runzero-jsonl.go

package main

import (
	"bufio"
	"fmt"
	"io"
	"log"
	"net/http"
	"os"
	"strconv"
	"strings"

	"github.com/buger/jsonparser"
	"github.com/vulncheck-oss/go-exploit/db"
)

func validateHTTPData(httpData string) bool {
	resp, err := http.ReadResponse(bufio.NewReader(strings.NewReader(httpData)), nil)
	if err != nil {
		// don't cache this, it's an incomplete payload due to (presumably) a limit
		// runzero has in their data
		return false
	}
	defer resp.Body.Close()

	_, err = io.ReadAll(resp.Body)

	return err == nil
}

// we need to extract:
// 1. service.address
// 2. service.port
// 3. http.uri
// 4. banner
// 5. http.body
// 6. http.head.contentLength.
func parseRunZeroJSON(line string) {
	services, _, _, _ := jsonparser.Get([]byte(line), "services")
	_ = jsonparser.ObjectEach(services, func(_ []byte, serviceEntry []byte, _ jsonparser.ValueType, _ int) error {
		httpCode, err := jsonparser.GetString(serviceEntry, "http.code")
		if err != nil || len(httpCode) == 0 {
			return nil
		}

		portString, _ := jsonparser.GetString(serviceEntry, "service.port")
		port, err := strconv.Atoi(portString)
		if err != nil {
			return nil
		}

		contentLength := 0
		contentLengthStr, err := jsonparser.GetString(serviceEntry, "http.head.contentLength")
		if err == nil && len(contentLengthStr) != 0 {
			contentLength, _ = strconv.Atoi(contentLengthStr)
		}

		ipStr, _ := jsonparser.GetString(serviceEntry, "service.address")
		uri, _ := jsonparser.GetString(serviceEntry, "http.uri")
		banner, _ := jsonparser.GetString(serviceEntry, "banner")

		// The banner isn't limited to the HTTP header, so we need to yeet out the extra data
		headerEnd := strings.Index(banner, "\r\n\r\n")
		if headerEnd != -1 {
			banner = banner[:headerEnd]
		}

		body, _ := jsonparser.GetString(serviceEntry, "http.body")
		// RunZero seems to trim trailing \n? Check if there is an off by 1 error and add the on char back in
		if contentLength != 0 && (contentLength-1) == len(body) {
			body += "\n"
		}
		httpData := banner + "\r\n\r\n" + body

		if validateHTTPData(httpData) {
			db.CacheHTTPResponse(ipStr, port, uri, []byte(httpData))
		}

		return nil
	})
}

func DoRunZeroJSONL(jsonFile string) bool {
	log.Println("Generating database entries...")
	file, err := os.Open(jsonFile)
	if err != nil {
		fmt.Printf("Failed to open file: %v\n", err)

		return false
	}
	defer file.Close()

	reader := bufio.NewReader(file)
	for {
		line, err := reader.ReadString('\n')
		if err != nil {
			if err.Error() == "EOF" {
				// End of file reached
				break
			}
			fmt.Printf("Error reading line: %v\n", err)

			return false
		}

		parseRunZeroJSON(line)
	}

	return true
}