🐛 properly handle insecure flag for host scans (#3996)

Signed-off-by: Ivan Milchev <[email protected]>
mondoohq · May 15, 2024 · 74f560c · 74f560c
1 parent b22ac63
commit 74f560c
Show file tree

Hide file tree

Showing 3 changed files with 35 additions and 4 deletions.
diff --git a/providers/network/config/config.go b/providers/network/config/config.go
@@ -37,7 +37,7 @@ var Config = plugin.Provider{
 			Flags: []plugin.Flag{
 				{
 					Long:    "insecure",
-					Type:    plugin.FlagType_String,
+					Type:    plugin.FlagType_Bool,
 					Default: "",
 					Desc:    "Disable TLS/SSL verification.",
 					Option:  plugin.FlagOption_Hidden,

diff --git a/providers/network/connection/connection.go b/providers/network/connection/connection.go
@@ -4,21 +4,47 @@
 package connection
 
 import (
+	"crypto/tls"
+	"net"
+	"net/http"
+	"time"
+
 	"go.mondoo.com/cnquery/v11/providers-sdk/v1/inventory"
 	"go.mondoo.com/cnquery/v11/providers-sdk/v1/plugin"
 )
 
 type HostConnection struct {
 	plugin.Connection
-	Conf  *inventory.Config
-	asset *inventory.Asset
+	Conf       *inventory.Config
+	asset      *inventory.Asset
+	httpClient *http.Client
 }
 
 func NewHostConnection(id uint32, asset *inventory.Asset, conf *inventory.Config) *HostConnection {
+	transport := &http.Transport{
+		Proxy: http.ProxyFromEnvironment,
+		DialContext: (&net.Dialer{
+			Timeout:   30 * time.Second,
+			KeepAlive: 30 * time.Second,
+			DualStack: true,
+		}).DialContext,
+		ForceAttemptHTTP2:     true,
+		MaxIdleConns:          100,
+		IdleConnTimeout:       90 * time.Second,
+		TLSHandshakeTimeout:   10 * time.Second,
+		ExpectContinueTimeout: 1 * time.Second,
+	}
+	if conf.Insecure {
+		transport.TLSClientConfig = &tls.Config{
+			InsecureSkipVerify: true,
+		}
+	}
+
 	return &HostConnection{
 		Connection: plugin.NewConnection(id, asset),
 		Conf:       conf,
 		asset:      asset,
+		httpClient: &http.Client{Transport: transport},
 	}
 }
 
@@ -36,3 +62,7 @@ func (p *HostConnection) FQDN() string {
 	}
 	return p.Conf.Host
 }
+
+func (p *HostConnection) Client() *http.Client {
+	return p.httpClient
+}
diff --git a/providers/network/resources/http.go b/providers/network/resources/http.go
@@ -96,7 +96,8 @@ func (x *mqlHttpGet) do() error {
 		return errors.New("missing URL for http.get")
 	}
 
-	resp, err := http.Get(x.Url.Data.String.Data)
+	conn := x.MqlRuntime.Connection.(*connection.HostConnection)
+	resp, err := conn.Client().Get(x.Url.Data.String.Data)
 	x.resp.State = plugin.StateIsSet
 	x.resp.Data = resp
 	x.resp.Error = err