diff --git a/src/main/java/com/nis/util/Constants.java b/src/main/java/com/nis/util/Constants.java index bf9ecc8df..61a7db850 100644 --- a/src/main/java/com/nis/util/Constants.java +++ b/src/main/java/com/nis/util/Constants.java @@ -7,7 +7,15 @@ import java.util.Map; import com.google.gson.GsonBuilder; public final class Constants { - + /** + * IP验证正则 + */ + public static final String IPV4_IP_SUBNET_REGEXP=Configurations.getStringProperty("ipv4_ip_subnet_regexp", "*"); + public static final String IPV6_IP_SUBNET_REGEXP=Configurations.getStringProperty("ipv6_ip_subnet_regexp", "*"); + public static final String IPV4_IP_RANGE_REGEXP=Configurations.getStringProperty("ipv4_ip_range_regexp", "*"); + public static final String IPV6_IP_RANGE_REGEXP=Configurations.getStringProperty("ipv6_ip_range_regexp", "*"); + public static final String IPV4_IP_REGEXP=Configurations.getStringProperty("ipv4_ip_regexp", "*"); + public static final String IPV6_IP_REGEXP=Configurations.getStringProperty("ipv6_ip_regexp", "*"); /** * 用户自定义域,限速 */ diff --git a/src/main/java/com/nis/web/controller/BaseController.java b/src/main/java/com/nis/web/controller/BaseController.java index 1e5b4bda3..b2cb60b05 100644 --- a/src/main/java/com/nis/web/controller/BaseController.java +++ b/src/main/java/com/nis/web/controller/BaseController.java @@ -7,6 +7,8 @@ import java.util.HashMap; import java.util.List; import java.util.Map; import java.util.Properties; +import java.util.regex.Matcher; +import java.util.regex.Pattern; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; @@ -14,6 +16,7 @@ import javax.servlet.http.HttpServletResponse; import org.apache.commons.lang3.StringEscapeUtils; import org.apache.commons.lang3.StringUtils; import org.apache.log4j.Logger; +import org.jets3t.service.ServiceException; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.beans.factory.annotation.Value; import org.springframework.context.i18n.LocaleContextHolder; @@ -25,6 +28,7 @@ import org.springframework.web.servlet.mvc.support.RedirectAttributes; import com.beust.jcommander.internal.Lists; import com.nis.domain.FunctionRegionDict; import com.nis.domain.FunctionServiceDict; +import com.nis.domain.SysDataDictionaryItem; import com.nis.domain.basics.ServiceDictInfo; import com.nis.domain.basics.SysDictInfo; import com.nis.domain.configuration.AreaBean; @@ -36,6 +40,7 @@ import com.nis.domain.configuration.IpCfgTemplate; import com.nis.domain.configuration.RequestInfo; import com.nis.domain.configuration.StringCfgTemplate; import com.nis.domain.log.BaseLogEntity; +import com.nis.exceptions.MaatConvertException; import com.nis.util.Configurations; //import com.nis.main.ConvertTool; import com.nis.util.Constants; @@ -533,4 +538,248 @@ public class BaseController { params.put("searchCfgId", entry.getCfgId()); } } + public void checkIpCfg(List list) throws ServiceException{ + Properties prop=this.getMsgProp(); + List ipTypeList = DictUtils.getDictList("IP_TYPE"); + List ipPatternList = DictUtils.getDictList("IP_PATTERN"); + List portPatternList = DictUtils.getDictList("PORT_PATTERN"); + List directionList = DictUtils.getDictList("DIRECTION"); + StringBuffer msg=new StringBuffer(); + int line=1; + for(IpCfgTemplate value:list){ + String lineStart=String.format(prop.getProperty("line"), line)+":"; + StringBuffer errInfo=new StringBuffer(); + // ip_type check start + Integer ipType=value.getIpType(); + String ipTypeString=null; + if(ipType==null){ + errInfo.append(String.format(prop.getProperty("can_not_null"), prop.getProperty("ip_type"))+";"); + }else{ + boolean has=false; + for(SysDataDictionaryItem ipTypeItem:ipTypeList){ + if(ipType==Integer.parseInt(ipTypeItem.getItemCode())){ + ipTypeString=ipTypeItem.getItemValue(); + has=true; + break; + } + } + if(!has){ + errInfo.append(String.format(prop.getProperty("is_incorrect"), prop.getProperty("ip_type"))+";"); + } + } + // ip_type check end + // ip_pattern check start + Integer ipPattern=value.getIpPattern(); + String ipPatternString=null; + if(ipPattern==null){ + errInfo.append(String.format(prop.getProperty("can_not_null"), prop.getProperty("ip_pattern"))+";"); + }else{ + boolean has=false; + for(SysDataDictionaryItem ipPatternItem:ipPatternList){ + if(ipPattern==Integer.parseInt(ipPatternItem.getItemCode())){ + ipPatternString=ipPatternItem.getItemValue(); + has=true; + break; + } + } + if(!has){ + errInfo.append(String.format(prop.getProperty("is_incorrect"), prop.getProperty("ip_pattern"))+";"); + } + } + // ip_pattern check end + //client_ip check start + String srcIp=value.getSrcIpAddress(); + String _msg=checkIP(prop,prop.getProperty("client_ip"),srcIp,ipTypeString,ipPatternString); + if(StringUtils.isNotBlank(_msg)){ + errInfo.append(_msg); + } + //client_ip check end + //server_ip check start + String destIp=value.getDestIpAddress(); + if(srcIp.equals(destIp)){ + String info=String.format(prop.getProperty("are_the_same"),prop.getProperty("client_ip"),prop.getProperty("server_ip")); + errInfo.append(info+";"); + } + _msg=checkIP(prop,prop.getProperty("server_ip"),destIp,ipTypeString,ipPatternString); + if(StringUtils.isNotBlank(_msg)){ + errInfo.append(_msg); + } + //server_ip check end + //port_pattern check start + Integer portPattern=value.getPortPattern(); + String portPatternString=null; + if(portPattern==null){ + errInfo.append(String.format(prop.getProperty("can_not_null"), prop.getProperty("port_pattern"))+";"); + }else{ + boolean has=false; + for(SysDataDictionaryItem portPatternItem:portPatternList){ + if(portPattern==Integer.parseInt(portPatternItem.getItemCode())){ + portPatternString=portPatternItem.getItemValue(); + has=true; + break; + } + } + if(!has){ + errInfo.append(String.format(prop.getProperty("is_incorrect"), prop.getProperty("port_pattern"))+";"); + } + } + //port_pattern check end + //src_port check start + String srcPort=value.getSrcPort(); + _msg=checkPort(prop,prop.getProperty("client_port"), srcPort, portPatternString); + if(StringUtils.isNotBlank(_msg)){ + errInfo.append(_msg); + } + //src_port check end + //dest_port check start + String destPort=value.getDestPort(); + _msg=checkPort(prop,prop.getProperty("server_port"), destPort, portPatternString); + if(StringUtils.isNotBlank(_msg)){ + errInfo.append(_msg); + } + //dest_port check end + //direction check start + Integer direction=value.getDirection(); + if(direction==null){ + errInfo.append(String.format(prop.getProperty("can_not_null"), prop.getProperty("direction"))+";"); + }else{ + boolean has=false; + for(SysDataDictionaryItem directionItem:directionList){ + if(Integer.parseInt(directionItem.getItemCode())==direction.intValue()){ + has=true; + break; + } + } + if(!has){ + errInfo.append(String.format(prop.getProperty("is_incorrect"), prop.getProperty("direction"))+";"); + } + } + //direction check end + //protocol check start + Integer protocol= value.getProtocol(); + if(protocol==null){ + errInfo.append(String.format(prop.getProperty("can_not_null"), prop.getProperty("direction"))+";"); + } + //direction check end + if(StringUtils.isNotBlank(errInfo.toString())){ + msg.append(lineStart).append(errInfo); + if(line"); + } + } + line++; + } + if(StringUtils.isNotBlank(msg.toString())){ + throw new MaatConvertException(prop.getProperty("save_failed")+"
"+msg.toString()); + } + } + /** + * + * checkIP(IP格式验证) + * (这里描述这个方法适用条件 – 可选) + * @param ipName + * @param ip + * @param ipType + * @param ipPattern + * @return + *String + * @exception + * @since 1.0.0 + */ + public static String checkIP(Properties prop,String ipName,String ip,String ipType,String ipPattern){ + StringBuffer msg=new StringBuffer(); + if(StringUtils.isBlank(ip)){ + msg.append(String.format(prop.getProperty("can_not_null"), ipName)+";"); + }else{ + if("ipv4".equals(ipType)){ + if("ip_subnet".equals(ipPattern)){ + Pattern pattern=Pattern.compile(Constants.IPV4_IP_SUBNET_REGEXP); + Matcher matcher=pattern.matcher(ip); + if(!matcher.matches()){//完全匹配 + msg.append(String.format(prop.getProperty("is_in_wrong_format"), ipName)+";"); + } + }else if("ip_range".equals(ipPattern)){ + Pattern pattern=Pattern.compile(Constants.IPV4_IP_RANGE_REGEXP); + Matcher matcher=pattern.matcher(ip); + if(!matcher.matches()){//完全匹配 + msg.append(String.format(prop.getProperty("is_in_wrong_format"), ipName)+";"); + } + }else if("ip".equals(ipPattern)){ + Pattern pattern=Pattern.compile(Constants.IPV4_IP_REGEXP); + Matcher matcher=pattern.matcher(ip); + if(!matcher.matches()){//完全匹配 + msg.append(String.format(prop.getProperty("is_in_wrong_format"), ipName)+";"); + } + } + }else if("ipv6".equals(ipType)){ + if("ip_subnet".equals(ipPattern)){ + Pattern pattern=Pattern.compile(Constants.IPV6_IP_SUBNET_REGEXP); + Matcher matcher=pattern.matcher(ip); + if(!matcher.matches()){//完全匹配 + msg.append(String.format(prop.getProperty("is_in_wrong_format"), ipName)+";"); + } + }else if("ip_range".equals(ipPattern)){ + Pattern pattern=Pattern.compile(Constants.IPV6_IP_RANGE_REGEXP); + Matcher matcher=pattern.matcher(ip); + if(!matcher.matches()){//完全匹配 + msg.append(String.format(prop.getProperty("is_in_wrong_format"), ipName)+";"); + } + }else if("ip".equals(ipPattern)){ + Pattern pattern=Pattern.compile(Constants.IPV6_IP_REGEXP); + Matcher matcher=pattern.matcher(ip); + if(!matcher.matches()){//完全匹配 + msg.append(String.format(prop.getProperty("is_in_wrong_format"), ipName)+";"); + } + } + } + } + return msg.toString(); + } + public static String checkPort(Properties prop,String portName,String port,String portPattern){ + StringBuffer msg=new StringBuffer(); + if(StringUtils.isBlank(port)){ + msg.append(String.format(prop.getProperty("can_not_null"), portName)+";"); + }else{ + if("port".equals(portPattern)){ + try{ + Integer portInt=Integer.parseInt(port); + if(portInt<0||portInt>65535){ + msg.append(portName+" "+String.format(prop.getProperty("must_between"), "0","65535")+";"); + } + }catch (Exception e) { + // TODO: handle exception + msg.append(String.format(prop.getProperty("not_number"), portName)+";"); + } + }else if("port_mask".equals(portPattern)){ + if(port.indexOf("/")==-1){ + msg.append(String.format(prop.getProperty("is_in_wrong_format"), portName)+";"); + }else{ + int index=0; + String[] portArray=port.split("/"); + for(String portPart:portArray){ + try{ + Integer portInt=Integer.parseInt(portPart); + if(portInt<0||portInt>65535){ + if(index==0){ + + msg.append(String.format(prop.getProperty("must_between"), portName+" port")+";"); + }else{ + msg.append(String.format(prop.getProperty("must_between"), portName+" mask")+";"); + } + } + }catch (Exception e) { + // TODO: handle exception + if(index==0){ + msg.append(String.format(prop.getProperty("not_number"), portName+" port")+";"); + }else{ + msg.append(String.format(prop.getProperty("not_number"), portName+" mask")+";"); + } + } + index++; + } + } + } + } + return msg.toString(); + } } diff --git a/src/main/java/com/nis/web/controller/configuration/CommonController.java b/src/main/java/com/nis/web/controller/configuration/CommonController.java index b876b3f90..9057a9ec4 100644 --- a/src/main/java/com/nis/web/controller/configuration/CommonController.java +++ b/src/main/java/com/nis/web/controller/configuration/CommonController.java @@ -11,11 +11,15 @@ package com.nis.web.controller.configuration; import java.util.ArrayList; import java.util.Date; import java.util.List; +import java.util.Properties; +import java.util.regex.Matcher; +import java.util.regex.Pattern; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import org.apache.commons.lang3.StringUtils; +import org.jets3t.service.ServiceException; import org.springframework.beans.BeanUtils; import org.springframework.ui.Model; import org.springframework.web.bind.annotation.RequestMapping; @@ -23,12 +27,14 @@ import org.springframework.web.multipart.MultipartFile; import org.springframework.web.servlet.mvc.support.RedirectAttributes; import com.nis.domain.Page; +import com.nis.domain.SysDataDictionaryItem; import com.nis.domain.configuration.BaseIpCfg; import com.nis.domain.configuration.HttpUrlCfg; import com.nis.domain.configuration.IpCfgTemplate; import com.nis.domain.configuration.IpPortCfg; import com.nis.exceptions.MaatConvertException; import com.nis.util.Constants; +import com.nis.util.DictUtils; import com.nis.util.excel.ImportExcel; import com.nis.web.controller.BaseController; import com.nis.web.dao.configuration.IpCfgDao; @@ -175,7 +181,7 @@ public class CommonController extends BaseController { addMessage(redirectAttributes,"audit_success"); }catch(MaatConvertException e){ logger.error("审核失败", e); - addMessage(redirectAttributes, e.getPrefix()+e.getResult().getReason()); + addMessage(redirectAttributes, e.getMessage()); }catch(Exception e){ logger.error("审核失败", e); addMessage(redirectAttributes, "audit_failed"); @@ -201,7 +207,7 @@ public class CommonController extends BaseController { addMessage(redirectAttributes,"audit_success"); }catch(MaatConvertException e){ logger.error("审核失败", e); - addMessage(redirectAttributes, e.getPrefix()+e.getResult().getReason()); + addMessage(redirectAttributes, e.getMessage()); }catch(Exception e){ logger.error("审核失败", e); addMessage(redirectAttributes, "audit_failed"); @@ -211,6 +217,7 @@ public class CommonController extends BaseController { try { ImportExcel ei = new ImportExcel(file, 0, 0); List list = ei.getDataList(IpCfgTemplate.class); + this.checkIpCfg(list); List ipList = new ArrayList<>(); Date date=new Date(); for(IpCfgTemplate cfg : list){ diff --git a/src/main/java/com/nis/web/service/configuration/IpCfgService.java b/src/main/java/com/nis/web/service/configuration/IpCfgService.java index 99db593a7..de5b6a5a9 100644 --- a/src/main/java/com/nis/web/service/configuration/IpCfgService.java +++ b/src/main/java/com/nis/web/service/configuration/IpCfgService.java @@ -4,16 +4,22 @@ import java.util.ArrayList; import java.util.Date; import java.util.List; import java.util.Map; +import java.util.Properties; +import java.util.regex.Matcher; +import java.util.regex.Pattern; import org.apache.commons.lang3.StringUtils; +import org.jets3t.service.ServiceException; import org.springframework.beans.BeanUtils; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Service; import org.springframework.transaction.annotation.Transactional; +import com.nis.domain.SysDataDictionaryItem; import com.nis.domain.callback.InlineIp; import com.nis.domain.configuration.AreaIpCfg; import com.nis.domain.configuration.BaseIpCfg; +import com.nis.domain.configuration.IpCfgTemplate; import com.nis.domain.configuration.IpPortCfg; import com.nis.domain.maat.MaatCfg; import com.nis.domain.maat.MaatCfg.DigestCfg; @@ -26,6 +32,7 @@ import com.nis.domain.maat.ToMaatResult; import com.nis.exceptions.MaatConvertException; import com.nis.util.ConfigServiceUtil; import com.nis.util.Constants; +import com.nis.util.DictUtils; import com.nis.util.StringUtil; import com.nis.web.dao.configuration.AreaIpCfgDao; import com.nis.web.dao.configuration.IpCfgDao; diff --git a/src/main/resources/messages/message_en.properties b/src/main/resources/messages/message_en.properties index 77fe3384d..9e1d05f69 100644 --- a/src/main/resources/messages/message_en.properties +++ b/src/main/resources/messages/message_en.properties @@ -706,4 +706,13 @@ ttl_unit=unit/s res_group_num=response number policy_number_value_valid=\u7B56\u7565\u53F7\u503C\u53EA\u80FD\u4E3A0\uFF0C\u6216\u5927\u4E8E100 policy_number_value_unique=\u7B56\u7565\u53F7\u5DF2\u5B58\u5728 -#=============about Maintenance========= \ No newline at end of file +#=============about Maintenance========= +#=============some validation=========== +line=line %s +can_not_null=%s must not be null +is_incorrect=%s is incorrect +are_the_same=%s and %s are the same +is_in_wrong_format=% is in wrong format +must_between=must between %s and %s +not_number=%s is not a number +#=============some validation=========== \ No newline at end of file diff --git a/src/main/resources/messages/message_ru.properties b/src/main/resources/messages/message_ru.properties index b38abda84..93e39c587 100644 --- a/src/main/resources/messages/message_ru.properties +++ b/src/main/resources/messages/message_ru.properties @@ -690,4 +690,13 @@ ttl_unit=unit/s res_group_num=response number policy_number_value_valid=\u7B56\u7565\u53F7\u503C\u53EA\u80FD\u4E3A0\uFF0C\u6216\u5927\u4E8E100 policy_number_value_unique=\u7B56\u7565\u53F7\u5DF2\u5B58\u5728 -#=============about Maintenance========= \ No newline at end of file +#=============about Maintenance========= +#=============some validation=========== +line=line %s +can_not_null=%s must not be null +is_incorrect=%s is incorrect +are_the_same=%s and %s are the same +is_in_wrong_format=% is in wrong format +must_between=must between %s and %s +not_number=%s is not a number +#=============some validation=========== \ No newline at end of file diff --git a/src/main/resources/messages/message_zh_CN.properties b/src/main/resources/messages/message_zh_CN.properties index 1cfe38522..bd2bab736 100644 --- a/src/main/resources/messages/message_zh_CN.properties +++ b/src/main/resources/messages/message_zh_CN.properties @@ -567,11 +567,11 @@ request_error=\u8BF7\u6C42\u9519\u8BEF av_voip_ip_title=voip Ip av_voip_account_title=voip\u8D26\u53F7 account=\u8D26\u53F7 -ip_pattern=ip \u683C\u5F0F +ip_pattern=ip\u683C\u5F0F port_pattern=\u7AEF\u53E3\u683C\u5F0F -port_mask=port Mask -ip_range=ip Range -ip_subnet=Subnet +port_mask=\u7AEF\u53E3\u63A9\u7801 +ip_range=ip\u8303\u56F4 +ip_subnet=ip\u63A9\u7801 district=\u5339\u914D\u533A\u57DF keywords=\u5173\u952E\u5B57 http_ip_title=HTTP IP\u914D\u7F6E @@ -743,4 +743,13 @@ ttl_unit=\u5355\u4F4D/\u79D2 res_group_num=\u5E94\u7B54\u6570 policy_number_value_valid=\u7B56\u7565\u53F7\u503C\u53EA\u80FD\u4E3A0\uFF0C\u6216\u5927\u4E8E100 policy_number_value_unique=\u7B56\u7565\u53F7\u5DF2\u5B58\u5728 -#=============about Maintenance========= \ No newline at end of file +#=============about Maintenance========= +#=============some validation=========== +line=\u7B2C%s\u884C +can_not_null=%s\u4E0D\u80FD\u4E3A\u7A7A +is_incorrect=%s\u53D6\u503C\u4E0D\u6B63\u786E +are_the_same=%s\u548C%s\u4E0D\u80FD\u76F8\u7B49 +is_in_wrong_format=%s\u683C\u5F0F\u9519\u8BEF +must_between=\u5FC5\u987B\u4ECB\u4E8E%s\u548C%s\u4E4B\u95F4 +not_number=%s\u5FC5\u987B\u4E3A\u6570\u5B57 +#=============some validation=========== \ No newline at end of file diff --git a/src/main/resources/nis.properties b/src/main/resources/nis.properties index 43c12584d..50190ccc8 100644 --- a/src/main/resources/nis.properties +++ b/src/main/resources/nis.properties @@ -297,4 +297,11 @@ userregion_rate_limit=RATE_LIMIT userregion_ir_strategy=IR_STRATEGY userregion_ir_type=ir_type userregion_domian_id=DOMIAN_ID -userregion_domian_str=DOMIAN_STR \ No newline at end of file +userregion_domian_str=DOMIAN_STR +#IP相关验证正则 +ipv4_ip_subnet_regexp=* +ipv6_ip_subnet_regexp=* +ipv4_ip_range_regexp=* +ipv6_ip_range_regexp=* +ipv4_ip_regexp=* +ipv6_ip_regexp=* \ No newline at end of file diff --git a/src/main/webapp/WEB-INF/include/excel/importIp.jsp b/src/main/webapp/WEB-INF/include/excel/importIp.jsp index 259ec8f52..55f9a5f69 100644 --- a/src/main/webapp/WEB-INF/include/excel/importIp.jsp +++ b/src/main/webapp/WEB-INF/include/excel/importIp.jsp @@ -2,7 +2,7 @@ <%@ include file="/WEB-INF/include/taglib.jsp"%>