Add rudimentary way to parse commands

phrocker · phrocker · commit 857a5ac0b67d · 2024-12-30T16:19:55.000-05:00
diff --git a/analyagents/src/main/java/io/sentrius/agent/analysis/agents/sessions/SessionAnalyticsAgent.java b/analyagents/src/main/java/io/sentrius/agent/analysis/agents/sessions/SessionAnalyticsAgent.java
@@ -1,9 +1,12 @@
 package io.sentrius.agent.analysis.agents.sessions;
 
 import java.sql.Timestamp;
+import java.util.ArrayList;
 import java.util.Arrays;
 import java.util.List;
 import java.util.Set;
+import java.util.regex.Matcher;
+import java.util.regex.Pattern;
 import java.util.stream.Collectors;
 import io.sentrius.sso.core.model.metadata.AnalyticsTracking;
 import io.sentrius.sso.core.model.metadata.TerminalBehaviorMetrics;
@@ -55,13 +58,13 @@ public void processSessions() {
             try {
                 processSession(session);
                 // ACTIVE -> INACTIVE -> CLOSED -> PROCESSED
-                saveToTracking(session.getId(), "PROCESSED");
+            //    saveToTracking(session.getId(), "PROCESSED");
             } catch (Exception e) {
                 log.error("Error processing session {}: {}", session.getId(), e.getMessage(), e);
                 saveToTracking(session.getId(), "ERROR");
             }
-            session.setSessionStatus("PROCESSED");
-            sessionMetadataService.saveSession(session);
+          //  session.setSessionStatus("PROCESSED");
+        //    sessionMetadataService.saveSession(session);
         }
     }
 
@@ -72,8 +75,10 @@ private void processSession(TerminalSessionMetadata session) {
             terminalLogs = List.of(); // Ensure it's not null
         }
 
+        TerminalLogs previousLog = null;
         for (TerminalLogs terminalLog : terminalLogs) {
-            parseAndSaveCommands(terminalLog, session);
+            parseAndSaveCommands(previousLog, terminalLog, session);
+            previousLog = terminalLog;
         }
 
         List<TerminalCommand> commands = commandService.getCommandsBySessionId(session.getId());
@@ -99,22 +104,77 @@ private void saveToTracking(Long sessionId, String status) {
         trackingRepository.save(tracking);
     }
 
-    public List<TerminalCommand> parseAndSaveCommands(
-        TerminalLogs terminalLog,
-        TerminalSessionMetadata sessionMetadata) {
+    public List<TerminalCommand> parseAndSaveCommands( 
+        TerminalLogs previousLog,
+        TerminalLogs terminalLog, TerminalSessionMetadata sessionMetadata) {
+        SessionAnalyticsAgent.log.info("Parsing and saving commands from terminal log: {}", terminalLog.getOutput());
         // Split output into individual commands (Assume each command ends with a newline or specific delimiter)
-        String[] commands = terminalLog.getOutput().split("\r\n|\r|\n");
+        //String[] commands = terminalLog.getOutput().split("\r\n|\r|\n");
+        String[] commands = terminalLog.getOutput().split("\r");
 
         // Parse each command
+        List<TerminalCommand> terminalCommands = new ArrayList<>();
+        for(int i = 0; i < commands.length; i++) {
+            var command = commands[i];
+            var cmd = extractCommand(i == 0 ? previousLog : null, command.trim());
+            if (!cmd.isEmpty()) {
+                terminalCommands.add(createTerminalCommand(cmd, terminalLog, sessionMetadata));
+            }
+        }
+        /*
         List<TerminalCommand> terminalCommands = Arrays.stream(commands)
-            .filter(command -> !command.trim().isEmpty()) // Skip empty lines
-            .map(command -> createTerminalCommand(command, terminalLog, sessionMetadata))
+            .filter(command -> !extractCommand(previousLog, command.trim()).isEmpty()) // Skip empty lines
+            .map(command -> createTerminalCommand(extractCommand(previousLog, command), terminalLog, sessionMetadata))
             .collect(Collectors.toList());
-
+*/
         // Save commands to the database
         return commandService.saveAll(terminalCommands);
     }
 
+    public static String extractCommand(TerminalLogs previousLog, String logLine) {
+        // Remove ANSI escape sequences
+        log.info("Cleaning log line: {}", logLine);
+        String cleanedLog = logLine.replaceAll("\u001B\\[[;\\d]*m", "").replaceAll("\u001B\\[\\?\\d+h", "");
+
+        // Define regex to match the prompt and capture the command
+        // This assumes the prompt ends with `$` or `#`, followed by a space and the command
+        Pattern pattern = Pattern.compile(".*[#$] (.+)$");
+        Matcher matcher = pattern.matcher(cleanedLog);
+
+        if (matcher.find()) {
+            log.info("Extracted command: {}", matcher.group(1).trim());
+            return matcher.group(1).trim();
+        } else {
+            if (null != previousLog) {
+                log.info("Previous log: {}", previousLog.getOutput());
+                // it could be that we are at the beginning of the log set.
+                String lastLogLine = getLastLogLine(previousLog);
+                if (!lastLogLine.isEmpty()) {
+                    log.info("Last log line: {}", lastLogLine);
+                    logLine = lastLogLine + logLine;
+                    matcher = pattern.matcher(logLine);
+                    if (matcher.find()) {
+                        log.info("Extracted command from last log line: {}", matcher.group(1).trim());
+                        return matcher.group(1).trim();
+                    }
+                }
+
+            }
+            log.info("No command found in log line: {}", logLine);
+            // Return an empty string if no command is found
+            return "";
+        }
+    }
+
+    private static String getLastLogLine(TerminalLogs previousLog) {
+        if (previousLog == null) {
+            return "";
+        }
+
+        String[] lines = previousLog.getOutput().split("\r");
+        return lines[lines.length - 1];
+    }
+
     private TerminalCommand createTerminalCommand(String command, TerminalLogs terminalLog, TerminalSessionMetadata sessionMetadata) {
         TerminalCommand terminalCommand = new TerminalCommand();
         terminalCommand.setCommand(command.trim());
diff --git a/analyagents/src/main/resources/application.properties b/analyagents/src/main/resources/application.properties
@@ -59,4 +59,4 @@ spring.security.oauth2.client.registration.keycloak.scope=openid,profile,email
 spring.security.oauth2.resourceserver.jwt.issuer-uri=http://192.168.1.162:8180/realms/sentrius
 spring.security.oauth2.client.provider.keycloak.issuer-uri=http://192.168.1.162:8180/realms/sentrius
 # for testing analytics agents
-#agents.session-analytics.enabled=true
+agents.session-analytics.enabled=true
diff --git a/core/src/main/java/io/sentrius/sso/core/services/terminal/SessionTrackingService.java b/core/src/main/java/io/sentrius/sso/core/services/terminal/SessionTrackingService.java
@@ -274,9 +274,6 @@ public void addSystemTrigger(ConnectedSystem connectedSystem, Trigger trigger) {
     }
   }
 
-  public void addToOutput(ConnectedSystem connectedSystem, String output) {
-    addToOutput(connectedSystem, output.toCharArray(), 0, output.length());
-  }
 
   public ConnectedSystem getConnectedSession(Long sessionId) {
     return userConnectionMap.get(sessionId);

Original file line number	Diff line number	Diff line change
`@@ -274,9 +274,6 @@ public void addSystemTrigger(ConnectedSystem connectedSystem, Trigger trigger) {`
`274`	`274`	`}`
`275`	`275`	`}`
`276`	`276`
`277`		`- public void addToOutput(ConnectedSystem connectedSystem, String output) {`
`278`		`- addToOutput(connectedSystem, output.toCharArray(), 0, output.length());`
`279`		`- }`
`280`	`277`
`281`	`278`	`public ConnectedSystem getConnectedSession(Long sessionId) {`
`282`	`279`	`return userConnectionMap.get(sessionId);`