[OPTIONS] * * OPTIONS * * --job= * Scan targets that belong to the specified job. * * --since-last-scan= * Scan targets whose last scan is older than the specified date/time, * which can also be an English textual datetime description like "2 days". * Defaults to "-24 hours". * * --parallel= * Allow parallel scanning of targets up to the specified number. Defaults to 256. * May cause **too many open files** error if set to a number higher than the configured one (ulimit). * * --rescan * Rescan only targets that have been scanned before. * * --full * (Re)scan all known and unknown targets. * This will override the "rescan" and "since-last-scan" options. * * EXAMPLES * * Scan all targets that have not yet been scanned, or whose last scan is older than a certain date/time: * * icingacli x509 scan --job --since-last-scan="3 days" * * Scan only unknown targets * * icingacli x509 scan --job --since-last-scan=null * * Scan only known targets * * icingacli x509 scan --job --rescan * * Scan only known targets whose last scan is older than a certain date/time: * * icingacli x509 scan --job --rescan --since-last-scan="5 days" * * Scan all known and unknown targets: * * icingacli x509 scan --job --full */ public function indexAction(): void { /** @var string $name */ $name = $this->params->shiftRequired('job'); $fullScan = (bool) $this->params->get('full', false); $rescan = (bool) $this->params->get('rescan', false); /** @var string $sinceLastScan */ $sinceLastScan = $this->params->get('since-last-scan', Job::DEFAULT_SINCE_LAST_SCAN); if ($sinceLastScan === 'null') { $sinceLastScan = null; } /** @var int $parallel */ $parallel = $this->params->get('parallel', Job::DEFAULT_PARALLEL); if ($parallel <= 0) { throw new Exception('The \'parallel\' option must be set to at least 1'); } /** @var X509Job $jobConfig */ $jobConfig = X509Job::on(Database::get()) ->filter(Filter::equal('name', $name)) ->first(); if ($jobConfig === null) { throw new Exception(sprintf('Job %s not found', $name)); } if (! strlen($jobConfig->cidrs)) { throw new Exception(sprintf('The job %s does not specify any CIDRs', $name)); } $cidrs = $this->parseCIDRs($jobConfig->cidrs); $ports = $this->parsePorts($jobConfig->ports); $job = (new Job($name, $cidrs, $ports, SniHook::getAll())) ->setId($jobConfig->id) ->setFullScan($fullScan) ->setRescan($rescan) ->setParallel($parallel) ->setExcludes($this->parseExcludes($jobConfig->exclude_targets)) ->setLastScan($sinceLastScan); $promise = $job->run(); $signalHandler = function () use (&$promise, $job) { $promise->cancel(); Logger::info('Job %s canceled', $job->getName()); Loop::futureTick(function () { Loop::stop(); }); }; Loop::addSignal(SIGINT, $signalHandler); Loop::addSignal(SIGTERM, $signalHandler); $promise->then(function ($targets = 0) use ($job) { if ($targets === 0) { Logger::warning('The job %s does not have any targets', $job->getName()); } else { Logger::info('Scanned %d target(s) from job %s', $targets, $job->getName()); try { $verified = CertificateUtils::verifyCertificates(Database::get()); Logger::info('Checked %d certificate chain(s)', $verified); } catch (Exception $err) { Logger::error($err->getMessage()); Logger::debug($err->getTraceAsString()); } } }, function (Throwable $err) use ($job) { Logger::error('Failed to run job %s: %s', $job->getName(), $err->getMessage()); Logger::debug($err->getTraceAsString()); })->always(function () { Loop::futureTick(function () { Loop::stop(); }); }); } }