From c7a31d6e05f2e46333696290244e1aae6bcd7a8c Mon Sep 17 00:00:00 2001 From: Daniel Balk <67603460+Daniel-Balk@users.noreply.github.com> Date: Mon, 3 Apr 2023 20:06:06 +0200 Subject: [PATCH] security log --- .../Api/Moonlight/ResourcesController.cs | 5 ++- .../LogServices/SecurityLogService.cs | 34 ++++++++++++++++--- Moonlight/App/Services/OneTimeJwtService.cs | 5 ++- Moonlight/App/Services/ServerService.cs | 5 ++- .../App/Services/Sessions/IdentityService.cs | 5 ++- Moonlight/App/Services/UserService.cs | 29 +++++++++++++--- 6 files changed, 70 insertions(+), 13 deletions(-) diff --git a/Moonlight/App/Http/Controllers/Api/Moonlight/ResourcesController.cs b/Moonlight/App/Http/Controllers/Api/Moonlight/ResourcesController.cs index a02762c5..52750c40 100644 --- a/Moonlight/App/Http/Controllers/Api/Moonlight/ResourcesController.cs +++ b/Moonlight/App/Http/Controllers/Api/Moonlight/ResourcesController.cs @@ -21,7 +21,10 @@ public class ResourcesController : Controller { if (name.Contains("..")) { - await SecurityLogService.Log(SecurityLogType.PathTransversal, name); + await SecurityLogService.Log(SecurityLogType.PathTransversal, x => + { + x.Add(name); + }); return NotFound(); } diff --git a/Moonlight/App/Services/LogServices/SecurityLogService.cs b/Moonlight/App/Services/LogServices/SecurityLogService.cs index d276a2b9..f58fa198 100644 --- a/Moonlight/App/Services/LogServices/SecurityLogService.cs +++ b/Moonlight/App/Services/LogServices/SecurityLogService.cs @@ -1,4 +1,5 @@ using Moonlight.App.Database.Entities.LogsEntries; +using Moonlight.App.Models.Log; using Moonlight.App.Models.Misc; using Moonlight.App.Repositories.LogEntries; using Moonlight.App.Services.Sessions; @@ -17,16 +18,18 @@ public class SecurityLogService HttpContextAccessor = httpContextAccessor; } - public Task Log(SecurityLogType type, params object[] data) + public Task Log(SecurityLogType type, Action data) { var ip = GetIp(); + var al = new SecurityLogParameters(); + data(al); var entry = new SecurityLogEntry() { Ip = ip, Type = type, System = false, - JsonData = data.Length == 0 ? "" : JsonConvert.SerializeObject(data) + JsonData = al.Build() }; Repository.Add(entry); @@ -34,13 +37,16 @@ public class SecurityLogService return Task.CompletedTask; } - public Task LogSystem(SecurityLogType type, params object[] data) + public Task LogSystem(SecurityLogType type, Action data) { + var al = new SecurityLogParameters(); + data(al); + var entry = new SecurityLogEntry() { Type = type, System = true, - JsonData = data.Length == 0 ? "" : JsonConvert.SerializeObject(data) + JsonData = al.Build() }; Repository.Add(entry); @@ -60,4 +66,24 @@ public class SecurityLogService return HttpContextAccessor.HttpContext.Connection.RemoteIpAddress!.ToString(); } + + + public class SecurityLogParameters + { + private List Data = new List(); + + public void Add(object data) + { + Data.Add(new LogData() + { + Type = typeof(T), + Value = data.ToString() + }); + } + + internal string Build() + { + return JsonConvert.SerializeObject(Data); + } + } } \ No newline at end of file diff --git a/Moonlight/App/Services/OneTimeJwtService.cs b/Moonlight/App/Services/OneTimeJwtService.cs index 871a1b02..0f70d597 100644 --- a/Moonlight/App/Services/OneTimeJwtService.cs +++ b/Moonlight/App/Services/OneTimeJwtService.cs @@ -76,7 +76,10 @@ public class OneTimeJwtService } catch (SignatureVerificationException) { - await SecurityLogService.LogSystem(SecurityLogType.ManipulatedJwt, token); + await SecurityLogService.LogSystem(SecurityLogType.ManipulatedJwt, x => + { + x.Add(token); + }); return null; } catch (Exception e) diff --git a/Moonlight/App/Services/ServerService.cs b/Moonlight/App/Services/ServerService.cs index 71c37784..7969bd78 100644 --- a/Moonlight/App/Services/ServerService.cs +++ b/Moonlight/App/Services/ServerService.cs @@ -364,7 +364,10 @@ public class ServerService if (server == null) { - await SecurityLogService.LogSystem(SecurityLogType.SftpBruteForce, serverId); + await SecurityLogService.LogSystem(SecurityLogType.SftpBruteForce, x => + { + x.Add(id); + }); throw new Exception("Server not found"); } diff --git a/Moonlight/App/Services/Sessions/IdentityService.cs b/Moonlight/App/Services/Sessions/IdentityService.cs index eaeac7b1..f35519e1 100644 --- a/Moonlight/App/Services/Sessions/IdentityService.cs +++ b/Moonlight/App/Services/Sessions/IdentityService.cs @@ -89,7 +89,10 @@ public class IdentityService } catch (SignatureVerificationException) { - await SecurityLogService.Log(SecurityLogType.ManipulatedJwt, token); + await SecurityLogService.Log(SecurityLogType.ManipulatedJwt, x => + { + x.Add(token); + }); return null; } catch (Exception e) diff --git a/Moonlight/App/Services/UserService.cs b/Moonlight/App/Services/UserService.cs index d26be75d..60ec0a9d 100644 --- a/Moonlight/App/Services/UserService.cs +++ b/Moonlight/App/Services/UserService.cs @@ -94,7 +94,11 @@ public class UserService if (user == null) { - await SecurityLogService.Log(SecurityLogType.LoginFail, new[] { email, password }); + await SecurityLogService.Log(SecurityLogType.LoginFail, x => + { + x.Add(email); + x.Add(password); + }); throw new DisplayException("Email and password combination not found"); } @@ -103,7 +107,11 @@ public class UserService return user.TotpEnabled; } - await SecurityLogService.Log(SecurityLogType.LoginFail, new[] { email, password }); + await SecurityLogService.Log(SecurityLogType.LoginFail, x => + { + x.Add(email); + x.Add(password); + }); throw new DisplayException("Email and password combination not found");; } @@ -136,7 +144,11 @@ public class UserService } else { - await SecurityLogService.Log(SecurityLogType.LoginFail, new[] { email, password }); + await SecurityLogService.Log(SecurityLogType.LoginFail, x => + { + x.Add(email); + x.Add(password); + }); throw new DisplayException("2FA code invalid"); } } @@ -185,7 +197,10 @@ public class UserService if (user == null) { - await SecurityLogService.LogSystem(SecurityLogType.SftpBruteForce, id); + await SecurityLogService.LogSystem(SecurityLogType.SftpBruteForce, x => + { + x.Add(id); + }); throw new Exception("Invalid username"); } @@ -198,7 +213,11 @@ public class UserService return user; } - await SecurityLogService.LogSystem(SecurityLogType.SftpBruteForce, new[] { id.ToString(), password }); + await SecurityLogService.LogSystem(SecurityLogType.SftpBruteForce, x => + { + x.Add(id); + x.Add(password); + }); throw new Exception("Invalid userid or password"); }