mondoohq · preslavgerchev · May 23, 2024 · May 22, 2024 · May 23, 2024 · preslavgerchev
diff --git a/providers/os/config/config.go b/providers/os/config/config.go
@@ -28,6 +28,7 @@ var Config = plugin.Provider{
 		shared.Type_RegistryImage.String(),
 		shared.Type_FileSystem.String(),
 		shared.Type_Winrm.String(),
+		shared.Type_Device.String(),
 	},
 	Connectors: []plugin.Connector{
 		{
@@ -261,6 +262,33 @@ var Config = plugin.Provider{
 				},
 			},
 		},
+		{
+			Name:    "device",
+			Use:     "device",
+			Short:   "a block device target",
+			MinArgs: 0,
+			MaxArgs: 0,
+			Flags: []plugin.Flag{
+				{
+					Long:   "lun",
+					Type:   plugin.FlagType_String,
+					Desc:   "The logical unit number of the block device that should be scanned. Do not use together with --device-name.",
+					Option: plugin.FlagOption_Hidden,
+				},
+				{
+					Long:   "device-name",
+					Type:   plugin.FlagType_String,
+					Desc:   "The target device to scan, e.g. /dev/sda. Do not use together with --lun.",
+					Option: plugin.FlagOption_Hidden,
+				},
+				{
+					Long:   "platform-ids",
+					Type:   plugin.FlagType_List,
+					Desc:   "List of platform IDs to inject to the asset.",
+					Option: plugin.FlagOption_Hidden,
+				},
+			},
+		},
 	},
 	AssetUrlTrees: []*inventory.AssetUrlBranch{
 		{

diff --git a/providers/os/connection/device/device_connection.go b/providers/os/connection/device/device_connection.go
@@ -0,0 +1,151 @@
+// Copyright (c) Mondoo, Inc.
+// SPDX-License-Identifier: BUSL-1.1
+
+package device
+
+import (
+	"errors"
+	"runtime"
+	"strings"
+
+	"github.com/rs/zerolog/log"
+	"github.com/spf13/afero"
+	"go.mondoo.com/cnquery/v11/providers-sdk/v1/inventory"
+	"go.mondoo.com/cnquery/v11/providers-sdk/v1/plugin"
+	"go.mondoo.com/cnquery/v11/providers/os/connection/device/linux"
+	"go.mondoo.com/cnquery/v11/providers/os/connection/fs"
+	"go.mondoo.com/cnquery/v11/providers/os/connection/shared"
+	"go.mondoo.com/cnquery/v11/providers/os/id"
+	"go.mondoo.com/cnquery/v11/providers/os/id/ids"
+)
+
+const PlatformIdInject = "inject-platform-ids"
+
+type DeviceConnection struct {
+	*fs.FileSystemConnection
+	plugin.Connection
+	asset         *inventory.Asset
+	deviceManager DeviceManager
+}
+
+func getDeviceManager(conf *inventory.Config) (DeviceManager, error) {
+	shell := []string{"sh", "-c"}
+	if runtime.GOOS == "darwin" {
+		return nil, errors.New("device manager not implemented for darwin")
+	}
+	if runtime.GOOS == "windows" {
+		// shell = []string{"powershell", "-c"}
+		return nil, errors.New("device manager not implemented for windows")
+	}
+	return linux.NewLinuxDeviceManager(shell, conf.Options)
+}
+
+func NewDeviceConnection(connId uint32, conf *inventory.Config, asset *inventory.Asset) (*DeviceConnection, error) {
+	manager, err := getDeviceManager(conf)
+	if err != nil {
+		return nil, err
+	}
+	log.Debug().Str("manager", manager.Name()).Msg("device manager created")
+
+	blocks, err := manager.IdentifyBlockDevice(conf.Options)
+	if err != nil {
+		return nil, err
+	}
+	if len(blocks) != 0 {
+		// FIXME: remove this when we start scanning multiple blocks
+		return nil, errors.New("internal>blocks size is not equal to 1.")
+	}
+	block := blocks[0]
+	log.Debug().Str("device", block.DeviceName).Msg("identified block for mounting")
+
+	res := &DeviceConnection{
+		Connection:    plugin.NewConnection(connId, asset),
+		deviceManager: manager,
+		asset:         asset,
+	}
+
+	scanDir, err := manager.Mount(block)
+	if err != nil {
+		log.Error().Err(err).Msg("unable to complete mount step")
+		res.Close()
+		return nil, err
+	}
+
+	conf.Options["path"] = scanDir
+	// create and initialize fs provider
+	fsConn, err := fs.NewConnection(connId, &inventory.Config{
+		Path:       scanDir,
+		PlatformId: conf.PlatformId,
+		Options:    conf.Options,
+		Type:       "fs",
+		Record:     conf.Record,
+	}, asset)
+	if err != nil {
+		res.Close()
+		return nil, err
+	}
+
+	res.FileSystemConnection = fsConn
+
+	asset.IdDetector = []string{ids.IdDetector_Hostname}
+	fingerprint, p, err := id.IdentifyPlatform(res, asset.Platform, asset.IdDetector)
+	if err != nil {
+		res.Close()
+		return nil, err
+	}
+	asset.Name = fingerprint.Name
+	asset.PlatformIds = fingerprint.PlatformIDs
+	asset.IdDetector = fingerprint.ActiveIdDetectors
+	asset.Platform = p
+	asset.Id = conf.Type
+
+	// allow injecting platform ids into the device connection. we cannot always know the asset that's being scanned, e.g.
+	// if we can scan an azure VM's disk we should be able to inject the platform ids of the VM
+	if platformIDs, ok := conf.Options[PlatformIdInject]; ok {
+		asset.PlatformIds = append(asset.PlatformIds, strings.Split(platformIDs, ",")...)
+	}
+	return res, nil
+}
+
+func (c *DeviceConnection) Close() {
+	log.Debug().Msg("closing device connection")
+	if c == nil {
+		return
+	}
+
+	if c.deviceManager != nil {
+		c.deviceManager.UnmountAndClose()
+	}
+}
+
+func (p *DeviceConnection) Name() string {
+	return "device"
+}
+
+func (p *DeviceConnection) Type() shared.ConnectionType {
+	return shared.Type_Device
+}
+
+func (p *DeviceConnection) Asset() *inventory.Asset {
+	return p.asset
+}
+
+func (p *DeviceConnection) UpdateAsset(asset *inventory.Asset) {
+	p.asset = asset
+}
+
+func (p *DeviceConnection) Capabilities() shared.Capabilities {
+	return shared.Capability_File
+}
+
+func (p *DeviceConnection) RunCommand(command string) (*shared.Command, error) {
+	return nil, plugin.ErrRunCommandNotImplemented
+}
+
+func (p *DeviceConnection) FileSystem() afero.Fs {
+	return p.FileSystemConnection.FileSystem()
+}
+
+func (p *DeviceConnection) FileInfo(path string) (shared.FileInfoDetails, error) {
+	return p.FileSystemConnection.FileInfo(path)
+}
diff --git a/providers/os/connection/device/device_manager.go b/providers/os/connection/device/device_manager.go
@@ -0,0 +1,13 @@
+// Copyright (c) Mondoo, Inc.
+// SPDX-License-Identifier: BUSL-1.1
+
+package device
+
+import "go.mondoo.com/cnquery/v11/providers/os/connection/device/shared"
+
+type DeviceManager interface {
+	Name() string
+	IdentifyBlockDevice(opts map[string]string) ([]shared.MountInfo, error)
+	Mount(mi shared.MountInfo) (string, error)
+	UnmountAndClose()
+}
diff --git a/providers/os/connection/device/linux/device_manager.go b/providers/os/connection/device/linux/device_manager.go
@@ -0,0 +1,146 @@
+// Copyright (c) Mondoo, Inc.
+// SPDX-License-Identifier: BUSL-1.1
+
+package linux
+
+import (
+	"strconv"
+
+	"github.com/cockroachdb/errors"
+	"github.com/rs/zerolog/log"
+	"go.mondoo.com/cnquery/v11/providers/os/connection/device/shared"
+	"go.mondoo.com/cnquery/v11/providers/os/connection/snapshot"
+)
+
+const (
+	LunOption  = "lun"
+	DeviceName = "device-name"
+)
+
+type LinuxDeviceManager struct {
+	volumeMounter *snapshot.VolumeMounter
+	opts          map[string]string
+}
+
+func NewLinuxDeviceManager(shell []string, opts map[string]string) (*LinuxDeviceManager, error) {
+	if err := validateOpts(opts); err != nil {
+		return nil, err
+	}
+
+	return &LinuxDeviceManager{
+		volumeMounter: snapshot.NewVolumeMounter(shell),
+		opts:          opts,
+	}, nil
+}
+
+func (d *LinuxDeviceManager) Name() string {
+	return "linux"
+}
+
+func (d *LinuxDeviceManager) IdentifyBlockDevice(opts map[string]string) ([]shared.MountInfo, error) {
+	if err := validateOpts(opts); err != nil {
+		return nil, err
+	}
+	if opts[LunOption] != "" {
+		lun, err := strconv.Atoi(opts[LunOption])
+		if err != nil {
+			return nil, err
+		}
+		return d.identifyViaLun(lun)
+	}
+
+	return d.identifyViaDeviceName(opts[DeviceName])
+}
+
+func (d *LinuxDeviceManager) Mount(mi shared.MountInfo) (string, error) {
+	// TODO: we should make the volume mounter return the scan dir from Mount()
+	// TODO: use the mount info to mount the volume
+	err := d.volumeMounter.Mount()
+	if err != nil {
+		return "", err
+	}
+	return d.volumeMounter.ScanDir, nil
+}
+
+func (d *LinuxDeviceManager) UnmountAndClose() {
+	log.Debug().Msg("closing linux device manager")
+	if d == nil {
+		return
+	}
+
+	if d.volumeMounter != nil {
+		err := d.volumeMounter.UnmountVolumeFromInstance()
+		if err != nil {
+			log.Error().Err(err).Msg("unable to unmount volume")
+		}
+		err = d.volumeMounter.RemoveTempScanDir()
+		if err != nil {
+			log.Error().Err(err).Msg("unable to remove dir")
+		}
+	}
+}
+
+// validates the options provided to the device manager
+// we cannot have both LUN and device name provided, those are mutually exclusive
+func validateOpts(opts map[string]string) error {
+	lun := opts[LunOption]
+	deviceName := opts[DeviceName]
+	if lun != "" && deviceName != "" {
+		return errors.New("both lun and device name provided")
+	}
+
+	return nil
+}
+
+func (c *LinuxDeviceManager) identifyViaLun(lun int) ([]shared.MountInfo, error) {
+	scsiDevices, err := c.listScsiDevices()
+	if err != nil {
+		return nil, err
+	}
+
+	// only interested in the scsi devices that match the provided LUN
+	filteredScsiDevices := filterScsiDevices(scsiDevices, lun)
+	if len(filteredScsiDevices) == 0 {
+		return nil, errors.New("no matching scsi devices found")
+	}
+
+	// if we have exactly one device present at the LUN we can directly point the volume mounter towards it
+	if len(filteredScsiDevices) == 1 {
+		return []shared.MountInfo{{DeviceName: filteredScsiDevices[0].VolumePath}}, nil
+	}
+
+	// we have multiple devices at the same LUN. we find the first non-mounted block devices in that list
+	blockDevices, err := c.volumeMounter.CmdRunner.GetBlockDevices()
+	if err != nil {
+		return nil, err
+	}
+	target, err := findMatchingDeviceByBlock(filteredScsiDevices, blockDevices)
+	if err != nil {
+		return nil, err
+	}
+	c.volumeMounter.VolumeAttachmentLoc = target
+	return []shared.MountInfo{{DeviceName: target}}, nil
+}
+
+func (c *LinuxDeviceManager) identifyViaDeviceName(deviceName string) ([]shared.MountInfo, error) {
+	blockDevices, err := c.volumeMounter.CmdRunner.GetBlockDevices()
+	if err != nil {
+		return nil, err
+	}
+	// this is a best-effort approach, we try to find the first unmounted block device as we don't have the device name
+	if deviceName == "" {
+		fsInfo, err := blockDevices.GetUnmountedBlockEntry()
+		if err != nil {
+			return nil, err
+		}
+		c.volumeMounter.VolumeAttachmentLoc = deviceName
+		return []shared.MountInfo{{DeviceName: fsInfo.Name}}, nil
+	}
+
+	fsInfo, err := blockDevices.GetBlockEntryByName(deviceName)
+	if err != nil {
+		return nil, err
+	}
+	c.volumeMounter.VolumeAttachmentLoc = deviceName
+	return []shared.MountInfo{{DeviceName: fsInfo.Name}}, nil
+}