
503 lines
22 KiB
Raw Normal View History

#!/usr/bin/env python3
import contextlib
import json
2021-09-22 17:09:04 +02:00
import logging
import os
2021-09-22 17:09:04 +02:00
import pickle
import signal
2021-09-22 17:09:04 +02:00
import sys
import time
from collections.abc import Mapping
2021-09-07 12:59:31 +02:00
from datetime import datetime
2021-09-22 17:09:04 +02:00
from functools import lru_cache
from pathlib import Path
2022-07-27 14:36:56 +02:00
from typing import Any, Dict, List, Optional, Tuple, Union, Set
2021-09-22 17:09:04 +02:00
import dns.rdatatype
import dns.resolver
from har2tree import CrawledTree, Har2TreeError, HarFile
2022-12-23 16:36:11 +01:00
from pyipasnhistory import IPASNHistory
2021-09-22 17:09:04 +02:00
from redis import Redis
2021-09-22 17:09:04 +02:00
from .context import Context
2022-07-29 13:08:42 +02:00
from .helpers import get_captures_dir
from .indexing import Indexing
2021-10-18 13:06:43 +02:00
from .default import LookylooException, try_make_file, get_config
from .exceptions import MissingCaptureDirectory, NoValidHarFile, MissingUUID, TreeNeedsRebuild
2021-01-14 17:28:59 +01:00
class CaptureCache():
2021-06-16 00:16:56 +02:00
__slots__ = ('uuid', 'title', 'timestamp', 'url', 'redirects', 'capture_dir',
'error', 'incomplete_redirects', 'no_index', 'categories', 'parent',
2022-12-31 12:19:42 +01:00
'user_agent', 'referer', 'logger')
def __init__(self, cache_entry: Dict[str, Any]):
2022-12-31 12:19:42 +01:00
self.logger = logging.getLogger(f'{self.__class__.__name__}')
self.logger.setLevel(get_config('generic', 'loglevel'))
__default_cache_keys: Tuple[str, str, str, str, str, str] = ('uuid', 'title', 'timestamp',
'url', 'redirects', 'capture_dir')
if 'uuid' not in cache_entry or 'capture_dir' not in cache_entry:
raise LookylooException(f'The capture is deeply broken: {cache_entry}')
self.uuid: str = cache_entry['uuid']
self.capture_dir: Path = Path(cache_entry['capture_dir'])
2021-06-16 00:16:56 +02:00
if all(key in cache_entry.keys() for key in __default_cache_keys):
self.title: str = cache_entry['title']
self.timestamp: datetime = datetime.strptime(cache_entry['timestamp'], '%Y-%m-%dT%H:%M:%S.%f%z')
except ValueError:
# If the microsecond is missing (0), it fails
2021-10-01 14:53:46 +02:00
self.timestamp = datetime.strptime(cache_entry['timestamp'], '%Y-%m-%dT%H:%M:%S%z')
self.url: str = cache_entry['url']
if cache_entry.get('redirects'):
self.redirects: List[str] = json.loads(cache_entry['redirects'])
self.logger.info(f'No redirects in cache for {self.uuid}')
self.redirects = []
if not self.capture_dir.exists():
raise MissingCaptureDirectory(f'The capture {self.uuid} does not exists in {self.capture_dir}.')
elif not cache_entry.get('error'):
2021-06-16 00:16:56 +02:00
missing = set(__default_cache_keys) - set(cache_entry.keys())
2021-01-14 17:28:59 +01:00
raise LookylooException(f'Missing keys ({missing}), no error message. It should not happen.')
2021-01-14 17:28:59 +01:00
# Error without all the keys in __default_cache_keys was fatal.
# if the keys in __default_cache_keys are present, it was an HTTP error
self.error: Optional[str] = cache_entry.get('error')
2021-01-18 13:26:02 +01:00
self.incomplete_redirects: bool = True if cache_entry.get('incomplete_redirects') in [1, '1'] else False
self.no_index: bool = True if cache_entry.get('no_index') in [1, '1'] else False
self.categories: List[str] = json.loads(cache_entry['categories']) if cache_entry.get('categories') else []
self.parent: Optional[str] = cache_entry.get('parent')
self.user_agent: Optional[str] = cache_entry.get('user_agent')
self.referer: Optional[str] = cache_entry.get('referer')
2021-09-22 17:09:04 +02:00
def tree(self) -> CrawledTree:
return load_pickle_tree(self.capture_dir, self.capture_dir.stat().st_mtime)
2021-09-22 17:09:04 +02:00
def remove_pickle_tree(capture_dir: Path) -> None:
pickle_file = capture_dir / 'tree.pickle'
if pickle_file.exists():
def load_pickle_tree(capture_dir: Path, last_mod_time: int) -> CrawledTree:
2021-09-22 17:09:04 +02:00
pickle_file = capture_dir / 'tree.pickle'
if pickle_file.exists():
with pickle_file.open('rb') as _p:
tree = pickle.load(_p)
if tree.root_hartree.har.path.exists():
return tree
# The capture was moved.
2021-09-22 17:09:04 +02:00
except pickle.UnpicklingError:
except EOFError:
except Exception:
if list(capture_dir.rglob('*.har')) or list(capture_dir.rglob('*.har.gz')):
raise TreeNeedsRebuild('We have HAR files and need to rebuild the tree.')
# The tree doesn't need to be rebuilt if there are no HAR files.
raise NoValidHarFile("Couldn't find HAR files")
2021-09-22 17:09:04 +02:00
2023-01-16 15:10:10 +01:00
def serialize_sets(obj):
if isinstance(obj, set):
return list(obj)
return obj
2021-09-22 17:09:04 +02:00
class CapturesIndex(Mapping):
def __init__(self, redis: Redis, contextualizer: Optional[Context]=None):
self.logger = logging.getLogger(f'{self.__class__.__name__}')
self.logger.setLevel(get_config('generic', 'loglevel'))
self.redis = redis
self.indexing = Indexing()
2021-09-22 17:09:04 +02:00
self.contextualizer = contextualizer
self.__cache: Dict[str, CaptureCache] = {}
2021-09-23 10:29:02 +02:00
self.timeout = get_config('generic', 'max_tree_create_time')
2022-12-23 16:36:11 +01:00
self.ipasnhistory: Optional[IPASNHistory] = IPASNHistory()
if not self.ipasnhistory.is_up:
self.ipasnhistory = None
except Exception as e:
# Unable to setup IPASN History
self.logger.warning(f'Unable to setup IPASN History: {e}')
2022-12-23 16:36:11 +01:00
self.ipasnhistory = None
2021-09-22 17:09:04 +02:00
2022-07-27 14:36:56 +02:00
def cached_captures(self) -> Set[str]:
return set(self.__cache.keys())
2021-09-22 17:09:04 +02:00
def __getitem__(self, uuid: str) -> CaptureCache:
if uuid in self.__cache:
if (self.__cache[uuid].capture_dir.exists()
and not self.__cache[uuid].incomplete_redirects):
return self.__cache[uuid]
del self.__cache[uuid]
capture_dir = self._get_capture_dir(uuid)
cached = self.redis.hgetall(capture_dir)
2021-09-22 17:09:04 +02:00
if cached:
cc = CaptureCache(cached)
# NOTE: checking for pickle to exist may be a bad idea here.
if (cc.capture_dir.exists()
and (cc.capture_dir / 'tree.pickle').exists()
and not cc.incomplete_redirects):
self.__cache[uuid] = cc
return self.__cache[uuid]
self.__cache[uuid] = self._set_capture_cache(capture_dir)
2021-09-22 17:09:04 +02:00
return self.__cache[uuid]
def __iter__(self):
return iter(self.__cache)
def __len__(self):
return len(self.__cache)
def reload_cache(self, uuid: str) -> None:
if uuid in self.__cache:
2022-07-29 19:08:56 +02:00
2021-09-22 17:09:04 +02:00
del self.__cache[uuid]
def remove_pickle(self, uuid: str) -> None:
if uuid in self.__cache:
del self.__cache[uuid]
def rebuild_all(self) -> None:
for uuid, cache in self.__cache.items():
self.__cache = {}
def lru_cache_status(self):
return load_pickle_tree.cache_info()
2021-09-23 10:29:02 +02:00
def _quick_init(self) -> None:
'''Initialize the cache with a list of UUIDs, with less back and forth with redis.
Only get recent captures.'''
p = self.redis.pipeline()
for directory in self.redis.hvals('lookup_dirs'):
for cache in p.execute():
if not cache:
cc = CaptureCache(cache)
except LookylooException as e:
self.logger.warning(f'Unable to initialize the cache: {e}')
2021-09-23 10:29:02 +02:00
self.__cache[cc.uuid] = cc
def _get_capture_dir(self, uuid: str) -> str:
2021-09-22 17:09:04 +02:00
# Try to get from the recent captures cache in redis
capture_dir = self.redis.hget('lookup_dirs', uuid)
if capture_dir:
if os.path.exists(capture_dir):
return capture_dir
2021-09-22 17:09:04 +02:00
# The capture was either removed or archived, cleaning up
self.redis.hdel('lookup_dirs', uuid)
# Try to get from the archived captures cache in redis
capture_dir = self.redis.hget('lookup_dirs_archived', uuid)
if capture_dir:
if os.path.exists(capture_dir):
return capture_dir
2021-09-22 17:09:04 +02:00
# The capture was removed, remove the UUID
self.redis.hdel('lookup_dirs_archived', uuid)
2021-09-22 17:09:04 +02:00
self.logger.warning(f'UUID ({uuid}) linked to a missing directory ({capture_dir}).')
raise MissingCaptureDirectory(f'UUID ({uuid}) linked to a missing directory ({capture_dir}).')
raise MissingUUID(f'Unable to find UUID {uuid}.')
def _create_pickle(self, capture_dir: Path) -> CrawledTree:
with (capture_dir / 'uuid').open() as f:
uuid = f.read().strip()
lock_file = capture_dir / 'lock'
if try_make_file(lock_file):
# Lock created, we can process
with lock_file.open('w') as f:
# The pickle is being created somewhere else, wait until it's done.
while lock_file.exists():
return load_pickle_tree(capture_dir, capture_dir.stat().st_mtime)
2021-09-22 17:09:04 +02:00
if not (har_files := sorted(capture_dir.glob('*.har'))):
har_files = sorted(capture_dir.glob('*.har.gz'))
2021-09-22 17:09:04 +02:00
with self._timeout_context():
tree = CrawledTree(har_files, uuid)
2021-09-22 17:09:04 +02:00
if self.contextualizer:
except Har2TreeError as e:
# unable to use the HAR files, get them out of the way
for har_file in har_files:
raise NoValidHarFile(f'We got har files, but they are broken: {e}')
except TimeoutError:
self.logger.warning(f'Unable to rebuild the tree for {capture_dir}, the tree took too long.')
for har_file in har_files:
raise NoValidHarFile(f'We got har files, but creating a tree took more than {self.timeout}s.')
2021-09-22 17:09:04 +02:00
except RecursionError as e:
raise NoValidHarFile(f'Tree too deep, probably a recursive refresh: {e}.\n Append /export to the URL to get the files.')
with (capture_dir / 'tree.pickle').open('wb') as _p:
2021-09-22 17:09:04 +02:00
# Some pickles require a pretty high recursion limit, this kindof fixes it.
# If the capture is really broken (generally a refresh to self), the capture
# is discarded in the RecursionError above.
default_recursion_limit = sys.getrecursionlimit()
sys.setrecursionlimit(int(default_recursion_limit * 1.1))
pickle.dump(tree, _p)
except RecursionError as e:
raise NoValidHarFile(f'Tree too deep, probably a recursive refresh: {e}.\n Append /export to the URL to get the files.')
return tree
def _raise_timeout(_, __):
raise TimeoutError
def _timeout_context(self):
if self.timeout != 0:
# Register a function to raise a TimeoutError on the signal.
signal.signal(signal.SIGALRM, self._raise_timeout)
except TimeoutError as e:
raise e
signal.signal(signal.SIGALRM, signal.SIG_IGN)
def _set_capture_cache(self, capture_dir_str: str) -> CaptureCache:
2021-09-22 17:09:04 +02:00
'''Populate the redis cache for a capture. Mostly used on the index page.
NOTE: Doesn't require the pickle.'''
capture_dir = Path(capture_dir_str)
2021-09-22 17:09:04 +02:00
with (capture_dir / 'uuid').open() as f:
uuid = f.read().strip()
tree = load_pickle_tree(capture_dir, capture_dir.stat().st_mtime)
2022-09-26 17:16:04 +02:00
except NoValidHarFile:
2022-09-27 02:39:10 +02:00
self.logger.debug('Unable to rebuild the tree, the HAR files are broken.')
except TreeNeedsRebuild:
tree = self._create_pickle(capture_dir)
except NoValidHarFile:
self.logger.warning(f'Unable to rebuild the tree for {capture_dir}, the HAR files are broken.')
tree = None
cache: Dict[str, Union[str, int]] = {'uuid': uuid, 'capture_dir': capture_dir_str}
2021-09-22 17:09:04 +02:00
if (capture_dir / 'error.txt').exists():
# Something went wrong
with (capture_dir / 'error.txt').open() as _error:
content = _error.read()
error_to_cache = json.loads(content)
if isinstance(error_to_cache, dict) and error_to_cache.get('details'):
error_to_cache = error_to_cache.get('details')
except json.decoder.JSONDecodeError:
# old format
error_to_cache = content
cache['error'] = f'The capture {capture_dir.name} has an error: {error_to_cache}'
if not (har_files := sorted(capture_dir.rglob('*.har'))):
har_files = sorted(capture_dir.rglob('*.har.gz'))
if har_files:
2021-09-22 17:09:04 +02:00
har = HarFile(har_files[0], uuid)
cache['title'] = har.initial_title
cache['timestamp'] = har.initial_start_time
cache['url'] = har.root_url
cache['redirects'] = json.dumps(tree.redirects) if tree else ''
cache['incomplete_redirects'] = 0
cache['user_agent'] = har.root_user_agent if har.root_user_agent else 'No User Agent.'
if har.root_referrer:
cache['referer'] = har.root_referrer
2021-09-22 17:09:04 +02:00
except Har2TreeError as e:
cache['error'] = str(e)
if 'error' not in cache:
cache['error'] = f'No har files in {capture_dir.name}'
2021-09-22 17:09:04 +02:00
if (cache.get('error')
and isinstance(cache['error'], str)
2022-09-27 02:39:10 +02:00
and 'HTTP Error' not in cache['error']
and "No har files in" not in cache['error']):
2021-09-22 17:09:04 +02:00
if (capture_dir / 'categories').exists():
with (capture_dir / 'categories').open() as _categories:
cache['categories'] = json.dumps([c.strip() for c in _categories.readlines()])
if (capture_dir / 'no_index').exists():
# If the folders claims anonymity
cache['no_index'] = 1
if (capture_dir / 'parent').exists():
# The capture was initiated from an other one
with (capture_dir / 'parent').open() as f:
cache['parent'] = f.read().strip()
p = self.redis.pipeline()
2022-07-29 13:15:37 +02:00
# if capture_dir.is_relative_to(get_captures_dir()): # Requires python 3.9
if capture_dir_str.startswith(str(get_captures_dir())):
p.hset('lookup_dirs', uuid, capture_dir_str)
2022-07-29 13:08:42 +02:00
p.hset('lookup_dirs_archived', uuid, capture_dir_str)
2022-07-29 13:08:42 +02:00
2022-09-28 11:44:15 +02:00
p.hset(capture_dir_str, mapping=cache) # type: ignore
2021-09-22 17:09:04 +02:00
return CaptureCache(cache)
def __resolve_dns(self, ct: CrawledTree):
'''Resolves all domains of the tree, keeps A (IPv4), AAAA (IPv6), and CNAME entries
and store them in ips.json and cnames.json, in the capture directory.
Updates the nodes of the tree accordingly so the information is available.
2022-05-23 00:15:52 +02:00
def _build_cname_chain(known_cnames: Dict[str, str], hostname) -> List[str]:
2021-09-22 17:09:04 +02:00
'''Returns a list of CNAMEs starting from one hostname.
The CNAMEs resolutions are made in `_resolve_dns`. A hostname can have a CNAME entry
and the CNAME entry can have an other CNAME entry, and so on multiple times.
This method loops over the hostnames until there are no CNAMES.'''
cnames: List[str] = []
to_search = hostname
while True:
2022-05-23 00:15:52 +02:00
if not known_cnames.get(to_search):
2021-09-22 17:09:04 +02:00
2022-05-23 00:15:52 +02:00
2021-09-22 17:09:04 +02:00
to_search = known_cnames[to_search]
return cnames
cnames_path = ct.root_hartree.har.path.parent / 'cnames.json'
ips_path = ct.root_hartree.har.path.parent / 'ips.json'
2022-12-23 16:36:11 +01:00
ipasn_path = ct.root_hartree.har.path.parent / 'ipasn.json'
2022-05-23 00:15:52 +02:00
host_cnames: Dict[str, str] = {}
2021-09-22 17:09:04 +02:00
if cnames_path.exists():
with cnames_path.open() as f:
host_cnames = json.load(f)
except json.decoder.JSONDecodeError:
# The json is broken, delete and re-trigger the requests
host_cnames = {}
2021-09-22 17:09:04 +02:00
2023-01-16 15:10:10 +01:00
host_ips: Dict[str, Dict[str, Set[str]]] = {}
2021-09-22 17:09:04 +02:00
if ips_path.exists():
with ips_path.open() as f:
host_ips = json.load(f)
except json.decoder.JSONDecodeError:
# The json is broken, delete and re-trigger the requests
host_ips = {}
2021-09-22 17:09:04 +02:00
2022-12-23 16:36:11 +01:00
ipasn: Dict[str, Dict[str, str]] = {}
if ipasn_path.exists():
with ipasn_path.open() as f:
ipasn = json.load(f)
except json.decoder.JSONDecodeError:
# The json is broken, delete and re-trigger the requests
ipasn = {}
2023-01-16 15:10:10 +01:00
_all_ips = set()
2021-09-22 17:09:04 +02:00
for node in ct.root_hartree.hostname_tree.traverse():
if node.name not in host_cnames or node.name not in host_ips:
# Resolve and cache
2023-01-16 15:10:10 +01:00
for query_type in [dns.rdatatype.RdataType.A, dns.rdatatype.RdataType.AAAA]:
response = dns.resolver.resolve(node.name, query_type, search=True, raise_on_no_answer=False)
for answer in response.response.answer:
name_to_cache = str(answer.name).rstrip('.')
if name_to_cache not in host_ips:
host_ips[name_to_cache] = {'v4': set(), 'v6': set()}
if answer.rdtype == dns.rdatatype.RdataType.CNAME:
host_cnames[name_to_cache] = str(answer[0].target).rstrip('.')
host_cnames[name_to_cache] = ''
if answer.rdtype == dns.rdatatype.RdataType.A:
_all_ips.update({str(b) for b in answer})
host_ips[name_to_cache]['v4'].update({str(b) for b in answer})
elif answer.rdtype == dns.rdatatype.RdataType.AAAA:
_all_ips.update({str(b) for b in answer})
host_ips[name_to_cache]['v6'].update({str(b) for b in answer})
except Exception as e:
self.logger.exception(f'Unable to resolve DNS: {e}')
2022-05-23 00:15:52 +02:00
host_cnames[node.name] = ''
2023-01-16 15:10:10 +01:00
host_ips[name_to_cache] = {'v4': set(), 'v6': set()}
2022-05-23 00:15:52 +02:00
if (cnames := _build_cname_chain(host_cnames, node.name)):
2021-09-22 17:09:04 +02:00
node.add_feature('cname', cnames)
if cnames[-1] in host_ips:
node.add_feature('resolved_ips', host_ips[cnames[-1]])
elif node.name in host_ips:
node.add_feature('resolved_ips', host_ips[node.name])
2022-12-23 16:36:11 +01:00
if self.ipasnhistory:
# Throw all the IPs to IPASN History for query later.
2023-01-16 15:10:10 +01:00
if ips := [{'ip': ip} for ip in _all_ips]:
2022-12-23 16:36:11 +01:00
except Exception as e:
self.logger.warning(f'Unable to submit IPs to IPASNHistory: {e}')
ipasn_responses = self.ipasnhistory.mass_query(ips)
if 'responses' in ipasn_responses:
for response in ipasn_responses['responses']:
ip = response['meta']['ip']
r = list(response['response'].values())[0]
if ip not in ipasn and r:
ipasn[ip] = r
if ipasn:
# retraverse tree to populate it with the features
for node in ct.root_hartree.hostname_tree.traverse():
if not hasattr(node, 'resolved_ips'):
ipasn_entries = {}
2023-01-16 15:10:10 +01:00
if 'v4' in node.resolved_ips and 'v6' in node.resolved_ips:
2023-01-16 15:16:40 +01:00
_all_ips = node.resolved_ips['v4'] | node.resolved_ips['v6']
2023-01-16 15:10:10 +01:00
# old format
_all_ips = node.resolved_ips
for ip in _all_ips:
2022-12-23 16:36:11 +01:00
if ip not in ipasn:
ipasn_entries[ip] = ipasn[ip]
if ipasn_entries:
node.add_feature('ipasn', ipasn_entries)
2021-09-22 17:09:04 +02:00
with cnames_path.open('w') as f:
json.dump(host_cnames, f)
with ips_path.open('w') as f:
2023-01-16 15:10:10 +01:00
json.dump(host_ips, f, default=serialize_sets)
2022-12-23 16:36:11 +01:00
with ipasn_path.open('w') as f:
json.dump(ipasn, f)
2021-09-22 17:09:04 +02:00
return ct