Skip to content

Server

Jump to bottom
Vincent Fortin edited this page Apr 13, 2019 · 8 revisions

Server

Please note that this functionality is still highly experimental.

Security

PLEASE NOTE: Using this functionality as of now is insecure as it requires wide open CORS. An attacker could potentially use a page from a website he controls to exfiltrate the report data, even if it is not exposed.

Use case

The traditional way use of Scout is to run the tool which will generate an local HTML report to be viewed. The problem with this approach is that when dealing with huge amount of data (over 400mb), the browser cannot load it all into RAM at once. In these cases, what we can do is serve the report result over a web server.

Current limitations

Size

The current hard size limit for this is about 2Gb, as the underlying library to access the SQLite database doesn't support saving nested dictionaries yet and SQLite can only support up to 2GB of data in a single data blob. Note that these limits are still theoratical and haven't been tested.

Usage

Azure

To generate the report for azure, use a command simillar to this: ./scout.py azure -c --result-format sqlite To server the report, use the following command: ./scout.py azure -c --serve This will serve the report on 127.0.0.1:8000. Not that, for now, You still need to connect to the cloud provider to connect, but this can be fixed with a bit of refactoring.
To serve a specific report: ./scout.py azure -c --serve reportname To serve on a specific socket, you can use the following options: ./scout.py azure -c --serve --host 0.0.0.0 --port 80 Please note that this can only be used for testing the server for now, as the static report doesn't allow this for now.

AWS

The same principles as with Azure apply for AWS, although you'll want to replace azure -c with aws or aws AUTHENTICATION_METHOD. For example : aws --serve would launch the server to read an AWS report saved with SQLite.

GCP

The same principles as with Azure apply for GCP, although you'll want to replace azure -c with gcp AUTHENTICATION_METHOD. For example : gcp --user-account --serve would launch the server to read a GCP report saved with SQLite.

What's left

  • Make the --serve argument a subparser. This will require some changes as, right now, we need the provider object to find the filenames, which requires to log in.
  • Serve the html report too on the server. This is cleaner and would simplify a lot the host/port configuration.
  • Fix SQLiteDict so it supports nested dictionnaries, which would allow reports to go up to 140TB in size.
  • Test this with heavy load to make sure it works in the intended scenario.
Clone this wiki locally