From bd85612c891d569f8652211e896d2efe741b15eb Mon Sep 17 00:00:00 2001 From: PushM <584406942@qq.com> Date: Tue, 14 May 2024 21:37:22 +0800 Subject: [PATCH] =?UTF-8?q?1=E3=80=81start=5Fspringboot.sh=E5=90=8E?= =?UTF-8?q?=E7=AB=AF=E6=B7=BB=E5=8A=A0=E6=9D=83=E9=99=90=E7=B3=BB=E7=BB=9F?= =?UTF-8?q?url=E7=9A=84=E5=9F=9F=E5=90=8D=E8=A7=A3=E6=9E=90=E6=9C=8D?= =?UTF-8?q?=E5=8A=A1=E5=99=A8=202=E3=80=81=E5=AE=A1=E6=89=B9=E6=84=8F?= =?UTF-8?q?=E8=A7=81=E6=8E=A5=E5=8F=A3=EF=BC=8C=E5=AE=A1=E6=89=B9info?= =?UTF-8?q?=E5=AD=97=E6=AE=B5=E4=B8=BA=E7=A9=BA=E4=B8=8D=E6=8A=A5=E9=94=99?= =?UTF-8?q?=203=E3=80=81=E4=BF=AE=E6=94=B9=E9=98=B2=E6=8A=A4=E5=AF=B9?= =?UTF-8?q?=E8=B1=A1=E3=80=81=E5=8A=A8=E6=80=81=E8=A7=84=E5=88=99=E5=88=86?= =?UTF-8?q?=E9=A1=B5=E6=9F=A5=E8=AF=A2bug=204=E3=80=81=E5=91=8A=E8=AD=A6?= =?UTF-8?q?=E4=BF=A1=E6=81=AF=E5=A4=84=E7=90=86=E6=96=B0=E5=A2=9E=E5=AF=B9?= =?UTF-8?q?IsProtectObjectIPSrc=E7=9A=84=E5=88=A4=E6=96=AD?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- docker-springboot/start_springboot.sh | 3 ++ .../alertmessage/AlertMessageService.java | 47 ++++++++++++------- .../object/ProtectObjectController.java | 2 +- .../defense/template/TemplateController.java | 2 +- .../dynamicrule/DynamicRuleController.java | 4 +- .../dynamicrule/DynamicRuleControllerApi.java | 2 +- .../rule/staticrule/StaticRuleController.java | 2 +- .../server/task/TaskController.java | 2 +- .../server/whitelist/WhiteListController.java | 2 +- .../resources/mappers/ProtectObjectMapper.xml | 12 ++--- src/main/resources/mappers/TaskMapper.xml | 2 +- 11 files changed, 47 insertions(+), 33 deletions(-) diff --git a/docker-springboot/start_springboot.sh b/docker-springboot/start_springboot.sh index 1ef1e29..27b0fa7 100644 --- a/docker-springboot/start_springboot.sh +++ b/docker-springboot/start_springboot.sh @@ -5,6 +5,9 @@ export set BASEDIR="/root" export set PROTECTION_DIR="$BASEDIR/realtime_protection" export set GRADLE_USER_HOME="$PROTECTION_DIR/gradle" +# 后端添加权限系统url的域名解析服务器 +echo nameserver 10.41.8.8 >> /etc/resolv.conf + # 启动gradle,编译java cd $PROTECTION_DIR chmod +x ./gradlew diff --git a/src/main/java/com/realtime/protection/server/alertmessage/AlertMessageService.java b/src/main/java/com/realtime/protection/server/alertmessage/AlertMessageService.java index cb6cbcf..917b1c6 100644 --- a/src/main/java/com/realtime/protection/server/alertmessage/AlertMessageService.java +++ b/src/main/java/com/realtime/protection/server/alertmessage/AlertMessageService.java @@ -204,7 +204,7 @@ public class AlertMessageService { peer.setMaskPort(null); } List newFiveTupleWithMask = new ArrayList<>(); - //生成指令 + //生成指令command1:防护对象为目的的五元组 FiveTupleWithMask command1 = new FiveTupleWithMask(); command1.setSourceIP(peer.getIP()); command1.setMaskSourceIP(peer.getMaskIP()); @@ -218,25 +218,36 @@ public class AlertMessageService { command1.setProtocol(fiveTupleWithMask.getProtocol()); command1.setProtocol(fiveTupleWithMask.getMaskProtocol()); } - newFiveTupleWithMask.add(command1); - //若需要处置全方向流量,再生成防护对象为源的规则 +// newFiveTupleWithMask.add(command1); + //生成指令command2:防护对象为源的五元组 + FiveTupleWithMask command2 = new FiveTupleWithMask(); + + command2.setSourceIP(protectObject.getIP()); + command2.setMaskSourceIP(protectObject.getMaskIP()); + command2.setSourcePort(protectObject.getPort()); + command2.setMaskSourcePort(protectObject.getMaskPort()); + + command2.setDestinationIP(peer.getIP()); + command2.setMaskDestinationIP(peer.getMaskIP()); + command2.setDestinationPort(peer.getPort()); + command2.setMaskDestinationPort(peer.getMaskPort()); + if (templateProtectLevel.getHasProtocol()){ + command2.setProtocol(fiveTupleWithMask.getProtocol()); + command2.setProtocol(fiveTupleWithMask.getMaskProtocol()); + } + + //若需要处置全方向流量,防护对象为源和目的的五元组都生成指令下发 if(templateProtectLevel.getIsFullFlow()){ - FiveTupleWithMask command2 = new FiveTupleWithMask(); - - command2.setSourceIP(protectObject.getIP()); - command2.setMaskSourceIP(protectObject.getMaskIP()); - command2.setSourcePort(protectObject.getPort()); - command2.setMaskSourcePort(protectObject.getMaskPort()); - - command2.setDestinationIP(peer.getIP()); - command2.setMaskDestinationIP(peer.getMaskIP()); - command2.setDestinationPort(peer.getPort()); - command2.setMaskDestinationPort(peer.getMaskPort()); - if (templateProtectLevel.getHasProtocol()){ - command2.setProtocol(fiveTupleWithMask.getProtocol()); - command2.setProtocol(fiveTupleWithMask.getMaskProtocol()); - } + newFiveTupleWithMask.add(command1); newFiveTupleWithMask.add(command2); + }else { + //不需要处置全方向流量 + // 判断防护对象为源还是目的,生成指令 + if(templateProtectLevel.getIsProtectObjectIPSrc()){ + newFiveTupleWithMask.add(command2); + }else { + newFiveTupleWithMask.add(command1); + } } //目前告警信息还只是五元组,没有url、dns diff --git a/src/main/java/com/realtime/protection/server/defense/object/ProtectObjectController.java b/src/main/java/com/realtime/protection/server/defense/object/ProtectObjectController.java index d150fa8..e2195ac 100644 --- a/src/main/java/com/realtime/protection/server/defense/object/ProtectObjectController.java +++ b/src/main/java/com/realtime/protection/server/defense/object/ProtectObjectController.java @@ -201,7 +201,7 @@ public class ProtectObjectController implements ProtectObjectControllerApi { public ResponseResult updateAuditInfo(@PathVariable List ids, @RequestBody Map auditInfo) { if (auditInfo.get("auditInfo") == null || auditInfo.get("auditInfo").isEmpty()) { - throw new IllegalArgumentException("auditInfo is empty"); + return ResponseResult.ok(); } return ResponseResult.ok() .setData("success", protectObjectService.updateAuditInfo(ids, auditInfo.get("auditInfo"))); diff --git a/src/main/java/com/realtime/protection/server/defense/template/TemplateController.java b/src/main/java/com/realtime/protection/server/defense/template/TemplateController.java index 437bfa7..feb7dd8 100644 --- a/src/main/java/com/realtime/protection/server/defense/template/TemplateController.java +++ b/src/main/java/com/realtime/protection/server/defense/template/TemplateController.java @@ -182,7 +182,7 @@ public class TemplateController implements TemplateControllerApi { public ResponseResult updateAuditInfo(@PathVariable List ids, @RequestBody Map auditInfo) { if (auditInfo.get("auditInfo") == null || auditInfo.get("auditInfo").isEmpty()) { - throw new IllegalArgumentException("auditInfo is empty"); + return ResponseResult.ok(); } return ResponseResult.ok() .setData("success", templateService.updateAuditInfo(ids, auditInfo.get("auditInfo"))); diff --git a/src/main/java/com/realtime/protection/server/rule/dynamicrule/DynamicRuleController.java b/src/main/java/com/realtime/protection/server/rule/dynamicrule/DynamicRuleController.java index 2472209..8ff724e 100644 --- a/src/main/java/com/realtime/protection/server/rule/dynamicrule/DynamicRuleController.java +++ b/src/main/java/com/realtime/protection/server/rule/dynamicrule/DynamicRuleController.java @@ -114,7 +114,7 @@ public class DynamicRuleController implements DynamicRuleControllerApi { @RequestParam(value = "template_name", required = false) String templateName, @RequestParam(value = "page", defaultValue = "1") Integer page, - @RequestParam(value = "page_size", defaultValue = "10") Integer pageSize) { + @RequestParam(value = "pageSize", defaultValue = "10") Integer pageSize) { log.info("分页查询动态规则: {}:{}:{}:{}", dynamicRuleName, dynamicRuleId, page, pageSize); //调用service查询 return ResponseResult.ok() @@ -194,7 +194,7 @@ public class DynamicRuleController implements DynamicRuleControllerApi { public ResponseResult updateAuditInfo(@PathVariable List ids, @RequestBody Map auditInfo) { if (auditInfo.get("auditInfo") == null || auditInfo.get("auditInfo").isEmpty()) { - throw new IllegalArgumentException("auditInfo is empty"); + return ResponseResult.ok(); } return ResponseResult.ok() .setData("success", dynamicRuleService.updateAuditInfo(ids, auditInfo.get("auditInfo"))); diff --git a/src/main/java/com/realtime/protection/server/rule/dynamicrule/DynamicRuleControllerApi.java b/src/main/java/com/realtime/protection/server/rule/dynamicrule/DynamicRuleControllerApi.java index c126a7f..76ed2c7 100644 --- a/src/main/java/com/realtime/protection/server/rule/dynamicrule/DynamicRuleControllerApi.java +++ b/src/main/java/com/realtime/protection/server/rule/dynamicrule/DynamicRuleControllerApi.java @@ -350,7 +350,7 @@ public interface DynamicRuleControllerApi { @Parameter(name = "protect_level", description = "保护级别", example = "1"), // @Parameter(name = "template_name", description = "模板名称", example = "test"), @Parameter(name = "page", description = "页码", example = "1"), - @Parameter(name = "page_size", description = "每页大小", example = "10") + @Parameter(name = "pageSize", description = "每页大小", example = "10") } ) ResponseResult queryDynamicRuleObject(@RequestParam(value = "name", required = false) String dynamicRuleName, diff --git a/src/main/java/com/realtime/protection/server/rule/staticrule/StaticRuleController.java b/src/main/java/com/realtime/protection/server/rule/staticrule/StaticRuleController.java index 834b34a..928f386 100644 --- a/src/main/java/com/realtime/protection/server/rule/staticrule/StaticRuleController.java +++ b/src/main/java/com/realtime/protection/server/rule/staticrule/StaticRuleController.java @@ -241,7 +241,7 @@ public class StaticRuleController implements StaticRuleControllerApi { public ResponseResult updateAuditInfo(@PathVariable List ids, @RequestBody Map auditInfo) { if (auditInfo.get("auditInfo") == null || auditInfo.get("auditInfo").isEmpty()) { - throw new IllegalArgumentException("auditInfo is empty"); + return ResponseResult.ok(); } return ResponseResult.ok() .setData("success", staticRuleService.updateAuditInfo(ids, auditInfo.get("auditInfo"))); diff --git a/src/main/java/com/realtime/protection/server/task/TaskController.java b/src/main/java/com/realtime/protection/server/task/TaskController.java index 5542da2..7089254 100644 --- a/src/main/java/com/realtime/protection/server/task/TaskController.java +++ b/src/main/java/com/realtime/protection/server/task/TaskController.java @@ -214,7 +214,7 @@ public class TaskController implements TaskControllerApi { public ResponseResult updateAuditInfo(@PathVariable List ids, @RequestBody Map auditInfo) { if (auditInfo.get("auditInfo") == null || auditInfo.get("auditInfo").isEmpty()) { - throw new IllegalArgumentException("auditInfo is empty"); + return ResponseResult.ok(); } return ResponseResult.ok() .setData("success", taskService.updateAuditInfo(ids, auditInfo.get("auditInfo"))); diff --git a/src/main/java/com/realtime/protection/server/whitelist/WhiteListController.java b/src/main/java/com/realtime/protection/server/whitelist/WhiteListController.java index 62d54c9..f768ffe 100644 --- a/src/main/java/com/realtime/protection/server/whitelist/WhiteListController.java +++ b/src/main/java/com/realtime/protection/server/whitelist/WhiteListController.java @@ -244,7 +244,7 @@ public class WhiteListController implements WhiteListControllerApi { public ResponseResult updateAuditInfo(@PathVariable List ids, @RequestBody Map auditInfo) { if (auditInfo.get("auditInfo") == null || auditInfo.get("auditInfo").isEmpty()) { - throw new IllegalArgumentException("auditInfo is empty"); + return ResponseResult.ok(); } return ResponseResult.ok() .setData("success", whiteListService.updateAuditInfo(ids, auditInfo.get("auditInfo"))); diff --git a/src/main/resources/mappers/ProtectObjectMapper.xml b/src/main/resources/mappers/ProtectObjectMapper.xml index 6f82742..19c9909 100644 --- a/src/main/resources/mappers/ProtectObjectMapper.xml +++ b/src/main/resources/mappers/ProtectObjectMapper.xml @@ -75,11 +75,11 @@ AND protect_object_url LIKE CONCAT('%', #{proobj_url}, '%') - + AND protect_object_protocol = #{proobj_protocol} - - AND protect_object_create_username = #{proobj_username} + + AND protect_object_create_username LIKE CONCAT('%', #{proobj_username}, '%') AND protect_object_audit_status = #{proobj_audit_status} @@ -124,11 +124,11 @@ AND protect_object_url LIKE CONCAT('%', #{proobj_url}, '%') - + AND protect_object_protocol = #{proobj_protocol} - - AND protect_object_create_username = #{proobj_username} + + AND protect_object_create_username LIKE CONCAT('%', #{proobj_username}, '%') AND protect_object_audit_status = #{proobj_audit_status} diff --git a/src/main/resources/mappers/TaskMapper.xml b/src/main/resources/mappers/TaskMapper.xml index 808f5d7..7cf80be 100644 --- a/src/main/resources/mappers/TaskMapper.xml +++ b/src/main/resources/mappers/TaskMapper.xml @@ -65,7 +65,7 @@