Merge remote-tracking branch 'origin/master'

# Conflicts: # src/main/java/com/realtime/protection/server/whitelist/WhiteListMapper.java
2024-01-11 19:50:19 +08:00
parent 0f712618f2 6a24e4a692
commit 8f545110f1
5 changed files with 126 additions and 28 deletions
--- a/src/main/java/com/realtime/protection/server/whitelist/WhiteListController.java
+++ b/src/main/java/com/realtime/protection/server/whitelist/WhiteListController.java
@@ -125,14 +125,15 @@ public class WhiteListController {
    //查询ip是否存在于白名单
-    @PostMapping("/exist")
+    @RequestMapping ("/exist")
-    public ResponseResult existWhiteListObject(@RequestBody List<Integer> ruleIds) {
+    public ResponseResult existWhiteListObject(@RequestParam(value = "ruleId", required = true)Integer ruleId,
                                               @RequestParam(value = "ruleType", required = true)Integer ruleType) {
        //是请求规则的id，然后判断这个id所属的ip是否在白名单中吗
        //静态应该可以，但动态的，动态是实时过来告警信息，不存储规则？ 存的话也行，那这里要区分id是静态的还是动态的
        //这里先走通静态的，要获取规则的源IP和目的IP，去白名单select看有没有(有的还有IP掩码,暂未实现)
-        //返回涉及IP在白名单中的id，
+        //返回在白名单中的IP，
-        List<String> ruleInWhiteListIds = whiteListService.existWhiteListObject(ruleIds);
+        List<String> ruleInWhiteListIds = whiteListService.existWhiteListObject(ruleId, ruleType);
        return ResponseResult.ok()
                .setData("ip_list", ruleInWhiteListIds);
--- a/src/main/java/com/realtime/protection/server/whitelist/WhiteListMapper.java
+++ b/src/main/java/com/realtime/protection/server/whitelist/WhiteListMapper.java
@@ -1,6 +1,7 @@
 package com.realtime.protection.server.whitelist;
 import com.realtime.protection.configuration.entity.rule.staticrule.StaticRuleObject;
 import com.realtime.protection.configuration.entity.task.Command;
 import com.realtime.protection.configuration.entity.whitelist.WhiteListObject;
 import org.apache.ibatis.annotations.Delete;
 import org.apache.ibatis.annotations.Mapper;
@@ -13,20 +14,17 @@ public interface WhiteListMapper {
    //新建
    void newWhiteListObject(@Param("object") WhiteListObject object);
    //分页查询
    List<WhiteListObject> queryWhiteListObject(String whiteListName, Integer whiteListId, Integer page, Integer pageSize);
    //根据主键查询
    WhiteListObject queryWhiteListObjectById(Integer id);
    //根据主键删除
    @Delete("delete from t_white_list where white_list_id = #{id}")
    Integer deleteWhiteListObject(Integer id);
    Integer updateWhiteListObject(@Param("object") WhiteListObject object);
-    String existWhiteListObject(@Param("staticRuleObject") StaticRuleObject staticRuleObject);
+    List<String> existWhiteListObject(@Param("staticRuleObject")StaticRuleObject staticRuleObject);
    Integer queryWhiteListObjectAuditStuatusById(Integer id);
@@ -35,4 +33,6 @@ public interface WhiteListMapper {
    void newWhiteListObjects(@Param("whiteListObjects")List<WhiteListObject> whiteListBatch);
    void deleteWhiteListObjects(@Param("whiteListIds") List<Integer> whiteListBatch);
    List<WhiteListObject> whiteListCommandJudge(@Param("command") Command command);
 }
--- a/src/main/java/com/realtime/protection/server/whitelist/WhiteListService.java
+++ b/src/main/java/com/realtime/protection/server/whitelist/WhiteListService.java
@@ -2,6 +2,7 @@ package com.realtime.protection.server.whitelist;
 import com.alibaba.excel.util.ListUtils;
 import com.realtime.protection.configuration.entity.rule.staticrule.StaticRuleObject;
 import com.realtime.protection.configuration.entity.task.Command;
 import com.realtime.protection.configuration.entity.whitelist.WhiteListObject;
 import com.realtime.protection.configuration.utils.SqlSessionWrapper;
 import com.realtime.protection.configuration.utils.status.AuditStatusValidator;
@@ -9,7 +10,6 @@ import com.realtime.protection.server.rule.staticrule.StaticRuleMapper;
 import org.springframework.stereotype.Service;
 import org.springframework.transaction.annotation.Transactional;
 import java.util.ArrayList;
 import java.util.HashMap;
 import java.util.List;
 import java.util.Map;
@@ -114,20 +114,25 @@ public class WhiteListService {
        return whiteListMapper.queryWhiteListObjectById(id);
    }
-    public List<String> existWhiteListObject(List<Integer> ruleIds) {
+    @Transactional
    public List<String> existWhiteListObject(Integer ruleId, Integer ruleType) {
        //应该参数是指令，不管动态静态
-        List<String> ip_list = new ArrayList<>();
+        //查询ruleId应对的静态or动态规则
        StaticRuleObject staticRuleObject = staticRuleMapper.queryStaticRuleById(ruleId);
-        for (Integer id : ruleIds) {
+        if (staticRuleObject == null) {
-            StaticRuleObject staticRuleObject = staticRuleMapper.queryStaticRuleById(id);
+            throw new IllegalArgumentException("invalid rule id");
            if (staticRuleObject != null) {
                String whiteListIp = whiteListMapper.existWhiteListObject(staticRuleObject);
                if (whiteListIp != null) {
                    ip_list.add(whiteListIp);
        }
        // 命中的whitelist列表：每一列包含ip port url
        return whiteListMapper.existWhiteListObject(staticRuleObject);
    }
-        }
+    public List<WhiteListObject> whiteListCommandJudge(Command command) {
-        return ip_list;
+        //参数应该是指令，不管动态静态
        // 命中的whitelist列表：每一列包含ip port url
        return whiteListMapper.whiteListCommandJudge(command);
    }
    @Transactional
--- a/src/main/resources/mappers/WhiteListMapper.xml
+++ b/src/main/resources/mappers/WhiteListMapper.xml
@@ -101,19 +101,98 @@
    </update>
    <select id="existWhiteListObject" resultType="java.lang.String">
-        select INET_NTOA(white_list_ip) from t_white_list
+        select CONCAT(INET_NTOA(white_list_ip)," ", CAST(white_list_port)," ", white_list_url)
        from t_white_list
        <where>
-            <if test="staticRuleObject.staticRuleSip != null">
+
-                white_list_ip = #{staticRuleObject.staticRuleSip}
+            <if test="staticRuleObject.staticRuleSip != null and staticRuleObject.staticRuleMsip == null">
                (white_list_ip = #{staticRuleObject.staticRuleSip}
                <if test="staticRuleObject.staticRuleSport != null">
                    and white_list_port = #{staticRuleObject.staticRuleSport}
                </if>)
            </if>
-            <if test="staticRuleObject.staticRuleDip != null">
+            <if test="staticRuleObject.staticRuleSip != null and staticRuleObject.staticRuleMsip != null">
-                or white_list_ip = #{staticRuleObject.staticRuleDip}
+                ((white_list_ip &amp; #{staticRuleObject.staticRuleMsip}) =
                (#{staticRuleObject.staticRuleSip} &amp; #{staticRuleObject.staticRuleMsip})
                <if test="staticRuleObject.staticRuleSport != null">
                    and white_list_port = #{staticRuleObject.staticRuleSport}
                </if>)
            </if>
            <if test="staticRuleObject.staticRuleDip != null and staticRuleObject.staticRuleMdip == null">
                or (white_list_ip = #{staticRuleObject.staticRuleDip}
                <if test="staticRuleObject.staticRuleDport != null">
                    and white_list_port = #{staticRuleObject.staticRuleDport}
                </if>)
            </if>
            <if test="staticRuleObject.staticRuleDip != null and staticRuleObject.staticRuleMdip != null">
                or ((white_list_ip &amp; #{staticRuleObject.staticRuleMdip}) =
                (#{staticRuleObject.staticRuleDip} &amp; #{staticRuleObject.staticRuleMdip})
                <if test="staticRuleObject.staticRuleDport != null">
                    and white_list_port = #{staticRuleObject.staticRuleDport}
                </if>)
            </if>
            <if test="staticRuleObject.staticRuleUrl != null">
                or white_list_url = #{staticRuleObject.staticRuleUrl}
            </if>
        </where>
    </select>
    <select id="queryWhiteListObjectAuditStuatusById" resultType="java.lang.Integer">
        select white_list_audit_status from t_white_list
        where white_list_id = #{id}
    </select>
 <!--
 判断逻辑
 如果指令没有ip掩码：
    whitelist_ip == ip
    如果指令有端口：
        判断端口是否相同
 如果指令有ip掩码：
    whitelist_ip & IP掩码 == 源IP & IP掩码 : 代表指令包含了whitelist_ip
    如果指令有端口：
        判断端口是否相同
 （又分了一下指令的源ip和目的ip）
 可能还要做的：
 （1）端口掩码
 （2）协议
 （3）url
 -->
    <select id="whiteListCommandJudge" resultMap="whiteListMap">
        select *
        from t_white_list
        <where>
            <if test="command.sourceIP != null and command.maskSourceIP == null">
                (white_list_ip = INET_ATON(#{command.sourceIP})
                <if test="command.sourcePort != null">
                    and white_list_port = CAST(#{command.sourcePort} AS UNSIGNED)
                </if>)
            </if>
            <if test="command.sourceIP != null and command.maskSourceIP != null">
                (( white_list_ip &amp; INET_ATON(#{command.maskSourceIP})) =
                (INET_ATON(#{command.sourceIP}) &amp; INET_ATON(#{command.maskSourceIP}))
                <if test="command.sourcePort != null">
                    and white_list_port = CAST(#{command.sourcePort} AS UNSIGNED)
                </if>)
            </if>
            <if test="command.destinationIP != null and command.maskDestinationIP == null">
                or (white_list_ip = INET_ATON(#{command.destinationIP})
                <if test="command.destinationPort != null">
                    and white_list_port = CAST(#{command.destinationPort} AS UNSIGNED)
                </if>)
            </if>
            <if test="command.destinationIP != null and command.maskDestinationIP != null">
                or ((white_list_ip &amp; INET_ATON(#{command.maskDestinationIP})) =
                (INET_ATON(#{command.destinationIP}) &amp; INET_ATON(#{command.maskDestinationIP}))
                <if test="command.destinationPort != null">
                    and white_list_port = CAST(#{command.destinationPort} AS UNSIGNED)
                </if>)
            </if>
        </where>
    </select>
 </mapper>
--- a/src/test/java/com/realtime/protection/server/whitelist/WhiteListServiceTest.java
+++ b/src/test/java/com/realtime/protection/server/whitelist/WhiteListServiceTest.java
@@ -1,5 +1,6 @@
 package com.realtime.protection.server.whitelist;
 import com.realtime.protection.configuration.entity.task.Command;
 import com.realtime.protection.configuration.entity.whitelist.WhiteListObject;
 import org.junit.jupiter.api.BeforeEach;
 import org.junit.jupiter.api.Test;
@@ -63,12 +64,24 @@ class WhiteListServiceTest {
    @Test
    void testExistWhiteList() {
        List<Integer> ruleIds = List.of(6,7,8);
-        List<String> ip_list = whiteListService.existWhiteListObject(ruleIds);
+//        List<String> ip_list = whiteListService.existWhiteListObject(ruleIds);
-        System.out.println(ip_list);
+//        System.out.println(ip_list);
    }
    @Test
    void testUpdateWhiteListAuditStatus() {
        whiteListService.updateWhiteListObjectAuditStatus(7, 1);
    }
    @Test
    void testWhiteListCommandJudge() {
        Command command = new Command();
        command.setDestinationIP("128.1.1.123");
        command.setMaskDestinationIP("255.255.255.0");
        command.setDestinationPort("81");
        List<WhiteListObject> whitelists = whiteListService.whiteListCommandJudge(command);
        System.out.println(whitelists);
    }
 }