|
@@ -1,8 +1,6 @@
|
|
|
package parser
|
|
|
|
|
|
import (
|
|
|
- "time"
|
|
|
-
|
|
|
"github.com/crowdsecurity/crowdsec/pkg/types"
|
|
|
log "github.com/sirupsen/logrus"
|
|
|
)
|
|
@@ -12,94 +10,62 @@ type EnrichFunc func(string, *types.Event, interface{}) (map[string]string, erro
|
|
|
type InitFunc func(map[string]string) (interface{}, error)
|
|
|
|
|
|
type EnricherCtx struct {
|
|
|
- Funcs map[string]EnrichFunc
|
|
|
- Init InitFunc
|
|
|
+ Registered map[string]*Enricher
|
|
|
+}
|
|
|
+
|
|
|
+type Enricher struct {
|
|
|
Name string
|
|
|
- Path string //path to .so ?
|
|
|
- RuntimeCtx interface{} //the internal context of plugin, given back over every call
|
|
|
- initiated bool
|
|
|
+ InitFunc InitFunc
|
|
|
+ EnrichFunc EnrichFunc
|
|
|
+ Ctx interface{}
|
|
|
}
|
|
|
|
|
|
/* mimic plugin loading */
|
|
|
-func Loadplugin(path string) ([]EnricherCtx, error) {
|
|
|
- var err error
|
|
|
+func Loadplugin(path string) (EnricherCtx, error) {
|
|
|
+ enricherCtx := EnricherCtx{}
|
|
|
+ enricherCtx.Registered = make(map[string]*Enricher)
|
|
|
|
|
|
- c := EnricherCtx{}
|
|
|
- c.Name = path
|
|
|
- c.Path = path
|
|
|
- /* we don't want to deal with plugin loading for now :p */
|
|
|
- c.Funcs = map[string]EnrichFunc{
|
|
|
- "GeoIpASN": GeoIpASN,
|
|
|
- "GeoIpCity": GeoIpCity,
|
|
|
- "reverse_dns": reverse_dns,
|
|
|
- "ParseDate": ParseDate,
|
|
|
- "IpToRange": IpToRange,
|
|
|
- }
|
|
|
- c.Init = GeoIpInit
|
|
|
+ enricherConfig := map[string]string{"datadir": path}
|
|
|
|
|
|
- c.RuntimeCtx, err = c.Init(map[string]string{"datadir": path})
|
|
|
- if err != nil {
|
|
|
- log.Warningf("load (fake) plugin load : %v", err)
|
|
|
- c.initiated = false
|
|
|
+ EnrichersList := []*Enricher{
|
|
|
+ {
|
|
|
+ Name: "GeoIpCity",
|
|
|
+ InitFunc: GeoIPCityInit,
|
|
|
+ EnrichFunc: GeoIpCity,
|
|
|
+ },
|
|
|
+ {
|
|
|
+ Name: "GeoIpASN",
|
|
|
+ InitFunc: GeoIPASNInit,
|
|
|
+ EnrichFunc: GeoIpASN,
|
|
|
+ },
|
|
|
+ {
|
|
|
+ Name: "IpToRange",
|
|
|
+ InitFunc: IpToRangeInit,
|
|
|
+ EnrichFunc: IpToRange,
|
|
|
+ },
|
|
|
+ {
|
|
|
+ Name: "reverse_dns",
|
|
|
+ InitFunc: reverseDNSInit,
|
|
|
+ EnrichFunc: reverse_dns,
|
|
|
+ },
|
|
|
+ {
|
|
|
+ Name: "ParseDate",
|
|
|
+ InitFunc: parseDateInit,
|
|
|
+ EnrichFunc: ParseDate,
|
|
|
+ },
|
|
|
}
|
|
|
- c.initiated = true
|
|
|
- return []EnricherCtx{c}, nil
|
|
|
-}
|
|
|
-
|
|
|
-func GenDateParse(date string) (string, time.Time) {
|
|
|
- var (
|
|
|
- layouts = [...]string{
|
|
|
- time.RFC3339,
|
|
|
- "02/Jan/2006:15:04:05 -0700",
|
|
|
- "Mon Jan 2 15:04:05 2006",
|
|
|
- "02-Jan-2006 15:04:05 europe/paris",
|
|
|
- "01/02/2006 15:04:05",
|
|
|
- "2006-01-02 15:04:05.999999999 -0700 MST",
|
|
|
- "Jan 2 15:04:05",
|
|
|
- "Mon Jan 02 15:04:05.000000 2006",
|
|
|
- "2006-01-02T15:04:05Z07:00",
|
|
|
- "2006/01/02",
|
|
|
- "2006/01/02 15:04",
|
|
|
- "2006-01-02",
|
|
|
- "2006-01-02 15:04",
|
|
|
- "2006/01/02 15:04:05",
|
|
|
- "2006-01-02 15:04:05",
|
|
|
- }
|
|
|
- )
|
|
|
|
|
|
- for _, dateFormat := range layouts {
|
|
|
- t, err := time.Parse(dateFormat, date)
|
|
|
- if err == nil && !t.IsZero() {
|
|
|
- //if the year isn't set, set it to current date :)
|
|
|
- if t.Year() == 0 {
|
|
|
- t = t.AddDate(time.Now().Year(), 0, 0)
|
|
|
- }
|
|
|
- retstr, err := t.MarshalText()
|
|
|
- if err != nil {
|
|
|
- log.Warningf("Failed marshaling '%v'", t)
|
|
|
- continue
|
|
|
- }
|
|
|
- return string(retstr), t
|
|
|
+ for _, enricher := range EnrichersList {
|
|
|
+ log.Debugf("Initiating enricher '%s'", enricher.Name)
|
|
|
+ pluginCtx, err := enricher.InitFunc(enricherConfig)
|
|
|
+ if err != nil {
|
|
|
+ log.Errorf("unable to register plugin '%s': %v", enricher.Name, err)
|
|
|
+ continue
|
|
|
}
|
|
|
+ enricher.Ctx = pluginCtx
|
|
|
+ log.Infof("Successfully registered enricher '%s'", enricher.Name)
|
|
|
+ enricherCtx.Registered[enricher.Name] = enricher
|
|
|
}
|
|
|
|
|
|
- now := time.Now()
|
|
|
- retstr, err := now.MarshalText()
|
|
|
- if err != nil {
|
|
|
- log.Warningf("Failed marshaling current time")
|
|
|
- return "", time.Time{}
|
|
|
- }
|
|
|
- return string(retstr), now
|
|
|
-}
|
|
|
-
|
|
|
-func ParseDate(in string, p *types.Event, x interface{}) (map[string]string, error) {
|
|
|
-
|
|
|
- var ret map[string]string = make(map[string]string)
|
|
|
- tstr, tbin := GenDateParse(in)
|
|
|
- if !tbin.IsZero() {
|
|
|
- ret["MarshaledTime"] = string(tstr)
|
|
|
- return ret, nil
|
|
|
- }
|
|
|
-
|
|
|
- return nil, nil
|
|
|
+ return enricherCtx, nil
|
|
|
}
|