zardoz/classifier.go

package main

import (
	"bytes"
	"fmt"
	"io/ioutil"
	"log"
	"net/http"
	"net/http/httputil"
	"regexp"
	"strings"
)

//Zregexp is the regular expression used by ZARDOZ to process headers
var Zregexp string

func init() {

	var expressions = []string{
		`([ ]([A-Za-z0-9-_]{4,}\.)+\w+)`,                   // domain name
		`([ ]/[A-Za-z0-9-_/.]{4,}[ ])`,                     // URI path (also partial)
		`[[:alpha:]]{4,32}`,                                // alpha digit token
		`([0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3})`, // IP address
		`([0-9a-fA-F]{8}\-[0-9a-fA-F]{4}\-[0-9a-fA-F]{4}\-[0-9a-fA-F]{4}\-[0-9a-fA-F]{12})`, // UUID
	}

	Zregexp = strings.Join(expressions, "|")

}

func passAndLearn(resp *http.Response) error {

	ProxyFlow.response = resp
	ProxyFlow.seniority++
	req := ProxyFlow.request

	switch {
	case isAuth(resp):
		log.Println("401: We don't want to store credentials")
	case IsError(resp):
		buf := bytes.NewBufferString(BlockMessage)
		resp.Body = ioutil.NopCloser(buf)
		resp.Status = "403 Forbidden"
		resp.StatusCode = 403
		resp.Header["Content-Length"] = []string{fmt.Sprint(buf.Len())}
		resp.Header.Set("Content-Encoding", "none")
		log.Println("Filing inside bad class")
		feedRequest(req, "BAD")
		ControPlane.StatsTokens <- "DOWNGRADE"
	case isSuccess(resp):
		log.Println("Filing inside Good Class: ", resp.StatusCode)
		feedRequest(req, "GOOD")
	}

	return nil
}

func blockAndlearn(resp *http.Response) error {

	ProxyFlow.response = resp
	ProxyFlow.seniority++
	req := ProxyFlow.request

	buf := bytes.NewBufferString(BlockMessage)
	resp.Body = ioutil.NopCloser(buf)
	resp.Status = "403 Forbidden"
	resp.StatusCode = 403
	resp.Header["Content-Length"] = []string{fmt.Sprint(buf.Len())}
	resp.Header.Set("Content-Encoding", "none")

	switch {
	case isAuth(resp):
		log.Println("401: We don't want to store credentials")
	case IsError(resp):
		log.Println("Filing inside bad class")
		feedRequest(req, "BAD")
	case isSuccess(resp):
		log.Println("Filing inside Good Class: ", resp.StatusCode)
		ControPlane.StatsTokens <- "UPGRADED"
		feedRequest(req, "GOOD")
	}

	return nil

}

func sanitizeHeaders(s string) string {

	re, rerr := regexp.Compile(Zregexp)
	if rerr != nil {
		log.Println("Error Compiling regular expression: ", Zregexp)
	}

	matched := re.FindAllString(s, -1)

	uMatched := Unique(matched)

	tmpSt := strings.ToLower(strings.Join(uMatched, " "))

	log.Println("Matched: " + tmpSt)

	return tmpSt

}

func feedRequest(req *http.Request, class string) {

	feed := formatRequest(req)

	if class == "BAD" {

		log.Println("Feeding BAD token: ", feed)

		ControPlane.BadTokens <- sanitizeHeaders(feed)

	}

	if class == "GOOD" {

		log.Println("Feeding GOOD Token:", feed)

		ControPlane.GoodTokens <- sanitizeHeaders(feed)

	}

}

func formatRequest(req *http.Request) string {

	ingestBody := req.ContentLength < 2048 && req.ContentLength > 1

	log.Println("Ingesting the body: ", ingestBody)

	requestDump, err := httputil.DumpRequest(req, ingestBody)
	if err != nil {
		fmt.Println(err)
	}

	return fmt.Sprintf("%s\n", requestDump)

}

//Unique returns unique elements in the string
func Unique(slice []string) []string {
	// create a map with all the values as key
	uniqMap := make(map[string]struct{})
	for _, v := range slice {
		uniqMap[v] = struct{}{}
	}

	// turn the map keys into a slice
	uniqSlice := make([]string, 0, len(uniqMap))
	for v := range uniqMap {
		uniqSlice = append(uniqSlice, v)
	}
	return uniqSlice
}

func isSuccess(resp *http.Response) bool {
	return resp.StatusCode <= 299
}

func isAuth(resp *http.Response) bool {
	return resp.StatusCode == 401
}

func IsError(resp *http.Response) bool {
	return resp.StatusCode >= 400
}