From edb449b3b936b8721e891d7552647a0d19b84e20 Mon Sep 17 00:00:00 2001 From: denpamusic Date: Wed, 18 Sep 2019 18:29:43 +0300 Subject: [PATCH] [Minor] Fix typos in p0f plugin - Improved tests to include cached response cases - Changed default socket location to /var/run/p0f as per @moisseev recommendation --- conf/modules.d/p0f.conf | 2 +- lualib/lua_scanners/p0f.lua | 9 +++---- src/plugins/lua/p0f.lua | 2 +- test/functional/cases/161_p0f.robot | 39 +++++++++++++++++++++-------- test/functional/util/dummy_p0f.py | 10 ++++---- 5 files changed, 40 insertions(+), 22 deletions(-) diff --git a/conf/modules.d/p0f.conf b/conf/modules.d/p0f.conf index efeab1a40..721975f2b 100644 --- a/conf/modules.d/p0f.conf +++ b/conf/modules.d/p0f.conf @@ -18,7 +18,7 @@ p0f { enabled = false; # Path to the unix socket that p0f listens on - socket = '/tmp/p0f.sock'; + socket = '/var/run/p0f.sock'; # Connection timeout timeout = 5s; diff --git a/lualib/lua_scanners/p0f.lua b/lualib/lua_scanners/p0f.lua index 72093577b..b27a42ef6 100644 --- a/lualib/lua_scanners/p0f.lua +++ b/lualib/lua_scanners/p0f.lua @@ -51,10 +51,10 @@ local function p0f_check(task, ip, rule) local function trim(...) local vars = {...} - for k in pairs(vars) do + for k, v in ipairs(vars) do -- skip numbers, trim only strings if tonumber(vars[k]) == nil then - vars[k] = string.gsub(vars[k], '[^%w-_\\.\\(\\) ]', '') + vars[k] = string.gsub(v, '[^%w-_\\.\\(\\) ]', '') end end @@ -71,7 +71,7 @@ local function p0f_check(task, ip, rule) data = tostring(data) -- API response must be 232 bytes long - if (#data < 232) then + if #data ~= 232 then rspamd_logger.errx(task, 'malformed response from p0f on %s, %s bytes', rule.socket, #data) @@ -112,7 +112,6 @@ local function p0f_check(task, ip, rule) local function redis_set_cb(redis_set_err) if redis_set_err then rspamd_logger.errx(task, 'redis received an error: %s', redis_set_err) - return end end @@ -156,7 +155,7 @@ local function p0f_check(task, ip, rule) end local ret = nil - if rule.redis_prams then + if rule.redis_params then local key = rule.prefix .. ip:to_string() ret = lua_redis.redis_make_request(task, rule.redis_params, diff --git a/src/plugins/lua/p0f.lua b/src/plugins/lua/p0f.lua index 84c525536..f7fed7886 100644 --- a/src/plugins/lua/p0f.lua +++ b/src/plugins/lua/p0f.lua @@ -33,7 +33,7 @@ p0f { enabled = true # Path to the unix socket that p0f listens on - socket = '/tmp/p0f.sock'; + socket = '/var/run/p0f.sock'; # Connection timeout timeout = 5s; diff --git a/test/functional/cases/161_p0f.robot b/test/functional/cases/161_p0f.robot index 9acbf7b2d..9023b639d 100644 --- a/test/functional/cases/161_p0f.robot +++ b/test/functional/cases/161_p0f.robot @@ -27,39 +27,58 @@ p0f HIT Run Dummy p0f ${P0F_SOCKET} windows ${result} = Scan Message With Rspamc ${MESSAGE} --ip 1.1.1.2 Check Rspamc ${result} P0F inverse=1 + Check Rspamc ${result} P0F_FAIL inverse=1 Check Rspamc ${result} ETHER Check Rspamc ${result} DISTGE10 Check Rspamc ${result} WINDOWS Shutdown p0f - -p0f NOREDIS - Shutdown Process With Children ${REDIS_PID} + +p0f MISS CACHE Run Dummy p0f ${result} = Scan Message With Rspamc ${MESSAGE} --ip 1.1.1.3 + Check Rspamc ${result} WINDOWS inverse=1 + Shutdown p0f + ${result} = Scan Message With Rspamc ${MESSAGE} --ip 1.1.1.3 + Check Rspamc ${result} WINDOWS inverse=1 + Check Rspamc ${result} P0F_FAIL inverse=1 + +p0f HIT CACHE + Run Dummy p0f ${P0F_SOCKET} windows + ${result} = Scan Message With Rspamc ${MESSAGE} --ip 1.1.1.4 + Check Rspamc ${result} WINDOWS + Shutdown p0f + ${result} = Scan Message With Rspamc ${MESSAGE} --ip 1.1.1.4 + Check Rspamc ${result} WINDOWS + Check Rspamc ${result} P0F_FAIL inverse=1 + +p0f NO REDIS + Shutdown Process With Children ${REDIS_PID} + Run Dummy p0f + ${result} = Scan Message With Rspamc ${MESSAGE} --ip 1.1.1.5 Check Rspamc ${result} P0F Check Rspamc ${result} ETHER Check Rspamc ${result} DISTGE10 Check Rspamc ${result} P0F_FAIL inverse=1 Shutdown p0f -p0f NOMATCH +p0f NO MATCH Run Dummy p0f ${P0F_SOCKET} windows no_match - ${result} = Scan Message With Rspamc ${MESSAGE} --ip 1.1.1.4 + ${result} = Scan Message With Rspamc ${MESSAGE} --ip 1.1.1.6 Check Rspamc ${result} P0F inverse=1 Check Rspamc ${result} WINDOWS inverse=1 Shutdown p0f -p0f BADQUERY +p0f BAD QUERY Run Dummy p0f ${P0F_SOCKET} windows bad_query - ${result} = Scan Message With Rspamc ${MESSAGE} --ip 1.1.1.5 + ${result} = Scan Message With Rspamc ${MESSAGE} --ip 1.1.1.7 Check Rspamc ${result} P0F_FAIL Check Rspamc ${result} Malformed Query Check Rspamc ${result} WINDOWS inverse=1 Shutdown p0f -p0f FAILURE - Run Dummy p0f ${P0F_SOCKET} windows fail - ${result} = Scan Message With Rspamc ${MESSAGE} --ip 1.1.1.6 +p0f BAD RESPONSE + Run Dummy p0f ${P0F_SOCKET} windows bad_response + ${result} = Scan Message With Rspamc ${MESSAGE} --ip 1.1.1.8 Check Rspamc ${result} P0F_FAIL Check Rspamc ${result} Malformed Response Check Rspamc ${result} WINDOWS inverse=1 diff --git a/test/functional/util/dummy_p0f.py b/test/functional/util/dummy_p0f.py index e44844812..d780bdb0d 100755 --- a/test/functional/util/dummy_p0f.py +++ b/test/functional/util/dummy_p0f.py @@ -28,23 +28,23 @@ class MyStreamHandler(socketserver.BaseRequestHandler): self.data = self.request.recv(21).strip() - if self.server.p0f_status == 'fail': + if self.server.p0f_status == 'bad_response': response = 0 else: response = struct.pack( "IbIIIIIIIhbb32s32s32s32s32s32s", - 0x50304602, # magic + 0x50304602, # magic S[self.server.p0f_status], # status 1568493408, # first_seen 1568493408, # last_seen 1, # total_conn 1, # uptime_min - 4, # up_mod_days + 4, # up_mod_days 1568493408, # last_nat 1568493408, # last_chg 10, # distance 0, # bad_sw - 0, # os_match_q + 0, # os_match_q OS[self.server.p0f_os][0], # os_name OS[self.server.p0f_os][1], # os_flavor '', # http_name @@ -61,7 +61,7 @@ def cleanup(SOCK): try: os.unlink(SOCK) except OSError: - logging.warning("Could not unlink socket %s", SOCK) + print "Could not unlink socket: " + SOCK if __name__ == "__main__": SOCK = '/tmp/p0f.sock' -- 2.39.5