gfwleak/appsketch-works-asw-controller
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix: 调整 application export 格式,asw condition 和 tsg object 一对一

Browse Source
This commit is contained in:
shizhendong
2024-09-12 18:08:29 +08:00
parent 9706eee814
commit 2df576ab10
1 changed files with 190 additions and 174 deletions
Download Patch File Download Diff File Expand all files Collapse all files

364
src/main/java/net/geedge/asw/module/app/service/impl/TSGApplicationServiceImpl.java
View File

@@ -159,53 +159,56 @@ public class TSGApplicationServiceImpl implements ITSGApplicationService {
.build();
List<Integer> source_object_ids = T.ListUtil.list(true);
// sig_objects
JSONArray items = conditionJSONObj.getJSONArray("items");
for (Object item : items) {
String name = T.MapUtil.getStr((JSONObject) item, "item");
String objectType = attributeEntity.getObjectType();
if ("application" .equalsIgnoreCase(objectType)) continue;
String conditionType = attributeEntity.getObjectType();
if ("application".equalsIgnoreCase(conditionType)) {
continue;
} else if ("boolean".equals(conditionType)) {
items.stream()
.map(obj -> (JSONObject) obj)
.forEach(item -> {
String itemValue = T.MapUtil.getStr((JSONObject) item, "item");
if ("True".equalsIgnoreCase(itemValue)) {
source_object_ids.add(2);
} else if ("False".equalsIgnoreCase(itemValue)) {
source_object_ids.add(3);
}
});
} else if ("ip_protocol".equals(conditionType)) {
items.stream()
.map(obj -> (JSONObject) obj)
.forEach(item -> {
String itemValue = T.MapUtil.getStr((JSONObject) item, "item");
if ("ICMP".equalsIgnoreCase(itemValue)) {
source_object_ids.add(5);
} else if ("TCP".equalsIgnoreCase(itemValue)) {
source_object_ids.add(6);
} else if ("UDP".equalsIgnoreCase(itemValue)) {
source_object_ids.add(7);
}
});
} else {
String name = T.MapUtil.getStr((JSONObject) items.getFirst(), "item");
Map<Object, Object> sig_object = T.MapUtil.builder()
.put("id", sig_object_id)
.put("source_id", sig_object_id)
.put("name", name)
.put("source_name", name)
.put("type", conditionType)
.put("sub_type", attributeEntity.getType())
.put("member_type", "item")
.put("uuid", T.IdUtil.fastSimpleUUID())
.put("statistics_option", "none")
.build();
if ("boolean" .equals(objectType)) {
String itemValue = T.MapUtil.getStr((JSONObject) item, "item");
if ("True" .equalsIgnoreCase(itemValue)) {
source_object_ids.add(2);
} else if ("False" .equalsIgnoreCase(itemValue)) {
source_object_ids.add(3);
} else {
continue;
}
} else if ("ip_protocol" .equals(objectType)) {
String itemValue = T.MapUtil.getStr((JSONObject) item, "item");
if ("ICMP" .equalsIgnoreCase(itemValue)) {
source_object_ids.add(5);
} else if ("TCP" .equalsIgnoreCase(itemValue)) {
source_object_ids.add(6);
} else if ("UDP" .equalsIgnoreCase(itemValue)) {
source_object_ids.add(7);
} else {
continue;
}
} else {
source_object_ids.add(sig_object_id);
Map<Object, Object> member = this.buildTSG2402SignaturesMember(attributeEntity, items);
sig_object.put("member", member);
Map<Object, Object> member = this.buildTSG2402SignaturesMember(attributeEntity, (JSONObject) item);
Map<Object, Object> sig_object = T.MapUtil.builder()
.put("id", sig_object_id)
.put("source_id", sig_object_id)
.put("name", name)
.put("source_name", name)
.put("type", objectType)
.put("sub_type", attributeEntity.getType())
.put("member_type", "item")
.put("member", member)
.put("uuid", T.IdUtil.fastSimpleUUID())
.put("statistics_option", "none")
.build();
sig_objects.add(sig_object);
}
sig_objects.add(sig_object);
source_object_ids.add(sig_object_id);
sig_object_id++;
}
@@ -217,8 +220,10 @@ public class TSGApplicationServiceImpl implements ITSGApplicationService {
and_conditions.add(and_condition_item);
}
m.put("and_conditions", and_conditions);
signatures.add(m);
if (T.CollUtil.isNotEmpty(and_conditions)) {
m.put("and_conditions", and_conditions);
signatures.add(m);
}
}
}
sig_objects.add(T.JSONUtil.parseObj("""
@@ -298,139 +303,143 @@ public class TSGApplicationServiceImpl implements ITSGApplicationService {
return m;
}
private Map<Object, Object> buildTSG2402SignaturesMember(AttributeEntity attributeEntity, JSONObject item) {
private Map<Object, Object> buildTSG2402SignaturesMember(AttributeEntity attributeEntity, JSONArray itemArr) {
List<Object> list = T.ListUtil.list(true);
String objectType = attributeEntity.getObjectType().toLowerCase();
switch (objectType) {
case "keywords":
case "http_signature": {
String str = item.getStr("item");
List<String> patternExprList = T.ListUtil.list(true);
patternExprList.add(str);
itemArr.stream()
.map(obj -> (JSONObject) obj)
.forEach(item -> {
String objectType = attributeEntity.getObjectType().toLowerCase();
switch (objectType) {
case "keywords":
case "http_signature": {
String str = item.getStr("item");
List<String> patternExprList = T.ListUtil.list(true);
patternExprList.add(str);
// 0 -> 无表达式1 -> 与表达式2 -> 正则表达式3、带偏移量的子串匹配
int expr_type = 0;
String exprType = item.getStr("exprType", "and");
if ("and" .equalsIgnoreCase(exprType)) {
patternExprList = T.StrUtil.split(str, "&");
if (patternExprList.size() > 1) {
expr_type = 1;
// 0 -> 无表达式1 -> 与表达式2 -> 正则表达式3、带偏移量的子串匹配
int expr_type = 0;
String exprType = item.getStr("exprType", "and");
if ("and".equalsIgnoreCase(exprType)) {
patternExprList = T.StrUtil.split(str, "&");
if (patternExprList.size() > 1) {
expr_type = 1;
}
} else if ("regex".equalsIgnoreCase(exprType)) {
expr_type = 2;
}
JSONArray patternArr = new JSONArray();
for (String expr : patternExprList) {
JSONObject pattern = new JSONObject();
pattern.put("keywords", expr);
Map<String, String> rangeVarMap = this.getRangeVarFromExpr(expr);
if (T.MapUtil.isNotEmpty(rangeVarMap)) {
expr_type = 3;
pattern.put("keywords", expr.replaceAll("^\\(.*?\\)", ""));
pattern.put("offset", T.MapUtil.getInt(rangeVarMap, "offset"));
pattern.put("depth", T.MapUtil.getInt(rangeVarMap, "depth"));
}
patternArr.add(pattern);
}
if ("keywords".equals(objectType)) {
Map<Object, Object> m = T.MapUtil.builder()
.put("string", T.MapUtil.builder()
.put("item_type", "keywords")
.put("expr_type", expr_type)
.put("is_hexbin", 0)
.put("patterns", patternArr)
.build()
).build();
list.add(m);
}
if ("http_signature".equals(objectType)) {
Map<Object, Object> m = T.MapUtil.builder()
.put("contextual_string", T.MapUtil.builder()
.put("expr_type", expr_type)
.put("is_hexbin", 0)
.put("context_name", item.getStr("district", "Set-Cookie"))
.put("patterns", patternArr)
.build()
)
.build();
list.add(m);
}
break;
}
case "url":
case "fqdn": {
Map<Object, Object> m = T.MapUtil.builder()
.put("string", T.MapUtil.builder()
.put("item_type", objectType)
.put("expr_type", 0)
.put("is_hexbin", 0)
.put("patterns", T.ListUtil.of(
new JSONObject().put("keywords", item.getStr("item"))
))
.build()
)
.build();
list.add(m);
break;
}
case "ip": {
String str = item.getStr("item");
String ip = str;
String port = "0-65535";
if (str.contains("#")) {
ip = str.split("#")[0];
port = str.split("#")[1];
}
Map<Object, Object> m = T.MapUtil.builder()
.put("ip", T.MapUtil.builder()
.put("addr_type", Validator.isIpv4(str) ? 4 : 6)
.put("port", port)
.put("ip_address", ip)
.build()
)
.build();
list.add(m);
break;
}
case "port": {
String port = item.getStr("item");
Map<Object, Object> m = T.MapUtil.builder()
.put("port", new JSONObject().put("port", port))
.build();
if (port.contains("-")) {
m.put("port", new JSONObject().put("port_range", port));
}
list.add(m);
break;
}
case "interval": {
String str = item.getStr("item");
String low_boundary = str, up_boundary = str;
if (str.contains("-")) {
low_boundary = item.getStr("item").split("-")[0];
up_boundary = item.getStr("item").split("-")[1];
}
Map<Object, Object> m = T.MapUtil.builder()
.put("interval", T.MapUtil.builder()
.put("low_boundary", low_boundary)
.put("up_boundary", up_boundary)
.build()
)
.build();
list.add(m);
break;
}
case "boolean":
case "ip_protocol":
case "application": {
break;
}
default:
break;
}
} else if ("regex" .equalsIgnoreCase(exprType)) {
expr_type = 2;
}
JSONArray patternArr = new JSONArray();
for (String expr : patternExprList) {
JSONObject pattern = new JSONObject();
pattern.put("keywords", expr);
Map<String, String> rangeVarMap = this.getRangeVarFromExpr(expr);
if (T.MapUtil.isNotEmpty(rangeVarMap)) {
expr_type = 3;
pattern.put("keywords", expr.replaceAll("^\\(.*?\\)", ""));
pattern.put("offset", T.MapUtil.getInt(rangeVarMap, "offset"));
pattern.put("depth", T.MapUtil.getInt(rangeVarMap, "depth"));
}
patternArr.add(pattern);
}
if ("keywords" .equals(objectType)) {
Map<Object, Object> m = T.MapUtil.builder()
.put("string", T.MapUtil.builder()
.put("item_type", "keywords")
.put("expr_type", expr_type)
.put("is_hexbin", 0)
.put("patterns", patternArr)
.build()
).build();
list.add(m);
}
if("http_signature".equals(objectType)){
Map<Object, Object> m = T.MapUtil.builder()
.put("contextual_string", T.MapUtil.builder()
.put("expr_type", expr_type)
.put("is_hexbin", 0)
.put("context_name", item.getStr("district", "Set-Cookie"))
.put("patterns", patternArr)
.build()
)
.build();
list.add(m);
}
break;
}
case "url":
case "fqdn": {
Map<Object, Object> m = T.MapUtil.builder()
.put("string", T.MapUtil.builder()
.put("item_type", objectType)
.put("expr_type", 0)
.put("is_hexbin", 0)
.put("patterns", T.ListUtil.of(
new JSONObject().put("keywords", item.getStr("item"))
))
.build()
)
.build();
list.add(m);
break;
}
case "ip": {
String str = item.getStr("item");
String ip = str;
String port = "0-65535";
if (str.contains("#")) {
ip = str.split("#")[0];
port = str.split("#")[1];
}
Map<Object, Object> m = T.MapUtil.builder()
.put("ip", T.MapUtil.builder()
.put("addr_type", Validator.isIpv4(str) ? 4 : 6)
.put("port", port)
.put("ip_address", ip)
.build()
)
.build();
list.add(m);
break;
}
case "port": {
String port = item.getStr("item");
Map<Object, Object> m = T.MapUtil.builder()
.put("port", new JSONObject().put("port", port))
.build();
if (port.contains("-")) {
m.put("port", new JSONObject().put("port_range", port));
}
list.add(m);
break;
}
case "interval": {
String str = item.getStr("item");
String low_boundary = str, up_boundary = str;
if (str.contains("-")) {
low_boundary = item.getStr("item").split("-")[0];
up_boundary = item.getStr("item").split("-")[1];
}
Map<Object, Object> m = T.MapUtil.builder()
.put("interval", T.MapUtil.builder()
.put("low_boundary", low_boundary)
.put("up_boundary", up_boundary)
.build()
)
.build();
list.add(m);
break;
}
case "boolean":
case "ip_protocol":
case "application": {
break;
}
default:
break;
}
});
Map<Object, Object> member = T.MapUtil.builder()
.put("items", list)
@@ -467,6 +476,13 @@ public class TSGApplicationServiceImpl implements ITSGApplicationService {
return new HashMap<>();
}
// ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
// ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
// ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
// ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
// ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
// ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
@Override
@Transactional(rollbackFor = Exception.class)
public List<ApplicationEntity> tsg2402ToAsw(String workspaceId, List<JSONObject> dataList) {