chg: [sshd] fix #1 panic on white space / empty user
parent
6746f5ede5
commit
587d418a1a
|
@ -40,6 +40,18 @@ var expected = map[int]map[string]string{
|
||||||
"username": "a.min",
|
"username": "a.min",
|
||||||
"src": "185.56.8.191",
|
"src": "185.56.8.191",
|
||||||
},
|
},
|
||||||
|
5: map[string]string{
|
||||||
|
"date": "Jan 22 11:29:16",
|
||||||
|
"host": "sigmund",
|
||||||
|
"username": " ",
|
||||||
|
"src": "185.56.8.191",
|
||||||
|
},
|
||||||
|
6: map[string]string{
|
||||||
|
"date": "Jan 22 11:29:16",
|
||||||
|
"host": "sigmund",
|
||||||
|
"username": "",
|
||||||
|
"src": "185.56.8.191",
|
||||||
|
},
|
||||||
}
|
}
|
||||||
|
|
||||||
func TestSshdParser(t *testing.T) {
|
func TestSshdParser(t *testing.T) {
|
||||||
|
@ -53,7 +65,7 @@ func TestSshdParser(t *testing.T) {
|
||||||
scanner := bufio.NewScanner(f)
|
scanner := bufio.NewScanner(f)
|
||||||
c := 0
|
c := 0
|
||||||
for scanner.Scan() {
|
for scanner.Scan() {
|
||||||
re := regexp.MustCompile(`^(?P<date>[[:alpha:]]{3}\s\d{2}\s\d{2}:\d{2}:\d{2}) (?P<host>[^ ]+) sshd\[[[:alnum:]]+\]: Invalid user (?P<username>[^ ]+) from (?P<src>.*$)`)
|
re := regexp.MustCompile(`^(?P<date>[[:alpha:]]{3}\s\d{2}\s\d{2}:\d{2}:\d{2}) (?P<host>[^ ]+) sshd\[[[:alnum:]]+\]: Invalid user (?P<username>.*) from (?P<src>.*$)`)
|
||||||
n1 := re.SubexpNames()
|
n1 := re.SubexpNames()
|
||||||
r2 := re.FindAllStringSubmatch(scanner.Text(), -1)[0]
|
r2 := re.FindAllStringSubmatch(scanner.Text(), -1)[0]
|
||||||
|
|
||||||
|
|
|
@ -33,7 +33,7 @@ func (s *SshdParser) Set(rconn1 *redis.Conn, rconn2 *redis.Conn) {
|
||||||
// Parse parses a line of sshd log
|
// Parse parses a line of sshd log
|
||||||
func (s *SshdParser) Parse(logline string) error {
|
func (s *SshdParser) Parse(logline string) error {
|
||||||
r := *s.r1
|
r := *s.r1
|
||||||
re := regexp.MustCompile(`^(?P<date>[[:alpha:]]{3}\s\d{2}\s\d{2}:\d{2}:\d{2}) (?P<host>[^ ]+) sshd\[[[:alnum:]]+\]: Invalid user (?P<username>[^ ]+) from (?P<src>.*$)`)
|
re := regexp.MustCompile(`^(?P<date>[[:alpha:]]{3}\s\d{2}\s\d{2}:\d{2}:\d{2}) (?P<host>[^ ]+) sshd\[[[:alnum:]]+\]: Invalid user (?P<username>.*) from (?P<src>.*$)`)
|
||||||
n1 := re.SubexpNames()
|
n1 := re.SubexpNames()
|
||||||
r2 := re.FindAllStringSubmatch(logline, -1)[0]
|
r2 := re.FindAllStringSubmatch(logline, -1)[0]
|
||||||
|
|
||||||
|
|
|
@ -3,3 +3,5 @@ Jan 22 11:37:19 si.mund sshd[26143]: Invalid user gestion from 159.89.153.54
|
||||||
Jan 22 11:34:46 sigmund sshd[26125]: Invalid user atpco from 177.152.124.21
|
Jan 22 11:34:46 sigmund sshd[26125]: Invalid user atpco from 177.152.124.21
|
||||||
Jan 22 11:33:07 sigmund sshd[26109]: Invalid user ki from 49.233.183.158
|
Jan 22 11:33:07 sigmund sshd[26109]: Invalid user ki from 49.233.183.158
|
||||||
Jan 22 11:29:16 sigmund sshd[26091]: Invalid user a.min from 185.56.8.191
|
Jan 22 11:29:16 sigmund sshd[26091]: Invalid user a.min from 185.56.8.191
|
||||||
|
Jan 22 11:29:16 sigmund sshd[26091]: Invalid user from 185.56.8.191
|
||||||
|
Jan 22 11:29:16 sigmund sshd[26091]: Invalid user from 185.56.8.191
|
Loading…
Reference in New Issue