add ip blacklist processing

FallDi · FallDi · commit 59324905981c · 2013-10-30T21:46:08.000+07:00
diff --git a/LinksExtractor/src/ru/nsu/xwaf/Main.java b/LinksExtractor/src/ru/nsu/xwaf/Main.java
@@ -35,15 +35,15 @@ public static void main(String[] args) {
             worker.start(args[SITE_ITEM], limit);
             worker.getResult(outputFileName);
         } catch (MalformedURLException error) {
-            System.err.println("Sorry, we can\'t connect to the URL");
+            System.err.println("Sorry, we can\'t connect to the URL: " + error.toString());
         } catch (IOException error) {
             error.printStackTrace(System.err);
         } catch (ParserConfigurationException e) {
-            e.printStackTrace();  //To change body of catch statement use File | Settings | File Templates.
+            e.printStackTrace();
         } catch (TransformerException e) {
-            e.printStackTrace();  //To change body of catch statement use File | Settings | File Templates.
+            e.printStackTrace();
         } catch (XMLStreamException e) {
-            e.printStackTrace();  //To change body of catch statement use File | Settings | File Templates.
+            e.printStackTrace();
         }
     }
 }
diff --git a/ProxyFilter/answers/blacklist_ip.html b/ProxyFilter/answers/blacklist_ip.html
@@ -0,0 +1,14 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
+    <head>
+        <title>Your IP is blocked</title>
+        <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"/>
+        <link rel="stylesheet" type="text/css" href="./style/style.css" />
+        <link rel="shortcut icon" href="./favicon.ico" type="image/x-icon" />
+    </head>
+    <body>
+		<p>Your IP <b><ip/></b> has been blocked</p>
+    </body>
+</html>
+
+
diff --git a/ProxyFilter/logs/result.html b/ProxyFilter/logs/result.html
@@ -6,7 +6,7 @@
         <link rel="stylesheet" type="text/css" href="style.css" />
     </head>
     <body>
-<p>Log from <b>2012/05/17 00:00:00</b> to <b>2013/09/23 21:51:47</b></p>
+<p>Log from <b>2012/05/17 00:00:00</b> to <b>2013/10/30 20:56:27</b></p>
 <table border="1">
 <tr>
 	<td align="center" class="table_title">Rule</td>
@@ -22,7 +22,7 @@
 </tr>
 <tr>
 	<td>DirectoryTraversal</td>
-	<td>1</td>
+	<td>2</td>
 </tr>
 <tr>
 	<td>SQLInjection(UNION)</td>
diff --git a/ProxyFilter/src/ru/nsu/xwaf/Answer.java b/ProxyFilter/src/ru/nsu/xwaf/Answer.java
@@ -6,15 +6,17 @@
 import java.io.InputStreamReader;
 
 /**
+ * HTML response template
  *
- * @author daredevil
+ * @author FallDi
  */
 public class Answer {
 
     private String answer;
     private String fileName;
     private static final String REQUEST_PATTERN = "<request/>";
     private static final String BLOCKED_RULE = "<rule/>";
+    private static final String BLOCKED_IP = "<ip/>";
 
     public Answer(String fileName) {
         this.fileName = fileName;
@@ -34,7 +36,12 @@ public void loadFile() {
         }
     }
 
-    public String getAnswer(String request, Rule rule) {
+    public String getAnswerBlockIp(String ip) {
+        String fullAnswer = answer.replace(BLOCKED_IP, ip);
+        return "HTTP/1.1 200 OK\r\nContent-Length: " + String.valueOf(fullAnswer.length()) + "\r\n\r\n" + fullAnswer;
+    }
+
+    public String getAnswerBlock(String request, Rule rule) {
         String fullAnswer = answer.replace(REQUEST_PATTERN, request);
         fullAnswer = fullAnswer.replace(BLOCKED_RULE, rule.getName());
         return "HTTP/1.1 200 OK\r\nContent-Length: " + String.valueOf(fullAnswer.length()) + "\r\n\r\n" + fullAnswer;
diff --git a/ProxyFilter/src/ru/nsu/xwaf/DatabaseManager.java b/ProxyFilter/src/ru/nsu/xwaf/DatabaseManager.java
@@ -10,17 +10,21 @@
 import java.text.SimpleDateFormat;
 import java.util.Calendar;
 import java.util.GregorianCalendar;
+import java.util.HashMap;
+import java.util.Map;
 
 /**
+ * Database management class
  *
- * @author daredevil
+ * @author FallDi
  */
 public class DatabaseManager {
 
     public static String DB_PATH = "../vulnerabilities_signatures.sqlite";
     public static String LOG_FILE_NAME = "./logs/result.html";
     public static String RULE_TABLE_NAME = "rules";
     public static String LOGGER_TABLE_NAME = "logger";
+    public static String BLACKLIST_IP_TABLE_NAME = "blacklistIp";
 
     public DatabaseManager() {
     }
@@ -89,19 +93,48 @@ public RulesGroup loadDatabase() {
         return rulesGroup;
     }
 
+    public Map<Integer, String> getIpBlacklist() {
+        Connection connection = null;
+        ResultSet resultSet = null;
+        Statement statement = null;
+        HashMap<Integer, String> blacklistIp = new HashMap<Integer, String>();
+        try {
+            Class.forName("org.sqlite.JDBC");
+            connection = DriverManager.getConnection("jdbc:sqlite:" + DB_PATH);
+            statement = connection.createStatement();
+            resultSet = statement.executeQuery("SELECT id, ip FROM " + BLACKLIST_IP_TABLE_NAME);
+            while (resultSet.next()) {
+                int id = resultSet.getInt("id");
+                String ip = resultSet.getString("ip");
+                blacklistIp.put(id, ip);
+            }
+        } catch (Exception e) {
+            System.out.println(e.toString());
+        } finally {
+            try {
+                resultSet.close();
+                statement.close();
+                connection.close();
+            } catch (SQLException ex) {
+                System.out.println(ex.toString());
+            }
+        }
+        return blacklistIp;
+    }
+
     public String getLog(GregorianCalendar from, GregorianCalendar to) {
         Connection connection = null;
         PreparedStatement statement = null;
         ResultSet resultSet = null;
         String result = new String();
-        result = "<!DOCTYPE html PUBLIC \"-//W3C//DTD XHTML 1.0 Strict//EN\" \"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd\">\n" +
-                 "<html xmlns=\"http://www.w3.org/1999/xhtml\" xml:lang=\"en\" lang=\"en\">\n" +
-                 "    <head>\n" +
-                 "        <title>Logger</title>\n" +
-                 "        <meta http-equiv=\"content-type\" content=\"text/html; charset=utf-8\" />\n" +
-                 "        <link rel=\"stylesheet\" type=\"text/css\" href=\"style.css\" />\n" +
-                 "    </head>\n" +
-                 "    <body>\n";
+        result = "<!DOCTYPE html PUBLIC \"-//W3C//DTD XHTML 1.0 Strict//EN\" \"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd\">\n"
+                + "<html xmlns=\"http://www.w3.org/1999/xhtml\" xml:lang=\"en\" lang=\"en\">\n"
+                + "    <head>\n"
+                + "        <title>Logger</title>\n"
+                + "        <meta http-equiv=\"content-type\" content=\"text/html; charset=utf-8\" />\n"
+                + "        <link rel=\"stylesheet\" type=\"text/css\" href=\"style.css\" />\n"
+                + "    </head>\n"
+                + "    <body>\n";
         try {
             Class.forName("org.sqlite.JDBC");
             connection = DriverManager.getConnection("jdbc:sqlite:" + DB_PATH);
@@ -127,8 +160,8 @@ public String getLog(GregorianCalendar from, GregorianCalendar to) {
         } catch (Exception ex) {
             System.out.println(ex.toString());
         }
-        result += "     </body>\n" +
-                  "</html>";
+        result += "     </body>\n"
+                + "</html>";
         return result;
     }
 
@@ -152,9 +185,8 @@ public void addLog(URL url, Rule rule, String sourceIP) {
             System.out.println(ex.toString());
         }
     }
-    
-    public void updateLogFile()
-    {
+
+    public void updateLogFile() {
         try {
             GregorianCalendar start = new GregorianCalendar(2012, 05 - 1, 17);
             GregorianCalendar end = new GregorianCalendar();
diff --git a/ProxyFilter/src/ru/nsu/xwaf/FilterProxy.java b/ProxyFilter/src/ru/nsu/xwaf/FilterProxy.java
@@ -2,23 +2,27 @@
 
 import java.io.IOException;
 import java.net.ServerSocket;
+import java.util.Map;
 
 /**
+ * Proxy class. Listening all incoming connection and make thread on new client.
  *
- * @author daredevil
+ * @author FallDi
  */
 public class FilterProxy extends Thread {
 
     private int port;
     private boolean listening;
     private ServerSocket serverSocket;
     private RulesGroup rules;
+    private Map<Integer, String> blacklistIp;
     private DatabaseManager dbm;
-    
-    public FilterProxy(int port, RulesGroup rules, DatabaseManager dbm) {
-        listening = true;
+
+    public FilterProxy(int port, RulesGroup rules, Map<Integer, String> blacklistIp, DatabaseManager dbm) {
+        this.listening = true;
         this.port = port;
         this.rules = rules;
+        this.blacklistIp = blacklistIp;
         this.dbm = dbm;
     }
 
@@ -29,12 +33,12 @@ public void run() {
             System.out.println("Started on: " + port);
             ProxyThread pt;
             while (listening) {
-                pt = new ProxyThread(serverSocket.accept(), rules, dbm);
+                pt = new ProxyThread(serverSocket.accept(), rules, blacklistIp, dbm);
                 pt.start();
             }
             serverSocket.close();
         } catch (IOException e) {
-            System.err.println("Could not listen on port: " + port);
+            System.err.println("Could not listen on port: " + port + " " + e.toString());
             System.exit(-1);
         }
     }
diff --git a/ProxyFilter/src/ru/nsu/xwaf/HTTPRequest.java b/ProxyFilter/src/ru/nsu/xwaf/HTTPRequest.java
@@ -8,7 +8,7 @@
 
 /**
  *
- * @author daredevil
+ * @author FallDi
  */
 public class HTTPRequest {
 
diff --git a/ProxyFilter/src/ru/nsu/xwaf/ProxyFilter.java b/ProxyFilter/src/ru/nsu/xwaf/ProxyFilter.java
@@ -1,8 +1,10 @@
 package ru.nsu.xwaf;
 
+import java.util.Map;
+
 /**
  *
- * @author daredevil
+ * @author FallDi
  */
 public class ProxyFilter {
 
@@ -17,7 +19,8 @@ public class ProxyFilter {
     public static void main(String args[]) {
         DatabaseManager dbm = new DatabaseManager();
         RulesGroup mainRules = dbm.loadDatabase();
-        FilterProxy fp = new FilterProxy(port, mainRules, dbm);
+        Map<Integer, String> blacklistIp = dbm.getIpBlacklist();
+        FilterProxy fp = new FilterProxy(port, mainRules, blacklistIp, dbm);
         fp.start();
     }
 }
diff --git a/ProxyFilter/src/ru/nsu/xwaf/ProxyThread.java b/ProxyFilter/src/ru/nsu/xwaf/ProxyThread.java
@@ -1,14 +1,16 @@
 package ru.nsu.xwaf;
 
 import java.io.*;
+import java.net.InetSocketAddress;
 import java.net.Socket;
 import java.net.URL;
 import java.net.URLDecoder;
 import java.util.Map;
 
 /**
+ * Main logic of analyze request/response
  *
- * @author daredevil
+ * @author FallDi
  */
 public class ProxyThread extends Thread {
 
@@ -17,12 +19,14 @@ public class ProxyThread extends Thread {
     private static final int READ_BUFFERD_SIZE_REQUEST = 1;
     private static final int BUFFER_SIZE = 32000;
     private RulesGroup rules;
+    private Map<Integer, String> blacklistIp;
     private DatabaseManager dbm;
 
-    public ProxyThread(Socket socket, RulesGroup rules, DatabaseManager dbm) {
+    public ProxyThread(Socket socket, RulesGroup rules, Map<Integer, String> blacklistIp, DatabaseManager dbm) {
         super("ProxyThread");
         this.socket = socket;
         this.rules = rules;
+        this.blacklistIp = blacklistIp;
         this.dbm = dbm;
     }
 
@@ -34,8 +38,10 @@ public void run() {
         DataOutputStream servOut = null;
         Socket server = null;
         try {
+            // initialize input streams
             clientOut = new DataOutputStream(socket.getOutputStream());
             clientIn = new DataInputStream(socket.getInputStream());
+            String clientIpAddress = ((InetSocketAddress) socket.getRemoteSocketAddress()).getHostName();
             // get request
             HTTPRequest hr;
             Map<String, String> fields;
@@ -58,34 +64,39 @@ public void run() {
                     break;
                 }
             }
-            System.out.println(requestStr);
+            //System.out.println(requestStr);
             String[] tokens = requestStr.split(" ");
             String urlToCall = tokens[1];
             URL url = new URL(urlToCall);
-            Rule blockedRule = null;
-            if (null == (blockedRule = rules.isVulnerable(URLDecoder.decode(requestStr, "UTF-8")))) {
-                // get response and send to client
-                server = new Socket(url.getHost(), 80);
-                servIn = new DataInputStream(server.getInputStream());
-                servOut = new DataOutputStream(server.getOutputStream());
-                servOut.write(requestByte, 0, sizeRequest);
+            if (blacklistIp.containsValue(clientIpAddress)) {
+                Answer answer = new Answer("./answers/blacklist_ip.html");
+                answer.loadFile();
+                byte[] answerByte = (answer.getAnswerBlockIp(clientIpAddress)).getBytes();
+                clientOut.write(answerByte, 0, answerByte.length);
+            } else {
+                Rule blockedRule = null;
+                if (null == (blockedRule = rules.isVulnerable(URLDecoder.decode(requestStr, "UTF-8")))) {
+                    // get response and send to client
+                    server = new Socket(url.getHost(), 80);
+                    servIn = new DataInputStream(server.getInputStream());
+                    servOut = new DataOutputStream(server.getOutputStream());
+                    servOut.write(requestByte, 0, sizeRequest);
 
-                //begin send response to client byte by[] = new
-                byte[] by = new byte[BUFFER_SIZE];
-                index = servIn.read(by, 0, READ_BUFFER_SIZE);
-                int responseSize = 0;
-                while (index >= 0) {
-                    clientOut.write(by, 0, index);
-                    responseSize += index;
+                    //begin send response to client byte by[] = new
+                    byte[] by = new byte[BUFFER_SIZE];
                     index = servIn.read(by, 0, READ_BUFFER_SIZE);
+                    while (index >= 0) {
+                        clientOut.write(by, 0, index);
+                        index = servIn.read(by, 0, READ_BUFFER_SIZE);
+                    }
+                } else {
+                    Answer answer = new Answer("./answers/block.html");
+                    answer.loadFile();
+                    byte[] answerByte = (answer.getAnswerBlock(requestStr, blockedRule) + blockedRule.getName()).getBytes();
+                    clientOut.write(answerByte, 0, answerByte.length);
+                    dbm.addLog(url, blockedRule, socket.getLocalAddress().getHostAddress());
+                    dbm.updateLogFile();
                 }
-            } else {
-                Answer answer = new Answer("./answers/block.html");
-                answer.loadFile();
-                byte[] answerByte = (answer.getAnswer(requestStr, blockedRule) + blockedRule.getName()).getBytes();
-                clientOut.write(answerByte, 0, answerByte.length);
-                dbm.addLog(url, blockedRule, socket.getLocalAddress().getHostAddress());
-                dbm.updateLogFile();
             }
             clientOut.flush();
         } catch (IOException e) {
diff --git a/ProxyFilter/src/ru/nsu/xwaf/Rule.java b/ProxyFilter/src/ru/nsu/xwaf/Rule.java
@@ -5,7 +5,7 @@
 
 /**
  *
- * @author daredevil
+ * @author FallDi
  */
 public class Rule {
 
diff --git a/ProxyFilter/src/ru/nsu/xwaf/RulesGroup.java b/ProxyFilter/src/ru/nsu/xwaf/RulesGroup.java
@@ -6,7 +6,7 @@
 
 /**
  *
- * @author daredevil
+ * @author FallDi
  */
 public class RulesGroup {
 
diff --git a/README.md b/README.md
diff --git a/vulnerabilities_signatures.sqlite b/vulnerabilities_signatures.sqlite

Original file line number	Diff line number	Diff line change
`@@ -8,7 +8,7 @@`
`8`	`8`
`9`	`9`	`/**`
`10`	`10`	`*`
`11`		`- * @author daredevil`
	`11`	`+ * @author FallDi`
`12`	`12`	`*/`
`13`	`13`	`public class HTTPRequest {`
`14`	`14`
Original file line number	Diff line number	Diff line change
`@@ -1,8 +1,10 @@`
`1`	`1`	`package ru.nsu.xwaf;`
`2`	`2`
	`3`	`+import java.util.Map;`
	`4`	`+`
`3`	`5`	`/**`
`4`	`6`	`*`
`5`		`- * @author daredevil`
	`7`	`+ * @author FallDi`
`6`	`8`	`*/`
`7`	`9`	`public class ProxyFilter {`
`8`	`10`
`@@ -17,7 +19,8 @@ public class ProxyFilter {`
`17`	`19`	`public static void main(String args[]) {`
`18`	`20`	`DatabaseManager dbm = new DatabaseManager();`
`19`	`21`	`RulesGroup mainRules = dbm.loadDatabase();`
`20`		`- FilterProxy fp = new FilterProxy(port, mainRules, dbm);`
	`22`	`+ Map<Integer, String> blacklistIp = dbm.getIpBlacklist();`
	`23`	`+ FilterProxy fp = new FilterProxy(port, mainRules, blacklistIp, dbm);`
`21`	`24`	`fp.start();`
`22`	`25`	`}`
`23`	`26`	`}`
Original file line number	Diff line number	Diff line change
`@@ -5,7 +5,7 @@`
`5`	`5`
`6`	`6`	`/**`
`7`	`7`	`*`
`8`		`- * @author daredevil`
	`8`	`+ * @author FallDi`
`9`	`9`	`*/`
`10`	`10`	`public class Rule {`
`11`	`11`
Original file line number	Diff line number	Diff line change
`@@ -6,7 +6,7 @@`
`6`	`6`
`7`	`7`	`/**`
`8`	`8`	`*`
`9`		`- * @author daredevil`
	`9`	`+ * @author FallDi`
`10`	`10`	`*/`
`11`	`11`	`public class RulesGroup {`
`12`	`12`