New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add logger-handler to firewall #151
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
add please saving state on changes
reloading forbidden queries now can wait
firewall/firewall_test.go
Outdated
loggingHandler.MarkQueryAsForbidden(testQueries[1]) | ||
loggingHandler.MarkQueryAsForbidden(testQueries[2]) | ||
|
||
blacklist.AddQueries(loggingHandler.GetForbiddenQueries()) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
great
firewall/handlers/logging_handler.go
Outdated
"encoding/json" | ||
) | ||
|
||
type LoggingHandler struct { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
what about to add filepath
field and NewLoggingHandler
function that will return new handler with loaded queries from file?
firewall/handlers/logging_handler.go
Outdated
queryInfo := &QueryInfo{} | ||
queryInfo.rawQuery = query | ||
queryInfo.isForbidden = false | ||
handler.Queries = append(handler.Queries, *queryInfo) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
will be better to save new queries to file to commit current state of handler
firewall/handlers/logging_handler.go
Outdated
func (handler *LoggingHandler) MarkQueryAsForbidden(query string) { | ||
for index, queryInfo := range handler.Queries { | ||
if strings.EqualFold(query, queryInfo.rawQuery) { | ||
handler.Queries[index].isForbidden = true |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
here will be good too to save new state to file
firewall/handlers/logging_handler.go
Outdated
func (handler *LoggingHandler) GetAllInputQueries() []string{ | ||
var queries []string | ||
for _, queryInfo := range handler.Queries { | ||
queries = append(queries, queryInfo.rawQuery) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
in a future would be great to check file update on new queries and if file was updated reload and return new values
it will be useful when separate instance of webui will add changes and acraserver's handler should update too without restarting
cmd/acraserver/config.go
Outdated
func (config *Config) SetFirewall(fw firewall.FirewallInterface) { | ||
config.firewall = fw | ||
func (config *Config) SetFirewall(censorConfigPath string) error { | ||
firewall := &firewall.Firewall{} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
better to assign one time config.firewall = &firewall.Firewall{}
instead 5 extra lines
firewall/handlers/logging_handler.go
Outdated
handler.Queries[index].IsForbidden = true | ||
} | ||
} | ||
handler.Serialize() |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
what if error?
firewall/handlers/logging_handler.go
Outdated
|
||
func (handler *LoggingHandler) Serialize() error { | ||
jsonFile, err := json.Marshal(handler.Queries) | ||
err = ioutil.WriteFile(handler.filePath, jsonFile, 0600) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
you can return result because it err itself
firewall/handlers/logging_handler.go
Outdated
if err != nil { | ||
return err | ||
} | ||
json.Unmarshal(bufferBytes, &handler.Queries) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
err := json.Unmarshal(...)
firewall/handlers/logging_handler.go
Outdated
return err | ||
} | ||
json.Unmarshal(bufferBytes, &handler.Queries) | ||
if err != nil { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
here you check ReadFile call
Please add info log to see if query was allowed/filtered here: And show example of json output |
} | ||
|
||
func (acraCensor *AcraCensor) HandleQuery(query string) error { | ||
log.Infof("Censor works") |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
we will receive this log message on every query. which is not very useful, i'd remove it
for _, handler := range acraCensor.handlers { | ||
log.Infof("Handler: %s", handler.GetName()) | ||
if err := handler.CheckQuery(query); err != nil { | ||
return err |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
log.WithFields(log.Fields{"acracensor" : handler.GetName()}).Infof("Forbidden query: %s", query)
func (acraCensor *AcraCensor) HandleQuery(query string) error { | ||
log.Infof("Censor works") | ||
for _, handler := range acraCensor.handlers { | ||
log.Infof("Handler: %s", handler.GetName()) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
i think we should remove this
log.Infof("Handler: %s", handler.GetName()) | ||
if err := handler.CheckQuery(query); err != nil { | ||
return err | ||
} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
log.WithFields(log.Fields{"acracensor" : handler.GetName()}).Infof("Allowed query: %s", query)
cmd/acraserver/config.go
Outdated
@@ -50,7 +51,7 @@ type Config struct { | |||
postgresql bool | |||
configPath string | |||
debug bool | |||
firewall firewall.FirewallInterface | |||
firewall acracensor.AcracensorInterface |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
censor
instead of firewall
?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Agree. Renamed
logging/event_codes.go
Outdated
@@ -52,8 +52,9 @@ const ( | |||
EventCodeErrorCantParseAuthData = 557 | |||
EventCodeErrorCantDumpConfig = 558 | |||
|
|||
// firewall | |||
// acracensor | |||
EventCodeErrorFirewallQueryIsNotAllowed = 560 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
censor instead of firewall?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Agree. Renamed
cmd/acraserver/config.go
Outdated
if err != nil { | ||
return err | ||
} | ||
config.censor = acraCensor |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
unnecessary
func (acraCensor *AcraCensor) HandleQuery(query string) error { | ||
for _, handler := range acraCensor.handlers { | ||
if err := handler.CheckQuery(query); err != nil { | ||
return err |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
log error. will be good to log handler name too
No description provided.