interfaces

Golang Reflection and Interfaces

Before diving into interfaces and reflection I want to give a bit of a background on the use case I had to apply them to.

Manage Struct metadata as form of JSON components

In most data designs data is still relational. Non Relational databases have their use case but when dealing with Account-User Management, RBAC and other relational data models a relational database still is the best tool of choice.
In an iterative development process all columns of a table might not be known before hand and having a framework to quickly iterate on top becomes very handy. For example; instead of having to add new columns to a table the concept of a JSON component column can be used where data points that are not searched can be stored in a JSON string, which allows for the data model to be defined at the application level. Projects like OpenStack and Rancher already follow that strategy.
UPDATE: MySQL version 5.7.8 introduced native support for JSON: https://dev.mysql.com/doc/refman/5.7/en/json.html

Implementing JSON components in Go

A StructTag can be used to define which attributes should be stored in the JSON component.
When persisting the struct to the database the component attributes would be added to the JSON Components string and only the Components string would be persisted to the database.

type Stack struct {  
    StringComponent string  `json:"stringComponent,omitempty" genesis:"component"`
    IntComponent    int `json:"intComponent,omitempty" genesis:"component"`
    BoolComponent   bool    `json:"boolComponent,omitempty" genesis:"component"`
    FloatComponent  float64 `json:"floatComponent,omitempty" genesis:"component"`
    Components  string
}

First attempt at Reflection

At first I created a method in the Stack type which would iterate over all its attributes and build up a JSON string based on the attributes that were tagged with the component StructTag

func (s *Stack) prep() {  
    components := map[string]interface{}{}
    fields := reflect.TypeOf(s).Elem()
    values := reflect.ValueOf(s).Elem()
    for i := 0; i < fields.NumField(); i++ {
        field := fields.Field(i)
        value := values.Field(i)
        if isComponent(field) {
            components[field.Name] = value.Interface()
        }
    }
    c, err := json.Marshal(components)
    if err != nil {
        fmt.Printf("Error creating components JSON object %v\n", err.Error())
    }
    jsonString := string(c[:])
    s.Components = jsonString
}

Go Playground sample

The main problem with the approach listed above is that the prep method is tied to the Stack struct and other structs can't reuse it.

Second attempt at Reflection

Instead of calling prep as a struct method, by making Prep a public function then any struct can be provided as an argument and the method will take care of building the JSON component string via reflection.

func Prep(obj interface{}) {  
    components := map[string]interface{}{}
    fields := reflect.TypeOf(obj).Elem()
    values := reflect.ValueOf(obj).Elem()
    for i := 0; i < fields.NumField(); i++ {
        field := fields.Field(i)
        value := values.Field(i)
        if isComponent(field) {
            components[field.Name] = value.Interface()
        }
    }
    c, err := json.Marshal(components)
    if err != nil {
        fmt.Printf("Error creating components JSON object %v\n", err.Error())
    }
    jsonString := string(c[:])
     values.FieldByName("Components").SetString(jsonString)
}

Go Playground sample

Some important points to keep in mind:

  • Go has static and underlying types
  • Difference between Types and Kinds:
    • A Kind represents the specific kind of type that a Type represents.
    • In other words, a Kind is the underlying type and the Type is the static type
    • Example: http://play.golang.org/p/jAczBqbx0a

Even though the obj argument is an empty interface, its Kind at runtime will be of Pointer and its Type of *Stack (or whatever struct is passed in)
That is important to understand since to manipulate struct fields with reflection you need to have a Struct Kind.
For example; the following statement would panic:

reflect.ValueOf(obj).NumField()  

or

reflect.ValueOf(obj).Field(0)  

Accessing a Struct from a Pointer

Initially this might seem a bit alien, however, I like to relate to how you can deference pointers in C.
In C you can use the -> notation to access the values a pointer points to:

#include<stdio.h>

struct Stack {  
  int x;
};

int main(void) {  
  struct Stack s; 
  struct Stack *p;
  p = &s;
  s.x = 1;
  printf("s.x %d\n", s.x); // 1
  printf("&s %p\n", &s); // address of s
  printf("p %p\n", p); // address of s
  printf("&p %p\n", &p); // address of pointer
  printf("*p.x %d\n", p->x); // 1
  return 0;
}

In Golang the concept is similar but the syntax is a bit different. You can use the Elem() method which returns the value the interface contains. In the case of a pointer it will return the object that is being referenced to.

reflect.ValueOf(obj).Elem()  

and since the pointer is pointing to a Struct the Field method can be utilized

reflect.ValueOf(obj).Elem().NumField()  
reflect.ValueOf(obj).Elem().Field(0)

Diving into Metasploit - Configuring local environment

This semester I have a great excuse to learn the Metasploit framework since it is a required topic for the course on Penetration Testing I’m taking at Seneca.

I want to document the steps of being introduced to metasploit from a software developer’s point of view.
I've never used metasploit before and the goal by the end of the semester if to be fairly fluent with the framework.

To get started I want to cover the environment installation.

1. Choosing virtualization tool

My dev machine is a mac, I’m running Mavericks.
There are a few options to virtualize an OS on a mac.
You could use Paralles, VMWare or VirtualBox. There is also the possibility of running containers but that’s the topic of another post.
So between the main three virtualization tools, hands down VirtualBox is the best  if you plan to run linux OS. It comes with pointer integration and drag and drop out of the box while Paralles and VMWare don’t. Also we can’t forget the fact that VirtualBox is free which makes even easier to get started with.

VirtualBox website

2. Planning network architecture

Once I had the tools in place to virtualize my environment it was time to plan out the network configuration.
I’m sticking with a very basic setup:
network: 10.10.0.0/24
static pool: 10.10.0.1-100
dhcp pool: 10.10.0.101-254
domain: dpi902.shogun
hosts: {osName}{number}

To create a network on VirtualBox is very simple, only a few steps required:
Screen Shot 2014-01-28 at 9.39.31 PM

Screen Shot 2014-01-28 at 9.39.27 PM

Screen Shot 2014-01-28 at 9.39.19 PM

To get more information on the network types supported by VirtualBox check out their manual:https://www.virtualbox.org/manual/ch06.html

3. Configure Interfaces

With the host-only network created, the next step is to configure the network interfaces of the VMs you’ll be using. I’m starting with Kali and Metasploitable-2

I like to set up as the eth0 the host-only network I’ll be configuring the static IPs.
eth2 I leave for the bridge interface where I’ll get internet connection whenever needed.
Screen Shot 2014-01-28 at 9.44.14 PM

Screen Shot 2014-01-28 at 9.44.08 PM
Since Kali and Metasploitable are debian base we can set static ips the same way we do it on ubuntu:

vim /etc/network/interfaces

 
 $: vim /etc/network/interfaces

 auto eth0  
 iface eth0 inet static  
 address 10.10.0.22  
 gateway 10.10.0.1  
 brodcast 10.10.0.255  
 netmask 255.255.255.0

auto eth1  
 iface eth1 inet dhcp

post-up route add default gw 10.0.0.1 metric 2  
 pre-down route del default gw 10.0.0.1  

A couple of things to note:

  1. By simply adding a virtual interface to VirtualBox doesn’t mean that it will be brought up by default by the network service, it needs to be brought up manually or configure in the interfaces file.
  2. I guess since I’m bridging eth1 the default gateway being used is from eth0, which doesn’t have internet connection. To circumvent the problem I just set the default gateway manually when the network service gets started. One issue I foresee with this is when I use a network with a segment different than 10.0.0.0. I’ll need to do some more readings on this topic but I’m thinking of configuring the gateway dynamically or setting the bridge interface on eth0. We’ll see.

So that’s pretty much it.
An environment to play around with metasploit

TODO:
Use the virtualbox api in conjunction with puppet to orchestrate the deployment/config of VMs in a test environment.