Skip to content

GitLab

Commit c6e2b206 authored by qiuqunfeng's avatar qiuqunfeng
Browse files

commit

parent 246f8768
Hide whitespace changes
Inline Side-by-side
Showing with 15 additions and 891 deletions
api/router.go
View file @ c6e2b206
...@@ -5,7 +5,7 @@ import ( ...@@ -5,7 +5,7 @@ import (
"net/http" "net/http"
"github.com/gin-gonic/gin" "github.com/gin-gonic/gin"
"gitlab.com/security-rd/go-pkg/logging" "github.com/rs/zerolog/log"
"gitlab.com/tensorsecurity-rd/waf-console/internal/config" "gitlab.com/tensorsecurity-rd/waf-console/internal/config"
"gitlab.com/tensorsecurity-rd/waf-console/internal/utils" "gitlab.com/tensorsecurity-rd/waf-console/internal/utils"
"gorm.io/gorm" "gorm.io/gorm"
...@@ -16,7 +16,7 @@ func SetRouters(db *gorm.DB, clusterClientManager *utils.ClusterClientManager) * ...@@ -16,7 +16,7 @@ func SetRouters(db *gorm.DB, clusterClientManager *utils.ClusterClientManager) *
if !config.Conf.Debug { if !config.Conf.Debug {
// 生产模式 // 生产模式
logging.Get().Info().Msg("release mode") log.Info().Msg("release mode")
engine = ReleaseRouter() engine = ReleaseRouter()
engine.Use( engine.Use(
// middleware.RequestCostHandler(), // middleware.RequestCostHandler(),
...@@ -26,7 +26,7 @@ func SetRouters(db *gorm.DB, clusterClientManager *utils.ClusterClientManager) * ...@@ -26,7 +26,7 @@ func SetRouters(db *gorm.DB, clusterClientManager *utils.ClusterClientManager) *
) )
} else { } else {
// 开发调试模式 // 开发调试模式
logging.Get().Info().Msg("debug mode") log.Info().Msg("debug mode")
engine = gin.New() engine = gin.New()
engine.Use( engine.Use(
// middleware.RequestCostHandler(), // middleware.RequestCostHandler(),
......
cmd/app/cmd.go
View file @ c6e2b206
...@@ -5,8 +5,8 @@ import ( ...@@ -5,8 +5,8 @@ import (
"fmt" "fmt"
"os" "os"
"github.com/rs/zerolog/log"
"github.com/spf13/cobra" "github.com/spf13/cobra"
"gitlab.com/security-rd/go-pkg/logging"
"gitlab.com/tensorsecurity-rd/waf-console/api" "gitlab.com/tensorsecurity-rd/waf-console/api"
"gitlab.com/tensorsecurity-rd/waf-console/internal/utils" "gitlab.com/tensorsecurity-rd/waf-console/internal/utils"
"gitlab.com/tensorsecurity-rd/waf-console/pkg/generated/clientset/versioned" "gitlab.com/tensorsecurity-rd/waf-console/pkg/generated/clientset/versioned"
...@@ -23,7 +23,7 @@ func NewRootCommand() *cobra.Command { ...@@ -23,7 +23,7 @@ func NewRootCommand() *cobra.Command {
RunE: func(cmd *cobra.Command, args []string) error { RunE: func(cmd *cobra.Command, args []string) error {
config := LoadConfig() config := LoadConfig()
debugMode := os.Getenv("DEBUG_MODE") debugMode := os.Getenv("DEBUG_MODE")
logging.Get().Info().Msgf("DEBUG_MODE: %s", debugMode) log.Info().Msgf("DEBUG_MODE: %s", debugMode)
if debugMode == "true" { if debugMode == "true" {
config.Debug = true config.Debug = true
// config.Conf.Debug = true // config.Conf.Debug = true
......
cmd/app/config.go
View file @ c6e2b206
...@@ -3,7 +3,7 @@ package app ...@@ -3,7 +3,7 @@ package app
import ( import (
"os" "os"
"gitlab.com/security-rd/go-pkg/logging" "github.com/rs/zerolog/log"
"gopkg.in/yaml.v2" "gopkg.in/yaml.v2"
) )
...@@ -47,13 +47,13 @@ func LoadConfig() *Config { ...@@ -47,13 +47,13 @@ func LoadConfig() *Config {
data, err := os.ReadFile(configFile) data, err := os.ReadFile(configFile)
if err != nil { if err != nil {
logging.Get().Error().Err(err).Msgf("Failed to read config file: %s", configFile) log.Err(err).Msgf("Failed to read config file: %s", configFile)
return nil return nil
} }
var config Config var config Config
if err := yaml.Unmarshal(data, &config); err != nil { if err := yaml.Unmarshal(data, &config); err != nil {
logging.Get().Error().Err(err).Msg("Failed to parse config file") log.Err(err).Msg("Failed to parse config file")
return nil return nil
} }
// 如果config.DBConfig为nil,则使用默认值 // 如果config.DBConfig为nil,则使用默认值
......
cmd/main.go
View file @ c6e2b206
...@@ -4,7 +4,7 @@ import ( ...@@ -4,7 +4,7 @@ import (
"os" "os"
"github.com/rs/zerolog" "github.com/rs/zerolog"
"gitlab.com/security-rd/go-pkg/logging" "github.com/rs/zerolog/log"
"gitlab.com/tensorsecurity-rd/waf-console/cmd/app" "gitlab.com/tensorsecurity-rd/waf-console/cmd/app"
) )
...@@ -14,14 +14,13 @@ const ( ...@@ -14,14 +14,13 @@ const (
) )
func main() { func main() {
logLevel := zerolog.InfoLevel
logging.Get().SetLevel(logLevel) zerolog.SetGlobalLevel(zerolog.InfoLevel)
logging.Get().Info().Msg("starting gateway") log.Info().Msg("starting gateway")
rootCmd := app.NewRootCommand() rootCmd := app.NewRootCommand()
if err := rootCmd.Execute(); err != nil { if err := rootCmd.Execute(); err != nil {
logging.Get().Err(err) log.Err(err)
os.Exit(-1) os.Exit(-1)
} }
} }
go.mod
View file @ c6e2b206
...@@ -4,7 +4,6 @@ go 1.20 ...@@ -4,7 +4,6 @@ go 1.20
require ( require (
github.com/gin-gonic/gin v1.10.0 github.com/gin-gonic/gin v1.10.0
gitlab.com/security-rd/go-pkg v0.2.5
gorm.io/driver/mysql v1.5.0 gorm.io/driver/mysql v1.5.0
gorm.io/gorm v1.25.12 gorm.io/gorm v1.25.12
k8s.io/apimachinery v0.27.2 k8s.io/apimachinery v0.27.2
...@@ -53,10 +52,7 @@ require ( ...@@ -53,10 +52,7 @@ require (
sigs.k8s.io/yaml v1.3.0 // indirect sigs.k8s.io/yaml v1.3.0 // indirect
) )
require ( require github.com/inconshreveable/mousetrap v1.1.0 // indirect
github.com/hashicorp/golang-lru/v2 v2.0.7
github.com/inconshreveable/mousetrap v1.1.0 // indirect
)
require ( require (
github.com/bytedance/sonic v1.12.1 // indirect github.com/bytedance/sonic v1.12.1 // indirect
...@@ -89,5 +85,3 @@ require ( ...@@ -89,5 +85,3 @@ require (
golang.org/x/text v0.21.0 // indirect golang.org/x/text v0.21.0 // indirect
google.golang.org/protobuf v1.34.2 // indirect google.golang.org/protobuf v1.34.2 // indirect
) )
replace gitlab.com/security-rd/go-pkg => scm.tensorsecurity.cn/tensorsecurity-rd/go-pkg v0.2.101
go.sum
View file @ c6e2b206
...@@ -108,8 +108,6 @@ github.com/google/uuid v1.1.1/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+ ...@@ -108,8 +108,6 @@ github.com/google/uuid v1.1.1/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+
github.com/google/uuid v1.3.0 h1:t6JiXgmwXMjEs8VusXIJk2BXHsn+wx8BZdTaoZ5fu7I= github.com/google/uuid v1.3.0 h1:t6JiXgmwXMjEs8VusXIJk2BXHsn+wx8BZdTaoZ5fu7I=
github.com/google/uuid v1.3.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= github.com/google/uuid v1.3.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
github.com/googleapis/gnostic v0.4.1/go.mod h1:LRhVm6pbyptWbWbuZ38d1eyptfvIytN3ir6b65WBswg= github.com/googleapis/gnostic v0.4.1/go.mod h1:LRhVm6pbyptWbWbuZ38d1eyptfvIytN3ir6b65WBswg=
github.com/hashicorp/golang-lru/v2 v2.0.7 h1:a+bsQ5rvGLjzHuww6tVxozPZFVghXaHOwFs4luLUK2k=
github.com/hashicorp/golang-lru/v2 v2.0.7/go.mod h1:QeFd9opnmA6QUJc5vARoKUSoFhyfM2/ZepoAG6RGpeM=
github.com/inconshreveable/mousetrap v1.1.0 h1:wN+x4NVGpMsO7ErUn/mUI3vEoE6Jt13X2s0bqwp9tc8= github.com/inconshreveable/mousetrap v1.1.0 h1:wN+x4NVGpMsO7ErUn/mUI3vEoE6Jt13X2s0bqwp9tc8=
github.com/inconshreveable/mousetrap v1.1.0/go.mod h1:vpF70FUmC8bwa3OWnCshd2FqLfsEA9PFc4w1p2J65bw= github.com/inconshreveable/mousetrap v1.1.0/go.mod h1:vpF70FUmC8bwa3OWnCshd2FqLfsEA9PFc4w1p2J65bw=
github.com/jinzhu/inflection v1.0.0 h1:K317FqzuhWc8YvSVlFMCCUb36O/S9MCKRDI7QkRKD/E= github.com/jinzhu/inflection v1.0.0 h1:K317FqzuhWc8YvSVlFMCCUb36O/S9MCKRDI7QkRKD/E=
...@@ -354,8 +352,6 @@ k8s.io/kube-openapi v0.0.0-20230501164219-8b0f38b5fd1f/go.mod h1:byini6yhqGC14c3 ...@@ -354,8 +352,6 @@ k8s.io/kube-openapi v0.0.0-20230501164219-8b0f38b5fd1f/go.mod h1:byini6yhqGC14c3
k8s.io/utils v0.0.0-20230505201702-9f6742963106 h1:EObNQ3TW2D+WptiYXlApGNLVy0zm/JIBVY9i+M4wpAU= k8s.io/utils v0.0.0-20230505201702-9f6742963106 h1:EObNQ3TW2D+WptiYXlApGNLVy0zm/JIBVY9i+M4wpAU=
k8s.io/utils v0.0.0-20230505201702-9f6742963106/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= k8s.io/utils v0.0.0-20230505201702-9f6742963106/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0=
nullprogram.com/x/optparse v1.0.0/go.mod h1:KdyPE+Igbe0jQUrVfMqDMeJQIJZEuyV7pjYmp6pbG50= nullprogram.com/x/optparse v1.0.0/go.mod h1:KdyPE+Igbe0jQUrVfMqDMeJQIJZEuyV7pjYmp6pbG50=
scm.tensorsecurity.cn/tensorsecurity-rd/go-pkg v0.2.101 h1:fmZdjUOeCwXnGRsq4cmaIbJCT+FIfjZkUJR6My2sJ3A=
scm.tensorsecurity.cn/tensorsecurity-rd/go-pkg v0.2.101/go.mod h1:7iA3d/FiV1buGqWtcrcSH1/wlT7DNQpMmxzBtq3/zbY=
sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd h1:EDPBXCAspyGV4jQlpZSudPeMmr1bNJefnuqLsRAsHZo= sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd h1:EDPBXCAspyGV4jQlpZSudPeMmr1bNJefnuqLsRAsHZo=
sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd/go.mod h1:B8JuhiUyNFVKdsE8h686QcCxMaH6HrOAZj4vswFpcB0= sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd/go.mod h1:B8JuhiUyNFVKdsE8h686QcCxMaH6HrOAZj4vswFpcB0=
sigs.k8s.io/structured-merge-diff/v4 v4.0.2/go.mod h1:bJZC9H9iH24zzfZ/41RGcq60oK1F7G282QMXDPYydCw= sigs.k8s.io/structured-merge-diff/v4 v4.0.2/go.mod h1:bJZC9H9iH24zzfZ/41RGcq60oK1F7G282QMXDPYydCw=
......
internal/service/ipinfo.go deleted 100644 → 0
View file @ 246f8768
package service
import (
"encoding/json"
"fmt"
"io"
"net/http"
"strconv"
"strings"
"time"
"github.com/hashicorp/golang-lru/v2/expirable"
"gitlab.com/security-rd/go-pkg/logging"
"gitlab.com/tensorsecurity-rd/waf-console/internal/model"
)
var fakeData = `
{
"data": {
"87.236.176.199": {
"samples": [],
"tags_classes": [],
"judgments": [
"Scanner",
"Zombie",
"Dynamic IP",
"Spam"
],
"intelligences": {
"threatbook_lab": [
{
"source": "ThreatBook Labs",
"confidence": 75,
"expired": false,
"intel_tags": [],
"find_time": "2023-02-27 12:52:17",
"intel_types": [
"Spam"
],
"update_time": "2024-08-18 17:04:49"
},
{
"source": "ThreatBook Labs",
"confidence": 80,
"expired": false,
"intel_tags": [],
"find_time": "2023-02-27 12:14:00",
"intel_types": [
"Dynamic IP"
],
"update_time": "2023-02-27 12:14:00"
},
{
"source": "ThreatBook Labs",
"confidence": 75,
"expired": false,
"intel_tags": [],
"find_time": "2022-09-19 03:38:38",
"intel_types": [
"Scanner"
],
"update_time": "2024-08-22 10:40:46"
},
{
"source": "ThreatBook Labs",
"confidence": 85,
"expired": false,
"intel_tags": [],
"find_time": "2022-09-17 09:00:13",
"intel_types": [
"Spam"
],
"update_time": "2024-08-15 09:00:12"
},
{
"source": "ThreatBook Labs",
"confidence": 75,
"expired": false,
"intel_tags": [],
"find_time": "2022-09-16 11:16:41",
"intel_types": [
"Zombie"
],
"update_time": "2023-07-05 12:34:57"
},
{
"source": "ThreatBook Labs",
"confidence": 75,
"expired": true,
"intel_tags": [],
"find_time": "2023-05-10 19:58:16",
"intel_types": [
"Scanner"
],
"update_time": "2023-06-21 03:23:22"
},
{
"source": "ThreatBook Labs",
"confidence": 85,
"expired": true,
"intel_tags": [],
"find_time": "2023-02-27 12:23:46",
"intel_types": [
"Spam",
"Zombie"
],
"update_time": "2024-07-20 18:35:32"
},
{
"source": "ThreatBook Labs",
"confidence": 75,
"expired": true,
"intel_tags": [],
"find_time": "2022-10-15 12:42:35",
"intel_types": [
"Scanner"
],
"update_time": "2022-10-22 09:11:17"
}
],
"x_reward": [],
"open_source": [
{
"source": "Open Source ",
"confidence": 50,
"expired": false,
"intel_tags": [],
"find_time": "2024-06-05 15:47:36",
"intel_types": [
"Malware"
],
"update_time": "2024-06-06 09:23:14"
},
{
"source": "Open Source ",
"confidence": 65,
"expired": false,
"intel_tags": [],
"find_time": "2024-03-05 06:00:51",
"intel_types": [
"Suspicious"
],
"update_time": "2024-08-14 04:17:28"
},
{
"source": "Open Source ",
"confidence": 65,
"expired": false,
"intel_tags": [],
"find_time": "2023-12-03 09:31:12",
"intel_types": [
"Suspicious"
],
"update_time": "2024-08-23 02:52:17"
},
{
"source": "Open Source ",
"confidence": 65,
"expired": false,
"intel_tags": [],
"find_time": "2023-12-02 11:11:32",
"intel_types": [
"Suspicious"
],
"update_time": "2024-08-22 03:06:20"
},
{
"source": "Open Source ",
"confidence": 70,
"expired": false,
"intel_tags": [],
"find_time": "2023-11-29 09:39:12",
"intel_types": [
"Scanner"
],
"update_time": "2024-07-01 06:24:26"
},
{
"source": "cinsscore.com",
"confidence": 50,
"expired": false,
"intel_tags": [],
"find_time": "2023-11-11 02:40:16",
"intel_types": [
"Suspicious"
],
"update_time": "2024-08-10 01:30:20"
},
{
"source": "binarydefense.com",
"confidence": 65,
"expired": false,
"intel_tags": [],
"find_time": "2023-03-17 01:45:16",
"intel_types": [
"Malware"
],
"update_time": "2024-08-22 01:17:11"
},
{
"source": "Open Source ",
"confidence": 65,
"expired": false,
"intel_tags": [],
"find_time": "2023-01-08 19:58:32",
"intel_types": [
"Suspicious"
],
"update_time": "2024-06-11 10:43:24"
},
{
"source": "Open Source ",
"confidence": 65,
"expired": false,
"intel_tags": [],
"find_time": "2022-09-30 02:55:49",
"intel_types": [
"Suspicious"
],
"update_time": "2024-05-18 03:38:29"
},
{
"source": "Open Source ",
"confidence": 65,
"expired": false,
"intel_tags": [],
"find_time": "2022-09-30 00:20:35",
"intel_types": [
"Suspicious"
],
"update_time": "2024-08-05 04:13:24"
},
{
"source": "Open Source ",
"confidence": 65,
"expired": false,
"intel_tags": [],
"find_time": "2022-09-30 00:04:41",
"intel_types": [
"Suspicious"
],
"update_time": "2022-10-05 00:24:23"
},
{
"source": "Open Source ",
"confidence": 65,
"expired": false,
"intel_tags": [],
"find_time": "2022-09-23 18:04:19",
"intel_types": [
"Suspicious"
],
"update_time": "2024-08-06 06:07:27"
},
{
"source": "Open Source ",
"confidence": 65,
"expired": false,
"intel_tags": [],
"find_time": "2022-09-23 18:00:31",
"intel_types": [
"Suspicious"
],
"update_time": "2024-08-06 06:08:33"
},
{
"source": "blocklist.de",
"confidence": 55,
"expired": false,
"intel_tags": [],
"find_time": "2022-09-22 15:57:53",
"intel_types": [
"Scanner"
],
"update_time": "2024-08-06 03:25:56"
},
{
"source": "Open Source ",
"confidence": 55,
"expired": false,
"intel_tags": [],
"find_time": "2022-09-16 14:51:57",
"intel_types": [
"Malware"
],
"update_time": "2024-08-23 15:00:39"
},
{
"source": "Open Source ",
"confidence": 50,
"expired": true,
"intel_tags": [],
"find_time": "2024-01-20 01:33:37",
"intel_types": [
"Scanner"
],
"update_time": "2024-08-22 01:18:11"
}
]
},
"scene": "",
"basic": {
"carrier": "Constantine Cybersecurity Ltd.",
"location": {
"country": "United Kingdom",
"province": "England",
"city": "Leeds",
"lng": "-1.549557",
"lat": "53.800302",
"country_code": "GB"
}
},
"asn": {
"rank": 4,
"info": "ITECOM-ASN, NL",
"number": 29529
},
"ports": [
{
"port": 80,
"module": "http",
"product": "",
"version": "",
"detail": ""
},
{
"port": 443,
"module": "https",
"product": "",
"version": "",
"detail": ""
}
],
"cas": [
{
"protocol": "https",
"port": 443,
"digital_certificate": {
"subject": "CloudFlare Origin Certificate",
"issuer": "",
"fingerprint": "857b7363019f1bf550375d56fa1f483ffb72bdef",
"purpose": "SSL client|SSL server|Netscape SSL server|Any Purpose|Any Purpose CA|OCSP helper",
"verify": "SHA256withECDSA",
"status": "0",
"revoked": false,
"begin": "2021-07-19 18:53:00",
"end": "2036-07-15 18:53:00",
"status_desc": "Valid",
"serial_number": "738a81454f135c291ee8b3264243964d29dba125",
"revoked_time": ""
}
}
],
"update_time": "2024-08-22 10:40:46",
"rdns_list": [
{
"rdns": "keen.monitoring.internet-measurement.com",
"get_time": "2023-12-12 00:00:00"
}
],
"sum_cur_domains": "3"
}
},
"response_code": 0,
"verbose_msg": "OK"
}`
const ipReputation = "https://api.threatbook.cn/v3/scene/ip_reputation"
const ipQuery = "https://api.threatbook.cn/v3/ip/query"
type ipService struct {
URL string
ApiKey string
ipQueryUrl string
ipReputationUrl string
// ipInfoMap map[string]IpInfo
useCachedIPInfo bool
ipInfoCache *expirable.LRU[string, IpInfo]
}
// func NewIpService(url, apiKey string, useCachedIPInfo bool) Service {
// return &ipService{
// URL: url,
// ApiKey: apiKey,
// ipQueryUrl: fmt.Sprintf("%s?apikey=%s&resource=", ipQuery, apiKey),
// ipReputationUrl: fmt.Sprintf("%s?apikey=%s&resource=", ipReputation, apiKey),
// // ipInfoMap: make(map[string]IpInfo),
// ipInfoCache: expirable.NewLRU[string, IpInfo](2048, nil, time.Minute*30),
// useCachedIPInfo: useCachedIPInfo,
// }
// }
func toModel(info *IpInfo) *model.IPInfo {
if info == nil {
return nil
}
sumCurDomains, err := strconv.Atoi(info.SumCurDomains)
if err != nil {
logging.Get().Err(err).Msgf("parse SumCurDomains: %s", info.SumCurDomains)
}
lon, err := strconv.ParseFloat(info.Basic.Location.Longitude, 32)
if err != nil {
logging.Get().Err(err).Msgf("parse Longitude: %s", info.Basic.Location.Longitude)
}
lat, err := strconv.ParseFloat(info.Basic.Location.Latitude, 32)
if err != nil {
logging.Get().Err(err).Msgf("parse Longitude: %s", info.Basic.Location.Latitude)
}
ipInfo := &model.IPInfo{
Carrier: info.Basic.Carrier,
Location: model.Location{
Country: info.Basic.Location.Country,
CountryCode: info.Basic.Location.CountryCode,
Province: info.Basic.Location.Province,
City: info.Basic.Location.City,
Longitude: lon,
Latitude: lat,
},
OSSIntelligences: []model.Intelligence{},
OnlineIntelligences: []model.Intelligence{},
Ports: []model.Port{},
Samples: []model.Sample{},
Cas: []model.CAS{},
Rdnses: []model.RDNS{},
Scene: info.Scene,
SumCurDomains: sumCurDomains,
TagsClasses: []model.TagsClass{},
Asn: model.ASN{
Number: info.ASN.Number,
Info: info.ASN.Info,
RiskRank: info.ASN.Rank,
},
Judgments: []string{},
}
if len(info.Judgments) > 0 {
ipInfo.Judgments = append(ipInfo.Judgments, info.Judgments...)
}
for _, intell := range info.Intelligences.OpenSource {
findTime, err := time.Parse("2006-01-02 15:04:05", intell.FindTime)
if err != nil {
logging.Get().Err(err).Msgf("FindTime :%s", intell.FindTime)
}
updateTime, err := time.Parse("2006-01-02 15:04:05", intell.UpdateTime)
if err != nil {
logging.Get().Err(err).Msgf("UpdateTime :%s", intell.UpdateTime)
}
intelTags := []model.TagsClass{}
for _, tag := range intell.IntelTags {
intelTags = append(intelTags, model.TagsClass{
TagsType: tag.TagsType,
Tags: strings.Join(tag.Tags, ","),
})
}
ipInfo.OSSIntelligences = append(ipInfo.OSSIntelligences, model.Intelligence{
Source: intell.Source,
FindTime: findTime.UnixMilli(),
UpdateTime: updateTime.UnixMilli(),
Confidence: intell.Confidence,
Expired: intell.Expired,
IntelTypes: intell.IntelTypes,
IntelTags: intelTags,
})
}
for _, intell := range info.Intelligences.ThreatbookLab {
findTime, err := time.Parse("2006-01-02 15:04:05", intell.FindTime)
if err != nil {
logging.Get().Err(err).Msgf("FindTime :%s", intell.FindTime)
}
updateTime, err := time.Parse("2006-01-02 15:04:05", intell.UpdateTime)
if err != nil {
logging.Get().Err(err).Msgf("UpdateTime :%s", intell.UpdateTime)
}
intelTags := []model.TagsClass{}
for _, tag := range intell.IntelTags {
intelTags = append(intelTags, model.TagsClass{
TagsType: tag.TagsType,
Tags: strings.Join(tag.Tags, ","),
})
}
ipInfo.OnlineIntelligences = append(ipInfo.OnlineIntelligences, model.Intelligence{
Source: intell.Source,
FindTime: findTime.UnixMilli(),
UpdateTime: updateTime.UnixMilli(),
Confidence: intell.Confidence,
Expired: intell.Expired,
IntelTypes: intell.IntelTypes,
IntelTags: intelTags,
})
}
for _, port := range info.Ports {
ipInfo.Ports = append(ipInfo.Ports, model.Port{
Port: int16(port.Port),
Module: port.Module,
Product: port.Product,
Version: port.Version,
Detail: port.Detail,
})
}
for _, sample := range info.Samples {
scanTime, err := time.Parse("2006-01-02 15:04:05", sample.ScanTime)
if err != nil {
logging.Get().Err(err).Msgf("scanTime :%s", sample.ScanTime)
}
ipInfo.Samples = append(ipInfo.Samples, model.Sample{
Hash: sample.Hash,
ScanTime: scanTime.UnixMilli(),
Ratio: sample.Ratio,
MalwareType: sample.MalwareType,
MalwareFamily: sample.MalwareFamily,
})
}
for _, cas := range info.CAS {
ipInfo.Cas = append(ipInfo.Cas, model.CAS{
Protocol: cas.Protocol,
Port: cas.Port,
Period: cas.Period,
DigitalCertificate: model.Certificate{
Subject: cas.DigitalCertificate.Subject,
Issuer: cas.DigitalCertificate.Issuer,
Fingerprint: cas.DigitalCertificate.Fingerprint,
Purpose: cas.DigitalCertificate.Purpose,
Verify: cas.DigitalCertificate.Verify,
Status: cas.DigitalCertificate.Status,
Revoked: cas.DigitalCertificate.Revoked,
Begin: cas.DigitalCertificate.Begin,
End: cas.DigitalCertificate.End,
StatusDesc: cas.DigitalCertificate.StatusDesc,
SerialNumber: cas.DigitalCertificate.SerialNumber,
RevokedTime: cas.DigitalCertificate.RevokedTime,
},
})
}
for _, dns := range info.RDNSList {
ipInfo.Rdnses = append(ipInfo.Rdnses, model.RDNS{
RDNS: dns.RDNS,
GetTime: dns.GetTime,
})
}
for _, tagclass := range info.TagsClasses {
ipInfo.TagsClasses = append(ipInfo.TagsClasses, model.TagsClass{
TagsType: tagclass.TagsType,
Tags: strings.Join(tagclass.Tags, ","),
})
}
return ipInfo
}
func (s *ipService) QueryIP(ip string) (*model.IPInfo, error) {
ipInfo := IpInfo{}
// ipI, ok := s.ipInfoMap[ip]
ipI, ok := s.ipInfoCache.Get(ip)
if ok && s.useCachedIPInfo {
logging.Get().Info().Msg("hit ipinfo cache")
ipInfo = ipI
ipQueryInfo := toModel(&ipInfo)
// isMalicious, _ := s.isMalicious(ip)
// ipQueryInfo.IsMalicious = isMalicious
return ipQueryInfo, nil
} else {
resp, err := http.DefaultClient.Get(s.ipQueryUrl + ip)
if err != nil {
return nil, err
}
data, err := io.ReadAll(resp.Body)
if err != nil {
return nil, err
}
logging.Get().Info().Msg(string(data))
var respData RespData
err = json.Unmarshal([]byte(data), &respData)
if err != nil {
return nil, err
}
if respData.ResponseCode != 0 {
return nil, fmt.Errorf("error occurs: %s", respData.VerboseMsg)
}
if info, ok := respData.Data[ip]; ok {
d, err := info.MarshalJSON()
if err != nil {
return nil, err
}
err = json.Unmarshal(d, &ipInfo)
if err != nil {
return nil, err
}
if s.useCachedIPInfo {
// s.ipInfoMap[ip] = ipInfo
s.ipInfoCache.Add(ip, ipInfo)
}
ipQueryInfo := toModel(&ipInfo)
isMalicious, _ := s.isMalicious(ip)
ipQueryInfo.IsMalicious = isMalicious
return ipQueryInfo, nil
}
}
return &model.IPInfo{}, nil
}
func (s *ipService) isMalicious(ip string) (bool, error) {
resp, err := http.DefaultClient.Get(s.ipReputationUrl + ip)
if err != nil {
return false, err
}
data, err := io.ReadAll(resp.Body)
if err != nil {
return false, err
}
logging.Get().Info().Msg(string(data))
// fmt.Println(string(data))
var respData RespData
err = json.Unmarshal([]byte(data), &respData)
if err != nil {
return false, err
}
if reputation, ok := respData.Data[ip]; ok {
var rep Reputation
d, err := reputation.MarshalJSON()
if err != nil {
return false, err
}
err = json.Unmarshal(d, &rep)
if err != nil {
return false, err
}
return rep.IsMalicious, nil
}
return false, nil
}
internal/service/ipinfo_private.go deleted 100644 → 0
View file @ 246f8768
package service
import (
"encoding/json"
"fmt"
"io"
"net/http"
"strconv"
"gitlab.com/tensorsecurity-rd/waf-console/internal/model"
)
var fakePrivateData = `{
"data": [
{
"ioc": "159.203.93.255",
"host": "10.65.135.204",
"intelligence": [
{
"judgments": [
"Exploit"
],
"severity": "low",
"ban": {
"banned": 1,
"reason": "The IP address belongs to DigitalOcean, LLC, it is recommended to assess and handle it accordingly."
},
"basic": {
"carrier": "DigitalOcean, LLC",
"location": {
"country": "美国",
"country_code": "US",
"province": "新泽西州",
"city": "克利夫顿",
"lng": -74.16366,
"lat": 40.858402
}
},
"asn": {
"number": "14061",
"info": "DIGITALOCEAN-ASN - DigitalOcean, LLC, US"
},
"ioc_type": "ipv4",
"confidence_level": "low",
"is_malicious": true,
"source_name": "微步在线-IP信誉",
"update_time": 1719268503000
}
]
}
],
"response_code": 0,
"verbose_msg": "success"
}`
type ipServicePrivate struct {
URL string
ApiKey string
// ipQueryUrl string
ipReputationUrl string
// ipInfoMap map[string]IpInfo
// useCachedIPInfo bool
// ipInfoCache *expirable.LRU[string, IPInfoPrivate]
}
// func NewIpServicePrivate(url, apiKey string, useCachedIPInfo bool) Service {
// var ipReputationUrl string
// reputationUrl := os.Getenv("IP_REPUTATION_URL")
// logging.Get().Info().Msgf("reputationUrl: %s", reputationUrl)
// if reputationUrl != "" {
// ipReputationUrl = reputationUrl
// } else {
// ipReputationUrl = fmt.Sprintf("%s?apikey=%s&resource=", ipReputation, apiKey)
// }
// logging.Get().Info().Msgf("ipReputationUrl: %s", ipReputationUrl)
// return &ipServicePrivate{
// URL: url,
// ApiKey: apiKey,
// ipReputationUrl: ipReputationUrl,
// }
// }
func (s *ipServicePrivate) QueryIP(ip string) (*model.IPInfo, error) {
url := s.ipReputationUrl + ip
respData, err := http.DefaultClient.Get(url)
if err != nil {
return nil, err
}
defer respData.Body.Close()
body, err := io.ReadAll(respData.Body)
if err != nil {
return nil, fmt.Errorf("query ip info failed: %w", err)
}
var resp IPInfoPrivateResp
if err := json.Unmarshal(body, &resp); err != nil {
return nil, fmt.Errorf("unmarshal response failed: %w", err)
}
if len(resp.Data) == 0 || len(resp.Data[0].Intelligence) == 0 {
return nil, fmt.Errorf("no data found for ip %s", ip)
}
info := resp.Data[0].Intelligence[0]
tagsClasses := make([]model.TagsClass, 0, 5)
for k, v := range info.TagsClasses {
for _, tag := range v {
tagsClasses = append(tagsClasses, model.TagsClass{
TagsType: k,
Tags: tag,
})
}
}
return &model.IPInfo{
Carrier: info.Basic.Carrier,
Location: model.Location{
Country: info.Basic.Location.Country,
CountryCode: info.Basic.Location.CountryCode,
Province: info.Basic.Location.Province,
City: info.Basic.Location.City,
Longitude: info.Basic.Location.Longitude,
Latitude: info.Basic.Location.Latitude,
},
Asn: model.ASN{
Number: func() int { n, _ := strconv.Atoi(info.ASN.Number); return n }(),
Info: info.ASN.Info,
},
Scene: info.Scene,
IsMalicious: info.IsMalicious,
Judgments: info.Judgments,
TagsClasses: tagsClasses,
}, nil
}
internal/service/ipinfo_test.go deleted 100644 → 0
View file @ 246f8768
package service
import (
"encoding/json"
"fmt"
"reflect"
"testing"
"gitlab.com/tensorsecurity-rd/waf-console/internal/model"
)
func TestIPService_QueryIP(t *testing.T) {
type fields struct {
URL string
ApiKey string
}
type args struct {
ip string
}
tests := []struct {
name string
fields fields
args args
want *model.IPInfo
wantErr bool
}{
// TODO: Add test cases.
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
s := &ipService{
URL: tt.fields.URL,
ApiKey: tt.fields.ApiKey,
}
got, err := s.QueryIP(tt.args.ip)
if (err != nil) != tt.wantErr {
t.Errorf("IPService.QueryIP() error = %v, wantErr %v", err, tt.wantErr)
return
}
if !reflect.DeepEqual(got, tt.want) {
t.Errorf("IPService.QueryIP() = %v, want %v", got, tt.want)
}
})
}
}
func TestParseIPInfo(t *testing.T) {
t.Run("test 1", func(t *testing.T) {
var respData RespData
err := json.Unmarshal([]byte(fakeData), &respData)
if err != nil {
t.Errorf("Unmarshal err %v", err)
}
if info, ok := respData.Data["87.236.176.199"]; ok {
var ipInfo IpInfo
d, err := info.MarshalJSON()
if err != nil {
t.Error(err)
}
err = json.Unmarshal(d, &ipInfo)
if err != nil {
t.Error(err)
}
fmt.Println(ipInfo.Judgments)
}
fmt.Println("ddddd")
})
}
func TestParseIPInfoPrivate(t *testing.T) {
t.Run("test 1", func(t *testing.T) {
var respData IPInfoPrivateResp
err := json.Unmarshal([]byte(fakePrivateData), &respData)
if err != nil {
t.Errorf("Unmarshal err %v", err)
}
if len(respData.Data) > 0 {
for _, v := range respData.Data {
fmt.Println(v)
}
}
fmt.Println("ddddd")
})
}
internal/utils/util.go
View file @ c6e2b206
...@@ -4,7 +4,7 @@ import ( ...@@ -4,7 +4,7 @@ import (
"net/http" "net/http"
"github.com/gin-gonic/gin" "github.com/gin-gonic/gin"
"gitlab.com/security-rd/go-pkg/logging" "github.com/rs/zerolog/log"
) )
const APIVersion = "v1" const APIVersion = "v1"
...@@ -12,7 +12,7 @@ const APIVersion = "v1" ...@@ -12,7 +12,7 @@ const APIVersion = "v1"
func AssembleResponse(c *gin.Context, data interface{}, err error, opts ...ResponseDataOptionFunc) { func AssembleResponse(c *gin.Context, data interface{}, err error, opts ...ResponseDataOptionFunc) {
code := http.StatusOK code := http.StatusOK
if err != nil { if err != nil {
logging.Get().Err(err) log.Error().Err(err)
code = http.StatusInternalServerError code = http.StatusInternalServerError
c.JSON(code, FailResponse{ c.JSON(code, FailResponse{
APIVersion: APIVersion, APIVersion: APIVersion,
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment