scottk/databunker
1
0
Fork 0
mirror of https://github.com/optim-enterprises-bv/databunker.git synced 2025-11-02 02:48:05 +00:00
Code Issues Packages Projects Releases Wiki Activity

new version

Browse Source
This commit is contained in:
yuli
2024-12-26 23:08:13 +02:00
parent d0c5d1a196
commit e16ef588a7
2 changed files with 78 additions and 173 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
src/utils/go.mod
View File

@@ -1,3 +1,18 @@
module github.com/securitybunker/databunker/src/utils module github.com/securitybunker/databunker/src/utils
go 1.13 go 1.21
toolchain go1.23.2
require (
github.com/kelseyhightower/envconfig v1.4.0
github.com/ttacon/libphonenumber v1.2.1
golang.org/x/sys v0.28.0
gopkg.in/yaml.v2 v2.4.0
)
require (
github.com/golang/protobuf v1.5.4 // indirect
github.com/ttacon/builder v0.0.0-20170518171403-c099f663e1c2 // indirect
google.golang.org/protobuf v1.36.1 // indirect
)

234
src/utils/utils.go
View File

@@ -19,10 +19,8 @@ import (
"syscall" "syscall"
"time" "time"
"github.com/kelseyhightower/envconfig"
"github.com/ttacon/libphonenumber" "github.com/ttacon/libphonenumber"
"golang.org/x/sys/unix" "golang.org/x/sys/unix"
"gopkg.in/yaml.v2"
) )
var ( var (
@@ -61,6 +59,16 @@ var (
} }
) )
// UserJSON used to parse user POST
type UserJSONStruct struct {
JsonData []byte
LoginIdx string
EmailIdx string
PhoneIdx string
CustomIdx string
Token string
}
// Consideration why collection of meta data patch was postpone: // Consideration why collection of meta data patch was postpone:
// 1. Databunker is not anti-fraud solution // 1. Databunker is not anti-fraud solution
// 2. GDPR stands for data minimalization. // 2. GDPR stands for data minimalization.
@@ -74,7 +82,7 @@ func getMeta(r *http.Request) string {
for idx, val := range r.Header { for idx, val := range r.Header {
idx0 := strings.ToLower(idx) idx0 := strings.ToLower(idx)
log.Printf("Checking header: %s\n", idx0) log.Printf("Checking header: %s\n", idx0)
if contains(interestingHeaders, idx0) { if utils.SliceContains(interestingHeaders, idx0) {
headers[idx] = val[0] headers[idx] = val[0]
} }
} }
@@ -85,7 +93,7 @@ func getMeta(r *http.Request) string {
} }
*/ */
func getStringValue(r interface{}) string { func GetStringValue(r interface{}) string {
if r == nil { if r == nil {
return "" return ""
} }
@@ -100,7 +108,7 @@ func getStringValue(r interface{}) string {
return "" return ""
} }
func getIntValue(r interface{}) int { func GetIntValue(r interface{}) int {
switch r.(type) { switch r.(type) {
case int: case int:
return r.(int) return r.(int)
@@ -112,7 +120,7 @@ func getIntValue(r interface{}) int {
return 0 return 0
} }
func getInt64Value(records map[string]interface{}, key string) int64 { func GetInt64Value(records map[string]interface{}, key string) int64 {
if value, ok := records[key]; ok { if value, ok := records[key]; ok {
switch value.(type) { switch value.(type) {
case int32: case int32:
@@ -124,34 +132,7 @@ func getInt64Value(records map[string]interface{}, key string) int64 {
return 0 return 0
} }
// readConfFile() read configuration file. func GetArgEnvFileVariable(vname string, masterKeyPtr *string) string {
func readConfFile(cfg *Config, filepath *string) error {
confFile := "databunker.yaml"
if filepath != nil {
if len(*filepath) > 0 {
confFile = *filepath
}
}
log.Printf("Loading configuration file: %s\n", confFile)
f, err := os.Open(confFile)
if err != nil {
return err
}
decoder := yaml.NewDecoder(f)
err = decoder.Decode(cfg)
if err != nil {
return err
}
return nil
}
// readEnv() process environment variables.
func readEnv(cfg *Config) error {
err := envconfig.Process("", cfg)
return err
}
func getArgEnvFileVariable(vname string, masterKeyPtr *string) string {
strvalue := "" strvalue := ""
if masterKeyPtr != nil && len(*masterKeyPtr) > 0 { if masterKeyPtr != nil && len(*masterKeyPtr) > 0 {
strvalue = *masterKeyPtr strvalue = *masterKeyPtr
@@ -164,13 +145,13 @@ func getArgEnvFileVariable(vname string, masterKeyPtr *string) string {
return strings.TrimSpace(strvalue) return strings.TrimSpace(strvalue)
} }
func hashString(md5Salt []byte, src string) string { func HashString(md5Salt []byte, src string) string {
stringToHash := append(md5Salt, []byte(src)...) stringToHash := append(md5Salt, []byte(src)...)
hashed := sha256.Sum256(stringToHash) hashed := sha256.Sum256(stringToHash)
return base64.StdEncoding.EncodeToString(hashed[:]) return base64.StdEncoding.EncodeToString(hashed[:])
} }
func normalizeConsentStatus(status string) string { func NormalizeConsentStatus(status string) string {
status = strings.ToLower(status) status = strings.ToLower(status)
if consentYesStatuses[status] { if consentYesStatuses[status] {
return "yes" return "yes"
@@ -186,11 +167,11 @@ func normalizeBasisType(status string) string {
return "consent" return "consent"
} }
func normalizeBrief(brief string) string { func NormalizeBrief(brief string) string {
return strings.ToLower(brief) return strings.ToLower(brief)
} }
func normalizeEmail(email0 string) string { func NormalizeEmail(email0 string) string {
email, _ := url.QueryUnescape(email0) email, _ := url.QueryUnescape(email0)
email = strings.ToLower(email) email = strings.ToLower(email)
email = strings.TrimSpace(email) email = strings.TrimSpace(email)
@@ -200,7 +181,7 @@ func normalizeEmail(email0 string) string {
return email return email
} }
func normalizePhone(phone string, defaultCountry string) string { func NormalizePhone(phone string, defaultCountry string) string {
// 4444 is a phone number for testing, no need to normilize it // 4444 is a phone number for testing, no need to normilize it
phone = strings.TrimSpace(phone) phone = strings.TrimSpace(phone)
if len(phone) == 0 { if len(phone) == 0 {
@@ -226,7 +207,7 @@ func ValidateMode(index string) bool {
return indexNames[strings.ToLower(index)] return indexNames[strings.ToLower(index)]
} }
func parseFields(fields string) []string { func ParseFields(fields string) []string {
return strings.Split(fields, ",") return strings.Split(fields, ",")
} }
@@ -248,7 +229,7 @@ func binarySearch(arr []string, target string) bool {
return false return false
} }
func contains(slice []string, item string) bool { func SliceContains(slice []string, item string) bool {
set := make(map[string]bool, len(slice)) set := make(map[string]bool, len(slice))
for _, s := range slice { for _, s := range slice {
set[s] = true set[s] = true
@@ -256,7 +237,7 @@ func contains(slice []string, item string) bool {
return set[item] return set[item]
} }
func atoi(s string) int32 { func Atoi(s string) int32 {
var ( var (
n uint32 n uint32
i int i int
@@ -280,15 +261,15 @@ func atoi(s string) int32 {
return int32(n) return int32(n)
} }
func setExpiration(maxExpiration string, userExpiration string) string { func SetExpiration(maxExpiration string, userExpiration string) string {
if len(userExpiration) == 0 { if len(userExpiration) == 0 {
return maxExpiration return maxExpiration
} }
userExpirationNum, _ := parseExpiration(userExpiration) userExpirationNum, _ := ParseExpiration(userExpiration)
maxExpirationNum, _ := parseExpiration(maxExpiration) maxExpirationNum, _ := ParseExpiration(maxExpiration)
if maxExpirationNum == 0 { if maxExpirationNum == 0 {
maxExpiration = "6m" maxExpiration = "6m"
maxExpirationNum, _ = parseExpiration(maxExpiration) maxExpirationNum, _ = ParseExpiration(maxExpiration)
} }
if userExpirationNum == 0 { if userExpirationNum == 0 {
return maxExpiration return maxExpiration
@@ -299,7 +280,7 @@ func setExpiration(maxExpiration string, userExpiration string) string {
return userExpiration return userExpiration
} }
func parseExpiration0(expiration string) (int32, error) { func ParseExpiration0(expiration string) (int32, error) {
match := regexExpiration.FindStringSubmatch(expiration) match := regexExpiration.FindStringSubmatch(expiration)
// expiration format: 10d, 10h, 10m, 10s // expiration format: 10d, 10h, 10m, 10s
if len(match) != 3 { if len(match) != 3 {
@@ -311,22 +292,22 @@ func parseExpiration0(expiration string) (int32, error) {
start := int32(0) start := int32(0)
switch format { switch format {
case "d": // day case "d": // day
start = start + (atoi(num) * 24 * 3600) start = start + (Atoi(num) * 24 * 3600)
case "h": // hour case "h": // hour
start = start + (atoi(num) * 3600) start = start + (Atoi(num) * 3600)
case "m": // month case "m": // month
start = start + (atoi(num) * 24 * 31 * 3600) start = start + (Atoi(num) * 24 * 31 * 3600)
case "s": case "s":
start = start + (atoi(num)) start = start + (Atoi(num))
} }
return start, nil return start, nil
} }
func parseExpiration(expiration string) (int32, error) { func ParseExpiration(expiration string) (int32, error) {
match := regexExpiration.FindStringSubmatch(expiration) match := regexExpiration.FindStringSubmatch(expiration)
// expiration format: 10d, 10h, 10m, 10s // expiration format: 10d, 10h, 10m, 10s
if len(match) == 2 { if len(match) == 2 {
return atoi(match[1]), nil return Atoi(match[1]), nil
} }
if len(match) != 3 { if len(match) != 3 {
e := fmt.Sprintf("failed to parse expiration value: %s", expiration) e := fmt.Sprintf("failed to parse expiration value: %s", expiration)
@@ -335,39 +316,39 @@ func parseExpiration(expiration string) (int32, error) {
num := match[1] num := match[1]
format := match[2] format := match[2]
if len(format) == 0 { if len(format) == 0 {
return atoi(num), nil return Atoi(num), nil
} }
start := int32(time.Now().Unix()) start := int32(time.Now().Unix())
switch format { switch format {
case "d": // day case "d": // day
start = start + (atoi(num) * 24 * 3600) start = start + (Atoi(num) * 24 * 3600)
case "h": // hour case "h": // hour
start = start + (atoi(num) * 3600) start = start + (Atoi(num) * 3600)
case "m": // month case "m": // month
start = start + (atoi(num) * 24 * 31 * 3600) start = start + (Atoi(num) * 24 * 31 * 3600)
case "s": case "s":
start = start + (atoi(num)) start = start + (Atoi(num))
} }
return start, nil return start, nil
} }
func lockMemory() error { func LockMemory() error {
return unix.Mlockall(syscall.MCL_CURRENT | syscall.MCL_FUTURE) return unix.Mlockall(syscall.MCL_CURRENT | syscall.MCL_FUTURE)
} }
func isValidUUID(uuidCode string) bool { func CheckValidUUID(uuidCode string) bool {
return regexUUID.MatchString(uuidCode) return regexUUID.MatchString(uuidCode)
} }
func isValidApp(app string) bool { func CheckValidApp(app string) bool {
return regexAppName.MatchString(app) return regexAppName.MatchString(app)
} }
func isValidBrief(brief string) bool { func CheckValidBrief(brief string) bool {
return regexBrief.MatchString(brief) return regexBrief.MatchString(brief)
} }
func isValidHex(hex1 string) bool { func CheckValidHex(hex1 string) bool {
return regexHex.MatchString(hex1) return regexHex.MatchString(hex1)
} }
@@ -384,8 +365,8 @@ func isContainer() bool {
return false return false
} }
// stringPatternMatch looks for basic human patterns like "*", "*abc*", etc... // StringPatternMatch looks for basic human patterns like "*", "*abc*", etc...
func stringPatternMatch(pattern string, value string) bool { func StringPatternMatch(pattern string, value string) bool {
if len(pattern) == 0 { if len(pattern) == 0 {
return false return false
} }
@@ -416,104 +397,13 @@ func stringPatternMatch(pattern string, value string) bool {
return false return false
} }
func returnError(w http.ResponseWriter, r *http.Request, message string, code int, err error, event *auditEvent) { func ReturnUUID(w http.ResponseWriter, code string) {
log.Printf("[%d] %s %s -> Return error\n", code, r.Method, r.URL.Path)
w.Header().Set("Content-Type", "application/json; charset=utf-8")
w.WriteHeader(code)
fmt.Fprintf(w, `{"status":"error","message":%q}`, message)
if event != nil {
event.Status = "error"
event.Msg = message
if err != nil {
event.Debug = err.Error()
log.Printf("Generate error response: %s, Error: %s\n", message, err.Error())
} else {
log.Printf("Generate error response: %s\n", message)
}
}
//http.Error(w, http.StatusText(405), 405)
}
func returnUUID(w http.ResponseWriter, code string) {
w.Header().Set("Content-Type", "application/json; charset=utf-8") w.Header().Set("Content-Type", "application/json; charset=utf-8")
w.WriteHeader(200) w.WriteHeader(200)
fmt.Fprintf(w, `{"status":"ok","token":%q}`, code) fmt.Fprintf(w, `{"status":"ok","token":%q}`, code)
} }
func (e mainEnv) enforceAuth(w http.ResponseWriter, r *http.Request, event *auditEvent) string { func GetJSONPostMap(r *http.Request) (map[string]interface{}, error) {
/*
for key, value := range r.Header {
fmt.Printf("%s => %s\n", key, value)
}
*/
if token, ok := r.Header["X-Bunker-Token"]; ok {
authResult, err := e.db.checkUserAuthXToken(token[0])
//fmt.Printf("error in auth? error %s - %s\n", err, token[0])
if err == nil {
if event != nil {
event.Identity = authResult.name
if authResult.ttype == "login" && authResult.token == event.Record {
return authResult.ttype
}
}
if len(authResult.ttype) > 0 && authResult.ttype != "login" {
return authResult.ttype
}
}
/*
if e.db.checkXtoken(token[0]) == true {
if event != nil {
event.Identity = "admin"
}
return true
}
*/
}
log.Printf("403 Access denied\n")
w.WriteHeader(http.StatusForbidden)
w.Write([]byte("Access denied"))
if event != nil {
event.Status = "error"
event.Msg = "access denied"
}
return ""
}
func (e mainEnv) enforceAdmin(w http.ResponseWriter, r *http.Request, event *auditEvent) string {
if token, ok := r.Header["X-Bunker-Token"]; ok {
authResult, err := e.db.checkUserAuthXToken(token[0])
//fmt.Printf("error in auth? error %s - %s\n", err, token[0])
if err == nil {
if event != nil {
event.Identity = authResult.name
}
if len(authResult.ttype) > 0 && authResult.ttype != "login" {
return authResult.ttype
}
}
}
log.Printf("403 Access denied\n")
w.WriteHeader(http.StatusForbidden)
w.Write([]byte("Access denied"))
return ""
}
func EnforceUUID(w http.ResponseWriter, uuidCode string, event *auditEvent) bool {
if isValidUUID(uuidCode) == false {
//fmt.Printf("405 bad uuid in : %s\n", uuidCode)
w.Header().Set("Content-Type", "application/json; charset=utf-8")
w.WriteHeader(405)
fmt.Fprintf(w, `{"status":"error","message":"bad uuid"}`)
if event != nil {
event.Status = "error"
event.Msg = "bad uuid"
}
return false
}
return true
}
func getJSONPostMap(r *http.Request) (map[string]interface{}, error) {
cType, _, err := mime.ParseMediaType(r.Header.Get("Content-Type")) cType, _, err := mime.ParseMediaType(r.Header.Get("Content-Type"))
if err != nil { if err != nil {
log.Printf("ignoring empty content-type: %s\n", err) log.Printf("ignoring empty content-type: %s\n", err)
@@ -573,7 +463,7 @@ func getJSONPostMap(r *http.Request) (map[string]interface{}, error) {
return records, nil return records, nil
} }
func getJSONPostData(r *http.Request) ([]byte, error) { func GetJSONPostData(r *http.Request) ([]byte, error) {
cType, _, err := mime.ParseMediaType(r.Header.Get("Content-Type")) cType, _, err := mime.ParseMediaType(r.Header.Get("Content-Type"))
if err != nil { if err != nil {
log.Printf("ignoring empty content-type: %s\n", err) log.Printf("ignoring empty content-type: %s\n", err)
@@ -626,7 +516,7 @@ func getJSONPostData(r *http.Request) ([]byte, error) {
return nil, errors.New("wrong content-type, not a json string") return nil, errors.New("wrong content-type, not a json string")
} }
func getIndexString(val interface{}) string { func GetIndexString(val interface{}) string {
switch val.(type) { switch val.(type) {
case nil: case nil:
return "" return ""
@@ -644,9 +534,9 @@ func getIndexString(val interface{}) string {
return "" return ""
} }
func getUserJSON(r *http.Request, defaultCountry string) (userJSON, error) { func GetUserJSONStruct(r *http.Request, defaultCountry string) (UserJSONStruct, error) {
var result userJSON var result UserJSONStruct
records, err := getJSONPostMap(r) records, err := GetJSONPostMap(r)
if err != nil { if err != nil {
return result, err return result, err
} }
@@ -655,27 +545,27 @@ func getUserJSON(r *http.Request, defaultCountry string) (userJSON, error) {
} }
if value, ok := records["login"]; ok { if value, ok := records["login"]; ok {
result.loginIdx = getIndexString(value) result.LoginIdx = GetIndexString(value)
} }
if value, ok := records["email"]; ok { if value, ok := records["email"]; ok {
result.emailIdx = normalizeEmail(getIndexString(value)) result.EmailIdx = NormalizeEmail(GetIndexString(value))
} }
if value, ok := records["phone"]; ok { if value, ok := records["phone"]; ok {
result.phoneIdx = normalizePhone(getIndexString(value), defaultCountry) result.PhoneIdx = NormalizePhone(GetIndexString(value), defaultCountry)
} }
if value, ok := records["custom"]; ok { if value, ok := records["custom"]; ok {
result.customIdx = getIndexString(value) result.CustomIdx = GetIndexString(value)
} }
if value, ok := records["token"]; ok { if value, ok := records["token"]; ok {
result.token = value.(string) result.Token = value.(string)
} }
result.jsonData, err = json.Marshal(records) result.JsonData, err = json.Marshal(records)
return result, err return result, err
} }
var letters = []rune("abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ") var letters = []rune("abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ")
func randSeq(n int) string { func RandSeq(n int) string {
b := make([]rune, n) b := make([]rune, n)
for i := range b { for i := range b {
b[i] = letters[rand.Intn(len(letters))] b[i] = letters[rand.Intn(len(letters))]
@@ -686,11 +576,11 @@ func randSeq(n int) string {
var numbers0 = []rune("123456789") var numbers0 = []rune("123456789")
var numbers = []rune("0123456789") var numbers = []rune("0123456789")
func randNum(n int) int32 { func RandNum(n int) int32 {
b := make([]rune, n) b := make([]rune, n)
for i := range b { for i := range b {
b[i] = numbers[rand.Intn(len(numbers))] b[i] = numbers[rand.Intn(len(numbers))]
} }
b[0] = numbers0[rand.Intn(len(numbers0))] b[0] = numbers0[rand.Intn(len(numbers0))]
return atoi(string(b)) return Atoi(string(b))
} }