📄 msessionidmanager.java
字号:
package net.jumperz.app.MGuardian.plugin.sessionIdManager2;
import java.io.*;
import java.util.*;
import java.sql.*;
import java.net.*;
import net.jumperz.net.*;
import net.jumperz.sql.*;
import net.jumperz.util.*;
import net.jumperz.app.MGuardian.*;
import net.jumperz.app.MGuardian.plugin.*;
public class MSessionIdManager
extends MGuardianPlugin
implements MObserver1
{
/*
create table tState
(
t timestamp,
ip varchar( 15 ),
host varchar( 256 ),
paramName varchar( 256 ),
paramValue varchar( 512 ),
userAgent varchar( 512 )
);
create index tIndex on tState( t );
*/
private static final String DEFAULT_JDBC_DRIVER_CLASS_NAME = "net.jumperz.ext.org.hsqldb.jdbcDriver";
private static final String DEFAULT_DBMS_USER = "sa";
private static final String DEFAULT_DBMS_PASS = "";
private static final String DEFAULT_INTERVAL = "60"; // 1 hour
private static final String DEFAULT_TIMESPAN = "60"; // 1 hour
private static final String DEFAULT_BRUTE_FORCE_THRESHOLD = "500";
private static final String DEFAULT_DIFFERENT_IP_THRESHOLD = "255";
private static final int MAX_HOST_SIZE = 256;
private static final int MAX_PARAMNAME_SIZE = 256;
private static final int MAX_PARAMVALUE_SIZE = 512;
private static final int MAX_USERAGENT_SIZE = 512;
public static final int DETECTION_REALTIME = 0;
public static final int DETECTION_INTERVAL = 1;
public static final int ACTION_IGNORE = 0;
public static final int ACTION_LOG = 1;
public static final int ACTION_REMOVE_SESSIONID = 2;
public static final int ACTION_BLOCK = 3;
private static final String DEFAULT_DETECTION_TYPE = "interval";
private static final int LOG_BUF_SIZE = 2048;
private static final long WAIT_TIME = 1000;
private Connection connection;
private String jdbcDriverClassName;
private String dbmsUrl;
private String dbmsUser;
private String dbmsPass;
private String sessionIdListFileName;
private Set sessionIdSet;
private long interval;
private long time = 0;
//private boolean block;
public int timespan;
public String logDirName;
public String command;
public int detectionType;
public int bruteForceThreshold;
public int differentIpThreshold;
public int bruteForceAction;
public int differentIpAction;
public int differentUaAction;
//private boolean useDefaultDatabase = false;
private MDatabaseUtil databaseUtil;
private int logIndex = 0;
private MSqlQueue sqlQueue;
private MLogger logger;
private MResolver resolver;
//--------------------------------------------------------------------------------
public void startup()
throws IOException
{
try
{
startup2();
}
catch( Exception e )
{
e.printStackTrace();
throw new IOException( "plugin startup error. " + e.getMessage() );
}
}
//--------------------------------------------------------------------------------
private void startup2()
throws Exception
{
MTimer timer = MGuardianImpl.getInstance().getTimer();
timer.register1( this );
logger = MGuardianImpl.getInstance().getLogger();
resolver = new MResolver( MGuardianImpl.getInstance().getThreadPool() );
sessionIdListFileName = control.getProperty( "sessionIdManager.sessionIdListFileName" );
if( sessionIdListFileName == null )
{
sessionIdSet = new HashSet();
sessionIdSet.add( "sessionid" );
sessionIdSet.add( "jsessionid" );
sessionIdSet.add( "phpsessid" );
sessionIdSet.add( "userid" );
sessionIdSet.add( "uid" );
sessionIdSet.add( "nguserid" );
sessionIdSet.add( "session-id" );
sessionIdSet.add( "aspsessionid" );
sessionIdSet.add( "sid" );
sessionIdSet.add( "cfid" );
sessionIdSet.add( "cftoken" );
sessionIdSet.add( "jservsessionid" );
sessionIdSet.add( "jwsessionid" );
sessionIdSet.add( "sessid" );
sessionIdSet.add( "session" );
sessionIdSet.add( "session_id" );
sessionIdSet.add( "zenid" );
sessionIdSet.add( "zenAdminID" );
sessionIdSet.add( "osCsid" );
sessionIdSet.add( "osCAdminsID" );
}
else
{
Set tmpSet = new HashSet();
tmpSet = MStringUtil.loadSetFromFile( sessionIdListFileName );
Iterator p = tmpSet.iterator();
while( p.hasNext() )
{
sessionIdSet.add( ( ( String )p.next() ).toLowerCase() );
}
}
dbmsUrl = control.getProperty( "sessionIdManager.dbmsUrl" );
logDirName = control.getProperty( "sessionIdManager.logDirName" );
if( dbmsUrl == null )
{
//useDefaultDatabase = true;
setupDefault();
}
if( logDirName == null )
{
setupDefaultLogDir( setupDefaultDir() );
}
dbmsUser = control.getProperty( "sessionIdManager.dbmsUser", DEFAULT_DBMS_USER );
dbmsPass = control.getProperty( "sessionIdManager.dbmsPass", DEFAULT_DBMS_PASS );
jdbcDriverClassName = control.getProperty( "sessionIdManager.jdbcDriverClassName", DEFAULT_JDBC_DRIVER_CLASS_NAME );
interval = Long.parseLong( control.getProperty( "sessionIdManager.interval", DEFAULT_INTERVAL ) );
interval = interval * 60 ; // minute -> second
timespan = Integer.parseInt( control.getProperty( "sessionIdManager.timespan", DEFAULT_TIMESPAN ) );
//block = control.getProperty( "sessionIdManager.block", DEFAULT_BLOCK ).equals( "true" );
bruteForceThreshold = Integer.parseInt( control.getProperty( "sessionIdManager.bruteForceThreshold", DEFAULT_BRUTE_FORCE_THRESHOLD ) );
differentIpThreshold = Integer.parseInt( control.getProperty( "sessionIdManager.differentIpThreshold", DEFAULT_DIFFERENT_IP_THRESHOLD ) );
command = control.getProperty( "sessionIdManager.command", "" );
String detectionTypeStr = control.getProperty( "sessionIdManager.detectionType", DEFAULT_DETECTION_TYPE );
if( detectionTypeStr.equals( "interval" ) )
{
detectionType = DETECTION_INTERVAL;
}
else if( detectionTypeStr.equals( "realtime" ) )
{
detectionType = DETECTION_REALTIME;
}
bruteForceAction = getActionProperty( "sessionIdManager.bruteForceAction" );
differentIpAction = getActionProperty( "sessionIdManager.differentIpAction" );
differentUaAction = getActionProperty( "sessionIdManager.differentUaAction" );
MIntervalCommand.sessionIdManager = this;
connection = getConnection();
sqlQueue = new MSqlQueue( connection );
databaseUtil = MDatabaseUtilFactory.createDatabaseUtil( dbmsUrl );
if( !databaseUtil.tableExists( connection ) )
{
databaseUtil.createTable( connection );
}
}
//--------------------------------------------------------------------------------
private int getActionProperty( String key )
throws IOException
{
int action;
String value = control.getProperty( key, "log" );
if( value.equalsIgnoreCase( "ignore" ) )
{
action = ACTION_IGNORE;
}
else if( value.equalsIgnoreCase( "log" ) )
{
action = ACTION_LOG;
}
else if( value.equalsIgnoreCase( "removeSessionId" ) )
{
action = ACTION_REMOVE_SESSIONID;
}
else if( value.equalsIgnoreCase( "block" ) )
{
action = ACTION_BLOCK;
}
else
{
throw new IOException( "invalid action name: " + value );
}
if( detectionType == DETECTION_INTERVAL )
{
if( action == ACTION_REMOVE_SESSIONID || action == ACTION_BLOCK )
{
throw new IOException( key + " :Invalid action: " + value + " :sessionIdManager.detectionType must be 'realtime'." );
}
}
return action;
}
//--------------------------------------------------------------------------------
/*
sessionLogDir
+-------sessionIdManager
+----------database
+----------log
*/
//--------------------------------------------------------------------------------
private void setupDefault()
throws IOException
{
String sessionIdManagerDirName = setupDefaultDir();
setupDefaultDatabase( sessionIdManagerDirName );
setupDefaultLogDir( sessionIdManagerDirName );
}
//--------------------------------------------------------------------------------
private String setupDefaultDir()
throws IOException
{
String sessionLogDirName = control.getProperty( "sessionLogDirName" );
File sessionLogDir = new File( sessionLogDirName );
String sessionIdManagerDirName = sessionLogDir.getCanonicalPath() + "/sessionIdManager";
return MSystemUtil.createDir( sessionIdManagerDirName );
}
//--------------------------------------------------------------------------------
private void setupDefaultDatabase( String sessionIdManagerDirName )
throws IOException
{
String databaseDirName = MSystemUtil.createDir( sessionIdManagerDirName + "/database" );
dbmsUrl = "jdbc:hsqldb:" + databaseDirName + "/sessionState";
}
//--------------------------------------------------------------------------------
private void setupDefaultLogDir( String sessionIdManagerDirName )
throws IOException
{
logDirName = MSystemUtil.createDir( sessionIdManagerDirName + "/log" );
}
//--------------------------------------------------------------------------------
private Connection getConnection()
throws Exception
{
Class.forName( jdbcDriverClassName );
return DriverManager.getConnection( dbmsUrl, dbmsUser, dbmsPass );
}
//--------------------------------------------------------------------------------
private String getHost( MHttpRequest request )
throws IOException
{
String host = "";
if( request.headerExists( "Host" ) )
{
host = request.getHeaderValue( "Host" );
if( host.length() > MAX_HOST_SIZE )
{
throw new IOException( "Too long Host value." );
}
}
return host;
}
//--------------------------------------------------------------------------------
private String getUserAgent( MHttpRequest request )
throws IOException
{
String userAgent = "";
if( request.headerExists( "User-Agent" ) )
{
userAgent = request.getHeaderValue( "User-Agent" );
if( userAgent.length() > MAX_USERAGENT_SIZE )
{
throw new IOException( "Too long User-Agent value." );
}
}
return userAgent;
}
//--------------------------------------------------------------------------------
public Map execute( Map sessionInfo )
throws IOException
{
Map pluginResult = new HashMap();
Socket clientSideSocket = ( Socket )sessionInfo.get( "clientSideSocket" );
String clientIp = clientSideSocket.getInetAddress().getHostAddress();
MHttpRequest request = ( MHttpRequest )sessionInfo.get( "request" );
MHttpResponse response = ( MHttpResponse )sessionInfo.get( "response" );
String host = getHost( request );
String userAgent = getUserAgent( request );
boolean processResponse = ( response != null );
List parameterPairList = null;
if( processResponse )
{
parameterPairList = getParameterPairList( response );
}
else
{
parameterPairList = getParameterPairList( request );
}
for( int i = 0; i < parameterPairList.size(); ++i )
{
MPair pair = ( MPair )parameterPairList.get( i );
String paramName = pair.getKey();
String paramValue = pair.getValue();
if( sessionIdSet.contains( paramName.toLowerCase() ) )
{
if( paramName.length() > MAX_PARAMNAME_SIZE )
{
throw new IOException( "Too long paramName." );
}
if( paramValue.length() > MAX_PARAMVALUE_SIZE )
{
throw new IOException( "Too long paramValue." );
}
MObjectArray args = new MObjectArray();
args.add( new Timestamp( System.currentTimeMillis() ) );
args.add( clientIp );
args.add( host );
args.add( paramName );
args.add( paramValue );
args.add( userAgent );
synchronized( connection )
{
updateAccessData( args );
}
if( detectionType == DETECTION_REALTIME
&& processResponse == false
)
{
int action = -1;
synchronized( connection )
{
try
{
action = executeRealTimeDetection
(
connection,
clientIp,
host,
paramName,
paramValue,
userAgent
);
sqlQueue.clear();
}
catch( SQLException e )
{
throw new IOException( e.getMessage() );
}
}
if( action == ACTION_BLOCK )
{
pluginResult.put( "block", new Boolean( true ) );
}
else if( action == ACTION_REMOVE_SESSIONID )
{
removeSessionId( request, paramName );
}
}
}
}
return pluginResult;
}
// --------------------------------------------------------------------------------
private void updateAccessData( MObjectArray args )
throws IOException
{
// insert( or update ) this access to database
String queryString = "update tState set t = ? where ip = ? and host = ? and paramName = ? and paramValue = ? and userAgent = ?";
if( executeUpdate( queryString, args ) == 0 )
{
queryString = "insert into tState values( ??? )";
executeUpdate( queryString, args );
}
}
//--------------------------------------------------------------------------------
private int executeRealTimeDetection( Connection connection, String clientIp, String host, String paramName, String paramValue, String userAgent )
throws IOException, SQLException
{
int result = ACTION_IGNORE;
if( bruteForceAction != ACTION_IGNORE )
{
// type1: check brute force
String queryString =
"SELECT COUNT(*) AS c FROM tState WHERE ( ip = ? ) and ( host = ? ) AND ( paramName = ? ) AND ( userAgent = ? )";
MObjectArray args = new MObjectArray();
args.add( clientIp );
args.add( host );
args.add( paramName );
args.add( userAgent );
int count = MSqlUtil.getInt2( connection, queryString, args );
if( count > bruteForceThreshold )
{
bruteForceAttackDetected( count, clientIp, host, paramName, userAgent, sqlQueue );
if( bruteForceAction == ACTION_BLOCK )
{
return ACTION_BLOCK;
}
else if( bruteForceAction == ACTION_REMOVE_SESSIONID )
{
result = ACTION_REMOVE_SESSIONID;
}
}
}
if( differentIpAction != ACTION_IGNORE )
{
// type2: check different ip ( ignore userAgent )
String queryString =
"SELECT COUNT(*) FROM tState WHERE ( ip != ? ) AND ( host = ? ) AND ( paramName = ? ) AND ( paramValue = ? )";
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -