feat: add threatbook__hfish service package for ThreatBook HFish honeypot#462
feat: add threatbook__hfish service package for ThreatBook HFish honeypot#462boy331 wants to merge 21 commits into
Conversation
- ListAttackIPs, ListAttackDetails, ListAttackAccounts, GetSystemInfo - Full test coverage with mock upstream (29 tests) - Real device tested against HFish v3.3.6 - Add bin entry, package.json registration, and dispatcher mapping Ref: chaitin#233
- Replace non-standard timeoutMs with AbortSignal.timeout()
- Replace non-standard insecureSkipVerify/tlsInsecureSkipVerify
with agent: https.Agent({ rejectUnauthorized: false })
- Improve timeout error differentiation
…instead of https.Agent The https.Agent + agent option is silently ignored by Node.js native fetch (undici), making skipTlsVerify ineffective. Use the OctoBus runtime convention (insecureSkipVerify/tlsInsecureSkipVerify as fetch options) which is supported by all existing merged service packages. Also addresses reviewer feedback about creating a new https.Agent on every fetch call - the tlsOptions() function is lightweight and stateless, eliminating unnecessary resource overhead.
…s runtime 1. extractApiKey: prefer bindings (secret/config) over request, because gRPC proto string fields default to "" which firstDefined treats as defined, shadowing the real secret value from bindings. 2. TLS skip: set NODE_TLS_REJECT_UNAUTHORIZED=0 when skipTlsVerify is true, because Node.js native fetch (undici) ignores the insecureSkipVerify/tlsInsecureSkipVerify fetch options. 3. bin/threatbook-hfish.js: add execute permission. 4. Update tests to match new extractApiKey behavior. Co-Authored-By: Claude <noreply@anthropic.com>
1. npm test 29/29 pass 2. OctoBus instance list (hfish registered, running, has secret) 3. gRPC GetSystemInfo/ListAttackIPs through OctoBus daemon 4. access.log audit trail proving OctoBus daemon routing Co-Authored-By: Claude <noreply@anthropic.com>
…ation from rpcdef The previous implementation set process.env.NODE_TLS_REJECT_UNAUTHORIZED='0' inside rpcdef on every call when skipTlsVerify=true. This is a global, irreversible side effect that disables TLS verification for the entire Node.js process — affecting all services, handlers, and even third-party library HTTPS calls. If different instances have different skipTlsVerify configs, one instance's skip would break another's security. Instead: - Remove the process.env mutation entirely - Keep insecureSkipVerify/tlsInsecureSkipVerify as fetch options (OctoBus runtime convention) - Add a console.warn when skipTlsVerify=true but NODE_TLS_REJECT_UNAUTHORIZED is not set externally, so operators know to configure it at process startup (e.g. via OctoBus daemon setting the env var before spawning the subprocess) Co-Authored-By: Claude <noreply@anthropic.com>
Co-Authored-By: Claude <noreply@anthropic.com>
- Change SKIP_TLS default to false (opt-in via SKIP_TLS=true) - Pass req parameter to rpcdef method calls for pagination support - Add non-zero exit code on test failure for CI detection Co-Authored-By: Claude <noreply@anthropic.com>
…ME api_key priority, remove duplicate root screenshots - ListAttackDetails now passes ip and type query parameters from the proto request to the HFish API (previously defined in proto but silently ignored by the handler) - README api_key priority description now matches the actual code behavior: bindings (secret/config) take precedence over request values, because gRPC proto3 string fields default to "" which would shadow the real secret - Removed duplicate screenshots/ directory at repo root; the canonical screenshots are in docs/screenshots/ Co-Authored-By: Claude <noreply@anthropic.com>
…_EXCEEDED for timeouts 1. throwForHttpError: stop leaking upstream response body into gRPC error messages. Log to console.error (truncated 500 chars) server-side only, return only HTTP status code in gRPC error. This aligns with the fix applied in DongTai IAST PR chaitin#340. 2. Separate 401 → UNAUTHENTICATED vs 403 → PERMISSION_DENIED (previously both mapped to PERMISSION_DENIED). 3. Timeout errors now throw DEADLINE_EXCEEDED instead of UNAVAILABLE. The grpcCodeFor mapping already existed but was never used. 4. Add tests: 401 UNAUTHENTICATED, 403 PERMISSION_DENIED, timeout DEADLINE_EXCEEDED, throwForHttpError no-leak verification. Co-Authored-By: Claude <noreply@anthropic.com>
6e48570 to
49e67d9
Compare
|
PR Title: docs(hfish): 补充 issue #276 验证截图 Commit: 本次 PR 主要包含:1) 新增 ThreatBook HFish 蜜罐 OctoBus 服务(proto、REST 代理、测试、mock、文档);2) 批量升级 octobus-sdk 从 ^0.5.0 到 ^0.6.0;3) 修复多个服务中 |
| })[code] ?? grpcStatus.UNKNOWN; | ||
|
|
||
| const errorWithCode = (code, message) => { | ||
| const err = new GrpcError(grpcCodeFor(code), `${code}: ${message}`); |
There was a problem hiding this comment.
HFish grpcCodeFor 缺少 UNAUTHENTICATED 映射,导致 HTTP 401 错误被错误映射为 gRPC UNKNOWN
grpcCodeFor 函数中未包含 UNAUTHENTICATED 的映射。当上游返回 HTTP 401 时,throwForHttpError 会调用 errorWithCode('UNAUTHENTICATED', ...),但 grpcCodeFor('UNAUTHENTICATED') 返回 undefined,最终通过 ?? grpcStatus.UNKNOWN 回退为 gRPC UNKNOWN 状态码。这导致 HTTP 401 认证失败错误被错误地映射为 UNKNOWN,而不是正确的 UNAUTHENTICATED。现有测试仅通过正则匹配 error message 中的字符串 'UNAUTHENTICATED',因此无法发现该 gRPC code 映射错误。
Problem code:
Changed code at services/threatbook__hfish/src/hfish.js:25-32
Recommendation:
Revise the changed logic at services/threatbook__hfish/src/hfish.js:25-32 so this issue no longer occurs.
Suggested diff:
@@ -25,6 +25,7 @@ const grpcCodeFor = (code) => ({
INVALID_ARGUMENT: grpcStatus.INVALID_ARGUMENT,
FAILED_PRECONDITION: grpcStatus.FAILED_PRECONDITION,
PERMISSION_DENIED: grpcStatus.PERMISSION_DENIED,
+ UNAUTHENTICATED: grpcStatus.UNAUTHENTICATED,
UNAVAILABLE: grpcStatus.UNAVAILABLE,
DEADLINE_EXCEEDED: grpcStatus.DEADLINE_EXCEEDED,
})[code] ?? grpcStatus.UNKNOWN;|
PR Title: docs(hfish): 补充 issue #276 验证截图 Commit: 本次变更仅修改了 |
|
PR Title: docs(hfish): 补充 issue #276 验证截图 Commit: 本次变更新增了一个本地联调验证脚本 |
|
PR Title: feat: add threatbook__hfish service package for Th... Commit: 本次修改仅涉及一个文件
经过审查,新引入的 |
|
PR Title: feat: add threatbook__hfish service package for Th... Commit: 本次 PR 仅移除了 20 张二进制截图文件(位于 |
|
补充说明:当前请以本 PR 最新标题、正文、 |
The CI validate script forbids .png/.jpg/.webp files in service packages. Move screenshots to a dedicated hosting branch and reference them via raw.githubusercontent.com absolute URLs in README.md. Co-Authored-By: Claude <noreply@anthropic.com>
|
PR Title: feat: add threatbook__hfish service package for Th... Commit: 本次 PR 移除了 |
| - `page` defaults to 1, `limit` defaults to 20. | ||
| - HFish API response codes: `0` = success, `1003` = authentication failure (maps to `PERMISSION_DENIED`). | ||
|
|
||
| ## Verification Screenshots |
There was a problem hiding this comment.
README 外部截图 URL 使用分支引用,存在链接失效与外部依赖风险
README 中新增的 6 张外部截图 URL 均使用 raw.githubusercontent.com/boy331/OctoBus/docs/hfish-screenshots-hosting/... 这样的分支引用格式。分支引用是可变的:一旦该分支被删除、重命名或 force-push,所有图片链接将立即失效(404)。此外,这些资源托管在 boy331 这一外部个人仓库上,脱离了本组织的控制范围,若该仓库被删除、私有化或账号变动,文档中的截图将永久不可访问。这引入了明确且可预见的未来维护风险。
Problem code:
Changed code at services/threatbook__hfish/README.md:57-94
Recommendation:
将图片 URL 从分支引用替换为固定 commit SHA(如 https://raw.githubusercontent.com/boy331/OctoBus/<commit-sha>/docs/hfish-screenshots/...),或者将图片迁移至组织可控的稳定托管(如 GitHub Release assets、组织 Wiki 或 CDN),以消除分支变动导致文档截图全部失效的风险。
Suggested diff:
--- a/services/threatbook__hfish/README.md
+++ b/services/threatbook__hfish/README.md
@@ -55,32 +55,32 @@ Requests may still pass `api_key` or `apiKey`; configured secret values take pre
## Verification Screenshots
### HFish Setup & Instance
-
+
HFish honeypot management console showing deployed instance and service status.
### npm test Passing
-
+
All unit tests passing for the `threatbook__hfish` service package.
### Reflection & CapSet Instance
-
+
OctoBus reflection API returning the CapSet instance for HFish service validation.
### Four RPCs via OctoBus
-
+
All four RPC methods (`ListAttackIPs`, `ListAttackDetails`, `ListAttackAccounts`, `GetSystemInfo`) successfully invoked through OctoBus.
### Direct API vs OctoBus jsonName Mapping
-
+
Side-by-side comparison: direct HFish API call vs. OctoBus RPC with `jsonName` field mapping, confirming consistent response structure.
### Access Log (NDJSON)
-
+
OctoBus access log showing NDJSON-formatted request/response entries for HFish RPC calls.
Summary
补充
services/threatbook__hfish的本地 OctoBus 联调验证结果,并更新当前可被真实运行结果直接支撑的说明。关闭 #276。
Service Overview
services/threatbook__hfishapiKeylong-runningservices/screenshot-hfish-verify.shRPC Methods
当前 service package 暴露 4 个 RPC,均为只读查询方法:
GetSystemInfo— 获取 HFish 系统信息ListAttackIPs— 获取攻击 IP 列表ListAttackDetails— 获取攻击详情列表ListAttackAccounts— 获取攻击账号列表Verification
本次已基于本地 OctoBus daemon 和本地 HFish 上游完成真实联调验证,确认结果如下:
npm test -- --service-dir threatbook__hfish通过ThreatBook_HFISH.ThreatBook_HFISHoctobus capset list-methods可见 4 个 RPC 全部绑定到本地实例GetSystemInfo已通过本地 OctoBus 中转调用成功ListAttackIPs已通过本地 OctoBus 中转调用成功ListAttackDetails已通过本地 OctoBus 中转调用成功ListAttackAccounts已通过本地 OctoBus 中转调用成功access.logNDJSON 已记录上述调用,包含capset、service、instance、method、route、grpc_code等 OctoBus 特有字段snake_case字段,经 OctoBus gRPC 返回 protobuf JSONlowerCamelCase字段,可作为经过 OctoBus 协议转换的佐证Evidence
1. 定向测试通过
2. 本地实例已导入并运行
3. gRPC reflection、capset 和实例绑定
4. 4 个 RPC 经本地 OctoBus 中转调用成功
5. access.log NDJSON 中转证据
6. 直连 HFish 与经 OctoBus 的字段名对照
复验脚本:
Known Limitations
ListAttackIPs、ListAttackAccounts在本次真实环境下返回空结果时,grpc_code仍为OK,说明链路成功,返回内容取决于当前上游实际数据Statement
以上内容均基于本地真实 OctoBus 联调结果和真实上游返回整理,不包含任何编造、捏造或手工伪造的 runtime 证据。