This commit is contained in:
crusader 2018-09-03 15:42:56 +09:00
parent 4ae2561045
commit 6ce87348ba
27 changed files with 127 additions and 106 deletions

15
Gopkg.lock generated
View File

@ -1,20 +1,11 @@
# This file is autogenerated, do not edit; changes may be undone by the next 'dep ensure'.
[[projects]]
branch = "master"
name = "git.loafle.net/overflow/service_matcher-go"
packages = [
".",
"snmp"
]
revision = "a804b4824f2e65ab70a706ae62aa452b6f4fb9b6"
[[projects]]
name = "github.com/davecgh/go-spew"
packages = ["spew"]
revision = "346938d642f2ec3594ed81d874461961cd0faa76"
version = "v1.1.0"
revision = "8991bc29aa16c548c550c7ff78260e27b9ab7c73"
version = "v1.1.1"
[[projects]]
name = "github.com/pmezard/go-difflib"
@ -37,6 +28,6 @@
[solve-meta]
analyzer-name = "dep"
analyzer-version = 1
inputs-digest = "e411f01b744d615451da86fca1cda7559ac20eb10b59f76fe97f185639b1a788"
inputs-digest = "ec738887f78fd05112bc2a2f3b8a899e39749ad1dd11668f687f3ccebe1f3cf6"
solver-name = "gps-cdcl"
solver-version = 1

View File

@ -1,6 +1,6 @@
# Gopkg.toml example
#
# Refer to https://golang.github.io/dep/docs/Gopkg.toml.html
# Refer to https://github.com/golang/dep/blob/master/docs/Gopkg.toml.md
# for detailed Gopkg.toml documentation.
#
# required = ["github.com/user/thing/cmd/thing"]
@ -25,10 +25,6 @@
# unused-packages = true
[[constraint]]
branch = "master"
name = "git.loafle.net/overflow/service_matcher-go"
[[constraint]]
name = "github.com/stretchr/testify"
version = "1.2.2"

View File

@ -195,12 +195,12 @@ func (m *ActiveDirectoryMatcher) IsError(info osm.MatchInfo, index int, packet *
func (m *ActiveDirectoryMatcher) Match(info osm.MatchInfo, index int, packet *osm.Packet) error {
if packet == nil || packet.Buffer == nil || packet.Len == 0 {
if packet == nil || !packet.Valid() {
return osm.NoPacketReceivedError()
}
buf := new(bytes.Buffer)
buf.Write(packet.Buffer)
buf.Write(packet.Bytes())
adRecv := AD_RECV{}

View File

@ -45,12 +45,12 @@ func (m *CassandraMatcher) IsError(info osm.MatchInfo, index int, packet *osm.Pa
func (m *CassandraMatcher) Match(info osm.MatchInfo, index int, packet *osm.Packet) error {
if packet == nil || packet.Buffer == nil || packet.Len == 0 {
if packet == nil || !packet.Valid() {
return osm.NoPacketReceivedError()
}
reader := new(bytes.Buffer)
reader.Write(packet.Buffer)
reader.Write(packet.Bytes())
c := cassandra{}
if err := binary.Read(reader, binary.BigEndian, &c); err != nil {

View File

@ -45,7 +45,7 @@ func (t *DNSMatcher) Key() string {
return "DNS"
}
func (t *DNSMatcher) String() string {
func (t *DNSMatcher) Name() string {
return "DNS"
}
@ -66,12 +66,12 @@ func (t *DNSMatcher) IsError(info osm.MatchInfo, index int, packet *osm.Packet)
}
func (t *DNSMatcher) Match(info osm.MatchInfo, index int, packet *osm.Packet) error {
if packet == nil || packet.Buffer == nil || packet.Len == 0 {
if packet == nil || !packet.Valid() {
return osm.NoPacketReceivedError()
}
reader := new(bytes.Buffer)
reader.Write(packet.Buffer)
reader.Write(packet.Bytes())
h := Dns_frame_header{}
if err := binary.Read(reader, binary.BigEndian, &h); err != nil {

View File

@ -44,11 +44,11 @@ func (es *ElasticSearchMatcher) IsError(info osm.MatchInfo, index int, packet *o
func (es *ElasticSearchMatcher) Match(info osm.MatchInfo, index int, packet *osm.Packet) error {
if packet == nil || packet.Buffer == nil || packet.Len == 0 {
if packet == nil || !packet.Valid() {
return osm.NoPacketReceivedError()
}
str := string(packet.Buffer)
str := string(packet.Bytes())
hnb := strings.Split(str, "\r\n\r\n")
header := hnb[0]
body := hnb[1]

View File

@ -56,11 +56,11 @@ func (ftp *FTPMatcher) IsError(info osm.MatchInfo, index int, packet *osm.Packet
func (ftp *FTPMatcher) Match(info osm.MatchInfo, index int, packet *osm.Packet) error {
if packet == nil || packet.Buffer == nil || packet.Len == 0 {
if packet == nil || !packet.Valid() {
return osm.NoPacketReceivedError()
}
str := strings.Split(string(packet.Buffer), "\r\n")[0]
str := strings.Split(string(packet.Bytes()), "\r\n")[0]
if len(str) < 4 {
return osm.NotMatchedError()
}

View File

@ -41,11 +41,11 @@ func (h *HTTPMatcher) IsError(info osm.MatchInfo, index int, packet *osm.Packet)
func (h *HTTPMatcher) Match(info osm.MatchInfo, index int, packet *osm.Packet) error {
if packet == nil || packet.Buffer == nil || packet.Len == 0 {
if packet == nil || !packet.Valid() {
return osm.NoPacketReceivedError()
}
str := string(packet.Buffer)
str := string(packet.Bytes())
elems := strings.Split(str, "\r\n")
if len(elems) <= 0 || 9 > len(elems[0]) {

View File

@ -17,10 +17,14 @@ func (i *IMAPMatcher) Key() string {
return "IMAP"
}
func (i *IMAPMatcher) String() string {
func (i *IMAPMatcher) Name() string {
return "IMAP"
}
func (i *IMAPMatcher) Meta() osm.Metadata {
return nil
}
func (i *IMAPMatcher) IsPrePacket() bool {
return true
}
@ -33,40 +37,40 @@ func (i *IMAPMatcher) IsError(info osm.MatchInfo, index int, packet *osm.Packet)
return false
}
func (i *IMAPMatcher) Match(info osm.MatchInfo, index int, packet *osm.Packet) bool {
func (i *IMAPMatcher) Match(info osm.MatchInfo, index int, packet *osm.Packet) error {
switch index {
case 0:
recvStr := string(packet.Buffer)
recvStr := string(packet.Bytes())
if len(recvStr) < 3 {
return false
return osm.NotMatchedError()
}
compareStr := recvStr[0:4]
if compareStr == PRE_COMPARE_STR {
return true
return nil
}
case 1:
recvStr := string(packet.Buffer)
recvStr := string(packet.Bytes())
if len(recvStr) < 5 {
return false
return osm.NotMatchedError()
}
compareStr := recvStr[0:5]
if compareStr == SEND_COMPARE_STR {
return true
return nil
}
}
return false
return osm.NotMatchedError()
}
func NewMatcher() osm.Matcher {

View File

@ -40,10 +40,10 @@ func (l *LDAPMatcher) IsError(info osm.MatchInfo, index int, packet *osm.Packet)
func (l *LDAPMatcher) Match(info osm.MatchInfo, index int, packet *osm.Packet) error {
if packet == nil || packet.Buffer == nil || packet.Len == 0 {
if packet == nil || !packet.Valid() {
return osm.NoPacketReceivedError()
}
p := ber.DecodePacket(packet.Buffer)
p := ber.DecodePacket(packet.Bytes())
if len(p.Children) <= 1 {
return osm.NotMatchedError()

View File

@ -35,7 +35,7 @@ func (l *LPDMatcher) IsError(info osm.MatchInfo, index int, packet *osm.Packet)
func (l *LPDMatcher) Match(info osm.MatchInfo, index int, packet *osm.Packet) error {
if packet == nil || packet.Buffer == nil || packet.Len == 0 {
if packet == nil || !packet.Valid() {
return osm.NoPacketReceivedError()
}

View File

@ -77,12 +77,12 @@ func (m *MongoDBMatcher) IsError(info osm.MatchInfo, index int, packet *osm.Pack
func (m *MongoDBMatcher) Match(info osm.MatchInfo, index int, packet *osm.Packet) error {
if packet == nil || packet.Buffer == nil || packet.Len == 0 {
if packet == nil || !packet.Valid() {
return osm.NoPacketReceivedError()
}
reader := new(bytes.Buffer)
reader.Write(packet.Buffer)
reader.Write(packet.Bytes())
reply := OP_reply{}
if err := binary.Read(reader, binary.LittleEndian, &reply); err != nil {

View File

@ -56,7 +56,7 @@ type serverSettings struct {
}
func (m *MySqlMatcher) Match(info osm.MatchInfo, index int, packet *osm.Packet) error {
if packet == nil || packet.Buffer == nil || packet.Len == 0 {
if packet == nil || !packet.Valid() {
return osm.NoPacketReceivedError()
}

View File

@ -55,12 +55,12 @@ func (t *NBSSMatcher) IsError(info osm.MatchInfo, index int, packet *osm.Packet)
func (t *NBSSMatcher) Match(info osm.MatchInfo, index int, packet *osm.Packet) error {
if packet == nil || packet.Buffer == nil || packet.Len == 0 {
if packet == nil || !packet.Valid() {
return osm.NoPacketReceivedError()
}
reader := new(bytes.Buffer)
reader.Write(packet.Buffer)
reader.Write(packet.Bytes())
n := NBSS{}
if err := binary.Read(reader, binary.LittleEndian, &n); err != nil {
@ -72,7 +72,6 @@ func (t *NBSSMatcher) Match(info osm.MatchInfo, index int, packet *osm.Packet) e
}
return nil
}
func NewMatcher() osm.Matcher {

View File

@ -14,10 +14,14 @@ type OracleMatcher struct {
func (o *OracleMatcher) Key() string {
return "ORACLE"
}
func (o *OracleMatcher) String() string {
func (o *OracleMatcher) Name() string {
return "Oracle"
}
func (o *OracleMatcher) Meta() osm.Metadata {
return nil
}
func (o *OracleMatcher) IsPrePacket() bool {
return false
}
@ -30,17 +34,17 @@ func (o *OracleMatcher) IsError(info osm.MatchInfo, index int, packet *osm.Packe
return false
}
func (o *OracleMatcher) Match(info osm.MatchInfo, index int, packet *osm.Packet) bool {
func (o *OracleMatcher) Match(info osm.MatchInfo, index int, packet *osm.Packet) error {
if packet == nil {
return false
return osm.NotMatchedError()
}
header := header_packet{}
refuse := body_refuse{}
buf := new(bytes.Buffer)
buf.Write(packet.Buffer)
buf.Write(packet.Bytes())
binary.Read(buf, binary.BigEndian, &header)
binary.Read(buf, binary.BigEndian, &refuse)
@ -49,32 +53,32 @@ func (o *OracleMatcher) Match(info osm.MatchInfo, index int, packet *osm.Packet)
//fmt.Println(refuse)
if header.Check_sum != 0 {
return false
return osm.NotMatchedError()
}
if header.Types != 4 {
return false
return osm.NotMatchedError()
}
if header.Reserved_byte != 0 {
return false
return osm.NotMatchedError()
}
if header.Header_sum != 0 {
return false
return osm.NotMatchedError()
}
if refuse.Reason_user != 34 {
return false
return osm.NotMatchedError()
}
if refuse.Reason_system != 0 {
return false
return osm.NotMatchedError()
}
var dataLen int = int(refuse.Data_len)
if dataLen != packet.Len-12 { //
if dataLen != packet.Len-22 { // morformed packet error not user not service
return false
return osm.NotMatchedError()
}
}
return true
return nil
}
func NewMatcher() osm.Matcher {

View File

@ -5,6 +5,20 @@ type Packet struct {
Len int
}
func (p *Packet) Valid() bool {
if nil == p.Buffer || 0 == p.Len {
return false
}
return true
}
func (p *Packet) Bytes() []byte {
if p.Valid() {
return p.Buffer[:p.Len]
}
return nil
}
func NewPacket(buf []byte, len int) *Packet {
return &Packet{
Buffer: buf,

View File

@ -16,10 +16,14 @@ func (p *POPMatcher) Key() string {
return "POP3"
}
func (p *POPMatcher) String() string {
func (p *POPMatcher) Name() string {
return "POP3"
}
func (p *POPMatcher) Meta() osm.Metadata {
return nil
}
func (p *POPMatcher) IsPrePacket() bool {
return true
}
@ -32,27 +36,27 @@ func (p *POPMatcher) IsError(info osm.MatchInfo, index int, packet *osm.Packet)
return false
}
func (p *POPMatcher) Match(info osm.MatchInfo, index int, packet *osm.Packet) bool {
func (p *POPMatcher) Match(info osm.MatchInfo, index int, packet *osm.Packet) error {
switch index {
case 0:
fallthrough
case 1:
recvStr := string(packet.Buffer)
recvStr := string(packet.Bytes())
if len(recvStr) < 3 {
return false
return osm.NotMatchedError()
}
compareStr := recvStr[0:3]
if compareStr == COMPARE_STR {
return true
return nil
}
}
return false
return osm.NotMatchedError()
}
func NewMatcher() osm.Matcher {

View File

@ -68,12 +68,12 @@ func (p *PostgreSQLMatcher) IsError(info osm.MatchInfo, index int, packet *osm.P
func (p *PostgreSQLMatcher) Match(info osm.MatchInfo, index int, packet *osm.Packet) error {
if packet == nil || packet.Buffer == nil || packet.Len == 0 {
if packet == nil || !packet.Valid() {
return osm.NoPacketReceivedError()
}
reader := new(bytes.Buffer)
reader.Write(packet.Buffer)
reader.Write(packet.Bytes())
pg := pgsqlErrResponse{}
if err := binary.Read(reader, binary.BigEndian, &pg); err != nil {

View File

@ -54,11 +54,11 @@ func (r *RedisMatcher) IsError(info osm.MatchInfo, index int, packet *osm.Packet
func (r *RedisMatcher) Match(info osm.MatchInfo, index int, packet *osm.Packet) error {
if packet == nil || packet.Buffer == nil || packet.Len == 0 {
if packet == nil || !packet.Valid() {
return osm.NoPacketReceivedError()
}
resp := strings.Split(string(packet.Buffer), "\r\n")[0]
resp := strings.Split(string(packet.Bytes()), "\r\n")[0]
if len(resp) <= 0 {
return osm.NotMatchedError()
}
@ -87,7 +87,7 @@ func (r *RedisMatcher) Match(info osm.MatchInfo, index int, packet *osm.Packet)
case 1: // INFO
info := string(packet.Buffer)
info := string(packet.Bytes())
if !r.protected {
r.parseInfo(info)
}
@ -109,7 +109,7 @@ func (r *RedisMatcher) checkProtectedMode(packet *osm.Packet) bool {
compareSign = "-"
compareMsg = "DENIED"
)
str := string(packet.Buffer[:packet.Len])
str := string(packet.Bytes())
if str == "" {
return false

View File

@ -57,13 +57,13 @@ func (r *RMIMatcher) IsError(info osm.MatchInfo, index int, packet *osm.Packet)
func (r *RMIMatcher) Match(info osm.MatchInfo, index int, packet *osm.Packet) error {
if packet == nil || packet.Buffer == nil || packet.Len == 0 {
if packet == nil || !packet.Valid() {
return osm.NoPacketReceivedError()
}
rmiRecv := RMI_RECV_MESSAGE{}
buf := bytes.NewReader(packet.Buffer)
buf := bytes.NewReader(packet.Bytes())
binary.Read(buf, binary.BigEndian, &rmiRecv.streamMessage)
binary.Read(buf, binary.BigEndian, &rmiRecv.packetLen)

View File

@ -78,12 +78,12 @@ func (t *SMBMatcher) IsError(info osm.MatchInfo, index int, packet *osm.Packet)
func (t *SMBMatcher) Match(info osm.MatchInfo, index int, packet *osm.Packet) error {
if packet == nil || packet.Buffer == nil || packet.Len == 0 {
if packet == nil || !packet.Valid() {
return osm.NoPacketReceivedError()
}
reader := new(bytes.Buffer)
reader.Write(packet.Buffer)
reader.Write(packet.Bytes())
s := smb{}
if err := binary.Read(reader, binary.BigEndian, &s); err != nil {

View File

@ -14,10 +14,14 @@ func (t *SmtpMatcher) Key() string {
return "SMTP"
}
func (t *SmtpMatcher) String() string {
func (t *SmtpMatcher) Name() string {
return "SMTP"
}
func (t *SmtpMatcher) Meta() osm.Metadata {
return nil
}
func (t *SmtpMatcher) IsPrePacket() bool {
return true
}
@ -30,31 +34,32 @@ func (t *SmtpMatcher) IsError(info osm.MatchInfo, index int, packet *osm.Packet)
return false
}
func (t *SmtpMatcher) Match(info osm.MatchInfo, index int, packet *osm.Packet) bool {
func (t *SmtpMatcher) Match(info osm.MatchInfo, index int, packet *osm.Packet) error {
if packet == nil {
return false
return osm.NoPacketReceivedError()
}
buf := string(packet.Buffer)
buf := string(packet.Bytes())
if len(buf) == 0 || len(buf) < 5 {
return false
return osm.NotMatchedError()
}
splits := strings.Split(buf, "\r\n")
splits = strings.Split(buf, " ")
if index == 0 {
if splits[0] == "220" {
return true
return nil
}
} else if index == 1 {
if splits[0] == "250" {
return true
return nil
}
} else if index == 2 {
if splits[0] == "221" {
return true
return nil
}
}
return false
return osm.NotMatchedError()
}
func NewMatcher() osm.Matcher {

View File

@ -66,7 +66,7 @@ func (s *SNMPMatcher) HasResponse(index int) bool {
func (s *SNMPMatcher) Match(info osm.MatchInfo, index int, packet *osm.Packet) error {
if packet == nil || packet.Buffer == nil || packet.Len == 0 {
if packet == nil || !packet.Valid() {
return osm.NoPacketReceivedError()
}
@ -81,7 +81,7 @@ func (s *SNMPMatcher) Match(info osm.MatchInfo, index int, packet *osm.Packet) e
} `asn1:"tag:2"`
}
if _, err := asn1.Unmarshal(packet.Buffer[0:packet.Len], &p); err != nil {
if _, err := asn1.Unmarshal(packet.Bytes(), &p); err != nil {
return err
}

View File

@ -72,13 +72,17 @@ func (t *SQLServerMatcher) Key() string {
return "SQLSERVER"
}
func (t *SQLServerMatcher) String() string {
func (t *SQLServerMatcher) Name() string {
if t.isSSL {
return "SQL Server (SSL)"
}
return "SQL Server"
}
func (t *SQLServerMatcher) Meta() osm.Metadata {
return nil
}
func (t *SQLServerMatcher) IsPrePacket() bool {
return false
}
@ -91,45 +95,45 @@ func (t *SQLServerMatcher) IsError(info osm.MatchInfo, index int, packet *osm.Pa
return false
}
func (t *SQLServerMatcher) Match(info osm.MatchInfo, index int, packet *osm.Packet) bool {
func (t *SQLServerMatcher) Match(info osm.MatchInfo, index int, packet *osm.Packet) error {
if packet == nil {
return false
return osm.NoPacketReceivedError()
}
reader := new(bytes.Buffer)
reader.Write(packet.Buffer)
reader.Write(packet.Bytes())
m := mssqlResponse{}
if err := binary.Read(reader, binary.BigEndian, &m); err != nil {
return false
return osm.NotMatchedError()
}
if m.Type_ != HEADER_TYPE_RESPONSE {
return false
return osm.NotMatchedError()
}
if m.Length != uint16(packet.Len) {
return false
return osm.NotMatchedError()
}
switch m.PreLoginResp.Msg[m.Length-9 : m.Length-8][0] {
case 0:
return true
return nil
case 1:
t.isSSL = true
return true
return nil
case 2:
return true
return nil
case 3:
t.isSSL = true
return true
return nil
default:
return false
return osm.NotMatchedError()
}
return false
return osm.NotMatchedError()
}

View File

@ -43,13 +43,13 @@ func (ssh *SSHMatcher) IsError(info osm.MatchInfo, index int, packet *osm.Packet
func (ssh *SSHMatcher) Match(info osm.MatchInfo, index int, packet *osm.Packet) error {
if packet == nil || packet.Buffer == nil || packet.Len == 0 {
if packet == nil || !packet.Valid() {
return osm.NoPacketReceivedError()
}
// SSH-protoversion-softwareversion SP comments CR LF
// e.g. ) SSH-2.0-OpenSSH_7.5p1 Ubuntu-10ubuntu0.1\n
scanner := bufio.NewScanner(bytes.NewReader(packet.Buffer))
scanner := bufio.NewScanner(bytes.NewReader(packet.Bytes()))
for scanner.Scan() {
exchange := scanner.Text()

View File

@ -42,14 +42,14 @@ func (tel *TelnetMatcher) IsError(info osm.MatchInfo, index int, packet *osm.Pac
func (tel *TelnetMatcher) Match(info osm.MatchInfo, index int, packet *osm.Packet) error {
if packet == nil || packet.Buffer == nil || packet.Len == 0 {
if packet == nil || !packet.Valid() {
return osm.NoPacketReceivedError()
}
buf := make([]byte, 0, 0)
count := 0
for i := 0; i < len(packet.Buffer); i++ {
for i := 0; i < packet.Len; i++ {
if packet.Buffer[i] > 0 {
buf = append(buf, packet.Buffer[i])
} else if count > 2 {

View File

@ -53,7 +53,7 @@ func (w *WMIMatcher) Match(info osm.MatchInfo, index int, packet *osm.Packet) er
}
buf := new(bytes.Buffer)
buf.Write(packet.Buffer)
buf.Write(packet.Bytes())
wmiRecv := DCERPC_DEFAULT{}