One Agent to rule them all

README.md

@@ -38,25 +38,25 @@ Prerequisites:
 
 ##### x86_64
 ```
-rpm -Uvh --oldpackage https://github.com/AikidoSec/firewall-php/releases/download/v1.3.6/aikido-php-firewall.x86_64.rpm
+rpm -Uvh --oldpackage https://github.com/AikidoSec/firewall-php/releases/download/v1.4.0/aikido-php-firewall.x86_64.rpm
 ```
 
 ##### arm64 / aarch64
 ```
-rpm -Uvh --oldpackage https://github.com/AikidoSec/firewall-php/releases/download/v1.3.6/aikido-php-firewall.aarch64.rpm
+rpm -Uvh --oldpackage https://github.com/AikidoSec/firewall-php/releases/download/v1.4.0/aikido-php-firewall.aarch64.rpm
 ```
 
 #### For Debian-based Systems (Debian, Ubuntu)
 
 ##### x86_64
 ```
-curl -L -O https://github.com/AikidoSec/firewall-php/releases/download/v1.3.6/aikido-php-firewall.x86_64.deb
+curl -L -O https://github.com/AikidoSec/firewall-php/releases/download/v1.4.0/aikido-php-firewall.x86_64.deb
 dpkg -i -E ./aikido-php-firewall.x86_64.deb
 ```
 
 ##### arm64 / aarch64
 ```
-curl -L -O https://github.com/AikidoSec/firewall-php/releases/download/v1.3.6/aikido-php-firewall.aarch64.deb
+curl -L -O https://github.com/AikidoSec/firewall-php/releases/download/v1.4.0/aikido-php-firewall.aarch64.deb
 dpkg -i -E ./aikido-php-firewall.aarch64.deb
 ```
 

docs/aws-elastic-beanstalk.md

@@ -4,7 +4,7 @@
 ```
 commands:
   aikido-php-firewall:
-    command: "rpm -Uvh --oldpackage https://github.com/AikidoSec/firewall-php/releases/download/v1.3.6/aikido-php-firewall.x86_64.rpm"
+    command: "rpm -Uvh --oldpackage https://github.com/AikidoSec/firewall-php/releases/download/v1.4.0/aikido-php-firewall.x86_64.rpm"
     ignoreErrors: true
 
 files:

docs/fly-io.md

@@ -32,7 +32,7 @@ Create a script to install the Aikido PHP Firewall during deployment:
 #!/usr/bin/env bash
 cd /tmp
 
-curl -L -O https://github.com/AikidoSec/firewall-php/releases/download/v1.3.6/aikido-php-firewall.x86_64.deb
+curl -L -O https://github.com/AikidoSec/firewall-php/releases/download/v1.4.0/aikido-php-firewall.x86_64.deb
 dpkg -i -E ./aikido-php-firewall.x86_64.deb
 ```
 

docs/laravel-forge.md

@@ -21,7 +21,7 @@ cd /tmp
 
 # Install commands from the "Manual install" section below, based on your OS
 
-curl -L -O https://github.com/AikidoSec/firewall-php/releases/download/v1.3.6/aikido-php-firewall.x86_64.deb
+curl -L -O https://github.com/AikidoSec/firewall-php/releases/download/v1.4.0/aikido-php-firewall.x86_64.deb
 dpkg -i -E ./aikido-php-firewall.x86_64.deb
 
 # Restarting the php services in order to load the Aikido PHP Firewall

lib/agent/globals/constants.go → lib/agent/aikido_types/constants.go

@@ -1,7 +1,7 @@
-package globals
+package aikido_types
 
 const (
-	Version                             = "1.3.6"
+	Version                             = "1.4.0"
 	ConfigUpdatedAtMethod               = "GET"
 	ConfigUpdatedAtAPI                  = "/config"
 	ConfigAPIMethod                     = "GET"
@@ -16,7 +16,5 @@ const (
 	MaxAttackDetectedEventsPerInterval  = 100
 	AttackDetectedEventsIntervalInMs    = 60 * 60 * 1000 // 1 hour
 	MinStatsCollectedForRelevantMetrics = 1000
-	MaxNumberOfStoredUsers              = 2000
-	MaxNumberOfStoredRoutes             = 5000
-	MaxNumberOfStoredHostnames          = 2000
+	MinServerInactivityForCleanup       = 10 * 60 * 1000 // 10 minutes
 )

lib/agent/aikido_types/init_data.go

@@ -1,6 +1,9 @@
 package aikido_types
 
-import "sync"
+import (
+	"sync"
+	"time"
+)
 
 type MachineData struct {
 	HostName   string `json:"hostname"`
@@ -11,16 +14,18 @@ type MachineData struct {
 }
 
 type EnvironmentConfigData struct {
-	SocketPath      string `json:"socket_path"`               // '/run/aikido-{version}/aikido-{datetime}-{randint}.sock'
-	PlatformName    string `json:"platform_name"`             // PHP platform name (fpm-fcgi, cli-server, ...)
-	PlatformVersion string `json:"platform_version"`          // PHP version
-	Endpoint        string `json:"endpoint,omitempty"`        // default: 'https://guard.aikido.dev/'
-	ConfigEndpoint  string `json:"config_endpoint,omitempty"` // default: 'https://runtime.aikido.dev/'
+	SocketPath string `json:"socket_path"` // '/run/aikido-{version}/aikido-{datetime}-{randint}.sock'
+	DiskLogs   bool   `json:"disk_logs"`   // default: false
+	LogLevel   string `json:"log_level"`   // default: 'INFO'
 }
 
 type AikidoConfigData struct {
 	ConfigMutex               sync.Mutex
+	PlatformName              string `json:"platform_name"`                          // PHP platform name (fpm-fcgi, cli-server, ...)
+	PlatformVersion           string `json:"platform_version"`                       // PHP version
 	Token                     string `json:"token,omitempty"`                        // default: ''
+	Endpoint                  string `json:"endpoint,omitempty"`                     // default: 'https://guard.aikido.dev/'
+	ConfigEndpoint            string `json:"config_endpoint,omitempty"`              // default: 'https://runtime.aikido.dev/'
 	LogLevel                  string `json:"log_level,omitempty"`                    // default: 'INFO'
 	DiskLogs                  bool   `json:"disk_logs,omitempty"`                    // default: false
 	Blocking                  bool   `json:"blocking,omitempty"`                     // default: false
@@ -93,3 +98,118 @@ type CloudConfigUpdatedAt struct {
 	ServiceId       int   `json:"serviceId"`
 	ConfigUpdatedAt int64 `json:"configUpdatedAt"`
 }
+
+type ServerDataPolling struct {
+	HeartbeatRoutineChannel     chan struct{}
+	HeartbeatTicker             *time.Ticker
+	ConfigPollingRoutineChannel chan struct{}
+	ConfigPollingTicker         *time.Ticker
+	RateLimitingChannel         chan struct{}
+	RateLimitingTicker          *time.Ticker
+}
+
+func NewServerDataPolling() *ServerDataPolling {
+	return &ServerDataPolling{
+		HeartbeatRoutineChannel:     make(chan struct{}),
+		HeartbeatTicker:             time.NewTicker(10 * time.Minute),
+		ConfigPollingRoutineChannel: make(chan struct{}),
+		ConfigPollingTicker:         time.NewTicker(1 * time.Minute),
+		RateLimitingChannel:         make(chan struct{}),
+		RateLimitingTicker:          time.NewTicker(MinRateLimitingIntervalInMs * time.Millisecond),
+	}
+}
+
+type ServerData struct {
+	// Aikido config that contains info about endpoint, log_level, token, ...
+	AikidoConfig AikidoConfigData
+
+	// Cloud config that is obtain as a result from sending events to cloud or pulling the config when it changes
+	CloudConfig CloudConfigData
+
+	// Config mutex used to sync access to configuration data across the multiple go routines that we run in parallel
+	CloudConfigMutex sync.Mutex
+
+	// Polling data for the server, including mutex used to sync access to polling data across the go routines
+	PollingData *ServerDataPolling
+
+	// List of outgoing hostnames, their ports and number of hits, collected from the requests
+	Hostnames      map[string]map[uint32]uint64
+	HostnamesQueue Queue[string]
+
+	// Hostnames mutex used to sync access to hostnames data across the go routines
+	HostnamesMutex sync.Mutex
+
+	// List of routes and their methods and count of calls collect from the requests
+	// [method][route] = hits
+	Routes      map[string]map[string]*Route
+	RoutesQueue Queue[string]
+
+	// Routes mutex used to sync access to routes data across the go routines
+	RoutesMutex sync.Mutex
+
+	// Global stats data, including mutex used to sync access to stats data across the go routines
+	StatsData StatsDataType
+
+	// Rate limiting map, which holds the current rate limiting state for each configured route
+	// map[(method, route)] -> RateLimitingValue
+	// method can also be '*'
+	RateLimitingMap map[RateLimitingKey]*RateLimitingValue
+
+	// Rate limiting wildcard map, which holds the current rate limiting state for each configured wildcard route
+	// map[method] -> (RouteRegex, RateLimitingValue)
+	// method can also be '*'
+	RateLimitingWildcardMap map[RateLimitingKey]*RateLimitingWildcardValue
+
+	// Rate limiting mutex used to sync access across the go routines
+	RateLimitingMutex sync.RWMutex
+
+	// Users map, which holds the current users and their data
+	Users      map[string]User
+	UsersQueue Queue[string]
+
+	// Users mutex used to sync access across the go routines
+	UsersMutex sync.Mutex
+
+	// List of identified packages and their versions
+	Packages map[string]Package
+
+	// Packages mutex used to sync access to packages data across the go routines
+	PackagesMutex sync.Mutex
+
+	// MiddlewareInstalled boolean value to be reported on heartbeat events
+	MiddlewareInstalled uint32
+
+	// Got some request info passed via gRPC to the Agent
+	GotTraffic uint32
+
+	// Last time this server established a gRPC connection
+	LastConnectionTime int64
+
+	// Did we log a token error?
+	LoggedTokenError uint32
+
+	// Attacks detected events timestamps vector, used to limit the number of attacks reported to cloud
+	AttackDetectedEventsSentAt []int64
+
+	// Attack detected events timestamps vector mutex used to sync access across the go routines
+	AttackDetectedEventsSentAtMutex sync.Mutex
+}
+
+const MaxNumberOfStoredHostnames = 2000
+const MaxNumberOfStoredUsers = 2000
+const MaxNumberOfStoredRoutes = 5000
+
+func NewServerData() *ServerData {
+	return &ServerData{
+		Hostnames:               make(map[string]map[uint32]uint64),
+		HostnamesQueue:          NewQueue[string](MaxNumberOfStoredHostnames),
+		Routes:                  make(map[string]map[string]*Route),
+		RoutesQueue:             NewQueue[string](MaxNumberOfStoredRoutes),
+		RateLimitingMap:         make(map[RateLimitingKey]*RateLimitingValue),
+		RateLimitingWildcardMap: make(map[RateLimitingKey]*RateLimitingWildcardValue),
+		Users:                   make(map[string]User),
+		UsersQueue:              NewQueue[string](MaxNumberOfStoredUsers),
+		Packages:                make(map[string]Package),
+		PollingData:             NewServerDataPolling(),
+	}
+}

lib/agent/aikido_types/queue_test.go

@@ -2,6 +2,7 @@ package aikido_types
 
 import (
 	"testing"
+
 	"github.com/stretchr/testify/assert"
 )
 

lib/agent/cloud/cloud.go

@@ -2,28 +2,19 @@ package cloud
 
 import (
 	. "main/aikido_types"
-	"main/globals"
 	"main/utils"
-	"time"
 )
 
-var (
-	HeartbeatRoutineChannel     = make(chan struct{})
-	HeartBeatTicker             = time.NewTicker(10 * time.Minute)
-	ConfigPollingRoutineChannel = make(chan struct{})
-	ConfigPollingTicker         = time.NewTicker(1 * time.Minute)
-)
-
-func Init() {
-	SendStartEvent()
-	utils.StartPollingRoutine(HeartbeatRoutineChannel, HeartBeatTicker, SendHeartbeatEvent)
-	utils.StartPollingRoutine(ConfigPollingRoutineChannel, ConfigPollingTicker, CheckConfigUpdatedAt)
+func Init(server *ServerData) {
+	server.StatsData.StartedAt = utils.GetTime()
+	server.StatsData.MonitoredSinkTimings = make(map[string]MonitoredSinkTimings)
+	SendStartEvent(server)
 
-	globals.StatsData.StartedAt = utils.GetTime()
-	globals.StatsData.MonitoredSinkTimings = make(map[string]MonitoredSinkTimings)
+	utils.StartPollingRoutine(server.PollingData.HeartbeatRoutineChannel, server.PollingData.HeartbeatTicker, SendHeartbeatEvent, server)
+	utils.StartPollingRoutine(server.PollingData.ConfigPollingRoutineChannel, server.PollingData.ConfigPollingTicker, CheckConfigUpdatedAt, server)
 }
 
-func Uninit() {
-	utils.StopPollingRoutine(HeartbeatRoutineChannel)
-	utils.StopPollingRoutine(ConfigPollingRoutineChannel)
+func Uninit(server *ServerData) {
+	utils.StopPollingRoutine(server.PollingData.HeartbeatRoutineChannel)
+	utils.StopPollingRoutine(server.PollingData.ConfigPollingRoutineChannel)
 }