From e89c72e06a0cd5ca6bfbb31321a635f7d276718d Mon Sep 17 00:00:00 2001 From: delorean Date: Tue, 31 Oct 2023 20:19:21 -0500 Subject: [PATCH] shredding --- config.toml | 2 +- go.mod | 10 +++---- go.sum | 23 +++++++++++----- main.go | 75 +++++++++++++++++++++++++++++++++++++++++++++++++---- 4 files changed, 92 insertions(+), 18 deletions(-) diff --git a/config.toml b/config.toml index a19e287..c904cbf 100644 --- a/config.toml +++ b/config.toml @@ -1,4 +1,4 @@ -webroot = "www" +webroot = "./www" lport = "5000" vhost = "hardfiles.org" dbfile = "dbfile.db" diff --git a/go.mod b/go.mod index ebc1c5d..e051693 100644 --- a/go.mod +++ b/go.mod @@ -3,18 +3,18 @@ module hardfiles go 1.21.0 require ( - github.com/boltdb/bolt v1.3.1 - github.com/gabriel-vasile/mimetype v1.4.2 + github.com/BurntSushi/toml v1.3.2 + github.com/gabriel-vasile/mimetype v1.4.3 github.com/gorilla/mux v1.8.0 github.com/landlock-lsm/go-landlock v0.0.0-20230607164353-b03374193cb2 github.com/rs/zerolog v1.31.0 + go.etcd.io/bbolt v1.3.8 ) require ( - github.com/BurntSushi/toml v1.3.2 // indirect github.com/mattn/go-colorable v0.1.13 // indirect github.com/mattn/go-isatty v0.0.19 // indirect - golang.org/x/net v0.8.0 // indirect - golang.org/x/sys v0.12.0 // indirect + golang.org/x/net v0.17.0 // indirect + golang.org/x/sys v0.13.0 // indirect kernel.org/pub/linux/libs/security/libcap/psx v1.2.66 // indirect ) diff --git a/go.sum b/go.sum index dbebc3a..974a340 100644 --- a/go.sum +++ b/go.sum @@ -1,10 +1,10 @@ github.com/BurntSushi/toml v1.3.2 h1:o7IhLm0Msx3BaB+n3Ag7L8EVlByGnpq14C4YWiu/gL8= github.com/BurntSushi/toml v1.3.2/go.mod h1:CxXYINrC8qIiEnFrOxCa7Jy5BFHlXnUU2pbicEuybxQ= -github.com/boltdb/bolt v1.3.1 h1:JQmyP4ZBrce+ZQu0dY660FMfatumYDLun9hBCUVIkF4= -github.com/boltdb/bolt v1.3.1/go.mod h1:clJnj/oiGkjum5o1McbSZDSLxVThjynRyGBgiAx27Ps= github.com/coreos/go-systemd/v22 v22.5.0/go.mod h1:Y58oyj3AT4RCenI/lSvhwexgC+NSVTIJ3seZv2GcEnc= -github.com/gabriel-vasile/mimetype v1.4.2 h1:w5qFW6JKBz9Y393Y4q372O9A7cUSequkh1Q7OhCmWKU= -github.com/gabriel-vasile/mimetype v1.4.2/go.mod h1:zApsH/mKG4w07erKIaJPFiX0Tsq9BFQgN3qGY5GnNgA= +github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= +github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= +github.com/gabriel-vasile/mimetype v1.4.3 h1:in2uUcidCuFcDKtdcBxlR0rJ1+fsokWf+uqxgUFjbI0= +github.com/gabriel-vasile/mimetype v1.4.3/go.mod h1:d8uq/6HKRL6CGdk+aubisF/M5GcPfT7nKyLpA0lbSSk= github.com/godbus/dbus/v5 v5.0.4/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5xrFpKfA= github.com/gorilla/mux v1.8.0 h1:i40aqfkR1h2SlN9hojwV5ZA91wcXFOvkdNIeFDP5koI= github.com/gorilla/mux v1.8.0/go.mod h1:DVbg23sWSpFRCP0SfiEN6jmj59UnW/n46BH5rLB71So= @@ -16,14 +16,23 @@ github.com/mattn/go-isatty v0.0.16/go.mod h1:kYGgaQfpe5nmfYZH+SKPsOc2e4SrIfOl2e/ github.com/mattn/go-isatty v0.0.19 h1:JITubQf0MOLdlGRuRq+jtsDlekdYPia9ZFsB8h/APPA= github.com/mattn/go-isatty v0.0.19/go.mod h1:W+V8PltTTMOvKvAeJH7IuucS94S2C6jfK/D7dTCTo3Y= github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= +github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= +github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= github.com/rs/xid v1.5.0/go.mod h1:trrq9SKmegXys3aeAKXMUTdJsYXVwGY3RLcfgqegfbg= github.com/rs/zerolog v1.31.0 h1:FcTR3NnLWW+NnTwwhFWiJSZr4ECLpqCm6QsEnyvbV4A= github.com/rs/zerolog v1.31.0/go.mod h1:/7mN4D5sKwJLZQ2b/znpjC3/GQWY/xaDXUM0kKWRHss= -golang.org/x/net v0.8.0 h1:Zrh2ngAOFYneWTAIAPethzeaQLuHwhuBkuV6ZiRnUaQ= -golang.org/x/net v0.8.0/go.mod h1:QVkue5JL9kW//ek3r6jTKnTFis1tRmNAW2P1shuFdJc= +github.com/stretchr/testify v1.8.1 h1:w7B6lhMri9wdJUVmEZPGGhZzrYTPvgJArz7wNPgYKsk= +github.com/stretchr/testify v1.8.1/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4= +go.etcd.io/bbolt v1.3.8 h1:xs88BrvEv273UsB79e0hcVrlUWmS0a8upikMFhSyAtA= +go.etcd.io/bbolt v1.3.8/go.mod h1:N9Mkw9X8x5fupy0IKsmuqVtoGDyxsaDlbk4Rd05IAQw= +golang.org/x/net v0.17.0 h1:pVaXccu2ozPjCXewfr1S7xza/zcXTity9cCdXQYSjIM= +golang.org/x/net v0.17.0/go.mod h1:NxSsAGuq816PNPmqtQdLE42eU2Fs7NoRIZrHJAlaCOE= golang.org/x/sys v0.0.0-20220811171246-fbc7d0a398ab/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.12.0 h1:CM0HF96J0hcLAwsHPJZjfdNzs0gftsLfgKt57wWHJ0o= golang.org/x/sys v0.12.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.13.0 h1:Af8nKPmuFypiUBjVoU9V20FiaFXOcuZI21p0ycVYYGE= +golang.org/x/sys v0.13.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA= +gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= kernel.org/pub/linux/libs/security/libcap/psx v1.2.66 h1:ikIhPzfkSSAEwBOU+2DWhoF+xnGUhvlMTfQjBVhvzQY= kernel.org/pub/linux/libs/security/libcap/psx v1.2.66/go.mod h1:+l6Ee2F59XiJ2I6WR5ObpC1utCQJZ/VLsEbQCD8RG24= diff --git a/main.go b/main.go index 5060b2f..ccf7eea 100644 --- a/main.go +++ b/main.go @@ -9,12 +9,12 @@ import ( "time" "github.com/BurntSushi/toml" - "github.com/boltdb/bolt" "github.com/gabriel-vasile/mimetype" "github.com/gorilla/mux" "github.com/landlock-lsm/go-landlock/landlock" "github.com/rs/zerolog" "github.com/rs/zerolog/log" + bolt "go.etcd.io/bbolt" ) var ( @@ -37,6 +37,67 @@ func LoadConf() { } } +func shred(path string) error { + log.Info().Msg("shredding file") + fileinfo, err := os.Stat(path) + if err != nil { + return err + } + size := fileinfo.Size() + err = scramble(path, size) + if err != nil { + return err + } + + err = zeros(path, size) + if err != nil { + return err + } + + err = os.Remove(path) + if err != nil { + return err + } + + return nil +} + +func scramble(path string, size int64) error { + var i int64 + for i = 0; i < 7; i++ { // 7 iterations + file, err := os.OpenFile(path, os.O_RDWR, 0) + defer file.Close() + if err != nil { + return err + } + offset, err := file.Seek(0, 0) + if err != nil { + return err + } + buff := make([]byte, size) + rand.Read(buff) + file.WriteAt(buff, offset) + file.Close() + } + return nil +} + +func zeros(path string, size int64) error { + file, err := os.OpenFile(path, os.O_RDWR, 0) + defer file.Close() + if err != nil { + return err + } + + offset, err := file.Seek(0, 0) + if err != nil { + return err + } + buff := make([]byte, size) + file.WriteAt(buff, offset) + return nil +} + func NameGen() string { const chars = "abcdefghjkmnpqrstuvwxyzABCDEFGHJKLMNPQRSTUVWXYZ123456789" ll := len(chars) @@ -59,7 +120,8 @@ func CheckFile(name string) bool { // false if doesn't exist, true if exists func UploadHandler(w http.ResponseWriter, r *http.Request) { // expiry sanitize - twentyfour := int64(86400) + // twentyfour := int64(86400) + twentyfour := int64(10) file, _, err := r.FormFile("file") if err != nil { @@ -122,8 +184,11 @@ func Cull() { continue } if time.Now().After(time.Unix(eol, 0)) { - os.Remove(conf.FileFolder + "/" + string(k)) - removed += 1 + if err := shred(conf.FileFolder + "/" + string(k)); err != nil { + log.Error().Err(err).Msg("shredding failed") + } else { + removed += 1 + } c.Delete() } } @@ -142,8 +207,8 @@ func main() { err := landlock.V2.BestEffort().RestrictPaths( landlock.RWDirs("./"+conf.FileFolder), + landlock.RWDirs(conf.Webroot), landlock.RWFiles(conf.DBFile), - landlock.RWFiles(conf.Webroot+"/index.html"), ) if err != nil {