Fix for #GH-8

Author: phrocker

analyagents/src/main/java/io/sentrius/agent/analysis/agents/sessions/SessionAnalyticsAgent.java

@@ -103,7 +103,7 @@ public List<TerminalCommand> parseAndSaveCommands(
         TerminalLogs terminalLog,
         TerminalSessionMetadata sessionMetadata) {
         // Split output into individual commands (Assume each command ends with a newline or specific delimiter)
-        String[] commands = terminalLog.getOutput().split("\n");
+        String[] commands = terminalLog.getOutput().split("\r\n|\r|\n");
 
         // Parse each command
         List<TerminalCommand> terminalCommands = Arrays.stream(commands)

analyagents/src/main/resources/application.properties

@@ -57,4 +57,6 @@ spring.security.oauth2.client.registration.keycloak.redirect-uri=http://192.168.
 spring.security.oauth2.client.registration.keycloak.scope=openid,profile,email
 
 spring.security.oauth2.resourceserver.jwt.issuer-uri=http://192.168.1.162:8180/realms/sentrius
-spring.security.oauth2.client.provider.keycloak.issuer-uri=http://192.168.1.162:8180/realms/sentrius
+spring.security.oauth2.client.provider.keycloak.issuer-uri=http://192.168.1.162:8180/realms/sentrius
+# for testing analytics agents
+#agents.session-analytics.enabled=true

api/src/main/java/io/sentrius/sso/controllers/api/AuditApiController.java

@@ -84,7 +84,6 @@ public List<SessionLogDTO> listSessions(HttpServletRequest request, HttpServletR
     @LimitAccess(sshAccess = {SSHAccessEnum.CAN_MANAGE_SYSTEMS})
     public ResponseEntity<String> getTerminalOutput(HttpServletRequest request, HttpServletResponse response, @RequestParam("sessionId") String sessionId)
         throws GeneralSecurityException {
-        log.info("Connecting to SSH server {}", sessionId);
         var sessionIdStr = cryptoService.decrypt(sessionId);
         var sessionIdLong = Long.parseLong(sessionIdStr);
 

api/src/main/java/io/sentrius/sso/websocket/SshListenerService.java

@@ -64,10 +64,8 @@ public void startListeningToSshServer(String terminalSessionId, WebSocketSession
 
         var connectedSystem = sessionTrackingService.getConnectedSession(sessionIdLong);
 
-        for(var trigger : connectedSystem.getSessionStartupActions()){
-
-        }
         log.info("Starting to listen to SSH server for session: {}", terminalSessionId);
+
         activeSessions.putIfAbsent(terminalSessionId, session);
 
         connectedSystem.setWebsocketSessionId(session.getId());

core/src/main/java/io/sentrius/sso/automation/auditing/AccessTokenAuditor.java

@@ -144,9 +144,11 @@ public void setSynchronousRules(List<AccessTokenEvaluator> synchronousRules)
           }
       }
     }
+    // async runner as user types
     runner = new AsyncAccessTokenAuditor(ztatService, asyncRules, connectedSystem, sessionTrackingService);
     executorService.submit(runner);
 
+    // async runner as user types, only to evaluate full commands
     fullRunner = new AsyncAccessTokenAuditor(ztatService, asyncFullRules, connectedSystem, sessionTrackingService);
     executorService.submit(fullRunner);
   }

core/src/main/java/io/sentrius/sso/core/services/terminal/SessionTrackingService.java

@@ -148,11 +148,6 @@ public void addToOutput(ConnectedSystem connectedSystem, char[] value, int offse
           }
           if (systemOptions.enableInternalAudit) {
             sessionAuditService.audit(connectedSystem, serverResponse);
-            // SessionAuditDB.getInstance().audit(SessionIdentifier.from(schSession.getUser(),
-            // schSession, sessionId, Long.valueOf(instanceId)), serverResponse);
-            // systemAuditLogger.info(gson.toJson(new AuditWrapper(schSession.getUser(),
-            // serverResponse)));
-            // SessionAuditDB.insertTerminalLog(con, serverResponse);
           }
         }
         else {
@@ -231,7 +226,9 @@ public List<Session.TerminalMessage> getOutput(ConnectedSystem connectedSystem,
 
           if (systemOptions.enableInternalAudit) {
             if (output.getOutputMessage() != null) {
-              sessionAuditService.audit(connectedSystem, output.getOutputMessage().getCommand());
+              // this should already be audited when client types
+              // fix for issue GH-8, where we saw duplicate messages.
+             // sessionAuditService.audit(connectedSystem, output.getOutputMessage().getCommand());
             }
           }
           if (output.getOutputMessage() != null) {

core/src/main/java/io/sentrius/sso/core/utils/SecureShellTask.java

@@ -33,6 +33,7 @@ public void execute(SessionOutput sessionOutput, InputStream outFromChannel) {
 
             while (!Thread.currentThread().isInterrupted() && !sessionOutput.getConnectedSystem().getSession().getClosed()) {
                 if (br.ready() && (read = br.read(buff)) != -1) {
+                    log.info("Read {} bytes from channel {}", read, new String(buff,0,read));
                     sessionOutputService.addToOutput(
                         sessionOutput.getConnectedSystem(), buff, 0, read);
                 }