Merge pull request #1 from satta/DEV-5053-2024-makeover

2025 makeover

.github/workflows/build.yaml

@@ -0,0 +1,30 @@
+name: Build
+
+on:
+  - push
+  - pull_request
+
+jobs:
+  build:
+    name: Build all platforms
+    runs-on: ubuntu-latest
+    container: 
+      image: golang:1.23-bullseye
+    steps:
+      - name: Check out repository code
+        uses: actions/checkout@v4
+      - name: Set up user
+        run: |
+          useradd -m -g users builduser
+          chown -R builduser:users .
+      - name: Build
+        run: |
+          su -c "make all" builduser
+      - uses: actions/upload-artifact@v4
+        with:
+          name: Server binaries
+          path: mauerspecht-server
+      - uses: actions/upload-artifact@v4
+        with:
+          name: Client binaries
+          path: mauerspecht-client*

.github/workflows/release.yaml

@@ -0,0 +1,60 @@
+name: Build release
+
+on:
+  push:
+    tags:
+      - 'v*'
+
+jobs:
+  release:
+    name: Create Release ${{ github.ref }}
+    runs-on: ubuntu-latest
+    outputs:
+      upload_url: ${{ steps.create_release.outputs.upload_url }}
+    steps:
+      - name: release
+        uses: actions/create-release@latest
+        id: create_release
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        with:
+          draft: false
+          prerelease: false
+          release_name: ${{ github.ref }}
+          tag_name: ${{ github.ref }}
+
+  build:
+    name: Build Unix-like Binaries
+    needs: release
+    runs-on: ubuntu-latest
+    container:
+      image: golang:1.23-bullseye
+    steps:
+      - name: Check out repository code
+        uses: actions/checkout@v2
+      - name: Set up user
+        run: |
+          useradd -m -g users builduser
+          chown -R builduser:users .
+      - name: Build
+        run: |
+          su -c "make all" builduser
+      - name: Upload Assets
+        id: upload_try1
+        continue-on-error: true
+        uses: shogo82148/actions-upload-release-asset@v1
+        with:
+          asset_path: mauerspecht-*
+          github_token: ${{ secrets.GITHUB_TOKEN }}
+          upload_url: ${{ needs.release.outputs.upload_url }}
+          overwrite: true
+      - name: Upload Assets (retry)
+        id: upload_try2
+        if: steps.upload_try1.outcome == 'failure'
+        continue-on-error: true
+        uses: shogo82148/actions-upload-release-asset@v1
+        with:
+          asset_path: mauerspecht-*
+          github_token: ${{ secrets.GITHUB_TOKEN }}
+          upload_url: ${{ needs.release.outputs.upload_url }}
+          overwrite: true

.gitignore

@@ -0,0 +1,2 @@
+mauerspecht-client.*
+mauerspecht-server

Makefile

@@ -1,9 +1,10 @@
 NAMESPACE := github.com/DCSO/mauerspecht
-CLIENT_PLATFORMS := x86_64-linux x86_64-windows x86_64-darwin i386-linux i386-windows
+CLIENT_PLATFORMS := x86_64-linux x86_64-windows x86_64-darwin arm64-darwin i386-linux i386-windows
 GOFILES := $(shell find -name "*.go")
 
 define goarch
 $(or $(if $(findstring x86_64,$1),amd64),\
+     $(if $(findstring arm64,$1),arm64),\
      $(if $(findstring i386,$1),386),\
      $(error unknown arch $1))
 endef

README.md

@@ -7,7 +7,7 @@
 # Simple Probing Tool for Corporate Walled Garden Networks
 
 The Problem: Network sensors such as
-[Suricata](https://suricata-ids.org/) or [Bro/Zeek](https://zeek.org/)
+[Suricata](https://suricata-ids.org/) or [Zeek](https://zeek.org/)
 have been successfully deployed in a large network, but the rate of
 alarms or other useful information is suspiciously low -- not even the
 usual background noise can be seen. Can we be sure that our sensors
@@ -76,15 +76,10 @@ Server:
 
 ## Building
 
-If a Go toolchain with [modules](...) support is available (version
-1.11 or later), simply running `make all` from the Git checkout is
+For recent Go versions, simply running `make all` from the Git checkout is
 sufficient.
 
-For earlier Go versions, run `go get github.com/DCSO/mauerspecht`
-change to the directory within the `GOPATH` where the project was
-downloaded, and run `make all`
-
-In both cases, the following binaries will be generated:
+The following binaries will be generated:
 - `mauerspecht-server`: The server component, a Linux/x86-64 binary
 - `mauerspecht-client-$ARCH`: The clients, for various architectures
 
@@ -95,15 +90,17 @@ In both cases, the following binaries will be generated:
 - The server stores session keys submitted by clients in memory and does
   not expire them yet. This is a denial-of-service vector.
 - Bundled client configuration for easy single-binary deployment (see
-  also: [spyre](https://github.com/DCSO/spyre))
+  also: [spyre](https://github.com/spyre-project/spyre))
+
+## Contact
 
-## Author
+Sascha Steinbiss <<[email protected]>>
 
-Hilko Bengen <<[email protected]>>
+Original Author: Hilko Bengen
 
 ## Copyright
 
-Copyright 2019 Deutsche Cyber-Sicherheitsorganisation GmbH
+Copyright 2019, 2024 Deutsche Cyber-Sicherheitsorganisation GmbH
 
 This program is free software: you can redistribute it and/or modify
 it under the terms of the GNU General Public License as published by

client/client.go

@@ -9,7 +9,6 @@ import (
 	"encoding/json"
 	"fmt"
 	"io"
-	"io/ioutil"
 	"log"
 	"net/http"
 	"net/url"
@@ -38,7 +37,7 @@ func (c *Client) do(req *http.Request) (*http.Response, error) {
 		return nil, err
 	}
 	if res.StatusCode != 200 {
-		return nil, fmt.Errorf("Expected status code 200, got %d", res.StatusCode)
+		return nil, fmt.Errorf("expected status code 200, got %d", res.StatusCode)
 	}
 	return res, nil
 }
@@ -89,18 +88,18 @@ func New(baseurl string, proxyurl string) (*Client, error) {
 	if err != nil {
 		return nil, err
 	}
-	buf, err := ioutil.ReadAll(r.Body)
+	buf, _ := io.ReadAll(r.Body)
 	r.Body.Close()
 	if len(buf) != 32 {
-		return nil, fmt.Errorf("Expected 32 byte key lengths from server, got %d", len(buf))
+		return nil, fmt.Errorf("expected 32 byte key lengths from server, got %d", len(buf))
 	}
 	copy(c.ServerPubKey[:], buf)
 	c.logf("Fetching configuration from %s", baseurl)
 	u.Path = "/v1/config"
 	if r, err = c.do(&http.Request{Method: "GET", URL: u}); err != nil {
 		return nil, err
 	}
-	buf, err = ioutil.ReadAll(r.Body)
+	buf, err = io.ReadAll(r.Body)
 	r.Body.Close()
 	if err != nil {
 		return nil, err
@@ -191,7 +190,7 @@ func (c *Client) download() {
 				}
 			}
 			if xfer&xferBody != 0 {
-				buf, _ := ioutil.ReadAll(res.Body)
+				buf, _ := io.ReadAll(res.Body)
 				if string(buf) == c.Config.MagicStrings[id] {
 					c.logf("download %s (%d): found string in body", xfer, id)
 				} else {
@@ -227,7 +226,7 @@ func (c *Client) upload() {
 				c.logf("upload %s (%d): %v", xfer, id, err)
 				continue
 			}
-			buf, err := ioutil.ReadAll(res.Body)
+			buf, err := io.ReadAll(res.Body)
 			res.Body.Close()
 			if err != nil {
 				c.logf("upload %s (%d): %v", xfer, id, err)
@@ -291,12 +290,10 @@ func (c *Client) report() {
 	if err != nil {
 		c.logf("Failed to send log message: %v", err)
 	}
-	return
 }
 
 func (c *Client) Run() {
 	c.download()
 	c.upload()
 	c.report()
-	return
 }

cmd/server/server.go

@@ -6,7 +6,6 @@ import (
 
 	"encoding/json"
 	"flag"
-	"io/ioutil"
 	"log"
 	"os"
 	"os/signal"
@@ -16,7 +15,7 @@ func main() {
 	var cfgfile string
 	flag.StringVar(&cfgfile, "config", "mauerspecht.json", "Config file")
 	flag.Parse()
-	buf, err := ioutil.ReadFile(cfgfile)
+	buf, err := os.ReadFile(cfgfile)
 	if err != nil {
 		log.Fatalf("open config file %s: %v", cfgfile, err)
 	}
@@ -28,7 +27,7 @@ func main() {
 	if err != nil {
 		log.Fatalf("Error while initializing server: %v", err)
 	}
-	stop := make(chan os.Signal)
+	stop := make(chan os.Signal, 1)
 	signal.Notify(stop, os.Interrupt)
 	<-stop
 	s.Close()

go.mod

@@ -1,6 +1,14 @@
 module github.com/DCSO/mauerspecht
 
+go 1.21.6
+
+require (
+	github.com/mattn/go-ieproxy v0.0.12
+	golang.org/x/crypto v0.31.0
+)
+
 require (
-	github.com/mattn/go-ieproxy v0.0.0-20190610004146-91bb50d98149
-	golang.org/x/crypto v0.0.0-20190621222207-cc06ce4a13d4
+	golang.org/x/net v0.33.0 // indirect
+	golang.org/x/sys v0.28.0 // indirect
+	golang.org/x/text v0.21.0 // indirect
 )

go.sum

@@ -0,0 +1,22 @@
+github.com/mattn/go-ieproxy v0.0.0-20190610004146-91bb50d98149 h1:HfxbT6/JcvIljmERptWhwa8XzP7H3T+Z2N26gTsaDaA=
+github.com/mattn/go-ieproxy v0.0.0-20190610004146-91bb50d98149/go.mod h1:31jz6HNzdxOmlERGGEc4v/dMssOfmp2p5bT/okiKFFc=
+github.com/mattn/go-ieproxy v0.0.12 h1:OZkUFJC3ESNZPQ+6LzC3VJIFSnreeFLQyqvBWtvfL2M=
+github.com/mattn/go-ieproxy v0.0.12/go.mod h1:Vn+N61199DAnVeTgaF8eoB9PvLO8P3OBnG95ENh7B7c=
+golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
+golang.org/x/crypto v0.0.0-20190621222207-cc06ce4a13d4 h1:ydJNl0ENAG67pFbB+9tfhiL2pYqLhfoaZFw/cjLhY4A=
+golang.org/x/crypto v0.0.0-20190621222207-cc06ce4a13d4/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
+golang.org/x/crypto v0.31.0 h1:ihbySMvVjLAeSH1IbfcRTkD/iNscyz8rGzjF/E5hV6U=
+golang.org/x/crypto v0.31.0/go.mod h1:kDsLvtWBEx7MV9tJOj9bnXsPbxwJQ6csT/x4KIN4Ssk=
+golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3 h1:0GoQqolDA55aaLxZyTzK/Y2ePZzZTUrRacwib7cNsYQ=
+golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
+golang.org/x/net v0.33.0 h1:74SYHlV8BIgHIFC/LrYkOGIwL19eTYXQ5wc6TBuO36I=
+golang.org/x/net v0.33.0/go.mod h1:HXLR5J+9DxmrqMwG9qjGCxZ+zKXxBru04zlTvWlWuN4=
+golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
+golang.org/x/sys v0.0.0-20190412213103-97732733099d h1:+R4KGOnez64A81RvjARKc4UT5/tI9ujCIVX+P5KiHuI=
+golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.28.0 h1:Fksou7UEQUWlKvIdsqzJmUmCX3cZuD2+P3XyyzwMhlA=
+golang.org/x/sys v0.28.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
+golang.org/x/text v0.3.0 h1:g61tztE5qeGQ89tm6NTjjM9VPIm088od1l6aSorWRWg=
+golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
+golang.org/x/text v0.21.0 h1:zyQAAkrwaneQ066sspRyJaG9VNi/YJ1NfzcGB3hZ/qo=
+golang.org/x/text v0.21.0/go.mod h1:4IBbMaMmOPCJ8SecivzSH54+73PCFmPWxNTLm+vZkEQ=

integration/integration_test.go

@@ -27,7 +27,7 @@ func TestIntegration(t *testing.T) {
 	if s == nil {
 		t.Fatal("could not start server")
 	}
-	c, err = client.New(fmt.Sprintf("http://%s:%d/", config.Hostname, config.HTTPPorts[0]))
+	c, err = client.New(fmt.Sprintf("http://%s:%d/", config.Hostname, config.HTTPPorts[0]), "")
 	if err != nil {
 		t.Fatalf("could not create client: %v", err)
 	}

server/server.go

@@ -6,7 +6,6 @@ import (
 
 	"encoding/json"
 	"io"
-	"io/ioutil"
 	"log"
 	"net"
 	"net/http"
@@ -33,12 +32,10 @@ func getClient(r *http.Request) (*mauerspecht.ClientId, error) {
 
 func internalServerError(w http.ResponseWriter) {
 	http.Error(w, "Internal Server Error", http.StatusInternalServerError)
-	return
 }
 
 func badRequest(w http.ResponseWriter) {
 	http.Error(w, "Internal Server Error", http.StatusBadRequest)
-	return
 }
 
 func (s *Server) kex(w http.ResponseWriter, r *http.Request) {
@@ -48,15 +45,15 @@ func (s *Server) kex(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 	var pubkey [32]byte
-	buf, err := ioutil.ReadAll(r.Body)
+	buf, err := io.ReadAll(r.Body)
 	if err != nil || len(buf) != 32 {
 		badRequest(w)
 		return
 	}
 	copy(pubkey[:], buf)
 	s.PubKeys[*id] = &pubkey
 	w.Write(s.cryptoCtx.PubKey[:])
-	return
+
 }
 
 func (s *Server) config(w http.ResponseWriter, r *http.Request) {
@@ -81,7 +78,6 @@ func (s *Server) config(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 	w.Write(buf)
-	return
 }
 
 func (s *Server) patternPost(w http.ResponseWriter, r *http.Request) {
@@ -103,7 +99,7 @@ func (s *Server) patternPost(w http.ResponseWriter, r *http.Request) {
 		c = ""
 	}
 	h := r.Header.Get("X-Specht")
-	if bd, err := ioutil.ReadAll(r.Body); err == nil {
+	if bd, err := io.ReadAll(r.Body); err == nil {
 		b = string(bd)
 	}
 	for i, s := range s.Config.MagicStrings {
@@ -128,7 +124,6 @@ func (s *Server) patternPost(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 	w.Write(buf)
-	return
 }
 
 func (s *Server) patternGet(w http.ResponseWriter, r *http.Request) {
@@ -148,7 +143,6 @@ func (s *Server) patternGet(w http.ResponseWriter, r *http.Request) {
 	if r.URL.Query().Get("body") == "1" {
 		io.WriteString(w, pattern)
 	}
-	return
 }
 
 func (s *Server) pattern(w http.ResponseWriter, r *http.Request) {
@@ -159,7 +153,6 @@ func (s *Server) pattern(w http.ResponseWriter, r *http.Request) {
 	} else {
 		http.NotFound(w, r)
 	}
-	return
 }
 
 func (s *Server) log(w http.ResponseWriter, r *http.Request) {
@@ -173,7 +166,7 @@ func (s *Server) log(w http.ResponseWriter, r *http.Request) {
 		badRequest(w)
 		return
 	}
-	buf, err := ioutil.ReadAll(r.Body)
+	buf, err := io.ReadAll(r.Body)
 	if err != nil {
 		badRequest(w)
 		return
@@ -190,7 +183,6 @@ func (s *Server) log(w http.ResponseWriter, r *http.Request) {
 	for _, l := range logentries {
 		log.Printf("%s %s %s", l.TS.Format(time.RFC3339), id, l.Msg)
 	}
-	return
 }
 
 func logo(w http.ResponseWriter, r *http.Request) {