hT0ddlZddlZddlZddlZddlZddlZddlZddlZddlZ ddl m Z m Z ddl mZmZmZmZddlmZddlmZddlmZddlmZej4ej6d ej8eZGd d e ZGd d eZ y)N) HTTPServerSimpleHTTPRequestHandler)DictAnyOptionalList) DriverPlugin) RuleEngine)get_db_manager)sanitize_for_logz4%(asctime)s - %(name)s - %(levelname)s - %(message)s)levelformatceZdZUdZdZeeed<ddddfd ZdZ de e e ffdZ d e e e fdee e e ffd Zd ee e e fdee e e ffd Zd ee e e ffd ZfdZfdZxZS)StaticFileHTTPRequestHandleru[ 自定义请求处理器,用于提供静态文件服务,并集成反制逻辑 N rule_engine directoryenvironment_idenvironment_rulesc||ntj|_||_||ng|_d|_t ||i|yN)osgetcwdrrr _inject_infosuper__init__)selfrrrargskwargs __class__s 7E:\workrun\ive\./drivers\static_file_honeypot\driver.pyrz%StaticFileHTTPRequestHandler.__init__ sJ&/&;,6G6S!2Y[  $)&)ct|j}t||z}tj|d|j d|dy)Nz - - [z]  )r address_stringloggerinfolog_date_time_string)rrr safe_addrsafe_fmts r! log_messagez(StaticFileHTTPRequestHandler.log_message)s@$T%8%8%:; #FTM2 )T5N5N5PRZ[\r"returnct|jtjrdnd|j|j t |j|jddS)u*构建规则引擎需要的请求上下文httpshttpr)protocolmethodpathheadersip) isinstance connectionssl SSLSocketcommandr2dictr3client_addressrs r!_build_request_contextz3StaticFileHTTPRequestHandler._build_request_context/sM$.doos}}#MSYllIIDLL)%%a(   r"request_contextc|jr=|jr1|jj||j|jStj dgS)u执行反制措施zIRule engine or environment ID not available for countermeasure execution.)rr$evaluate_and_execute_for_environmentrr&warning)rr>s r!_execute_countermeasuresz5StaticFileHTTPRequestHandler._execute_countermeasures:sS    3 3##HH!7!79L9L  NNf gIr"resultsc|D]N}|jddk(s|jdijds:|djdcSy)u处理内容注入反制结果actioninject_contentresultsuccess inject_infoN)get)rrCrGs r!_handle_inject_contentz3StaticFileHTTPRequestHandler._handle_inject_contentEsSFzz(#'77FJJxQSZ [\JJx( r"c^|j}|j|}|j||j||_|jrNt |j }t t|j}tjd|d|d}|D]r}|jddk(s|jdijdi}|jdd }|jd d } |j|| d }n|st |5y y )u&处理 GET 请求,集成反制逻辑zContent injection prepared for z. Inject info: FrEerror_responserGrNcodeimessagezInternal Server ErrorTN)r=rBrSrKrr r2strr&r'rJ send_errorrdo_GET) rr>countermeasure_results safe_path safe_infoerror_triggeredrG error_config error_code error_messager s r!rZz#StaticFileHTTPRequestHandler.do_GETWs$557"&!>!>!O //0FG!778NO   (3I(T->->)?@I KK9)OT]S^_ ` ,Fzz(#'77%zz(B7;;HbI )--fc: , 0 0$r*t@jCd|dt&|QcYSwxYw)#uG 重写 send_head 方法以支持 HTML 内容注入。 i ForbiddenN/i-rLocation)z index.htmlz index.htmz text/htmlrbizFile not foundzutf-8zFailed to decode z' as utf-8 for injection. Serving as-is.contentlocationbefore_body_endzz headzz body_startzz z Content-typezContent-Lengthz Last-Modified)*translate_pathr2rrealpathr commonpathrY Exceptionisdirurllibparseurlsplitendswith send_response urlunsplit send_header end_headersjoinexistsr send_head guess_type startswithropenOSErrorfstatfilenoreadclosedecodeUnicodeDecodeErrorr&rAreplaceencoderXlendate_time_stringst_mtimewfilewrite)rr2resolved_requested_pathresolved_base_dirfparts new_partsnew_urlindexctypefsrk content_strcontent_to_injectrlinjected_contentinjected_bytesr s r!rz&StaticFileHTTPRequestHandler.send_headys ""499- &(gg&6&6t&< # " 0 0 @ ww!!#:>%( D 3 w(**%   K (T->-> t$ !((*%BffhG GGI +%nnW5 !% 1 1) < ((4H* ,,#.#6#6yEVDWW`Bacd#e V##.#6#6yEVDWW`Bacd#e \)#.#6#6x8L]K^A_ab#c $/1B#B .44W=N   s #   ^U 3   -s3~3F/G H   _%%bkk2 4     JJ  ^ ,7$& &k  OOC - D %56 & +!24&8_`aw(** +s6A>N9 N1 ON.-N.1OO0PP)__name__ __module__ __qualname____doc__rrr __annotations__rr+rrXrr=rrBrKrSrZr __classcell__)r s@r!rrs )-K*%,(,TUY*]  S#X   S#X 4PTUXZ]U]P^K_ d4S>.BxPTUXZ]U]P^G_ )$tCH~:N )Db'b'r"rceZdZdZdZdZdZdedefdZde e ee ffdZ d ede e ee ffd Zd ed edefd Zd e ee fdefdZd edefdZd edefdZd edefdZd edefdZy)StaticFileHoneypotDriveru= 静态文件蜜罐驱动插件实现 (集成反制) c>t|_i|_d|_yr)r db_managerserversrr<s r!rz!StaticFileHoneypotDriver.__init__s(* r"c ddl}|jjS#ttf$rt j dYywxYw)u获取 rule_engine 实例rNzFFailed to get global rule_engine instance in StaticFileHoneypotDriver.) api.serverserverr ImportErrorAttributeErrorr&rArapis r!_get_rule_enginez)StaticFileHoneypotDriver._get_rule_engines>  ::)) )^,  NNc d $AAc ddl}|jjS#ttf$rt j dYywxYw)u/获取 rule_manager 实例以获取环境规则rNzGFailed to get global rule_manager instance in StaticFileHoneypotDriver.)rr rule_managerrrr&rArs r!_get_rule_managerz*StaticFileHoneypotDriver._get_rule_managers>  ::** *^,  NNd e r static_rootr,ctjjtjjtjjt}tjj|}tjj tjj |d}|}tjj|s tjj ||}tjj |}tjj|std|tjj|std| tjj||g|k7rtd| |S#t$rtd|wxYw)u2解析并校验静态根目录,限制在项目 static_sites 目录内。 :param static_root: 配置传入的静态目录(相对或绝对路径) :return: 经过 realpath 解析且校验通过的绝对路径 :raises: ValueError 当路径不存在/不是目录/越界时 static_siteszStatic root does not exist: z Static root is not a directory: z%Static root is outside allowed base: z#Static root validation failed for: ) rr2dirnameabspath__file__rrr~isabsr ValueErrorrursrt)rr drivers_dir project_root allowed_basecandidate_pathresolveds r!!_resolve_and_validate_static_rootz:StaticFileHoneypotDriver._resolve_and_validate_static_rootsTggoobggoobggooh6O&PQ ww{3 ww'' \>(RS %ww}}^,WW\\,GN77##N3ww~~h';H:FG Gww}}X&?zJK K Oww!!8\":;|K #H !STTL   OB8*MN N Os 52F**Gc |jj5}|j}|jd|j }g}|D]9}t |}t j|d|d<|j|;|cdddS#1swYyxYw#tj$r$}tjd|gcYd}~Sd}~wwxYw)u` 从数据库列出所有环境。 :return: 环境信息字典列表。 zSELECT * FROM environmentsrNNzError listing environments: ) rget_connectioncursorexecutefetchallr:jsonloadsappendsqlite3Errorr&error)rconnrrows environmentsrowenv_dataes r!list_environmentsz*StaticFileHoneypotDriver.list_environmentss  //1T;<(! C#CyH)-HX4F)GHX& ''1  $211}}  LL7s; <I s;B%A3B B%B"B%"B%%C8CCCenv_idc |jj5}|j}|jd|f|j }|r1t |}t j|d|d<|cdddS dddy#1swYyxYw#tj$r%}tjd|d|Yd}~yd}~wwxYw)u 从数据库获取环境信息。 :param env_id: 环境唯一标识符。 :return: 环境信息字典,如果未找到则返回 None。 z'SELECT * FROM environments WHERE id = ?rNNzError getting environment : ) rrrrfetchoner:rrrrr&r)rrrrrrrs r!get_environmentz(StaticFileHoneypotDriver.get_environment4s E//1TH6)Too'#CyH)-HX4F)GHX&#21 22}} E LL5fXRsC D D Es;BAB 9 BB BBBC,C  Cstatusc |jj5}|j}|jd||f|j t j d|d dddy#1swYyxYw#tj$rt jd|dYytj$r%}t jd|d|Yd}~yd}~wwxYw) N/UPDATE environments set status = ? where id = ? Environment z update in database.T already exists in database.FError updateing environment r) rrrrcommitr&r'rIntegrityErrorrArr)rrrrrrs r!update_environmentz+StaticFileHoneypotDriver.update_environmentIs //1TEV$  l6(2FGH211%%  NN\&1MN O}}  LL7xr!E F s;BAA4+B4A=9B=B,C%.C%C  C% env_configc~dtjj}tj d|d||S)u创建静态文件蜜罐环境 static_env_z)Created Static File Honeypot environment z with config )uuiduuid4hexr&r')rrrs r!create_environmentz+StaticFileHoneypotDriver.create_environment[s@tzz|//01  ?x}U_T`ab r"c F|j}|stjddy|d} |js|j |_|jstjdy|jt _|d}|j dd}|j d d }|j d d |j|j d d}g|j}|r |jntjddfd} t||f| } |r|j d} |j d} | r| rtjj| r`tjj| rAt!j"| j$| | d| _tj'dntjddt)j*| j,d}|j/| |d|j0<d} |j2j55}|j7}|j9d|f|j;dddtj'd"d#|d$|d%d&|rd'nd( y#t$r'} tjdd| dYd} ~ d} ~ wwxYw#1swYexYw#t<j>$rtjdd Yyt<j@$r%} tjd!d| Yd} ~ yd} ~ wwxYw#t$r%} tjd)d| Yd} ~ yd} ~ wwxYw)*u-启动静态文件蜜罐环境 (集成反制)r not foundFrz*Rule engine not available for environment rNhostz0.0.0.0portir.r7Nz$Failed to get environment rules for rz. Using empty list.z+Rule manager not available for environment z. Using empty rule list.c"t|d|S)Nr)r)rrrrrs r!handler_factoryzCStaticFileHoneypotDriver.start_environment..handler_factorys&3)#)&7   r"certfilekeyfileT)rr server_sidezSSL enabled for environment z*Invalid SSL configuration for environment z. Starting without SSL.)targetdaemon)rthreadrunningrrrz)Started Static File Honeypot environment z on :z serving files from ''z (HTTPS)z (HTTP)z1Failed to start Static File Honeypot environment )!rr&rrrrrJrrget_environment_rulesrtrArrr2rr7 wrap_socketsocketr' threadingThread serve_foreverstartrrrrrrrrr)rrenvrrNrr ssl_configrrrrrr server_threadrrrrs ` @@r!start_environmentz*StaticFileHoneypotDriver.start_environmentgs""6* LL<xz: ;X S ###'#8#8#: ## I&RS7;7G7G ( 4]F::fi0D::fd+D **]C8K@@MKE40J!# 113Ll(4(J(J6(R%!LVHTlmn  t o>F%>>*5$..3BGGNN8,DX_I`$'OOFMMvh GHNN%OPVxWn#op%,,F4H4HQUVM    !!'$DLL F __335![[]FNNI(KKM 6 KKCF84PTvUVW[V\\qr}q~~OYAK_h@ij ko!lNN%I&QSTUSVVi#jkklR65)) fX5QRS==  ;F82aSIJ    LLLVHTVWXVYZ [ sAM2=BM2K D4M2 L %5K>L "(M2 K;K60M26K;;M2>LL ,M/6M28M/ M*%M2*M//M22 N ;NN c|j|}|stjd|dy|ddk7rtjd|dy |jj |}|r2|d}|j |j|j|=|j|dtjd |y #t$r%}tjd |d |Yd }~yd }~wwxYw)u停止静态文件蜜罐环境rrFrrz is not runningrstoppedz)Stopped Static File Honeypot environment Tz0Failed to stop Static File Honeypot environment rN) rr&rrArrJshutdown server_closerr'rt)rrr server_inforrs r!stop_environmentz)StaticFileHoneypotDriver.stop_environments""6* LL<xz: ; x=I % NN\&A B ,,**62K$X.!##%LL(  # #FI 6 KKCF8L M  LLKF8SUVWUXY Z sA9C C9C44C9c|j|}|stjd|dy|ddk(r|j|tj d|y)u删除静态文件蜜罐环境rrFrrz)Deleted Static File Honeypot environment T)rr&rr r'rrrs r!delete_environmentz+StaticFileHoneypotDriver.delete_environmentsb""6* LL<xz: ; x=I %  ! !& )  ?xHIr"c4|j|}|sy|dS)u获取环境状态 not_foundr)rr s r!get_environment_statusz/StaticFileHoneypotDriver.get_environment_statuss"""6*8}r"N)rrrrrrrrXrrrrrrrboolrrrr rrr"r!rrs  S S D4S#X#7*chtCH~.F*cd$ T#s(^  ___Bst6 SSr"r)!rrPrrloggingr7rr urllib.parserv http.serverrrtypingrrrrpluginsr core.rule_enginer core.databaser core.log_utilsr basicConfigINFO getLoggerrr&rrrr"r!rs~   <,, '(+',,/ef   8 $C'#;C'NY|Yr"