gfwleak/enderbyendera-realtime-protection
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

1、bugfix

Browse Source 
2、
This commit is contained in:
PushM
2024-06-05 14:56:35 +08:00
parent 906bf494d9
commit 677d7671a6
6 changed files with 63 additions and 27 deletions
Download Patch File Download Diff File Expand all files Collapse all files

24
src/main/java/com/realtime/protection/configuration/entity/rule/staticrule/StaticRuleObject.java
View File

@@ -75,46 +75,46 @@ public class StaticRuleObject {
@JsonProperty("static_rule_sip")
@ExcelProperty("源IP地址")
@Pattern(regexp = "^(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})$", message = "Invalid IPv4 Address")
@Pattern(regexp = "^(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})$", message = "错误 IPv4 地址")
@Schema(description = "源IP地址", example = "1.1.1.1")
private String staticRuleSip;
@JsonProperty("static_rule_msip")
@Pattern(regexp = "^(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})$", message = "Invalid IPv4 Address")
@Pattern(regexp = "^(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})$", message = "I错误 IPv4 地址")
@ExcelProperty("源IP地址掩码")
@Schema(description = "源IP地址掩码", example = "255.255.255.0")
private String staticRuleMsip;
@JsonProperty("static_rule_sport")
@ExcelProperty("源端口")
@Max(value = 65535, message = "port should not be more than 65535")
@Min(value = 1, message = "port should not be less than 1")
@Max(value = 65535, message = "端口号不能大于65535")
@Min(value = 1, message = "端口号不能小于1")
@Schema(description = "源端口", example = "8080")
private Integer staticRuleSport;
@JsonProperty("static_rule_msport")
@ExcelProperty("源端口掩码")
@Max(value = 65535, message = "port should not be more than 65535")
@Min(value = 1, message = "port should not be less than 1")
@Max(value = 65535, message = "端口号不能大于65535")
@Min(value = 1, message = "端口号不能小于1")
@Schema(description = "源端口掩码", example = "65535")
private Integer staticRuleMsport;
@JsonProperty("static_rule_dip")
@Pattern(regexp = "^(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})$", message = "Invalid IPv4 Address")
@Pattern(regexp = "^(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})$", message = "错误 IPv4 地址")
@ExcelProperty("目的IP地址")
@Schema(description = "目的IP地址", example = "2.2.2.2")
private String staticRuleDip;
@JsonProperty("static_rule_mdip")
@ExcelProperty("目的IP地址掩码")
@Pattern(regexp = "^(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})$", message = "Invalid IPv4 Address")
@Pattern(regexp = "^(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})$", message = "错误 IPv4 地址")
@Schema(description = "目的IP地址掩码", example = "255.255.255.0")
private String staticRuleMdip;
@JsonProperty("static_rule_dport")
@ExcelProperty("目的端口")
@Max(value = 65535, message = "port should not be more than 65535")
@Min(value = 1, message = "port should not be less than 1")
@Max(value = 65535, message = "端口号不能大于65535")
@Min(value = 1, message = "端口号不能小于1")
@Schema(description = "目的端口", example = "8080")
private Integer staticRuleDport;
@JsonProperty("static_rule_mdport")
@ExcelProperty("目的端口掩码")
@Max(value = 65535, message = "port should not be more than 65535")
@Min(value = 1, message = "port should not be less than 1")
@Max(value = 65535, message = "端口号不能大于65535")
@Min(value = 1, message = "端口号不能小于1")
@Schema(description = "目的端口掩码", example = "65535")
private Integer staticRuleMdport;
@JsonProperty("static_rule_protocol")

6
src/main/java/com/realtime/protection/configuration/entity/whitelist/WhiteListObject.java
View File

@@ -33,15 +33,15 @@ public class WhiteListObject {
@NotNull
@JsonProperty("whiteobj_ip_address")
@Pattern(regexp = "^(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})$", message = "Invalid IPv4 Address")
@Pattern(regexp = "^(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})$", message = "错误 IPv4 地址")
@ExcelProperty("IP地址")
@Schema(description = "白名单对象IPv4地址", example = "1.1.1.1", requiredMode = Schema.RequiredMode.REQUIRED)
private String whiteListIP;
@NotNull
@JsonProperty("whiteobj_port")
@Max(value = 65535, message = "port should not be more than 65535")
@Min(value = 1, message = "port should not be less than 1")
@Max(value = 65535, message = "端口不应大于 65535")
@Min(value = 1, message = "端口不应小于 1")
@ExcelProperty("端口")
@Schema(description = "白名单对象端口", maximum = "65535", minimum = "1", example = "8080", requiredMode = Schema.RequiredMode.REQUIRED)
private int whiteListPort;

8
src/main/java/com/realtime/protection/server/task/TaskService.java
View File

@@ -14,6 +14,7 @@ import com.realtime.protection.configuration.utils.enums.StateEnum;
import com.realtime.protection.configuration.utils.enums.TaskTypeEnum;
import com.realtime.protection.configuration.utils.enums.audit.AuditStatusEnum;
import com.realtime.protection.configuration.utils.enums.audit.AuditStatusValidator;
import com.realtime.protection.server.command.CommandMapper;
import com.realtime.protection.server.rule.dynamicrule.DynamicRuleMapper;
import com.realtime.protection.server.rule.staticrule.StaticRuleMapper;
import lombok.extern.slf4j.Slf4j;
@@ -40,13 +41,15 @@ public class TaskService {
private static final int BATCH_SIZE = 100;
private final DynamicRuleMapper dynamicRuleMapper;
private final Counter counter;
private final CommandMapper commandMapper;
public TaskService(TaskMapper taskMapper, StaticRuleMapper staticRuleMapper, SqlSessionWrapper sqlSessionWrapper, DynamicRuleMapper dynamicRuleMapper, Counter counter) {
public TaskService(TaskMapper taskMapper, StaticRuleMapper staticRuleMapper, SqlSessionWrapper sqlSessionWrapper, DynamicRuleMapper dynamicRuleMapper, Counter counter, CommandMapper commandMapper) {
this.taskMapper = taskMapper;
this.staticRuleMapper = staticRuleMapper;
this.sqlSessionWrapper = sqlSessionWrapper;
this.dynamicRuleMapper = dynamicRuleMapper;
this.counter = counter;
this.commandMapper = commandMapper;
}
@Transactional
@@ -350,6 +353,9 @@ public class TaskService {
updateDynamicRuleAuditStatusInTask(taskId, AuditStatusEnum.AUDITED);
taskMapper.clearTaskConnectedStaticRule(task.getTaskId());
taskMapper.clearTaskConnectedDynamicRule(task.getTaskId());
commandMapper.removeCommandsByTaskId(taskId);
return taskMapper.deleteTask(taskId);
}

2
src/main/resources/mappers/DynamicRuleMapper.xml
View File

@@ -297,6 +297,8 @@
<result column="dynamic_rule_used_task_id" property="dynamicRuleUsedTaskId"/>
<result column="used_task_name" property="usedTaskName"/>
<result column="effective_time" property="effeciveTime"/>
<result column="expire_time" property="expireTime"/>
</resultMap>
<select id="queryDynamicRuleById" resultMap="dynamicRuleMap">

3
src/main/resources/mappers/TemplateNewMapper.xml
View File

@@ -251,6 +251,9 @@
<result column="is_protect_object_dst" property="isProtectObjectDst"/>
<result column="is_protect_object_src" property="isProtectObjectSrc"/>
<result column="effective_time" property="effeciveTime"/>
<result column="expire_time" property="expireTime"/>
</resultMap>
<select id="queryTemplates" resultMap="templateMap">

45
src/main/resources/mappers/WhiteListMapper.xml
View File

@@ -57,7 +57,7 @@
select
white_list_id,
white_list_name,
effective_time,expire_time,
NOW(),null,
white_list_system_name,
white_list_ip,
white_list_url,
@@ -102,7 +102,7 @@
select
white_list_id,
white_list_name,
effective_time,expire_time,
NOW(),null,
white_list_system_name,
white_list_ip,
white_list_url,
@@ -155,6 +155,8 @@
<result column="audit_user_id" property="auditUserId"/>
<result column="audit_user_depart" property="auditUserDepart"/>
<result column="effective_time" property="effeciveTime"/>
<result column="expire_time" property="expireTime"/>
</resultMap>
<select id="queryWhiteListObject" resultMap="whiteListMap">
@@ -334,7 +336,11 @@
(INET_ATON(#{command.sourceIP}) &amp; INET_ATON(#{command.maskSourceIP}))
<if test="command.sourcePort != null">
and white_list_port = CAST(#{command.sourcePort} AS UNSIGNED)
</if>)
</if>
<if test="command.protocol != null">
and white_list_protocol = #{command.protocol}
</if>
)
</if>
<if test="command.destinationIP != null and command.maskDestinationIP == null">
or (white_list_ip = INET_ATON(#{command.destinationIP})
@@ -416,33 +422,52 @@
from t_white_list
<where>
<foreach collection="staticRuleObjects" item="staticRule" open="(" separator=" or " close=")">
()
<if test="staticRule.staticRuleSip != null and staticRule.staticRuleMsip == null">
(white_list_ip = INET_ATON(#{staticRule.staticRuleSip})
<if test="staticRule.staticRuleSport != null">
and white_list_port = #{staticRule.staticRuleSport}
</if>)
</if>
<if test="staticRule.staticRuleProtocol != null">
and white_list_protocol = #{staticRule.staticRuleProtocol}
</if>
)
</if>
<if test="staticRule.staticRuleSip != null and staticRule.staticRuleMsip != null">
(( white_list_ip &amp; INET_ATON(#{staticRule.staticRuleSip})) =
(INET_ATON(#{staticRule.staticRuleSip}) &amp; INET_ATON(#{staticRule.staticRuleMsip}))
<if test="staticRule.staticRuleSport != null">
and white_list_port = #{staticRule.staticRuleSport}
</if>)
</if>
<if test="staticRule.staticRuleProtocol != null">
and white_list_protocol = #{staticRule.staticRuleProtocol}
</if>
)
</if>
<if test="staticRule.staticRuleDip != null and staticRule.staticRuleMdip == null">
or (white_list_ip = INET_ATON(#{staticRule.staticRuleDip})
or (
(white_list_ip = INET_ATON(#{staticRule.staticRuleDip})
<if test="staticRule.staticRuleDport != null">
and white_list_port = #{staticRule.staticRuleDport}
</if>)
</if>
<if test="staticRule.staticRuleProtocol != null">
and white_list_protocol = #{staticRule.staticRuleProtocol}
</if>
)
</if>
<if test="staticRule.staticRuleDip != null and staticRule.staticRuleMdip != null">
or ((white_list_ip &amp; INET_ATON(#{staticRule.staticRuleDip})) =
or (
(white_list_ip &amp; INET_ATON(#{staticRule.staticRuleDip})) =
(INET_ATON(#{staticRule.staticRuleDip}) &amp; INET_ATON(#{staticRule.staticRuleMdip}))
<if test="staticRule.staticRuleDport != null">
and white_list_port = #{staticRule.staticRuleDport}
</if>)
</if>
<if test="staticRule.staticRuleProtocol != null">
and white_list_protocol = #{staticRule.staticRuleProtocol}
</if>
)
</if>
</foreach>
</where>
</select>