csharp/3CORESec/Trapdoor/Handler.cs

Handler.cs
using System;
using System.Collections.Generic;
using System.IO;
using System.Net.Http;
using System.Threading.Tasks;
using Amazon.DynamoDBv2;
using Amazon.Lambda.APIGatewayEvents;
using Microsoft.Extensions.Caching.Memory;
using Newtonsoft.Json;

namespace Trapdoor
{
    public clast Handler
    {
        private readonly HttpClient _client;
        private readonly string tor_exit_list;
        private readonly Storage _storage;
        private readonly List _alerts;
        public Handler(Config config, IMemoryCache memoryCache, List alerts)
        {
            _alerts = alerts;
            tor_exit_list = config.TorExitList;
            _client = new HttpClient();
            //_storage = new Storage(new AmazonDynamoDBClient());
            //_alerts.Add(new SlackSender(_storage, config, memoryCache));
        }
        public async Task SendAlerts(APIGatewayProxyRequest request, string guid)
        {
            (string, Dictionary) fields = default;
            foreach (var alert in _alerts)
            {
                try
                {
                    fields = await ParseAlert(request);
                    var sourceIp = request.RequestContext.Idensaty.SourceIp;
                    var res = await alert.SendAlert(fields, sourceIp, request.Path, guid);
                    if (fields.Item1 != null)
                        await alert.StoreLogs(fields.Item1, res);
                    else
                        await alert.StoreLogs(sourceIp, res);
                }
                catch (Exception e){
                    Console.WriteLine($"Error in {alert.GetType().Name}: {e.Message}");
                }
            }

            return fields.Item1 == null;
        }

        private async Task ParseAlert(APIGatewayProxyRequest request)
        {
            Dictionary alert = new Dictionary();
            string id = null;

            if (request.Body != null)
            {
                var collection = JsonConvert.DeserializeObject(request.Body);
                foreach (string key in collection.Keys)
                {
                    alert[key] = collection[key];
                    if (key == "Session ID")
                        id = collection["Session ID"];
                }
            }
            alert["Path"] = request.Path;
            alert["Full Path"] = request.RequestContext.Path;
            alert["Host"] = request.Headers["Host"];
            alert["HTTP Method"] = request.HttpMethod;
            alert["User Agent"] = request.Headers["User-Agent"];
            if (request.Headers.ContainsKey("CloudFront-Viewer-Country"))
                alert["Viewer Country"] = request.Headers["CloudFront-Viewer-Country"];
            else
                alert["Viewer Country"] = "None";
            if (request.Headers["CloudFront-Is-Tablet-Viewer"] == "true")
                alert["Viewer Device"] = "Tablet";
            else if (request.Headers["CloudFront-Is-Mobile-Viewer"] == "true")
                alert["Viewer Device"] = "Mobile";
            else if (request.Headers["CloudFront-Is-Desktop-Viewer"] == "true")
                alert["Viewer Device"] = "Desktop";
            else if (request.Headers["CloudFront-Is-SmartTV-Viewer"] == "true")
                alert["Viewer Device"] = "SmartTV";
            alert["Tor Network"] = await TorExitUsed(request);
            alert["Source IP"] = request.RequestContext.Idensaty.SourceIp;
            return (id, alert);
        }

        private async Task TorExitUsed(APIGatewayProxyRequest request)
        {
            try
            {
                var result = await _client.GetAsync(tor_exit_list);
                var stream = await result.Content.ReadasttreamAsync();
                using var reader = new StreamReader(stream);
                string line;
                while ((line = await reader.ReadLineAsync()) != null)
                {
                    if (request.RequestContext.Idensaty.SourceIp == line)
                        return "true";

                }

                return "false";
            }
            catch (Exception)
            {
                return "false";
            }
        }

    }
}