Merge pull request #1 from sir-go/refactoring

Add test, annotations and fix some bugs
sir-go · Dec 12, 2022 · e9aa760 · e9aa760
2 parents 2188c47 + f1433f8
commit e9aa760
Show file tree

Hide file tree

Showing 58 changed files with 1,487 additions and 338 deletions.
diff --git a/.github/workflows/go-check.yml b/.github/workflows/go-check.yml
@@ -0,0 +1,45 @@
+name: Go Test cmd/checks
+
+on:
+  push:
+    branches: [ "*" ]
+    paths:
+      - cmd/checks/**
+      - internal/**
+  pull_request:
+    branches: [ "main" ]
+
+jobs:
+  tests:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v3
+      - name: Set up Go
+        uses: actions/setup-go@v3
+        with:
+          go-version: 1.18
+      - name: Test
+        run: go test -v ./cmd/check/...
+
+  go_sec:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout Source
+        uses: actions/checkout@v3
+      - name: Run Gosec Security Scanner
+        uses: securego/gosec@master
+        with:
+          args: ./cmd/check/...
+
+  build:
+    runs-on: ubuntu-latest
+    steps:
+    - uses: actions/checkout@v3
+
+    - name: Set up Go
+      uses: actions/setup-go@v3
+      with:
+        go-version: 1.18
+
+    - name: Build
+      run: go build -v ./cmd/check/...
diff --git a/.github/workflows/go-dns.yml b/.github/workflows/go-dns.yml
@@ -0,0 +1,45 @@
+name: Go Test cmd/dns-sniffer
+
+on:
+  push:
+    branches: [ "*" ]
+    paths:
+      - cmd/dns-sniffer/**
+      - internal/**
+  pull_request:
+    branches: [ "main" ]
+
+jobs:
+  tests:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v3
+      - name: Set up Go
+        uses: actions/setup-go@v3
+        with:
+          go-version: 1.18
+      - name: Test
+        run: go test -v ./cmd/dns-sniffer/...
+
+  go_sec:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout Source
+        uses: actions/checkout@v3
+      - name: Run Gosec Security Scanner
+        uses: securego/gosec@master
+        with:
+          args: ./cmd/dns-sniffer/...
+
+  build:
+    runs-on: ubuntu-latest
+    steps:
+    - uses: actions/checkout@v3
+
+    - name: Set up Go
+      uses: actions/setup-go@v3
+      with:
+        go-version: 1.18
+
+    - name: Build
+      run: go build -v ./cmd/dns-sniffer/...
diff --git a/.github/workflows/go-dpi.yml b/.github/workflows/go-dpi.yml
@@ -0,0 +1,45 @@
+name: Go Test cmd/dpi-sniffer
+
+on:
+  push:
+    branches: [ "*" ]
+    paths:
+      - cmd/dpi-sniffer/**
+      - internal/**
+  pull_request:
+    branches: [ "main" ]
+
+jobs:
+  tests:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v3
+      - name: Set up Go
+        uses: actions/setup-go@v3
+        with:
+          go-version: 1.18
+      - name: Test
+        run: go test -v ./cmd/dpi-sniffer/...
+
+  go_sec:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout Source
+        uses: actions/checkout@v3
+      - name: Run Gosec Security Scanner
+        uses: securego/gosec@master
+        with:
+          args: ./cmd/dpi-sniffer/...
+
+  build:
+    runs-on: ubuntu-latest
+    steps:
+    - uses: actions/checkout@v3
+
+    - name: Set up Go
+      uses: actions/setup-go@v3
+      with:
+        go-version: 1.18
+
+    - name: Build
+      run: go build -v ./cmd/dpi-sniffer/...
diff --git a/.github/workflows/go-get-rkn.yml b/.github/workflows/go-get-rkn.yml
@@ -0,0 +1,45 @@
+name: Go Test cmd/get_rkn
+
+on:
+  push:
+    branches: [ "*" ]
+    paths:
+      - cmd/get_rkn/**
+      - internal/**
+  pull_request:
+    branches: [ "main" ]
+
+jobs:
+  tests:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v3
+      - name: Set up Go
+        uses: actions/setup-go@v3
+        with:
+          go-version: 1.18
+      - name: Test
+        run: go test -v ./cmd/get_rkn/...
+
+  go_sec:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout Source
+        uses: actions/checkout@v3
+      - name: Run Gosec Security Scanner
+        uses: securego/gosec@master
+        with:
+          args: ./cmd/get_rkn/...
+
+  build:
+    runs-on: ubuntu-latest
+    steps:
+    - uses: actions/checkout@v3
+
+    - name: Set up Go
+      uses: actions/setup-go@v3
+      with:
+        go-version: 1.18
+
+    - name: Build
+      run: go build -v ./cmd/get_rkn/...
diff --git a/README.md b/README.md
@@ -1,11 +1,15 @@
-## DNS/DPI sniffers and NFT-tables rules
+# DNS/DPI sniffers and NFT-tables rules
+[![Go Test cmd/checks](https://github.com/sir-go/rkn-rejects/actions/workflows/go-check.yml/badge.svg)](https://github.com/sir-go/rkn-rejects/actions/workflows/go-check.yml)
+[![Go Test cmd/dns](https://github.com/sir-go/rkn-rejects/actions/workflows/go-dns.yml/badge.svg)](https://github.com/sir-go/rkn-rejects/actions/workflows/go-dns.yml)
+[![Go Test cmd/dpi](https://github.com/sir-go/rkn-rejects/actions/workflows/go-dpi.yml/badge.svg)](https://github.com/sir-go/rkn-rejects/actions/workflows/go-dpi.yml)
+[![Go Test cmd/get-rkn](https://github.com/sir-go/rkn-rejects/actions/workflows/go-get-rkn.yml/badge.svg)](https://github.com/sir-go/rkn-rejects/actions/workflows/go-get-rkn.yml)
+
 
 The parental control project contains four utilities to get white and black lists from RKN service and 
 completely isolate one certain host from denied resources. Utilities installed at the router between
 the host and uplink.
 
-### Utilities
-
+## Utilities
  - [get_rkn](cmd/get_rkn)
 
     SOAP-client for [RKN service](https://vigruzki.rkn.gov.ru/services/OperatorRequest/?wsdl), 
@@ -28,8 +32,7 @@ the host and uplink.
 
     It can be run from the docker container for routing all traffic through the router's firewall.
 
-### NF-tables
-
+## NF-tables
 Traffic to sniffers redirects by the `nf_queue` kernel module. All traffic rejects by default 
 except DNS requests and answers. NF-tables rules have a list of allowed IP addresses. 
 Every record in the list has a TTL and deletes when this time is expired.

diff --git a/cmd/check/README.md b/cmd/check/README.md
@@ -1,36 +1,24 @@
-## Check
-
-### What it does
+# Check
+[![Go](https://github.com/sir-go/rkn-rejects/actions/workflows/go-check.yml/badge.svg)](https://github.com/sir-go/rkn-rejects/actions/workflows/go-check.yml)
 
+## What it does
 - get targets for checking from the redis set
 - run bunch of workers
 - wait for all workers are done
 
 Each worker is an HTTP client that tries to get data from the target
 resource and log the result to the logfile if the target is accessible.
 
-### Build
+## Tests
 ```bash
-go mod download
-go build -o check ./cmd/check;
+go test -v ./cmd/check/...
+gosec ./cmd/check/...
 ```
 
-If the check will run on the same host that the firewall does,
-it should run from the docker container.
-
+## Docker
 ```bash
 docker build . -t check
-```
-
-### Run
-
-Standalone
-```bash
-check -w 25 t 20s  -lt 10s  -d /tmp/checks
-```
 
-Docker
-```bash
 docker run -it --rm \
   -v /tmp/checks:/var/log/checks \
   --dns 195.208.4.1 \
@@ -39,6 +27,19 @@ docker run -it --rm \
   -d /var/log/checks
 ```
 
+## Build
+```bash
+go mod download
+go build -o check ./cmd/check;
+```
+If the check will run on the same host that the firewall does,
+it should run from the docker container.
+
+## Run
+```bash
+check -w 25 t 20s  -lt 10s  -d /tmp/checks
+```
+
 ### Flags
 
 | key  | default   | description                     |
@@ -56,5 +57,4 @@ docker run -it --rm \
 | -m   | -1(inf)   | checks amount limit             |
 | -t   | 3s        | check TCP timeout               |
 | -lt  | 10s       | log polling interval            |
-| -o   | stdout    | buffered log output             |
 | -d   | /tmp      | path to the logs for each check |
diff --git a/cmd/check/checker.go b/cmd/check/checker.go
@@ -1,5 +1,7 @@
 package main
 
+// Checking target worker. Gets target from the channel, makes a request and issues a verdict
+
 import (
 	"io/ioutil"
 	"net/http"
@@ -12,6 +14,7 @@ import (
 )
 
 type (
+	// is resource accessible
 	verdict struct {
 		opened bool
 		hash   string
@@ -20,15 +23,18 @@ type (
 	}
 )
 
+// uncommented rows in the list
 var reTarget = regexp.MustCompile(`^[^#]((.*)\|)?(.*://)?(.*)`)
 
+// dump saves a verdict to a file in the specified directory
 func (v *verdict) dump(vDir string) {
-	err := ioutil.WriteFile(path.Join(vDir, v.hash), v.raw, 0666)
+	err := ioutil.WriteFile(path.Join(vDir, v.hash), v.raw, 0600)
 	if err != nil {
 		log.Panicln("dump verdict", err)
 	}
 }
 
+// check does check the target address accessibility and returns a verdict struct
 func check(target string, timeout time.Duration) (v verdict) {
 	var (
 		err  error
@@ -60,8 +66,12 @@ func check(target string, timeout time.Duration) (v verdict) {
 	return
 }
 
-func Checker(wg *sync.WaitGroup, timeout time.Duration, targets <-chan string,
-	verdicts chan<- verdict) {
+// Checker starts a checking process, reads a target from the targets channel
+//and stores verdicts to the verdicts channel
+func Checker(wg *sync.WaitGroup, timeout time.Duration, targets <-chan string, verdicts chan<- verdict) {
+	if wg == nil {
+		return
+	}
 	for t := range targets {
 		verdicts <- check(t, timeout)
 		time.Sleep(CFG.Sleeps)