update SentryFlow

Signed-off-by: Jaehyun Nam <[email protected]>

.github/workflows/ci-test-py.yml

@@ -0,0 +1,52 @@
+name: ci-test-py
+on:
+  push:
+    branches: [main]
+  pull_request:
+    branches: [main]
+
+jobs:
+  py-pip-ai-sentryflow:
+    runs-on: ubuntu-20.04
+    steps:
+      - uses: actions/checkout@v3
+      - uses: actions/setup-python@v4
+        with:
+          python-version: '3.11'
+          cache: 'pip'
+
+      - name: check Python pip3 requirements
+        run: |
+          pip install -r requirements.txt
+        working-directory: ai-engine
+
+  py-lint-ai-sentryflow:
+    runs-on: ubuntu-20.04
+    steps:
+      - uses: actions/checkout@v3
+      - uses: actions/setup-python@v4
+        with:
+          python-version: '3.11'
+          cache: 'pip'
+
+      - name: Install dependencies
+        run: |
+          python -m pip install --upgrade pip
+          pip install -r requirements.txt
+        working-directory: ai-engine
+
+      - name: Lint with Ruff
+        run: |
+          pip install ruff
+          ruff --output-format=github .
+        continue-on-error: true
+        working-directory: ai-engine
+
+  py-pep8-ai-sentryflow:
+    runs-on: ubuntu-20.04
+    steps:
+      - uses: actions/checkout@v3
+      - name: 'Run PEP8'
+        uses: quentinguidee/pep8-action@v1
+        with:
+          arguments: '--max-line-length=120'

.github/workflows/sentryflow-pr-checks.yml

@@ -24,7 +24,12 @@ jobs:
           echo "tag=tmp" >> $GITHUB_OUTPUT
         fi
 
-    - name: Build Docker Image
+    - name: Build SentryFlow Docker Image
       working-directory: ./sentryflow
       run: |
          make TAG=${{ steps.tag.outputs.tag }} image
+
+    - name: Build SentryFlow AI Engine Docker Image
+      working-directory: ./ai-engine
+      run: |
+         make TAG=${{ steps.tag.outputs.tag }} build

.github/workflows/sentryflow-release-image.yml

@@ -30,11 +30,16 @@ jobs:
           echo "tag=tmp" >> $GITHUB_OUTPUT
         fi
 
-    - name: Build Docker Image
+    - name: Build SentryFlow Docker Image
       working-directory: ./sentryflow
       run: |
          make TAG=${{ steps.tag.outputs.tag }} image
 
+    - name: Build SentryFlow AI Engine Docker Image
+      working-directory: ./ai-engine
+      run: |
+         make TAG=${{ steps.tag.outputs.tag }} build
+
     # - name: Push Docker Image
     #   run: |
     #      docker push boanlab/sentryflow:${{ steps.tag.outputs.tag }}

.gitignore

@@ -1,3 +1 @@
 .DS_Store
-go.work
-go.work.sum

README.md

@@ -1,13 +1,12 @@
-
 # SentryFlow
 
-[![SentryFlow Docker Build](https://github.com/5GSEC/sentryflow/actions/workflows/sentryflow-release-image.yml/badge.svg)](https://github.com/5GSEC/sentryflow/actions/workflows/sentryflow-release-image.yml) [![CI Test](https://github.com/5GSEC/sentryflow/actions/workflows/ci-test-go.yml/badge.svg)](https://github.com/5GSEC/sentryflow/actions/workflows/ci-test-go.yml)
+[![SentryFlow Docker Build](https://github.com/5gsec/SentryFlow/actions/workflows/sentryflow-release-image.yml/badge.svg)](https://github.com/5gsec/SentryFlow/actions/workflows/sentryflow-release-image.yml) [![CI Test](https://github.com/5gsec/SentryFlow/actions/workflows/ci-test-go.yml/badge.svg)](https://github.com/5gsec/SentryFlow/actions/workflows/ci-test-go.yml) [![ci-test-py](https://github.com/5gsec/SentryFlow/actions/workflows/ci-test-py.yml/badge.svg)](https://github.com/5gsec/SentryFlow/actions/workflows/ci-test-py.yml)
 
 SentryFlow is a cloud-native system for API observability and security, specializing in log collection, metric production, and data exportation.
 
 ## Architecture Overview
 
-![Sentryflow Overview](docs/sentryflow_overview.png)
+![SentryFlow_Overview](docs/sentryflow_overview.png)
 
 ### Features
 - Generation of API Access Logs

ai-engine/.dockerignore

@@ -0,0 +1,6 @@
+.idea
+.git
+.gitignore
+protobuf
+Dockerfile
+__pycache__/

ai-engine/.gitignore

@@ -0,0 +1,3 @@
+.idea/
+__pycache__/
+protobuf/

ai-engine/Dockerfile

@@ -0,0 +1,28 @@
+# SPDX-License-Identifier: Apache-2.0
+
+# Dockerfile
+FROM ubuntu:latest
+
+RUN apt-get update && apt-get -y install python3 python3-pip wget git
+
+RUN git clone https://github.com/isu-kim/stringlifier.git
+WORKDIR ./stringlifier
+RUN pip install .
+
+RUN mkdir /app
+WORKDIR /app
+COPY /ai-engine .
+
+# Build protobuf for Python
+RUN pip install grpcio grpcio-tools
+RUN mkdir protobuf/
+COPY /protobuf ./protobuf
+
+# Due to python import bugs, we have to compile protoc using this command
+# Refer to https://github.com/protocolbuffers/protobuf/issues/1491#issuecomment-261621112 for more information on this
+RUN python3 -m grpc_tools.protoc --python_out=. --pyi_out=. --grpc_python_out=. -I=. protobuf/sentryflow_metrics.proto
+
+WORKDIR /app
+RUN pip install -r requirements.txt
+
+CMD ["python3", "ai-engine.py"]

ai-engine/Makefile

@@ -0,0 +1,9 @@
+# SPDX-License-Identifier: Apache-2.0
+
+IMAGE_NAME = 5gsec/sentryflow-ai-engine
+TAG = v0.1
+
+.PHONY: build
+
+build:
+	docker build -t $(IMAGE_NAME):$(TAG) -f ./Dockerfile ../

ai-engine/ai-engine.py

@@ -0,0 +1,94 @@
+import os
+import grpc
+
+from stringlifier.api import Stringlifier
+from concurrent import futures
+
+from protobuf import sentryflow_metrics_pb_grpc
+from protobuf import sentryflow_metrics_pb
+
+
+class HandlerServer:
+    """
+    Class for gRPC Servers
+    """
+    def __init__(self):
+        try:
+            self.listen_addr = os.environ["AI_ENGINE_ADDRESS"]
+        except KeyError:
+            self.listen_addr = "0.0.0.0:5000"
+
+        self.server = None
+        self.grpc_servers = list()
+
+    def init_grpc_servers(self):
+        """
+        init_grpc_servers method that initializes and registers gRPC servers
+        :return: None
+        """
+        self.server = grpc.server(futures.ThreadPoolExecutor(max_workers=10))
+        self.grpc_servers.append(APIClassificationServer())  # @todo: make this configurable
+
+        grpc_server: GRPCServer
+        for grpc_server in self.grpc_servers:
+            grpc_server.register(self.server)
+
+    def serve(self):
+        """
+        serve method that starts serving gRPC servers, this is blocking function.
+        :return: None
+        """
+        self.server.add_insecure_port(self.listen_addr)
+
+        print("[INFO] Starting to serve on {}".format(self.listen_addr))
+        self.server.start()
+        self.server.wait_for_termination()
+
+
+class GRPCServer:
+    """
+    Abstract class for an individual gRPC Server
+    """
+    def register(self, server):
+        """
+        register method that registers gRPC service to target server
+        :param server: The server
+        :return: None
+        """
+        pass
+
+
+class APIClassificationServer(sentryflow_metrics_pb2_grpc.SentryFlowMetricsServicer, GRPCServer):
+    """
+    Class for API Classification Server using Stringlifier
+    """
+
+    def __init__(self):
+        self.stringlifier = Stringlifier()
+        print("[Init] Successfully initialized APIClassificationServer")
+
+    def register(self, server):
+        sentryflow_metrics_pb2_grpc.add_SentryFlowMetricsServicer_to_server(self, server)
+
+    def GetAPIClassification(self, request_iterator, context):
+        """
+        GetAPIClassification method that runs multiple API ML Classification at once
+        :param request_iterator: The requests
+        :param context: The context
+        :return: The results
+        """
+
+        for req in request_iterator:
+            paths = req.paths
+            ml_results = self.stringlifier(paths)
+            print("{} -> {}".format(paths, ml_results))
+
+            results = [sentryflow_metrics_pb2.APIClassificationSingleResponse(merged=ml_result, fields=[]) for ml_result
+                       in ml_results]
+            yield sentryflow_metrics_pb2.APIClassificationResponse(response=results)
+
+
+if __name__ == '__main__':
+    hs = HandlerServer()
+    hs.init_grpc_servers()
+    hs.serve()

contribution/vagrant/setup.sh

@@ -4,10 +4,18 @@
 git clone https://github.com/boanlab/tools.git
 
 # Install Docker
-bash tools/containers/install-docker.sh
+bash tools/containers/install-containerd.sh
 
 # Install Kubeadm
-bash tools/kubernetes/install-kubeadm.sh
+sudo apt-get update
+sudo apt-get install -y apt-transport-https ca-certificates curl gpg
+curl -fsSL https://pkgs.k8s.io/core:/stable:/v1.24/deb/Release.key | sudo gpg --dearmor -o /etc/apt/keyrings/kubernetes-apt-keyring.gpg
+echo 'deb [signed-by=/etc/apt/keyrings/kubernetes-apt-keyring.gpg] https://pkgs.k8s.io/core:/stable:/v1.24/deb/ /' | sudo tee /etc/apt/sources.list.d/kubernetes.list
+sudo sysctl -w net.ipv4.ip_forward=1
+sudo swapoff -a
+sudo apt-get update
+sudo apt-get install -y kubelet kubeadm kubectl
+sudo apt-mark hold kubelet kubeadm kubectl
 
 # Disable Swap
 sudo swapoff -a

deployments/sentryflow.yaml

@@ -8,6 +8,43 @@ metadata:
     pod-security.kubernetes.io/enforce: privileged
     pod-security.kubernetes.io/warn: privileged
 ---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: ai-engine
+  namespace: sentryflow
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: ai-engine
+  template:
+    metadata:
+      labels:
+        app: ai-engine
+    spec:
+      containers:
+      - name: sentryflow
+        image: 5gsec/sentryflow-ai-engine:v0.1
+        ports:
+        - containerPort: 5000
+          protocol: TCP
+          name: grpc-sentryflow
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: ai-engine
+  namespace: sentryflow
+spec:
+  selector:
+    app: ai-engine
+  ports:
+    - protocol: TCP
+      port: 5000
+      targetPort: 5000
+      name: grpc-sentryflow    
+---
 apiVersion: v1
 kind: ServiceAccount
 metadata:
@@ -54,7 +91,7 @@ spec:
       serviceAccountName: sa-sentryflow
       containers:
       - name: sentryflow
-        image: 5gsec/sentryflow:v0.0.1
+        image: 5gsec/sentryflow:v0.1
         ports:
         - containerPort: 4317
           protocol: TCP

protobuf/.gitignore

@@ -1,2 +1,3 @@
 .idea/
-*.pb.go
+*.pb.go
+*.tar

protobuf/Makefile

@@ -1,4 +1,4 @@
-PROTO:=sentryflow.proto
+PROTO:=sentryflow.proto sentryflow_metrics.proto
 PBGO:=$(PROTO:.proto=.pb.go)
 
 .PHONY: build
@@ -13,4 +13,4 @@ go.sum: go.mod
 
 .PHONY: clean
 clean:
-	rm -f go.sum *.pb.go
+	rm -f go.sum *.pb.go

protobuf/go.mod

@@ -3,14 +3,14 @@ module github.com/5GSEC/sentryflow/protobuf
 go 1.19
 
 require (
-	google.golang.org/grpc v1.62.1
-	google.golang.org/protobuf v1.33.0
+	google.golang.org/grpc v1.61.1
+	google.golang.org/protobuf v1.32.0
 )
 
 require (
 	github.com/golang/protobuf v1.5.3 // indirect
-	golang.org/x/net v0.20.0 // indirect
-	golang.org/x/sys v0.16.0 // indirect
+	golang.org/x/net v0.18.0 // indirect
+	golang.org/x/sys v0.14.0 // indirect
 	golang.org/x/text v0.14.0 // indirect
-	google.golang.org/genproto/googleapis/rpc v0.0.0-20240123012728-ef4313101c80 // indirect
+	google.golang.org/genproto/googleapis/rpc v0.0.0-20231106174013-bbf56f31fb17 // indirect
 )

protobuf/go.sum

@@ -2,19 +2,19 @@ github.com/golang/protobuf v1.5.0/go.mod h1:FsONVRAS9T7sI+LIUmWTfcYkHO4aIWwzhcaS
 github.com/golang/protobuf v1.5.3 h1:KhyjKVUg7Usr/dYsdSqoFveMYd5ko72D+zANwlG1mmg=
 github.com/golang/protobuf v1.5.3/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY=
 github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
-golang.org/x/net v0.20.0 h1:aCL9BSgETF1k+blQaYUBx9hJ9LOGP3gAVemcZlf1Kpo=
-golang.org/x/net v0.20.0/go.mod h1:z8BVo6PvndSri0LbOE3hAn0apkU+1YvI6E70E9jsnvY=
-golang.org/x/sys v0.16.0 h1:xWw16ngr6ZMtmxDyKyIgsE93KNKz5HKmMa3b8ALHidU=
-golang.org/x/sys v0.16.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
+github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI=
+golang.org/x/net v0.18.0 h1:mIYleuAkSbHh0tCv7RvjL3F6ZVbLjq4+R7zbOn3Kokg=
+golang.org/x/net v0.18.0/go.mod h1:/czyP5RqHAH4odGYxBJ1qz0+CE5WZ+2j1YgoEo8F2jQ=
+golang.org/x/sys v0.14.0 h1:Vz7Qs629MkJkGyHxUlRHizWJRG2j8fbQKjELVSNhy7Q=
+golang.org/x/sys v0.14.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
 golang.org/x/text v0.14.0 h1:ScX5w1eTa3QqT8oi6+ziP7dTV1S2+ALU0bI+0zXKWiQ=
 golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU=
 golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
-google.golang.org/genproto v0.0.0-20240123012728-ef4313101c80 h1:KAeGQVN3M9nD0/bQXnr/ClcEMJ968gUXJQ9pwfSynuQ=
-google.golang.org/genproto/googleapis/rpc v0.0.0-20240123012728-ef4313101c80 h1:AjyfHzEPEFp/NpvfN5g+KDla3EMojjhRVZc1i7cj+oM=
-google.golang.org/genproto/googleapis/rpc v0.0.0-20240123012728-ef4313101c80/go.mod h1:PAREbraiVEVGVdTZsVWjSbbTtSyGbAgIIvni8a8CD5s=
-google.golang.org/grpc v1.62.1 h1:B4n+nfKzOICUXMgyrNd19h/I9oH0L1pizfk1d4zSgTk=
-google.golang.org/grpc v1.62.1/go.mod h1:IWTG0VlJLCh1SkC58F7np9ka9mx/WNkjl4PGJaiq+QE=
+google.golang.org/genproto/googleapis/rpc v0.0.0-20231106174013-bbf56f31fb17 h1:Jyp0Hsi0bmHXG6k9eATXoYtjd6e2UzZ1SCn/wIupY14=
+google.golang.org/genproto/googleapis/rpc v0.0.0-20231106174013-bbf56f31fb17/go.mod h1:oQ5rr10WTTMvP4A36n8JpR1OrO1BEiV4f78CneXZxkA=
+google.golang.org/grpc v1.61.1 h1:kLAiWrZs7YeDM6MumDe7m3y4aM6wacLzM1Y/wiLP9XY=
+google.golang.org/grpc v1.61.1/go.mod h1:VUbo7IFqmF1QtCAstipjG0GIoq49KvMe9+h1jFLBNJs=
 google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw=
 google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc=
-google.golang.org/protobuf v1.33.0 h1:uNO2rsAINq/JlFpSdYEKIZ0uKD/R9cpdv0T+yoGwGmI=
-google.golang.org/protobuf v1.33.0/go.mod h1:c6P6GXX6sHbq/GpV6MGZEdwhWPcYBgnhAHhKbcUYpos=
+google.golang.org/protobuf v1.32.0 h1:pPC6BG5ex8PDFnkbrGU3EixyhKcQ2aDuBS36lqK/C7I=
+google.golang.org/protobuf v1.32.0/go.mod h1:c6P6GXX6sHbq/GpV6MGZEdwhWPcYBgnhAHhKbcUYpos=