-
Notifications
You must be signed in to change notification settings - Fork 363
/
blacklist-dest-ips.go
50 lines (44 loc) · 1.29 KB
/
blacklist-dest-ips.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
package crossref
import (
"github.com/activecm/rita/datatypes/blacklist"
"github.com/activecm/rita/datatypes/structure"
"github.com/activecm/rita/resources"
"github.com/globalsign/mgo/bson"
)
type (
//BLDestIPSelector implements the XRefSelector interface for blacklisted destination ips
BLDestIPSelector struct{}
)
//GetName returns "bl-dest-ips"
func (s BLDestIPSelector) GetName() string {
return "bl-dest-ip"
}
//Select selects blacklisted dest ips for XRef analysis
func (s BLDestIPSelector) Select(res *resources.Resources) (<-chan string, <-chan string) {
// make channels to return
sourceHosts := make(chan string)
destHosts := make(chan string)
// run the read code async and return the channels immediately
go func() {
ssn := res.DB.Session.Copy()
defer ssn.Close()
var blIPs []blacklist.BlacklistedIP
ssn.DB(res.DB.GetSelectedDB()).
C(res.Config.T.Blacklisted.DestIPsTable).
Find(nil).All(&blIPs)
for _, ip := range blIPs {
var connected []structure.UniqueConnection
ssn.DB(res.DB.GetSelectedDB()).
C(res.Config.T.Structure.UniqueConnTable).Find(
bson.M{"dst": ip.IP},
).All(&connected)
for _, uconn := range connected {
sourceHosts <- uconn.Src
}
destHosts <- ip.IP
}
close(sourceHosts)
close(destHosts)
}()
return sourceHosts, destHosts
}