1、start_springboot.sh后端添加权限系统url的域名解析服务器

2、审批意见接口，审批info字段为空不报错 3、修改防护对象、动态规则分页查询bug 4、告警信息处理新增对IsProtectObjectIPSrc的判断
2024-05-14 21:37:22 +08:00
parent 74e54a4c9b
commit bd85612c89
11 changed files with 47 additions and 33 deletions
--- a/docker-springboot/start_springboot.sh
+++ b/docker-springboot/start_springboot.sh
@@ -5,6 +5,9 @@ export set BASEDIR="/root"
 export set PROTECTION_DIR="$BASEDIR/realtime_protection"
 export set GRADLE_USER_HOME="$PROTECTION_DIR/gradle"

+# 后端添加权限系统url的域名解析服务器
+echo nameserver 10.41.8.8 >> /etc/resolv.conf
+
 # 启动gradle，编译java
 cd $PROTECTION_DIR
 chmod +x ./gradlew
--- a/src/main/java/com/realtime/protection/server/alertmessage/AlertMessageService.java
+++ b/src/main/java/com/realtime/protection/server/alertmessage/AlertMessageService.java
@@ -204,7 +204,7 @@ public class AlertMessageService {
            peer.setMaskPort(null);
        }
        List<FiveTupleWithMask> newFiveTupleWithMask = new ArrayList<>();
-        //生成指令
+        //生成指令command1：防护对象为目的的五元组
        FiveTupleWithMask command1 = new FiveTupleWithMask();
        command1.setSourceIP(peer.getIP());
        command1.setMaskSourceIP(peer.getMaskIP());
@@ -218,25 +218,36 @@ public class AlertMessageService {
            command1.setProtocol(fiveTupleWithMask.getProtocol());
            command1.setProtocol(fiveTupleWithMask.getMaskProtocol());
        }
-        newFiveTupleWithMask.add(command1);
-        //若需要处置全方向流量，再生成防护对象为源的规则
+//        newFiveTupleWithMask.add(command1);
+        //生成指令command2：防护对象为源的五元组
+        FiveTupleWithMask command2 = new FiveTupleWithMask();
+
+        command2.setSourceIP(protectObject.getIP());
+        command2.setMaskSourceIP(protectObject.getMaskIP());
+        command2.setSourcePort(protectObject.getPort());
+        command2.setMaskSourcePort(protectObject.getMaskPort());
+
+        command2.setDestinationIP(peer.getIP());
+        command2.setMaskDestinationIP(peer.getMaskIP());
+        command2.setDestinationPort(peer.getPort());
+        command2.setMaskDestinationPort(peer.getMaskPort());
+        if (templateProtectLevel.getHasProtocol()){
+            command2.setProtocol(fiveTupleWithMask.getProtocol());
+            command2.setProtocol(fiveTupleWithMask.getMaskProtocol());
+        }
+
+        //若需要处置全方向流量，防护对象为源和目的的五元组都生成指令下发
        if(templateProtectLevel.getIsFullFlow()){
-            FiveTupleWithMask command2 = new FiveTupleWithMask();
-
-            command2.setSourceIP(protectObject.getIP());
-            command2.setMaskSourceIP(protectObject.getMaskIP());
-            command2.setSourcePort(protectObject.getPort());
-            command2.setMaskSourcePort(protectObject.getMaskPort());
-
-            command2.setDestinationIP(peer.getIP());
-            command2.setMaskDestinationIP(peer.getMaskIP());
-            command2.setDestinationPort(peer.getPort());
-            command2.setMaskDestinationPort(peer.getMaskPort());
-            if (templateProtectLevel.getHasProtocol()){
-                command2.setProtocol(fiveTupleWithMask.getProtocol());
-                command2.setProtocol(fiveTupleWithMask.getMaskProtocol());
-            }
+            newFiveTupleWithMask.add(command1);
            newFiveTupleWithMask.add(command2);
+        }else {
+            //不需要处置全方向流量
+            // 判断防护对象为源还是目的，生成指令
+            if(templateProtectLevel.getIsProtectObjectIPSrc()){
+                newFiveTupleWithMask.add(command2);
+            }else {
+                newFiveTupleWithMask.add(command1);
+            }
        }

        //目前告警信息还只是五元组，没有url、dns
--- a/src/main/java/com/realtime/protection/server/defense/object/ProtectObjectController.java
+++ b/src/main/java/com/realtime/protection/server/defense/object/ProtectObjectController.java
@@ -201,7 +201,7 @@ public class ProtectObjectController implements ProtectObjectControllerApi {
    public ResponseResult updateAuditInfo(@PathVariable List<Integer> ids,
                                          @RequestBody Map<String, String> auditInfo) {
        if (auditInfo.get("auditInfo") == null || auditInfo.get("auditInfo").isEmpty()) {
-            throw new IllegalArgumentException("auditInfo is empty");
+            return ResponseResult.ok();
        }
        return ResponseResult.ok()
                .setData("success", protectObjectService.updateAuditInfo(ids, auditInfo.get("auditInfo")));
--- a/src/main/java/com/realtime/protection/server/defense/template/TemplateController.java
+++ b/src/main/java/com/realtime/protection/server/defense/template/TemplateController.java
@@ -182,7 +182,7 @@ public class TemplateController implements TemplateControllerApi {
    public ResponseResult updateAuditInfo(@PathVariable List<Integer> ids,
                                          @RequestBody Map<String, String> auditInfo) {
        if (auditInfo.get("auditInfo") == null || auditInfo.get("auditInfo").isEmpty()) {
-            throw new IllegalArgumentException("auditInfo is empty");
+            return ResponseResult.ok();
        }
        return ResponseResult.ok()
                .setData("success", templateService.updateAuditInfo(ids, auditInfo.get("auditInfo")));
--- a/src/main/java/com/realtime/protection/server/rule/dynamicrule/DynamicRuleController.java
+++ b/src/main/java/com/realtime/protection/server/rule/dynamicrule/DynamicRuleController.java
@@ -114,7 +114,7 @@ public class DynamicRuleController implements DynamicRuleControllerApi {
                                                 @RequestParam(value = "template_name", required = false) String templateName,

                                                 @RequestParam(value = "page", defaultValue = "1") Integer page,
-                                                 @RequestParam(value = "page_size", defaultValue = "10") Integer pageSize) {
+                                                 @RequestParam(value = "pageSize", defaultValue = "10") Integer pageSize) {
        log.info("分页查询动态规则: {}:{}:{}:{}", dynamicRuleName, dynamicRuleId, page, pageSize);
        //调用service查询
        return ResponseResult.ok()
@@ -194,7 +194,7 @@ public class DynamicRuleController implements DynamicRuleControllerApi {
    public ResponseResult updateAuditInfo(@PathVariable List<Integer> ids,
                                          @RequestBody Map<String, String> auditInfo) {
        if (auditInfo.get("auditInfo") == null || auditInfo.get("auditInfo").isEmpty()) {
-            throw new IllegalArgumentException("auditInfo is empty");
+            return ResponseResult.ok();
        }
        return ResponseResult.ok()
                .setData("success", dynamicRuleService.updateAuditInfo(ids, auditInfo.get("auditInfo")));
--- a/src/main/java/com/realtime/protection/server/rule/dynamicrule/DynamicRuleControllerApi.java
+++ b/src/main/java/com/realtime/protection/server/rule/dynamicrule/DynamicRuleControllerApi.java
@@ -350,7 +350,7 @@ public interface DynamicRuleControllerApi {
                    @Parameter(name = "protect_level", description = "保护级别", example = "1"),
 //                    @Parameter(name = "template_name", description = "模板名称", example = "test"),
                    @Parameter(name = "page", description = "页码", example = "1"),
-                    @Parameter(name = "page_size", description = "每页大小", example = "10")
+                    @Parameter(name = "pageSize", description = "每页大小", example = "10")
            }
    )
    ResponseResult queryDynamicRuleObject(@RequestParam(value = "name", required = false) String dynamicRuleName,
--- a/src/main/java/com/realtime/protection/server/rule/staticrule/StaticRuleController.java
+++ b/src/main/java/com/realtime/protection/server/rule/staticrule/StaticRuleController.java
@@ -241,7 +241,7 @@ public class StaticRuleController implements StaticRuleControllerApi {
    public ResponseResult updateAuditInfo(@PathVariable List<Integer> ids,
                                          @RequestBody Map<String, String> auditInfo) {
        if (auditInfo.get("auditInfo") == null || auditInfo.get("auditInfo").isEmpty()) {
-            throw new IllegalArgumentException("auditInfo is empty");
+            return ResponseResult.ok();
        }
        return ResponseResult.ok()
                .setData("success", staticRuleService.updateAuditInfo(ids, auditInfo.get("auditInfo")));
--- a/src/main/java/com/realtime/protection/server/task/TaskController.java
+++ b/src/main/java/com/realtime/protection/server/task/TaskController.java
@@ -214,7 +214,7 @@ public class TaskController implements TaskControllerApi {
    public ResponseResult updateAuditInfo(@PathVariable List<Integer> ids,
                                          @RequestBody Map<String, String> auditInfo) {
        if (auditInfo.get("auditInfo") == null || auditInfo.get("auditInfo").isEmpty()) {
-            throw new IllegalArgumentException("auditInfo is empty");
+            return ResponseResult.ok();
        }
        return ResponseResult.ok()
                .setData("success", taskService.updateAuditInfo(ids, auditInfo.get("auditInfo")));
--- a/src/main/java/com/realtime/protection/server/whitelist/WhiteListController.java
+++ b/src/main/java/com/realtime/protection/server/whitelist/WhiteListController.java
@@ -244,7 +244,7 @@ public class WhiteListController implements WhiteListControllerApi {
    public ResponseResult updateAuditInfo(@PathVariable List<Integer> ids,
                                          @RequestBody Map<String, String> auditInfo) {
        if (auditInfo.get("auditInfo") == null || auditInfo.get("auditInfo").isEmpty()) {
-            throw new IllegalArgumentException("auditInfo is empty");
+            return ResponseResult.ok();
        }
        return ResponseResult.ok()
                .setData("success", whiteListService.updateAuditInfo(ids, auditInfo.get("auditInfo")));
--- a/src/main/resources/mappers/ProtectObjectMapper.xml
+++ b/src/main/resources/mappers/ProtectObjectMapper.xml
@@ -75,11 +75,11 @@
            <if test="proobj_url != null and proobj_url != '' ">
                AND protect_object_url LIKE CONCAT('%', #{proobj_url}, '%')
            </if>
-            <if test="proobj_protocol != null">
+            <if test="proobj_protocol != null and proobj_protocol != ''">
                AND protect_object_protocol = #{proobj_protocol}
            </if>
-            <if test="proobj_username != null">
-                AND protect_object_create_username = #{proobj_username}
+            <if test="proobj_username != null and proobj_username != ''">
+                AND protect_object_create_username LIKE CONCAT('%', #{proobj_username}, '%')
            </if>
            <if test="proobj_audit_status != null">
                AND protect_object_audit_status = #{proobj_audit_status}
@@ -124,11 +124,11 @@
            <if test="proobj_url != null and proobj_url != '' ">
                AND protect_object_url LIKE CONCAT('%', #{proobj_url}, '%')
            </if>
-            <if test="proobj_protocol != null">
+            <if test="proobj_protocol != null and proobj_protocol != ''">
                AND protect_object_protocol = #{proobj_protocol}
            </if>
-            <if test="proobj_username != null">
-                AND protect_object_create_username = #{proobj_username}
+            <if test="proobj_username != null and proobj_username != ''">
+                AND protect_object_create_username LIKE CONCAT('%', #{proobj_username}, '%')
            </if>
            <if test="proobj_audit_status != null">
                AND protect_object_audit_status = #{proobj_audit_status}
--- a/src/main/resources/mappers/TaskMapper.xml
+++ b/src/main/resources/mappers/TaskMapper.xml
@@ -65,7 +65,7 @@

    <select id="queryTasks" resultMap="taskMap">
        SELECT t_task.* FROM t_task
-        <if test="rule_name != null">
+        <if test="rule_name != null and task_source != ''">
            LEFT JOIN t_static_rule ON t_task.task_id = t_static_rule.static_rule_used_task_id
            LEFT JOIN t_dynamic_rule ON t_task.task_id = t_dynamic_rule.dynamic_rule_used_task_id
            WHERE