📄 msessionidmanager.java
字号:
MObjectArray args = new MObjectArray();
args.add( clientIp );
args.add( host );
args.add( paramName );
args.add( paramValue );
int count = MSqlUtil.getInt2( connection, queryString, args );
if( count > 0 )
{
if( checkIpRange( host, paramName, paramValue ) )
{
differentSourceAttackDetected( host, paramName, paramValue, "ip", sqlQueue );
if( differentIpAction == ACTION_BLOCK )
{
return ACTION_BLOCK;
}
else if( differentIpAction == ACTION_REMOVE_SESSIONID )
{
result = ACTION_REMOVE_SESSIONID;
}
}
}
}
if( differentUaAction != ACTION_IGNORE )
{
// type3: check different userAgent( ignore ip )
String queryString =
"SELECT COUNT(*) FROM tState WHERE ( userAgent != ? ) AND ( host = ? ) AND ( paramName = ? ) AND ( paramValue = ? )";
MObjectArray args = new MObjectArray();
args.add( userAgent );
args.add( host );
args.add( paramName );
args.add( paramValue );
int count = MSqlUtil.getInt2( connection, queryString, args );
if( count > 0 )
{
differentSourceAttackDetected( host, paramName, paramValue, "userAgent", sqlQueue );
if( differentUaAction == ACTION_BLOCK )
{
return ACTION_BLOCK;
}
else if( differentUaAction == ACTION_REMOVE_SESSIONID )
{
result = ACTION_REMOVE_SESSIONID;
}
}
}
return result;
}
//--------------------------------------------------------------------------------
public void bruteForceAttackDetected( int count, String ip, String host, String paramName, String userAgent, MSqlQueue tmpSqlQueue )
throws IOException, SQLException
{
// alert
String logId = System.currentTimeMillis() + "_" + logIndex;
logIndex++;
StringBuffer s = new StringBuffer( LOG_BUF_SIZE );
s.append( MSession.SEC_LOG_PREFIX );
s.append( ip );
s.append( "::PLUGIN:" );
s.append( MSessionIdManager.class.getName() );
s.append( ":BRUTE_FORCE_ATTACK:" );
s.append( count );
s.append( "/" );
s.append( host );
s.append( "/" );
s.append( paramName );
s.append( "/" );
s.append( userAgent );
s.append( ":" );
s.append( logId );
logger.log( s.toString() );
// save to file
String queryString =
"SELECT * FROM tState WHERE ip = ? AND host = ? AND paramName = ? AND userAgent = ? ORDER BY t ASC";
MObjectArray args = new MObjectArray();
args.add( ip );
args.add( host );
args.add( paramName );
args.add( userAgent );
ResultSet rs = MSqlUtil.executeQuery2( connection, queryString, args );
log( logId, rs );
rs.close();
// execute command
execCommand( logId, "BRUTE_FORCE_ATTACK" );
// execute later
queryString =
"DELETE FROM tState WHERE ip = ? AND host = ? AND paramName = ? AND userAgent = ?";
tmpSqlQueue.putSql( queryString, args );
}
//--------------------------------------------------------------------------------
public void differentSourceAttackDetected( String host, String paramName, String paramValue, String source, MSqlQueue tmpSqlQueue )
throws SQLException, IOException
{
// alert
String logId = System.currentTimeMillis() + "_" + logIndex;
logIndex++;
StringBuffer s = new StringBuffer( LOG_BUF_SIZE );
s.append( MSession.SEC_LOG_PREFIX );
s.append( ":::PLUGIN:" );
s.append( MSessionIdManager.class.getName() );
s.append( ":SAME_ID_FROM_DIFFERENT_" );
s.append( source.toUpperCase() );
s.append( ":" );
s.append( host );
s.append( "/" );
s.append( paramName );
s.append( "/" );
s.append( paramValue );
s.append( ":" );
s.append( logId );
logger.log( s.toString() );
// save to file
String queryString =
"SELECT * FROM tState WHERE host = ? AND paramName = ? AND paramValue = ? ORDER BY t ASC";
MObjectArray args = new MObjectArray();
args.add( host );
args.add( paramName );
args.add( paramValue );
ResultSet rs = MSqlUtil.executeQuery2( connection, queryString, args );
log( logId, rs );
rs.close();
// execute command
execCommand( logId, "DIFFERENT_" + source.toUpperCase() );
// execute later
queryString =
"DELETE FROM tState WHERE host = ? AND paramName = ? AND paramValue = ?";
tmpSqlQueue.putSql( queryString, args );
}
// --------------------------------------------------------------------------------
private void removeSessionId( MHttpRequest request, String paramName )
throws IOException
{
//Cookie
String cookie = request.getHeaderValue( "Cookie" );
if( cookie != null )
{
String[] array = cookie.split( "; {0,}" );
StringBuffer s = new StringBuffer( cookie.length() );
for( int i = 0; i < array.length; ++i )
{
if( !( array[ i ].indexOf( paramName ) == 0 ) )
{
if( s.length() > 0 )
{
s.append( "; " );
}
s.append( array[ i ] );
}
}
if( s.length() > 0 )
{
request.setHeaderValue( "Cookie", s.toString() );
}
else
{
request.removeHeaderValue( "Cookie" );
}
}
//Params
MRequestUri uri = new MRequestUri( request.getUri() );
String params = uri.getParams();
if( !params.equals( "" ) )
{
String[] array = params.split( ";" );
StringBuffer s = new StringBuffer( params.length() );
for( int i = 0; i < array.length; ++i )
{
String[] array2 = array[ i ].split( "=" );
if( array2.length == 2 )
{
String key = MStringUtil.urlDecode( array2[ 0 ] );
if( !key.equals( paramName ) )
{
if( s.length() > 0 )
{
s.append( ";" );
}
s.append( array[ i ] );
}
}
}
uri.setParams( s.toString() );
request.setUri( uri.toString() );
}
//query in URI
String queryInUri = uri.getQuery();
if( !queryInUri.equals( "" ) )
{
String[] array = queryInUri.split( "&" );
StringBuffer s = new StringBuffer( queryInUri.length() );
processQuery( s, array, paramName );
uri.setQuery( s.toString() );
request.setUri( uri.toString() );
}
//query in request body
if( request.hasBody()
&& request.headerExists( "Content-Type" )
)
{
String contentType = request.getHeaderValue( "Content-Type" );
if( contentType.equalsIgnoreCase( "application/x-www-form-urlencoded" ) )
{
String queryInBody = request.getBodyAsString();
String[] array = queryInBody.split( "&" );
StringBuffer s = new StringBuffer( queryInBody.length() );
processQuery( s, array, paramName );
request.setBody( s.toString() );
request.setHeaderValue( "Content-Length", Integer.toString( s.length() ) );
}
}
}
// --------------------------------------------------------------------------------
private void processQuery( StringBuffer s, String[] array, String paramName )
{
for( int i = 0; i < array.length; ++i )
{
String[] array2 = array[ i ].split( "=" );
if( array2.length == 2 )
{
String key = MStringUtil.urlDecode( array2[ 0 ] );
if( !key.equals( paramName ) )
{
if( s.length() > 0 )
{
s.append( "&" );
}
s.append( array[ i ] );
}
}
}
}
// --------------------------------------------------------------------------------
private void processCookie( List cookieList, List parameterPairList )
{
Iterator p = cookieList.iterator();
while( p.hasNext() )
{
String cookie = ( String )p.next();
String[] array = cookie.split( "(;|,) *" );
addToParameterPairList( parameterPairList, array, false );
}
}
// --------------------------------------------------------------------------------
private List getParameterPairList( MHttpResponse response )
throws IOException
{
List parameterPairList = new ArrayList();
List cookieList = response.getHeaderValueList( "Set-Cookie" );
processCookie( cookieList, parameterPairList );
return parameterPairList;
}
//--------------------------------------------------------------------------------
private List getParameterPairList( MHttpRequest request )
throws IOException
{
List parameterPairList = new ArrayList();
// From cookie
List cookieList = request.getHeaderValueList( "Cookie" );
processCookie( cookieList, parameterPairList );
// From params
MRequestUri uri = new MRequestUri( request.getUri() );
String params = uri.getParams();
if( !params.equals( "" ) )
{
String[] array = params.split( ";" );
addToParameterPairList( parameterPairList, array, true );
}
// From query in URI
String queryInUri = uri.getQuery();
if( !queryInUri.equals( "" ) )
{
String[] array = queryInUri.split( "&" );
addToParameterPairList( parameterPairList, array, true );
}
// From query in request body
if( request.hasBody()
&& request.headerExists( "Content-Type" )
)
{
String contentType = request.getHeaderValue( "Content-Type" );
if( contentType.equalsIgnoreCase( "application/x-www-form-urlencoded" ) )
{
String queryInBody = request.getBodyAsString();
String[] array = queryInBody.split( "&" );
addToParameterPairList( parameterPairList, array, true );
}
}
return parameterPairList;
}
//--------------------------------------------------------------------------------
private void addToParameterPairList( List parameterPairList, String[] array, boolean urlDecode )
{
for( int i = 0; i < array.length; ++i )
{
String[] array2 = array[ i ].split( "=" );
if( array2.length == 2 )
{
String key = array2[ 0 ];
String value = array2[ 1 ];
//System.err.println( key + "=" + value );
if( urlDecode )
{
key = MStringUtil.urlDecode( key );
value = MStringUtil.urlDecode( value );
}
parameterPairList.add( new MPair( key, value ) );
}
}
}
//--------------------------------------------------------------------------------
private int executeUpdate( String queryString, MObjectArray args )
throws IOException
{
int ret = 0;
try
{
ret = MSqlUtil.executeUpdate2( connection, queryString, args );
}
catch( SQLException e )
{
e.printStackTrace();
throw new IOException( e.getMessage() );
}
return ret;
}
//--------------------------------------------------------------------------------
public boolean checkIpRange( String host, String paramName, String paramValue )
throws SQLException
{
String queryString =
"SELECT ip FROM tState WHERE host = ? AND paramName = ? AND paramValue = ?";
MObjectArray args = new MObjectArray();
args.add( host );
args.add( paramName );
args.add( paramValue );
ResultSet rs = MSqlUtil.executeQuery2( connection, queryString, args );
long min = Long.MAX_VALUE;
long max = 0;
while( rs.next() )
{
long l = MStringUtil.ipToLong( rs.getString( 1 ) );
if( l < min )
{
min = l;
}
if( l > max )
{
max = l;
}
}
return ( ( max - min ) > ( long )differentIpThreshold );
}
//--------------------------------------------------------------------------------
private void execCommand( String logId, String alertName )
throws IOException
{
if( !command.equals( "" )
&& !command.equals( "none" )
)
{
String tmpCommand = command;
tmpCommand = MStringUtil.replaceAll( tmpCommand, "%logId", logId );
tmpCommand = MStringUtil.replaceAll( tmpCommand, "%logDirName", logDirName );
tmpCommand = MStringUtil.replaceAll( tmpCommand, "%alertName", alertName );
Runtime.getRuntime().exec( tmpCommand );
}
}
//--------------------------------------------------------------------------------
private void log( String logId, ResultSet rs )
throws SQLException, IOException
{
File logDir = new File( logDirName );
BufferedOutputStream out = new BufferedOutputStream( new FileOutputStream( logDir.getCanonicalPath() + "/" + logId ) );
while( rs.next() )
{
String ip = rs.getString( "ip" );
out.write( rs.getString( "t" ).getBytes( MCharset.CS_ISO_8859_1 ) );
out.write( '\t' );
out.write( ip.getBytes( MCharset.CS_ISO_8859_1 ) );
out.write( '\t' );
out.write( resolver.lookup( ip, WAIT_TIME ).getBytes( MCharset.CS_ISO_8859_1 ) );
out.write( '\t' );
out.write( rs.getString( "host" ).getBytes( MCharset.CS_ISO_8859_1 ) );
out.write( '\t' );
out.write( rs.getString( "paramname" ).getBytes( MCharset.CS_ISO_8859_1 ) );
out.write( '\t' );
out.write( rs.getString( "paramvalue" ).getBytes( MCharset.CS_ISO_8859_1 ) );
out.write( '\t' );
out.write( rs.getString( "useragent" ).getBytes( MCharset.CS_ISO_8859_1 ) );
out.write( '\n' );
}
out.flush();
out.close();
}
//--------------------------------------------------------------------------------
public void update()
{
time ++;
if( time >= interval )
{
MIntervalCommand command = new MIntervalCommand( connection );
MGuardianImpl.getInstance().getThreadPool().addCommand( command );
time = 0;
}
}
//--------------------------------------------------------------------------------
public void shutdown()
{
try
{
connection.close();
}
catch( SQLException e )
{
e.printStackTrace();
}
}
//--------------------------------------------------------------------------------
}
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -