Merge pull request #7 from crowdsecurity/batching_support

Batching support

Author: buixor

cmd/ipdex/config/constant.go

@@ -7,4 +7,5 @@ const (
 	ReportExpirationDefaultValue    = "90d"
 	DefaultSQLiteDBFile             = "ipdex.sqlite"
 	DefaultFormat                   = display.HumanFormat
+	BatchSize                       = 100
 )

cmd/ipdex/config/global.go

@@ -6,4 +6,5 @@ var (
 	Yes          bool
 	Detailed     bool
 	ReportName   string
+	Batching     bool
 )

cmd/ipdex/file/file.go

@@ -48,7 +48,7 @@ func FileCommand(file string, forceRefresh bool, yes bool) {
 	ipsToProcess := make([]string, 0)
 	nbIPToProcess := 0
 	reportExist := true
-	if report == nil || len(report.IPs) == 0 {
+	if report == nil || len(report.IPs) == 0 || config.ForceRefresh {
 		reportExist = false
 	}
 	if !reportExist {
@@ -87,6 +87,7 @@ func FileCommand(file string, forceRefresh bool, yes bool) {
 			style.Infof("Report for file '%s' and same checksum already exists, updating it ...", filepath)
 		}
 	}
+
 	if !yes {
 		confirm, err := config.MaxIPsCheck(nbIPToProcess, viper.GetInt(config.MinIPsWarningOption))
 		if err != nil {
@@ -96,49 +97,103 @@ func FileCommand(file string, forceRefresh bool, yes bool) {
 			return
 		}
 	}
-	bar := pterm.DefaultProgressbar.WithTotal(len(ipsToProcess)).WithTitle("Processing items")
-
-	if outputFormat == display.HumanFormat {
-		bar, err = bar.Start()
-		if err != nil {
-			style.Fatal(err.Error())
-		}
-	}
-
+	bar := &pterm.ProgressbarPrinter{}
 	ipList := make([]*cticlient.SmokeItem, 0)
-	for _, ipAddr := range ipsToProcess {
+	if !config.Batching {
+		bar = pterm.DefaultProgressbar.WithTotal(len(ipsToProcess)).WithTitle("Processing items")
 		if outputFormat == display.HumanFormat {
-			bar.UpdateTitle("Enriching with CrowdSec CTI: " + ipAddr)
+			bar, err = bar.Start()
+			if err != nil {
+				style.Fatal(err.Error())
+			}
 		}
-		data, _, err := ctiClient.Enrich(ipAddr, forceRefresh)
-		if err != nil {
-			if _, barErr := bar.Stop(); barErr != nil {
-				style.Fatal(barErr.Error())
+		for _, ipAddr := range ipsToProcess {
+			if outputFormat == display.HumanFormat {
+				bar.UpdateTitle("Enriching with CrowdSec CTI: " + ipAddr)
+			}
+			data, _, err := ctiClient.Enrich(ipAddr, forceRefresh)
+			if err != nil {
+				if _, barErr := bar.Stop(); barErr != nil {
+					style.Fatal(barErr.Error())
+				}
+				if err.Error() == "unauthorized" {
+					style.Error("\nInvalid API Key.\n")
+					pterm.DefaultParagraph.Printfln("You can generate an API key on the %s", style.Bold.Render("CrowdSec Console"))
+					style.Blue("→ \"https://app.crowdsec.net/settings/cti-api-keys\"")
+					os.Exit(1)
+				} else if strings.Contains(strings.ToLower(err.Error()), "too many requests") {
+					style.Error("\nYou have exceeded the rate limit. Please try again later. (Rate limit reached)\n")
+					pterm.DefaultParagraph.Printfln("You can upgrade your rate limit by contacting CrowdSec from the %s", style.Bold.Render("CrowdSec Pricing Page"))
+					style.Blue("→ \"https://www.crowdsec.net/pricing#cyber-threat-intelligence\"")
+					os.Exit(1)
+				} else if strings.Contains(strings.ToLower(err.Error()), "request quota exceeded") || strings.Contains(strings.ToLower(err.Error()), "limit exceeded") {
+					style.Error("\nYou have exceeded your usage quota.\n")
+					pterm.DefaultParagraph.Printfln("You can upgrade your quotas by contacting CrowdSec from the %s", style.Bold.Render("CrowdSec Pricing Page"))
+					style.Blue("→ \"https://www.crowdsec.net/pricing#cyber-threat-intelligence\"")
+					os.Exit(1)
+				} else {
+					style.Fatalf("error getting IP %s information: %s", ipAddr, err)
+				}
+			}
+			ipList = append(ipList, data)
+			if outputFormat == display.HumanFormat {
+				bar.Increment()
 			}
-			if err.Error() == "unauthorized" {
-				style.Error("\nInvalid API Key.\n")
-				pterm.DefaultParagraph.Printfln("You can generate an API key on the %s", style.Bold.Render("CrowdSec Console"))
-				style.Blue("→ \"https://app.crowdsec.net/settings/cti-api-keys\"")
-				os.Exit(1)
-			} else if strings.Contains(strings.ToLower(err.Error()), "too many requests") {
-				style.Error("\nYou have exceeded the rate limit. Please try again later. (Rate limit reached)\n")
-				pterm.DefaultParagraph.Printfln("You can upgrade your rate limit on the %s", style.Bold.Render("CrowdSec Console"))
-				style.Blue("→ \"https://app.crowdsec.net/settings/cti-api-keys\"")
-				os.Exit(1)
-			} else if strings.Contains(strings.ToLower(err.Error()), "request quota exceeded") || strings.Contains(strings.ToLower(err.Error()), "limit exceeded") {
-				style.Error("\nYou have exceeded your usage quota.\n")
-				pterm.DefaultParagraph.Printfln("You can upgrade your quotas on the %s", style.Bold.Render("CrowdSec Console"))
-				style.Blue("→ \"https://app.crowdsec.net/settings/cti-api-keys\"")
-				os.Exit(1)
-			} else {
-				style.Fatalf("error getting IP %s information: %s", ipAddr, err)
+		}
+	} else {
+		// split the IPs into batches
+		batches := make([][]string, 0)
+		for i := 0; i < len(ipsToProcess); i += config.BatchSize {
+			end := i + config.BatchSize
+			if end > len(ipsToProcess) {
+				end = len(ipsToProcess)
 			}
+			batches = append(batches, ipsToProcess[i:end])
 		}
-		ipList = append(ipList, data)
+		bar := pterm.DefaultProgressbar.WithTotal(len(batches)).WithTitle("Processing batches")
 		if outputFormat == display.HumanFormat {
-			bar.Increment()
+			bar, err = bar.Start()
+			if err != nil {
+				style.Fatal(err.Error())
+			}
+		}
+		for batchIndex, batch := range batches {
+			if outputFormat == display.HumanFormat {
+				bar.UpdateTitle(fmt.Sprintf("Enriching with CrowdSec CTI: batch %d/%d", batchIndex+1, len(batches)))
+			}
+			data, err := ctiClient.EnrichBatch(batch, forceRefresh)
+			if err != nil {
+				if _, barErr := bar.Stop(); barErr != nil {
+					style.Fatal(barErr.Error())
+				}
+				if err.Error() == "unauthorized" {
+					style.Error("\nThe API key is not valid or is not premium and can't be used for batching.\n")
+					pterm.DefaultParagraph.Printfln("You can generate an API key on the %s", style.Bold.Render("CrowdSec Console"))
+					style.Blue("→ \"https://app.crowdsec.net/settings/cti-api-keys\"")
+					pterm.DefaultParagraph.Println("Or contact CrowdSec to upgrade your API")
+					style.Blue("→ \"https://www.crowdsec.net/pricing#cyber-threat-intelligence\"")
+					os.Exit(1)
+				} else if strings.Contains(strings.ToLower(err.Error()), "too many requests") {
+					style.Error("\nYou have exceeded the rate limit. Please try again later. (Rate limit reached)\n")
+					pterm.DefaultParagraph.Printfln("You can upgrade your rate limit by contacting CrowdSec from the %s", style.Bold.Render("CrowdSec Pricing Page"))
+					style.Blue("→ \"https://www.crowdsec.net/pricing#cyber-threat-intelligence\"")
+					os.Exit(1)
+				} else if strings.Contains(strings.ToLower(err.Error()), "request quota exceeded") || strings.Contains(strings.ToLower(err.Error()), "limit exceeded") {
+					style.Error("\nYou have exceeded your usage quota.\n")
+					pterm.DefaultParagraph.Printfln("You can upgrade your quotas by contacting CrowdSec from the %s", style.Bold.Render("CrowdSec Pricing Page"))
+					style.Blue("→ \"https://www.crowdsec.net/pricing#cyber-threat-intelligence\"")
+					os.Exit(1)
+				} else {
+					style.Fatalf("error getting IP batch information: %s", err)
+				}
+			}
+			ipList = append(ipList, data...)
+			if outputFormat == display.HumanFormat {
+				bar.Increment()
+			}
 		}
 	}
+
 	if outputFormat == display.HumanFormat {
 		if _, err := bar.Stop(); err != nil {
 			style.Fatal(err.Error())

cmd/ipdex/main.go

@@ -77,6 +77,7 @@ func init() {
 	rootCmd.PersistentFlags().BoolVarP(&config.Detailed, "detailed", "d", false, "Show all informations about an IP or a report")
 	rootCmd.PersistentFlags().StringVarP(&config.OutputFormat, "output", "o", "", "Output format: human or json")
 	rootCmd.Flags().StringVarP(&config.ReportName, "name", "n", "", "Report name when scanning a file or making a search query")
+	rootCmd.Flags().BoolVarP(&config.Batching, "batch", "b", false, "Use batching to request the CrowdSec API. Make sure you have a premium API key to use this feature.")
 }
 
 func initConfig() {
@@ -130,6 +131,7 @@ func initConfig() {
 	if viper.GetInt(config.MinIPsWarningOption) == 0 {
 		viper.Set(config.MinIPsWarningOption, config.MinIPsWarningOptionDefaultValue)
 	}
+
 	if !config.IsSupportedOutputFormat(viper.GetString(config.OutputFormatOption)) {
 		style.Fatalf("output format '%s' is not supported", viper.GetString(config.OutputFormatOption))
 	}

pkg/cti/cti.go

@@ -30,6 +30,7 @@ type CTI struct {
 
 type CrowdsecClient interface {
 	GetIPInfo(ip string) (*cticlient.SmokeItem, error)
+	SearchIPs(ipAddrs []string) (*cticlient.SearchIPResponse, error)
 }
 
 func NewCTIClient(apiKey string, dbClient database.IPClient) (*CTI, error) {
@@ -45,6 +46,47 @@ func NewCTIClient(apiKey string, dbClient database.IPClient) (*CTI, error) {
 	}, nil
 }
 
+func (c *CTI) EnrichBatch(ipAddrs []string, forceRefresh bool) ([]*cticlient.SmokeItem, error) {
+	var data []*cticlient.SmokeItem
+
+	// Check if the IPs are in the database, and remove them from the list if they are
+	for i := 0; i < len(ipAddrs); {
+		item, err := c.db.Find(ipAddrs[i])
+		if err != nil {
+			continue
+		}
+		if item != nil && !forceRefresh {
+			data = append(data, item)
+			ipAddrs = append(ipAddrs[:i], ipAddrs[i+1:]...)
+		} else {
+			i++
+		}
+	}
+
+	ipRestCache := make(map[string]bool)
+
+	// Check the remaining IPs in the list
+	items, err := c.client.SearchIPs(ipAddrs)
+	if err != nil {
+		return nil, err
+	}
+
+	for _, item := range items.Items {
+		data = append(data, &item)
+		if item.Ip != "" {
+			ipRestCache[item.Ip] = true
+		}
+	}
+
+	// Account for missing IPs
+	for _, ip := range ipAddrs {
+		if _, ok := ipRestCache[ip]; !ok {
+			data = append(data, &cticlient.SmokeItem{Ip: ip})
+		}
+	}
+	return data, nil
+}
+
 func (c *CTI) Enrich(ipAddr string, forceRefresh bool) (*cticlient.SmokeItem, bool, error) {
 	var data *cticlient.SmokeItem
 	var err error

pkg/version/version.go

@@ -5,12 +5,12 @@ import (
 )
 
 const (
-	LatestVersion = "v0.0.5"
+	LatestVersion = "v0.0.6"
 )
 
 var (
-	Version   string // = "v0.0.0"
-	BuildDate string // = "2023-03-06_09:55:34"
+	Version   string
+	BuildDate string
 	Commit    string
 )