diff --git a/src/main/java/com/realtime/protection/configuration/entity/task/Task.java b/src/main/java/com/realtime/protection/configuration/entity/task/Task.java index a46de52..496b331 100644 --- a/src/main/java/com/realtime/protection/configuration/entity/task/Task.java +++ b/src/main/java/com/realtime/protection/configuration/entity/task/Task.java @@ -103,6 +103,10 @@ public class Task { @Schema(description = "审核用户部门", example = "部门1") private String auditUserDepart; + @JsonProperty("audit_user_depart_code") + @Schema(description = "审核用户部门代码", example = "000010") + private String auditUserDepartCode; + /* 策略模板(事件类型、防护等级)都移动到任务表中 diff --git a/src/main/java/com/realtime/protection/configuration/response/AuditAdvice.java b/src/main/java/com/realtime/protection/configuration/response/AuditAdvice.java index 8dac0ba..1cb9d61 100644 --- a/src/main/java/com/realtime/protection/configuration/response/AuditAdvice.java +++ b/src/main/java/com/realtime/protection/configuration/response/AuditAdvice.java @@ -21,6 +21,9 @@ import org.springframework.web.reactive.function.client.WebClient; import org.springframework.web.reactive.function.client.WebClientRequestException; import org.springframework.web.servlet.mvc.method.annotation.ResponseBodyAdvice; import reactor.core.publisher.Mono; + +import java.util.Enumeration; + /** * 修改人: Fulian Li * 功能:执行日志审计 @@ -59,17 +62,16 @@ public class AuditAdvice implements ResponseBodyAdvice { @Override public boolean supports(MethodParameter returnType, Class> converterType) { - return false; -// return true; +// return false; + return true; } @Override public ResponseResult beforeBodyWrite(ResponseResult body, MethodParameter returnType, MediaType selectedContentType, Class> selectedConverterType, ServerHttpRequest request, ServerHttpResponse response) { - +// 可以不发送query的请求,数据量太大 if (request.getURI().getPath().contains("query")){ return body; } - AuditData auditData = getAuditData(body, request); AuditRes auditRes = new AuditRes(auditData); @@ -94,7 +96,15 @@ public class AuditAdvice implements ResponseBodyAdvice { return body; } - + // 解析 X-Forwarded-For 头中的第一个 IP 地址 + private static String extractFirstIpAddress(String xForwardedForHeader) { + if (xForwardedForHeader != null) { + // 根据逗号分隔获取第一个 IP 地址 + String[] ips = xForwardedForHeader.trim().split("\\s*,\\s*"); + return ips[0]; + } + return null; + } @NotNull private static AuditData getAuditData(ResponseResult body, ServerHttpRequest request) { HttpSession session = ((ServletServerHttpRequest) request).getServletRequest().getSession(); @@ -106,7 +116,7 @@ public class AuditAdvice implements ResponseBodyAdvice { request.getMethod().toString(), body.getCode()==200?"成功":"失败", body.getData().toString(), - "172.16.1.202" + extractFirstIpAddress(request.getHeaders().getFirst("X-Forwarded-For")) ); }else { UserFull user = (UserFull) session.getAttribute("user"); @@ -116,7 +126,7 @@ public class AuditAdvice implements ResponseBodyAdvice { request.getMethod().toString(), body.getCode()==200?"成功":"失败", body.getData().toString(), - "172.16.1.202" + extractFirstIpAddress(request.getHeaders().getFirst("X-Forwarded-For")) ); } return auditData; diff --git a/src/main/java/com/realtime/protection/server/command/CommandMapper.java b/src/main/java/com/realtime/protection/server/command/CommandMapper.java index ef480fd..1215b00 100644 --- a/src/main/java/com/realtime/protection/server/command/CommandMapper.java +++ b/src/main/java/com/realtime/protection/server/command/CommandMapper.java @@ -15,6 +15,11 @@ public interface CommandMapper { void createCommands(@Param("command_infos") List taskCommandInfos); + void createCommandsTest(@Param("command_infos") List taskCommandInfos, + @Param("session_num") Integer sessionNum, + @Param("byte_num") Integer byteNum); + + Boolean stopCommandsByTaskId(@Param("task_id") Long taskId); @DS("doris") diff --git a/src/main/java/com/realtime/protection/server/task/TaskController.java b/src/main/java/com/realtime/protection/server/task/TaskController.java index b23b08b..e227c2b 100644 --- a/src/main/java/com/realtime/protection/server/task/TaskController.java +++ b/src/main/java/com/realtime/protection/server/task/TaskController.java @@ -68,7 +68,11 @@ public class TaskController implements TaskControllerApi { task.setTaskCreateUsername(user.name); task.setTaskCreateUserId(Integer.valueOf(user.uid)); task.setTaskCreateDepart(user.getOrgName()); + task.setAuditUserDepartCode(user.getOrgCode()); } + //事件类型的用户权限校验、动作逻辑性校验 + taskService.eventTypeValid(task); + Long taskId = taskService.newTask(task); diff --git a/src/main/java/com/realtime/protection/server/task/TaskMapper.java b/src/main/java/com/realtime/protection/server/task/TaskMapper.java index 6e6011a..f8cb66f 100644 --- a/src/main/java/com/realtime/protection/server/task/TaskMapper.java +++ b/src/main/java/com/realtime/protection/server/task/TaskMapper.java @@ -124,4 +124,8 @@ public interface TaskMapper { @Update("UPDATE t_task SET task_start_time = NOW() WHERE task_id = #{taskId}") void updateTaskStartTime(Long taskId); + + String queryEventTypeDepartment(String eventType); + + String queryEventTypeAct(String eventType); } diff --git a/src/main/java/com/realtime/protection/server/task/TaskService.java b/src/main/java/com/realtime/protection/server/task/TaskService.java index f58d4d8..91f90bd 100644 --- a/src/main/java/com/realtime/protection/server/task/TaskService.java +++ b/src/main/java/com/realtime/protection/server/task/TaskService.java @@ -589,4 +589,36 @@ public class TaskService { public void updateTaskStartTime(Long taskId) { taskMapper.updateTaskStartTime(taskId); } + + public void eventTypeValid(Task task) { + if (task.getAuditUserDepartCode() != null) { + + String departments = taskMapper.queryEventTypeDepartment(task.getEventType()); + Boolean isOrgCodeValid = false; + String[] departmentArray = departments.split(","); + for (String department : departmentArray) { + if (department.equals(task.getAuditUserDepartCode())) { + isOrgCodeValid = true; + break; + } + } + if (!isOrgCodeValid) { + throw new IllegalArgumentException("该用户所属部门不允许新建该事件类型的任务"); + } + } + Boolean isActValid = false; + String acts = taskMapper.queryEventTypeAct(task.getEventType()); + String[] actArray = acts.split(","); + for (String act : actArray) { + if (act.equals(task.getTaskAct())) { + isActValid = true; + break; + } + } + if (!isActValid) { + throw new IllegalArgumentException("该事件类型不允许该处置动作"); + } + + + } } diff --git a/src/main/resources/mappers/CommandMapper.xml b/src/main/resources/mappers/CommandMapper.xml index c037b0b..ca64565 100644 --- a/src/main/resources/mappers/CommandMapper.xml +++ b/src/main/resources/mappers/CommandMapper.xml @@ -54,6 +54,42 @@ ) + + + + insert into t_command( + COMMAND_ID, TASK_ID, TASK_ACT, TASKNAME, EVENTTYPE, DEPARTMENT, DISTRIBUTEPOINT, FREQUENCY, + ADDR_TYPE, SRC_IP, SRC_PORT, DST_IP, DST_PORT, PROTOCOL, + MASK_SRC_IP, MASK_SRC_PORT, MASK_DST_IP, MASK_DST_PORT, MASK_PROTOCOL, VALID_TIME, INVALID_TIME, IS_VALID, + IS_JUDGED, + SEND_TIMES, SUCCESS_TIMES,FIRST_SEND_TIME,LAST_SEND_TIME ,CREATE_TIME, LAST_UPDATE, IS_DELETED, + TASKTYPE, RULE_ID, display_id,RULE_NAME,RCP_HIT_COUNT,TOTAL_PACKET_NUM,TOTAL_BYTE_NUM, + EFFECTIVE_EQUIPMENT_NUM, + AVERAGE_LATENCY,MAX_LATENCY,MIN_LATENCY, + c2s_pkt_num,s2c_pkt_num,c2s_byte_num,s2c_byte_num,session_num, + first_effect_time,last_rcp_query_time,last_traffic_query_time) + values + + (#{info.UUID}, #{info.taskId}, #{info.taskAct}, #{info.taskName}, #{info.eventType}, #{info.taskCreateDepart}, #{info.distributePoint}, + #{info.frequency}, + DEFAULT, + #{info.fiveTupleWithMask.sourceIP}, #{info.fiveTupleWithMask.sourcePort}, + #{info.fiveTupleWithMask.destinationIP}, #{info.fiveTupleWithMask.destinationPort}, + #{info.fiveTupleWithMask.protocol}, + #{info.fiveTupleWithMask.maskSourceIP}, #{info.fiveTupleWithMask.maskSourcePort}, + #{info.fiveTupleWithMask.maskDestinationIP}, #{info.fiveTupleWithMask.maskDestinationPort}, + #{info.fiveTupleWithMask.maskProtocol}, + #{info.startTime}, #{info.endTime}, #{info.isValid}, + #{info.isJudged}, + 1, 1,NOW(), NOW(), + NOW(), NOW(), FALSE, #{info.taskType}, #{info.ruleId}, #{info.displayId}, + #{info.ruleName},#{session_num}*4,#{session_num}*4,#{byte_num}, + 1,null,null,null,#{session_num}*4,0,#{byte_num},0,#{session_num},DATE_ADD(NOW(), INTERVAL 10 SECOND), + DATE_ADD(NOW(), INTERVAL 10 SECOND),DATE_ADD(NOW(), INTERVAL 10 SECOND) + ) + + + insert into t_command_whitelist_hit(COMMAND_ID, TASK_ID, TASK_ACT, TASKNAME, EVENTTYPE, DEPARTMENT, DISTRIBUTEPOINT, FREQUENCY, ADDR_TYPE, SRC_IP, SRC_PORT, DST_IP, DST_PORT, PROTOCOL, diff --git a/src/main/resources/mappers/TaskMapper.xml b/src/main/resources/mappers/TaskMapper.xml index 70ab428..a777722 100644 --- a/src/main/resources/mappers/TaskMapper.xml +++ b/src/main/resources/mappers/TaskMapper.xml @@ -664,4 +664,18 @@ ORDER BY effective_time DESC LIMIT ${(page - 1) * pageSize}, #{pageSize} + + \ No newline at end of file