def run(
config: DynaBox,
logging: DynaBox,
inq: JoinableQueue,
subscribe_callback: Callable,
unsubscribe_callback: Callable,
):
global logger, workers
logger = threatbus.logger.setup(logging, __name__)
assert plugin_name in config, f"Cannot find configuration for {plugin_name} plugin"
config = config[plugin_name]
broker_opts = broker.BrokerOptions()
broker_opts.forward = False
ep = broker.Endpoint(broker.Configuration(broker_opts))
ep.listen(config.host, config.port)
workers.append(
SubscriptionManager(config.module_namespace, ep, subscribe_callback,
unsubscribe_callback))
workers.append(BrokerReceiver(config.module_namespace, ep, inq))
workers.append(BrokerPublisher(config.module_namespace, ep))
for w in workers:
w.start()
logger.info("Zeek plugin started")
def run(config, logging, inq, subscribe_callback, unsubscribe_callback):
logger = threatbus.logger.setup(logging, __name__)
config = config[plugin_name]
try:
validate_config(config)
except Exception as e:
logger.fatal("Invalid config for plugin {}: {}".format(plugin_name, str(e)))
host, port, namespace = (
config["host"].get(),
config["port"].get(),
config["module_namespace"].get(),
)
broker_opts = broker.BrokerOptions()
broker_opts.forward = False
ep = broker.Endpoint(broker.Configuration(broker_opts))
ep.listen(host, port)
logger.info(f"Broker: endpoint listening - {host}:{port}")
threading.Thread(
target=listen, args=(logger, namespace, ep, inq), daemon=True
).start()
threading.Thread(
target=manage,
args=(logger, namespace, ep, subscribe_callback, unsubscribe_callback),
daemon=True,
).start()
threading.Thread(target=publish, args=(logger, namespace, ep), daemon=True).start()
logger.info("Zeek plugin started")
def run(
config: Subview,
logging: Subview,
inq: JoinableQueue,
subscribe_callback: Callable,
unsubscribe_callback: Callable,
):
global logger, workers
logger = threatbus.logger.setup(logging, __name__)
config = config[plugin_name]
try:
validate_config(config)
except Exception as e:
logger.fatal("Invalid config for plugin {}: {}".format(
plugin_name, str(e)))
host, port, namespace = (
config["host"].get(),
config["port"].get(),
config["module_namespace"].get(),
)
broker_opts = broker.BrokerOptions()
broker_opts.forward = False
ep = broker.Endpoint(broker.Configuration(broker_opts))
ep.listen(host, port)
workers.append(
SubscriptionManager(namespace, ep, subscribe_callback,
unsubscribe_callback))
workers.append(BrokerReceiver(namespace, ep, inq))
workers.append(BrokerPublisher(namespace, ep))
for w in workers:
w.start()
logger.info("Zeek plugin started")
def test_two_hops_forwarding_disabled(self):
# Two hops that are subscribed, so they would forward but we disable.
no_forward = broker.BrokerOptions()
no_forward.forward = False
((ep1, ep2, ep3, ep4), (s1, s2, s3,
s4)) = setup_peers(opts2=no_forward)
ep1.publish("/test/foo", "Foo!") # Shouldn't arrive
x = s4.get(1.0)
self.assertEqual(x, None)
def test_ssl_auth_failure_no_ssl(self):
cfg1 = broker.Configuration(broker.BrokerOptions())
cfg1.openssl_certificate = data_path("cert.1.pem")
cfg1.openssl_key = data_path("key.1.pem")
cfg1.openssl_cafile = data_path("ca.pem")
cfg2 = broker.Configuration(broker.BrokerOptions())
with broker.Endpoint(cfg1) as ep1, \
broker.Endpoint(cfg2) as ep2:
port = ep1.listen("127.0.0.1", 0)
r = ep2.peer("127.0.0.1", port, 0)
self.assertEqual(r, False)
with broker.Endpoint(cfg2) as ep1, \
broker.Endpoint(cfg1) as ep2:
port = ep1.listen("127.0.0.1", 0)
r = ep2.peer("127.0.0.1", port, 0)
self.assertEqual(r, False)
def test_two_hops_ttl(self):
ttl1 = broker.BrokerOptions()
ttl1.ttl = 2
((ep1, ep2, ep3, ep4), (s1, s2, s3, s4)) = setup_peers(opts1=ttl1)
ep1.publish("/test/foo", "Foo!")
x = s2.get(1.0)
self.assertEqual(x, ('/test/foo', 'Foo!'))
x = s3.get(1.0)
self.assertEqual(x, ('/test/foo', 'Foo!'))
x = s4.get(1.0)
self.assertEqual(x, None) # Doesn't get here anymore.
def test_two_hops_ttl(self):
# Note the 1st receiver's TTL value is the one that's applied.
ttl2 = broker.BrokerOptions()
ttl2.ttl = 2
((ep1, ep2, ep3, ep4), (s1, s2, s3, s4)) = setup_peers(opts2=ttl2)
ep1.publish("/test/foo", "Foo!")
x = s2.get(1.0)
self.assertEqual(x, ('/test/foo', 'Foo!'))
x = s3.get(1.0)
self.assertEqual(x, ('/test/foo', 'Foo!'))
x = s4.get(1.0)
self.assertEqual(x, None) # Doesn't get here anymore.
def test_ssl_auth_success_self_signed(self):
cfg = broker.Configuration(broker.BrokerOptions())
cfg.openssl_certificate = data_path("cert.self-signed.pem")
cfg.openssl_key = data_path("key.self-signed.pem")
cfg.openssl_cafile = data_path("cert.self-signed.pem")
with broker.Endpoint(cfg) as ep1, \
broker.Endpoint(cfg) as ep2, \
ep1.make_subscriber("/test") as s1, \
ep2.make_subscriber("/test") as s2:
port = ep1.listen("127.0.0.1", 0)
r = ep2.peer("127.0.0.1", port, 0)
self.assertEqual(r, True)
self.check_ping(ep1, s1, ep2, s2)
def XXXtest_ssl_auth_failure_ca_pw(self):
cfg = broker.Configuration(broker.BrokerOptions())
cfg.openssl_certificate = data_path("cert.1.pem")
cfg.openssl_key = data_path("key.1.enc.pem")
cfg.openssl_cafile = data_path("ca.pem")
cfg.openssl_passphrase = "WRONG PASSWORD"
with broker.Endpoint(cfg) as ep1, \
broker.Endpoint(cfg) as ep2:
port = ep1.listen("127.0.0.1", 0)
# TODO: This correctly generates an exception in CAF, for which I
# don't know where to catch it.
r = ep2.peer("127.0.0.1", port, 0)
self.assertEqual(r, False)
def cfg(opts):
return broker.Configuration(opts) if opts else broker.Configuration(
broker.BrokerOptions())