o #¼hŠTã@sÞddlZddlZddlZddlZddlZddlZddlZddlZddlZ ddl m Z m Z ddl mZmZmZmZddlmZddlmZddlmZddlmZejejdd e e¡ZGd d „d e ƒZGd d „d eƒZ dS)éN)Ú HTTPServerÚSimpleHTTPRequestHandler)ÚDictÚAnyÚOptionalÚList)Ú DriverPlugin)Ú RuleEngine)Úget_db_manager)Úsanitize_for_logz4%(asctime)s - %(name)s - %(levelname)s - %(message)s)ÚlevelÚformatcsÜeZdZUdZdZeeed<ddddœ‡fdd„ Zdd„Z d e e e ffd d „Z d e e e fd ee e e ffd d„Zdee e e fd ee e e ffdd„Zdee e e ffdd„Z‡fdd„Z‡fdd„Z‡ZS)ÚStaticFileHTTPRequestHandleru[ 自定义请求处ç†å™¨ï¼Œç”¨äºŽæä¾›é™æ€æ–‡ä»¶æœåŠ¡ï¼Œå¹¶é›†æˆå制逻辑 NÚ rule_engine©Ú directoryÚenvironment_idÚenvironment_rulescsJ|dur|nt ¡|_||_|dur|ng|_d|_tƒj|i|¤ŽdS©N)ÚosÚgetcwdrrrÚ _inject_infoÚsuperÚ__init__)ÚselfrrrÚargsÚkwargs©Ú __class__©ú2/root/ive/./drivers/static_file_honeypot/driver.pyr s z%StaticFileHTTPRequestHandler.__init__cGs4t| ¡ƒ}t||ƒ}t d|| ¡|f¡dS)Nz%s - - [%s] %s )r Úaddress_stringÚloggerÚinfoÚlog_date_time_string)rr rZ safe_addrZsafe_fmtrrr Ú log_message)s  z(StaticFileHTTPRequestHandler.log_messageÚreturncCs2t|jtjƒr dnd|j|jt|jƒ|jddœS)u*构建规则引擎需è¦çš„请求上下文ÚhttpsÚhttpr)ÚprotocolÚmethodÚpathÚheadersÚip) Ú isinstanceÚ connectionÚsslÚ SSLSocketÚcommandr+Údictr,Úclient_address©rrrr Ú_build_request_context/s ûz3StaticFileHTTPRequestHandler._build_request_contextÚrequest_contextcCs.|jr|jr|j ||j|j¡St d¡gS)u执行å制措施zIRule engine or environment ID not available for countermeasure execution.)rrÚ$evaluate_and_execute_for_environmentrr"Úwarning)rr7rrr Ú_execute_countermeasures:s  ÿ z5StaticFileHTTPRequestHandler._execute_countermeasuresÚresultscCs@|D]}| d¡dkr| di¡ d¡r|d d¡SqdS)u处ç†å†…容注入å制结果ÚactionÚinject_contentÚresultÚsuccessÚ inject_infoN)Úget)rr;r>rrr Ú_handle_inject_contentEs  €z3StaticFileHTTPRequestHandler._handle_inject_contentcCs`|D]+}| d¡dkr-| di¡ di¡}| dd¡}|dkr-t d|›d¡t |¡qd S) u-应用å制措施的副作用(如延迟)r<Údelayr>ÚconfigÚdurationrzApplying delay of z seconds for countermeasure.N)rAr"r#ÚtimeÚsleep)rr;r>Z delay_configrErrr Ú"_apply_countermeasure_side_effectsLs  €úz?StaticFileHTTPRequestHandler._apply_countermeasure_side_effectsc sÎ| ¡}| |¡}| |¡| |¡|_|jr.t|jƒ}tt|jƒƒ}t  d|›d|›¡d}|D])}|  d¡dkr[|  di¡  di¡}|  dd ¡}|  d d ¡} |  || ¡d }nq2|set ƒ  ¡d Sd S)u&å¤„ç† GET 请求,集æˆå制逻辑zContent injection prepared for z. Inject info: Fr<Zerror_responser>rDÚcodeiôÚmessagezInternal Server ErrorTN)r6r:rHrBrr r+Ústrr"r#rAÚ send_errorrÚdo_GET) rr7Zcountermeasure_resultsZ safe_pathZ safe_infoZerror_triggeredr>Z error_configZ error_codeZ error_messagerrr rMWs*       ú ÿz#StaticFileHTTPRequestHandler.do_GETcsº| |j¡}z"tj |¡}tj |j¡}tj ||g¡|kr'| dd¡WdSWnty8| dd¡YdSwd}tj |¡r“t j   |j¡}|j  d¡sx|  d¡|d|d|dd|d |d f}t j  |¡}| d |¡| ¡dSd D]}tj ||¡}tj |¡r|}nqztƒ ¡S| |¡} |  d ¡rX|jrXzt|dƒ}Wnty¹| dd¡YdSwt | ¡¡} | ¡} | ¡z|  d¡} Wntyçt  !d|›d¡tƒ ¡YSw|jd} |jd}| }|dkr|  "d| ›dd¡}n$|dkr|  "d| ›dd¡}n|dkr$|  "dd| ›d¡}n| | }| #d¡}|  d¡| d | ¡| d!t$t%|ƒƒ¡| d"| &| j'¡¡| ¡|j( )|¡dStƒ ¡S)#uG é‡å†™ send_head æ–¹æ³•ä»¥æ”¯æŒ HTML 内容注入。 i“Ú ForbiddenNú/i-rééééÚLocation)z index.htmlz index.htmz text/htmlÚrbi”zFile not foundzutf-8zFailed to decode z' as utf-8 for injection. Serving as-is.ÚcontentÚlocationÚbefore_body_endzz Úheadzz Ú body_startzz éÈz Content-typezContent-Lengthz Last-Modified)*Útranslate_pathr+rÚrealpathrÚ commonpathrLÚ ExceptionÚisdirÚurllibÚparseÚurlsplitÚendswithÚ send_responseÚ urlunsplitÚ send_headerÚ end_headersÚjoinÚexistsrÚ send_headÚ guess_typeÚ startswithrÚopenÚOSErrorÚfstatÚfilenoÚreadÚcloseÚdecodeÚUnicodeDecodeErrorr"r9ÚreplaceÚencoderKÚlenÚdate_time_stringÚst_mtimeÚwfileÚwrite)rr+Zresolved_requested_pathZresolved_base_dirÚfÚpartsÚ new_partsÚnew_urlÚindexÚctypeÚfsrVZ content_strÚcontent_to_injectrWZinjected_contentZinjected_bytesrrr rkysŠ   þ  ý    ÿ   þ    þ ý         ÿ  z&StaticFileHTTPRequestHandler.send_head)Ú__name__Ú __module__Ú __qualname__Ú__doc__rrr Ú__annotations__rr%rrKrr6rr:rBrHrMrkÚ __classcell__rrrr rs  & *  "rc@sêeZdZdZdd„Zdd„Zdd„Zded efd d „Zd e e ee ffd d „Z ded e e ee ffdd„Zdeded efdd„Zde ee fd efdd„Zded efdd„Zded efdd„Zded efdd„Zded efdd„ZdS) ÚStaticFileHoneypotDriveru= é™æ€æ–‡ä»¶èœœç½é©±åŠ¨æ’件实现 (集æˆå制) cCstƒ|_i|_d|_dSr)r Ú db_managerÚserversrr5rrr räs z!StaticFileHoneypotDriver.__init__c Có6z ddl}|jjWSttfyt d¡YdSw)uèŽ·å– rule_engine 实例rNzFFailed to get global rule_engine instance in StaticFileHoneypotDriver.)Ú api.serverÚserverrÚ ImportErrorÚAttributeErrorr"r9©rÚapirrr Ú_get_rule_engineês  þz)StaticFileHoneypotDriver._get_rule_enginec CrŽ)u/èŽ·å– rule_manager 实例以获å–环境规则rNzGFailed to get global rule_manager instance in StaticFileHoneypotDriver.)rrÚ rule_managerr‘r’r"r9r“rrr Ú_get_rule_managerôs  þz*StaticFileHoneypotDriver._get_rule_managerÚ static_rootr&cCsâtj tj tj t¡¡¡}tj |¡}tj tj |d¡¡}|}tj |¡s.tj ||¡}tj |¡}tj |¡sAt d|›ƒ‚tj  |¡sNt d|›ƒ‚ztj  ||g¡|kr`t d|›ƒ‚W|St ypt d|›ƒ‚w)u2解æžå¹¶æ ¡éªŒé™æ€æ ¹ç›®å½•ï¼Œé™åˆ¶åœ¨é¡¹ç›® static_sites 目录内。 :param static_root: é…置传入的é™æ€ç›®å½•ï¼ˆç›¸å¯¹æˆ–ç»å¯¹è·¯å¾„) :return: ç»è¿‡ realpath 解æžä¸”校验通过的ç»å¯¹è·¯å¾„ :raises: ValueError 当路径ä¸å­˜åœ¨/ä¸æ˜¯ç›®å½•/越界时 rzStatic root does not exist: z Static root is not a directory: z%Static root is outside allowed base: z#Static root validation failed for: ) rr+ÚdirnameÚabspathÚ__file__r]riÚisabsrjÚ ValueErrorr`r^r_)rr˜Z drivers_dirÚ project_rootZ allowed_baseZcandidate_pathÚresolvedrrr Ú!_resolve_and_validate_static_rootýs&     ÿ üþz:StaticFileHoneypotDriver._resolve_and_validate_static_rootc Cs¾zA|j ¡1}| ¡}| d¡| ¡}g}|D]}t|ƒ}t |d¡|d<| |¡q|WdƒWS1s:wYWdSt j y^}zt   d|›¡gWYd}~Sd}~ww)u` 从数æ®åº“列出所有环境。 :return: 环境信æ¯å­—典列表。 zSELECT * FROM environmentsrDNzError listing environments: ) rŒÚget_connectionÚcursorÚexecuteÚfetchallr3ÚjsonÚloadsÚappendÚsqlite3ÚErrorr"Úerror)rÚconnr¢ÚrowsÚ environmentsÚrowÚenv_dataÚerrr Úlist_environmentss"   (ö €þz*StaticFileHoneypotDriver.list_environmentsÚenv_idc CsÄzB|j ¡2}| ¡}| d|f¡| ¡}|r/t|ƒ}t |d¡|d<|WdƒWSWdƒWdS1s;wYWdStj ya}zt   d|›d|›¡WYd}~dSd}~ww)uª 从数æ®åº“获å–环境信æ¯ã€‚ :param env_id: 环境唯一标识符。 :return: 环境信æ¯å­—典,如果未找到则返回 None。 z'SELECT * FROM environments WHERE id = ?rDNzError getting environment ú: ) rŒr¡r¢r£Úfetchoner3r¥r¦r¨r©r"rª)rr²r«r¢r®r¯r°rrr Úget_environment4s( ø ü õ þ €þz(StaticFileHoneypotDriver.get_environmentÚstatusc CsÎz4|j ¡$}| ¡}| d||f¡| ¡t d|›d¡ WdƒWdS1s-wYWdStjyHt  d|›d¡YdStj yf}zt  d|›d|›¡WYd}~dSd}~ww) Nú/UPDATE environments set status = ? where id = ?ú Environment z update in database.Tú already exists in database.FúError updateing environment r³) rŒr¡r¢r£Úcommitr"r#r¨ÚIntegrityErrorr9r©rª)rr²r¶r«r¢r°rrr Úupdate_environmentIs& þ(ø €þz+StaticFileHoneypotDriver.update_environmentÚ env_configcCs*dt ¡j›}t d|›d|›¡|S)u创建é™æ€æ–‡ä»¶èœœç½çŽ¯å¢ƒZ static_env_z)Created Static File Honeypot environment z with config )ÚuuidÚuuid4Úhexr"r#)rr¾r²rrr Úcreate_environment[sz+StaticFileHoneypotDriver.create_environmentc s| ˆ¡}|st dˆ›d¡dS|d}zK|js | ¡|_|js.t dˆ›¡WdS|jt_|d}| dd¡}| d d ¡}| d d ¡‰| ˆ¡‰| d d¡}g‰| ¡}|rz|  ˆ¡‰Wn't y€} zt  dˆ›d| ›d¡WYd} ~ nd} ~ wwt  dˆ›d¡‡‡‡fdd„} t ||f| ƒ} |rÒ| d¡} | d¡} | rÉ| rÉt j | ¡rÉt j | ¡rÉtj| j| | dd| _t dˆ›¡n t  dˆ›d¡tj| jdd}| ¡| |dœ|jˆ<d}z(|j ¡}| ¡}| d |ˆf¡| ¡Wdƒn 1s wYWn6tjy&t  dˆ›d!¡YWdStj yF} zt d"ˆ›d| ›¡WYd} ~ WdSd} ~ wwt d#ˆ›d$|›d%|›d&ˆ›d'|r[d(nd)› ¡WdSt y} zt d*ˆ›d| ›¡WYd} ~ dSd} ~ ww)+u-å¯åŠ¨é™æ€æ–‡ä»¶èœœç½çŽ¯å¢ƒ (集æˆå制)r¸ú not foundFr¶z*Rule engine not available for environment rDÚhostz0.0.0.0Úportir˜Ú.r0Nz$Failed to get environment rules for r³z. Using empty list.z+Rule manager not available for environment z. Using empty rule list.cst|ˆˆˆdœ|¤ŽS)Nr)r)rr©r²rr˜rr Úhandler_factory’süûzCStaticFileHoneypotDriver.start_environment..handler_factoryÚcertfileÚkeyfileT)rÉrÊÚ server_sidezSSL enabled for environment z*Invalid SSL configuration for environment z. Starting without SSL.)ÚtargetÚdaemon)rÚthreadÚrunningr·r¹rºz)Started Static File Honeypot environment z on ú:z serving files from 'ú'z (HTTPS)z (HTTP)z1Failed to start Static File Honeypot environment )!rµr"rªrr•rrAr r—Úget_environment_rulesr_r9rrr+rjr0Ú wrap_socketÚsocketr#Ú threadingÚThreadÚ serve_foreverÚstartrrŒr¡r¢r£r»r¨r¼r©)rr²Úenvr¶rDrÄrÅZ ssl_configr–r°rÈrrÉrÊZ server_threadr«r¢rrÇr Ústart_environmentgs       $€ÿ    ý þ þ ú€€þ2€þz*StaticFileHoneypotDriver.start_environmentc CsÖ| |¡}|st d|›d¡dS|ddkr#t d|›d¡dSz)|j |¡}|r<|d}| ¡| ¡|j|=| |d¡t  d |›¡Wd St yj}zt d |›d |›¡WYd }~dSd }~ww)uåœæ­¢é™æ€æ–‡ä»¶èœœç½çŽ¯å¢ƒr¸rÃFr¶rÏz is not runningrÚstoppedz)Stopped Static File Honeypot environment Tz0Failed to stop Static File Honeypot environment r³N) rµr"rªr9rrAÚshutdownÚ server_closer½r#r_)rr²rÙZ server_inforr°rrr Ústop_environmentÈs,    €þz)StaticFileHoneypotDriver.stop_environmentcCsN| |¡}|st d|›d¡dS|ddkr| |¡t d|›¡dS)u删除é™æ€æ–‡ä»¶èœœç½çŽ¯å¢ƒr¸rÃFr¶rÏz)Deleted Static File Honeypot environment T)rµr"rªrÞr#©rr²rÙrrr Údelete_environmentãs   z+StaticFileHoneypotDriver.delete_environmentcCs| |¡}|s dS|dS)u获å–环境状æ€Z not_foundr¶)rµrßrrr Úget_environment_statusós z/StaticFileHoneypotDriver.get_environment_statusN)r…r†r‡rˆrr•r—rKr rrrr±rrµÚboolr½rÂrÚrÞràrárrrr r‹ßs  " ar‹)!rÕrFr¨r¥Úloggingr0rr¿Ú urllib.parseraÚ http.serverrrÚtypingrrrrÚpluginsrÚcore.rule_enginer Ú core.databaser Zcore.log_utilsr Ú basicConfigÚINFOÚ getLoggerr…r"rr‹rrrr Ús(     H