From 9b849c33ace3be9bebe6d052a6b149b47d25d7ee Mon Sep 17 00:00:00 2001 From: Christian Roessner Date: Fri, 25 Oct 2024 10:02:10 +0200 Subject: [PATCH] Fix: Refactor variable initialization in `checkRepeatingBruteForcer` Reorganized variable declarations for clarity and consistency. Added an additional check to properly parse CIDR notation for networks, enhancing the error-checking mechanism and setting the `network` variable for upstream tasks. Signed-off-by: Christian Roessner --- server/core/bruteforce.go | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/server/core/bruteforce.go b/server/core/bruteforce.go index efe96667..867d88f9 100644 --- a/server/core/bruteforce.go +++ b/server/core/bruteforce.go @@ -796,7 +796,10 @@ func processBruteForce(auth *AuthState, ruleTriggered, alreadyTriggered bool, ru // checkRepeatingBruteForcer analyzes if a network partakes in repeated brute force attempts according to specified rules. // It returns a boolean indicating an error, whether a brute force rule already triggered, and the rule number. func checkRepeatingBruteForcer(auth *AuthState, rules []config.BruteForceRule, network *net.IPNet, message *string) (withError bool, alreadyTriggered bool, ruleNumber int) { - var err error + var ( + ruleName string + err error + ) for ruleNumber = range rules { if network, err = auth.getNetwork(&rules[ruleNumber]); err != nil { @@ -807,7 +810,11 @@ func checkRepeatingBruteForcer(auth *AuthState, rules []config.BruteForceRule, n continue } - if ruleName, err := auth.getPreResultBruteForceRedis(&rules[ruleNumber]); ruleName != "" && err == nil { + if ruleName, err = auth.getPreResultBruteForceRedis(&rules[ruleNumber]); ruleName != "" && err == nil { + if _, network, err = net.ParseCIDR(fmt.Sprintf("%s/%d", auth.ClientIP, rules[ruleNumber].CIDR)); err != nil { + withError = true + } + alreadyTriggered = true *message = "Brute force attack detected (cached result)" stats.BruteForceRejected.WithLabelValues(ruleName).Inc()