alias != "" {
-					logField["alias"] = result.Alias
+					iLog.Info("check '" + result.Alias + "'")
+				} else {
+					iLog.Info("check '" + result.URL + "'")
 				}
-				if result.AssertAllowRole {
-					logField["aar"] = "matched: allow"
+				uLog := iLog.WithFields(logrus.Fields{
+					"url":  result.Method + " " + result.URL,
+					"type": "assertion",
+				})
+				uLog.Info("response code: " + strconv.Itoa(result.StatusCode))
+				if result.Assert {
+					uLog.Info("assertion: hit")
+				} else {
+					if arguments.RoleName == "" {
+						if check {
+							uLog.Info("assertion: fail")
+						} else {
+							uLog.WithField("assertion", "assertion: fail").Warn("found assert fail")
+						}
+					} else {
+						uLog.Info("assertion: fail")
+					}
 				}
-				if result.AssertDenyRole {
-					logField["adr"] = "matched: deny"
+				rLog := iLog.WithFields(logrus.Fields{
+					"type": "role-test",
+				})
+				ar := strings.Join(result.AllowRole, ",")
+				dr := strings.Join(result.DenyRole, ",")
+				if ar == "" {
+					ar = "<allow-all>"
+				}
+				if dr == "" {
+					dr = "<not-deny>"
 				}
+				rLog.Info("allow-role: " + ar)
+				rLog.Info("deny-role: " + dr)
 				if arguments.RoleName != "" {
-					if rltValue {
-						log.WithFields(logField).Info(result.Method + " " + result.URL)
-					} else {
-						log.WithFields(logField).Warn(result.Method + " " + result.URL)
-					}
-				} else {
-					if check {
-						log.WithFields(logField).Info(result.Method + " " + result.URL)
+					if !rltValue {
+						rLog.WithFields(logrus.Fields{
+							"role-match": "role-match: " + rlt,
+							"role-name":  "role-name: " + result.RoleName,
+						}).Warn("found role mismatch")
 					} else {
-						log.WithFields(logField).Warn(result.Method + " " + result.URL)
+						rLog.Info("role-match: " + rlt + " (" + result.RoleName + ")")
 					}
 				}
+
+				if result.AssertAllowRole {
+					rLog.Info("matched: allow")
+				}
+				if result.AssertDenyRole {
+					rLog.Info("matched: deny")
+				}
+
 				log.WithFields(logrus.Fields{
 					"status": result.StatusCode,
 					"alias":  result.Alias,
@@ -139,7 +167,8 @@ func Run(filename string, arguments ScanArguments, debug bool) []models.Result {
 		}()
 	}
 	log.Info("targets:  " + strconv.Itoa(len(template.URLs)) + " URLs")
-	for _, endpoint := range template.URLs {
+	for index, endpoint := range template.URLs {
+		endpoint.Index = index
 		queries <- endpoint
 	}
 	close(queries)