mirror of
https://github.com/kubeshark/kubeshark.git
synced 2026-05-06 01:07:13 +00:00
6337b75f0e
* Fix rules * Not reay, error on running * Empty dissector Rules() * almost working * Finally, fixed * undo changes on agent/pkg/utils/har.go * fix not showing service on rules detail * Update tap/api/api.go Co-authored-by: gadotroee <55343099+gadotroee@users.noreply.github.com> * Update agent/pkg/controllers/entries_controller.go Co-authored-by: gadotroee <55343099+gadotroee@users.noreply.github.com> * Update agent/pkg/controllers/entries_controller.go Co-authored-by: gadotroee <55343099+gadotroee@users.noreply.github.com> * unwrap Data * Fix bug off using more than one latency rule that always get the first. * fix json type, decoding base64 before unmarshal * Run `go mod tidy` on `cli/go.sum` * Fix the linting issues * Remove a `FIXME` comment * Remove a CSS rule * Adapt `ruleNumberText` CSS class to the design language of the UI * Fix an issue in the UI related to `rule.Latency` slipping out * Removed unecessary codes. Co-authored-by: gadotroee <55343099+gadotroee@users.noreply.github.com> Co-authored-by: M. Mert Yildiran <mehmet@up9.com>
120 lines
3.2 KiB
Go
120 lines
3.2 KiB
Go
package rules
|
|
|
|
import (
|
|
"encoding/base64"
|
|
"encoding/json"
|
|
"fmt"
|
|
"reflect"
|
|
"regexp"
|
|
"strings"
|
|
|
|
"github.com/google/martian/har"
|
|
"github.com/up9inc/mizu/shared"
|
|
jsonpath "github.com/yalp/jsonpath"
|
|
)
|
|
|
|
type RulesMatched struct {
|
|
Matched bool `json:"matched"`
|
|
Rule shared.RulePolicy `json:"rule"`
|
|
}
|
|
|
|
func appendRulesMatched(rulesMatched []RulesMatched, matched bool, rule shared.RulePolicy) []RulesMatched {
|
|
return append(rulesMatched, RulesMatched{Matched: matched, Rule: rule})
|
|
}
|
|
|
|
func ValidatePath(URLFromRule string, URL string) bool {
|
|
if URLFromRule != "" {
|
|
matchPath, err := regexp.MatchString(URLFromRule, URL)
|
|
if err != nil || !matchPath {
|
|
return false
|
|
}
|
|
}
|
|
return true
|
|
}
|
|
|
|
func ValidateService(serviceFromRule string, service string) bool {
|
|
if serviceFromRule != "" {
|
|
matchService, err := regexp.MatchString(serviceFromRule, service)
|
|
if err != nil || !matchService {
|
|
return false
|
|
}
|
|
}
|
|
return true
|
|
}
|
|
|
|
func MatchRequestPolicy(harEntry har.Entry, service string) []RulesMatched {
|
|
enforcePolicy, _ := shared.DecodeEnforcePolicy(fmt.Sprintf("%s/%s", shared.RulePolicyPath, shared.RulePolicyFileName))
|
|
var resultPolicyToSend []RulesMatched
|
|
for _, rule := range enforcePolicy.Rules {
|
|
if !ValidatePath(rule.Path, harEntry.Request.URL) || !ValidateService(rule.Service, service) {
|
|
continue
|
|
}
|
|
if rule.Type == "json" {
|
|
var bodyJsonMap interface{}
|
|
contentTextDecoded, _ := base64.StdEncoding.DecodeString(string(harEntry.Response.Content.Text))
|
|
if err := json.Unmarshal(contentTextDecoded, &bodyJsonMap); err != nil {
|
|
continue
|
|
}
|
|
out, err := jsonpath.Read(bodyJsonMap, rule.Key)
|
|
if err != nil || out == nil {
|
|
continue
|
|
}
|
|
var matchValue bool
|
|
if reflect.TypeOf(out).Kind() == reflect.String {
|
|
matchValue, err = regexp.MatchString(rule.Value, out.(string))
|
|
if err != nil {
|
|
continue
|
|
}
|
|
fmt.Println(matchValue, rule.Value)
|
|
} else {
|
|
val := fmt.Sprint(out)
|
|
matchValue, err = regexp.MatchString(rule.Value, val)
|
|
if err != nil {
|
|
continue
|
|
}
|
|
}
|
|
resultPolicyToSend = appendRulesMatched(resultPolicyToSend, matchValue, rule)
|
|
} else if rule.Type == "header" {
|
|
for j := range harEntry.Response.Headers {
|
|
matchKey, err := regexp.MatchString(rule.Key, harEntry.Response.Headers[j].Name)
|
|
if err != nil {
|
|
continue
|
|
}
|
|
if matchKey {
|
|
matchValue, err := regexp.MatchString(rule.Value, harEntry.Response.Headers[j].Value)
|
|
if err != nil {
|
|
continue
|
|
}
|
|
resultPolicyToSend = appendRulesMatched(resultPolicyToSend, matchValue, rule)
|
|
}
|
|
}
|
|
} else {
|
|
resultPolicyToSend = appendRulesMatched(resultPolicyToSend, true, rule)
|
|
}
|
|
}
|
|
return resultPolicyToSend
|
|
}
|
|
|
|
func PassedValidationRules(rulesMatched []RulesMatched) (bool, int64, int) {
|
|
var numberOfRulesMatched = len(rulesMatched)
|
|
var latency int64 = -1
|
|
|
|
if numberOfRulesMatched == 0 {
|
|
return false, 0, numberOfRulesMatched
|
|
}
|
|
|
|
for _, rule := range rulesMatched {
|
|
if rule.Matched == false {
|
|
return false, latency, numberOfRulesMatched
|
|
} else {
|
|
if strings.ToLower(rule.Rule.Type) == "latency" {
|
|
if rule.Rule.Latency < latency || latency == -1 {
|
|
latency = rule.Rule.Latency
|
|
}
|
|
}
|
|
}
|
|
}
|
|
|
|
return true, latency, numberOfRulesMatched
|
|
}
|