Skip to content

Commit e0841a5

Browse files
mrtc0mrtc0
authored
refactor: introduction of a unified simplify argument for inspector (#66)
Signed-off-by: Kohei Morita <moritakouhei@graffer.jp>
1 parent 8217719 commit e0841a5

File tree

15 files changed

+232
-267
lines changed

15 files changed

+232
-267
lines changed

internal/inspector/account_takeover.go

Lines changed: 1 addition & 15 deletions
Original file line numberDiff line numberDiff line change
@@ -1,7 +1,6 @@
11
package inspector
22

33
import (
4-
"errors"
54
"fmt"
65

76
"github.com/sitebatch/waffle-go/internal/inspector/account_takeover"
@@ -14,28 +13,15 @@ type AccountTakeoverInspectorArgs struct {
1413
LoginRateLimitPerSecond rate.Limit
1514
}
1615

17-
func (a *AccountTakeoverInspectorArgs) IsArgOf() string {
18-
return string(AccountTakeoverInspectorName)
19-
}
20-
2116
func NewAccountTakeoverInspector() Inspector {
2217
return &AccountTakeoverInspector{}
2318
}
2419

25-
func (i *AccountTakeoverInspector) Name() InspectorName {
26-
return AccountTakeoverInspectorName
27-
}
28-
2920
func (i *AccountTakeoverInspector) IsSupportTarget(target InspectTarget) bool {
3021
return target == InspectTargetAccountTakeover
3122
}
3223

3324
func (i *AccountTakeoverInspector) Inspect(inspectData InspectData, args InspectorArgs) (*InspectResult, error) {
34-
inspectorArgs, ok := args.(*AccountTakeoverInspectorArgs)
35-
if !ok {
36-
return nil, errors.New("invalid args, not AccountTakeoverInspectorArgs")
37-
}
38-
3925
inspectValue := inspectData.Target[InspectTargetAccountTakeover]
4026
if inspectValue == nil {
4127
return nil, nil
@@ -48,7 +34,7 @@ func (i *AccountTakeoverInspector) Inspect(inspectData InspectData, args Inspect
4834
return nil, nil
4935
}
5036

51-
if err := account_takeover.IsLimit(clientIP[0], userID[0], inspectorArgs.LoginRateLimitPerSecond); err != nil {
37+
if err := account_takeover.IsLimit(clientIP[0], userID[0], args.AccountTakeoverInspectorArgs.LoginRateLimitPerSecond); err != nil {
5238
return &InspectResult{
5339
Target: InspectTargetAccountTakeover,
5440
Payload: fmt.Sprintf("client_ip: %s, user_id: %s", clientIP[0], userID[0]),

internal/inspector/account_takeover_test.go

Lines changed: 16 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -36,8 +36,10 @@ func TestAccountTakeoverInspector_Inspect(t *testing.T) {
3636
),
3737
},
3838
},
39-
inspectorArgs: &inspector.AccountTakeoverInspectorArgs{
40-
LoginRateLimitPerSecond: rate.Limit(10),
39+
inspectorArgs: inspector.InspectorArgs{
40+
AccountTakeoverInspectorArgs: inspector.AccountTakeoverInspectorArgs{
41+
LoginRateLimitPerSecond: rate.Limit(10),
42+
},
4143
},
4244
},
4345
randomizeTo: "user_id",
@@ -56,8 +58,10 @@ func TestAccountTakeoverInspector_Inspect(t *testing.T) {
5658
),
5759
},
5860
},
59-
inspectorArgs: &inspector.AccountTakeoverInspectorArgs{
60-
LoginRateLimitPerSecond: rate.Limit(10),
61+
inspectorArgs: inspector.InspectorArgs{
62+
AccountTakeoverInspectorArgs: inspector.AccountTakeoverInspectorArgs{
63+
LoginRateLimitPerSecond: rate.Limit(10),
64+
},
6165
},
6266
},
6367
randomizeTo: "client_ip",
@@ -76,8 +80,10 @@ func TestAccountTakeoverInspector_Inspect(t *testing.T) {
7680
),
7781
},
7882
},
79-
inspectorArgs: &inspector.AccountTakeoverInspectorArgs{
80-
LoginRateLimitPerSecond: rate.Limit(10),
83+
inspectorArgs: inspector.InspectorArgs{
84+
AccountTakeoverInspectorArgs: inspector.AccountTakeoverInspectorArgs{
85+
LoginRateLimitPerSecond: rate.Limit(10),
86+
},
8187
},
8288
},
8389
randomizeTo: "user_id",
@@ -96,8 +102,10 @@ func TestAccountTakeoverInspector_Inspect(t *testing.T) {
96102
),
97103
},
98104
},
99-
inspectorArgs: &inspector.AccountTakeoverInspectorArgs{
100-
LoginRateLimitPerSecond: rate.Limit(10),
105+
inspectorArgs: inspector.InspectorArgs{
106+
AccountTakeoverInspectorArgs: inspector.AccountTakeoverInspectorArgs{
107+
LoginRateLimitPerSecond: rate.Limit(10),
108+
},
101109
},
102110
},
103111
randomizeTo: "client_ip",

internal/inspector/inspector.go

Lines changed: 32 additions & 30 deletions
Original file line numberDiff line numberDiff line change
@@ -2,33 +2,44 @@ package inspector
22

33
type InspectorName string
44

5-
var (
6-
RegexInspectorName InspectorName = "RegexInspector"
7-
MatchListInspectorName InspectorName = "MatchListInspector"
8-
LibInjectionSQLIInspectorName InspectorName = "LibInjectionSQLIInspector"
9-
LibInjectionXSSInspectorName InspectorName = "LibInjectionXSSInspector"
10-
SQLiInspectorName InspectorName = "SQLiInspector"
11-
LFIInspectorName InspectorName = "LFIInspector"
12-
SSRFInspectorName InspectorName = "SSRFInspector"
13-
AccountTakeoverInspectorName InspectorName = "AccountTakeoverInspector"
5+
const (
6+
RegexInspectorName InspectorName = "regex"
7+
MatchListInspectorName InspectorName = "match_list"
8+
LibInjectionSQLIInspectorName InspectorName = "libinjection_sqli"
9+
LibInjectionXSSInspectorName InspectorName = "libinjection_xss"
10+
SQLiInspectorName InspectorName = "sqli"
11+
LFIInspectorName InspectorName = "lfi"
12+
SSRFInspectorName InspectorName = "ssrf"
13+
AccountTakeoverInspectorName InspectorName = "account_takeover"
1414
)
1515

16-
func NewInspector() map[string]Inspector {
17-
return map[string]Inspector{
18-
string("regex"): NewRegexInspector(),
19-
string("match_list"): NewMatchListInspector(),
20-
string("libinjection_sqli"): NewLibInjectionSQLIInspector(),
21-
string("libinjection_xss"): NewLibInjectionXSSInspector(),
22-
string("sqli"): NewSQLiInspector(),
23-
string("lfi"): NewLFIInspector(),
24-
string("ssrf"): NewSSRFInspector(),
25-
string("account_takeover"): NewAccountTakeoverInspector(),
16+
func NewInspectors() map[InspectorName]Inspector {
17+
return map[InspectorName]Inspector{
18+
RegexInspectorName: NewRegexInspector(),
19+
MatchListInspectorName: NewMatchListInspector(),
20+
LibInjectionSQLIInspectorName: NewLibInjectionSQLIInspector(),
21+
LibInjectionXSSInspectorName: NewLibInjectionXSSInspector(),
22+
SQLiInspectorName: NewSQLiInspector(),
23+
LFIInspectorName: NewLFIInspector(),
24+
SSRFInspectorName: NewSSRFInspector(),
25+
AccountTakeoverInspectorName: NewAccountTakeoverInspector(),
2626
}
2727
}
2828

29+
type InspectorArgs struct {
30+
TargetOptions []InspectTargetOptions
31+
32+
RegexInspectorArgs RegexInspectorArgs
33+
MatchListInspectorArgs MatchListInspectorArgs
34+
AccountTakeoverInspectorArgs AccountTakeoverInspectorArgs
35+
}
36+
37+
type InspectTargetOptions struct {
38+
Target InspectTarget
39+
Params []string
40+
}
41+
2942
type Inspector interface {
30-
// Name returns the name of the inspector
31-
Name() InspectorName
3243
// Inspect inspects the given data
3344
// Returns SuspiciousResult if the inspected data is determined to be an attack, otherwise returns nil
3445
// If an error occurs during inspection, returns an error
@@ -37,15 +48,6 @@ type Inspector interface {
3748
IsSupportTarget(target InspectTarget) bool
3849
}
3950

40-
type InspectorArgs interface {
41-
IsArgOf() string
42-
}
43-
44-
type InspectTargetOptions struct {
45-
Target InspectTarget
46-
Params []string
47-
}
48-
4951
// InspectResult represents the result of an inspection
5052
type InspectResult struct {
5153
Target InspectTarget // the target that was inspected

internal/inspector/lfi.go

Lines changed: 0 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -10,18 +10,10 @@ type LFIInspector struct{}
1010

1111
type LFIInspectorArgs struct{}
1212

13-
func (a *LFIInspectorArgs) IsArgOf() string {
14-
return string(LFIInspectorName)
15-
}
16-
1713
func NewLFIInspector() Inspector {
1814
return &LFIInspector{}
1915
}
2016

21-
func (i *LFIInspector) Name() InspectorName {
22-
return LFIInspectorName
23-
}
24-
2517
func (i *LFIInspector) IsSupportTarget(target InspectTarget) bool {
2618
return target == InspectTargetOSFileOpen
2719
}

internal/inspector/libinjection.go

Lines changed: 4 additions & 31 deletions
Original file line numberDiff line numberDiff line change
@@ -1,7 +1,6 @@
11
package inspector
22

33
import (
4-
"errors"
54
"fmt"
65

76
"github.com/sitebatch/waffle-go/internal/inspector/libinjection"
@@ -19,14 +18,6 @@ type LibInjectionXSSInspectorArgs struct {
1918
InspectTargetOptions []InspectTargetOptions
2019
}
2120

22-
func (r *LibInjectionSQLIInspectorArgs) IsArgOf() string {
23-
return string(LibInjectionSQLIInspectorName)
24-
}
25-
26-
func (r *LibInjectionXSSInspectorArgs) IsArgOf() string {
27-
return string(LibInjectionXSSInspectorName)
28-
}
29-
3021
func NewLibInjectionSQLIInspector() Inspector {
3122
return &LibInjectionSQLIInspector{}
3223
}
@@ -35,14 +26,6 @@ func NewLibInjectionXSSInspector() Inspector {
3526
return &LibInjectionXSSInspector{}
3627
}
3728

38-
func (r *LibInjectionSQLIInspector) Name() InspectorName {
39-
return LibInjectionSQLIInspectorName
40-
}
41-
42-
func (r *LibInjectionXSSInspector) Name() InspectorName {
43-
return LibInjectionXSSInspectorName
44-
}
45-
4629
func (r *LibInjectionSQLIInspector) IsSupportTarget(target InspectTarget) bool {
4730
return true
4831
}
@@ -51,13 +34,8 @@ func (r *LibInjectionXSSInspector) IsSupportTarget(target InspectTarget) bool {
5134
return true
5235
}
5336

54-
func (r *LibInjectionSQLIInspector) Inspect(inspectData InspectData, inspectorArgs InspectorArgs) (*InspectResult, error) {
55-
args, ok := inspectorArgs.(*LibInjectionSQLIInspectorArgs)
56-
if !ok {
57-
return nil, errors.New("invalid args, not LibInjectionSQLIInspectorArgs")
58-
}
59-
60-
for _, opt := range args.InspectTargetOptions {
37+
func (r *LibInjectionSQLIInspector) Inspect(inspectData InspectData, args InspectorArgs) (*InspectResult, error) {
38+
for _, opt := range args.TargetOptions {
6139
if _, ok := inspectData.Target[opt.Target]; !ok {
6240
continue
6341
}
@@ -81,13 +59,8 @@ func (r *LibInjectionSQLIInspector) Inspect(inspectData InspectData, inspectorAr
8159
return nil, nil
8260
}
8361

84-
func (r *LibInjectionXSSInspector) Inspect(inspectData InspectData, inspectorArgs InspectorArgs) (*InspectResult, error) {
85-
args, ok := inspectorArgs.(*LibInjectionXSSInspectorArgs)
86-
if !ok {
87-
return nil, errors.New("invalid args, not LibInjectionXSSInspectorArgs")
88-
}
89-
90-
for _, opt := range args.InspectTargetOptions {
62+
func (r *LibInjectionXSSInspector) Inspect(inspectData InspectData, args InspectorArgs) (*InspectResult, error) {
63+
for _, opt := range args.TargetOptions {
9164
if _, ok := inspectData.Target[opt.Target]; !ok {
9265
continue
9366
}

internal/inspector/match_list.go

Lines changed: 4 additions & 19 deletions
Original file line numberDiff line numberDiff line change
@@ -1,7 +1,6 @@
11
package inspector
22

33
import (
4-
"errors"
54
"fmt"
65

76
"github.com/sitebatch/waffle-go/handler"
@@ -12,12 +11,7 @@ import (
1211
type MatchListInspector struct{}
1312

1413
type MatchListInspectorArgs struct {
15-
List []string
16-
InspectTargetOptions []InspectTargetOptions
17-
}
18-
19-
func (m *MatchListInspectorArgs) IsArgOf() string {
20-
return string(MatchListInspectorName)
14+
List []string
2115
}
2216

2317
func NewMatchListInspector() Inspector {
@@ -28,17 +22,8 @@ func (m *MatchListInspector) IsSupportTarget(target InspectTarget) bool {
2822
return true
2923
}
3024

31-
func (m *MatchListInspector) Name() InspectorName {
32-
return MatchListInspectorName
33-
}
34-
35-
func (m *MatchListInspector) Inspect(inspectData InspectData, inspectorArgs InspectorArgs) (*InspectResult, error) {
36-
args, ok := inspectorArgs.(*MatchListInspectorArgs)
37-
if !ok {
38-
return nil, errors.New("invalid args, not MatchListInspectorArgs")
39-
}
40-
41-
for _, opt := range args.InspectTargetOptions {
25+
func (m *MatchListInspector) Inspect(inspectData InspectData, args InspectorArgs) (*InspectResult, error) {
26+
for _, opt := range args.TargetOptions {
4227
if _, ok := inspectData.Target[opt.Target]; !ok {
4328
continue
4429
}
@@ -48,7 +33,7 @@ func (m *MatchListInspector) Inspect(inspectData InspectData, inspectorArgs Insp
4833
)
4934

5035
for _, value := range values {
51-
for _, listValue := range args.List {
36+
for _, listValue := range args.MatchListInspectorArgs.List {
5237
re, err := regexp.Compile(listValue)
5338
if err != nil {
5439
handler.GetErrorHandler().HandleError(err)

internal/inspector/match_list_test.go

Lines changed: 15 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -27,9 +27,11 @@ func TestMatchlistInspector_Inspect(t *testing.T) {
2727
inspector.InspectTargetHttpRequestQuery: types.NewStringValue("q=/etc/passwd"),
2828
},
2929
},
30-
inspectorArgs: &inspector.MatchListInspectorArgs{
31-
List: []string{"etc/test", "etc/passwd", "etc/hosts"},
32-
InspectTargetOptions: []inspector.InspectTargetOptions{
30+
inspectorArgs: inspector.InspectorArgs{
31+
MatchListInspectorArgs: inspector.MatchListInspectorArgs{
32+
List: []string{"etc/test", "etc/passwd", "etc/hosts"},
33+
},
34+
TargetOptions: []inspector.InspectTargetOptions{
3335
{
3436
Target: inspector.InspectTargetHttpRequestQuery,
3537
},
@@ -45,9 +47,11 @@ func TestMatchlistInspector_Inspect(t *testing.T) {
4547
inspector.InspectTargetHttpRequestQuery: types.NewStringValue("q=/etc/passwd"),
4648
},
4749
},
48-
inspectorArgs: &inspector.MatchListInspectorArgs{
49-
List: []string{"etc/test", "etc/shadow", "etc/hosts"},
50-
InspectTargetOptions: []inspector.InspectTargetOptions{
50+
inspectorArgs: inspector.InspectorArgs{
51+
MatchListInspectorArgs: inspector.MatchListInspectorArgs{
52+
List: []string{"etc/test", "etc/passwd", "etc/hosts"},
53+
},
54+
TargetOptions: []inspector.InspectTargetOptions{
5155
{
5256
Target: inspector.InspectTargetHttpRequestQuery,
5357
},
@@ -62,9 +66,11 @@ func TestMatchlistInspector_Inspect(t *testing.T) {
6266
inspector.InspectTargetHttpRequestQuery: types.NewStringValue("q=/etc/passwd"),
6367
},
6468
},
65-
inspectorArgs: &inspector.MatchListInspectorArgs{
66-
List: []string{"etc/test", "etc/passwd", "etc/hosts"},
67-
InspectTargetOptions: []inspector.InspectTargetOptions{
69+
inspectorArgs: inspector.InspectorArgs{
70+
MatchListInspectorArgs: inspector.MatchListInspectorArgs{
71+
List: []string{"etc/test", "etc/passwd", "etc/hosts"},
72+
},
73+
TargetOptions: []inspector.InspectTargetOptions{
6874
{
6975
Target: inspector.InspectTargetHttpRequestURL,
7076
},

0 commit comments

Comments
 (0)