gfwleak/enderbyendera-realtime-protection
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
This repository has been archived on 2025-09-14. You can view files and clone it, but cannot push or open issues or pull requests.
Files
f9e2c3d6b10d799cd9630b43ad0b3ec5f9485b3d
enderbyendera-realtime-prot…/src/main/resources/mappers/WhiteListMapper.xml
PushM f9e2c3d6b1 1、白名单、防护对象文件导入部分属性没有忽略 
2、白名单匹配sql错误bug修复
2024-06-20 02:12:41 +08:00

561 lines
24 KiB
XML
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE mapper
PUBLIC "-//mybatis.org//DTD Mapper 3.0//EN"
"http://mybatis.org/dtd/mybatis-3-mapper.dtd">
<mapper namespace="com.realtime.protection.server.whitelist.WhiteListMapper">
<insert id="newWhiteListObject" useGeneratedKeys="true" keyProperty="whiteListId"
parameterType="com.realtime.protection.configuration.entity.whitelist.WhiteListObject">
insert into t_white_list(white_list_name, white_list_system_name,
white_list_ip, white_list_port,
white_list_url, white_list_protocol,
white_list_audit_status, create_time, white_list_display_id,
create_username, create_user_department,
create_user_id)
values (#{object.whiteListName}, #{object.whiteListSystemName},
INET_ATON(#{object.whiteListIP}), #{object.whiteListPort},
#{object.whiteListUrl}, #{object.whiteListProtocol},
0, NOW(), #{object.whiteListDisplayId},
#{object.createUserName}, #{object.createUserDepartment},
#{object.createUserId})
</insert>
<insert id="newWhiteListObjects">
insert into t_white_list(white_list_name, white_list_system_name,
white_list_ip, white_list_port,
white_list_url, white_list_protocol,
white_list_audit_status, create_time, white_list_display_id,
create_username, create_user_department,
create_user_id)
values
<foreach collection="whiteListObjects" item="object" separator=",">
(#{object.whiteListName}, #{object.whiteListSystemName},
INET_ATON(#{object.whiteListIP}), #{object.whiteListPort},
#{object.whiteListUrl}, #{object.whiteListProtocol},
0, NOW(), #{object.whiteListDisplayId},
#{object.createUserName}, #{object.createUserDepartment},
#{object.createUserId})
</foreach>
</insert>
<insert id="insertStatusLog">
insert into t_white_list_status_log(
white_list_id,
white_list_name,
effective_time,expire_time,
white_list_system_name,
white_list_ip,
white_list_url,
white_list_port,
white_list_audit_status,
white_list_protocol,
create_time,
modify_time,
create_username,
white_list_display_id,
create_user_department,
create_user_id,
white_list_audit_info,
audit_user_name,
audit_user_id,
audit_user_depart
)
select
white_list_id,
white_list_name,
NOW(),null,
white_list_system_name,
white_list_ip,
white_list_url,
white_list_port,
white_list_audit_status,
white_list_protocol,
create_time,
modify_time,
create_username,
white_list_display_id,
create_user_department,
create_user_id,
white_list_audit_info,
audit_user_name,
audit_user_id,
audit_user_depart
from t_white_list
where white_list_id = #{id}
</insert>
<insert id="insertStatusLogBatch">
insert into t_white_list_status_log(
white_list_id,
white_list_name,
effective_time,expire_time,
white_list_system_name,
white_list_ip,
white_list_url,
white_list_port,
white_list_audit_status,
white_list_protocol,
create_time,
modify_time,
create_username,
white_list_display_id,
create_user_department,
create_user_id,
white_list_audit_info,
audit_user_name,
audit_user_id,
audit_user_depart
)
select
white_list_id,
white_list_name,
NOW(),null,
white_list_system_name,
white_list_ip,
white_list_url,
white_list_port,
white_list_audit_status,
white_list_protocol,
create_time,
modify_time,
create_username,
white_list_display_id,
create_user_department,
create_user_id,
white_list_audit_info,
audit_user_name,
audit_user_id,
audit_user_depart
from t_white_list
where white_list_id in
<foreach collection="ids" item="id" open="(" separator="," close=")">
#{id}
</foreach>
</insert>
<insert id="createCommandWhiteListConnect">
insert into t_white_list_command_conn(command_id, white_list_id)
values
<foreach collection="whiteLists" item="whiteList" separator=",">
(#{command_id}, #{whiteList.whiteListId})
</foreach>
</insert>
<delete id="deleteWhiteListObjects">
delete from t_white_list
where white_list_id in
<foreach collection="whiteListIds" item="id" open="(" separator="," close=")">
#{id}
</foreach>
</delete>
<resultMap id="whiteListMap" type="com.realtime.protection.configuration.entity.whitelist.WhiteListObject">
<id column="white_list_id" property="whiteListId"/>
<result column="white_list_name" property="whiteListName"/>
<result column="white_list_system_name" property="whiteListSystemName"/>
<result column="white_list_ip_d" property="whiteListIP"/>
<result column="white_list_port" property="whiteListPort"/>
<result column="white_list_url" property="whiteListUrl"/>
<result column="white_list_protocol" property="whiteListProtocol"/>
<result column="white_list_audit_status" property="whiteListAuditStatus"/>
<result column="white_list_display_id" property="whiteListDisplayId"/>
<result column="create_time" property="createTime"/>
<result column="modify_time" property="modifyTime"/>
<result column="create_username" property="createUserName"/>
<result column="create_user_department" property="createUserDepartment"/>
<result column="create_user_id" property="createUserId"/>
<result column="audit_user_name" property="auditUserName"/>
<result column="audit_user_id" property="auditUserId"/>
<result column="audit_user_depart" property="auditUserDepart"/>
<result column="effective_time" property="effeciveTime"/>
<result column="expire_time" property="expireTime"/>
</resultMap>
<select id="queryWhiteListObject" resultMap="whiteListMap">
select *, INET_NTOA(white_list_ip) as white_list_ip_d
from t_white_list
<where>
<if test="whiteListName != null and whiteListName != '' ">
white_list_name like concat('%', #{whiteListName}, '%')
</if>
<if test="whiteListId != null and whiteListId != ''">
and hite_list_display_id like concat('%', #{whiteListId}, '%')
</if>
<if test="systemName != null and systemName != '' ">
and white_list_system_name like concat('%', #{systemName}, '%')
</if>
<if test="auditStatus != null">
and white_list_audit_status = #{auditStatus}
</if>
<if test="creator != null and creator != '' ">
and create_username = #{creator}
</if>
</where>
order by white_list_id desc
LIMIT ${(page - 1) * pageSize}, #{pageSize}
</select>
<select id="queryWhiteListObjectById" resultMap="whiteListMap">
select *, INET_NTOA(white_list_ip) as white_list_ip_d
from t_white_list
where white_list_id = #{whiteListId}
</select>
<update id="updateWhiteListObject">
update t_white_list
<set>
<if test="object.whiteListName != null">
white_list_name = #{object.whiteListName},
</if>
<if test="object.whiteListSystemName != null">
white_list_system_name = #{object.whiteListSystemName},
</if>
<if test="object.whiteListIP != null">
white_list_ip = INET_ATON(#{object.whiteListIP}),
</if>
<if test="object.whiteListPort != null">
white_list_port = #{object.whiteListPort},
</if>
<if test="object.whiteListUrl != null">
white_list_url = #{object.whiteListUrl},
</if>
<if test="object.whiteListProtocol != null">
white_list_protocol = #{object.whiteListProtocol},
</if>
<if test="object.whiteListAuditStatus != null">
white_list_audit_status = #{object.whiteListAuditStatus},
</if>
modify_time = NOW()
</set>
where white_list_id = #{id}
</update>
<update id="updateWhiteListObjectAuditStatus">
update t_white_list
set white_list_audit_status = #{status}
where white_list_id = #{id}
</update>
<update id="updateAuditStatusByIdBatch">
update t_white_list
set white_list_audit_status = CASE white_list_id
<foreach collection="idsWithAuditStatusMap" index="id" item="auditStatus" separator=" ">
WHEN #{id} THEN #{auditStatus}
</foreach>
END
WHERE white_list_id IN
<foreach collection="idsWithAuditStatusMap" index="id" open="(" separator="," close=")">
#{id}
</foreach>
</update>
<update id="updateAuditInfo">
UPDATE t_white_list
SET white_list_audit_info = #{auditInfo}
WHERE white_list_id IN
<foreach collection="ids" item="id" open="(" separator="," close=")">
#{id}
</foreach>
</update>
<update id="updateStatusLogExpireTime">
update t_white_list_status_log
set expire_time = NOW()
where white_list_id = #{id} and expire_time is null
</update>
<update id="updateStatusLogExpireTimeBatch">
update t_white_list_status_log
set expire_time = NOW()
where white_list_id in
<foreach collection="ids" item="id" open="(" separator="," close=")">
#{id}
</foreach>
and expire_time is null
</update>
<update id="updateAuditStatusByIdBatchWithUser">
update t_white_list
set white_list_audit_status = CASE white_list_id
<foreach collection="idWithAuditStatusBatch" index="id" item="auditStatus" separator=" ">
WHEN #{id} THEN #{auditStatus}
</foreach>
END,
audit_user_name = #{auditUserName},
audit_user_id = #{auditUserId},
audit_user_depart = #{auditUserDepart},
modify_time = NOW()
WHERE white_list_id IN
<foreach collection="idsWithAuditStatusMap" index="id" open="(" separator="," close=")">
#{id}
</foreach>
</update>
<update id="updateWhiteListObjectAuditStatusWithUser">
update t_white_list
set white_list_audit_status = #{status},
audit_user_name = #{auditUserName},
audit_user_id = #{auditUserId},
audit_user_depart = #{auditUserDepart},
modify_time = NOW()
where white_list_id = #{id}
</update>
<select id="existWhiteListObject" resultType="java.lang.String">
select CONCAT(INET_NTOA(white_list_ip)," ", CAST(white_list_port)," ", white_list_url)
from t_white_list
<where>
<if test="staticRuleObject.staticRuleSip != null and staticRuleObject.staticRuleMsip == null">
(white_list_ip = #{staticRuleObject.staticRuleSip}
<if test="staticRuleObject.staticRuleSport != null">
and white_list_port = #{staticRuleObject.staticRuleSport}
</if>)
</if>
<if test="staticRuleObject.staticRuleSip != null and staticRuleObject.staticRuleMsip != null">
((white_list_ip &amp; #{staticRuleObject.staticRuleMsip}) =
(#{staticRuleObject.staticRuleSip} &amp; #{staticRuleObject.staticRuleMsip})
<if test="staticRuleObject.staticRuleSport != null">
and white_list_port = #{staticRuleObject.staticRuleSport}
</if>)
</if>
<if test="staticRuleObject.staticRuleDip != null and staticRuleObject.staticRuleMdip == null">
or (white_list_ip = #{staticRuleObject.staticRuleDip}
<if test="staticRuleObject.staticRuleDport != null">
and white_list_port = #{staticRuleObject.staticRuleDport}
</if>)
</if>
<if test="staticRuleObject.staticRuleDip != null and staticRuleObject.staticRuleMdip != null">
or ((white_list_ip &amp; #{staticRuleObject.staticRuleMdip}) =
(#{staticRuleObject.staticRuleDip} &amp; #{staticRuleObject.staticRuleMdip})
<if test="staticRuleObject.staticRuleDport != null">
and white_list_port = #{staticRuleObject.staticRuleDport}
</if>)
</if>
<if test="staticRuleObject.staticRuleUrl != null">
or white_list_url = #{staticRuleObject.staticRuleUrl}
</if>
</where>
</select>
<select id="queryWhiteListObjectAuditStuatusById" resultType="java.lang.Integer">
select white_list_audit_status
from t_white_list
where white_list_id = #{id}
</select>
<!--
判断逻辑
如果指令没有ip掩码
whitelist_ip == ip
如果指令有端口:
判断端口是否相同
如果指令有ip掩码
whitelist_ip & IP掩码 == 源IP & IP掩码 : 代表指令包含了whitelist_ip
如果指令有端口:
判断端口是否相同
又分了一下指令的源ip和目的ip
可能还要做的:
1端口掩码
2协议
3url
-->
<select id="whiteListCommandCheck" resultMap="whiteListMap">
select *,INET_NTOA(white_list_ip) as white_list_ip_d
from t_white_list
<where>
<if test="command.sourceIP != null and command.maskSourceIP == null">
(white_list_ip = INET_ATON(#{command.sourceIP})
<if test="command.sourcePort != null">
and white_list_port = CAST(#{command.sourcePort} AS UNSIGNED)
</if>
)
</if>
<if test="command.sourceIP != null and command.maskSourceIP != null">
(( white_list_ip &amp; INET_ATON(#{command.maskSourceIP})) =
(INET_ATON(#{command.sourceIP}) &amp; INET_ATON(#{command.maskSourceIP}))
<if test="command.sourcePort != null">
and white_list_port = CAST(#{command.sourcePort} AS UNSIGNED)
</if>
<if test="command.protocol != null">
and white_list_protocol = #{command.protocol}
</if>
)
</if>
<if test="command.destinationIP != null and command.maskDestinationIP == null">
or (white_list_ip = INET_ATON(#{command.destinationIP})
<if test="command.destinationPort != null">
and white_list_port = CAST(#{command.destinationPort} AS UNSIGNED)
</if>)
</if>
<if test="command.destinationIP != null and command.maskDestinationIP != null">
or ((white_list_ip &amp; INET_ATON(#{command.maskDestinationIP})) =
(INET_ATON(#{command.destinationIP}) &amp; INET_ATON(#{command.maskDestinationIP}))
<if test="command.destinationPort != null">
and white_list_port = CAST(#{command.destinationPort} AS UNSIGNED)
</if>)
</if>
</where>
</select>
<select id="queryWhiteListTotalNum" resultType="java.lang.Integer">
select COUNT(*)
from t_white_list
<where>
<if test="whiteListName != null and whiteListName != '' ">
white_list_name like concat('%', #{whiteListName}, '%')
</if>
<if test="whiteListId != null and whiteListId != ''">
and hite_list_display_id like concat('%', #{whiteListId}, '%')
</if>
<if test="systemName != null and systemName != '' ">
and white_list_system_name like concat('%', #{systemName}, '%')
</if>
<if test="auditStatus != null">
and white_list_audit_status = #{auditStatus}
</if>
<if test="creator != null and creator != '' ">
and create_username = #{creator}
</if>
</where>
</select>
<select id="whiteListCommandsCheck" resultMap="whiteListMap">
select *, INET_NTOA(white_list_ip) as white_list_ip_d
from t_white_list
<where>
<foreach collection="taskCommandInfos" item="command" open="(" separator=" or " close=")">
false
<if test="command.fiveTupleWithMask.sourceIP != null and command.fiveTupleWithMask.maskSourceIP == null">
or (white_list_ip = INET_ATON(#{command.fiveTupleWithMask.sourceIP})
<if test="command.fiveTupleWithMask.sourcePort != null">
and white_list_port = CAST(#{command.fiveTupleWithMask.sourcePort} AS UNSIGNED)
</if>
<if test="command.fiveTupleWithMask.protocolNum != null">
and white_list_protocol = #{command.fiveTupleWithMask.protocolNum}
</if>
)
</if>
<if test="command.fiveTupleWithMask.sourceIP != null and command.fiveTupleWithMask.maskSourceIP != null">
or (( white_list_ip &amp; INET_ATON(#{command.fiveTupleWithMask.maskSourceIP})) =
(INET_ATON(#{command.fiveTupleWithMask.sourceIP}) &amp; INET_ATON(#{command.fiveTupleWithMask.maskSourceIP}))
<if test="command.fiveTupleWithMask.sourcePort != null">
and white_list_port = CAST(#{command.fiveTupleWithMask.sourcePort} AS UNSIGNED)
</if>
<if test="command.fiveTupleWithMask.protocolNum != null">
and white_list_protocol = #{command.fiveTupleWithMask.protocolNum}
</if>
<if test="command.fiveTupleWithMask.protocolNum != null">
and white_list_protocol = #{command.fiveTupleWithMask.protocolNum}
</if>
)
</if>
<if test="command.fiveTupleWithMask.destinationIP != null and command.fiveTupleWithMask.maskDestinationIP == null">
or (white_list_ip = INET_ATON(#{command.fiveTupleWithMask.destinationIP})
<if test="command.fiveTupleWithMask.destinationPort != null">
and white_list_port = CAST(#{command.fiveTupleWithMask.destinationPort} AS UNSIGNED)
</if>
<if test="command.fiveTupleWithMask.protocolNum != null">
and white_list_protocol = #{command.fiveTupleWithMask.protocolNum}
</if>
)
</if>
<if test="command.fiveTupleWithMask.destinationIP != null and command.fiveTupleWithMask.maskDestinationIP != null">
or ((white_list_ip &amp; INET_ATON(#{command.fiveTupleWithMask.maskDestinationIP})) =
(INET_ATON(#{command.fiveTupleWithMask.destinationIP}) &amp; INET_ATON(#{command.fiveTupleWithMask.maskDestinationIP}))
<if test="command.fiveTupleWithMask.destinationPort != null">
and white_list_port = CAST(#{command.fiveTupleWithMask.destinationPort} AS UNSIGNED)
</if>
<if test="command.fiveTupleWithMask.protocolNum != null">
and white_list_protocol = #{command.fiveTupleWithMask.protocolNum}
</if>
)
</if>
</foreach>
</where>
</select>
<select id="whiteListCStaticRulesCheck" resultMap="whiteListMap">
select *, INET_NTOA(white_list_ip) as white_list_ip_d
from t_white_list
<where>
<foreach collection="staticRuleObjects" item="staticRule" open="(" separator=" or " close=")">
false
<if test="staticRule.staticRuleSip != null and staticRule.staticRuleMsip == null">
or(white_list_ip = INET_ATON(#{staticRule.staticRuleSip})
<if test="staticRule.staticRuleSport != null">
and white_list_port = #{staticRule.staticRuleSport}
</if>
<if test="staticRule.staticRuleProtocol != null">
and white_list_protocol = #{staticRule.staticRuleProtocol}
</if>
)
</if>
<if test="staticRule.staticRuleSip != null and staticRule.staticRuleMsip != null">
or(( white_list_ip &amp; INET_ATON(#{staticRule.staticRuleSip})) =
(INET_ATON(#{staticRule.staticRuleSip}) &amp; INET_ATON(#{staticRule.staticRuleMsip}))
<if test="staticRule.staticRuleSport != null">
and white_list_port = #{staticRule.staticRuleSport}
</if>
<if test="staticRule.staticRuleProtocol != null">
and white_list_protocol = #{staticRule.staticRuleProtocol}
</if>
)
</if>
<if test="staticRule.staticRuleDip != null and staticRule.staticRuleMdip == null">
or
(white_list_ip = INET_ATON(#{staticRule.staticRuleDip})
<if test="staticRule.staticRuleDport != null">
and white_list_port = #{staticRule.staticRuleDport}
</if>
<if test="staticRule.staticRuleProtocol != null">
and white_list_protocol = #{staticRule.staticRuleProtocol}
</if>
)
</if>
<if test="staticRule.staticRuleDip != null and staticRule.staticRuleMdip != null">
or (
(white_list_ip &amp; INET_ATON(#{staticRule.staticRuleDip})) =
(INET_ATON(#{staticRule.staticRuleDip}) &amp; INET_ATON(#{staticRule.staticRuleMdip}))
<if test="staticRule.staticRuleDport != null">
and white_list_port = #{staticRule.staticRuleDport}
</if>
<if test="staticRule.staticRuleProtocol != null">
and white_list_protocol = #{staticRule.staticRuleProtocol}
</if>
)
</if>
</foreach>
</where>
</select>
<select id="queryAuditWhiteListTotalNum" resultType="java.lang.Integer">
select COUNT(*)
from t_white_list
where white_list_audit_status = #{auditStatus}
</select>
<select id="queryAuditStatusByIds" resultType="java.lang.Integer">
select white_list_audit_status
from t_white_list
where white_list_id in
<foreach collection="idsWithAuditStatusMap" index="id" open="(" separator="," close=")">
#{id}
</foreach>
</select>
<select id="queryWhiteListObjectAuditInfo" resultType="java.lang.String">
select white_list_audit_info
from t_white_list
where white_list_id = #{id}
</select>
<select id="queryHistory"
resultMap="whiteListMap">
select *, INET_NTOA(white_list_ip) as white_list_ip_d
FROM t_white_list_status_log
WHERE white_list_id = #{id}
ORDER BY effective_time DESC
LIMIT ${(page - 1) * pageSize}, #{pageSize}
</select>
</mapper>
Reference in New Issue View Git Blame Copy Permalink