search

mrheinen / lophiid

A distributed honeypot for monitoring large scale web attacks
GNU General Public License v2.0
6 stars 1 forks source link

Have honeypots report the ports they listen on #68

Closed mrheinen closed 5 days ago

mrheinen commented 5 days ago

User description

This PR finalizes the functionality where honeypots report the ports they listen on via the Status RPC. The ports are then stored in the database and displayed in the honeypot tab in the web UI

PR Type

Enhancement

Description

This PR implements the functionality for honeypots to report the ports they listen on and stores this information in the database. The main changes include:

These changes enable better tracking and display of honeypot configurations, improving system monitoring and management capabilities.

Changes walkthrough πŸ“

Relevant files
Enhancement
agent.go
Add port reporting to Agent                                                           
pkg/agent/agent.go
  • Added ports and sslPorts fields to the Agent struct
  • Updated Start method to populate these fields
  • Modified SendStatus call to include ListenPort and ListenPortSsl
    		•  +12/-2   
    backend.go
    Implement port storage in backend                                               
    pkg/backend/backend.go
  • Updated SendStatus function to handle and store reported ports
  • Modified honeypot creation and update logic to include port
    information
    		•  +15/-2   
    database.go
    Add port fields to Honeypot struct                                             
    pkg/database/database.go
  • Added Ports and SSLPorts fields to the Honeypot struct
  • Updated field types to use pgtype.FlatArray[int64]
    		•  +11/-9   
    string_map_cache.go
    Generalize StringMapCache implementation                                 
    pkg/util/string_map_cache.go
  • Modified StringMapCache and related functions to use generic type T
    any instead of T comparable
    		•  +3/-3     
    HoneypotForm.vue
    Add port display to Honeypot form                                               
    ui/src/components/container/HoneypotForm.vue
  • Added display fields for HTTP and HTTPS ports
  • Implemented logic to format and display port information
    		•  +33/-0   
    database.sql
    Update honeypot table schema                                                         
    config/database.sql
  • Added ports and ssl_ports columns to the honeypot table
  • Added cves column to the honeypot table
    		•  +3/-0     
    Tests
    backend_test.go
    Update backend tests for port handling                                     
    pkg/backend/backend_test.go
  • Updated test cases to include ListenPort and ListenPortSsl in requests
  • Added assertions to verify correct handling of port information
    		•  +39/-10 

    πŸ’‘ PR-Agent usage: Comment /help "your question" on any pull request to receive relevant information

    codiumai-pr-agent-pro[bot] commented 5 days ago

    PR Reviewer Guide πŸ”

    Here are some key observations to aid the review process:

    ⏱️ Estimated effort to review: 3 πŸ”΅πŸ”΅πŸ”΅βšͺβšͺ
    πŸ§ͺ PR contains tests
    πŸ”’ No security concerns identified
    ⚑ Recommended focus areas for review

    Potential Bug
    The code appends SSL ports to the regular ports array instead of the SSL ports array. This may lead to incorrect port reporting. Performance Concern
    The code recreates the entire ports and SSL ports arrays on each status update, which may be inefficient for frequent updates. Code Smell
    The port formatting logic in the watch hook is repetitive and could be refactored into a separate method for better maintainability.
    github-actions[bot] commented 5 days ago

    Failed to generate code suggestions for PR

    codiumai-pr-agent-pro[bot] commented 5 days ago

    PR Code Suggestions ✨

    Explore these optional code suggestions:

    CategorySuggestion                                                                                                                                    Score
    Enhancement
    Directly assign new port values instead of appending to empty slices ___ **Instead of appending to empty slices, directly assign the new values to hp.Ports and
    hp.SSLPorts. This is more efficient and clearer.** [pkg/backend/backend.go [336-337]](https://github.com/mrheinen/lophiid/pull/68/files#diff-c65bcfe9bb457434c3e69ba3f0576d7669935f350d24e2c2c58b05b4f9c510b2R336-R337) ```diff -hp.Ports = append(hp.Ports, req.GetListenPort()...) -hp.SSLPorts = append(hp.Ports, req.GetListenPortSsl()...) +hp.Ports = req.GetListenPort() +hp.SSLPorts = req.GetListenPortSsl() ``` - [ ] **Apply this suggestion**
    Suggestion importance[1-10]: 8 Why: This suggestion improves code efficiency and readability by directly assigning values instead of unnecessary append operations on empty slices.
    		8
    βœ… Simplify port assignment by directly assigning new values instead of clearing and appending ___
    Suggestion Impact:The commit implemented the suggestion by replacing the slice clearing and appending operations with direct assignments for both Ports and SSLPorts. code diff: ```diff dms[0].Ports = []int64{} - dms[0].Ports = append(dms[0].Ports, req.GetListenPort()...) + dms[0].Ports = req.GetListenPort() dms[0].SSLPorts = []int64{} - dms[0].SSLPorts = append(dms[0].SSLPorts, req.GetListenPortSsl()...) + dms[0].SSLPorts = req.GetListenPortSsl() ```
    ___ **Replace the repeated slice clearing and appending operations with direct assignments
    for dms[0].Ports and dms[0].SSLPorts.** [pkg/backend/backend.go [349-353]](https://github.com/mrheinen/lophiid/pull/68/files#diff-c65bcfe9bb457434c3e69ba3f0576d7669935f350d24e2c2c58b05b4f9c510b2R349-R353) ```diff -dms[0].Ports = []int64{} -dms[0].Ports = append(dms[0].Ports, req.GetListenPort()...) +dms[0].Ports = req.GetListenPort() +dms[0].SSLPorts = req.GetListenPortSsl() -dms[0].SSLPorts = []int64{} -dms[0].SSLPorts = append(dms[0].SSLPorts, req.GetListenPortSsl()...) - ``` - [ ] **Apply this suggestion**
    Suggestion importance[1-10]: 8 Why: This change eliminates redundant operations, making the code more concise and efficient while maintaining the same functionality.
    		8
    βœ… Simplify port string creation by using the join method instead of manual concatenation ___
    Suggestion Impact:The commit directly implemented the suggestion by replacing the manual string concatenation with the join() method for both localPorts and localSSLPorts code diff: ```diff - this.localHoneypot.ports.forEach((port) => { - if (this.localPorts == "") { - this.localPorts += port; - } else { - this.localPorts += ", " + port; - } - }) - - this.localHoneypot.ssl_ports.forEach((port) => { - if (this.localSSLPorts == "") { - this.localSSLPorts += port; - } else { - this.localSSLPorts += ", " + port; - } - }) + this.localPorts = this.localHoneypot.ports.join(", "); + this.localSSLPorts = this.localHoneypot.ssl_ports.join(", "); ```
    ___ **Replace the manual string concatenation for localPorts and localSSLPorts with the
    join() method, which is more concise and efficient.** [ui/src/components/container/HoneypotForm.vue [189-203]](https://github.com/mrheinen/lophiid/pull/68/files#diff-e333339a49f1250cbbff50f56916c5c3c731bf7e1eb349da1553bee56dc119d7R189-R203) ```diff -this.localHoneypot.ports.forEach((port) => { - if (this.localPorts == "") { - this.localPorts += port; - } else { - this.localPorts += ", " + port; - } -}) +this.localPorts = this.localHoneypot.ports.join(", "); +this.localSSLPorts = this.localHoneypot.ssl_ports.join(", "); -this.localHoneypot.ssl_ports.forEach((port) => { - if (this.localSSLPorts == "") { - this.localSSLPorts += port; - } else { - this.localSSLPorts += ", " + port; - } -}) - ``` - [ ] **Apply this suggestion**
    Suggestion importance[1-10]: 7 Why: Using the join method is more concise and efficient than manual string concatenation, improving code readability and performance.
    		7
    Use a map to track ports and their SSL status instead of separate slices ___ **Consider using a map to track SSL and non-SSL ports instead of separate slices. This
    approach can simplify the code and potentially improve performance when checking if
    a port is SSL or not.** [pkg/agent/agent.go [80-84]](https://github.com/mrheinen/lophiid/pull/68/files#diff-18bf746206c8ac217eb16ffb0cf91a6e676e05a7b517dc70aef0260d0871028fR80-R84) ```diff -if s.ssl { - a.sslPorts = append(a.sslPorts, s.port) -} else { - a.ports = append(a.ports, s.port) -} +a.ports[s.port] = s.ssl ``` - [ ] **Apply this suggestion**
    Suggestion importance[1-10]: 6 Why: While this suggestion could potentially improve performance for port lookups, it changes the data structure significantly. The benefit may not outweigh the cost of refactoring other parts of the code that rely on the current structure.
    		6

    πŸ’‘ Need additional feedback ? start a PR chat