[monitor] 可疑文件去重

2026-04-08 15:16:23 +08:00 · 2026-04-08 15:16:23 +08:00 · 99e314c925
parent 13f46f4405
commit 99e314c925
1 changed files with 72 additions and 18 deletions
--- a/internal/monitor/detector/file_detector.go
+++ b/internal/monitor/detector/file_detector.go
@ -1,6 +1,10 @@
 package detector

 import (
+	"bufio"
+	"os"
+	"path/filepath"
+	"strings"
 	"sync"
 	"sysmonitord/internal/config"
 	"sysmonitord/internal/scanner/hash"
@ -14,6 +18,7 @@ import (
 type FileDetector struct {
 	cfg          *config.Config
 	whiteList    map[string]string
+	dubiousCache map[string]string
 	storageDir   string
 	mu           sync.RWMutex
 	timer        map[string]*time.Timer
@ -26,14 +31,50 @@ func NewFileDetector(cfg *config.Config) (*FileDetector, error) {
 		storageDir:   cfg.Storage.DataDir,
 		timer:        make(map[string]*time.Timer),
 		debDuration:  1 * time.Second,
+		dubiousCache: make(map[string]string),
 	}

 	if err := d.loadWhiteList(); err != nil {
 		return nil, err
 	}
+
+	if err := d.loadDubiousCache(); err != nil {
+		logger.Log.Warn("[monitor] 加载可疑文件缓存失败，使用空缓存...", zap.Error((err)))
+	}
+
 	return d, nil
 }

+func (d *FileDetector) loadDubiousCache() error {
+	filePath := filepath.Join(d.storageDir, d.cfg.Storage.DubiousFileListFile)
+
+	if _, err := os.Stat(filePath); os.IsNotExist(err) {
+		return nil
+	}
+
+	file, err := os.Open(filePath)
+	if err != nil {
+		return err
+	}
+	defer file.Close()
+
+	scanner := bufio.NewScanner(file)
+	for scanner.Scan() {
+		line := scanner.Text()
+		if line == "" || strings.HasPrefix(line, "#") {
+			continue
+		}
+
+		parts := strings.Split(line, ":")
+		if len(parts) >= 2 {
+			d.dubiousCache[parts[0]] = parts[1]
+		}
+	}
+
+	logger.Log.Debug("[monitor] 可疑文件缓存加载成功", zap.Int("count", len(d.dubiousCache)))
+	return scanner.Err()
+}
+
 func (d *FileDetector) loadWhiteList() error {
 	whiteMap, err := storage.LoadFileSystemWhitelist(d.cfg.Storage.DataDir, d.cfg.Storage.FileSystemFile)
 	if err != nil {
@ -105,6 +146,15 @@ func (d *FileDetector) processEvent(eventPath string) {
 	}

 	if isSuspicious {
+		d.mu.Lock()
+
+		cachedHash, exist := d.dubiousCache[eventPath]
+
+		if !exist || cachedHash != curHash {
+			d.dubiousCache[eventPath] = curHash
+
+			d.mu.Unlock()
+
 			logger.Log.Warn("[monitor] 可疑文件事件", zap.String("path", eventPath), zap.String("reason", reason), zap.String("hash", curHash))
 			dubiousInfo := storage.DubiousFileInfo{
 				Path:         eventPath,
@ -114,5 +164,9 @@ func (d *FileDetector) processEvent(eventPath string) {
 			if err := storage.SaveDubiousFiles(dubiousInfo, d.storageDir, d.cfg.Storage.DubiousFileListFile); err != nil {
 				logger.Log.Error("[monitor] 保存可疑文件信息失败", zap.String("path", eventPath), zap.Error(err))
 			}
+		} else {
+			d.mu.Unlock()
+			logger.Log.Debug("[monitor] 文件事件已存在于可疑缓存中，忽略重复事件", zap.String("path", eventPath), zap.String("reason", reason), zap.String("hash", curHash))
+		}
 	}
 }