From 4e06058f4a6e28ffb2414bd420bee1c924d109ad Mon Sep 17 00:00:00 2001 From: Waston Date: Thu, 28 Nov 2024 11:11:39 +0800 Subject: [PATCH] Added the function of recording the specific content of detected high-risk commands --- .../controller/agentcontroller/script.go | 22 ++++++++++++++++++- 1 file changed, 21 insertions(+), 1 deletion(-) diff --git a/cmd/server/app/network/controller/agentcontroller/script.go b/cmd/server/app/network/controller/agentcontroller/script.go index ed907131..6721f037 100644 --- a/cmd/server/app/network/controller/agentcontroller/script.go +++ b/cmd/server/app/network/controller/agentcontroller/script.go @@ -79,7 +79,6 @@ func containsDangerousCommand(content string) bool { matched, err := regexp.MatchString(pattern, content) if err != nil { logger.Error("Error matching pattern %s: %v\n", pattern, err) - // TODO continue } if matched { @@ -89,6 +88,27 @@ func containsDangerousCommand(content string) bool { return false } +func findDangerousCommandsPos(content string) ([][]int, []string) { + var positions [][]int + var matchedCommands []string + + for _, pattern := range dangerousCommandsList { + re, err := regexp.Compile(pattern) + if err != nil { + logger.Error("Error compiling pattern %s: %v\n", pattern, err) + continue + } + matches := re.FindAllStringIndex(content, -1) + for _, match := range matches { + start, end := match[0], match[1]-1 + positions = append(positions, []int{start, end}) + matchedCommands = append(matchedCommands, content[start:end+1]) + // 记录高危命令 + } + } + return positions, matchedCommands +} + var dangerousCommandsList = []string{ `.*rm\s+-[r,f,rf].*`, `.*lvremove\s+-f.*`, -- Gitee