Fix IP reporting and update the row

snow-scanner/Cargo.toml

@@ -23,6 +23,8 @@ is-it-maintained-issue-resolution = { repository = "security" }
 is-it-maintained-open-issues = { repository = "security" }
 maintenance = { status = "passively-maintained" }
 
+# docker pull clux/muslrust:stable
+#  docker run -v $PWD:/volume --rm -t clux/muslrust:stable cargo build --release
 [[bin]]
 name = "snow-scanner"
 path = "src/main.rs"
@@ -35,9 +37,11 @@ actix-files = "0.6.6"
 hmac = "0.12.1"
 sha2 = "0.10.8"
 hex = "0.4.3"
+# mariadb-dev on Alpine
+# "mysqlclient-src" "mysql_backend"
 diesel = { version = "2.2.0", default-features = false, features = ["mysql", "chrono", "uuid", "r2d2"] }
-dns-ptr-resolver = "1.2.0"
+dns-ptr-resolver = {git = "https://github.com/wdes/dns-ptr-resolver.git"}
-hickory-client = { version = "0.24.1", default-features = false }
+hickory-resolver = { version = "0.24.1", default-features = false, features = ["tokio-runtime", "dns-over-h3", "dns-over-https", "dns-over-quic"]}
 chrono = "0.4.38"
 uuid = { version = "1.10.0", default-features = false, features = ["v7", "serde", "std"] }
 cidr = "0.2.2"

snow-scanner/src/main.rs

@@ -19,9 +19,10 @@ use uuid::Uuid;
 
 use serde::{Deserialize, Deserializer, Serialize};
 
-use hickory_client::client::SyncClient;
+use hickory_resolver::config::{NameServerConfigGroup, ResolverConfig, ResolverOpts};
-use hickory_client::rr::Name;
+use hickory_resolver::{Name, Resolver};
-use hickory_client::tcp::TcpClientConnection;
+use std::net::IpAddr;
+use std::time::Duration;
 
 use diesel::serialize::IsNull;
 use diesel::{serialize, MysqlConnection};
@@ -143,34 +144,58 @@ fn detect_scanner(ptr_result: &ResolvedResult) -> Result<Scanners, ()> {
 async fn handle_ip(pool: web::Data<DbPool>, ip: String) -> Result<Scanner, Option<ResolvedResult>> {
     let query_address = ip.parse().expect("To parse");
 
-    let client = get_dns_client();
+    let ptr_result: Result<ResolvedResult, ()> = std::thread::spawn(move || {
-    let ptr_result: ResolvedResult = if let Ok(res) = get_ptr(query_address, client) {
+        let client = get_dns_client();
-        res
+        let ptr_result: ResolvedResult = if let Ok(res) = get_ptr(query_address, client) {
-    } else {
+            res
-        return Err(None);
+        } else {
-    };
+            return Err(());
+        };
+        Ok(ptr_result)
+    })
+    .join()
+    .unwrap();
 
-    match detect_scanner(&ptr_result) {
+    if ptr_result.is_err() {
+        return Err(None);
+    }
+
+    let result = ptr_result.unwrap();
+
+    match detect_scanner(&result) {
         Ok(scanner_name) => {
             let ip_type = if ip.contains(':') { 6 } else { 4 };
-            let scanner = Scanner {
-                ip: ip,
-                ip_type: ip_type,
-                scanner_name: scanner_name.clone(),
-                ip_ptr: match ptr_result.result {
-                    Some(ptr) => Some(ptr.to_string()),
-                    None => None,
-                },
-                created_at: Utc::now().naive_utc(),
-                updated_at: None,
-                last_seen_at: None,
-                last_checked_at: None,
-            };
 
             // use web::block to offload blocking Diesel queries without blocking server thread
             web::block(move || {
                 // note that obtaining a connection from the pool is also potentially blocking
                 let conn = &mut pool.get().unwrap();
+                let scanner_row_result = Scanner::find(ip.clone(), ip_type, conn);
+                let scanner_row = match scanner_row_result {
+                    Ok(scanner_row) => scanner_row,
+                    Err(_) => return Err(None),
+                };
+
+                let scanner = if let Some(mut scanners) = scanner_row {
+                    scanners.last_seen_at = Some(Utc::now().naive_utc());
+                    scanners.last_checked_at = Some(Utc::now().naive_utc());
+                    scanners.updated_at = Some(Utc::now().naive_utc());
+                    scanners
+                } else {
+                    Scanner {
+                        ip: ip,
+                        ip_type: ip_type,
+                        scanner_name: scanner_name.clone(),
+                        ip_ptr: match result.result {
+                            Some(ptr) => Some(ptr.to_string()),
+                            None => None,
+                        },
+                        created_at: Utc::now().naive_utc(),
+                        updated_at: None,
+                        last_seen_at: None,
+                        last_checked_at: None,
+                    }
+                };
 
                 match scanner.save(conn) {
                     Ok(scanner) => Ok(scanner),
@@ -181,7 +206,7 @@ async fn handle_ip(pool: web::Data<DbPool>, ip: String) -> Result<Scanner, Optio
             .unwrap()
         }
 
-        Err(_) => Err(Some(ptr_result)),
+        Err(_) => Err(Some(result)),
     }
 }
 
@@ -257,14 +282,30 @@ pub struct ReportParams {
 async fn handle_report(pool: web::Data<DbPool>, params: web::Form<ReportParams>) -> HttpResponse {
     match handle_ip(pool, params.ip.clone()).await {
         Ok(scanner) => html_contents(match scanner.scanner_name {
-            Scanners::Binaryedge => format!(
+            Scanners::Binaryedge => match scanner.last_checked_at {
-                "Reported an escaped ninja! <b>{}</a> known as {:?}.",
+                Some(date) => format!(
-                scanner.ip, scanner.ip_ptr
+                    "Reported a binaryedge ninja! <b>{}</b> known as {} since {date}.",
-            ),
+                    scanner.ip,
-            Scanners::Stretchoid => format!(
+                    scanner.ip_ptr.unwrap_or("".to_string())
-                "Reported a stretchoid agent! <b>{}</a> known as {:?}.",
+                ),
-                scanner.ip, scanner.ip_ptr
+                None => format!(
-            ),
+                    "Reported a binaryedge ninja! <b>{}</b> known as {}.",
+                    scanner.ip,
+                    scanner.ip_ptr.unwrap_or("".to_string())
+                ),
+            },
+            Scanners::Stretchoid => match scanner.last_checked_at {
+                Some(date) => format!(
+                    "Reported a stretchoid agent! <b>{}</b> known as {} since {date}.",
+                    scanner.ip,
+                    scanner.ip_ptr.unwrap_or("".to_string())
+                ),
+                None => format!(
+                    "Reported a stretchoid agent! <b>{}</b> known as {}.",
+                    scanner.ip,
+                    scanner.ip_ptr.unwrap_or("".to_string())
+                ),
+            },
             _ => format!("Not supported"),
         }),
 
@@ -279,8 +320,33 @@ async fn handle_report(pool: web::Data<DbPool>, params: web::Form<ReportParams>)
     }
 }
 
+struct SecurePath {
+    pub data: String,
+}
+
+impl<'de> Deserialize<'de> for SecurePath {
+    fn deserialize<D>(deserializer: D) -> Result<Self, D::Error>
+    where
+        D: Deserializer<'de>,
+    {
+        let s = <Vec<String>>::deserialize(deserializer)?;
+        let k: String = s[0].to_string();
+        // A-Z a-z 0-9
+        // . - _
+        if k.chars()
+            .all(|c| c.is_ascii_alphanumeric() || c == '.' || c == '-' || c == '_')
+        {
+            return Ok(SecurePath { data: k });
+        }
+        Err(serde::de::Error::custom(format!(
+            "Invalid value: {}",
+            k.to_string()
+        )))
+    }
+}
+
 async fn handle_get_collection(
-    path: web::Path<(String, String)>,
+    path: web::Path<(SecurePath, SecurePath)>,
     req: HttpRequest,
     static_data_dir: actix_web::web::Data<String>,
 ) -> actix_web::Result<HttpResponse> {
@@ -289,8 +355,9 @@ async fn handle_get_collection(
     let mut path: PathBuf = PathBuf::new();
     let static_data_dir: String = static_data_dir.into_inner().to_string();
     path.push(static_data_dir);
-    path.push(vendor_name.to_string());
+    path.push("collections");
-    path.push(file_name.to_string());
+    path.push(vendor_name.data);
+    path.push(file_name.data);
     match NamedFile::open(path) {
         Ok(file) => Ok(file.into_response(&req)),
         Err(err) => Ok(HttpResponse::NotFound()
@@ -310,6 +377,7 @@ async fn handle_list_scanners(
     if scanner_name.is_static() {
         let mut path: PathBuf = PathBuf::new();
         path.push(static_data_dir);
+        path.push("scanners");
         path.push(scanner_name.to_string());
 
         return match NamedFile::open(path) {
@@ -414,17 +482,27 @@ fn get_connection(database_url: &str) -> DbPool {
     // Refer to the `r2d2` documentation for more methods to use
     // when building a connection pool
     Pool::builder()
-        .max_size(30)
+        .max_size(5)
         .test_on_check_out(true)
         .build(manager)
         .expect("Could not build connection pool")
 }
 
-fn get_dns_client() -> SyncClient<TcpClientConnection> {
+fn get_dns_client() -> Resolver {
-    let server = "1.1.1.1:53".parse().expect("To parse");
+    let server_ip = "1.1.1.1";
-    let dns_conn =
+
-        TcpClientConnection::with_timeout(server, std::time::Duration::new(5, 0)).unwrap();
+    let server = NameServerConfigGroup::from_ips_clear(
-    SyncClient::new(dns_conn)
+        &[IpAddr::from_str(server_ip).unwrap()],
+        53, // Port 53
+        true,
+    );
+
+    let config = ResolverConfig::from_parts(None, vec![], server);
+    let mut options = ResolverOpts::default();
+    options.timeout = Duration::from_secs(5);
+    options.attempts = 1; // One try
+
+    Resolver::new(config, options).unwrap()
 }
 
 fn plain_contents(data: String) -> HttpResponse {
@@ -468,13 +546,22 @@ async fn main() -> std::io::Result<()> {
         "mysql://localhost".to_string()
     };
 
+    let pool = get_connection(db_url.as_str());
+
+    // note that obtaining a connection from the pool is also potentially blocking
+    let conn = &mut pool.get().unwrap();
+    let names = Scanner::list_names(Scanners::Stretchoid, conn);
+    match names {
+        Ok(names) => println!("Found {} Stretchoid scanners", names.len()),
+        Err(err) => eprintln!("Unable to get names: {}", err),
+    };
+
     let server = HttpServer::new(move || {
         let static_data_dir: String = match env::var("STATIC_DATA_DIR") {
             Ok(val) => val,
             Err(_) => "../data/".to_string(),
         };
 
-        let pool = get_connection(db_url.as_str());
         App::new()
             .app_data(web::Data::new(pool.clone()))
             .app_data(actix_web::web::Data::new(static_data_dir))

snow-scanner/src/models.rs

@@ -22,6 +22,22 @@ pub struct Scanner {
 }
 
 impl Scanner {
+    pub fn find(
+        ip_address: String,
+        ip_type: u8,
+        conn: &mut MysqlConnection,
+    ) -> Result<Option<Scanner>, DieselError> {
+        use crate::schema::scanners;
+
+        scanners
+            .select(Scanner::as_select())
+            .filter(scanners::ip.eq(ip_address))
+            .filter(scanners::ip_type.eq(ip_type))
+            .order((scanners::ip_type.desc(), scanners::created_at.desc()))
+            .first(conn)
+            .optional()
+    }
+
     pub fn list_names(
         scanner_name: Scanners,
         conn: &mut MysqlConnection,