修复文件劫持、注入、阻断页面、镜像若干bug

2019-05-31 13:04:57 +08:00
parent 33590ee8f4
commit 1b2f115ee5
23 changed files with 239 additions and 176 deletions
--- a/src/main/java/com/nis/domain/callback/ProxyFileHijackCfg.java
+++ b/src/main/java/com/nis/domain/callback/ProxyFileHijackCfg.java
@@ -20,7 +20,7 @@ public class ProxyFileHijackCfg extends BaseCfg<ProxyFileHijackCfg>{
 	private String path;//储存路径
 	@ExcelField(title="content_name",sort=4)
 	private String contentName;//内容格式
-    private int quote;//判断与其他菜单是否关联使用中
+    private String quote;//判断与其他菜单是否关联使用中
 		
 	public String getContentName() {
 		return contentName;
@@ -28,10 +28,10 @@ public class ProxyFileHijackCfg extends BaseCfg<ProxyFileHijackCfg>{
 	public void setContentName(String contentName) {
 		this.contentName = contentName;
 	}
-	public int getQuote() {
+	public String getQuote() {
 		return quote;
 	}
-	public void setQuote(int quote) {
+	public void setQuote(String quote) {
 		this.quote = quote;
 	}
 	public String getIndexTable() {
--- a/src/main/java/com/nis/domain/callback/ProxyFileInsertScriptCfg.java
+++ b/src/main/java/com/nis/domain/callback/ProxyFileInsertScriptCfg.java
@@ -13,7 +13,7 @@ public class ProxyFileInsertScriptCfg extends BaseCfg<ProxyFileInsertScriptCfg>{
 	private String format;//css/js
 	@ExcelField(title="file_insert_script",sort=2)
 	private String path;//储存路径
-	private int quote;//判断与其他菜单是否关联使用中
+	private String quote;//判断与其他菜单是否关联使用中
 	public String getIndexTable() {
 		return indexTable;
 	}
@@ -38,10 +38,10 @@ public class ProxyFileInsertScriptCfg extends BaseCfg<ProxyFileInsertScriptCfg>{
 	public void setPath(String path) {
 		this.path = path;
 	}
-	public int getQuote() {
+	public String getQuote() {
 		return quote;
 	}
-	public void setQuote(int quote) {
+	public void setQuote(String quote) {
 		this.quote = quote;
-	}
+	}	
 }
--- a/src/main/java/com/nis/domain/callback/ProxyFileResponsePageCfg.java
+++ b/src/main/java/com/nis/domain/callback/ProxyFileResponsePageCfg.java
@@ -16,7 +16,16 @@ public class ProxyFileResponsePageCfg extends BaseCfg<ProxyFileResponsePageCfg>
 	private String contentType;//内容类型，如text/html，取字典表contentType
 	private String md5;//文件md5值
 	private Long contentLength;//文件长度
-	
+	private String quote;//引用状态
+		
+	public String getQuote() {
+		return quote;
+	}
+
+	public void setQuote(String quote) {
+		this.quote = quote;
+	}
+
 	public String getIndexTable() {
 		return indexTable;
 	}
--- a/src/main/java/com/nis/web/controller/BaseController.java
+++ b/src/main/java/com/nis/web/controller/BaseController.java
@@ -3729,8 +3729,15 @@ public class BaseController {
 						page.setPageNo(1);
 						page.setLastPage(false);
 						List<BaseCfg> list = pxyObjKeyringService.findPage(page,searchObjKeyringCfg).getList();
+						List<BaseCfg> result = new ArrayList();
+						for(int i=0;i<list.size();i++){
+							PxyObjKeyring temp=(PxyObjKeyring)list.get(i);
+							if("-1".equals(temp.getUserRegion4()) || temp.getUserRegion4()==null ){
+								result.add(temp);
+							}							
+						}
 						if(!StringUtil.isEmpty(list)){
-							hasData = commonPolicyService.batchDeleteMaatData(cfgList, page, batchCfg, list, hasData);
+							hasData = commonPolicyService.batchDeleteMaatData(cfgList, page, batchCfg, result, hasData);
 						}else{
 							hasData = false;
 						}
@@ -3771,7 +3778,7 @@ public class BaseController {
 						List<BaseCfg> result = new ArrayList();
 						for(int i=0;i<list.size();i++){
 							ProxyFileHijackCfg temp=(ProxyFileHijackCfg)list.get(i);
-							if(temp.getQuote() == -1 || temp.getQuote() ==0){
+							if("-1".equals(temp.getQuote()) || temp.getQuote()==null ){
 								result.add(temp);
 							}							
 						}
@@ -3790,7 +3797,7 @@ public class BaseController {
 						List<BaseCfg> result = new ArrayList();
 						for(int i=0;i<list.size();i++){
 							ProxyFileInsertScriptCfg temp=(ProxyFileInsertScriptCfg)list.get(i);
-							if(temp.getQuote() == -1 || temp.getQuote() ==0){
+							if("-1".equals(temp.getQuote()) || temp.getQuote()==null ){
 								result.add(temp);
 							}							
 						}
@@ -3806,9 +3813,16 @@ public class BaseController {
 					while(hasData){
 						page.setPageNo(1);
 						page.setLastPage(false);
-						List list = proxyFileTrafficMirrorService.findPage(page,searchFileTrafficMirrorCfg).getList();						
+						List list = proxyFileTrafficMirrorService.findPage(page,searchFileTrafficMirrorCfg).getList();
+						List<BaseCfg> result = new ArrayList();
+						for(int i=0;i<list.size();i++){
+							ProxyFileTrafficMirrorCfg temp=(ProxyFileTrafficMirrorCfg)list.get(i);
+							if("-1".equals(temp.getUserRegion5()) || temp.getUserRegion5()==null ){
+								result.add(temp);
+							}							
+						}
 						if(!StringUtil.isEmpty(list)){	
-							hasData = commonPolicyService.batchDeleteMaatData(cfgList, page, batchCfg, list, hasData);
+							hasData = commonPolicyService.batchDeleteMaatData(cfgList, page, batchCfg, result, hasData);
 						}else{
 							hasData = false;
 						}
@@ -3832,9 +3846,16 @@ public class BaseController {
 					while(hasData){
 						page.setPageNo(1);
 						page.setLastPage(false);
-						List list = proxyFileResponsePageService.findPage(page,searchFileResponsePageCfg).getList();						
+						List list = proxyFileResponsePageService.findPage(page,searchFileResponsePageCfg).getList();
+						List<BaseCfg> result = new ArrayList();
+						for(int i=0;i<list.size();i++){
+							ProxyFileInsertScriptCfg temp=(ProxyFileInsertScriptCfg)list.get(i);
+							if("-1".equals(temp.getUserRegion5()) || temp.getUserRegion5()==null ){
+								result.add(temp);
+							}							
+						}
 						if(!StringUtil.isEmpty(list)){	
-							hasData = commonPolicyService.batchDeleteMaatData(cfgList, page, batchCfg, list, hasData);
+							hasData = commonPolicyService.batchDeleteMaatData(cfgList, page, batchCfg, result, hasData);
 						}else{
 							hasData = false;
 						}
@@ -4143,7 +4164,9 @@ public class BaseController {
 						cfg.setIsAudit(entity.getIsAudit());
 						cfg.setAuditTime(entity.getAuditTime());
 						cfg.setAuditorId(entity.getAuditorId());
-						notAuditList.add(cfg);
+						if(!cfg.getQuote().equals("1")){
+							notAuditList.add(cfg);
+						}
 					}
 				}			
 			}else if(className.equals("ProxyFileInsertScriptCfg")){
@@ -4161,7 +4184,7 @@ public class BaseController {
 						cfg.setIsValid(entity.getIsValid());
 						cfg.setIsAudit(entity.getIsAudit());
 						cfg.setAuditTime(entity.getAuditTime());
-						cfg.setAuditorId(entity.getAuditorId());
+						cfg.setAuditorId(entity.getAuditorId());			
 						notAuditList.add(cfg);
 					}
 				}			
--- a/src/main/java/com/nis/web/dao/configuration/ProxyFileHijackDao.xml
+++ b/src/main/java/com/nis/web/dao/configuration/ProxyFileHijackDao.xml
@@ -51,7 +51,7 @@
 	    <include refid="ProxyFileHijackCfgColumn" />
 	    <trim prefix="," prefixOverrides=",">
 			, s.name as creator_name,e.name as editor_name,u.name as auditor_name
-			,ri.request_title as requestName,i.is_valid as quote
+			,ri.request_title as requestName,max(i.is_valid) as quote
 		</trim>
 	    FROM PXY_PROFILE_HIJACK_FILES a
 	    left join sys_user s on a.creator_id=s.id
@@ -156,6 +156,7 @@
 	    	<!-- 数据范围过滤 -->
 			${sqlMap.dsf}
 	    </trim>
+	    group by compile_id
 	    <choose>
 			<when test="page !=null and page.orderBy != null and page.orderBy != ''">
 				ORDER BY ${page.orderBy},a.is_audit,a.CFG_ID desc
--- a/src/main/java/com/nis/web/dao/configuration/ProxyFileInsertScriptDao.xml
+++ b/src/main/java/com/nis/web/dao/configuration/ProxyFileInsertScriptDao.xml
@@ -51,7 +51,7 @@
 	    <include refid="ProxyFileInsertScriptCfgColumn" />
 	    <trim prefix="," prefixOverrides=",">
 			, s.name as creator_name,e.name as editor_name,u.name as auditor_name
-			,ri.request_title as requestName,i.is_valid as quote
+			,ri.request_title as requestName,max(i.is_valid) as quote
 		</trim>
 	    FROM PXY_PROFILE_INSERT_SCRIPTS a
 	    left join sys_user s on a.creator_id=s.id
@@ -155,6 +155,7 @@
 	    	<!-- 数据范围过滤 -->
 			${sqlMap.dsf}
 	    </trim>
+	    group by compile_id
 	    <choose>
 			<when test="page !=null and page.orderBy != null and page.orderBy != ''">
 				ORDER BY ${page.orderBy},a.is_audit,a.CFG_ID desc
--- a/src/main/java/com/nis/web/dao/configuration/ProxyFileResponsePageDao.xml
+++ b/src/main/java/com/nis/web/dao/configuration/ProxyFileResponsePageDao.xml
@@ -53,13 +53,14 @@
 	    <include refid="ProxyFileResponsePageCfgColumn" />
 	    <trim prefix="," prefixOverrides=",">
 			, s.name as creator_name,e.name as editor_name,u.name as auditor_name
-			,ri.request_title as requestName
+			,ri.request_title as requestName,max(i.is_valid) as quote
 		</trim>
 	    FROM pxy_profile_response_pages a
 	    left join sys_user s on a.creator_id=s.id
 		left join sys_user e on a.editor_id=e.id
 		left join sys_user u on a.auditor_id=u.id
 		left join request_info ri on a.request_id=ri.id
+		left join cfg_index_info i on a.COMPILE_ID=i.user_region3
 		
 	    <trim prefix="WHERE" prefixOverrides="AND |OR ">
 	    	<if test="page !=null and page.where != null and page.where != ''">
@@ -160,6 +161,7 @@
 	    	<!-- 数据范围过滤 -->
 			${sqlMap.dsf}
 	    </trim>
+	    group by compile_id
 	    <choose>
 			<when test="page !=null and page.orderBy != null and page.orderBy != ''">
 				ORDER BY ${page.orderBy},a.is_audit,a.CFG_ID desc
--- a/src/main/java/com/nis/web/dao/configuration/ProxyFileTrafficMirrorDao.xml
+++ b/src/main/java/com/nis/web/dao/configuration/ProxyFileTrafficMirrorDao.xml
@@ -50,14 +50,14 @@
 	    <include refid="ProxyFileTrafficMirrorCfgColumn" />
 	    <trim prefix="," prefixOverrides=",">
 			, s.name as creator_name,e.name as editor_name,u.name as auditor_name
-			,ri.request_title as requestName<!-- ,i.is_valid as quote -->
+			,ri.request_title as requestName,max(i.is_valid) as userRegion5
 		</trim>
 	    FROM PXY_PROFILE_TRAFFIC_MIRROR a
 	    left join sys_user s on a.creator_id=s.id
 		left join sys_user e on a.editor_id=e.id
 		left join sys_user u on a.auditor_id=u.id
 		left join request_info ri on a.request_id=ri.id
-		<!-- left join cfg_index_info i on a.COMPILE_ID=i.user_region4  -->
+		left join cfg_index_info i on a.COMPILE_ID=i.user_region5
 	    <trim prefix="WHERE" prefixOverrides="AND |OR ">
 	    	<if test="page !=null and page.where != null and page.where != ''">
 				 AND ${page.where}
@@ -157,6 +157,7 @@
 	    	<!-- 数据范围过滤 -->
 			${sqlMap.dsf}
 	    </trim>
+	    group by compile_id
 	    <choose>
 			<when test="page !=null and page.orderBy != null and page.orderBy != ''">
 				ORDER BY ${page.orderBy},a.is_audit,a.CFG_ID desc
--- a/src/main/java/com/nis/web/dao/configuration/PxyObjKeyringDao.xml
+++ b/src/main/java/com/nis/web/dao/configuration/PxyObjKeyringDao.xml
@@ -142,13 +142,14 @@
 			<include refid="PxyObjKeyringColumns"/>
 		<trim prefix="," prefixOverrides=",">
 			,s.name as creator_name,e.name as editor_name,u.name as auditor_name
-			,ri.request_title as requestName
+			,ri.request_title as requestName,max(i.is_valid) as userRegion4
 		</trim>
 	    FROM  pxy_obj_keyring r
 	    left join sys_user s on r.creator_id=s.id
 		left join sys_user e on r.editor_id=e.id
 		left join sys_user u on r.auditor_id=u.id
 		left join request_info ri on r.request_id=ri.id
+		left join cfg_index_info i on r.COMPILE_ID=i.user_region4
 		<trim prefix="WHERE" prefixOverrides="AND |OR ">
 	    	<if test="page !=null and page.where != null and page.where != ''">
 				 AND ${page.where}
@@ -229,6 +230,7 @@
 	    	<!-- 数据范围过滤 -->
 			${sqlMap.dsf}
 	    </trim>
+	    group by compile_id
 	    <choose>
 			<when test="page !=null and page.orderBy != null and page.orderBy != ''">
 				ORDER BY ${page.orderBy},r.is_audit,r.CFG_ID desc
--- a/src/main/java/com/nis/web/service/configuration/CommonPolicyService.java
+++ b/src/main/java/com/nis/web/service/configuration/CommonPolicyService.java
@@ -459,7 +459,9 @@ public class CommonPolicyService extends CrudService<WebsiteCfgDao, CfgIndexInfo
 				List<ProxyObjKeyring> convertList = Lists.newArrayList();
 				for (Object object : auditList) {
 					PxyObjKeyring cfg = (PxyObjKeyring)object;
-					convertList.add(BaseService.convertCallBackProxyObjKeyring(cfg));
+					if(!"1".equals(cfg.getUserRegion4())){
+						convertList.add(BaseService.convertCallBackProxyObjKeyring(cfg));
+					}
 				}
 				if(convertList.size() > 0) {
 					auditList = convertList;
@@ -482,16 +484,20 @@ public class CommonPolicyService extends CrudService<WebsiteCfgDao, CfgIndexInfo
 				List<ProxyFileHijackCfgAudit> convertList = Lists.newArrayList();
 				for (Object object : auditList) {
 					ProxyFileHijackCfg cfg = (ProxyFileHijackCfg)object;
-					convertList.add(BaseService.convertCallBackProxyFileHijack(cfg));
+					if(!"1".equals(cfg.getQuote())){
+						convertList.add(BaseService.convertCallBackProxyFileHijack(cfg));
+					}
 				}
 				if(convertList.size() > 0) {
 					auditList = convertList;
 				}
-			}else if(entity.getServiceId().equals(644)) { // 劫持文件
+			}else if(entity.getServiceId().equals(644)) { // 脚本注入
 				List<ProxyFileInsertScriptCfgAudit> convertList = Lists.newArrayList();
 				for (Object object : auditList) {
 					ProxyFileInsertScriptCfg cfg = (ProxyFileInsertScriptCfg)object;
-					convertList.add(BaseService.convertCallBackProxyFileInsertScript(cfg));
+					if(!"1".equals(cfg.getQuote())){
+						convertList.add(BaseService.convertCallBackProxyFileInsertScript(cfg));
+					}
 				}
 				if(convertList.size() > 0) {
 					auditList = convertList;
@@ -500,7 +506,9 @@ public class CommonPolicyService extends CrudService<WebsiteCfgDao, CfgIndexInfo
 				List<ProxyFileTrafficMirrorCfgAudit> convertList = Lists.newArrayList();
 				for (Object object : auditList) {
 					ProxyFileTrafficMirrorCfg cfg = (ProxyFileTrafficMirrorCfg)object;
-					convertList.add(BaseService.convertCallBackProxyFileTrafficMirror(cfg));
+					if(!"1".equals(cfg.getUserRegion5())){
+						convertList.add(BaseService.convertCallBackProxyFileTrafficMirror(cfg));
+					}
 				}
 				if(convertList.size() > 0) {
 					auditList = convertList;
@@ -518,7 +526,9 @@ public class CommonPolicyService extends CrudService<WebsiteCfgDao, CfgIndexInfo
 				List<ProxyFileResponsePageCfgAudit> convertList = Lists.newArrayList();
 				for (Object object : auditList) {
 					ProxyFileResponsePageCfg cfg = (ProxyFileResponsePageCfg)object;
-					convertList.add(BaseService.convertCallBackProxyFileResponsePage(cfg));
+					if(!"1".equals(cfg.getQuote())){
+						convertList.add(BaseService.convertCallBackProxyFileResponsePage(cfg));
+					}
 				}
 				if(convertList.size() > 0) {
 					auditList = convertList;