Merge pull request #1 from satta/DEV-5053-2024-makeover

0mbi · web-flow · commit c0db019c1ef0 · 2025-01-02T13:03:21.000+01:00
2025 makeover
diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml
@@ -0,0 +1,30 @@
+name: Build
+
+on:
+  - push
+  - pull_request
+
+jobs:
+  build:
+    name: Build all platforms
+    runs-on: ubuntu-latest
+    container: 
+      image: golang:1.23-bullseye
+    steps:
+      - name: Check out repository code
+        uses: actions/checkout@v4
+      - name: Set up user
+        run: |
+          useradd -m -g users builduser
+          chown -R builduser:users .
+      - name: Build
+        run: |
+          su -c "make all" builduser
+      - uses: actions/upload-artifact@v4
+        with:
+          name: Server binaries
+          path: mauerspecht-server
+      - uses: actions/upload-artifact@v4
+        with:
+          name: Client binaries
+          path: mauerspecht-client*
diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml
@@ -0,0 +1,60 @@
+name: Build release
+
+on:
+  push:
+    tags:
+      - 'v*'
+
+jobs:
+  release:
+    name: Create Release ${{ github.ref }}
+    runs-on: ubuntu-latest
+    outputs:
+      upload_url: ${{ steps.create_release.outputs.upload_url }}
+    steps:
+      - name: release
+        uses: actions/create-release@latest
+        id: create_release
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        with:
+          draft: false
+          prerelease: false
+          release_name: ${{ github.ref }}
+          tag_name: ${{ github.ref }}
+      
+  build:
+    name: Build Unix-like Binaries
+    needs: release
+    runs-on: ubuntu-latest
+    container:
+      image: golang:1.23-bullseye
+    steps:
+      - name: Check out repository code
+        uses: actions/checkout@v2
+      - name: Set up user
+        run: |
+          useradd -m -g users builduser
+          chown -R builduser:users .
+      - name: Build
+        run: |
+          su -c "make all" builduser
+      - name: Upload Assets
+        id: upload_try1
+        continue-on-error: true
+        uses: shogo82148/actions-upload-release-asset@v1
+        with:
+          asset_path: mauerspecht-*
+          github_token: ${{ secrets.GITHUB_TOKEN }}
+          upload_url: ${{ needs.release.outputs.upload_url }}
+          overwrite: true
+      - name: Upload Assets (retry)
+        id: upload_try2
+        if: steps.upload_try1.outcome == 'failure'
+        continue-on-error: true
+        uses: shogo82148/actions-upload-release-asset@v1
+        with:
+          asset_path: mauerspecht-*
+          github_token: ${{ secrets.GITHUB_TOKEN }}
+          upload_url: ${{ needs.release.outputs.upload_url }}
+          overwrite: true
diff --git a/.gitignore b/.gitignore
@@ -0,0 +1,2 @@
+mauerspecht-client.*
+mauerspecht-server
diff --git a/Makefile b/Makefile
@@ -1,9 +1,10 @@
 NAMESPACE := github.com/DCSO/mauerspecht
-CLIENT_PLATFORMS := x86_64-linux x86_64-windows x86_64-darwin i386-linux i386-windows
+CLIENT_PLATFORMS := x86_64-linux x86_64-windows x86_64-darwin arm64-darwin i386-linux i386-windows
 GOFILES := $(shell find -name "*.go")
 
 define goarch
 $(or $(if $(findstring x86_64,$1),amd64),\
+     $(if $(findstring arm64,$1),arm64),\
      $(if $(findstring i386,$1),386),\
      $(error unknown arch $1))
 endef
diff --git a/README.md b/README.md
@@ -7,7 +7,7 @@
 # Simple Probing Tool for Corporate Walled Garden Networks
 
 The Problem: Network sensors such as
-[Suricata](https://suricata-ids.org/) or [Bro/Zeek](https://zeek.org/)
+[Suricata](https://suricata-ids.org/) or [Zeek](https://zeek.org/)
 have been successfully deployed in a large network, but the rate of
 alarms or other useful information is suspiciously low -- not even the
 usual background noise can be seen. Can we be sure that our sensors
@@ -76,15 +76,10 @@ Server:
 
 ## Building
 
-If a Go toolchain with [modules](...) support is available (version
-1.11 or later), simply running `make all` from the Git checkout is
+For recent Go versions, simply running `make all` from the Git checkout is
 sufficient.
 
-For earlier Go versions, run `go get github.com/DCSO/mauerspecht`
-change to the directory within the `GOPATH` where the project was
-downloaded, and run `make all`
-
-In both cases, the following binaries will be generated:
+The following binaries will be generated:
 - `mauerspecht-server`: The server component, a Linux/x86-64 binary
 - `mauerspecht-client-$ARCH`: The clients, for various architectures
 
@@ -95,15 +90,17 @@ In both cases, the following binaries will be generated:
 - The server stores session keys submitted by clients in memory and does
   not expire them yet. This is a denial-of-service vector.
 - Bundled client configuration for easy single-binary deployment (see
-  also: [spyre](https://github.com/DCSO/spyre))
+  also: [spyre](https://github.com/spyre-project/spyre))
+
+## Contact
 
-## Author
+Sascha Steinbiss <<sascha.steinbiss@dcso.de>>
 
-Hilko Bengen <<hilko.bengen@dcso.de>>
+Original Author: Hilko Bengen
 
 ## Copyright
 
-Copyright 2019 Deutsche Cyber-Sicherheitsorganisation GmbH
+Copyright 2019, 2024 Deutsche Cyber-Sicherheitsorganisation GmbH
 
 This program is free software: you can redistribute it and/or modify
 it under the terms of the GNU General Public License as published by
diff --git a/client/client.go b/client/client.go
@@ -9,7 +9,6 @@ import (
 	"encoding/json"
 	"fmt"
 	"io"
-	"io/ioutil"
 	"log"
 	"net/http"
 	"net/url"
@@ -38,7 +37,7 @@ func (c *Client) do(req *http.Request) (*http.Response, error) {
 		return nil, err
 	}
 	if res.StatusCode != 200 {
-		return nil, fmt.Errorf("Expected status code 200, got %d", res.StatusCode)
+		return nil, fmt.Errorf("expected status code 200, got %d", res.StatusCode)
 	}
 	return res, nil
 }
@@ -89,18 +88,18 @@ func New(baseurl string, proxyurl string) (*Client, error) {
 	if err != nil {
 		return nil, err
 	}
-	buf, err := ioutil.ReadAll(r.Body)
+	buf, _ := io.ReadAll(r.Body)
 	r.Body.Close()
 	if len(buf) != 32 {
-		return nil, fmt.Errorf("Expected 32 byte key lengths from server, got %d", len(buf))
+		return nil, fmt.Errorf("expected 32 byte key lengths from server, got %d", len(buf))
 	}
 	copy(c.ServerPubKey[:], buf)
 	c.logf("Fetching configuration from %s", baseurl)
 	u.Path = "/v1/config"
 	if r, err = c.do(&http.Request{Method: "GET", URL: u}); err != nil {
 		return nil, err
 	}
-	buf, err = ioutil.ReadAll(r.Body)
+	buf, err = io.ReadAll(r.Body)
 	r.Body.Close()
 	if err != nil {
 		return nil, err
@@ -191,7 +190,7 @@ func (c *Client) download() {
 				}
 			}
 			if xfer&xferBody != 0 {
-				buf, _ := ioutil.ReadAll(res.Body)
+				buf, _ := io.ReadAll(res.Body)
 				if string(buf) == c.Config.MagicStrings[id] {
 					c.logf("download %s (%d): found string in body", xfer, id)
 				} else {
@@ -227,7 +226,7 @@ func (c *Client) upload() {
 				c.logf("upload %s (%d): %v", xfer, id, err)
 				continue
 			}
-			buf, err := ioutil.ReadAll(res.Body)
+			buf, err := io.ReadAll(res.Body)
 			res.Body.Close()
 			if err != nil {
 				c.logf("upload %s (%d): %v", xfer, id, err)
@@ -291,12 +290,10 @@ func (c *Client) report() {
 	if err != nil {
 		c.logf("Failed to send log message: %v", err)
 	}
-	return
 }
 
 func (c *Client) Run() {
 	c.download()
 	c.upload()
 	c.report()
-	return
 }
diff --git a/cmd/server/server.go b/cmd/server/server.go
@@ -6,7 +6,6 @@ import (
 
 	"encoding/json"
 	"flag"
-	"io/ioutil"
 	"log"
 	"os"
 	"os/signal"
@@ -16,7 +15,7 @@ func main() {
 	var cfgfile string
 	flag.StringVar(&cfgfile, "config", "mauerspecht.json", "Config file")
 	flag.Parse()
-	buf, err := ioutil.ReadFile(cfgfile)
+	buf, err := os.ReadFile(cfgfile)
 	if err != nil {
 		log.Fatalf("open config file %s: %v", cfgfile, err)
 	}
@@ -28,7 +27,7 @@ func main() {
 	if err != nil {
 		log.Fatalf("Error while initializing server: %v", err)
 	}
-	stop := make(chan os.Signal)
+	stop := make(chan os.Signal, 1)
 	signal.Notify(stop, os.Interrupt)
 	<-stop
 	s.Close()
diff --git a/go.mod b/go.mod
@@ -1,6 +1,14 @@
 module github.com/DCSO/mauerspecht
 
+go 1.21.6
+
+require (
+	github.com/mattn/go-ieproxy v0.0.12
+	golang.org/x/crypto v0.31.0
+)
+
 require (
-	github.com/mattn/go-ieproxy v0.0.0-20190610004146-91bb50d98149
-	golang.org/x/crypto v0.0.0-20190621222207-cc06ce4a13d4
+	golang.org/x/net v0.33.0 // indirect
+	golang.org/x/sys v0.28.0 // indirect
+	golang.org/x/text v0.21.0 // indirect
 )
diff --git a/go.sum b/go.sum
@@ -0,0 +1,22 @@
+github.com/mattn/go-ieproxy v0.0.0-20190610004146-91bb50d98149 h1:HfxbT6/JcvIljmERptWhwa8XzP7H3T+Z2N26gTsaDaA=
+github.com/mattn/go-ieproxy v0.0.0-20190610004146-91bb50d98149/go.mod h1:31jz6HNzdxOmlERGGEc4v/dMssOfmp2p5bT/okiKFFc=
+github.com/mattn/go-ieproxy v0.0.12 h1:OZkUFJC3ESNZPQ+6LzC3VJIFSnreeFLQyqvBWtvfL2M=
+github.com/mattn/go-ieproxy v0.0.12/go.mod h1:Vn+N61199DAnVeTgaF8eoB9PvLO8P3OBnG95ENh7B7c=
+golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
+golang.org/x/crypto v0.0.0-20190621222207-cc06ce4a13d4 h1:ydJNl0ENAG67pFbB+9tfhiL2pYqLhfoaZFw/cjLhY4A=
+golang.org/x/crypto v0.0.0-20190621222207-cc06ce4a13d4/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
+golang.org/x/crypto v0.31.0 h1:ihbySMvVjLAeSH1IbfcRTkD/iNscyz8rGzjF/E5hV6U=
+golang.org/x/crypto v0.31.0/go.mod h1:kDsLvtWBEx7MV9tJOj9bnXsPbxwJQ6csT/x4KIN4Ssk=
+golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3 h1:0GoQqolDA55aaLxZyTzK/Y2ePZzZTUrRacwib7cNsYQ=
+golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
+golang.org/x/net v0.33.0 h1:74SYHlV8BIgHIFC/LrYkOGIwL19eTYXQ5wc6TBuO36I=
+golang.org/x/net v0.33.0/go.mod h1:HXLR5J+9DxmrqMwG9qjGCxZ+zKXxBru04zlTvWlWuN4=
+golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
+golang.org/x/sys v0.0.0-20190412213103-97732733099d h1:+R4KGOnez64A81RvjARKc4UT5/tI9ujCIVX+P5KiHuI=
+golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.28.0 h1:Fksou7UEQUWlKvIdsqzJmUmCX3cZuD2+P3XyyzwMhlA=
+golang.org/x/sys v0.28.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
+golang.org/x/text v0.3.0 h1:g61tztE5qeGQ89tm6NTjjM9VPIm088od1l6aSorWRWg=
+golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
+golang.org/x/text v0.21.0 h1:zyQAAkrwaneQ066sspRyJaG9VNi/YJ1NfzcGB3hZ/qo=
+golang.org/x/text v0.21.0/go.mod h1:4IBbMaMmOPCJ8SecivzSH54+73PCFmPWxNTLm+vZkEQ=
diff --git a/integration/integration_test.go b/integration/integration_test.go
@@ -27,7 +27,7 @@ func TestIntegration(t *testing.T) {
 	if s == nil {
 		t.Fatal("could not start server")
 	}
-	c, err = client.New(fmt.Sprintf("http://%s:%d/", config.Hostname, config.HTTPPorts[0]))
+	c, err = client.New(fmt.Sprintf("http://%s:%d/", config.Hostname, config.HTTPPorts[0]), "")
 	if err != nil {
 		t.Fatalf("could not create client: %v", err)
 	}
diff --git a/server/server.go b/server/server.go
@@ -6,7 +6,6 @@ import (
 
 	"encoding/json"
 	"io"
-	"io/ioutil"
 	"log"
 	"net"
 	"net/http"
@@ -33,12 +32,10 @@ func getClient(r *http.Request) (*mauerspecht.ClientId, error) {
 
 func internalServerError(w http.ResponseWriter) {
 	http.Error(w, "Internal Server Error", http.StatusInternalServerError)
-	return
 }
 
 func badRequest(w http.ResponseWriter) {
 	http.Error(w, "Internal Server Error", http.StatusBadRequest)
-	return
 }
 
 func (s *Server) kex(w http.ResponseWriter, r *http.Request) {
@@ -48,15 +45,15 @@ func (s *Server) kex(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 	var pubkey [32]byte
-	buf, err := ioutil.ReadAll(r.Body)
+	buf, err := io.ReadAll(r.Body)
 	if err != nil || len(buf) != 32 {
 		badRequest(w)
 		return
 	}
 	copy(pubkey[:], buf)
 	s.PubKeys[*id] = &pubkey
 	w.Write(s.cryptoCtx.PubKey[:])
-	return
+
 }
 
 func (s *Server) config(w http.ResponseWriter, r *http.Request) {
@@ -81,7 +78,6 @@ func (s *Server) config(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 	w.Write(buf)
-	return
 }
 
 func (s *Server) patternPost(w http.ResponseWriter, r *http.Request) {
@@ -103,7 +99,7 @@ func (s *Server) patternPost(w http.ResponseWriter, r *http.Request) {
 		c = ""
 	}
 	h := r.Header.Get("X-Specht")
-	if bd, err := ioutil.ReadAll(r.Body); err == nil {
+	if bd, err := io.ReadAll(r.Body); err == nil {
 		b = string(bd)
 	}
 	for i, s := range s.Config.MagicStrings {
@@ -128,7 +124,6 @@ func (s *Server) patternPost(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 	w.Write(buf)
-	return
 }
 
 func (s *Server) patternGet(w http.ResponseWriter, r *http.Request) {
@@ -148,7 +143,6 @@ func (s *Server) patternGet(w http.ResponseWriter, r *http.Request) {
 	if r.URL.Query().Get("body") == "1" {
 		io.WriteString(w, pattern)
 	}
-	return
 }
 
 func (s *Server) pattern(w http.ResponseWriter, r *http.Request) {
@@ -159,7 +153,6 @@ func (s *Server) pattern(w http.ResponseWriter, r *http.Request) {
 	} else {
 		http.NotFound(w, r)
 	}
-	return
 }
 
 func (s *Server) log(w http.ResponseWriter, r *http.Request) {
@@ -173,7 +166,7 @@ func (s *Server) log(w http.ResponseWriter, r *http.Request) {
 		badRequest(w)
 		return
 	}
-	buf, err := ioutil.ReadAll(r.Body)
+	buf, err := io.ReadAll(r.Body)
 	if err != nil {
 		badRequest(w)
 		return
@@ -190,7 +183,6 @@ func (s *Server) log(w http.ResponseWriter, r *http.Request) {
 	for _, l := range logentries {
 		log.Printf("%s %s %s", l.TS.Format(time.RFC3339), id, l.Msg)
 	}
-	return
 }
 
 func logo(w http.ResponseWriter, r *http.Request) {

Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,2 @@`
	`1`	`+mauerspecht-client.*`
	`2`	`+mauerspecht-server`
Original file line number	Diff line number	Diff line change
`@@ -9,7 +9,6 @@ import (`
`9`	`9`	`"encoding/json"`
`10`	`10`	`"fmt"`
`11`	`11`	`"io"`
`12`		`- "io/ioutil"`
`13`	`12`	`"log"`
`14`	`13`	`"net/http"`
`15`	`14`	`"net/url"`
`@@ -38,7 +37,7 @@ func (c Client) do(req http.Request) (*http.Response, error) {`
`38`	`37`	`return nil, err`
`39`	`38`	`}`
`40`	`39`	`if res.StatusCode != 200 {`
`41`		`- return nil, fmt.Errorf("Expected status code 200, got %d", res.StatusCode)`
	`40`	`+ return nil, fmt.Errorf("expected status code 200, got %d", res.StatusCode)`
`42`	`41`	`}`
`43`	`42`	`return res, nil`
`44`	`43`	`}`
`@@ -89,18 +88,18 @@ func New(baseurl string, proxyurl string) (*Client, error) {`
`89`	`88`	`if err != nil {`
`90`	`89`	`return nil, err`
`91`	`90`	`}`
`92`		`- buf, err := ioutil.ReadAll(r.Body)`
	`91`	`+ buf, _ := io.ReadAll(r.Body)`
`93`	`92`	`r.Body.Close()`
`94`	`93`	`if len(buf) != 32 {`
`95`		`- return nil, fmt.Errorf("Expected 32 byte key lengths from server, got %d", len(buf))`
	`94`	`+ return nil, fmt.Errorf("expected 32 byte key lengths from server, got %d", len(buf))`
`96`	`95`	`}`
`97`	`96`	`copy(c.ServerPubKey[:], buf)`
`98`	`97`	`c.logf("Fetching configuration from %s", baseurl)`
`99`	`98`	`u.Path = "/v1/config"`
`100`	`99`	`if r, err = c.do(&http.Request{Method: "GET", URL: u}); err != nil {`
`101`	`100`	`return nil, err`
`102`	`101`	`}`
`103`		`- buf, err = ioutil.ReadAll(r.Body)`
	`102`	`+ buf, err = io.ReadAll(r.Body)`
`104`	`103`	`r.Body.Close()`
`105`	`104`	`if err != nil {`
`106`	`105`	`return nil, err`
`@@ -191,7 +190,7 @@ func (c *Client) download() {`
`191`	`190`	`}`
`192`	`191`	`}`
`193`	`192`	`if xfer&xferBody != 0 {`
`194`		`- buf, _ := ioutil.ReadAll(res.Body)`
	`193`	`+ buf, _ := io.ReadAll(res.Body)`
`195`	`194`	`if string(buf) == c.Config.MagicStrings[id] {`
`196`	`195`	`c.logf("download %s (%d): found string in body", xfer, id)`
`197`	`196`	`} else {`
`@@ -227,7 +226,7 @@ func (c *Client) upload() {`
`227`	`226`	`c.logf("upload %s (%d): %v", xfer, id, err)`
`228`	`227`	`continue`
`229`	`228`	`}`
`230`		`- buf, err := ioutil.ReadAll(res.Body)`
	`229`	`+ buf, err := io.ReadAll(res.Body)`
`231`	`230`	`res.Body.Close()`
`232`	`231`	`if err != nil {`
`233`	`232`	`c.logf("upload %s (%d): %v", xfer, id, err)`
`@@ -291,12 +290,10 @@ func (c *Client) report() {`
`291`	`290`	`if err != nil {`
`292`	`291`	`c.logf("Failed to send log message: %v", err)`
`293`	`292`	`}`
`294`		`- return`
`295`	`293`	`}`
`296`	`294`
`297`	`295`	`func (c *Client) Run() {`
`298`	`296`	`c.download()`
`299`	`297`	`c.upload()`
`300`	`298`	`c.report()`
`301`		`- return`
`302`	`299`	`}`
Original file line number	Diff line number	Diff line change
`@@ -27,7 +27,7 @@ func TestIntegration(t *testing.T) {`
`27`	`27`	`if s == nil {`
`28`	`28`	`t.Fatal("could not start server")`
`29`	`29`	`}`
`30`		`- c, err = client.New(fmt.Sprintf("http://%s:%d/", config.Hostname, config.HTTPPorts[0]))`
	`30`	`+ c, err = client.New(fmt.Sprintf("http://%s:%d/", config.Hostname, config.HTTPPorts[0]), "")`
`31`	`31`	`if err != nil {`
`32`	`32`	`t.Fatalf("could not create client: %v", err)`
`33`	`33`	`}`