1、WhiteList新增testWhiteListCommandJudge方法,判断指令是否命中白名单
existWhiteListObject方法根据规则id,判断规则是否命中白名单还有待完善
This commit is contained in:
Hao Miao
@@ -126,14 +126,15 @@ public class WhiteListController {
|
||||
|
||||
|
||||
//查询ip是否存在于白名单
|
||||
@PostMapping("/exist")
|
||||
public ResponseResult existWhiteListObject(@RequestBody List<Integer> ruleIds) {
|
||||
@RequestMapping ("/exist")
|
||||
public ResponseResult existWhiteListObject(@RequestParam(value = "ruleId", required = true)Integer ruleId,
|
||||
@RequestParam(value = "ruleType", required = true)Integer ruleType) {
|
||||
//是请求规则的id,然后判断这个id所属的ip是否在白名单中吗
|
||||
//静态应该可以,但动态的,动态是实时过来告警信息,不存储规则? 存的话也行,那这里要区分id是静态的还是动态的
|
||||
//这里先走通静态的,要获取规则的源IP和目的IP,去白名单select看有没有(有的还有IP掩码,暂未实现)
|
||||
|
||||
//返回涉及IP在白名单中的id,
|
||||
List<String> ruleInWhiteListIds = whiteListService.existWhiteListObject(ruleIds);
|
||||
//返回在白名单中的IP,
|
||||
List<String> ruleInWhiteListIds = whiteListService.existWhiteListObject(ruleId, ruleType);
|
||||
|
||||
return ResponseResult.ok()
|
||||
.setData("ip_list", ruleInWhiteListIds);
|
||||
|
||||
@@ -1,6 +1,7 @@
|
||||
package com.realtime.protection.server.whitelist;
|
||||
|
||||
import com.realtime.protection.configuration.entity.rule.staticrule.StaticRuleObject;
|
||||
import com.realtime.protection.configuration.entity.task.Command;
|
||||
import com.realtime.protection.configuration.entity.whitelist.WhiteListObject;
|
||||
import org.apache.ibatis.annotations.Delete;
|
||||
import org.apache.ibatis.annotations.Mapper;
|
||||
@@ -23,7 +24,7 @@ public interface WhiteListMapper {
|
||||
|
||||
Integer updateWhiteListObject(@Param("object") WhiteListObject object);
|
||||
|
||||
String existWhiteListObject(@Param("staticRuleObject")StaticRuleObject staticRuleObject);
|
||||
List<String> existWhiteListObject(@Param("staticRuleObject")StaticRuleObject staticRuleObject);
|
||||
|
||||
Integer queryWhiteListObjectAuditStuatusById(Integer id);
|
||||
|
||||
@@ -32,4 +33,6 @@ public interface WhiteListMapper {
|
||||
void newWhiteListObjects(@Param("whiteListObjects")List<WhiteListObject> whiteListBatch);
|
||||
|
||||
void deleteWhiteListObjects(@Param("whiteListIds") List<Integer> whiteListBatch);
|
||||
|
||||
List<WhiteListObject> whiteListCommandJudge(@Param("command") Command command);
|
||||
}
|
||||
|
||||
@@ -2,6 +2,7 @@ package com.realtime.protection.server.whitelist;
|
||||
|
||||
import com.alibaba.excel.util.ListUtils;
|
||||
import com.realtime.protection.configuration.entity.rule.staticrule.StaticRuleObject;
|
||||
import com.realtime.protection.configuration.entity.task.Command;
|
||||
import com.realtime.protection.configuration.entity.whitelist.WhiteListObject;
|
||||
import com.realtime.protection.configuration.utils.status.AuditStatusValidator;
|
||||
import com.realtime.protection.configuration.utils.SqlSessionWrapper;
|
||||
@@ -9,7 +10,6 @@ import com.realtime.protection.server.rule.staticrule.StaticRuleMapper;
|
||||
import org.springframework.stereotype.Service;
|
||||
import org.springframework.transaction.annotation.Transactional;
|
||||
|
||||
import java.util.ArrayList;
|
||||
import java.util.HashMap;
|
||||
import java.util.List;
|
||||
import java.util.Map;
|
||||
@@ -113,20 +113,25 @@ public class WhiteListService {
|
||||
return whiteListMapper.queryWhiteListObjectById(id);
|
||||
}
|
||||
|
||||
public List<String> existWhiteListObject(List<Integer> ruleIds) {
|
||||
@Transactional
|
||||
public List<String> existWhiteListObject(Integer ruleId, Integer ruleType) {
|
||||
//应该参数是指令,不管动态静态
|
||||
|
||||
List<String> ip_list = new ArrayList<>();
|
||||
//查询ruleId应对的静态or动态规则
|
||||
StaticRuleObject staticRuleObject = staticRuleMapper.queryStaticRuleById(ruleId);
|
||||
|
||||
for (Integer id : ruleIds) {
|
||||
StaticRuleObject staticRuleObject = staticRuleMapper.queryStaticRuleById(id);
|
||||
if (staticRuleObject != null) {
|
||||
String whiteListIp = whiteListMapper.existWhiteListObject(staticRuleObject);
|
||||
if (whiteListIp != null) {
|
||||
ip_list.add(whiteListIp);
|
||||
if (staticRuleObject == null) {
|
||||
throw new IllegalArgumentException("invalid rule id");
|
||||
}
|
||||
// 命中的whitelist列表:每一列包含ip port url
|
||||
return whiteListMapper.existWhiteListObject(staticRuleObject);
|
||||
|
||||
}
|
||||
}
|
||||
return ip_list;
|
||||
public List<WhiteListObject> whiteListCommandJudge(Command command) {
|
||||
//参数应该是指令,不管动态静态
|
||||
// 命中的whitelist列表:每一列包含ip port url
|
||||
return whiteListMapper.whiteListCommandJudge(command);
|
||||
|
||||
}
|
||||
|
||||
@Transactional
|
||||
|
||||
@@ -101,19 +101,98 @@
|
||||
</update>
|
||||
|
||||
<select id="existWhiteListObject" resultType="java.lang.String">
|
||||
select INET_NTOA(white_list_ip) from t_white_list
|
||||
select CONCAT(INET_NTOA(white_list_ip)," ", CAST(white_list_port)," ", white_list_url)
|
||||
from t_white_list
|
||||
<where>
|
||||
<if test="staticRuleObject.staticRuleSip != null">
|
||||
white_list_ip = #{staticRuleObject.staticRuleSip}
|
||||
|
||||
<if test="staticRuleObject.staticRuleSip != null and staticRuleObject.staticRuleMsip == null">
|
||||
(white_list_ip = #{staticRuleObject.staticRuleSip}
|
||||
<if test="staticRuleObject.staticRuleSport != null">
|
||||
and white_list_port = #{staticRuleObject.staticRuleSport}
|
||||
</if>)
|
||||
</if>
|
||||
<if test="staticRuleObject.staticRuleDip != null">
|
||||
or white_list_ip = #{staticRuleObject.staticRuleDip}
|
||||
<if test="staticRuleObject.staticRuleSip != null and staticRuleObject.staticRuleMsip != null">
|
||||
((white_list_ip & #{staticRuleObject.staticRuleMsip}) =
|
||||
(#{staticRuleObject.staticRuleSip} & #{staticRuleObject.staticRuleMsip})
|
||||
<if test="staticRuleObject.staticRuleSport != null">
|
||||
and white_list_port = #{staticRuleObject.staticRuleSport}
|
||||
</if>)
|
||||
</if>
|
||||
<if test="staticRuleObject.staticRuleDip != null and staticRuleObject.staticRuleMdip == null">
|
||||
or (white_list_ip = #{staticRuleObject.staticRuleDip}
|
||||
<if test="staticRuleObject.staticRuleDport != null">
|
||||
and white_list_port = #{staticRuleObject.staticRuleDport}
|
||||
</if>)
|
||||
</if>
|
||||
<if test="staticRuleObject.staticRuleDip != null and staticRuleObject.staticRuleMdip != null">
|
||||
or ((white_list_ip & #{staticRuleObject.staticRuleMdip}) =
|
||||
(#{staticRuleObject.staticRuleDip} & #{staticRuleObject.staticRuleMdip})
|
||||
<if test="staticRuleObject.staticRuleDport != null">
|
||||
and white_list_port = #{staticRuleObject.staticRuleDport}
|
||||
</if>)
|
||||
</if>
|
||||
<if test="staticRuleObject.staticRuleUrl != null">
|
||||
or white_list_url = #{staticRuleObject.staticRuleUrl}
|
||||
</if>
|
||||
|
||||
</where>
|
||||
</select>
|
||||
|
||||
<select id="queryWhiteListObjectAuditStuatusById" resultType="java.lang.Integer">
|
||||
select white_list_audit_status from t_white_list
|
||||
where white_list_id = #{id}
|
||||
</select>
|
||||
|
||||
<!--
|
||||
判断逻辑
|
||||
如果指令没有ip掩码:
|
||||
whitelist_ip == ip
|
||||
如果指令有端口:
|
||||
判断端口是否相同
|
||||
如果指令有ip掩码:
|
||||
whitelist_ip & IP掩码 == 源IP & IP掩码 : 代表指令包含了whitelist_ip
|
||||
如果指令有端口:
|
||||
判断端口是否相同
|
||||
(又分了一下指令的源ip和目的ip)
|
||||
|
||||
可能还要做的:
|
||||
(1)端口掩码
|
||||
(2)协议
|
||||
(3)url
|
||||
-->
|
||||
|
||||
<select id="whiteListCommandJudge" resultMap="whiteListMap">
|
||||
select *
|
||||
from t_white_list
|
||||
<where>
|
||||
<if test="command.sourceIP != null and command.maskSourceIP == null">
|
||||
(white_list_ip = INET_ATON(#{command.sourceIP})
|
||||
<if test="command.sourcePort != null">
|
||||
and white_list_port = CAST(#{command.sourcePort} AS UNSIGNED)
|
||||
</if>)
|
||||
</if>
|
||||
<if test="command.sourceIP != null and command.maskSourceIP != null">
|
||||
(( white_list_ip & INET_ATON(#{command.maskSourceIP})) =
|
||||
(INET_ATON(#{command.sourceIP}) & INET_ATON(#{command.maskSourceIP}))
|
||||
<if test="command.sourcePort != null">
|
||||
and white_list_port = CAST(#{command.sourcePort} AS UNSIGNED)
|
||||
</if>)
|
||||
</if>
|
||||
<if test="command.destinationIP != null and command.maskDestinationIP == null">
|
||||
or (white_list_ip = INET_ATON(#{command.destinationIP})
|
||||
<if test="command.destinationPort != null">
|
||||
and white_list_port = CAST(#{command.destinationPort} AS UNSIGNED)
|
||||
</if>)
|
||||
</if>
|
||||
<if test="command.destinationIP != null and command.maskDestinationIP != null">
|
||||
or ((white_list_ip & INET_ATON(#{command.maskDestinationIP})) =
|
||||
(INET_ATON(#{command.destinationIP}) & INET_ATON(#{command.maskDestinationIP}))
|
||||
<if test="command.destinationPort != null">
|
||||
and white_list_port = CAST(#{command.destinationPort} AS UNSIGNED)
|
||||
</if>)
|
||||
</if>
|
||||
|
||||
</where>
|
||||
</select>
|
||||
|
||||
</mapper>
|
||||
@@ -1,5 +1,6 @@
|
||||
package com.realtime.protection.server.whitelist;
|
||||
|
||||
import com.realtime.protection.configuration.entity.task.Command;
|
||||
import com.realtime.protection.configuration.entity.whitelist.WhiteListObject;
|
||||
import org.junit.jupiter.api.BeforeEach;
|
||||
import org.junit.jupiter.api.Test;
|
||||
@@ -63,12 +64,24 @@ class WhiteListServiceTest {
|
||||
@Test
|
||||
void testExistWhiteList() {
|
||||
List<Integer> ruleIds = List.of(6,7,8);
|
||||
List<String> ip_list = whiteListService.existWhiteListObject(ruleIds);
|
||||
System.out.println(ip_list);
|
||||
// List<String> ip_list = whiteListService.existWhiteListObject(ruleIds);
|
||||
// System.out.println(ip_list);
|
||||
}
|
||||
|
||||
@Test
|
||||
void testUpdateWhiteListAuditStatus() {
|
||||
whiteListService.updateWhiteListObjectAuditStatus(7, 1);
|
||||
}
|
||||
|
||||
@Test
|
||||
void testWhiteListCommandJudge() {
|
||||
Command command = new Command();
|
||||
command.setDestinationIP("128.1.1.123");
|
||||
command.setMaskDestinationIP("255.255.255.0");
|
||||
command.setDestinationPort("81");
|
||||
|
||||
List<WhiteListObject> whitelists = whiteListService.whiteListCommandJudge(command);
|
||||
System.out.println(whitelists);
|
||||
}
|
||||
|
||||
}
|
||||
Reference in New Issue
Block a user