Log suspicious requests in a seperate log file.

Optimise the request logger.
Avoid converting from byte slice to string in router gen.
This commit is contained in:
Azareal 2021-02-27 16:52:51 +10:00
parent f20b0bd936
commit e49a79014b
2 changed files with 77 additions and 29 deletions

View File

@ -924,6 +924,7 @@ type GenRouter struct {
UploadHandler func(http.ResponseWriter, *http.Request) UploadHandler func(http.ResponseWriter, *http.Request)
extraRoutes map[string]func(http.ResponseWriter, *http.Request, *c.User) c.RouteError extraRoutes map[string]func(http.ResponseWriter, *http.Request, *c.User) c.RouteError
requestLogger *log.Logger requestLogger *log.Logger
suspReqLogger *log.Logger
sync.RWMutex sync.RWMutex
} }
@ -933,6 +934,10 @@ func NewGenRouter(uploads http.Handler) (*GenRouter, error) {
if err != nil { if err != nil {
return nil, err return nil, err
} }
f2, err := os.OpenFile("./logs/reqs-susp-"+strconv.FormatInt(c.StartTime.Unix(),10)+".log", os.O_WRONLY|os.O_APPEND|os.O_CREATE, 0755)
if err != nil {
return nil, err
}
return &GenRouter{ return &GenRouter{
UploadHandler: func(w http.ResponseWriter, r *http.Request) { UploadHandler: func(w http.ResponseWriter, r *http.Request) {
writ := NewWriterIntercept(w) writ := NewWriterIntercept(w)
@ -940,6 +945,7 @@ func NewGenRouter(uploads http.Handler) (*GenRouter, error) {
}, },
extraRoutes: make(map[string]func(http.ResponseWriter, *http.Request, *c.User) c.RouteError), extraRoutes: make(map[string]func(http.ResponseWriter, *http.Request, *c.User) c.RouteError),
requestLogger: log.New(f, "", log.LstdFlags), requestLogger: log.New(f, "", log.LstdFlags),
suspReqLogger: log.New(f2, "", log.LstdFlags),
}, nil }, nil
} }
@ -974,30 +980,48 @@ func (r *GenRouter) RemoveFunc(pattern string) error {
return nil return nil
} }
// TODO: Use strings builder? // TODO: Some of these sanitisations may be redundant
func (r *GenRouter) DumpRequest(req *http.Request, pre string) { func (r *GenRouter) dumpRequest(req *http.Request, pre string,log *log.Logger) {
var heads string var sb strings.Builder
sb.WriteString(pre)
nfield := func(label, val string) {
sb.WriteString(label)
sb.WriteString(val)
}
field := func(label, val string) {
nfield(label,c.SanitiseSingleLine(val))
}
field("\nUA: ",req.UserAgent())
field("\nMethod: ",req.Method)
for key, value := range req.Header { for key, value := range req.Header {
for _, vvalue := range value { for _, vvalue := range value {
heads += "Head " + c.SanitiseSingleLine(key) + ": " + c.SanitiseSingleLine(vvalue) + "\n" sb.WriteString("\nHead ")
sb.WriteString(c.SanitiseSingleLine(key))
sb.WriteString(": ")
sb.WriteString(c.SanitiseSingleLine(vvalue))
} }
} }
field("\nHost: ",req.Host)
field("\nURL.Path: ",req.URL.Path)
field("\nURL.RawQuery: ",req.URL.RawQuery)
field("\nRef: ",req.Referer())
nfield("\nIP: ",req.RemoteAddr)
sb.WriteString("\n")
r.requestLogger.Print(pre + log.Print(sb.String())
"\nUA: " + c.SanitiseSingleLine(req.UserAgent()) + "\n" + }
"Method: " + c.SanitiseSingleLine(req.Method) + "\n" + heads +
"Host: " + c.SanitiseSingleLine(req.Host) + "\n" + func (r *GenRouter) DumpRequest(req *http.Request, pre string) {
"URL.Path: " + c.SanitiseSingleLine(req.URL.Path) + "\n" + r.dumpRequest(req,pre,r.requestLogger)
"URL.RawQuery: " + c.SanitiseSingleLine(req.URL.RawQuery) + "\n" +
"Ref: " + c.SanitiseSingleLine(req.Referer()) + "\n" +
"IP: " + req.RemoteAddr + "\n")
} }
func (r *GenRouter) SuspiciousRequest(req *http.Request, pre string) { func (r *GenRouter) SuspiciousRequest(req *http.Request, pre string) {
if pre != "" { if pre != "" {
pre += "\n" pre += "\nSuspicious Request"
} else {
pre = "Suspicious Request"
} }
r.DumpRequest(req,pre+"Suspicious Request") r.dumpRequest(req,pre,r.suspReqLogger)
co.AgentViewCounter.Bump(41) co.AgentViewCounter.Bump(41)
} }

View File

@ -516,6 +516,7 @@ type GenRouter struct {
UploadHandler func(http.ResponseWriter, *http.Request) UploadHandler func(http.ResponseWriter, *http.Request)
extraRoutes map[string]func(http.ResponseWriter, *http.Request, *c.User) c.RouteError extraRoutes map[string]func(http.ResponseWriter, *http.Request, *c.User) c.RouteError
requestLogger *log.Logger requestLogger *log.Logger
suspReqLogger *log.Logger
sync.RWMutex sync.RWMutex
} }
@ -525,6 +526,10 @@ func NewGenRouter(uploads http.Handler) (*GenRouter, error) {
if err != nil { if err != nil {
return nil, err return nil, err
} }
f2, err := os.OpenFile("./logs/reqs-susp-"+strconv.FormatInt(c.StartTime.Unix(),10)+".log", os.O_WRONLY|os.O_APPEND|os.O_CREATE, 0755)
if err != nil {
return nil, err
}
return &GenRouter{ return &GenRouter{
UploadHandler: func(w http.ResponseWriter, r *http.Request) { UploadHandler: func(w http.ResponseWriter, r *http.Request) {
writ := NewWriterIntercept(w) writ := NewWriterIntercept(w)
@ -532,6 +537,7 @@ func NewGenRouter(uploads http.Handler) (*GenRouter, error) {
}, },
extraRoutes: make(map[string]func(http.ResponseWriter, *http.Request, *c.User) c.RouteError), extraRoutes: make(map[string]func(http.ResponseWriter, *http.Request, *c.User) c.RouteError),
requestLogger: log.New(f, "", log.LstdFlags), requestLogger: log.New(f, "", log.LstdFlags),
suspReqLogger: log.New(f2, "", log.LstdFlags),
}, nil }, nil
} }
@ -566,30 +572,48 @@ func (r *GenRouter) RemoveFunc(pattern string) error {
return nil return nil
} }
// TODO: Use strings builder? // TODO: Some of these sanitisations may be redundant
func (r *GenRouter) DumpRequest(req *http.Request, pre string) { func (r *GenRouter) dumpRequest(req *http.Request, pre string,log *log.Logger) {
var heads string var sb strings.Builder
sb.WriteString(pre)
nfield := func(label, val string) {
sb.WriteString(label)
sb.WriteString(val)
}
field := func(label, val string) {
nfield(label,c.SanitiseSingleLine(val))
}
field("\nUA: ",req.UserAgent())
field("\nMethod: ",req.Method)
for key, value := range req.Header { for key, value := range req.Header {
for _, vvalue := range value { for _, vvalue := range value {
heads += "Head " + c.SanitiseSingleLine(key) + ": " + c.SanitiseSingleLine(vvalue) + "\n" sb.WriteString("\nHead ")
sb.WriteString(c.SanitiseSingleLine(key))
sb.WriteString(": ")
sb.WriteString(c.SanitiseSingleLine(vvalue))
} }
} }
field("\nHost: ",req.Host)
field("\nURL.Path: ",req.URL.Path)
field("\nURL.RawQuery: ",req.URL.RawQuery)
field("\nRef: ",req.Referer())
nfield("\nIP: ",req.RemoteAddr)
sb.WriteString("\n")
r.requestLogger.Print(pre + log.Print(sb.String())
"\nUA: " + c.SanitiseSingleLine(req.UserAgent()) + "\n" + }
"Method: " + c.SanitiseSingleLine(req.Method) + "\n" + heads +
"Host: " + c.SanitiseSingleLine(req.Host) + "\n" + func (r *GenRouter) DumpRequest(req *http.Request, pre string) {
"URL.Path: " + c.SanitiseSingleLine(req.URL.Path) + "\n" + r.dumpRequest(req,pre,r.requestLogger)
"URL.RawQuery: " + c.SanitiseSingleLine(req.URL.RawQuery) + "\n" +
"Ref: " + c.SanitiseSingleLine(req.Referer()) + "\n" +
"IP: " + req.RemoteAddr + "\n")
} }
func (r *GenRouter) SuspiciousRequest(req *http.Request, pre string) { func (r *GenRouter) SuspiciousRequest(req *http.Request, pre string) {
if pre != "" { if pre != "" {
pre += "\n" pre += "\nSuspicious Request"
} else {
pre = "Suspicious Request"
} }
r.DumpRequest(req,pre+"Suspicious Request") r.dumpRequest(req,pre,r.suspReqLogger)
co.AgentViewCounter.Bump({{.AllAgentMap.suspicious}}) co.AgentViewCounter.Bump({{.AllAgentMap.suspicious}})
} }
@ -1093,7 +1117,7 @@ func (r *GenRouter) responseWriter(w http.ResponseWriter) http.ResponseWriter {
log.Fatal(err) log.Fatal(err)
} }
writeFile("./gen_router.go", string(b.Bytes())) writeFile("./gen_router.go", b.String())
log.Println("Successfully generated the router") log.Println("Successfully generated the router")
} }