From 594d37bb40f3e3e0f15553383cf2a305d4d6742e Mon Sep 17 00:00:00 2001 From: mo khan Date: Mon, 9 Feb 2015 19:43:03 -0700 Subject: extract api. --- app/controllers/api/agents/events_controller.rb | 19 +++++++++++++++++++ app/controllers/api/agents/files_controller.rb | 21 +++++++++++++++++++++ app/controllers/api/agents_controller.rb | 15 +++++++++++++++ 3 files changed, 55 insertions(+) create mode 100644 app/controllers/api/agents/events_controller.rb create mode 100644 app/controllers/api/agents/files_controller.rb create mode 100644 app/controllers/api/agents_controller.rb (limited to 'app/controllers/api') diff --git a/app/controllers/api/agents/events_controller.rb b/app/controllers/api/agents/events_controller.rb new file mode 100644 index 0000000..255a5bc --- /dev/null +++ b/app/controllers/api/agents/events_controller.rb @@ -0,0 +1,19 @@ +module Api + module Agents + class EventsController < ApplicationController + def create + @agent = Agent.find(params[:agent_id]) + message = event_params.merge({agent_id: @agent.id}) + routing_key = "events.#{event_params[:type]}.#{@agent.id}" + Publisher.publish(routing_key, message) + render nothing: true + end + + private + + def event_params + params[:event] + end + end + end +end diff --git a/app/controllers/api/agents/files_controller.rb b/app/controllers/api/agents/files_controller.rb new file mode 100644 index 0000000..fd7410c --- /dev/null +++ b/app/controllers/api/agents/files_controller.rb @@ -0,0 +1,21 @@ +module Api + module Agents + class FilesController < ApplicationController + before_action do + request.format = :json + end + + def show + @agent = Agent.find(params[:agent_id]) + @fingerprint = params[:id] + @file = Disposition.find_by(fingerprint: params[:id]) + message = { + agent_id: params[:id], + type: :lookup, + data: params[:data] + } + Publisher.publish("events.scanned.#{@agent.id}", message) + end + end + end +end diff --git a/app/controllers/api/agents_controller.rb b/app/controllers/api/agents_controller.rb new file mode 100644 index 0000000..16174b1 --- /dev/null +++ b/app/controllers/api/agents_controller.rb @@ -0,0 +1,15 @@ +module Api + class AgentsController < ApplicationController + #before_action do + #request.format = :json + #end + + def create + @agent = Agent.create!(agent_params) + end + + def agent_params + params.require(:agent).permit(:hostname) + end + end +end -- cgit v1.2.3 From 99eb8e0e8ba68bfdc6f97d58af2e7a1d7ba2e3ba Mon Sep 17 00:00:00 2001 From: mo khan Date: Mon, 9 Feb 2015 19:56:40 -0700 Subject: specifiy correct agent id in lookup event. --- app/controllers/api/agents/files_controller.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'app/controllers/api') diff --git a/app/controllers/api/agents/files_controller.rb b/app/controllers/api/agents/files_controller.rb index fd7410c..1329d04 100644 --- a/app/controllers/api/agents/files_controller.rb +++ b/app/controllers/api/agents/files_controller.rb @@ -10,7 +10,7 @@ module Api @fingerprint = params[:id] @file = Disposition.find_by(fingerprint: params[:id]) message = { - agent_id: params[:id], + agent_id: @agent.id, type: :lookup, data: params[:data] } -- cgit v1.2.3 From 34f53efff788b7558f63d973aad1f3475c27c125 Mon Sep 17 00:00:00 2001 From: mo khan Date: Mon, 9 Feb 2015 20:25:22 -0700 Subject: extract message objects to publish. --- app/controllers/agents/events_controller.rb | 8 +++++--- app/controllers/api/agents/events_controller.rb | 9 ++++++--- app/controllers/api/agents/files_controller.rb | 7 +++---- app/controllers/application_controller.rb | 6 ++++++ app/controllers/dispositions_controller.rb | 11 ++++++++--- app/models/event_message.rb | 25 +++++++++++++++++++++++++ app/models/poke_message.rb | 23 +++++++++++++++++++++++ app/services/publisher.rb | 4 ++-- 8 files changed, 78 insertions(+), 15 deletions(-) create mode 100644 app/models/event_message.rb create mode 100644 app/models/poke_message.rb (limited to 'app/controllers/api') diff --git a/app/controllers/agents/events_controller.rb b/app/controllers/agents/events_controller.rb index 6827938..30ca295 100644 --- a/app/controllers/agents/events_controller.rb +++ b/app/controllers/agents/events_controller.rb @@ -11,9 +11,11 @@ module Agents end def create - message = event_params.merge({agent_id: @agent.id}) - routing_key = "events.#{event_params[:type]}.#{@agent.id}" - Publisher.publish(routing_key, message) + publish(EventMessage.new( + agent_id: @agent.id, + event_type: event_params[:event_type], + data: event_params[:data] + )) redirect_to agent_events_url, notice: 'Event was successfully created.' end diff --git a/app/controllers/api/agents/events_controller.rb b/app/controllers/api/agents/events_controller.rb index 255a5bc..ca9b829 100644 --- a/app/controllers/api/agents/events_controller.rb +++ b/app/controllers/api/agents/events_controller.rb @@ -3,9 +3,12 @@ module Api class EventsController < ApplicationController def create @agent = Agent.find(params[:agent_id]) - message = event_params.merge({agent_id: @agent.id}) - routing_key = "events.#{event_params[:type]}.#{@agent.id}" - Publisher.publish(routing_key, message) + publish(EventMessage.new( + agent_id: @agent.id, + event_type: event_params[:event_type], + data: event_params[:data] + )) + render nothing: true end diff --git a/app/controllers/api/agents/files_controller.rb b/app/controllers/api/agents/files_controller.rb index 1329d04..b111048 100644 --- a/app/controllers/api/agents/files_controller.rb +++ b/app/controllers/api/agents/files_controller.rb @@ -9,12 +9,11 @@ module Api @agent = Agent.find(params[:agent_id]) @fingerprint = params[:id] @file = Disposition.find_by(fingerprint: params[:id]) - message = { + publish(EventMessage.new( agent_id: @agent.id, - type: :lookup, + event_type: :scanned, data: params[:data] - } - Publisher.publish("events.scanned.#{@agent.id}", message) + )) end end end diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb index 84e9c93..8ce68a5 100644 --- a/app/controllers/application_controller.rb +++ b/app/controllers/application_controller.rb @@ -3,4 +3,10 @@ class ApplicationController < ActionController::Base # For APIs, you may want to use :null_session instead. #protect_from_forgery with: :exception protect_from_forgery with: :null_session + + protected + + def publish(message) + Publisher.publish(message) + end end diff --git a/app/controllers/dispositions_controller.rb b/app/controllers/dispositions_controller.rb index 17f8657..e63f696 100644 --- a/app/controllers/dispositions_controller.rb +++ b/app/controllers/dispositions_controller.rb @@ -18,14 +18,19 @@ class DispositionsController < ApplicationController end def create - fingerprint = disposition_params[:fingerprint] - Publisher.publish("commands.poke.#{fingerprint}", disposition_params) + publish(PokeMessage.new( + fingerprint: disposition_params[:fingerprint], + state: disposition_params[:state], + )) redirect_to dispositions_path, notice: 'Disposition was successfully created.' end def update - Publisher.publish("poke", disposition_params) + publish(PokeMessage.new( + fingerprint: disposition_params[:fingerprint], + state: disposition_params[:state], + )) redirect_to dispositions_path, notice: 'Disposition was successfully updated.' end diff --git a/app/models/event_message.rb b/app/models/event_message.rb new file mode 100644 index 0000000..0a0c9ae --- /dev/null +++ b/app/models/event_message.rb @@ -0,0 +1,25 @@ +class EventMessage + attr_reader :agent_id, :event_type, :data + + def initialize(agent_id:, event_type:, data: {}) + @agent_id = agent_id + @event_type = event_type + @data = data + end + + def routing_key + "events.#{event_type}.#{agent_id}" + end + + def to_hash + { + agent_id: agent_id, + event_type: event_type, + data: data + } + end + + def to_json + to_hash.to_json + end +end diff --git a/app/models/poke_message.rb b/app/models/poke_message.rb new file mode 100644 index 0000000..b134ba9 --- /dev/null +++ b/app/models/poke_message.rb @@ -0,0 +1,23 @@ +class PokeMessage + attr_reader :fingerprint, :state + + def initialize(fingerprint:, state: ) + @fingerprint = fingerprint + @state = state + end + + def routing_key + "commands.poke.#{fingerprint}" + end + + def to_hash + { + fingerprint: fingerprint, + state: state + } + end + + def to_json + to_hash.to_json + end +end diff --git a/app/services/publisher.rb b/app/services/publisher.rb index 704f1e3..1c384dd 100644 --- a/app/services/publisher.rb +++ b/app/services/publisher.rb @@ -1,7 +1,7 @@ class Publisher - def self.publish(routing_key, message = {}) + def self.publish(message) exchange = channel.topic("malwer") - exchange.publish(message.to_json, routing_key: routing_key) + exchange.publish(message.to_json, routing_key: message.routing_key) end def self.channel -- cgit v1.2.3 From 41c8858025eb14cab34635b058ccf761dd04eb90 Mon Sep 17 00:00:00 2001 From: mo khan Date: Mon, 9 Feb 2015 20:36:18 -0700 Subject: use api controller and log errors in fake agent. --- app/controllers/api/agents/files_controller.rb | 2 +- app/controllers/api/agents_controller.rb | 6 +----- app/controllers/api/api_controller.rb | 5 +++++ app/controllers/application_controller.rb | 1 - app/models/event_message.rb | 2 +- app/models/scanned.rb | 2 ++ lib/fake_agent.rb | 10 ++++++++-- 7 files changed, 18 insertions(+), 10 deletions(-) create mode 100644 app/controllers/api/api_controller.rb create mode 100644 app/models/scanned.rb (limited to 'app/controllers/api') diff --git a/app/controllers/api/agents/files_controller.rb b/app/controllers/api/agents/files_controller.rb index b111048..c13eac9 100644 --- a/app/controllers/api/agents/files_controller.rb +++ b/app/controllers/api/agents/files_controller.rb @@ -1,6 +1,6 @@ module Api module Agents - class FilesController < ApplicationController + class FilesController < ApiController before_action do request.format = :json end diff --git a/app/controllers/api/agents_controller.rb b/app/controllers/api/agents_controller.rb index 16174b1..a7307f0 100644 --- a/app/controllers/api/agents_controller.rb +++ b/app/controllers/api/agents_controller.rb @@ -1,9 +1,5 @@ module Api - class AgentsController < ApplicationController - #before_action do - #request.format = :json - #end - + class AgentsController < ApiController def create @agent = Agent.create!(agent_params) end diff --git a/app/controllers/api/api_controller.rb b/app/controllers/api/api_controller.rb new file mode 100644 index 0000000..0316222 --- /dev/null +++ b/app/controllers/api/api_controller.rb @@ -0,0 +1,5 @@ +module Api + class ApiController < ApplicationController + protect_from_forgery with: :null_session + end +end diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb index 8ce68a5..209ec89 100644 --- a/app/controllers/application_controller.rb +++ b/app/controllers/application_controller.rb @@ -2,7 +2,6 @@ class ApplicationController < ActionController::Base # Prevent CSRF attacks by raising an exception. # For APIs, you may want to use :null_session instead. #protect_from_forgery with: :exception - protect_from_forgery with: :null_session protected diff --git a/app/models/event_message.rb b/app/models/event_message.rb index 0a0c9ae..75bd9ac 100644 --- a/app/models/event_message.rb +++ b/app/models/event_message.rb @@ -14,7 +14,7 @@ class EventMessage def to_hash { agent_id: agent_id, - event_type: event_type, + type: event_type, data: data } end diff --git a/app/models/scanned.rb b/app/models/scanned.rb new file mode 100644 index 0000000..cfe1b87 --- /dev/null +++ b/app/models/scanned.rb @@ -0,0 +1,2 @@ +class Scanned < Event +end diff --git a/lib/fake_agent.rb b/lib/fake_agent.rb index ecc9e47..2cf3309 100644 --- a/lib/fake_agent.rb +++ b/lib/fake_agent.rb @@ -44,6 +44,8 @@ class FakeAgent when "unknown" puts "file is unknown" end + rescue StandardError => error + log_error(error) end def sniff(interface) @@ -85,8 +87,8 @@ class FakeAgent } Typhoeus.post(event_url, body: body) end - rescue => e - puts "#{e.message} #{e.backtrace.join(' ')}" + rescue StandardError => error + log_error(error) end def fingerprint_for(file) @@ -122,4 +124,8 @@ class FakeAgent def registration_url "#{endpoint}/api/agents" end + + def log_error(error) + puts "#{error.message} #{error.backtrace.join(' ')}" + end end -- cgit v1.2.3 From 2b679683b19322a568225a69949e5d8ed61fe9a9 Mon Sep 17 00:00:00 2001 From: mo khan Date: Mon, 9 Feb 2015 20:40:06 -0700 Subject: protect from forgery and cache ip and hostname on fake agent. --- app/controllers/api/agents/events_controller.rb | 2 +- app/controllers/api/api_controller.rb | 7 ++++++- app/controllers/application_controller.rb | 2 +- lib/fake_agent.rb | 10 +++++++--- 4 files changed, 15 insertions(+), 6 deletions(-) (limited to 'app/controllers/api') diff --git a/app/controllers/api/agents/events_controller.rb b/app/controllers/api/agents/events_controller.rb index ca9b829..60b9195 100644 --- a/app/controllers/api/agents/events_controller.rb +++ b/app/controllers/api/agents/events_controller.rb @@ -1,6 +1,6 @@ module Api module Agents - class EventsController < ApplicationController + class EventsController < ApiController def create @agent = Agent.find(params[:agent_id]) publish(EventMessage.new( diff --git a/app/controllers/api/api_controller.rb b/app/controllers/api/api_controller.rb index 0316222..6954700 100644 --- a/app/controllers/api/api_controller.rb +++ b/app/controllers/api/api_controller.rb @@ -1,5 +1,10 @@ module Api - class ApiController < ApplicationController + class ApiController < ActionController::Base protect_from_forgery with: :null_session + protected + + def publish(message) + Publisher.publish(message) + end end end diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb index 209ec89..54093eb 100644 --- a/app/controllers/application_controller.rb +++ b/app/controllers/application_controller.rb @@ -1,7 +1,7 @@ class ApplicationController < ActionController::Base # Prevent CSRF attacks by raising an exception. # For APIs, you may want to use :null_session instead. - #protect_from_forgery with: :exception + protect_from_forgery with: :exception protected diff --git a/lib/fake_agent.rb b/lib/fake_agent.rb index 2cf3309..bfa20d3 100644 --- a/lib/fake_agent.rb +++ b/lib/fake_agent.rb @@ -10,7 +10,7 @@ class FakeAgent end def register - response = Typhoeus.post(registration_url, body: { agent: { hostname: Socket.gethostname } }) + response = Typhoeus.post(registration_url, body: { agent: { hostname: hostname } }) json = JSON.parse(response.body) @id = json["id"] end @@ -80,7 +80,7 @@ class FakeAgent data: { fingerprint: fingerprint_for(file), path: file, - hostname: Socket.gethostname, + hostname: hostname, ip_addresses: ip_addresses, } } @@ -98,8 +98,12 @@ class FakeAgent sha end + def hostname + @hostname ||= Socket.gethostname + end + def ip_addresses - Socket.ip_address_list.find_all { |x| x.ipv4? }.map { |x| x.ip_address } + @ipaddresses ||= Socket.ip_address_list.find_all { |x| x.ipv4? }.map { |x| x.ip_address } end def disposition_for(file) -- cgit v1.2.3 From 05b427bd4d9f9c4ea60f9485f06d68de0b689d28 Mon Sep 17 00:00:00 2001 From: mo khan Date: Mon, 9 Feb 2015 20:46:57 -0700 Subject: use type param. --- app/controllers/agents/events_controller.rb | 2 +- app/controllers/api/agents/events_controller.rb | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) (limited to 'app/controllers/api') diff --git a/app/controllers/agents/events_controller.rb b/app/controllers/agents/events_controller.rb index 30ca295..f695feb 100644 --- a/app/controllers/agents/events_controller.rb +++ b/app/controllers/agents/events_controller.rb @@ -13,7 +13,7 @@ module Agents def create publish(EventMessage.new( agent_id: @agent.id, - event_type: event_params[:event_type], + event_type: event_params[:type], data: event_params[:data] )) redirect_to agent_events_url, notice: 'Event was successfully created.' diff --git a/app/controllers/api/agents/events_controller.rb b/app/controllers/api/agents/events_controller.rb index 60b9195..56b566f 100644 --- a/app/controllers/api/agents/events_controller.rb +++ b/app/controllers/api/agents/events_controller.rb @@ -5,7 +5,7 @@ module Api @agent = Agent.find(params[:agent_id]) publish(EventMessage.new( agent_id: @agent.id, - event_type: event_params[:event_type], + event_type: event_params[:type], data: event_params[:data] )) -- cgit v1.2.3