adding cloud results upload

Mzack9999 · Mzack9999 · commit 4306cc263ba2 · 2025-11-06T15:44:14.000+04:00
diff --git a/README.md b/README.md
@@ -138,6 +138,14 @@ OUTPUT:
    -v, -verbose        display verbose output
    -version            display project version
 
+PDCP:
+   -pd, -dashboard              upload or view output in the PDCP UI dashboard
+   -pdu, -dashboard-upload string  upload tlsx output file (JSONL format) to the PDCP UI dashboard
+   -auth string                  PDCP API key for authentication
+   -tid, -team-id string         upload asset results to a specified team ID
+   -aid, -asset-id string        upload new assets to an existing asset ID
+   -aname, -asset-name string    asset group name
+
 DEBUG:
    -health-check, -hc  run diagnostic check up
 ```
@@ -421,6 +429,43 @@ echo example.com | tlsx -json -silent | jq .
 }
 ```
 
+### PDCP Dashboard Integration
+
+**tlsx** supports uploading scan results to the ProjectDiscovery Cloud Platform (PDCP) dashboard for visualization and analysis.
+
+#### Uploading Results in Real-Time
+
+Enable dashboard upload to automatically upload results as they are discovered:
+
+```console
+$ tlsx -u example.com -pd -json
+```
+
+Results will be automatically uploaded to PDCP and you'll receive a dashboard URL to view them.
+
+#### Uploading an Existing File
+
+Upload a previously saved JSONL output file to PDCP:
+
+```console
+$ tlsx -pdu results.jsonl -tid your-team-id -aname "My Scan"
+```
+
+#### Configuration Options
+
+- `-pd, --dashboard`: Enable real-time upload to PDCP dashboard
+- `-pdu, --dashboard-upload <file>`: Upload a specific JSONL file to PDCP
+- `-auth <key>`: PDCP API key (can also be set via environment or credentials handler)
+- `-tid, --team-id <id>`: Specify team ID for uploads
+- `-aid, --asset-id <id>`: Upload to an existing asset ID
+- `-aname, --asset-name <name>`: Set a custom name for the asset group
+
+Example with all options:
+
+```console
+$ tlsx -u example.com -pd -json -tid team123 -aname "Production Scan"
+```
+
 ## Configuration
 
 ### Scan Mode
diff --git a/cmd/tlsx/main.go b/cmd/tlsx/main.go
@@ -149,6 +149,15 @@ func readFlags(args ...string) error {
 		flagSet.BoolVar(&options.Version, "version", false, "display project version"),
 	)
 
+	flagSet.CreateGroup("pdcp", "PDCP",
+		flagSet.BoolVarP(&options.Dashboard, "dashboard", "pd", false, "upload or view output in the PDCP UI dashboard"),
+		flagSet.StringVarP(&options.DashboardUpload, "dashboard-upload", "pdu", "", "upload tlsx output file (JSONL format) to the PDCP UI dashboard"),
+		flagSet.StringVarP(&options.PDCPAPIKey, "auth", "", "", "PDCP API key for authentication"),
+		flagSet.StringVarP(&options.PDCPTeamID, "team-id", "tid", "", "upload asset results to a specified team ID"),
+		flagSet.StringVarP(&options.PDCPAssetID, "asset-id", "aid", "", "upload new assets to an existing asset ID"),
+		flagSet.StringVarP(&options.PDCPAssetName, "asset-name", "aname", "", "asset group name"),
+	)
+
 	flagSet.CreateGroup("debug", "Debug",
 		flagSet.BoolVarP(&options.HealthCheck, "hc", "health-check", false, "run diagnostic check up"),
 	)
diff --git a/internal/pdcp/utils.go b/internal/pdcp/utils.go
@@ -0,0 +1,27 @@
+package pdcp
+
+import (
+	pdcpauth "github.com/projectdiscovery/utils/auth/pdcp"
+	urlutil "github.com/projectdiscovery/utils/url"
+)
+
+func getAssetsDashBoardURL(id, teamID string) string {
+	ux, _ := urlutil.Parse(pdcpauth.DashBoardURL)
+	ux.Path = "/assets/" + id
+	if ux.Params == nil {
+		ux.Params = urlutil.NewOrderedParams()
+	}
+	if teamID != "" {
+		ux.Params.Add("team_id", teamID)
+	} else {
+		ux.Params.Add("team_id", NoneTeamID)
+	}
+	ux.Update()
+	return ux.String()
+}
+
+// {"asset_id":"cqdtekhte9oc73e9hrvg","message":"Successfully uploaded asset","upload_status":"success","uploaded_at":"2024-07-20 15:27:16.148527329 +0000 UTC m=+1078.215945902"}
+type uploadResponse struct {
+	ID      string `json:"asset_id"`
+	Message string `json:"message"`
+}
diff --git a/internal/pdcp/writer.go b/internal/pdcp/writer.go
@@ -0,0 +1,266 @@
+package pdcp
+
+import (
+	"bytes"
+	"context"
+	"encoding/json"
+	"fmt"
+	"io"
+	"net/http"
+	"net/url"
+	"regexp"
+	"sync/atomic"
+	"time"
+
+	"github.com/projectdiscovery/gologger"
+	"github.com/projectdiscovery/tlsx/pkg/tlsx/clients"
+	"github.com/projectdiscovery/retryablehttp-go"
+	pdcpauth "github.com/projectdiscovery/utils/auth/pdcp"
+	"github.com/projectdiscovery/utils/conversion"
+	"github.com/projectdiscovery/utils/env"
+	errkit "github.com/projectdiscovery/utils/errkit"
+	unitutils "github.com/projectdiscovery/utils/unit"
+	updateutils "github.com/projectdiscovery/utils/update"
+	urlutil "github.com/projectdiscovery/utils/url"
+)
+
+const (
+	uploadEndpoint = "/v1/assets"
+	appendEndpoint = "/v1/assets/%s/contents"
+	flushTimer     = time.Minute
+	MaxChunkSize   = 4 * unitutils.Mega // 4 MB
+	xidRe          = `^[a-z0-9]{20}$`
+	teamIDHeader   = "X-Team-Id"
+	NoneTeamID     = "none"
+)
+
+var (
+	xidRegex = regexp.MustCompile(xidRe)
+	// EnableeUpload if set to true enables the upload feature
+	HideAutoSaveMsg   = env.GetEnvOrDefault("DISABLE_CLOUD_UPLOAD_WRN", false)
+	EnableCloudUpload = env.GetEnvOrDefault("ENABLE_CLOUD_UPLOAD", false)
+)
+
+// UploadWriter is a writer that uploads its output to pdcp
+// server to enable web dashboard and more
+type UploadWriter struct {
+	creds          *pdcpauth.PDCPCredentials
+	uploadURL      *url.URL
+	client         *retryablehttp.Client
+	done           chan struct{}
+	data           chan *clients.Response
+	assetGroupID   string
+	assetGroupName string
+	counter        atomic.Int32
+	closed         atomic.Bool
+	TeamID         string
+}
+
+// NewUploadWriterCallback creates a new upload writer callback
+// which when enabled periodically uploads the results to pdcp assets dashboard
+func NewUploadWriterCallback(ctx context.Context, creds *pdcpauth.PDCPCredentials) (*UploadWriter, error) {
+	if creds == nil {
+		return nil, fmt.Errorf("no credentials provided")
+	}
+	u := &UploadWriter{
+		creds:  creds,
+		done:   make(chan struct{}, 1),
+		data:   make(chan *clients.Response, 8), // default buffer size
+		TeamID: "",
+	}
+	var err error
+	tmp, err := urlutil.Parse(creds.Server)
+	if err != nil {
+		return nil, errkit.Wrap(err, "could not parse server url")
+	}
+	tmp.Path = uploadEndpoint
+	tmp.Update()
+	u.uploadURL = tmp.URL
+
+	// create http client
+	opts := retryablehttp.DefaultOptionsSingle
+	opts.NoAdjustTimeout = true
+	opts.Timeout = time.Duration(3) * time.Minute
+	u.client = retryablehttp.NewClient(opts)
+	// start auto commit
+	// upload every 1 minute or when buffer is full
+	go u.autoCommit(ctx)
+	return u, nil
+}
+
+// GetWriterCallback returns the writer callback
+func (u *UploadWriter) GetWriterCallback() func(*clients.Response) {
+	return func(resp *clients.Response) {
+		u.data <- resp
+	}
+}
+
+// SetAssetID sets the scan id for the upload writer
+func (u *UploadWriter) SetAssetID(id string) error {
+	if !xidRegex.MatchString(id) {
+		return fmt.Errorf("invalid asset id provided")
+	}
+	u.assetGroupID = id
+	return nil
+}
+
+// SetAssetGroupName sets the scan name for the upload writer
+func (u *UploadWriter) SetAssetGroupName(name string) {
+	u.assetGroupName = name
+}
+
+// SetTeamID sets the team id for the upload writer
+func (u *UploadWriter) SetTeamID(id string) {
+	u.TeamID = id
+}
+
+func (u *UploadWriter) autoCommit(ctx context.Context) {
+	// wait for context to be done
+	defer func() {
+		u.done <- struct{}{}
+		close(u.done)
+		// if no scanid is generated no results were uploaded
+		if u.assetGroupID == "" {
+			gologger.Verbose().Msgf("UI dashboard setup skipped, no results found to upload")
+		} else {
+			gologger.Info().Msgf("Found %v results, View found results in dashboard : %v", u.counter.Load(), getAssetsDashBoardURL(u.assetGroupID, u.TeamID))
+		}
+	}()
+	// temporary buffer to store the results
+	buff := &bytes.Buffer{}
+	ticker := time.NewTicker(flushTimer)
+
+	for {
+		select {
+		case <-ctx.Done():
+			// flush before exit
+			if buff.Len() > 0 {
+				if err := u.uploadChunk(buff); err != nil {
+					gologger.Error().Msgf("Failed to upload scan results on cloud: %v", err)
+				}
+			}
+			return
+		case <-ticker.C:
+			// flush the buffer
+			if buff.Len() > 0 {
+				if err := u.uploadChunk(buff); err != nil {
+					gologger.Error().Msgf("Failed to upload scan results on cloud: %v", err)
+				}
+			}
+		case res, ok := <-u.data:
+			if !ok {
+				if buff.Len() > 0 {
+					if err := u.uploadChunk(buff); err != nil {
+						gologger.Error().Msgf("Failed to upload scan results on cloud: %v", err)
+					}
+				}
+				return
+			}
+
+			lineBytes, err := json.Marshal(res)
+			if err != nil {
+				gologger.Error().Msgf("Failed to marshal result: %v", err)
+				continue
+			}
+			u.counter.Add(1)
+			line := conversion.String(lineBytes)
+			if buff.Len()+len(line) > MaxChunkSize {
+				// flush existing buffer
+				if err := u.uploadChunk(buff); err != nil {
+					gologger.Error().Msgf("Failed to upload asset results on cloud: %v", err)
+				}
+			} else {
+				buff.WriteString(line)
+				buff.WriteString("\n")
+			}
+		}
+	}
+}
+
+// uploadChunk uploads a chunk of data to the server
+func (u *UploadWriter) uploadChunk(buff *bytes.Buffer) error {
+	if err := u.upload(buff.Bytes()); err != nil {
+		return errkit.Wrap(err, "could not upload chunk")
+	}
+	// if successful, reset the buffer
+	buff.Reset()
+	// log in verbose mode
+	gologger.Warning().Msgf("Uploaded results chunk, you can view assets at %v", getAssetsDashBoardURL(u.assetGroupID, u.TeamID))
+	return nil
+}
+
+func (u *UploadWriter) upload(data []byte) error {
+	req, err := u.getRequest(data)
+	if err != nil {
+		return errkit.Wrap(err, "could not create upload request")
+	}
+	resp, err := u.client.Do(req)
+	if err != nil {
+		return errkit.Wrap(err, "could not upload results")
+	}
+	defer func() {
+		_ = resp.Body.Close()
+	}()
+	bin, err := io.ReadAll(resp.Body)
+	if err != nil {
+		return errkit.Wrap(err, "could not get id from response")
+	}
+	if resp.StatusCode != http.StatusOK {
+		return fmt.Errorf("could not upload results got status code %v on %v", resp.StatusCode, resp.Request.URL.String())
+	}
+	var uploadResp uploadResponse
+	if err := json.Unmarshal(bin, &uploadResp); err != nil {
+		return errkit.Wrapf(err, "could not unmarshal response got %v", string(bin))
+	}
+	if uploadResp.ID != "" && u.assetGroupID == "" {
+		u.assetGroupID = uploadResp.ID
+	}
+	return nil
+}
+
+// getRequest returns a new request for upload
+// if scanID is not provided create new scan by uploading the data
+// if scanID is provided append the data to existing scan
+func (u *UploadWriter) getRequest(bin []byte) (*retryablehttp.Request, error) {
+	var method, url string
+
+	if u.assetGroupID == "" {
+		u.uploadURL.Path = uploadEndpoint
+		method = http.MethodPost
+		url = u.uploadURL.String()
+	} else {
+		u.uploadURL.Path = fmt.Sprintf(appendEndpoint, u.assetGroupID)
+		method = http.MethodPatch
+		url = u.uploadURL.String()
+	}
+	req, err := retryablehttp.NewRequest(method, url, bytes.NewReader(bin))
+	if err != nil {
+		return nil, errkit.Wrap(err, "could not create cloud upload request")
+	}
+	// add pdtm meta params - version will be set by updateutils
+	req.Params.Merge(updateutils.GetpdtmParams("tlsx"))
+	// if it is upload endpoint also include name if it exists
+	if u.assetGroupName != "" && req.Path == uploadEndpoint {
+		req.Params.Add("name", u.assetGroupName)
+	}
+	req.Update()
+
+	req.Header.Set(pdcpauth.ApiKeyHeaderName, u.creds.APIKey)
+	if u.TeamID != "" {
+		req.Header.Set(teamIDHeader, u.TeamID)
+	}
+	req.Header.Set("Content-Type", "application/octet-stream")
+	req.Header.Set("Accept", "application/json")
+	return req, nil
+}
+
+// Close closes the upload writer
+func (u *UploadWriter) Close() {
+	if !u.closed.Load() {
+		// protect to avoid channel closed twice error
+		close(u.data)
+		u.closed.Store(true)
+	}
+	<-u.done
+}
+
diff --git a/internal/runner/runner.go b/internal/runner/runner.go
diff --git a/pkg/tlsx/clients/clients.go b/pkg/tlsx/clients/clients.go
