feat: implémentation complète du pipeline JA4 + Docker + tests

Nouveaux modules: - cmd/ja4sentinel/main.go : point d'entrée avec pipeline capture→parse→fingerprint→output - internal/config/loader.go : chargement YAML + env (JA4SENTINEL_*) + validation - internal/tlsparse/parser.go : extraction ClientHello avec suivi d'état de flux (NEW/WAIT_CLIENT_HELLO/JA4_DONE) - internal/fingerprint/engine.go : génération JA4/JA3 via psanford/tlsfingerprint - internal/output/writers.go : StdoutWriter, FileWriter, UnixSocketWriter, MultiWriter Infrastructure: - Dockerfile (multi-stage), Dockerfile.dev, Dockerfile.test-server - Makefile (build, test, lint, docker-build-*) - docker-compose.test.yml pour tests d'intégration - README.md (276 lignes) avec architecture, config, exemples API (api/types.go): - Ajout Close() aux interfaces Capture et Parser - Ajout FlowTimeoutSec dans Config (défaut: 30s, env: JA4SENTINEL_FLOW_TIMEOUT) - ServiceLog: +Timestamp, +TraceID, +ConnID - LogRecord: champs flatten (ip_meta_*, tcp_meta_*, ja4*) - Helper NewLogRecord() pour conversion TLSClientHello+Fingerprints→LogRecord Architecture (architecture.yml): - Documentation module logging + interfaces LoggerFactory/Logger - Section service.systemd complète (unit, security, capabilities) - Section logging.strategy (JSON lines, champs, règles) - api.Config: +FlowTimeoutSec documenté Fixes/cleanup: - Suppression internal/api/types.go (consolidé dans api/types.go) - Correction imports logging (ja4sentinel/api) - .dockerignore / .gitignore - config.yml.example Tests: - Tous les modules ont leurs tests (*_test.go) - Tests unitaires : capture, config, fingerprint, output, tlsparse - Tests d'intégration via docker-compose.test.yml Build: - Binaires dans dist/ (make build → dist/ja4sentinel) - Docker runtime avec COPY --from=builder /app/dist/ Co-authored-by: Qwen-Coder <qwen-coder@alibabacloud.com>
2026-02-25 20:02:52 +01:00
parent 3b09f9416e
commit efd4481729
28 changed files with 2797 additions and 285 deletions
--- a/internal/config/loader.go
+++ b/internal/config/loader.go
@ -0,0 +1,176 @@
+// Package config provides configuration loading and validation for ja4sentinel
+package config
+
+import (
+	"encoding/json"
+	"fmt"
+	"os"
+	"strconv"
+	"strings"
+
+	"gopkg.in/yaml.v3"
+	"ja4sentinel/api"
+)
+
+// LoaderImpl implements the api.Loader interface for configuration loading
+type LoaderImpl struct {
+	configPath string
+}
+
+// NewLoader creates a new configuration loader
+func NewLoader(configPath string) *LoaderImpl {
+	return &LoaderImpl{
+		configPath: configPath,
+	}
+}
+
+// Load reads and merges configuration from file, environment variables, and CLI
+func (l *LoaderImpl) Load() (api.AppConfig, error) {
+	config := api.DefaultConfig()
+
+	// Load from YAML file if path is provided
+	if l.configPath != "" {
+		fileConfig, err := l.loadFromFile(l.configPath)
+		if err != nil {
+			return config, fmt.Errorf("failed to load config file: %w", err)
+		}
+		config = mergeConfigs(config, fileConfig)
+	}
+
+	// Override with environment variables
+	config = l.loadFromEnv(config)
+
+	// Validate the final configuration
+	if err := l.validate(config); err != nil {
+		return config, fmt.Errorf("invalid configuration: %w", err)
+	}
+
+	return config, nil
+}
+
+// loadFromFile reads configuration from a YAML file
+func (l *LoaderImpl) loadFromFile(path string) (api.AppConfig, error) {
+	config := api.AppConfig{}
+
+	data, err := os.ReadFile(path)
+	if err != nil {
+		return config, fmt.Errorf("failed to read config file: %w", err)
+	}
+
+	err = yaml.Unmarshal(data, &config)
+	if err != nil {
+		return config, fmt.Errorf("failed to parse config file: %w", err)
+	}
+
+	return config, nil
+}
+
+// loadFromEnv overrides configuration with environment variables
+func (l *LoaderImpl) loadFromEnv(config api.AppConfig) api.AppConfig {
+	// JA4SENTINEL_INTERFACE
+	if val := os.Getenv("JA4SENTINEL_INTERFACE"); val != "" {
+		config.Core.Interface = val
+	}
+
+	// JA4SENTINEL_PORTS (comma-separated list)
+	if val := os.Getenv("JA4SENTINEL_PORTS"); val != "" {
+		ports := parsePorts(val)
+		if len(ports) > 0 {
+			config.Core.ListenPorts = ports
+		}
+	}
+
+	// JA4SENTINEL_BPF_FILTER
+	if val := os.Getenv("JA4SENTINEL_BPF_FILTER"); val != "" {
+		config.Core.BPFFilter = val
+	}
+
+	// JA4SENTINEL_FLOW_TIMEOUT (in seconds)
+	if val := os.Getenv("JA4SENTINEL_FLOW_TIMEOUT"); val != "" {
+		if timeout, err := strconv.Atoi(val); err == nil && timeout > 0 {
+			config.Core.FlowTimeoutSec = timeout
+		}
+	}
+
+	return config
+}
+
+// parsePorts parses a comma-separated list of ports
+func parsePorts(s string) []uint16 {
+	if s == "" {
+		return nil
+	}
+
+	parts := strings.Split(s, ",")
+	ports := make([]uint16, 0, len(parts))
+
+	for _, part := range parts {
+		part = strings.TrimSpace(part)
+		if part == "" {
+			continue
+		}
+
+		port, err := strconv.ParseUint(part, 10, 16)
+		if err == nil {
+			ports = append(ports, uint16(port))
+		}
+	}
+
+	return ports
+}
+
+// mergeConfigs merges two configs, with override taking precedence
+func mergeConfigs(base, override api.AppConfig) api.AppConfig {
+	result := base
+
+	if override.Core.Interface != "" {
+		result.Core.Interface = override.Core.Interface
+	}
+
+	if len(override.Core.ListenPorts) > 0 {
+		result.Core.ListenPorts = override.Core.ListenPorts
+	}
+
+	if override.Core.BPFFilter != "" {
+		result.Core.BPFFilter = override.Core.BPFFilter
+	}
+
+	if override.Core.FlowTimeoutSec > 0 {
+		result.Core.FlowTimeoutSec = override.Core.FlowTimeoutSec
+	}
+
+	if len(override.Outputs) > 0 {
+		result.Outputs = override.Outputs
+	}
+
+	return result
+}
+
+// validate checks if the configuration is valid
+func (l *LoaderImpl) validate(config api.AppConfig) error {
+	if config.Core.Interface == "" {
+		return fmt.Errorf("interface cannot be empty")
+	}
+
+	if len(config.Core.ListenPorts) == 0 {
+		return fmt.Errorf("at least one listen port is required")
+	}
+
+	// Validate outputs
+	for i, output := range config.Outputs {
+		if output.Type == "" {
+			return fmt.Errorf("output[%d]: type cannot be empty", i)
+		}
+	}
+
+	return nil
+}
+
+// ToJSON converts config to JSON string for debugging
+func ToJSON(config api.AppConfig) string {
+	data, err := json.MarshalIndent(config, "", "  ")
+	if err != nil {
+		return fmt.Sprintf("error marshaling config: %v", err)
+	}
+	return string(data)
+}
--- a/internal/config/loader_test.go
+++ b/internal/config/loader_test.go
@ -0,0 +1,213 @@
+package config
+
+import (
+	"os"
+	"strings"
+	"testing"
+
+	"ja4sentinel/api"
+)
+
+func TestParsePorts(t *testing.T) {
+	tests := []struct {
+		name  string
+		input string
+		want  []uint16
+	}{
+		{
+			name:  "single port",
+			input: "443",
+			want:  []uint16{443},
+		},
+		{
+			name:  "multiple ports",
+			input: "443, 8443, 9443",
+			want:  []uint16{443, 8443, 9443},
+		},
+		{
+			name:  "empty string",
+			input: "",
+			want:  nil,
+		},
+		{
+			name:  "with spaces",
+			input: " 443 , 8443 ",
+			want:  []uint16{443, 8443},
+		},
+		{
+			name:  "invalid port ignored",
+			input: "443, invalid, 8443",
+			want:  []uint16{443, 8443},
+		},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			got := parsePorts(tt.input)
+			if len(got) != len(tt.want) {
+				t.Errorf("parsePorts() length = %v, want %v", len(got), len(tt.want))
+				return
+			}
+			for i, v := range got {
+				if v != tt.want[i] {
+					t.Errorf("parsePorts()[%d] = %v, want %v", i, v, tt.want[i])
+				}
+			}
+		})
+	}
+}
+
+func TestMergeConfigs(t *testing.T) {
+	base := api.AppConfig{
+		Core: api.Config{
+			Interface:   "eth0",
+			ListenPorts: []uint16{443},
+			BPFFilter:   "",
+		},
+		Outputs: []api.OutputConfig{},
+	}
+
+	override := api.AppConfig{
+		Core: api.Config{
+			Interface:   "lo",
+			ListenPorts: []uint16{8443},
+			BPFFilter:   "tcp",
+		},
+		Outputs: []api.OutputConfig{
+			{Type: "stdout", Enabled: true},
+		},
+	}
+
+	result := mergeConfigs(base, override)
+
+	if result.Core.Interface != "lo" {
+		t.Errorf("Interface = %v, want lo", result.Core.Interface)
+	}
+	if len(result.Core.ListenPorts) != 1 || result.Core.ListenPorts[0] != 8443 {
+		t.Errorf("ListenPorts = %v, want [8443]", result.Core.ListenPorts)
+	}
+	if result.Core.BPFFilter != "tcp" {
+		t.Errorf("BPFFilter = %v, want tcp", result.Core.BPFFilter)
+	}
+	if len(result.Outputs) != 1 {
+		t.Errorf("Outputs length = %v, want 1", len(result.Outputs))
+	}
+}
+
+func TestValidate(t *testing.T) {
+	loader := &LoaderImpl{}
+
+	tests := []struct {
+		name    string
+		config  api.AppConfig
+		wantErr bool
+	}{
+		{
+			name: "valid config",
+			config: api.AppConfig{
+				Core: api.Config{
+					Interface:   "eth0",
+					ListenPorts: []uint16{443},
+				},
+				Outputs: []api.OutputConfig{
+					{Type: "stdout", Enabled: true},
+				},
+			},
+			wantErr: false,
+		},
+		{
+			name: "empty interface",
+			config: api.AppConfig{
+				Core: api.Config{
+					Interface:   "",
+					ListenPorts: []uint16{443},
+				},
+			},
+			wantErr: true,
+		},
+		{
+			name: "no listen ports",
+			config: api.AppConfig{
+				Core: api.Config{
+					Interface:   "eth0",
+					ListenPorts: []uint16{},
+				},
+			},
+			wantErr: true,
+		},
+		{
+			name: "output with empty type",
+			config: api.AppConfig{
+				Core: api.Config{
+					Interface:   "eth0",
+					ListenPorts: []uint16{443},
+				},
+				Outputs: []api.OutputConfig{
+					{Type: "", Enabled: true},
+				},
+			},
+			wantErr: true,
+		},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			err := loader.validate(tt.config)
+			if (err != nil) != tt.wantErr {
+				t.Errorf("validate() error = %v, wantErr %v", err, tt.wantErr)
+			}
+		})
+	}
+}
+
+func TestLoadFromEnv(t *testing.T) {
+	// Save original env vars
+	origInterface := os.Getenv("JA4SENTINEL_INTERFACE")
+	origPorts := os.Getenv("JA4SENTINEL_PORTS")
+	origFilter := os.Getenv("JA4SENTINEL_BPF_FILTER")
+	defer func() {
+		os.Setenv("JA4SENTINEL_INTERFACE", origInterface)
+		os.Setenv("JA4SENTINEL_PORTS", origPorts)
+		os.Setenv("JA4SENTINEL_BPF_FILTER", origFilter)
+	}()
+
+	// Set test env vars
+	os.Setenv("JA4SENTINEL_INTERFACE", "lo")
+	os.Setenv("JA4SENTINEL_PORTS", "8443,9443")
+	os.Setenv("JA4SENTINEL_BPF_FILTER", "tcp port 8443")
+
+	loader := &LoaderImpl{}
+	config := api.DefaultConfig()
+	result := loader.loadFromEnv(config)
+
+	if result.Core.Interface != "lo" {
+		t.Errorf("Interface = %v, want lo", result.Core.Interface)
+	}
+	if len(result.Core.ListenPorts) != 2 {
+		t.Errorf("ListenPorts length = %v, want 2", len(result.Core.ListenPorts))
+	}
+	if result.Core.BPFFilter != "tcp port 8443" {
+		t.Errorf("BPFFilter = %v, want 'tcp port 8443'", result.Core.BPFFilter)
+	}
+}
+
+func TestToJSON(t *testing.T) {
+	config := api.AppConfig{
+		Core: api.Config{
+			Interface:   "eth0",
+			ListenPorts: []uint16{443, 8443},
+			BPFFilter:   "tcp",
+		},
+		Outputs: []api.OutputConfig{
+			{Type: "stdout", Enabled: true, Params: map[string]string{}},
+		},
+	}
+
+	jsonStr := ToJSON(config)
+	if jsonStr == "" {
+		t.Error("ToJSON() returned empty string")
+	}
+	if !strings.Contains(jsonStr, "eth0") {
+		t.Error("ToJSON() result doesn't contain 'eth0'")
+	}
+}