mirror of
https://github.com/wneessen/logranger.git
synced 2024-11-22 12:50:50 +01:00
Compare commits
No commits in common. "71a6f505e138ba47081b2c5f94ddf16fbba15880" and "9ca1b16c0398c246d6e50aa1d2e3f0fac520f004" have entirely different histories.
71a6f505e1
...
9ca1b16c03
19 changed files with 221 additions and 619 deletions
20
.github/dependabot.yml
vendored
20
.github/dependabot.yml
vendored
|
@ -1,20 +0,0 @@
|
|||
# SPDX-FileCopyrightText: 2023 Winni Neessen <wn@neessen.dev>
|
||||
#
|
||||
# SPDX-License-Identifier: MIT
|
||||
|
||||
version: 2
|
||||
updates:
|
||||
- package-ecosystem: github-actions
|
||||
directory: /
|
||||
schedule:
|
||||
interval: daily
|
||||
|
||||
- package-ecosystem: docker
|
||||
directory: /
|
||||
schedule:
|
||||
interval: daily
|
||||
|
||||
- package-ecosystem: gomod
|
||||
directory: /
|
||||
schedule:
|
||||
interval: daily
|
82
.github/workflows/codeql.yml
vendored
82
.github/workflows/codeql.yml
vendored
|
@ -1,82 +0,0 @@
|
|||
# SPDX-FileCopyrightText: 2023 Winni Neessen <wn@neessen.dev>
|
||||
#
|
||||
# SPDX-License-Identifier: MIT
|
||||
|
||||
# For most projects, this workflow file will not need changing; you simply need
|
||||
# to commit it to your repository.
|
||||
#
|
||||
# You may wish to alter this file to override the set of languages analyzed,
|
||||
# or to provide custom queries or build logic.
|
||||
#
|
||||
# ******** NOTE ********
|
||||
# We have attempted to detect the languages in your repository. Please check
|
||||
# the `language` matrix defined below to confirm you have the correct set of
|
||||
# supported CodeQL languages.
|
||||
#
|
||||
name: "CodeQL"
|
||||
|
||||
on:
|
||||
push:
|
||||
branches: ["main"]
|
||||
pull_request:
|
||||
# The branches below must be a subset of the branches above
|
||||
branches: ["main"]
|
||||
schedule:
|
||||
- cron: "0 0 * * 1"
|
||||
|
||||
permissions:
|
||||
contents: read
|
||||
|
||||
jobs:
|
||||
analyze:
|
||||
name: Analyze
|
||||
runs-on: ubuntu-latest
|
||||
permissions:
|
||||
actions: read
|
||||
contents: read
|
||||
security-events: write
|
||||
|
||||
strategy:
|
||||
fail-fast: false
|
||||
matrix:
|
||||
language: ["go"]
|
||||
# CodeQL supports [ $supported-codeql-languages ]
|
||||
# Learn more about CodeQL language support at https://aka.ms/codeql-docs/language-support
|
||||
|
||||
steps:
|
||||
- name: Harden Runner
|
||||
uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0
|
||||
with:
|
||||
egress-policy: audit
|
||||
|
||||
- name: Checkout repository
|
||||
uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2
|
||||
|
||||
# Initializes the CodeQL tools for scanning.
|
||||
- name: Initialize CodeQL
|
||||
uses: github/codeql-action/init@05963f47d870e2cb19a537396c1f668a348c7d8f # v3.24.8
|
||||
with:
|
||||
languages: ${{ matrix.language }}
|
||||
# If you wish to specify custom queries, you can do so here or in a config file.
|
||||
# By default, queries listed here will override any specified in a config file.
|
||||
# Prefix the list here with "+" to use these queries and those in the config file.
|
||||
|
||||
# Autobuild attempts to build any compiled languages (C/C++, C#, or Java).
|
||||
# If this step fails, then you should remove it and run the build manually (see below)
|
||||
- name: Autobuild
|
||||
uses: github/codeql-action/autobuild@05963f47d870e2cb19a537396c1f668a348c7d8f # v3.24.8
|
||||
|
||||
# ℹ️ Command-line programs to run using the OS shell.
|
||||
# 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun
|
||||
|
||||
# If the Autobuild fails above, remove it and uncomment the following three lines.
|
||||
# modify them (or add more) to build your code if your project, please refer to the EXAMPLE below for guidance.
|
||||
|
||||
# - run: |
|
||||
# echo "Run, Build Application using script"
|
||||
# ./location_of_script_within_repo/buildscript.sh
|
||||
|
||||
- name: Perform CodeQL Analysis
|
||||
uses: github/codeql-action/analyze@05963f47d870e2cb19a537396c1f668a348c7d8f # v3.24.8
|
||||
with:
|
||||
category: "/language:${{matrix.language}}"
|
31
.github/workflows/dependency-review.yml
vendored
31
.github/workflows/dependency-review.yml
vendored
|
@ -1,31 +0,0 @@
|
|||
# SPDX-FileCopyrightText: 2023 Winni Neessen <wn@neessen.dev>
|
||||
#
|
||||
# SPDX-License-Identifier: MIT
|
||||
|
||||
# Dependency Review Action
|
||||
#
|
||||
# This Action will scan dependency manifest files that change as part of a Pull Request,
|
||||
# surfacing known-vulnerable versions of the packages declared or updated in the PR.
|
||||
# Once installed, if the workflow run is marked as required,
|
||||
# PRs introducing known-vulnerable packages will be blocked from merging.
|
||||
#
|
||||
# Source repository: https://github.com/actions/dependency-review-action
|
||||
name: 'Dependency Review'
|
||||
on: [pull_request]
|
||||
|
||||
permissions:
|
||||
contents: read
|
||||
|
||||
jobs:
|
||||
dependency-review:
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- name: Harden Runner
|
||||
uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0
|
||||
with:
|
||||
egress-policy: audit
|
||||
|
||||
- name: 'Checkout Repository'
|
||||
uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2
|
||||
- name: 'Dependency Review'
|
||||
uses: actions/dependency-review-action@0fa40c3c10055986a88de3baa0d6ec17c5a894b3 # v4.2.3
|
26
.github/workflows/docker-publish.yml
vendored
26
.github/workflows/docker-publish.yml
vendored
|
@ -2,7 +2,7 @@
|
|||
#
|
||||
# SPDX-License-Identifier: MIT
|
||||
|
||||
name: Docker build and publish
|
||||
name: Publish docker image
|
||||
|
||||
# This workflow uses actions that are not certified by GitHub.
|
||||
# They are provided by a third-party and are governed by
|
||||
|
@ -11,7 +11,7 @@ name: Docker build and publish
|
|||
|
||||
on:
|
||||
schedule:
|
||||
- cron: '32 18 * * *'
|
||||
- cron: '26 12 * * *'
|
||||
push:
|
||||
branches: [ "main" ]
|
||||
# Publish semver tags as releases.
|
||||
|
@ -26,9 +26,6 @@ env:
|
|||
IMAGE_NAME: ${{ github.repository }}
|
||||
|
||||
|
||||
permissions:
|
||||
contents: read
|
||||
|
||||
jobs:
|
||||
build:
|
||||
|
||||
|
@ -41,31 +38,28 @@ jobs:
|
|||
id-token: write
|
||||
|
||||
steps:
|
||||
- name: Harden Runner
|
||||
uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0
|
||||
with:
|
||||
egress-policy: audit
|
||||
|
||||
- name: Checkout repository
|
||||
uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2
|
||||
uses: actions/checkout@v3
|
||||
|
||||
# Install the cosign tool except on PR
|
||||
# https://github.com/sigstore/cosign-installer
|
||||
- name: Install cosign
|
||||
if: github.event_name != 'pull_request'
|
||||
uses: sigstore/cosign-installer@e1523de7571e31dbe865fd2e80c5c7c23ae71eb4 #v3.4.0
|
||||
uses: sigstore/cosign-installer@6e04d228eb30da1757ee4e1dd75a0ec73a653e06 #v3.1.1
|
||||
with:
|
||||
cosign-release: 'v2.1.1'
|
||||
|
||||
# Set up BuildKit Docker container builder to be able to build
|
||||
# multi-platform images and export cache
|
||||
# https://github.com/docker/setup-buildx-action
|
||||
- name: Set up Docker Buildx
|
||||
uses: docker/setup-buildx-action@2b51285047da1547ffb1b2203d8be4c0af6b1f20 # v3.2.0
|
||||
uses: docker/setup-buildx-action@f95db51fddba0c2d1ec667646a06c2ce06100226 # v3.0.0
|
||||
|
||||
# Login against a Docker registry except on PR
|
||||
# https://github.com/docker/login-action
|
||||
- name: Log into registry ${{ env.REGISTRY }}
|
||||
if: github.event_name != 'pull_request'
|
||||
uses: docker/login-action@e92390c5fb421da1463c202d546fed0ec5c39f20 # v3.1.0
|
||||
uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3.0.0
|
||||
with:
|
||||
registry: ${{ env.REGISTRY }}
|
||||
username: ${{ github.actor }}
|
||||
|
@ -75,7 +69,7 @@ jobs:
|
|||
# https://github.com/docker/metadata-action
|
||||
- name: Extract Docker metadata
|
||||
id: meta
|
||||
uses: docker/metadata-action@8e5442c4ef9f78752691e2d8f8d19755c6f78e81 # v5.5.1
|
||||
uses: docker/metadata-action@96383f45573cb7f253c731d3b3ab81c87ef81934 # v5.0.0
|
||||
with:
|
||||
images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
|
||||
|
||||
|
@ -83,7 +77,7 @@ jobs:
|
|||
# https://github.com/docker/build-push-action
|
||||
- name: Build and push Docker image
|
||||
id: build-and-push
|
||||
uses: docker/build-push-action@2cdde995de11925a030ce8070c3d77a52ffcf1c0 # v5.3.0
|
||||
uses: docker/build-push-action@0565240e2d4ab88bba5387d719585280857ece09 # v5.0.0
|
||||
with:
|
||||
context: .
|
||||
push: ${{ github.event_name != 'pull_request' }}
|
||||
|
|
11
.github/workflows/golangci-lint.yml
vendored
11
.github/workflows/golangci-lint.yml
vendored
|
@ -19,17 +19,12 @@ jobs:
|
|||
name: lint
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- name: Harden Runner
|
||||
uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0
|
||||
with:
|
||||
egress-policy: audit
|
||||
|
||||
- uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0
|
||||
- uses: actions/setup-go@v3
|
||||
with:
|
||||
go-version: '1.21'
|
||||
- uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2
|
||||
- uses: actions/checkout@v3
|
||||
- name: golangci-lint
|
||||
uses: golangci/golangci-lint-action@3cfe3a4abbb849e10058ce4af15d205b6da42804 # v4.0.0
|
||||
uses: golangci/golangci-lint-action@v3
|
||||
with:
|
||||
# Optional: version of golangci-lint to use in form of v1.2 or v1.2.3 or `latest` to use the latest version
|
||||
version: latest
|
||||
|
|
9
.github/workflows/reuse.yml
vendored
9
.github/workflows/reuse.yml
vendored
|
@ -10,11 +10,6 @@ jobs:
|
|||
test:
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- name: Harden Runner
|
||||
uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0
|
||||
with:
|
||||
egress-policy: audit
|
||||
|
||||
- uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2
|
||||
- uses: actions/checkout@v2
|
||||
- name: REUSE Compliance Check
|
||||
uses: fsfe/reuse-action@a46482ca367aef4454a87620aa37c2be4b2f8106 # v3.0.0
|
||||
uses: fsfe/reuse-action@v1
|
||||
|
|
81
.github/workflows/scorecards.yml
vendored
81
.github/workflows/scorecards.yml
vendored
|
@ -1,81 +0,0 @@
|
|||
# SPDX-FileCopyrightText: 2022 Winni Neessen <winni@neessen.dev>
|
||||
#
|
||||
# SPDX-License-Identifier: CC0-1.0
|
||||
|
||||
# This workflow uses actions that are not certified by GitHub. They are provided
|
||||
# by a third-party and are governed by separate terms of service, privacy
|
||||
# policy, and support documentation.
|
||||
|
||||
name: Scorecard supply-chain security
|
||||
on:
|
||||
# For Branch-Protection check. Only the default branch is supported. See
|
||||
# https://github.com/ossf/scorecard/blob/main/docs/checks.md#branch-protection
|
||||
branch_protection_rule:
|
||||
# To guarantee Maintained check is occasionally updated. See
|
||||
# https://github.com/ossf/scorecard/blob/main/docs/checks.md#maintained
|
||||
schedule:
|
||||
- cron: '34 15 * * 4'
|
||||
push:
|
||||
branches: [ "main" ]
|
||||
|
||||
# Declare default permissions as read only.
|
||||
permissions: read-all
|
||||
|
||||
jobs:
|
||||
analysis:
|
||||
name: Scorecard analysis
|
||||
runs-on: ubuntu-latest
|
||||
permissions:
|
||||
# Needed to upload the results to code-scanning dashboard.
|
||||
security-events: write
|
||||
# Needed to publish results and get a badge (see publish_results below).
|
||||
id-token: write
|
||||
# Uncomment the permissions below if installing in a private repository.
|
||||
# contents: read
|
||||
# actions: read
|
||||
|
||||
steps:
|
||||
- name: Harden Runner
|
||||
uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0
|
||||
with:
|
||||
egress-policy: audit
|
||||
|
||||
- name: "Checkout code"
|
||||
uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2
|
||||
with:
|
||||
persist-credentials: false
|
||||
|
||||
- name: "Run analysis"
|
||||
uses: ossf/scorecard-action@0864cf19026789058feabb7e87baa5f140aac736 # v2.3.1
|
||||
with:
|
||||
results_file: results.sarif
|
||||
results_format: sarif
|
||||
# (Optional) "write" PAT token. Uncomment the `repo_token` line below if:
|
||||
# - you want to enable the Branch-Protection check on a *public* repository, or
|
||||
# - you are installing Scorecard on a *private* repository
|
||||
# To create the PAT, follow the steps in https://github.com/ossf/scorecard-action#authentication-with-pat.
|
||||
# repo_token: ${{ secrets.SCORECARD_TOKEN }}
|
||||
|
||||
# Public repositories:
|
||||
# - Publish results to OpenSSF REST API for easy access by consumers
|
||||
# - Allows the repository to include the Scorecard badge.
|
||||
# - See https://github.com/ossf/scorecard-action#publishing-results.
|
||||
# For private repositories:
|
||||
# - `publish_results` will always be set to `false`, regardless
|
||||
# of the value entered here.
|
||||
publish_results: true
|
||||
|
||||
# Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF
|
||||
# format to the repository Actions tab.
|
||||
- name: "Upload artifact"
|
||||
uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1
|
||||
with:
|
||||
name: SARIF file
|
||||
path: results.sarif
|
||||
retention-days: 5
|
||||
|
||||
# Upload the results to GitHub's code scanning dashboard.
|
||||
- name: "Upload to code-scanning"
|
||||
uses: github/codeql-action/upload-sarif@05963f47d870e2cb19a537396c1f668a348c7d8f # v3.24.8
|
||||
with:
|
||||
sarif_file: results.sarif
|
12
.github/workflows/sonarqube.yml
vendored
12
.github/workflows/sonarqube.yml
vendored
|
@ -9,24 +9,16 @@ on:
|
|||
branches:
|
||||
- main
|
||||
|
||||
permissions:
|
||||
contents: read
|
||||
|
||||
jobs:
|
||||
build:
|
||||
name: Build
|
||||
runs-on: ubuntu-latest
|
||||
permissions: read-all
|
||||
steps:
|
||||
- name: Harden Runner
|
||||
uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0
|
||||
with:
|
||||
egress-policy: audit
|
||||
|
||||
- uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2
|
||||
- uses: actions/checkout@v2
|
||||
with:
|
||||
fetch-depth: 0 # Shallow clones should be disabled for a better relevancy of analysis
|
||||
- uses: sonarsource/sonarqube-scan-action@9ad16418d1dd6d28912bc0047ee387e90181ce1c # master
|
||||
- uses: sonarsource/sonarqube-scan-action@master
|
||||
env:
|
||||
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
|
||||
SONAR_HOST_URL: ${{ secrets.SONAR_HOST_URL }}
|
||||
|
|
|
@ -3,7 +3,7 @@
|
|||
# SPDX-License-Identifier: MIT
|
||||
|
||||
## Build first
|
||||
FROM golang:alpine@sha256:0466223b8544fb7d4ff04748acc4d75a608234bf4e79563bff208d2060c0dd79 AS builder
|
||||
FROM golang:alpine AS builder
|
||||
RUN mkdir /builddithur
|
||||
ADD cmd/ /builddir/cmd/
|
||||
ADD template/ /builddir/template
|
||||
|
|
|
@ -1,121 +0,0 @@
|
|||
Creative Commons Legal Code
|
||||
|
||||
CC0 1.0 Universal
|
||||
|
||||
CREATIVE COMMONS CORPORATION IS NOT A LAW FIRM AND DOES NOT PROVIDE
|
||||
LEGAL SERVICES. DISTRIBUTION OF THIS DOCUMENT DOES NOT CREATE AN
|
||||
ATTORNEY-CLIENT RELATIONSHIP. CREATIVE COMMONS PROVIDES THIS
|
||||
INFORMATION ON AN "AS-IS" BASIS. CREATIVE COMMONS MAKES NO WARRANTIES
|
||||
REGARDING THE USE OF THIS DOCUMENT OR THE INFORMATION OR WORKS
|
||||
PROVIDED HEREUNDER, AND DISCLAIMS LIABILITY FOR DAMAGES RESULTING FROM
|
||||
THE USE OF THIS DOCUMENT OR THE INFORMATION OR WORKS PROVIDED
|
||||
HEREUNDER.
|
||||
|
||||
Statement of Purpose
|
||||
|
||||
The laws of most jurisdictions throughout the world automatically confer
|
||||
exclusive Copyright and Related Rights (defined below) upon the creator
|
||||
and subsequent owner(s) (each and all, an "owner") of an original work of
|
||||
authorship and/or a database (each, a "Work").
|
||||
|
||||
Certain owners wish to permanently relinquish those rights to a Work for
|
||||
the purpose of contributing to a commons of creative, cultural and
|
||||
scientific works ("Commons") that the public can reliably and without fear
|
||||
of later claims of infringement build upon, modify, incorporate in other
|
||||
works, reuse and redistribute as freely as possible in any form whatsoever
|
||||
and for any purposes, including without limitation commercial purposes.
|
||||
These owners may contribute to the Commons to promote the ideal of a free
|
||||
culture and the further production of creative, cultural and scientific
|
||||
works, or to gain reputation or greater distribution for their Work in
|
||||
part through the use and efforts of others.
|
||||
|
||||
For these and/or other purposes and motivations, and without any
|
||||
expectation of additional consideration or compensation, the person
|
||||
associating CC0 with a Work (the "Affirmer"), to the extent that he or she
|
||||
is an owner of Copyright and Related Rights in the Work, voluntarily
|
||||
elects to apply CC0 to the Work and publicly distribute the Work under its
|
||||
terms, with knowledge of his or her Copyright and Related Rights in the
|
||||
Work and the meaning and intended legal effect of CC0 on those rights.
|
||||
|
||||
1. Copyright and Related Rights. A Work made available under CC0 may be
|
||||
protected by copyright and related or neighboring rights ("Copyright and
|
||||
Related Rights"). Copyright and Related Rights include, but are not
|
||||
limited to, the following:
|
||||
|
||||
i. the right to reproduce, adapt, distribute, perform, display,
|
||||
communicate, and translate a Work;
|
||||
ii. moral rights retained by the original author(s) and/or performer(s);
|
||||
iii. publicity and privacy rights pertaining to a person's image or
|
||||
likeness depicted in a Work;
|
||||
iv. rights protecting against unfair competition in regards to a Work,
|
||||
subject to the limitations in paragraph 4(a), below;
|
||||
v. rights protecting the extraction, dissemination, use and reuse of data
|
||||
in a Work;
|
||||
vi. database rights (such as those arising under Directive 96/9/EC of the
|
||||
European Parliament and of the Council of 11 March 1996 on the legal
|
||||
protection of databases, and under any national implementation
|
||||
thereof, including any amended or successor version of such
|
||||
directive); and
|
||||
vii. other similar, equivalent or corresponding rights throughout the
|
||||
world based on applicable law or treaty, and any national
|
||||
implementations thereof.
|
||||
|
||||
2. Waiver. To the greatest extent permitted by, but not in contravention
|
||||
of, applicable law, Affirmer hereby overtly, fully, permanently,
|
||||
irrevocably and unconditionally waives, abandons, and surrenders all of
|
||||
Affirmer's Copyright and Related Rights and associated claims and causes
|
||||
of action, whether now known or unknown (including existing as well as
|
||||
future claims and causes of action), in the Work (i) in all territories
|
||||
worldwide, (ii) for the maximum duration provided by applicable law or
|
||||
treaty (including future time extensions), (iii) in any current or future
|
||||
medium and for any number of copies, and (iv) for any purpose whatsoever,
|
||||
including without limitation commercial, advertising or promotional
|
||||
purposes (the "Waiver"). Affirmer makes the Waiver for the benefit of each
|
||||
member of the public at large and to the detriment of Affirmer's heirs and
|
||||
successors, fully intending that such Waiver shall not be subject to
|
||||
revocation, rescission, cancellation, termination, or any other legal or
|
||||
equitable action to disrupt the quiet enjoyment of the Work by the public
|
||||
as contemplated by Affirmer's express Statement of Purpose.
|
||||
|
||||
3. Public License Fallback. Should any part of the Waiver for any reason
|
||||
be judged legally invalid or ineffective under applicable law, then the
|
||||
Waiver shall be preserved to the maximum extent permitted taking into
|
||||
account Affirmer's express Statement of Purpose. In addition, to the
|
||||
extent the Waiver is so judged Affirmer hereby grants to each affected
|
||||
person a royalty-free, non transferable, non sublicensable, non exclusive,
|
||||
irrevocable and unconditional license to exercise Affirmer's Copyright and
|
||||
Related Rights in the Work (i) in all territories worldwide, (ii) for the
|
||||
maximum duration provided by applicable law or treaty (including future
|
||||
time extensions), (iii) in any current or future medium and for any number
|
||||
of copies, and (iv) for any purpose whatsoever, including without
|
||||
limitation commercial, advertising or promotional purposes (the
|
||||
"License"). The License shall be deemed effective as of the date CC0 was
|
||||
applied by Affirmer to the Work. Should any part of the License for any
|
||||
reason be judged legally invalid or ineffective under applicable law, such
|
||||
partial invalidity or ineffectiveness shall not invalidate the remainder
|
||||
of the License, and in such case Affirmer hereby affirms that he or she
|
||||
will not (i) exercise any of his or her remaining Copyright and Related
|
||||
Rights in the Work or (ii) assert any associated claims and causes of
|
||||
action with respect to the Work, in either case contrary to Affirmer's
|
||||
express Statement of Purpose.
|
||||
|
||||
4. Limitations and Disclaimers.
|
||||
|
||||
a. No trademark or patent rights held by Affirmer are waived, abandoned,
|
||||
surrendered, licensed or otherwise affected by this document.
|
||||
b. Affirmer offers the Work as-is and makes no representations or
|
||||
warranties of any kind concerning the Work, express, implied,
|
||||
statutory or otherwise, including without limitation warranties of
|
||||
title, merchantability, fitness for a particular purpose, non
|
||||
infringement, or the absence of latent or other defects, accuracy, or
|
||||
the present or absence of errors, whether or not discoverable, all to
|
||||
the greatest extent permissible under applicable law.
|
||||
c. Affirmer disclaims responsibility for clearing rights of other persons
|
||||
that may apply to the Work or any use thereof, including without
|
||||
limitation any person's Copyright and Related Rights in the Work.
|
||||
Further, Affirmer disclaims responsibility for obtaining any necessary
|
||||
consents, permissions or other rights required for any use of the
|
||||
Work.
|
||||
d. Affirmer understands and acknowledges that Creative Commons is not a
|
||||
party to this document and has no duty or obligation with respect to
|
||||
this CC0 or use of the Work.
|
38
SECURITY.md
38
SECURITY.md
|
@ -1,38 +0,0 @@
|
|||
<!--
|
||||
SPDX-FileCopyrightText: 2021-2024 Winni Neessen <wn@neessen.dev>
|
||||
|
||||
SPDX-License-Identifier: CC0-1.0
|
||||
-->
|
||||
|
||||
# Security Policy
|
||||
|
||||
## Reporting a Vulnerability
|
||||
|
||||
To report (possible) security issues in logranger, please either send a mail to
|
||||
[security@neessen.dev](mailto:security@neessen.dev) or use Github's
|
||||
[private reporting feature](https://github.com/wneessen/logranger/security/advisories/new).
|
||||
Reports are always welcome. Even if you are not 100% certain that a specific issue you found
|
||||
counts as a security issue, we'd love to hear the details, so we can figure out together if
|
||||
the issue in question needds to be addressed.
|
||||
|
||||
Typically, you will receive an answer within a day or even within a few hours.
|
||||
|
||||
## Encryption
|
||||
You can send OpenPGP/GPG encrpyted mails to the [security@neessen.dev](mailto:security@neessen.dev) address.
|
||||
|
||||
OpenPGP/GPG public key:
|
||||
```
|
||||
-----BEGIN PGP PUBLIC KEY BLOCK-----
|
||||
xjMEZfdSjxYJKwYBBAHaRw8BAQdA8YoxV0iaLJxVUkBlpC+FQyOiCvWPcnnk
|
||||
O8rsfRHT22bNK3NlY3VyaXR5QG5lZXNzZW4uZGV2IDxzZWN1cml0eUBuZWVz
|
||||
c2VuLmRldj7CjAQQFgoAPgWCZfdSjwQLCQcICZAajWCli0ncDgMVCAoEFgAC
|
||||
AQIZAQKbAwIeARYhBB6X6h8oUi9vvjcMFxqNYKWLSdwOAACHrQEAmfT2HNXF
|
||||
x1W0z6E6PiuoHDU6DzZ1MC6TZkFfFoC3jJ0BAJZdZnf6xFkVtEAbxNIVpIkI
|
||||
zjVxgI7gefYDXbqzQx4PzjgEZfdSjxIKKwYBBAGXVQEFAQEHQBdOGYxMLrCy
|
||||
+kypzTe9jgaEOjob2VVsZ2UV2K9MGKYYAwEIB8J4BBgWCgAqBYJl91KPCZAa
|
||||
jWCli0ncDgKbDBYhBB6X6h8oUi9vvjcMFxqNYKWLSdwOAABIFAEA3YglATpF
|
||||
YrJxatxHb+yI6WdhhJTA2TaF2bxBl10d/xEA/R5CKbMe3kj647gjiQ1YXQUh
|
||||
dM5AKh9kcJn6FPLEoKEM
|
||||
=nm5C
|
||||
-----END PGP PUBLIC KEY BLOCK-----
|
||||
```
|
|
@ -20,49 +20,49 @@ const (
|
|||
)
|
||||
|
||||
func main() {
|
||||
logger := slog.New(slog.NewJSONHandler(os.Stdout, nil)).With(slog.String("context", "logranger"))
|
||||
confPath := "logranger.toml"
|
||||
confPathEnv := os.Getenv("LOGRANGER_CONFIG")
|
||||
if confPathEnv != "" {
|
||||
confPath = confPathEnv
|
||||
l := slog.New(slog.NewJSONHandler(os.Stdout, nil)).With(slog.String("context", "logranger"))
|
||||
cp := "logranger.toml"
|
||||
cpe := os.Getenv("LOGRANGER_CONFIG")
|
||||
if cpe != "" {
|
||||
cp = cpe
|
||||
}
|
||||
|
||||
path := filepath.Dir(confPath)
|
||||
file := filepath.Base(confPath)
|
||||
config, err := logranger.NewConfig(path, file)
|
||||
p := filepath.Dir(cp)
|
||||
f := filepath.Base(cp)
|
||||
c, err := logranger.NewConfig(p, f)
|
||||
if err != nil {
|
||||
logger.Error("failed to read/parse config", LogErrKey, err)
|
||||
l.Error("failed to read/parse config", LogErrKey, err)
|
||||
os.Exit(1)
|
||||
}
|
||||
|
||||
server, err := logranger.New(config)
|
||||
s, err := logranger.New(c)
|
||||
if err != nil {
|
||||
logger.Error("failed to create new server", LogErrKey, err)
|
||||
l.Error("failed to create new server", LogErrKey, err)
|
||||
os.Exit(1)
|
||||
}
|
||||
|
||||
go func() {
|
||||
if err = server.Run(); err != nil {
|
||||
logger.Error("failed to start logranger", LogErrKey, err)
|
||||
if err = s.Run(); err != nil {
|
||||
l.Error("failed to start logranger", LogErrKey, err)
|
||||
os.Exit(1)
|
||||
}
|
||||
}()
|
||||
|
||||
signalChan := make(chan os.Signal, 1)
|
||||
signal.Notify(signalChan)
|
||||
for recvSig := range signalChan {
|
||||
if recvSig == syscall.SIGKILL || recvSig == syscall.SIGABRT || recvSig == syscall.SIGINT || recvSig == syscall.SIGTERM {
|
||||
logger.Warn("received signal. shutting down server", slog.String("signal", recvSig.String()))
|
||||
// server.Stop()
|
||||
logger.Info("server gracefully shut down")
|
||||
sc := make(chan os.Signal, 1)
|
||||
signal.Notify(sc)
|
||||
for rc := range sc {
|
||||
if rc == syscall.SIGKILL || rc == syscall.SIGABRT || rc == syscall.SIGINT || rc == syscall.SIGTERM {
|
||||
l.Warn("received signal. shutting down server", slog.String("signal", rc.String()))
|
||||
// s.Stop()
|
||||
l.Info("server gracefully shut down")
|
||||
os.Exit(0)
|
||||
}
|
||||
if recvSig == syscall.SIGHUP {
|
||||
logger.Info(`received signal`,
|
||||
if rc == syscall.SIGHUP {
|
||||
l.Info(`received signal`,
|
||||
slog.String("signal", "SIGHUP"),
|
||||
slog.String("action", "reloading config/ruleset"))
|
||||
if err = server.ReloadConfig(path, file); err != nil {
|
||||
logger.Error("failed to reload config", LogErrKey, err)
|
||||
if err = s.ReloadConfig(p, f); err != nil {
|
||||
l.Error("failed to reload config", LogErrKey, err)
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
24
config.go
24
config.go
|
@ -56,25 +56,25 @@ type Config struct {
|
|||
// configuration values. It takes in the file path and file name of the configuration
|
||||
// file as parameters. It returns a pointer to the Config object and an error if
|
||||
// there was a problem reading or loading the configuration.
|
||||
func NewConfig(path, file string) (*Config, error) {
|
||||
config := Config{}
|
||||
_, err := os.Stat(fmt.Sprintf("%s/%s", path, file))
|
||||
func NewConfig(p, f string) (*Config, error) {
|
||||
co := Config{}
|
||||
_, err := os.Stat(fmt.Sprintf("%s/%s", p, f))
|
||||
if err != nil {
|
||||
return &config, fmt.Errorf("failed to read config: %w", err)
|
||||
return &co, fmt.Errorf("failed to read config: %w", err)
|
||||
}
|
||||
|
||||
if err := fig.Load(&config, fig.Dirs(path), fig.File(file), fig.UseEnv("logranger")); err != nil {
|
||||
return &config, fmt.Errorf("failed to load config: %w", err)
|
||||
if err := fig.Load(&co, fig.Dirs(p), fig.File(f), fig.UseEnv("logranger")); err != nil {
|
||||
return &co, fmt.Errorf("failed to load config: %w", err)
|
||||
}
|
||||
|
||||
switch {
|
||||
case strings.EqualFold(config.Parser.Type, "rfc3164"):
|
||||
config.internal.ParserType = rfc3164.Type
|
||||
case strings.EqualFold(config.Parser.Type, "rfc5424"):
|
||||
config.internal.ParserType = rfc5424.Type
|
||||
case strings.EqualFold(co.Parser.Type, "rfc3164"):
|
||||
co.internal.ParserType = rfc3164.Type
|
||||
case strings.EqualFold(co.Parser.Type, "rfc5424"):
|
||||
co.internal.ParserType = rfc5424.Type
|
||||
default:
|
||||
return nil, fmt.Errorf("unknown parser type: %s", config.Parser.Type)
|
||||
return nil, fmt.Errorf("unknown parser type: %s", co.Parser.Type)
|
||||
}
|
||||
|
||||
return &config, nil
|
||||
return &co, nil
|
||||
}
|
||||
|
|
|
@ -22,14 +22,14 @@ type Connection struct {
|
|||
// NewConnection creates a new Connection object with the provided net.Conn.
|
||||
// The Connection object holds a reference to the provided net.Conn, along with an ID string,
|
||||
// bufio.Reader, and bufio.Writer. It returns a pointer to the created Connection object.
|
||||
func NewConnection(netConn net.Conn) *Connection {
|
||||
connection := &Connection{
|
||||
conn: netConn,
|
||||
func NewConnection(nc net.Conn) *Connection {
|
||||
c := &Connection{
|
||||
conn: nc,
|
||||
id: NewConnectionID(),
|
||||
rb: bufio.NewReader(netConn),
|
||||
wb: bufio.NewWriter(netConn),
|
||||
rb: bufio.NewReader(nc),
|
||||
wb: bufio.NewWriter(nc),
|
||||
}
|
||||
return connection
|
||||
return c
|
||||
}
|
||||
|
||||
// NewConnectionID generates a new unique message ID using a random number generator
|
||||
|
|
39
listener.go
39
listener.go
|
@ -26,43 +26,42 @@ const (
|
|||
// NewListener initializes and returns a net.Listener based on the provided
|
||||
// configuration. It takes a pointer to a Config struct as a parameter.
|
||||
// Returns the net.Listener and an error if any occurred during initialization.
|
||||
func NewListener(config *Config) (net.Listener, error) {
|
||||
var listener net.Listener
|
||||
var listenerErr error
|
||||
switch config.Listener.Type {
|
||||
func NewListener(c *Config) (net.Listener, error) {
|
||||
var l net.Listener
|
||||
var lerr error
|
||||
switch c.Listener.Type {
|
||||
case ListenerUnix:
|
||||
resolveUnixAddr, err := net.ResolveUnixAddr("unix", config.Listener.ListenerUnix.Path)
|
||||
rua, err := net.ResolveUnixAddr("unix", c.Listener.ListenerUnix.Path)
|
||||
if err != nil {
|
||||
return nil, fmt.Errorf("failed to resolve UNIX listener socket: %w", err)
|
||||
}
|
||||
listener, listenerErr = net.Listen("unix", resolveUnixAddr.String())
|
||||
l, lerr = net.Listen("unix", rua.String())
|
||||
case ListenerTCP:
|
||||
listenAddr := net.JoinHostPort(config.Listener.ListenerTCP.Addr,
|
||||
fmt.Sprintf("%d", config.Listener.ListenerTCP.Port))
|
||||
listener, listenerErr = net.Listen("tcp", listenAddr)
|
||||
la := net.JoinHostPort(c.Listener.ListenerTCP.Addr, fmt.Sprintf("%d", c.Listener.ListenerTCP.Port))
|
||||
l, lerr = net.Listen("tcp", la)
|
||||
case ListenerTLS:
|
||||
if config.Listener.ListenerTLS.CertPath == "" || config.Listener.ListenerTLS.KeyPath == "" {
|
||||
if c.Listener.ListenerTLS.CertPath == "" || c.Listener.ListenerTLS.KeyPath == "" {
|
||||
return nil, ErrCertConfigEmpty
|
||||
}
|
||||
cert, err := tls.LoadX509KeyPair(config.Listener.ListenerTLS.CertPath, config.Listener.ListenerTLS.KeyPath)
|
||||
ce, err := tls.LoadX509KeyPair(c.Listener.ListenerTLS.CertPath, c.Listener.ListenerTLS.KeyPath)
|
||||
if err != nil {
|
||||
return nil, fmt.Errorf("failed to load X509 certificate: %w", err)
|
||||
}
|
||||
listenAddr := net.JoinHostPort(config.Listener.ListenerTLS.Addr, fmt.Sprintf("%d", config.Listener.ListenerTLS.Port))
|
||||
listenConf := &tls.Config{Certificates: []tls.Certificate{cert}}
|
||||
listener, listenerErr = tls.Listen("tcp", listenAddr, listenConf)
|
||||
la := net.JoinHostPort(c.Listener.ListenerTLS.Addr, fmt.Sprintf("%d", c.Listener.ListenerTLS.Port))
|
||||
lc := &tls.Config{Certificates: []tls.Certificate{ce}}
|
||||
l, lerr = tls.Listen("tcp", la, lc)
|
||||
default:
|
||||
return nil, fmt.Errorf("failed to initialize listener: unknown listener type in config")
|
||||
}
|
||||
if listenerErr != nil {
|
||||
return nil, fmt.Errorf("failed to initialize listener: %w", listenerErr)
|
||||
if lerr != nil {
|
||||
return nil, fmt.Errorf("failed to initialize listener: %w", lerr)
|
||||
}
|
||||
return listener, nil
|
||||
return l, nil
|
||||
}
|
||||
|
||||
// UnmarshalString satisfies the fig.StringUnmarshaler interface for the ListenerType type
|
||||
func (l *ListenerType) UnmarshalString(value string) error {
|
||||
switch strings.ToLower(value) {
|
||||
func (l *ListenerType) UnmarshalString(v string) error {
|
||||
switch strings.ToLower(v) {
|
||||
case "unix":
|
||||
*l = ListenerUnix
|
||||
case "tcp":
|
||||
|
@ -70,7 +69,7 @@ func (l *ListenerType) UnmarshalString(value string) error {
|
|||
case "tls":
|
||||
*l = ListenerTLS
|
||||
default:
|
||||
return fmt.Errorf("unknown listener type: %s", value)
|
||||
return fmt.Errorf("unknown listener type: %s", v)
|
||||
}
|
||||
return nil
|
||||
}
|
||||
|
|
|
@ -34,29 +34,29 @@ type File struct {
|
|||
//
|
||||
// If any of the required configuration parameters are missing or invalid, an error
|
||||
// is returned.
|
||||
func (f *File) Config(configMap map[string]any) error {
|
||||
if configMap["file"] == nil {
|
||||
func (f *File) Config(cm map[string]any) error {
|
||||
if cm["file"] == nil {
|
||||
return nil
|
||||
}
|
||||
config, ok := configMap["file"].(map[string]any)
|
||||
c, ok := cm["file"].(map[string]any)
|
||||
if !ok {
|
||||
return fmt.Errorf("missing configuration for file action")
|
||||
}
|
||||
f.Enabled = true
|
||||
|
||||
filePath, ok := config["output_filepath"].(string)
|
||||
if !ok || filePath == "" {
|
||||
fp, ok := c["output_filepath"].(string)
|
||||
if !ok || fp == "" {
|
||||
return fmt.Errorf("no output_filename configured for file action")
|
||||
}
|
||||
f.FilePath = filePath
|
||||
f.FilePath = fp
|
||||
|
||||
outputTpl, ok := config["output_template"].(string)
|
||||
if !ok || outputTpl == "" {
|
||||
ot, ok := c["output_template"].(string)
|
||||
if !ok || ot == "" {
|
||||
return fmt.Errorf("not output_template configured for file action")
|
||||
}
|
||||
f.OutputTemplate = outputTpl
|
||||
f.OutputTemplate = ot
|
||||
|
||||
if hasOverwrite, ok := config["overwrite"].(bool); ok && hasOverwrite {
|
||||
if ow, ok := c["overwrite"].(bool); ok && ow {
|
||||
f.Overwrite = true
|
||||
}
|
||||
|
||||
|
@ -65,34 +65,34 @@ func (f *File) Config(configMap map[string]any) error {
|
|||
|
||||
// Process satisfies the plugins.Action interface for the File type
|
||||
// It takes in the log message (lm), match groups (mg), and configuration map (cm).
|
||||
func (f *File) Process(logMessage parsesyslog.LogMsg, matchGroup []string) error {
|
||||
func (f *File) Process(lm parsesyslog.LogMsg, mg []string) error {
|
||||
if !f.Enabled {
|
||||
return nil
|
||||
}
|
||||
|
||||
openFlags := os.O_APPEND | os.O_CREATE | os.O_WRONLY
|
||||
of := os.O_APPEND | os.O_CREATE | os.O_WRONLY
|
||||
if f.Overwrite {
|
||||
openFlags = os.O_TRUNC | os.O_CREATE | os.O_WRONLY
|
||||
of = os.O_TRUNC | os.O_CREATE | os.O_WRONLY
|
||||
}
|
||||
|
||||
fileHandle, err := os.OpenFile(f.FilePath, openFlags, 0o600)
|
||||
fh, err := os.OpenFile(f.FilePath, of, 0o600)
|
||||
if err != nil {
|
||||
return fmt.Errorf("failed to open file for writing in file action: %w", err)
|
||||
}
|
||||
defer func() {
|
||||
_ = fileHandle.Close()
|
||||
_ = fh.Close()
|
||||
}()
|
||||
|
||||
tpl, err := template.Compile(logMessage, matchGroup, f.OutputTemplate)
|
||||
t, err := template.Compile(lm, mg, f.OutputTemplate)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
_, err = fileHandle.WriteString(tpl)
|
||||
_, err = fh.WriteString(t)
|
||||
if err != nil {
|
||||
return fmt.Errorf("failed to write log message to file %q: %w",
|
||||
f.FilePath, err)
|
||||
}
|
||||
if err = fileHandle.Sync(); err != nil {
|
||||
if err = fh.Sync(); err != nil {
|
||||
return fmt.Errorf("failed to sync memory to file %q: %w",
|
||||
f.FilePath, err)
|
||||
}
|
||||
|
|
30
rule.go
30
rule.go
|
@ -32,28 +32,28 @@ type Rule struct {
|
|||
// existence, and loads the Ruleset using the fig library.
|
||||
// It checks for duplicate rules and returns an error if any duplicates are found.
|
||||
// If all operations are successful, it returns the created Ruleset and no error.
|
||||
func NewRuleset(config *Config) (*Ruleset, error) {
|
||||
ruleset := &Ruleset{}
|
||||
path := filepath.Dir(config.Server.RuleFile)
|
||||
file := filepath.Base(config.Server.RuleFile)
|
||||
_, err := os.Stat(fmt.Sprintf("%s/%s", path, file))
|
||||
func NewRuleset(c *Config) (*Ruleset, error) {
|
||||
rs := &Ruleset{}
|
||||
p := filepath.Dir(c.Server.RuleFile)
|
||||
f := filepath.Base(c.Server.RuleFile)
|
||||
_, err := os.Stat(fmt.Sprintf("%s/%s", p, f))
|
||||
if err != nil {
|
||||
return ruleset, fmt.Errorf("failed to read config: %w", err)
|
||||
return rs, fmt.Errorf("failed to read config: %w", err)
|
||||
}
|
||||
|
||||
if err = fig.Load(ruleset, fig.Dirs(path), fig.File(file), fig.UseStrict()); err != nil {
|
||||
return ruleset, fmt.Errorf("failed to load ruleset: %w", err)
|
||||
if err = fig.Load(rs, fig.Dirs(p), fig.File(f), fig.UseStrict()); err != nil {
|
||||
return rs, fmt.Errorf("failed to load ruleset: %w", err)
|
||||
}
|
||||
|
||||
rules := make([]string, 0)
|
||||
for _, rule := range ruleset.Rule {
|
||||
for _, rulename := range rules {
|
||||
if strings.EqualFold(rule.ID, rulename) {
|
||||
return nil, fmt.Errorf("duplicate rule found: %s", rule.ID)
|
||||
rna := make([]string, 0)
|
||||
for _, r := range rs.Rule {
|
||||
for _, rn := range rna {
|
||||
if strings.EqualFold(r.ID, rn) {
|
||||
return nil, fmt.Errorf("duplicate rule found: %s", r.ID)
|
||||
}
|
||||
}
|
||||
rules = append(rules, rule.ID)
|
||||
rna = append(rna, r.ID)
|
||||
}
|
||||
|
||||
return ruleset, nil
|
||||
return rs, nil
|
||||
}
|
||||
|
|
122
server.go
122
server.go
|
@ -45,62 +45,62 @@ type Server struct {
|
|||
}
|
||||
|
||||
// New creates a new instance of Server based on the provided Config
|
||||
func New(config *Config) (*Server, error) {
|
||||
server := &Server{
|
||||
conf: config,
|
||||
func New(c *Config) (*Server, error) {
|
||||
s := &Server{
|
||||
conf: c,
|
||||
}
|
||||
|
||||
server.setLogLevel()
|
||||
s.setLogLevel()
|
||||
|
||||
if err := server.setRules(); err != nil {
|
||||
return server, err
|
||||
if err := s.setRules(); err != nil {
|
||||
return s, err
|
||||
}
|
||||
|
||||
parser, err := parsesyslog.New(server.conf.internal.ParserType)
|
||||
p, err := parsesyslog.New(s.conf.internal.ParserType)
|
||||
if err != nil {
|
||||
return server, fmt.Errorf("failed to initialize syslog parser: %w", err)
|
||||
return s, fmt.Errorf("failed to initialize syslog parser: %w", err)
|
||||
}
|
||||
server.parser = parser
|
||||
s.parser = p
|
||||
|
||||
if len(actions.Actions) <= 0 {
|
||||
return server, fmt.Errorf("no action plugins found/configured")
|
||||
return s, fmt.Errorf("no action plugins found/configured")
|
||||
}
|
||||
|
||||
return server, nil
|
||||
return s, nil
|
||||
}
|
||||
|
||||
// Run starts the logranger Server by creating a new listener using the NewListener
|
||||
// method and calling RunWithListener with the obtained listener.
|
||||
func (s *Server) Run() error {
|
||||
listener, err := NewListener(s.conf)
|
||||
l, err := NewListener(s.conf)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
return s.RunWithListener(listener)
|
||||
return s.RunWithListener(l)
|
||||
}
|
||||
|
||||
// RunWithListener sets the listener for the server and performs some additional
|
||||
// tasks for initializing the server. It creates a PID file, writes the process ID
|
||||
// to the file, and listens for connections. It returns an error if any of the
|
||||
// initialization steps fail.
|
||||
func (s *Server) RunWithListener(listener net.Listener) error {
|
||||
s.listener = listener
|
||||
func (s *Server) RunWithListener(l net.Listener) error {
|
||||
s.listener = l
|
||||
|
||||
// Create PID file
|
||||
pidFile, err := os.Create(s.conf.Server.PIDFile)
|
||||
pf, err := os.Create(s.conf.Server.PIDFile)
|
||||
if err != nil {
|
||||
s.log.Error("failed to create PID file", LogErrKey, err)
|
||||
os.Exit(1)
|
||||
}
|
||||
pid := os.Getpid()
|
||||
s.log.Debug("creating PID file", slog.String("pid_file", pidFile.Name()),
|
||||
s.log.Debug("creating PID file", slog.String("pid_file", pf.Name()),
|
||||
slog.Int("pid", pid))
|
||||
_, err = pidFile.WriteString(fmt.Sprintf("%d", pid))
|
||||
_, err = pf.WriteString(fmt.Sprintf("%d", pid))
|
||||
if err != nil {
|
||||
s.log.Error("failed to write PID to PID file", LogErrKey, err)
|
||||
_ = pidFile.Close()
|
||||
_ = pf.Close()
|
||||
}
|
||||
if err = pidFile.Close(); err != nil {
|
||||
if err = pf.Close(); err != nil {
|
||||
s.log.Error("failed to close PID file", LogErrKey, err)
|
||||
}
|
||||
|
||||
|
@ -116,47 +116,47 @@ func (s *Server) Listen() {
|
|||
defer s.wg.Done()
|
||||
s.log.Info("listening for new connections", slog.String("listen_addr", s.listener.Addr().String()))
|
||||
for {
|
||||
acceptConn, err := s.listener.Accept()
|
||||
c, err := s.listener.Accept()
|
||||
if err != nil {
|
||||
s.log.Error("failed to accept new connection", LogErrKey, err)
|
||||
continue
|
||||
}
|
||||
s.log.Debug("accepted new connection",
|
||||
slog.String("remote_addr", acceptConn.RemoteAddr().String()))
|
||||
connection := NewConnection(acceptConn)
|
||||
slog.String("remote_addr", c.RemoteAddr().String()))
|
||||
conn := NewConnection(c)
|
||||
s.wg.Add(1)
|
||||
go func(co *Connection) {
|
||||
s.HandleConnection(co)
|
||||
s.wg.Done()
|
||||
}(connection)
|
||||
}(conn)
|
||||
}
|
||||
}
|
||||
|
||||
// HandleConnection handles a single connection by parsing and processing log messages.
|
||||
// It logs debug information about the connection and measures the processing time.
|
||||
// It closes the connection when done, and logs any error encountered during the process.
|
||||
func (s *Server) HandleConnection(connection *Connection) {
|
||||
func (s *Server) HandleConnection(c *Connection) {
|
||||
defer func() {
|
||||
if err := connection.conn.Close(); err != nil {
|
||||
if err := c.conn.Close(); err != nil {
|
||||
s.log.Error("failed to close connection", LogErrKey, err)
|
||||
}
|
||||
}()
|
||||
|
||||
ReadLoop:
|
||||
for {
|
||||
if err := connection.conn.SetDeadline(time.Now().Add(s.conf.Parser.Timeout)); err != nil {
|
||||
if err := c.conn.SetDeadline(time.Now().Add(s.conf.Parser.Timeout)); err != nil {
|
||||
s.log.Error("failed to set processing deadline", LogErrKey, err,
|
||||
slog.Duration("timeout", s.conf.Parser.Timeout))
|
||||
return
|
||||
}
|
||||
logMessage, err := s.parser.ParseReader(connection.rb)
|
||||
lm, err := s.parser.ParseReader(c.rb)
|
||||
if err != nil {
|
||||
var netErr *net.OpError
|
||||
var ne *net.OpError
|
||||
switch {
|
||||
case errors.As(err, &netErr):
|
||||
case errors.As(err, &ne):
|
||||
if s.conf.Log.Extended {
|
||||
s.log.Error("network error while processing message", LogErrKey,
|
||||
netErr.Error())
|
||||
ne.Error())
|
||||
}
|
||||
return
|
||||
case errors.Is(err, io.EOF):
|
||||
|
@ -172,7 +172,7 @@ ReadLoop:
|
|||
}
|
||||
}
|
||||
s.wg.Add(1)
|
||||
go s.processMessage(logMessage)
|
||||
go s.processMessage(lm)
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -182,36 +182,36 @@ ReadLoop:
|
|||
// The method first checks if the ruleset is not nil. If it is nil, no actions will be
|
||||
// executed. For each rule in the ruleset, it checks if the log message matches the
|
||||
// rule's regular expression.
|
||||
func (s *Server) processMessage(logMessage parsesyslog.LogMsg) {
|
||||
func (s *Server) processMessage(lm parsesyslog.LogMsg) {
|
||||
defer s.wg.Done()
|
||||
if s.ruleset != nil {
|
||||
for _, rule := range s.ruleset.Rule {
|
||||
if !rule.Regexp.MatchString(logMessage.Message.String()) {
|
||||
for _, r := range s.ruleset.Rule {
|
||||
if !r.Regexp.MatchString(lm.Message.String()) {
|
||||
continue
|
||||
}
|
||||
if rule.HostMatch != nil && !rule.HostMatch.MatchString(logMessage.Hostname) {
|
||||
if r.HostMatch != nil && !r.HostMatch.MatchString(lm.Hostname) {
|
||||
continue
|
||||
}
|
||||
matchGroup := rule.Regexp.FindStringSubmatch(logMessage.Message.String())
|
||||
for name, action := range actions.Actions {
|
||||
startTime := time.Now()
|
||||
if err := action.Config(rule.Actions); err != nil {
|
||||
mg := r.Regexp.FindStringSubmatch(lm.Message.String())
|
||||
for n, a := range actions.Actions {
|
||||
bt := time.Now()
|
||||
if err := a.Config(r.Actions); err != nil {
|
||||
s.log.Error("failed to config action", LogErrKey, err,
|
||||
slog.String("action", name), slog.String("rule_id", rule.ID))
|
||||
slog.String("action", n), slog.String("rule_id", r.ID))
|
||||
continue
|
||||
}
|
||||
s.log.Debug("log message matches rule, executing action",
|
||||
slog.String("action", name), slog.String("rule_id", rule.ID))
|
||||
if err := action.Process(logMessage, matchGroup); err != nil {
|
||||
slog.String("action", n), slog.String("rule_id", r.ID))
|
||||
if err := a.Process(lm, mg); err != nil {
|
||||
s.log.Error("failed to process action", LogErrKey, err,
|
||||
slog.String("action", name), slog.String("rule_id", rule.ID))
|
||||
slog.String("action", n), slog.String("rule_id", r.ID))
|
||||
}
|
||||
if s.conf.Log.Extended {
|
||||
procTime := time.Since(startTime)
|
||||
pt := time.Since(bt)
|
||||
s.log.Debug("action processing benchmark",
|
||||
slog.Duration("processing_time", procTime),
|
||||
slog.String("processing_time_human", procTime.String()),
|
||||
slog.String("action", name), slog.String("rule_id", rule.ID))
|
||||
slog.Duration("processing_time", pt),
|
||||
slog.String("processing_time_human", pt.String()),
|
||||
slog.String("action", n), slog.String("rule_id", r.ID))
|
||||
}
|
||||
}
|
||||
}
|
||||
|
@ -226,21 +226,21 @@ func (s *Server) processMessage(logMessage parsesyslog.LogMsg) {
|
|||
// Finally, it creates a new `slog.Logger` with the JSON handler and sets the `s.log` field
|
||||
// of the `Server` struct to the logger, with a context value of "logranger".
|
||||
func (s *Server) setLogLevel() {
|
||||
logOpts := slog.HandlerOptions{}
|
||||
lo := slog.HandlerOptions{}
|
||||
switch strings.ToLower(s.conf.Log.Level) {
|
||||
case "debug":
|
||||
logOpts.Level = slog.LevelDebug
|
||||
lo.Level = slog.LevelDebug
|
||||
case "info":
|
||||
logOpts.Level = slog.LevelInfo
|
||||
lo.Level = slog.LevelInfo
|
||||
case "warn":
|
||||
logOpts.Level = slog.LevelWarn
|
||||
lo.Level = slog.LevelWarn
|
||||
case "error":
|
||||
logOpts.Level = slog.LevelError
|
||||
lo.Level = slog.LevelError
|
||||
default:
|
||||
logOpts.Level = slog.LevelInfo
|
||||
lo.Level = slog.LevelInfo
|
||||
}
|
||||
logHandler := slog.NewJSONHandler(os.Stdout, &logOpts)
|
||||
s.log = slog.New(logHandler).With(slog.String("context", "logranger"))
|
||||
lh := slog.NewJSONHandler(os.Stdout, &lo)
|
||||
s.log = slog.New(lh).With(slog.String("context", "logranger"))
|
||||
}
|
||||
|
||||
// setRules initializes/updates the ruleset for the logranger Server by
|
||||
|
@ -248,11 +248,11 @@ func (s *Server) setLogLevel() {
|
|||
// to the Server's ruleset field.
|
||||
// It returns an error if there is a failure in reading or loading the ruleset.
|
||||
func (s *Server) setRules() error {
|
||||
ruleset, err := NewRuleset(s.conf)
|
||||
rs, err := NewRuleset(s.conf)
|
||||
if err != nil {
|
||||
return fmt.Errorf("failed to read ruleset: %w", err)
|
||||
}
|
||||
s.ruleset = ruleset
|
||||
s.ruleset = rs
|
||||
return nil
|
||||
}
|
||||
|
||||
|
@ -261,12 +261,12 @@ func (s *Server) setRules() error {
|
|||
// It creates a new Config using the NewConfig method and updates the Server's
|
||||
// conf field. It also reloads the configured Ruleset.
|
||||
// If an error occurs while reloading the configuration, an error is returned.
|
||||
func (s *Server) ReloadConfig(path, file string) error {
|
||||
config, err := NewConfig(path, file)
|
||||
func (s *Server) ReloadConfig(p, f string) error {
|
||||
c, err := NewConfig(p, f)
|
||||
if err != nil {
|
||||
return fmt.Errorf("failed to reload config: %w", err)
|
||||
}
|
||||
s.conf = config
|
||||
s.conf = c
|
||||
|
||||
if err := s.setRules(); err != nil {
|
||||
return fmt.Errorf("failed to reload ruleset: %w", err)
|
||||
|
|
|
@ -44,99 +44,99 @@ type FuncMap struct{}
|
|||
// the FuncMap. It then populates a map with values from the LogMsg
|
||||
// and current time and executes the template using the map as the
|
||||
// data source. The compiled template result or an error is returned.
|
||||
func Compile(logMessage parsesyslog.LogMsg, matchGroup []string, outputTpl string) (string, error) {
|
||||
procText := strings.Builder{}
|
||||
funcMap := NewTemplateFuncMap()
|
||||
func Compile(lm parsesyslog.LogMsg, mg []string, ot string) (string, error) {
|
||||
pt := strings.Builder{}
|
||||
fm := NewTemplateFuncMap()
|
||||
|
||||
outputTpl = strings.ReplaceAll(outputTpl, `\n`, "\n")
|
||||
outputTpl = strings.ReplaceAll(outputTpl, `\t`, "\t")
|
||||
outputTpl = strings.ReplaceAll(outputTpl, `\r`, "\r")
|
||||
tpl, err := template.New("template").Funcs(funcMap).Parse(outputTpl)
|
||||
ot = strings.ReplaceAll(ot, `\n`, "\n")
|
||||
ot = strings.ReplaceAll(ot, `\t`, "\t")
|
||||
ot = strings.ReplaceAll(ot, `\r`, "\r")
|
||||
tpl, err := template.New("template").Funcs(fm).Parse(ot)
|
||||
if err != nil {
|
||||
return procText.String(), fmt.Errorf("failed to create template: %w", err)
|
||||
return pt.String(), fmt.Errorf("failed to create template: %w", err)
|
||||
}
|
||||
|
||||
dataMap := make(map[string]any)
|
||||
dataMap["match"] = matchGroup
|
||||
dataMap["hostname"] = logMessage.Hostname
|
||||
dataMap["timestamp"] = logMessage.Timestamp
|
||||
dataMap["now_rfc3339"] = time.Now().Format(time.RFC3339)
|
||||
dataMap["now_unix"] = time.Now().Unix()
|
||||
dataMap["severity"] = logMessage.Severity.String()
|
||||
dataMap["facility"] = logMessage.Facility.String()
|
||||
dataMap["appname"] = logMessage.AppName
|
||||
dataMap["original_message"] = logMessage.Message
|
||||
dm := make(map[string]any)
|
||||
dm["match"] = mg
|
||||
dm["hostname"] = lm.Hostname
|
||||
dm["timestamp"] = lm.Timestamp
|
||||
dm["now_rfc3339"] = time.Now().Format(time.RFC3339)
|
||||
dm["now_unix"] = time.Now().Unix()
|
||||
dm["severity"] = lm.Severity.String()
|
||||
dm["facility"] = lm.Facility.String()
|
||||
dm["appname"] = lm.AppName
|
||||
dm["original_message"] = lm.Message
|
||||
|
||||
if err = tpl.Execute(&procText, dataMap); err != nil {
|
||||
return procText.String(), fmt.Errorf("failed to compile template: %w", err)
|
||||
if err = tpl.Execute(&pt, dm); err != nil {
|
||||
return pt.String(), fmt.Errorf("failed to compile template: %w", err)
|
||||
}
|
||||
return procText.String(), nil
|
||||
return pt.String(), nil
|
||||
}
|
||||
|
||||
// NewTemplateFuncMap creates a new template function map by returning a
|
||||
// template.FuncMap.
|
||||
func NewTemplateFuncMap() template.FuncMap {
|
||||
funcMap := FuncMap{}
|
||||
fm := FuncMap{}
|
||||
return template.FuncMap{
|
||||
"_ToLower": funcMap.ToLower,
|
||||
"_ToUpper": funcMap.ToUpper,
|
||||
"_ToBase64": funcMap.ToBase64,
|
||||
"_ToSHA1": funcMap.ToSHA1,
|
||||
"_ToSHA256": funcMap.ToSHA256,
|
||||
"_ToSHA512": funcMap.ToSHA512,
|
||||
"_ToLower": fm.ToLower,
|
||||
"_ToUpper": fm.ToUpper,
|
||||
"_ToBase64": fm.ToBase64,
|
||||
"_ToSHA1": fm.ToSHA1,
|
||||
"_ToSHA256": fm.ToSHA256,
|
||||
"_ToSHA512": fm.ToSHA512,
|
||||
}
|
||||
}
|
||||
|
||||
// ToLower returns a given string as lower-case representation
|
||||
func (*FuncMap) ToLower(value string) string {
|
||||
return strings.ToLower(value)
|
||||
func (*FuncMap) ToLower(s string) string {
|
||||
return strings.ToLower(s)
|
||||
}
|
||||
|
||||
// ToUpper returns a given string as upper-case representation
|
||||
func (*FuncMap) ToUpper(value string) string {
|
||||
return strings.ToUpper(value)
|
||||
func (*FuncMap) ToUpper(s string) string {
|
||||
return strings.ToUpper(s)
|
||||
}
|
||||
|
||||
// ToBase64 returns the base64 encoding of a given string.
|
||||
func (*FuncMap) ToBase64(value string) string {
|
||||
return base64.RawStdEncoding.EncodeToString([]byte(value))
|
||||
func (*FuncMap) ToBase64(s string) string {
|
||||
return base64.RawStdEncoding.EncodeToString([]byte(s))
|
||||
}
|
||||
|
||||
// ToSHA1 returns the SHA-1 hash of the given string
|
||||
func (*FuncMap) ToSHA1(value string) string {
|
||||
return toSHA(value, SHA1)
|
||||
func (*FuncMap) ToSHA1(s string) string {
|
||||
return toSHA(s, SHA1)
|
||||
}
|
||||
|
||||
// ToSHA256 returns the SHA-256 hash of the given string
|
||||
func (*FuncMap) ToSHA256(value string) string {
|
||||
return toSHA(value, SHA256)
|
||||
func (*FuncMap) ToSHA256(s string) string {
|
||||
return toSHA(s, SHA256)
|
||||
}
|
||||
|
||||
// ToSHA512 returns the SHA-512 hash of the given string
|
||||
func (*FuncMap) ToSHA512(value string) string {
|
||||
return toSHA(value, SHA512)
|
||||
func (*FuncMap) ToSHA512(s string) string {
|
||||
return toSHA(s, SHA512)
|
||||
}
|
||||
|
||||
// toSHA is a function that converts a string to a SHA hash.
|
||||
//
|
||||
// The function takes two parameters: a string 's' and a 'sa' of
|
||||
// type SHAAlgo which defines the SHA algorithm to be used.
|
||||
func toSHA(value string, algo SHAAlgo) string {
|
||||
var dataHash hash.Hash
|
||||
switch algo {
|
||||
func toSHA(s string, sa SHAAlgo) string {
|
||||
var h hash.Hash
|
||||
switch sa {
|
||||
case SHA1:
|
||||
dataHash = sha1.New()
|
||||
h = sha1.New()
|
||||
case SHA256:
|
||||
dataHash = sha256.New()
|
||||
h = sha256.New()
|
||||
case SHA512:
|
||||
dataHash = sha512.New()
|
||||
h = sha512.New()
|
||||
default:
|
||||
return ""
|
||||
}
|
||||
|
||||
_, err := io.WriteString(dataHash, value)
|
||||
_, err := io.WriteString(h, s)
|
||||
if err != nil {
|
||||
return ""
|
||||
}
|
||||
return fmt.Sprintf("%x", dataHash.Sum(nil))
|
||||
return fmt.Sprintf("%x", h.Sum(nil))
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue