commit

Author: phrocker

.gcp.env

@@ -1,4 +1,4 @@
 SENTRIUS_VERSION=1.0.34
 SENTRIUS_SSH_VERSION=1.0.3
-SENTRIUS_KEYCLOAK_VERSION=1.0.4
+SENTRIUS_KEYCLOAK_VERSION=1.0.5
 SENTRIUS_AGENT_VERSION=1.0.15

analyagents/src/main/java/io/sentrius/agent/analysis/agents/sessions/SessionAnalyticsAgent.java

@@ -1,40 +1,35 @@
 package io.sentrius.agent.analysis.agents.sessions;
 
+import java.nio.charset.StandardCharsets;
 import java.sql.Timestamp;
 import java.util.ArrayList;
-import java.util.Arrays;
+import java.util.Base64;
 import java.util.List;
-import java.util.Map;
 import java.util.Set;
 import java.util.regex.Matcher;
 import java.util.regex.Pattern;
 import java.util.stream.Collectors;
-import com.fasterxml.jackson.core.JsonProcessingException;
+import io.sentrius.sso.core.model.categorization.CommandCategory;
 import io.sentrius.sso.core.model.metadata.AnalyticsTracking;
 import io.sentrius.sso.core.model.metadata.TerminalBehaviorMetrics;
 import io.sentrius.sso.core.model.metadata.TerminalCommand;
 import io.sentrius.sso.core.model.metadata.TerminalRiskIndicator;
 import io.sentrius.sso.core.model.metadata.TerminalSessionMetadata;
 import io.sentrius.sso.core.model.metadata.UserExperienceMetrics;
-import io.sentrius.sso.core.model.security.IntegrationSecurityToken;
 import io.sentrius.sso.core.model.sessions.TerminalLogs;
 import io.sentrius.sso.core.repository.AnalyticsTrackingRepository;
 import io.sentrius.sso.core.services.IntegrationSecurityTokenService;
-import io.sentrius.sso.core.services.PluggableServices;
 import io.sentrius.sso.core.services.SessionService;
 import io.sentrius.sso.core.services.metadata.TerminalBehaviorMetricsService;
 import io.sentrius.sso.core.services.metadata.TerminalCommandService;
 import io.sentrius.sso.core.services.metadata.TerminalRiskIndicatorService;
 import io.sentrius.sso.core.services.metadata.TerminalSessionMetadataService;
 import io.sentrius.sso.core.services.metadata.UserExperienceMetricsService;
-import io.sentrius.sso.core.utils.JsonUtil;
-import io.sentrius.sso.integrations.external.ExternalIntegrationDTO;
-import io.sentrius.sso.security.ApiKey;
+import io.sentrius.sso.core.services.openai.categorization.CommandCategorizer;
 import jakarta.transaction.Transactional;
 import lombok.RequiredArgsConstructor;
 import lombok.extern.slf4j.Slf4j;
 import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
-import org.springframework.context.ApplicationContext;
 import org.springframework.scheduling.annotation.Scheduled;
 import org.springframework.stereotype.Component;
 
@@ -51,6 +46,7 @@ public class SessionAnalyticsAgent {
     private final UserExperienceMetricsService experienceMetricsService;
     private final AnalyticsTrackingRepository trackingRepository;
     private final SessionService sessionService;
+    private final CommandCategorizer commandCategorizer;
     final IntegrationSecurityTokenService integrationSecurityTokenService;
 
 
@@ -61,6 +57,7 @@ public void processSessions() {
 
         // Fetch already processed session IDs in bulk
         Set<Long> processedSessionIds = trackingRepository.findAllSessionIds();
+        log.info("Found {} processed sessions", processedSessionIds.size());
         List<TerminalSessionMetadata> unprocessedSessions = sessionMetadataService.getSessionsByState("CLOSED").stream()
             .filter(session -> !processedSessionIds.contains(session.getId()))
             .collect(Collectors.toList());
@@ -69,13 +66,13 @@ public void processSessions() {
             try {
                 processSession(session);
                 // ACTIVE -> INACTIVE -> CLOSED -> PROCESSED
-            //    saveToTracking(session.getId(), "PROCESSED");
+                saveToTracking(session.getId(), "PROCESSED");
             } catch (Exception e) {
                 log.error("Error processing session {}: {}", session.getId(), e.getMessage(), e);
                 saveToTracking(session.getId(), "ERROR");
             }
-          //  session.setSessionStatus("PROCESSED");
-        //    sessionMetadataService.saveSession(session);
+            session.setSessionStatus("PROCESSED");
+            sessionMetadataService.saveSession(session);
         }
 
         log.info("Finished processing sessions");
@@ -185,7 +182,6 @@ public static String extractCommand(TerminalLogs previousLog, String logLine) {
             return matcher.group(1).trim();
         } else {
             if (null != previousLog) {
-                log.info("Previous log: {}", previousLog.getOutput());
                 // it could be that we are at the beginning of the log set.
                 String lastLogLine = getLastLogLine(previousLog);
                 if (!lastLogLine.isEmpty()) {
@@ -215,26 +211,20 @@ private static String getLastLogLine(TerminalLogs previousLog) {
     }
 
     private TerminalCommand createTerminalCommand(String command, TerminalLogs terminalLog, TerminalSessionMetadata sessionMetadata) {
+        String encodedString = Base64.getEncoder().encodeToString(command.trim().getBytes(StandardCharsets.UTF_8));
+
         TerminalCommand terminalCommand = new TerminalCommand();
-        terminalCommand.setCommand(command.trim());
+        terminalCommand.setCommand(encodedString);
         terminalCommand.setSession(sessionMetadata);
         terminalCommand.setExecutionTime(new Timestamp(System.currentTimeMillis()));
         terminalCommand.setExecutionStatus("SUCCESS");
         terminalCommand.setOutput(""); // Assume no output initially
-        terminalCommand.setCommandCategory(categorizeCommand(command));
+        terminalCommand.setCommandCategory(categorizeCommand(command).getCategoryName());
 
         return terminalCommand;
     }
 
-    private String categorizeCommand(String command) {
-        // probably need to define externally
-        if (command.startsWith("sudo")) {
-            return "PRIVILEGED";
-        } else if (command.contains("rm")) {
-            return "DESTRUCTIVE";
-        } else if (command.contains("ls") || command.contains("cat")) {
-            return "INFORMATIONAL";
-        }
-        return "GENERAL";
+    private CommandCategory categorizeCommand(String command) {
+        return commandCategorizer.categorizeCommand(command);
     }
 }

analyagents/src/main/resources/application.properties

@@ -61,4 +61,5 @@ spring.security.oauth2.client.provider.keycloak.issuer-uri=http://192.168.1.162:
 # for testing analytics agents
 agents.session-analytics.enabled=true
 management.endpoints.web.exposure.include=health
-management.endpoint.health.show-details=always
+management.endpoint.health.show-details=always
+

api/src/main/resources/db/migration/V13__command_categorizer.sql

@@ -0,0 +1,9 @@
+CREATE TABLE command_categories (
+    id SERIAL PRIMARY KEY,
+    category_name VARCHAR(50) NOT NULL,
+    pattern TEXT NOT NULL, -- Store regex patterns
+    priority INT NOT NULL DEFAULT 0 -- Optional: for matching precedence
+);
+
+
+CREATE INDEX idx_pattern ON command_categories (pattern);

core/pom.xml

@@ -139,7 +139,11 @@
             <artifactId>quartz</artifactId>
             <version>${quartz-version}</version>
         </dependency>
-
+        <dependency>
+            <groupId>com.github.ben-manes.caffeine</groupId>
+            <artifactId>caffeine</artifactId>
+            <version>${caffeine-version}</version>
+        </dependency>
         <dependency>
             <groupId>com.google.protobuf</groupId>
             <artifactId>protobuf-java</artifactId>

core/src/main/java/io/sentrius/sso/core/model/categorization/CommandCategory.java

@@ -0,0 +1,29 @@
+package io.sentrius.sso.core.model.categorization;
+
+import jakarta.persistence.Entity;
+import jakarta.persistence.GeneratedValue;
+import jakarta.persistence.GenerationType;
+import jakarta.persistence.Id;
+import jakarta.persistence.Table;
+import lombok.AllArgsConstructor;
+import lombok.Builder;
+import lombok.Getter;
+import lombok.NoArgsConstructor;
+import lombok.ToString;
+
+@Getter
+@Builder
+@NoArgsConstructor
+@ToString
+@AllArgsConstructor
+@Entity
+@Table(name = "command_categories")
+public class CommandCategory {
+    @Id
+    @GeneratedValue(strategy = GenerationType.IDENTITY)
+    private Long id;
+    private String categoryName;
+    private String pattern;
+    private int priority;
+
+}

core/src/main/java/io/sentrius/sso/core/repository/CommandCategoryRepository.java

@@ -0,0 +1,15 @@
+package io.sentrius.sso.core.repository;
+
+import java.util.List;
+import io.sentrius.sso.core.model.categorization.CommandCategory;
+import org.springframework.data.jpa.repository.JpaRepository;
+import org.springframework.data.jpa.repository.Query;
+import org.springframework.stereotype.Repository;
+
+@Repository
+public interface CommandCategoryRepository extends JpaRepository<CommandCategory, Long> {
+    @Query("SELECT c FROM CommandCategory c ORDER BY c.priority ASC")
+    List<CommandCategory> findAllOrderedByPriority();
+
+    List<CommandCategory> findByPattern(String pattern);
+}

core/src/main/java/io/sentrius/sso/core/services/openai/categorization/CommandCategorizer.java

@@ -0,0 +1,113 @@
+package io.sentrius.sso.core.services.openai.categorization;
+
+import java.util.List;
+import java.util.concurrent.TimeUnit;
+import java.util.regex.Pattern;
+import com.fasterxml.jackson.core.JsonProcessingException;
+import com.github.benmanes.caffeine.cache.Cache;
+import com.github.benmanes.caffeine.cache.Caffeine;
+import io.sentrius.sso.core.model.categorization.CommandCategory;
+import io.sentrius.sso.core.repository.CommandCategoryRepository;
+import io.sentrius.sso.core.services.IntegrationSecurityTokenService;
+import io.sentrius.sso.core.utils.JsonUtil;
+import io.sentrius.sso.genai.GenerativeAPI;
+import io.sentrius.sso.genai.GeneratorConfiguration;
+import io.sentrius.sso.genai.LLMCommandCategorizer;
+import io.sentrius.sso.integrations.external.ExternalIntegrationDTO;
+import io.sentrius.sso.security.ApiKey;
+import jakarta.annotation.PostConstruct;
+import jakarta.transaction.Transactional;
+import jdk.jfr.TransitionTo;
+import lombok.AllArgsConstructor;
+import lombok.RequiredArgsConstructor;
+import lombok.extern.slf4j.Slf4j;
+import org.springframework.stereotype.Service;
+
+@Slf4j
+@Service
+@RequiredArgsConstructor
+public class CommandCategorizer {
+
+    private final IntegrationSecurityTokenService integrationSecurityTokenService;
+
+    private final CommandCategoryRepository commandCategoryRepository;
+
+
+    private final CommandTrie commandTrie = new CommandTrie();
+
+    private final Cache<String, CommandCategory> commandCache = Caffeine.newBuilder()
+        .maximumSize(10000)
+        .expireAfterWrite(24, TimeUnit.HOURS)
+        .build();
+
+    @PostConstruct
+    public void initializeTrie() {
+        List<CommandCategory> categories = commandCategoryRepository.findAll();
+        for (CommandCategory category : categories) {
+            log.info("Adding command category {} to trie", category);
+            commandTrie.insert(category.getPattern(), category);
+        }
+    }
+
+    @Transactional
+    public CommandCategory categorizeCommand(String command) {
+        return commandCache.get(command, this::categorizeWithRulesOrML);
+    }
+
+
+    protected List<CommandCategory> getDBCommandCategory(String command){
+        return commandCategoryRepository.findByPattern(command);
+    }
+
+    @Transactional
+    protected void addCommandCategory(String command, CommandCategory category) {
+        commandTrie.insert(command, category);
+        commandCategoryRepository.save(category);
+    }
+
+
+    @Transactional
+    protected CommandCategory categorizeWithRulesOrML(String command) {
+        CommandCategory category = commandTrie.searchByPrefix(command);
+        if (category != null) {
+            log.info("Found command category {} for {} ", category, command);
+            return category;
+        }
+        
+        var openaiService = integrationSecurityTokenService.findByConnectionType("openai").stream().findFirst().orElse(null);
+
+        if (null != openaiService){
+            log.info("OpenAI service is available");
+            ExternalIntegrationDTO externalIntegrationDTO = null;
+            try {
+                externalIntegrationDTO = JsonUtil.MAPPER.readValue(openaiService.getConnectionInfo(),
+                    ExternalIntegrationDTO.class);
+            } catch (JsonProcessingException e) {
+                throw new RuntimeException(e);
+            }
+            ApiKey key =
+                ApiKey.builder().apiKey(externalIntegrationDTO.getApiToken()).principal(externalIntegrationDTO.getUsername()).build();
+
+            var commandCategorizer = new LLMCommandCategorizer(key, new GenerativeAPI(key), GeneratorConfiguration.builder().build());
+
+            try {
+                category = commandCategorizer.generate(command);
+
+                addCommandCategory(category.getPattern(), category);
+                
+                log.info("Categorized command: {}", category);
+                return category;
+            } catch (Exception e) {
+                e.printStackTrace();
+                log.error("Error categorizing command", e);
+            }
+
+        } else {
+            log.info("OpenAI service is not enabled");
+        }
+
+        log.info("Finished processing terminal commands");
+
+        return CommandCategory.builder().build();
+    }
+}

core/src/main/java/io/sentrius/sso/core/services/openai/categorization/CommandTrie.java

@@ -0,0 +1,70 @@
+package io.sentrius.sso.core.services.openai.categorization;
+
+import io.sentrius.sso.core.model.categorization.CommandCategory;
+import lombok.extern.slf4j.Slf4j;
+
+@Slf4j
+public class CommandTrie {
+    private final TrieNode root = new TrieNode();
+
+    private String normalizePath(String path) {
+        return path.replaceAll("/+$", ""); // Remove trailing slashes
+    }
+
+    public void insert(String command, CommandCategory category) {
+        String[] parts = command.split(" ");
+        TrieNode current = root;
+        for (String part : parts) {
+            part = normalizePath(part); // Normalize each part
+            current = current.children.computeIfAbsent(part, k -> new TrieNode());
+        }
+        current.isEndOfCommand = true;
+        if (category.getPattern().endsWith("*")) {
+            current.isWildcard = true;
+        }
+        else {
+            current.isWildcard = false;
+        }
+        current.commandCategory = category;
+    }
+
+    public CommandCategory search(String command) {
+        String[] parts = command.split(" ");
+        TrieNode current = root;
+        for (String part : parts) {
+            current = current.children.get(part);
+            if (current == null) {
+                return null; // Command not found
+            }
+        }
+        return current.isEndOfCommand ? current.commandCategory : null;
+    }
+
+    public CommandCategory searchByPrefix(String command) {
+        String[] parts = command.split(" ");
+        TrieNode current = root;
+        CommandCategory lastCategory = null;
+
+        for (String part : parts) {
+            part = normalizePath(part); // Normalize each part
+            log.info("Searching for part: {}", part);
+
+            // Check if the part exists in the children
+            if (current.children.containsKey(part)) {
+                current = current.children.get(part);
+                if (current.isEndOfCommand) {
+                    lastCategory = current.commandCategory;
+                }
+            } else {
+                // If no exact match, check for wildcard match (e.g., "cat /etc/")
+                if (current.isEndOfCommand) {
+                    log.info("Partial match found at: {}", part);
+                    lastCategory = current.commandCategory;
+                }
+                break; // No further match possible
+            }
+        }
+
+        return lastCategory;
+    }
+}