This commit is contained in:
d3m0k1d
@@ -16,14 +16,18 @@ type Judge struct {
|
||||
logger *logger.Logger
|
||||
Blocker blocker.BlockerEngine
|
||||
rulesByService map[string][]config.Rule
|
||||
entryCh chan *storage.LogEntry
|
||||
resultCh chan *storage.LogEntry
|
||||
}
|
||||
|
||||
func New(db *storage.DB, b blocker.BlockerEngine) *Judge {
|
||||
func New(db *storage.DB, b blocker.BlockerEngine, resultCh chan *storage.LogEntry, entryCh chan *storage.LogEntry) *Judge {
|
||||
return &Judge{
|
||||
db: db,
|
||||
logger: logger.New(false),
|
||||
rulesByService: make(map[string][]config.Rule),
|
||||
Blocker: b,
|
||||
entryCh: entryCh,
|
||||
resultCh: resultCh,
|
||||
}
|
||||
}
|
||||
|
||||
@@ -38,84 +42,70 @@ func (j *Judge) LoadRules(rules []config.Rule) {
|
||||
j.logger.Info("Rules loaded and indexed by service")
|
||||
}
|
||||
|
||||
func (j *Judge) ProcessUnviewed() error {
|
||||
rows, err := j.db.SearchUnViewed()
|
||||
if err != nil {
|
||||
j.logger.Error(fmt.Sprintf("Failed to query database: %v", err))
|
||||
return err
|
||||
}
|
||||
j.logger.Info("Unviewed logs found")
|
||||
defer func() {
|
||||
err = rows.Close()
|
||||
if err != nil {
|
||||
j.logger.Error(fmt.Sprintf("Failed to close database connection: %v", err))
|
||||
}
|
||||
}()
|
||||
for rows.Next() {
|
||||
var entry storage.LogEntry
|
||||
err = rows.Scan(
|
||||
&entry.ID,
|
||||
&entry.Service,
|
||||
&entry.IP,
|
||||
&entry.Path,
|
||||
&entry.Status,
|
||||
&entry.Method,
|
||||
&entry.IsViewed,
|
||||
&entry.CreatedAt,
|
||||
)
|
||||
if err != nil {
|
||||
j.logger.Error(fmt.Sprintf("Failed to scan database row: %v", err))
|
||||
func (j *Judge) Tribunal() {
|
||||
j.logger.Info("Tribunal started")
|
||||
|
||||
for entry := range j.entryCh {
|
||||
j.logger.Debug("Processing entry", "ip", entry.IP, "service", entry.Service, "status", entry.Status)
|
||||
|
||||
rules, serviceExists := j.rulesByService[entry.Service]
|
||||
if !serviceExists {
|
||||
j.logger.Debug("No rules for service", "service", entry.Service)
|
||||
continue
|
||||
}
|
||||
|
||||
rules, serviceExists := j.rulesByService[entry.Service]
|
||||
if serviceExists {
|
||||
for _, rule := range rules {
|
||||
if (rule.Method == "" || entry.Method == rule.Method) &&
|
||||
(rule.Status == "" || entry.Status == rule.Status) &&
|
||||
matchPath(entry.Path, rule.Path) {
|
||||
ruleMatched := false
|
||||
for _, rule := range rules {
|
||||
methodMatch := rule.Method == "" || entry.Method == rule.Method
|
||||
statusMatch := rule.Status == "" || entry.Status == rule.Status
|
||||
pathMatch := matchPath(entry.Path, rule.Path)
|
||||
|
||||
j.logger.Info(
|
||||
fmt.Sprintf(
|
||||
"Rule matched for IP: %s, Service: %s",
|
||||
entry.IP,
|
||||
entry.Service,
|
||||
),
|
||||
)
|
||||
ban_status, err := j.db.IsBanned(entry.IP)
|
||||
if err != nil {
|
||||
j.logger.Error(fmt.Sprintf("Failed to check ban status: %v", err))
|
||||
return err
|
||||
}
|
||||
if !ban_status {
|
||||
err = j.Blocker.Ban(entry.IP)
|
||||
if err != nil {
|
||||
j.logger.Error(fmt.Sprintf("Failed to ban IP: %v", err))
|
||||
}
|
||||
j.logger.Info(fmt.Sprintf("IP banned: %s", entry.IP))
|
||||
err = j.db.AddBan(entry.IP, rule.BanTime)
|
||||
if err != nil {
|
||||
j.logger.Error(fmt.Sprintf("Failed to add ban: %v", err))
|
||||
}
|
||||
}
|
||||
j.logger.Debug(
|
||||
"Testing rule",
|
||||
"rule", rule.Name,
|
||||
"method_match", methodMatch,
|
||||
"status_match", statusMatch,
|
||||
"path_match", pathMatch,
|
||||
)
|
||||
|
||||
if methodMatch && statusMatch && pathMatch {
|
||||
ruleMatched = true
|
||||
j.logger.Info("Rule matched", "rule", rule.Name, "ip", entry.IP)
|
||||
|
||||
banned, err := j.db.IsBanned(entry.IP)
|
||||
if err != nil {
|
||||
j.logger.Error("Failed to check ban status", "ip", entry.IP, "error", err)
|
||||
break
|
||||
}
|
||||
|
||||
if banned {
|
||||
j.logger.Info("IP already banned", "ip", entry.IP)
|
||||
j.resultCh <- entry
|
||||
break
|
||||
}
|
||||
|
||||
err = j.db.AddBan(entry.IP, rule.BanTime)
|
||||
if err != nil {
|
||||
j.logger.Error("Failed to add ban to database", "ip", entry.IP, "ban_time", rule.BanTime, "error", err)
|
||||
break
|
||||
}
|
||||
|
||||
if err := j.Blocker.Ban(entry.IP); err != nil {
|
||||
j.logger.Error("Failed to ban IP at firewall", "ip", entry.IP, "error", err)
|
||||
break
|
||||
}
|
||||
j.logger.Info("IP banned successfully", "ip", entry.IP, "rule", rule.Name, "ban_time", rule.BanTime)
|
||||
j.resultCh <- entry
|
||||
break
|
||||
}
|
||||
}
|
||||
err = j.db.MarkAsViewed(entry.ID)
|
||||
if err != nil {
|
||||
j.logger.Error(fmt.Sprintf("Failed to mark entry as viewed: %v", err))
|
||||
} else {
|
||||
j.logger.Info(fmt.Sprintf("Entry marked as viewed: ID=%d", entry.ID))
|
||||
|
||||
if !ruleMatched {
|
||||
j.logger.Debug("No rules matched", "ip", entry.IP, "service", entry.Service)
|
||||
}
|
||||
}
|
||||
|
||||
if err = rows.Err(); err != nil {
|
||||
j.logger.Error(fmt.Sprintf("Error iterating rows: %v", err))
|
||||
return err
|
||||
}
|
||||
|
||||
return nil
|
||||
j.logger.Info("Tribunal stopped - entryCh closed")
|
||||
}
|
||||
|
||||
func (j *Judge) UnbanChecker() {
|
||||
|
||||
@@ -18,21 +18,21 @@ func TestJudgeLogic(t *testing.T) {
|
||||
{
|
||||
name: "Empty rule",
|
||||
inputRule: config.Rule{Name: "", ServiceName: "", Path: "", Status: "", Method: ""},
|
||||
inputLog: storage.LogEntry{ID: 0, Service: "nginx", IP: "127.0.0.1", Path: "/api", Status: "200", Method: "GET", IsViewed: false, CreatedAt: ""},
|
||||
inputLog: storage.LogEntry{ID: 0, Service: "nginx", IP: "127.0.0.1", Path: "/api", Status: "200", Method: "GET", CreatedAt: ""},
|
||||
wantErr: true,
|
||||
wantMatch: false,
|
||||
},
|
||||
{
|
||||
name: "Matching rule",
|
||||
inputRule: config.Rule{Name: "test", ServiceName: "nginx", Path: "/api", Status: "200", Method: "GET"},
|
||||
inputLog: storage.LogEntry{ID: 1, Service: "nginx", IP: "127.0.0.1", Path: "/api", Status: "200", Method: "GET", IsViewed: false, CreatedAt: ""},
|
||||
inputLog: storage.LogEntry{ID: 1, Service: "nginx", IP: "127.0.0.1", Path: "/api", Status: "200", Method: "GET", CreatedAt: ""},
|
||||
wantErr: false,
|
||||
wantMatch: true,
|
||||
},
|
||||
{
|
||||
name: "Non-matching status",
|
||||
inputRule: config.Rule{Name: "test", ServiceName: "nginx", Path: "/api", Status: "404", Method: "GET"},
|
||||
inputLog: storage.LogEntry{ID: 2, Service: "nginx", IP: "127.0.0.1", Path: "/api", Status: "200", Method: "GET", IsViewed: false, CreatedAt: ""},
|
||||
inputLog: storage.LogEntry{ID: 2, Service: "nginx", IP: "127.0.0.1", Path: "/api", Status: "200", Method: "GET", CreatedAt: ""},
|
||||
wantErr: false,
|
||||
wantMatch: false,
|
||||
},
|
||||
|
||||
@@ -34,12 +34,11 @@ func (p *NginxParser) Parse(eventCh <-chan Event, resultCh chan<- *storage.LogEn
|
||||
method := matches[3]
|
||||
|
||||
resultCh <- &storage.LogEntry{
|
||||
Service: "nginx",
|
||||
IP: matches[1],
|
||||
Path: path,
|
||||
Status: status,
|
||||
Method: method,
|
||||
IsViewed: false,
|
||||
Service: "nginx",
|
||||
IP: matches[1],
|
||||
Path: path,
|
||||
Status: status,
|
||||
Method: method,
|
||||
}
|
||||
p.logger.Info(
|
||||
"Parsed nginx log entry",
|
||||
|
||||
@@ -31,12 +31,11 @@ func (p *SshdParser) Parse(eventCh <-chan Event, resultCh chan<- *storage.LogEnt
|
||||
continue
|
||||
}
|
||||
resultCh <- &storage.LogEntry{
|
||||
Service: "ssh",
|
||||
IP: matches[6],
|
||||
Path: matches[5], // user
|
||||
Status: "Failed",
|
||||
Method: matches[4], // method auth
|
||||
IsViewed: false,
|
||||
Service: "ssh",
|
||||
IP: matches[6],
|
||||
Path: matches[5], // user
|
||||
Status: "Failed",
|
||||
Method: matches[4], // method auth
|
||||
}
|
||||
p.logger.Info(
|
||||
"Parsed ssh log entry",
|
||||
|
||||
@@ -2,15 +2,13 @@ package storage
|
||||
|
||||
import (
|
||||
"database/sql"
|
||||
"os"
|
||||
|
||||
"fmt"
|
||||
"time"
|
||||
|
||||
"github.com/d3m0k1d/BanForge/internal/config"
|
||||
"github.com/d3m0k1d/BanForge/internal/logger"
|
||||
"github.com/jedib0t/go-pretty/v6/table"
|
||||
_ "modernc.org/sqlite"
|
||||
"os"
|
||||
"time"
|
||||
)
|
||||
|
||||
type DB struct {
|
||||
@@ -23,8 +21,8 @@ func NewDB() (*DB, error) {
|
||||
"sqlite",
|
||||
"/var/lib/banforge/storage.db?_pragma=journal_mode(WAL)&_pragma=busy_timeout(30000)&_pragma=synchronous(NORMAL)",
|
||||
)
|
||||
db.SetMaxOpenConns(4)
|
||||
db.SetMaxIdleConns(2)
|
||||
db.SetMaxOpenConns(1)
|
||||
db.SetMaxIdleConns(1)
|
||||
db.SetConnMaxLifetime(0)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
@@ -57,26 +55,6 @@ func (d *DB) CreateTable() error {
|
||||
return nil
|
||||
}
|
||||
|
||||
func (d *DB) SearchUnViewed() (*sql.Rows, error) {
|
||||
rows, err := d.db.Query(
|
||||
"SELECT id, service, ip, path, status, method, viewed, created_at FROM requests WHERE viewed = 0",
|
||||
)
|
||||
if err != nil {
|
||||
d.logger.Error("Failed to query database")
|
||||
return nil, err
|
||||
}
|
||||
return rows, nil
|
||||
}
|
||||
|
||||
func (d *DB) MarkAsViewed(id int) error {
|
||||
_, err := d.db.Exec("UPDATE requests SET viewed = 1 WHERE id = ?", id)
|
||||
if err != nil {
|
||||
d.logger.Error("Failed to mark as viewed", "error", err)
|
||||
return err
|
||||
}
|
||||
return nil
|
||||
}
|
||||
|
||||
func (d *DB) IsBanned(ip string) (bool, error) {
|
||||
var bannedIP string
|
||||
err := d.db.QueryRow("SELECT ip FROM bans WHERE ip = ? ", ip).Scan(&bannedIP)
|
||||
|
||||
@@ -74,99 +74,6 @@ func TestCreateTable(t *testing.T) {
|
||||
rows.Close()
|
||||
}
|
||||
|
||||
func TestMarkAsViewed(t *testing.T) {
|
||||
d := createTestDBStruct(t)
|
||||
|
||||
err := d.CreateTable()
|
||||
if err != nil {
|
||||
t.Fatal(err)
|
||||
}
|
||||
|
||||
_, err = d.db.Exec(
|
||||
"INSERT INTO requests (service, ip, path, method, status, created_at) VALUES (?, ?, ?, ?, ?, ?)",
|
||||
"test",
|
||||
"127.0.0.1",
|
||||
"/test",
|
||||
"GET",
|
||||
"200",
|
||||
time.Now().Format(time.RFC3339),
|
||||
)
|
||||
if err != nil {
|
||||
t.Fatal(err)
|
||||
}
|
||||
|
||||
err = d.MarkAsViewed(1)
|
||||
if err != nil {
|
||||
t.Fatal(err)
|
||||
}
|
||||
|
||||
var isViewed bool
|
||||
err = d.db.QueryRow("SELECT viewed FROM requests WHERE id = 1").Scan(&isViewed)
|
||||
if err != nil {
|
||||
t.Fatal(err)
|
||||
}
|
||||
if !isViewed {
|
||||
t.Fatal("viewed should be true")
|
||||
}
|
||||
}
|
||||
|
||||
func TestSearchUnViewed(t *testing.T) {
|
||||
d := createTestDBStruct(t)
|
||||
|
||||
err := d.CreateTable()
|
||||
if err != nil {
|
||||
t.Fatal(err)
|
||||
}
|
||||
|
||||
for i := 0; i < 2; i++ {
|
||||
_, err := d.db.Exec(
|
||||
"INSERT INTO requests (service, ip, path, method, status, created_at) VALUES (?, ?, ?, ?, ?, ?)",
|
||||
"test",
|
||||
"127.0.0.1",
|
||||
"/test",
|
||||
"GET",
|
||||
"200",
|
||||
time.Now().Format(time.RFC3339),
|
||||
)
|
||||
if err != nil {
|
||||
t.Fatal(err)
|
||||
}
|
||||
}
|
||||
|
||||
rows, err := d.SearchUnViewed()
|
||||
if err != nil {
|
||||
t.Fatal(err)
|
||||
}
|
||||
defer rows.Close()
|
||||
|
||||
count := 0
|
||||
for rows.Next() {
|
||||
var id int
|
||||
var service, ip, path, status, method string
|
||||
var viewed bool
|
||||
var createdAt string
|
||||
|
||||
err := rows.Scan(&id, &service, &ip, &path, &status, &method, &viewed, &createdAt)
|
||||
if err != nil {
|
||||
t.Fatal(err)
|
||||
}
|
||||
|
||||
if viewed {
|
||||
t.Fatal("should be unviewed")
|
||||
}
|
||||
|
||||
count++
|
||||
}
|
||||
|
||||
if err := rows.Err(); err != nil {
|
||||
t.Fatal(err)
|
||||
}
|
||||
|
||||
if count != 2 {
|
||||
t.Fatalf("expected 2 unviewed requests, got %d", count)
|
||||
}
|
||||
}
|
||||
|
||||
func TestIsBanned(t *testing.T) {
|
||||
d := createTestDBStruct(t)
|
||||
|
||||
|
||||
@@ -9,7 +9,6 @@ CREATE TABLE IF NOT EXISTS requests (
|
||||
path TEXT,
|
||||
method TEXT,
|
||||
status TEXT,
|
||||
viewed BOOLEAN DEFAULT FALSE,
|
||||
created_at DATETIME DEFAULT CURRENT_TIMESTAMP
|
||||
);
|
||||
|
||||
|
||||
@@ -7,7 +7,6 @@ type LogEntry struct {
|
||||
Path string `db:"path"`
|
||||
Status string `db:"status"`
|
||||
Method string `db:"method"`
|
||||
IsViewed bool `db:"viewed"`
|
||||
CreatedAt string `db:"created_at"`
|
||||
}
|
||||
|
||||
|
||||
Reference in New Issue
Block a user