Merge pull request #227 from Security-Onion-Solutions/2.4/dev

2.4.2
Security-Onion-Solutions · Jun 1, 2023 · c5b5387 · c5b5387
2 parents 849733a + 78a6f01
commit c5b5387
Show file tree

Hide file tree

Showing 71 changed files with 2,613 additions and 1,495 deletions.
diff --git a/Dockerfile.kratos b/Dockerfile.kratos
@@ -7,7 +7,7 @@
 FROM ghcr.io/security-onion-solutions/golang:alpine AS builder
 
 ARG OWNER=ory
-ARG VERSION=v0.11.1
+ARG VERSION=v0.13.0
 
 RUN addgroup -S ory; \
     adduser -S ory -G ory -D -H -s /bin/nologin

diff --git a/agent/jobmanager_test.go b/agent/jobmanager_test.go
@@ -0,0 +1,97 @@
+package agent
+
+import (
+	"bytes"
+	"errors"
+	"io"
+	"strconv"
+	"testing"
+	"time"
+
+	"github.com/security-onion-solutions/securityonion-soc/model"
+	"github.com/stretchr/testify/assert"
+)
+
+// idJobProcessor is a "sunny day" JobProcessor that simply appends the job id
+// to the stream without panicking.
+type idJobProcessor struct{}
+
+func (jp *idJobProcessor) ProcessJob(job *model.Job, reader io.ReadCloser) (io.ReadCloser, error) {
+	buf := bytes.NewBuffer([]byte{})
+
+	if reader != nil {
+		_, err := io.Copy(buf, reader)
+		if err != nil {
+			return nil, err
+		}
+	}
+
+	_, err := buf.WriteString(strconv.Itoa(job.Id))
+	if err != nil {
+		return nil, err
+	}
+
+	return io.NopCloser(buf), nil
+}
+
+func (jp *idJobProcessor) CleanupJob(*model.Job) {}
+
+func (jp *idJobProcessor) GetDataEpoch() time.Time {
+	t, _ := time.Parse(time.RFC3339, "2022-01-01T00:00:00Z")
+	return t
+}
+
+// panicProcessor is a JobProcessor that always returns an error.
+type panicProcessor struct{}
+
+func (jp *panicProcessor) ProcessJob(job *model.Job, reader io.ReadCloser) (io.ReadCloser, error) {
+	return reader, errors.New("panic")
+}
+
+func (jp *panicProcessor) CleanupJob(*model.Job) {}
+
+func (jp *panicProcessor) GetDataEpoch() time.Time {
+	t, _ := time.Parse(time.RFC3339, "2021-01-01T00:00:00Z")
+	return t
+}
+
+func TestProcessJob(t *testing.T) {
+	// prep test object
+	jm := &JobManager{}
+
+	jm.AddJobProcessor(&idJobProcessor{})
+	jm.AddJobProcessor(&panicProcessor{})
+
+	// prep model
+	job := &model.Job{
+		Id: 101,
+	}
+
+	// test
+	stream, err := jm.ProcessJob(job)
+
+	// verify
+	data, rerr := io.ReadAll(stream)
+	assert.NoError(t, rerr)
+
+	assert.Equal(t, "101", string(data))
+	assert.ErrorContains(t, err, "panic")
+}
+
+func TestUpdateDataEpoch(t *testing.T) {
+	// prep test object
+	jm := &JobManager{
+		node: &model.Node{},
+	}
+
+	panicProc := &panicProcessor{}
+
+	jm.AddJobProcessor(&idJobProcessor{}) // later epoch
+	jm.AddJobProcessor(panicProc)         // earlier epoch
+
+	// test
+	jm.updateDataEpoch()
+
+	// verify
+	assert.Equal(t, jm.node.EpochTime, panicProc.GetDataEpoch())
+}
diff --git a/agent/modules/analyze/analyze.go b/agent/modules/analyze/analyze.go
@@ -11,7 +11,6 @@ import (
 	"errors"
 	"io"
 	"io/fs"
-	"io/ioutil"
 	"os"
 	"os/exec"
 	"sort"
@@ -85,7 +84,7 @@ func (analyze *Analyze) IsRunning() bool {
 	return false
 }
 
-func (analyze *Analyze) createAnalyzer(entry fs.FileInfo) *model.Analyzer {
+func (analyze *Analyze) createAnalyzer(entry fs.DirEntry) *model.Analyzer {
 	if !strings.HasPrefix(entry.Name(), ".") && !strings.HasPrefix(entry.Name(), "__") && entry.IsDir() {
 		name := entry.Name()
 		log.WithFields(log.Fields{
@@ -97,7 +96,7 @@ func (analyze *Analyze) createAnalyzer(entry fs.FileInfo) *model.Analyzer {
 }
 
 func (analyze *Analyze) refreshAnalyzers() error {
-	entries, err := ioutil.ReadDir(analyze.analyzersPath)
+	entries, err := os.ReadDir(analyze.analyzersPath)
 	if err != nil {
 		log.WithError(err).WithField("analyzersPath", analyze.analyzersPath).Error("Failed to read analyzers directory")
 	} else {

diff --git a/agent/modules/analyze/analyze_test.go b/agent/modules/analyze/analyze_test.go
@@ -7,7 +7,6 @@
 package analyze
 
 import (
-	"io/ioutil"
 	"os"
 	"os/exec"
 	"testing"
@@ -26,7 +25,7 @@ func init_tmp(tester *testing.T) {
 	cleanup_tmp()
 	os.MkdirAll(TMP_DIR, 0777)
 
-	entries, err := ioutil.ReadDir(TMP_DIR)
+	entries, err := os.ReadDir(TMP_DIR)
 	assert.NoError(tester, err)
 	assert.Equal(tester, 0, len(entries))
 }
@@ -55,7 +54,7 @@ func TestCreateAnalyzer(tester *testing.T) {
 	assert.Error(tester, err, "Unable to invoke JobMgr.AddJobProcessor due to nil agent")
 	assert.Equal(tester, 1, len(sq.analyzers))
 
-	entries, err := ioutil.ReadDir(TMP_DIR)
+	entries, err := os.ReadDir(TMP_DIR)
 	assert.NoError(tester, err)
 	assert.Equal(tester, 2, len(entries))
 }

diff --git a/build.sh b/build.sh
@@ -16,6 +16,8 @@ jest test --config jest.config.js
 echo "Downloading GO dependencies..."
 go get ./...
 
+go mod tidy
+
 echo "Running GO unit tests..."
 go test ./...
 

diff --git a/go.mod b/go.mod
@@ -4,30 +4,31 @@ go 1.20
 
 require (
 	github.com/apex/log v1.9.0
-	github.com/elastic/go-elasticsearch/v8 v8.4.0
+	github.com/elastic/go-elasticsearch/v8 v8.7.0
+	github.com/go-chi/chi v1.5.4
 	github.com/google/gopacket v1.1.19
 	github.com/google/uuid v1.3.0
 	github.com/gorilla/websocket v1.5.0
-	github.com/influxdata/influxdb-client-go/v2 v2.10.0
+	github.com/influxdata/influxdb-client-go/v2 v2.12.3
 	github.com/kennygrant/sanitize v1.2.4
-	github.com/stretchr/testify v1.8.0
-	github.com/tidwall/gjson v1.14.3
-	golang.org/x/crypto v0.0.0-20220919173607-35f4265a4bc0
-	golang.org/x/net v0.7.0 // indirect
-	golang.org/x/sys v0.5.0 // indirect
+	github.com/stretchr/testify v1.8.1
+	github.com/tidwall/gjson v1.14.4
+	golang.org/x/crypto v0.8.0
+	golang.org/x/net v0.9.0 // indirect
+	golang.org/x/sys v0.7.0 // indirect
 	gopkg.in/yaml.v3 v3.0.1
 )
 
+require github.com/tj/assert v0.0.3
+
 require (
+	github.com/apapsch/go-jsonmerge/v2 v2.0.0 // indirect
 	github.com/davecgh/go-spew v1.1.1 // indirect
-	github.com/deepmap/oapi-codegen v1.8.2 // indirect
-	github.com/elastic/elastic-transport-go/v8 v8.1.0 // indirect
-	github.com/go-logfmt/logfmt v0.4.0 // indirect
+	github.com/deepmap/oapi-codegen v1.12.4 // indirect
+	github.com/elastic/elastic-transport-go/v8 v8.2.0 // indirect
 	github.com/influxdata/line-protocol v0.0.0-20200327222509-2487e7298839 // indirect
-	github.com/kr/logfmt v0.0.0-20140226030751-b84e30acd515 // indirect
 	github.com/pkg/errors v0.9.1 // indirect
 	github.com/pmezard/go-difflib v1.0.0 // indirect
 	github.com/tidwall/match v1.1.1 // indirect
-	github.com/tidwall/pretty v1.2.0 // indirect
-	gopkg.in/yaml.v2 v2.3.0 // indirect
+	github.com/tidwall/pretty v1.2.1 // indirect
 )