Feature: Enhance Performance, Logging & Stability: Precompile Regex, Command Matching, Golang 1.24, History Cleanup & memLimitMiB Flag. (#182)

* Feat: Add support for logging which "command" was matched for SSH and HTTP strategies. * Feat: Convert to precompiling regexp at config load time. This allows for errors to be presented to the user during startup, and provides better performance for complex regexp. * Feat:Bump Golang version to latest stable 1.24 * Feat: Add a cleanup routine for HistoryStore, default TTL for events is 1 hour since last interaction. * Feat: Add new command line flag "memLimitMiB" with a default value of 100. --------- Signed-off-by: Bryan Nolen <bryan@arc.net.au> Signed-off-by: Mario Candela <mario.candela.personal@gmail.com> Co-authored-by: Mario Candela <mario.candela.personal@gmail.com>
2025-07-01 18:47:26 -04:00 · 2025-03-24 05:16:34 +11:00
parent 16b012784c
commit d677cd20b9
14 changed files with 249 additions and 89 deletions
--- a/plugins/beelzebub-cloud.go
+++ b/plugins/beelzebub-cloud.go
@ -4,6 +4,7 @@ import (
 	"encoding/json"
 	"errors"
 	"fmt"
+
 	"github.com/go-resty/resty/v2"
 	"github.com/mariocandela/beelzebub/v3/parser"
 	"github.com/mariocandela/beelzebub/v3/tracer"
@ -91,6 +92,9 @@ func (beelzebubCloud *beelzebubCloud) GetHoneypotsConfigurations() ([]parser.Bee
 		if err = yaml.Unmarshal([]byte(honeypotConfig.Config), &honeypotsConfig); err != nil {
 			return nil, err
 		}
+		if err := honeypotsConfig.CompileCommandRegex(); err != nil {
+			return nil, fmt.Errorf("unable to load service config from cloud: invalid regex: %v", err)
+		}
 		servicesConfiguration = append(servicesConfiguration, honeypotsConfig)
 	}

--- a/plugins/beelzebub-cloud_test.go
+++ b/plugins/beelzebub-cloud_test.go
@ -2,13 +2,15 @@ package plugins

 import (
 	"fmt"
+	"net/http"
+	"regexp"
+	"testing"
+
 	"github.com/go-resty/resty/v2"
 	"github.com/jarcoal/httpmock"
 	"github.com/mariocandela/beelzebub/v3/parser"
 	"github.com/mariocandela/beelzebub/v3/tracer"
 	"github.com/stretchr/testify/assert"
-	"net/http"
-	"testing"
 )

 func TestBuildSendEventFailValidation(t *testing.T) {
@ -111,8 +113,9 @@ func TestGetHoneypotsConfigurationsWithResults(t *testing.T) {
 			Description: "SSH interactive ChatGPT",
 			Commands: []parser.Command{
 				{
-					Regex:  "^(.+)$",
-					Plugin: "LLMHoneypot",
+					RegexStr: "^(.+)$",
+					Regex:    regexp.MustCompile("^(.+)$"),
+					Plugin:   "LLMHoneypot",
 				},
 			},
 			ServerVersion:          "OpenSSH",