msessionidmanager.java

httptunnel.jar httptunnel java 源码

package net.jumperz.app.MGuardian.plugin.sessionIdManager;

import java.io.*;
import java.util.*;
import java.sql.*;
import java.net.*;
import java.nio.charset.UnsupportedCharsetException;

import net.jumperz.net.*;
import net.jumperz.sql.*;
import net.jumperz.util.*;
import net.jumperz.app.MGuardian.*;
import net.jumperz.app.MGuardian.plugin.*;

public class MSessionIdManager
extends MGuardianPlugin
implements MObserver1
{
/*
create table tState
(
t		timestamp,
ip		varchar( 15 ),
host		varchar( 256 ),
paramName	varchar( 256 ),
paramValue	varchar( 512 ),
userAgent	varchar( 512 )
);
create index tIndex on tState( t );
*/
private static final String DEFAULT_JDBC_DRIVER_CLASS_NAME	= "net.jumperz.ext.org.hsqldb.jdbcDriver";
private static final String DEFAULT_DBMS_USER			= "sa";
private static final String DEFAULT_DBMS_PASS			= "";
private static final String DEFAULT_INTERVAL			= "60";		// 1 hour
private static final String DEFAULT_TIMESPAN			= "300";	// 5 hours
private static final String DEFAULT_BLOCK			= "false";
private static final String DEFAULT_BRUTE_FORCE_THRESHOLD	= "5";
private static final int MAX_HOST_SIZE				= 256;
private static final int MAX_PARAMNAME_SIZE			= 256;
private static final int MAX_PARAMVALUE_SIZE			= 512;
private static final int MAX_USERAGENT_SIZE			= 512;
public  static final int DETECTION_REALTIME			= 0;
public  static final int DETECTION_INTERVAL			= 1;
private static final String DEFAULT_DETECTION_TYPE		= "interval";
private static final int LOG_BUF_SIZE = 2048;
private static final long WAIT_TIME = 1000;

private Connection connection;
private String jdbcDriverClassName;
private String dbmsUrl;
private String dbmsUser;
private String dbmsPass;
private String sessionIdListFileName;
private Set sessionIdSet;
private long interval;
private long time = 0;
private int timespan;
private boolean block;
private int bruteForceThreshold;
private boolean useDefaultDatabase = false;
private String logDirName;
private String command;
private MDatabaseUtil databaseUtil;
private int detectionType;
private int logIndex = 0;
private MSqlQueue sqlQueue;
private MLogger logger;
private MResolver resolver;
//--------------------------------------------------------------------------------
public void startup()
throws IOException
{
try
	{
	startup2();
	}
catch( Exception e )
	{
	e.printStackTrace();
	throw new IOException( "plugin startup error. " + e.getMessage() );
	}
}
//--------------------------------------------------------------------------------
private void startup2()
throws Exception
{
MTimer timer = MGuardianImpl.getInstance().getTimer();
timer.register1( this );

logger = MGuardianImpl.getInstance().getLogger();

resolver = new MResolver( MGuardianImpl.getInstance().getThreadPool() );

sessionIdListFileName	= control.getProperty( "sessionIdManager.sessionIdListFileName" );
if( sessionIdListFileName == null )
	{
	sessionIdSet = new HashSet();
	sessionIdSet.add( "sessionid" );
	sessionIdSet.add( "jsessionid" );
	sessionIdSet.add( "phpsessid" );
	sessionIdSet.add( "userid" );
	sessionIdSet.add( "uid" );
	sessionIdSet.add( "nguserid" );
	sessionIdSet.add( "session-id" );
	sessionIdSet.add( "aspsessionid" );
	sessionIdSet.add( "sid" );
	sessionIdSet.add( "cfid" );
	sessionIdSet.add( "cftoken" );
	sessionIdSet.add( "jservsessionid" );
	sessionIdSet.add( "jwsessionid" );	
	sessionIdSet.add( "sessid" );	
	sessionIdSet.add( "session" );	
	sessionIdSet.add( "session_id" );
	}
else
	{
	Set tmpSet = new HashSet();
	tmpSet = MStringUtil.loadSetFromFile( sessionIdListFileName );
	Iterator p = tmpSet.iterator();
	while( p.hasNext() )
		{
		sessionIdSet.add( ( ( String )p.next() ).toLowerCase() );
		}
	}

dbmsUrl		= control.getProperty( "sessionIdManager.dbmsUrl" );
logDirName	= control.getProperty( "sessionIdManager.logDirName" );

if( dbmsUrl == null )
	{
	useDefaultDatabase = true;
	setupDefault();
	}

if( logDirName == null )
	{
	setupDefaultLogDir( setupDefaultDir() );
	}

dbmsUser		= control.getProperty( "sessionIdManager.dbmsUser", DEFAULT_DBMS_USER );
dbmsPass		= control.getProperty( "sessionIdManager.dbmsPass", DEFAULT_DBMS_PASS );
jdbcDriverClassName	= control.getProperty( "sessionIdManager.jdbcDriverClassName", DEFAULT_JDBC_DRIVER_CLASS_NAME );
interval		= Long.parseLong( control.getProperty( "sessionIdManager.interval", DEFAULT_INTERVAL ) );
interval		= interval * 60 ; // minute -> second
timespan		= Integer.parseInt( control.getProperty( "sessionIdManager.timespan", DEFAULT_TIMESPAN ) );
block			= control.getProperty( "sessionIdManager.block", DEFAULT_BLOCK ).equals( "true" );
bruteForceThreshold		= Integer.parseInt( control.getProperty( "sessionIdManager.bruteForceThreshold", DEFAULT_BRUTE_FORCE_THRESHOLD ) );
command			= control.getProperty( "sessionIdManager.command", "" );
String detectionTypeStr	= control.getProperty( "sessionIdManager.detectionType", DEFAULT_DETECTION_TYPE );
if( detectionTypeStr.equals( "interval" ) )
	{
	detectionType = DETECTION_INTERVAL;
	}
else if( detectionTypeStr.equals( "realtime" ) )
	{
	detectionType = DETECTION_REALTIME;
	}

MIntervalCommand.sessionIdManager		= this;
MIntervalCommand.bruteForceThreshold		= bruteForceThreshold;
MIntervalCommand.timespan			= timespan;
MIntervalCommand.logDirName			= logDirName;
MIntervalCommand.command			= command;
MIntervalCommand.detectionType			= detectionType;

connection = getConnection();
sqlQueue = new MSqlQueue( connection );

databaseUtil = MDatabaseUtilFactory.createDatabaseUtil( dbmsUrl );
if( !databaseUtil.tableExists( connection ) )
	{
	databaseUtil.createTable( connection );
	}
}
//--------------------------------------------------------------------------------
/*
sessionLogDir
      +-------sessionIdManager
                     +----------database
                     +----------log
 */
//--------------------------------------------------------------------------------
private void setupDefault()
throws IOException
{
String sessionIdManagerDirName = setupDefaultDir();
setupDefaultDatabase( sessionIdManagerDirName );
setupDefaultLogDir( sessionIdManagerDirName );
}
//--------------------------------------------------------------------------------
private String setupDefaultDir()
throws IOException
{
String sessionLogDirName = control.getProperty( "sessionLogDirName" );
File sessionLogDir = new File( sessionLogDirName );

String sessionIdManagerDirName = sessionLogDir.getCanonicalPath() + "/sessionIdManager";
return MSystemUtil.createDir( sessionIdManagerDirName );
}
//--------------------------------------------------------------------------------
private void setupDefaultDatabase( String sessionIdManagerDirName )
throws IOException
{
String databaseDirName = MSystemUtil.createDir( sessionIdManagerDirName + "/database" );
dbmsUrl = "jdbc:hsqldb:" + databaseDirName + "/sessionState";
}
//--------------------------------------------------------------------------------
private void setupDefaultLogDir( String sessionIdManagerDirName )
throws IOException
{
logDirName = MSystemUtil.createDir( sessionIdManagerDirName + "/log" );
}
//--------------------------------------------------------------------------------
private Connection getConnection()
throws Exception
{
Class.forName( jdbcDriverClassName );
return DriverManager.getConnection( dbmsUrl, dbmsUser, dbmsPass );	
}
//--------------------------------------------------------------------------------
private String getHost( MHttpRequest request )
throws IOException
{
String host = "";
if( request.headerExists( "Host" ) )
	{
	host = request.getHeaderValue( "Host" );
	if( host.length() > MAX_HOST_SIZE )
		{
		throw new IOException( "Too long Host value." );
		}
	}
return host;	
}
//--------------------------------------------------------------------------------
private String getUserAgent( MHttpRequest request )
throws IOException
{
String userAgent = "";
if( request.headerExists( "User-Agent" ) )
	{
	userAgent = request.getHeaderValue( "User-Agent" );
	if( userAgent.length() > MAX_USERAGENT_SIZE )
		{
		throw new IOException( "Too long User-Agent value." );
		}
	}
return userAgent;
}
//--------------------------------------------------------------------------------
public Map execute( Map sessionInfo )
throws IOException
{
Map pluginResult = new HashMap();
Socket clientSideSocket	= ( Socket )sessionInfo.get( "clientSideSocket" );
String clientIp = clientSideSocket.getInetAddress().getHostAddress();
MHttpRequest request = ( MHttpRequest )sessionInfo.get( "request" );

String host = getHost( request );
String userAgent = getUserAgent( request );

List parameterPairList = getParameterPairList( request );
for( int i = 0; i < parameterPairList.size(); ++i )
	{
	MPair pair = ( MPair )parameterPairList.get( i );
	String paramName  = pair.getKey();
	String paramValue = pair.getValue();
	if( sessionIdSet.contains( paramName.toLowerCase() ) )
		{
		if( paramName.length() > MAX_PARAMNAME_SIZE )
			{
			throw new IOException( "Too long paramName." );
			}
		if( paramValue.length() > MAX_PARAMVALUE_SIZE )
			{
			throw new IOException( "Too long paramValue." );
			}
		MObjectArray args = new MObjectArray();
		args.add( new Timestamp( System.currentTimeMillis() ) );
		args.add( clientIp );
		args.add( host );
		args.add( paramName );
		args.add( paramValue );
		args.add( userAgent );

		synchronized( connection )
			{
				// insert( or update ) this access to database
			String queryString = "update tState set t = ? where ip = ? and host = ? and paramName = ? and paramValue = ? and userAgent = ?";
			if( executeUpdate( queryString, args ) == 0 )
				{
				queryString = "insert into tState values( ??? )";
				executeUpdate( queryString, args );
				}
			
			if( detectionType == DETECTION_REALTIME )
				{
				try
					{
					boolean shouldBeBlocked = executeRealTimeDetection
						(
						connection,
						clientIp,
						host,
						paramName,
						paramValue,
						userAgent
						);
					
					if( shouldBeBlocked )
						{
						pluginResult.put( "block", new Boolean( true ) );
						}