chg: [sshd] fix #1 panic on white space / empty user

2020-01-31 09:22:54 +01:00 · 2020-01-31 09:22:54 +01:00 · 587d418a1a
parent 6746f5ede5
commit 587d418a1a
3 changed files with 16 additions and 2 deletions
--- a/logparser/parser_test.go
+++ b/logparser/parser_test.go
@ -40,6 +40,18 @@ var expected = map[int]map[string]string{
 		"username": "a.min",
 		"src":      "185.56.8.191",
 	},
+	5: map[string]string{
+		"date":     "Jan 22 11:29:16",
+		"host":     "sigmund",
+		"username": " ",
+		"src":      "185.56.8.191",
+	},
+	6: map[string]string{
+		"date":     "Jan 22 11:29:16",
+		"host":     "sigmund",
+		"username": "",
+		"src":      "185.56.8.191",
+	},
 }

 func TestSshdParser(t *testing.T) {
@ -53,7 +65,7 @@ func TestSshdParser(t *testing.T) {
 	scanner := bufio.NewScanner(f)
 	c := 0
 	for scanner.Scan() {
-		re := regexp.MustCompile(`^(?P<date>[[:alpha:]]{3}\s\d{2}\s\d{2}:\d{2}:\d{2}) (?P<host>[^ ]+) sshd\[[[:alnum:]]+\]: Invalid user (?P<username>[^ ]+) from (?P<src>.*$)`)
+		re := regexp.MustCompile(`^(?P<date>[[:alpha:]]{3}\s\d{2}\s\d{2}:\d{2}:\d{2}) (?P<host>[^ ]+) sshd\[[[:alnum:]]+\]: Invalid user (?P<username>.*) from (?P<src>.*$)`)
 		n1 := re.SubexpNames()
 		r2 := re.FindAllStringSubmatch(scanner.Text(), -1)[0]

--- a/logparser/sshd.go
+++ b/logparser/sshd.go
@ -33,7 +33,7 @@ func (s *SshdParser) Set(rconn1 *redis.Conn, rconn2 *redis.Conn) {
 // Parse parses a line of sshd log
 func (s *SshdParser) Parse(logline string) error {
 	r := *s.r1
-	re := regexp.MustCompile(`^(?P<date>[[:alpha:]]{3}\s\d{2}\s\d{2}:\d{2}:\d{2}) (?P<host>[^ ]+) sshd\[[[:alnum:]]+\]: Invalid user (?P<username>[^ ]+) from (?P<src>.*$)`)
+	re := regexp.MustCompile(`^(?P<date>[[:alpha:]]{3}\s\d{2}\s\d{2}:\d{2}:\d{2}) (?P<host>[^ ]+) sshd\[[[:alnum:]]+\]: Invalid user (?P<username>.*) from (?P<src>.*$)`)
 	n1 := re.SubexpNames()
 	r2 := re.FindAllStringSubmatch(logline, -1)[0]

--- a/logparser/test.log
+++ b/logparser/test.log
@ -3,3 +3,5 @@ Jan 22 11:37:19 si.mund sshd[26143]: Invalid user gestion from 159.89.153.54
 Jan 22 11:34:46 sigmund sshd[26125]: Invalid user atpco from 177.152.124.21
 Jan 22 11:33:07 sigmund sshd[26109]: Invalid user ki from 49.233.183.158
 Jan 22 11:29:16 sigmund sshd[26091]: Invalid user a.min from 185.56.8.191
+Jan 22 11:29:16 sigmund sshd[26091]: Invalid user   from 185.56.8.191
+Jan 22 11:29:16 sigmund sshd[26091]: Invalid user  from 185.56.8.191