/
utils.go
168 lines (149 loc) · 3.67 KB
/
utils.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
/*************************************************************************
* Copyright 2022 Gravwell, Inc. All rights reserved.
* Contact: <legal@gravwell.io>
*
* This software may be modified and distributed under the terms of the
* BSD 2-clause license. See the LICENSE file for details.
**************************************************************************/
package ingest
import (
crand "crypto/rand"
"crypto/tls"
"encoding/binary"
"errors"
"math/rand"
"net"
"strings"
"sync"
"time"
"unicode"
)
var (
ErrUnderFill = errors.New("short cryptographic buffer read")
ErrBadTagCharacter = errors.New("Bad tag remap character")
)
const (
defaultKeepAliveInterval = 2 * time.Second
)
// The implementation of this is actually in the Go stdlib, it's just not exported
// See math/rand/rand.go in the Go source tree.
type LockedSource struct {
lk sync.Mutex
src rand.Source
}
func NewLockedSource(src rand.Source) rand.Source {
return &LockedSource{src: src}
}
func (r *LockedSource) Int63() (n int64) {
r.lk.Lock()
n = r.src.Int63()
r.lk.Unlock()
return
}
func (r *LockedSource) Seed(seed int64) {
r.lk.Lock()
r.src.Seed(seed)
r.lk.Unlock()
}
func NewRNG() (*rand.Rand, error) {
seed, err := SecureSeed()
if err != nil {
return nil, err
}
return rand.New(NewLockedSource(rand.NewSource(seed))), nil
}
func NewInsecureRNG() *rand.Rand {
return rand.New(NewLockedSource(rand.NewSource(rand.Int63())))
}
func SecureSeed() (int64, error) {
bts := make([]byte, 8)
if err := cfill(bts); err != nil {
if err = cfill(bts); err != nil {
if err = cfill(bts); err != nil {
return -1, err
}
}
}
return int64(binary.LittleEndian.Uint64(bts)), nil
}
func cfill(v []byte) error {
if n, err := crand.Read(v); err != nil {
return err
} else if n != len(v) {
return ErrUnderFill
}
return nil
}
func isBadTagChar(r rune) bool {
if !unicode.IsPrint(r) || unicode.IsControl(r) || unicode.IsSpace(r) {
return true
}
//check specific restricted characters
switch r {
case '"', '\'', '`', 0xb4, 0x2018, 0x2019, 0x201c, 0x201d: //all the quote characters
return true
case '!', '*', ',', '^', '|', '$', '@', '\\', '/', '.', '<', '>', '{', '}', '[', ']':
return true
}
return false
}
// CheckTag takes a tag name and returns an error if it contains any
// characters which are not allowed in tags.
func CheckTag(tag string) error {
if tag = strings.TrimSpace(tag); len(tag) == 0 {
return ErrEmptyTag
} else if len(tag) > MAX_TAG_LENGTH {
return ErrOversizedTag
}
for _, rn := range tag {
if isBadTagChar(rn) {
return ErrForbiddenTag
}
}
return nil
}
// RemapTag takes a proposed tag string and remaps any forbidden characters to the provided character.
// err is set if the rchar is forbidden or the resulting tag is not valid.
func RemapTag(tag string, rchar rune) (rtag string, err error) {
if isBadTagChar(rchar) {
err = ErrBadTagCharacter
return
}
if tag = strings.TrimSpace(tag); len(tag) == 0 {
err = ErrEmptyTag
return
} else if len(tag) > MAX_TAG_LENGTH {
err = ErrOversizedTag
return
}
f := func(r rune) rune {
if isBadTagChar(r) {
return rchar
}
return r
}
rtag = strings.Map(f, tag)
return
}
// EnableTCPKeepAlive enables TCP KeepAlive on the given connection,
// if it's a compatible connection type. If it is not, no action is
// taken.
func EnableKeepAlive(c net.Conn, period time.Duration) {
if c == nil {
return //ok...
}
if period <= 0 {
period = defaultKeepAliveInterval
}
switch v := c.(type) {
case *net.TCPConn:
v.SetKeepAlive(true)
v.SetKeepAlivePeriod(period)
case *tls.Conn:
nc := v.NetConn()
if tc, ok := nc.(*net.TCPConn); ok {
tc.SetKeepAlive(true)
tc.SetKeepAlivePeriod(period)
}
}
}