Import cert-info and add amd64-only builds

* sentimentanalysis can only be built on amd64 so is being separated into its own file * cert-info was imported from @stefanprodan's repo to keep it up to date and free of CVEs in Alpine Linux Signed-off-by: Alex Ellis (OpenFaaS Ltd) <[email protected]>
openfaas · Sep 15, 2023 · 57fa32e · 57fa32e
1 parent 73a261a
commit 57fa32e
Show file tree

Hide file tree

Showing 7 changed files with 148 additions and 6 deletions.
diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml
@@ -38,11 +38,22 @@ jobs:
           docker login ghcr.io --username 
           ${{ steps.get_repo_owner.outputs.repo_owner }} 
           --password-stdin
-      - name: Publish functions
+      - name: Publish multi-arch functions
         run: >
           OWNER="${{ steps.get_repo_owner.outputs.repo_owner }}" 
           TAG="latest"
           SERVER="ghcr.io"
           faas-cli publish
           --extra-tag ${{ github.sha }}
           --platforms linux/arm/v7,linux/arm64,linux/amd64
+
+      - name: Publish amd64-only functions
+        run: >
+          OWNER="${{ steps.get_repo_owner.outputs.repo_owner }}" 
+          TAG="latest"
+          SERVER="ghcr.io"
+          faas-cli publish
+          --extra-tag ${{ github.sha }}
+          --platforms linux/amd64
+          -f stack-amd64.yml
+
diff --git a/certinfo/go.mod b/certinfo/go.mod
@@ -0,0 +1,5 @@
+module handler/function
+
+go 1.20
+
+require github.com/dustin/go-humanize v1.0.1
diff --git a/certinfo/go.sum b/certinfo/go.sum
@@ -0,0 +1,2 @@
+github.com/dustin/go-humanize v1.0.1 h1:GzkhY7T5VNhEkwH0PVJgjz+fX1rhBrR7pRT3mDkpeCY=
+github.com/dustin/go-humanize v1.0.1/go.mod h1:Mu1zIs6XwVuF/gI1OepvI0qD18qycQx+mFykh5fBlto=
diff --git a/certinfo/handler.go b/certinfo/handler.go
@@ -0,0 +1,87 @@
+// Original source for function from Stefan Prodan
+// https://github.com/stefanprodan/openfaas-certinfo/tree/master/certinfo
+
+package function
+
+import (
+	"crypto/tls"
+	"encoding/json"
+	"fmt"
+	"net"
+	"net/url"
+	"os"
+	"strings"
+	"time"
+
+	"github.com/dustin/go-humanize"
+)
+
+func Handle(req []byte) string {
+	request := strings.ToLower(string(req))
+	if !strings.HasPrefix(request, "http") {
+		request = "https://" + request
+	}
+
+	u, err := url.Parse(request)
+	if err != nil {
+		return fmt.Sprintf("Error: %v", err)
+	}
+
+	address := u.Hostname() + ":443"
+	ipConn, err := net.DialTimeout("tcp", address, 5*time.Second)
+	if err != nil {
+		return fmt.Sprintf("SSL/TLS not enabed on %v\nDial error: %v", u.Hostname(), err)
+	}
+
+	defer ipConn.Close()
+	conn := tls.Client(ipConn, &tls.Config{
+		InsecureSkipVerify: true,
+		ServerName:         u.Hostname(),
+	})
+	if err = conn.Handshake(); err != nil {
+		return fmt.Sprintf("Invalid SSL/TLS for %v\nHandshake error: %v", address, err)
+	}
+
+	defer conn.Close()
+	addr := conn.RemoteAddr()
+	host, port, err := net.SplitHostPort(addr.String())
+	if err != nil {
+		return fmt.Sprintf("Error: %v", err)
+	}
+
+	cert := conn.ConnectionState().PeerCertificates[0]
+	asJson := os.Getenv("Http_Query")
+
+	if len(asJson) > 0 && asJson == "output=json" {
+		res := struct {
+			Host          string
+			Port          string
+			Issuer        string
+			CommonName    string
+			NotBefore     time.Time
+			NotAfter      time.Time
+			NotAfterUnix  int64
+			SANs          []string
+			TimeRemaining string
+		}{
+			host,
+			port,
+			cert.Issuer.CommonName,
+			cert.Subject.CommonName,
+			cert.NotBefore,
+			cert.NotAfter,
+			cert.NotAfter.Unix(),
+			cert.DNSNames,
+			humanize.Time(cert.NotAfter),
+		}
+
+		b, err := json.Marshal(res)
+		if err != nil {
+			return fmt.Sprintf("Error: %v", err)
+		}
+		return string(b)
+	}
+
+	return fmt.Sprintf("Host %v\nPort %v\nIssuer %v\nCommonName %v\nNotBefore %v\nNotAfter %v\nNotAfterUnix %v\nSANs %v\nTimeRemaining %v",
+		host, port, cert.Issuer.CommonName, cert.Subject.CommonName, cert.NotBefore, cert.NotAfter, cert.NotAfter.Unix(), cert.DNSNames, humanize.Time(cert.NotAfter))
+}
diff --git a/certinfo/handler_test.go b/certinfo/handler_test.go
@@ -0,0 +1,26 @@
+package function
+
+import (
+	"regexp"
+	"testing"
+)
+
+func TestHandleReturnsCorrectResponse(t *testing.T) {
+	expected := "www.google.com"
+	resp := Handle([]byte("www.google.com/about/"))
+
+	r := regexp.MustCompile("(?m:" + expected + ")")
+	if !r.MatchString(resp) {
+		t.Fatalf("\nExpected: \n%v\nGot: \n%v", expected, resp)
+	}
+}
+
+func TestHandleReturnsMultiSanResponse(t *testing.T) {
+	expected := ".stefanprodan.com"
+	resp := Handle([]byte("stefanprodan.com"))
+
+	r := regexp.MustCompile("(?m:" + expected + ")")
+	if !r.MatchString(resp) {
+		t.Fatalf("\nExpected: \n%v\nGot: \n%v", expected, resp)
+	}
+}
diff --git a/stack-amd64.yml b/stack-amd64.yml
@@ -0,0 +1,10 @@
+provider:
+  name: openfaas
+
+# Functions which are x86_64 only, and cannot be built for the Arm architecture
+
+functions:
+  sentimentanalysis:
+    lang: dockerfile
+    handler: ./sentimentanalysis
+    image: ${SERVER:-ghcr.io}/${OWNER:-openfaas}/sentimentanalysis:${TAG:-latest}
diff --git a/stack.yml b/stack.yml
@@ -68,11 +68,6 @@ functions:
     labels:
       com.openfaas.ui.ext: "mp4"
 
-  sentimentanalysis:
-    lang: dockerfile
-    handler: ./sentimentanalysis
-    image: ${SERVER:-ghcr.io}/${OWNER:-openfaas}/sentimentanalysis:${TAG:-latest}
-
   sleep:
     lang: go
     handler: ./sleep
@@ -91,7 +86,13 @@ functions:
     handler: ./printer
     image: ${SERVER:-ghcr.io}/${OWNER:-openfaas}/printer:${TAG:-latest}
 
+  certinfo:
+    lang: go
+    handler: ./certinfo
+    image: ${SERVER:-ghcr.io}/${OWNER:-openfaas}/certinfo-fn:${TAG:-latest}
+
 configuration:
   templates:
     - name: golang-middleware
       source: https://github.com/openfaas/golang-http-template
+