nicksherron/bashhub-server
1
1
Fork 0
mirror of https://github.com/nicksherron/bashhub-server.git synced 2025-10-11 13:25:47 +08:00
Code Issues Projects Releases Packages Wiki Activity

filter non exit status 0 and 130 commands from command insert rather than handling in command query

Browse source
This commit is contained in:
nicksherron 2020-02-10 14:04:05 -05:00
parent 624adf11a6
commit 2e393c97e0
2 changed files with 10 additions and 28 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

35
internal/db.go
View file

@ -97,8 +97,7 @@ func dbInit() {
//TODO: ensure these are the most efficient indexes //TODO: ensure these are the most efficient indexes
gormdb.Model(&User{}).AddIndex("idx_user", "username") gormdb.Model(&User{}).AddIndex("idx_user", "username")
gormdb.Model(&System{}).AddIndex("idx_mac", "mac") gormdb.Model(&System{}).AddIndex("idx_mac", "mac")
gormdb.Model(&Command{}).AddIndex("idx_exit_command_created", "exit_status, created, command") gormdb.Model(&Command{}).AddIndex("idx_user_command_created", "user_id, created, command")
gormdb.Model(&Command{}).AddIndex("idx_user_exit_command_created", "user_id, exit_status, created, command")
// Just need gorm for migration and index creation. // Just need gorm for migration and index creation.
gormdb.Close() gormdb.Close()
} }
@ -193,6 +192,7 @@ func (user User) userCreate() int64 {
} }
func (cmd Command) commandInsert() int64 { func (cmd Command) commandInsert() int64 {
res, err := db.Exec(`INSERT INTO commands("process_id","process_start_time","exit_status","uuid", "command", "created", "path", "user_id", "system_name") res, err := db.Exec(`INSERT INTO commands("process_id","process_start_time","exit_status","uuid", "command", "created", "path", "user_id", "system_name")
VALUES ($1,$2,$3,$4,$5,$6,$7,$8,$9)`, VALUES ($1,$2,$3,$4,$5,$6,$7,$8,$9)`,
cmd.ProcessId, cmd.ProcessStartTime, cmd.ExitStatus, cmd.Uuid, cmd.Command, cmd.Created, cmd.Path, cmd.User.ID, cmd.SystemName) cmd.ProcessId, cmd.ProcessStartTime, cmd.ExitStatus, cmd.Uuid, cmd.Command, cmd.Created, cmd.Path, cmd.User.ID, cmd.SystemName)
@ -218,7 +218,6 @@ func (cmd Command) commandGet() []Query {
SELECT DISTINCT ON ("command") command, "uuid", "created" SELECT DISTINCT ON ("command") command, "uuid", "created"
FROM commands FROM commands
WHERE "user_id" = $1 WHERE "user_id" = $1
AND ("exit_status" = 0 OR "exit_status" = 130)
AND "command" not like 'bh%' AND "command" not like 'bh%'
AND "path" = $3 AND "path" = $3
AND "system_name" = $4 AND "system_name" = $4
@ -231,7 +230,6 @@ func (cmd Command) commandGet() []Query {
SELECT DISTINCT ON ("command") command, "uuid", "created" SELECT DISTINCT ON ("command") command, "uuid", "created"
FROM commands FROM commands
WHERE "user_id" = $1 WHERE "user_id" = $1
AND ("exit_status" = 0 OR "exit_status" = 130)
AND "command" not like 'bh%' AND "command" not like 'bh%'
AND "path" = $3 AND "path" = $3
AND "command" ~ $4 AND "command" ~ $4
@ -242,7 +240,6 @@ func (cmd Command) commandGet() []Query {
rows, err = db.Query(`SELECT "command", "uuid", "created" rows, err = db.Query(`SELECT "command", "uuid", "created"
FROM commands FROM commands
WHERE "user_id" = $1 WHERE "user_id" = $1
AND ("exit_status" = 0 OR "exit_status" = 130)
AND "command" not like 'bh%' AND "command" not like 'bh%'
AND "system_name" = $3 AND "system_name" = $3
AND "command" ~ $4 AND "command" ~ $4
@ -252,7 +249,6 @@ func (cmd Command) commandGet() []Query {
rows, err = db.Query(`SELECT "command", "uuid", "created" rows, err = db.Query(`SELECT "command", "uuid", "created"
FROM commands FROM commands
WHERE "user_id" = $1 WHERE "user_id" = $1
AND ("exit_status" = 0 OR "exit_status" = 130)
AND "command" not like 'bh%' AND "command" not like 'bh%'
AND "path" = $3 AND "path" = $3
AND "command" ~ $4 AND "command" ~ $4
@ -263,7 +259,6 @@ func (cmd Command) commandGet() []Query {
SELECT DISTINCT ON ("command") command, "uuid", "created" SELECT DISTINCT ON ("command") command, "uuid", "created"
FROM commands FROM commands
WHERE "user_id" = $1 WHERE "user_id" = $1
AND ("exit_status" = 0 OR "exit_status" = 130)
AND "command" not like 'bh%' AND "command" not like 'bh%'
AND "system_name" = $3 AND "system_name" = $3
) c ) c
@ -274,7 +269,6 @@ func (cmd Command) commandGet() []Query {
SELECT DISTINCT ON ("command") command, "uuid", "created" SELECT DISTINCT ON ("command") command, "uuid", "created"
FROM commands FROM commands
WHERE "user_id" = $1 WHERE "user_id" = $1
AND ("exit_status" = 0 OR "exit_status" = 130)
AND "command" not like 'bh%' AND "command" not like 'bh%'
AND "path" = $3 AND "path" = $3
) c ) c
@ -285,7 +279,6 @@ func (cmd Command) commandGet() []Query {
SELECT DISTINCT ON ("command") command, "uuid", "created" SELECT DISTINCT ON ("command") command, "uuid", "created"
FROM commands FROM commands
WHERE "user_id" = $1 WHERE "user_id" = $1
AND ("exit_status" = 0 OR "exit_status" = 130)
AND "command" not like 'bh%' AND "command" not like 'bh%'
AND "command" ~ $3 AND "command" ~ $3
) c ) c
@ -295,7 +288,6 @@ func (cmd Command) commandGet() []Query {
rows, err = db.Query(`SELECT "command", "uuid", "created" rows, err = db.Query(`SELECT "command", "uuid", "created"
FROM commands FROM commands
WHERE "user_id" = $1 WHERE "user_id" = $1
AND ("exit_status" = 0 OR "exit_status" = 130)
AND "command" not like 'bh%' AND "command" not like 'bh%'
AND "command" ~ $3 AND "command" ~ $3
ORDER BY "created" DESC limit $2;`, cmd.User.ID, cmd.Limit, cmd.Query) ORDER BY "created" DESC limit $2;`, cmd.User.ID, cmd.Limit, cmd.Query)
@ -306,8 +298,7 @@ func (cmd Command) commandGet() []Query {
SELECT DISTINCT ON ("command") command, "uuid", "created" SELECT DISTINCT ON ("command") command, "uuid", "created"
FROM commands FROM commands
WHERE "user_id" = $1 WHERE "user_id" = $1
AND ("exit_status" = 0 OR "exit_status" = 130) AND "command" not like 'bh%'
AND "command" not like 'bh%'
) c ) c
ORDER BY "created" DESC limit $2;`, cmd.User.ID, cmd.Limit) ORDER BY "created" DESC limit $2;`, cmd.User.ID, cmd.Limit)
} }
@ -317,7 +308,6 @@ func (cmd Command) commandGet() []Query {
// Have to use fmt.Sprintf to build queries where sqlite regexp function is used because of single quotes. Haven't found any other work around. // Have to use fmt.Sprintf to build queries where sqlite regexp function is used because of single quotes. Haven't found any other work around.
query := fmt.Sprintf(`SELECT "command", "uuid", "created" FROM commands query := fmt.Sprintf(`SELECT "command", "uuid", "created" FROM commands
WHERE "user_id" = '%v' WHERE "user_id" = '%v'
AND ("exit_status" = 0 OR "exit_status" = 130)
AND "command" not like '%v' AND "command" not like '%v'
AND "path" = '%v' AND "path" = '%v'
AND "system_name" = '%v' AND "system_name" = '%v'
@ -330,7 +320,6 @@ func (cmd Command) commandGet() []Query {
} else if cmd.SystemName != "" && cmd.Query != "" && cmd.Unique { } else if cmd.SystemName != "" && cmd.Query != "" && cmd.Unique {
query := fmt.Sprintf(`SELECT "command", "uuid", "created" FROM commands query := fmt.Sprintf(`SELECT "command", "uuid", "created" FROM commands
WHERE "user_id" = '%v' WHERE "user_id" = '%v'
AND ("exit_status" = 0 OR "exit_status" = 130)
AND "command" not like '%v' AND "command" not like '%v'
AND "system_name" = '%v' AND "system_name" = '%v'
AND "command" regexp '%v' AND "command" regexp '%v'
@ -342,7 +331,6 @@ func (cmd Command) commandGet() []Query {
} else if cmd.Path != "" && cmd.Query != "" && cmd.Unique { } else if cmd.Path != "" && cmd.Query != "" && cmd.Unique {
query := fmt.Sprintf(`SELECT "command", "uuid", "created" FROM commands query := fmt.Sprintf(`SELECT "command", "uuid", "created" FROM commands
WHERE "user_id" = '%v' WHERE "user_id" = '%v'
AND ("exit_status" = 0 OR "exit_status" = 130)
AND "command" not like '%v' AND "command" not like '%v'
AND "path" = '%v' AND "path" = '%v'
AND "command" regexp '%v' AND "command" regexp '%v'
@ -354,8 +342,7 @@ func (cmd Command) commandGet() []Query {
} else if cmd.SystemName != "" && cmd.Query != "" { } else if cmd.SystemName != "" && cmd.Query != "" {
query := fmt.Sprintf(`SELECT "command", "uuid", "created" FROM commands query := fmt.Sprintf(`SELECT "command", "uuid", "created" FROM commands
WHERE "user_id" = '%v' WHERE "user_id" = '%v'
AND ("exit_status" = 0 OR "exit_status" = 130) AND "command" not like '%v'
AND "command" not like '%v'
AND "system_name" = %v' AND "system_name" = %v'
AND "command" regexp %v' AND "command" regexp %v'
ORDER BY "created" DESC limit '%v'`, ORDER BY "created" DESC limit '%v'`,
@ -366,8 +353,7 @@ func (cmd Command) commandGet() []Query {
} else if cmd.Path != "" && cmd.Query != "" { } else if cmd.Path != "" && cmd.Query != "" {
query := fmt.Sprintf(`SELECT "command", "uuid", "created" FROM commands query := fmt.Sprintf(`SELECT "command", "uuid", "created" FROM commands
WHERE "user_id" = '%v' WHERE "user_id" = '%v'
AND ("exit_status" = 0 OR "exit_status" = 130) AND "command" not like '%v'
AND "command" not like '%v'
AND "path" = %v' AND "path" = %v'
AND "command" regexp %v' AND "command" regexp %v'
ORDER BY "created" DESC limit '%v'`, ORDER BY "created" DESC limit '%v'`,
@ -378,7 +364,6 @@ func (cmd Command) commandGet() []Query {
} else if cmd.SystemName != "" && cmd.Unique { } else if cmd.SystemName != "" && cmd.Unique {
rows, err = db.Query(`SELECT "command", "uuid", "created" FROM commands rows, err = db.Query(`SELECT "command", "uuid", "created" FROM commands
WHERE "user_id" = $1 WHERE "user_id" = $1
AND ("exit_status" = 0 OR "exit_status" = 130)
AND "command" not like 'bh%' AND "command" not like 'bh%'
AND "system_name" = $2 AND "system_name" = $2
GROUP BY "command" ORDER BY "created" DESC limit $3`, GROUP BY "command" ORDER BY "created" DESC limit $3`,
@ -387,7 +372,6 @@ func (cmd Command) commandGet() []Query {
} else if cmd.Path != "" && cmd.Unique { } else if cmd.Path != "" && cmd.Unique {
rows, err = db.Query(`SELECT "command", "uuid", "created" FROM commands rows, err = db.Query(`SELECT "command", "uuid", "created" FROM commands
WHERE "user_id" = $1 WHERE "user_id" = $1
AND ("exit_status" = 0 OR "exit_status" = 130)
AND "command" not like 'bh%' AND "command" not like 'bh%'
AND "path" = $2 AND "path" = $2
GROUP BY "command" ORDER BY "created" DESC limit $3`, GROUP BY "command" ORDER BY "created" DESC limit $3`,
@ -396,8 +380,7 @@ func (cmd Command) commandGet() []Query {
} else if cmd.Query != "" && cmd.Unique { } else if cmd.Query != "" && cmd.Unique {
query := fmt.Sprintf(`SELECT "command", "uuid", "created" FROM commands query := fmt.Sprintf(`SELECT "command", "uuid", "created" FROM commands
WHERE "user_id" = '%v' WHERE "user_id" = '%v'
AND ("exit_status" = 0 OR "exit_status" = 130) AND "command" not like '%v'
AND "command" not like '%v'
AND "command" regexp '%v' AND "command" regexp '%v'
GROUP BY "command" ORDER BY "created" DESC limit '%v'`, GROUP BY "command" ORDER BY "created" DESC limit '%v'`,
cmd.User.ID, "bh%", cmd.Query, cmd.Limit) cmd.User.ID, "bh%", cmd.Query, cmd.Limit)
@ -407,7 +390,6 @@ func (cmd Command) commandGet() []Query {
} else if cmd.Query != "" { } else if cmd.Query != "" {
query := fmt.Sprintf(`SELECT "command", "uuid", "created" FROM commands query := fmt.Sprintf(`SELECT "command", "uuid", "created" FROM commands
WHERE "user_id" = '%v' WHERE "user_id" = '%v'
AND ("exit_status" = 0 OR "exit_status" = 130)
AND "command" not like '%v' AND "command" not like '%v'
AND "command" regexp'%v' AND "command" regexp'%v'
ORDER BY "created" DESC limit '%v'`, ORDER BY "created" DESC limit '%v'`,
@ -420,7 +402,6 @@ func (cmd Command) commandGet() []Query {
rows, err = db.Query(`SELECT "command", "uuid", "created" rows, err = db.Query(`SELECT "command", "uuid", "created"
FROM commands FROM commands
WHERE "user_id" = $1 WHERE "user_id" = $1
AND ("exit_status" = 0 OR "exit_status" = 130)
AND "command" not like 'bh%' AND "command" not like 'bh%'
GROUP BY "command" ORDER BY "created" DESC limit $2;`, cmd.User.ID, cmd.Limit) GROUP BY "command" ORDER BY "created" DESC limit $2;`, cmd.User.ID, cmd.Limit)
} }
@ -430,19 +411,17 @@ func (cmd Command) commandGet() []Query {
rows, err = db.Query(`SELECT "command", "uuid", "created" FROM commands rows, err = db.Query(`SELECT "command", "uuid", "created" FROM commands
WHERE "user_id" = $1 WHERE "user_id" = $1
AND "path" = $3 AND "path" = $3
AND ("exit_status" = 0 OR "exit_status" = 130)
AND "command" not like 'bh%' AND "command" not like 'bh%'
ORDER BY "created" DESC limit $2`, cmd.User.ID, cmd.Limit, cmd.Path) ORDER BY "created" DESC limit $2`, cmd.User.ID, cmd.Limit, cmd.Path)
} else if cmd.SystemName != "" { } else if cmd.SystemName != "" {
rows, err = db.Query(`SELECT "command", "uuid", "created" FROM commands rows, err = db.Query(`SELECT "command", "uuid", "created" FROM commands
WHERE "user_id" = $1 WHERE "user_id" = $1
AND "system_name" = $3 AND "system_name" = $3
AND ("exit_status" = 0 OR "exit_status" = 130) AND "command" not like 'bh%' AND "command" not like 'bh%'
ORDER BY "created" DESC limit $2`, cmd.User.ID, cmd.Limit, cmd.SystemName) ORDER BY "created" DESC limit $2`, cmd.User.ID, cmd.Limit, cmd.SystemName)
} else { } else {
rows, err = db.Query(`SELECT "command", "uuid", "created" FROM commands rows, err = db.Query(`SELECT "command", "uuid", "created" FROM commands
WHERE "user_id" = $1 WHERE "user_id" = $1
AND ("exit_status" = 0 OR "exit_status" = 130)
AND "command" not like 'bh%' AND "command" not like 'bh%'
ORDER BY "created" DESC limit $2`, cmd.User.ID, cmd.Limit) ORDER BY "created" DESC limit $2`, cmd.User.ID, cmd.Limit)
} }

3
internal/server.go
View file

@ -275,6 +275,9 @@ func Run() {
c.JSON(http.StatusBadRequest, gin.H{"error": err.Error()}) c.JSON(http.StatusBadRequest, gin.H{"error": err.Error()})
return return
} }
if command.ExitStatus != 0 && command.ExitStatus != 130 {
return
}
var user User var user User
claims := jwt.ExtractClaims(c) claims := jwt.ExtractClaims(c)
user.Username = claims["username"].(string) user.Username = claims["username"].(string)