diff --git a/internal/blocker/firewalld.go b/internal/blocker/firewalld.go index bf85aa8..094079c 100644 --- a/internal/blocker/firewalld.go +++ b/internal/blocker/firewalld.go @@ -1,8 +1,9 @@ package blocker import ( - "github.com/d3m0k1d/BanForge/internal/logger" "os/exec" + + "github.com/d3m0k1d/BanForge/internal/logger" ) type Firewalld struct { @@ -20,7 +21,7 @@ func (f *Firewalld) Ban(ip string) error { if err != nil { return err } - cmd := exec.Command("sudo", "firewall-cmd", "--zone=drop", "--add-source="+ip, "--permanent") + cmd := exec.Command("sudo", "firewall-cmd", "--zone=drop", "--add-source", ip, "--permanent") output, err := cmd.CombinedOutput() if err != nil { f.logger.Error(err.Error()) @@ -41,7 +42,7 @@ func (f *Firewalld) Unban(ip string) error { if err != nil { return err } - cmd := exec.Command("sudo", "firewall-cmd", "--zone=drop", "--remove-source="+ip, "--permanent") + cmd := exec.Command("sudo", "firewall-cmd", "--zone=drop", "--remove-source", ip, "--permanent") output, err := cmd.CombinedOutput() if err != nil { f.logger.Error(err.Error()) diff --git a/internal/blocker/iptables.go b/internal/blocker/iptables.go index 442171f..b6847dd 100644 --- a/internal/blocker/iptables.go +++ b/internal/blocker/iptables.go @@ -23,20 +23,40 @@ func (f *Iptables) Ban(ip string) error { if err != nil { return err } + err = validateConfigPath(f.config) + if err != nil { + return err + } cmd := exec.Command("sudo", "iptables", "-A", "INPUT", "-s", ip, "-j", "DROP") output, err := cmd.CombinedOutput() if err != nil { - f.logger.Error(err.Error()) + f.logger.Error("failed to ban IP", + "ip", ip, + "error", err.Error(), + "output", string(output)) return err } - f.logger.Info("Banning " + ip + " " + string(output)) + f.logger.Info("IP banned", + "ip", ip, + "output", string(output)) + + err = validateConfigPath(f.config) + if err != nil { + return err + } + // #nosec G204 - f.config is validated above via validateConfigPath() cmd = exec.Command("sudo", "iptables-save", "-f", f.config) output, err = cmd.CombinedOutput() if err != nil { - f.logger.Error(err.Error()) + f.logger.Error("failed to save config", + "config_path", f.config, + "error", err.Error(), + "output", string(output)) return err } - f.logger.Info("Config saved " + string(output)) + f.logger.Info("config saved", + "config_path", f.config, + "output", string(output)) return nil } @@ -45,19 +65,39 @@ func (f *Iptables) Unban(ip string) error { if err != nil { return err } + err = validateConfigPath(f.config) + if err != nil { + return err + } cmd := exec.Command("sudo", "iptables", "-D", "INPUT", "-s", ip, "-j", "DROP") output, err := cmd.CombinedOutput() if err != nil { - f.logger.Error(err.Error()) + f.logger.Error("failed to unban IP", + "ip", ip, + "error", err.Error(), + "output", string(output)) return err } - f.logger.Info("Unbanning " + ip + " " + string(output)) + f.logger.Info("IP unbanned", + "ip", ip, + "output", string(output)) + + err = validateConfigPath(f.config) + if err != nil { + return err + } + // #nosec G204 - f.config is validated above via validateConfigPath() cmd = exec.Command("sudo", "iptables-save", "-f", f.config) output, err = cmd.CombinedOutput() if err != nil { - f.logger.Error(err.Error()) + f.logger.Error("failed to save config", + "config_path", f.config, + "error", err.Error(), + "output", string(output)) return err } - f.logger.Info("Config saved " + string(output)) + f.logger.Info("config saved", + "config_path", f.config, + "output", string(output)) return nil } diff --git a/internal/blocker/validators.go b/internal/blocker/validators.go index 1aaa6f3..5e515fd 100644 --- a/internal/blocker/validators.go +++ b/internal/blocker/validators.go @@ -16,3 +16,11 @@ func validateIP(ip string) error { return nil } + +func validateConfigPath(path string) error { + if path == "" { + return fmt.Errorf("empty path") + } + return nil + // TODO: add more valodation +}