File Coverage

lib/ThreatDetector/Handlers/BotFingerprint.pm

Criterion	Covered	Total	%
statement	21	21	100.0
branch	1	2	50.0
condition			n/a
subroutine	7	7	100.0
pod	0	2	0.0
total	29	32	90.6

line	stmt	bran	sub	pod	time	code
1						package ThreatDetector::Handlers::BotFingerprint;
2
3	3		3		111065	use strict;
	3				5
	3				96
4	3		3		12	use warnings;
	3				7
	3				160
5	3		3		14	use Exporter 'import';
	3				4
	3				93
6	3		3		11	use JSON;
	3				5
	3				14
7	3		3		296	use Time::HiRes qw(gettimeofday);
	3				3
	3				20
8
9						our $VERBOSE = 0;
10						our @EXPORT_OK = qw(handle_scanner get_scanner_fingerprint_events);
11						our @SCANNER_FINGERPRINT_EVENTS;
12						our $VERSION = '0.04';
13
14						sub handle_scanner {
15	1		1	0	1481	my ($entry) = @_;
16	1				13	my ($sec, $micro) = gettimeofday();
17
18						my $alert = {
19						timestamp => "$sec.$micro",
20						type => 'scanner_fingerprint',
21						ip => $entry->{ip},
22						method => $entry->{method},
23						uri => $entry->{uri},
24						status => $entry->{status},
25						user_agent => $entry->{user_agent},
26	1				15	};
27	1				4	push @SCANNER_FINGERPRINT_EVENTS, $alert;
28	1	50			7	print encode_json($alert) . "\n" if $VERBOSE;
29						}
30
31						sub get_scanner_fingerprint_events {
32	2		2	0	149317	return @SCANNER_FINGERPRINT_EVENTS;
33						}
34
35						1;
36
37						=head1 NAME
38
39						ThreatDetector::Handlers::BotFingerprint - Handler for scanner and bot user-agent matches
40
41						=head1 SYNOPSIS
42
43						use ThreatDetector::Handlers::BotFingerprint qw(handle_scanner);
44
45						handle_scanner($entry);
46
47						=head1 DESCRIPTION
48
49						Prints a JSON alert for any request that matches a known bad scanner or bot fingerprint in the user-agent string.
50
51						=head1 AUTHOR
52
53						Jason Hall
54
55						=cut