From 48cba684fe27741b60ef3169013ef97225ced5f4 Mon Sep 17 00:00:00 2001 From: fengweihao Date: Wed, 16 Oct 2024 16:16:44 +0800 Subject: [PATCH] TSG-22707 Adaptation of DB indicates changes, fixes self-check process testing issues --- common/src/tfe_resource.cpp | 4 +- common/src/tfe_scan.cpp | 2 +- platform/src/ssl_stream.cpp | 2 +- plugin/business/ssl-policy/src/ssl_policy.cpp | 24 +++++----- plugin/business/tcp-policy/src/tcp_policy.cpp | 4 +- plugin/business/tsg-http/src/tsg_http.cpp | 48 +++++++++---------- resource/pangu/doh.json | 26 ++-------- resource/pangu/pangu_http.json | 24 +++++----- resource/pangu/table_info.conf | 46 +++++++++--------- 9 files changed, 82 insertions(+), 98 deletions(-) diff --git a/common/src/tfe_resource.cpp b/common/src/tfe_resource.cpp index 0c51392..881ef1a 100644 --- a/common/src/tfe_resource.cpp +++ b/common/src/tfe_resource.cpp @@ -247,12 +247,12 @@ void app_dict_table_new_cb(const char *table_name, const char* key, const char* app_dict->app_id = item->valueint; } - item = cJSON_GetObjectItem(app_id_dict_json, "uuid"); + item = cJSON_GetObjectItem(app_id_dict_json, "object_uuid"); if(item && item->type==cJSON_String) { uuid_parse(item->valuestring, app_dict->object_uuid); } - + cJSON_Delete(app_id_dict_json); app_dict->ref_cnt=1; pthread_mutex_init(&(app_dict->lock), NULL); diff --git a/common/src/tfe_scan.cpp b/common/src/tfe_scan.cpp index b2d7f13..158b41d 100644 --- a/common/src/tfe_scan.cpp +++ b/common/src/tfe_scan.cpp @@ -458,7 +458,7 @@ int tfe_scan_port(const struct tfe_stream *stream, uuid_t *result, struct maat_s return hit_cnt_port; } -#define PROTOCOL_TCP_UUID_ID "6" +#define PROTOCOL_TCP_UUID_ID "00000000-0000-0000-0000-000000000006" int tfe_scan_ipv4_addr(const struct tfe_stream *stream, uuid_t *result, struct maat_state *scan_mid, int hit_cnt, struct ipaddr sapp_addr) { int scan_ret = 0; diff --git a/platform/src/ssl_stream.cpp b/platform/src/ssl_stream.cpp index 720d161..bd3d8f8 100644 --- a/platform/src/ssl_stream.cpp +++ b/platform/src/ssl_stream.cpp @@ -2225,7 +2225,7 @@ void ssl_stream_get_untrusted_keyring_profile_id(struct ssl_stream *upstream, uu uuid_clear(*profile_id); uint16_t out_size; struct tfe_cmsg *cmsg = tfe_stream_get0_cmsg(upstream->tcp_stream); - int ret = tfe_cmsg_get_value(cmsg, TFE_CMSG_KEYRING_FOR_UNTRUSTED, (unsigned char *)profile_id, sizeof(profile_id), &out_size); + int ret = tfe_cmsg_get_value(cmsg, TFE_CMSG_KEYRING_FOR_UNTRUSTED, (unsigned char *)profile_id, sizeof(uuid_t), &out_size); assert(ret == 0); assert(out_size == sizeof(uuid_t)); (void)ret; diff --git a/plugin/business/ssl-policy/src/ssl_policy.cpp b/plugin/business/ssl-policy/src/ssl_policy.cpp index 1d77389..51d1e4c 100644 --- a/plugin/business/ssl-policy/src/ssl_policy.cpp +++ b/plugin/business/ssl-policy/src/ssl_policy.cpp @@ -237,7 +237,7 @@ struct ssl_policy_enforcer *ssl_policy_enforcer_create() struct ssl_policy_enforcer *enforcer = ALLOC(struct ssl_policy_enforcer, 1); enforcer->maat = tfe_get_maat_handle(); ret = maat_plugin_table_ex_schema_register(enforcer->maat, - "PXY_PROFILE_DECRYPTION", + "DECRYPTION_PROFILE", profile_param_new_cb, profile_param_free_cb, profile_param_dup_cb, @@ -272,7 +272,7 @@ enum ssl_stream_action ssl_policy_enforce(struct ssl_stream *upstream, void *u_p uuid_unparse(decrypted_uuid, decrypted_uuid_str); TFE_LOG_DEBUG(g_default_logger, "%s %s enforce policy %s", addr_string, sni, rule_uuid_str); - struct decryption_param *profile_param = (struct decryption_param *)maat_plugin_table_get_ex_data(enforcer->maat, "PXY_PROFILE_DECRYPTION", (const char *)decrypted_uuid_str, strlen(decrypted_uuid_str)); + struct decryption_param *profile_param = (struct decryption_param *)maat_plugin_table_get_ex_data(enforcer->maat, "DECRYPTION_PROFILE", (const char *)decrypted_uuid_str, strlen(decrypted_uuid_str)); if (profile_param == NULL) { TFE_LOG_INFO(g_default_logger, "Failed to get decryption parameter of profile %s.", decrypted_uuid_str); @@ -283,32 +283,32 @@ enum ssl_stream_action ssl_policy_enforce(struct ssl_stream *upstream, void *u_p if (!profile_param->mirror_client_version) { ret = ssl_stream_set_integer_opt(upstream, SSL_STREAM_OPT_PROTOCOL_MIN_VERSION, profile_param->ssl_min_version); - assert(ret == 0); + assert(ret == 1); ret = ssl_stream_set_integer_opt(upstream, SSL_STREAM_OPT_PROTOCOL_MAX_VERSION, profile_param->ssl_max_version); - assert(ret == 0); + assert(ret == 1); } if (profile_param->allow_http2) { ret = ssl_stream_set_integer_opt(upstream, SSL_STREAM_OPT_ENABLE_ALPN, 1); - assert(ret == 0); + assert(ret == 1); } ret = ssl_stream_set_integer_opt(upstream, SSL_STREAM_OPT_NO_VERIFY_COMMON_NAME, profile_param->no_verify_cn); - assert(ret == 0); + assert(ret == 1); ret = ssl_stream_set_integer_opt(upstream, SSL_STREAM_OPT_NO_VERIFY_ISSUER, profile_param->no_verify_issuer); - assert(ret == 0); + assert(ret == 1); ret = ssl_stream_set_integer_opt(upstream, SSL_STREAM_OPT_NO_VERIFY_SELF_SIGNED, profile_param->no_verify_self_signed); - assert(ret == 0); + assert(ret == 1); ret = ssl_stream_set_integer_opt(upstream, SSL_STREAM_OPT_NO_VERIFY_EXPIRY_DATE, profile_param->no_verify_expry_date); - assert(ret == 0); + assert(ret == 1); if (profile_param->block_fake_cert) { ret = ssl_stream_set_integer_opt(upstream, SSL_STREAM_OPT_BLOCK_FAKE_CERT, 1); - assert(ret == 0); + assert(ret == 1); } ret = ssl_stream_set_uuid_opt(upstream, SSL_STREAM_OPT_KEYRING_FOR_TRUSTED, &trusted_keyring_uuid); - assert(ret == 0); + assert(ret == 1); ret = ssl_stream_set_uuid_opt(upstream, SSL_STREAM_OPT_KEYRING_FOR_UNTRUSTED, &untrusted_keyring_uuid); - assert(ret == 0); + assert(ret == 1); ret = ssl_stream_get_integer_opt(upstream, SSL_STREAM_OPT_PINNING_STATUS, &pinning_staus); assert(ret == 0); ret = ssl_stream_get_integer_opt(upstream, SSL_STREAM_OPT_APP_STATUS, &is_app_not_pinning); diff --git a/plugin/business/tcp-policy/src/tcp_policy.cpp b/plugin/business/tcp-policy/src/tcp_policy.cpp index eb67bb0..f308b6b 100644 --- a/plugin/business/tcp-policy/src/tcp_policy.cpp +++ b/plugin/business/tcp-policy/src/tcp_policy.cpp @@ -236,7 +236,7 @@ struct tcp_policy_enforcer *tcp_policy_enforcer_create(void *logger) struct tcp_policy_enforcer *enforcer = ALLOC(struct tcp_policy_enforcer, 1); enforcer->maat = tfe_get_maat_handle(); enforcer->logger = logger; - snprintf(enforcer->table_name, sizeof(enforcer->table_name), "PXY_PROFILE_TCP_OPTION"); + snprintf(enforcer->table_name, sizeof(enforcer->table_name), "PROXY_TCP_OPTION"); ret = maat_plugin_table_ex_schema_register(enforcer->maat, enforcer->table_name, profile_param_new_cb, @@ -245,7 +245,7 @@ struct tcp_policy_enforcer *tcp_policy_enforcer_create(void *logger) 0, enforcer); if (ret < 0) { - TFE_LOG_ERROR(enforcer->logger, "failed at register callback of PXY_PROFILE_TCP_OPTION, ret = %d", ret); + TFE_LOG_ERROR(enforcer->logger, "failed at register callback of PROXY_TCP_OPTION, ret = %d", ret); goto error_out; } return enforcer; diff --git a/plugin/business/tsg-http/src/tsg_http.cpp b/plugin/business/tsg-http/src/tsg_http.cpp index 4a177b6..989889c 100644 --- a/plugin/business/tsg-http/src/tsg_http.cpp +++ b/plugin/business/tsg-http/src/tsg_http.cpp @@ -245,7 +245,7 @@ void trusted_CA_update_cert_cb(const char *table_name, const char *table_line, e cJSON* trust_ca_cert = cJSON_Parse(table_line); if(trust_ca_cert == NULL) { - TFE_LOG_ERROR(g_proxy_rt->local_logger, "PXY_PROFILE_TRUSTED_CA_CERT parse table_line failed. table_line:%s", table_line); + TFE_LOG_ERROR(g_proxy_rt->local_logger, "TRUSTED_CERTIFICATE_AUTHORITY parse table_line failed. table_line:%s", table_line); return; } @@ -837,7 +837,7 @@ void ma_profile_table_new_cb(const char *table_name, const char* key, const char cJSON* response_pages = cJSON_Parse(table_line); if(response_pages == NULL) { - TFE_LOG_ERROR(g_proxy_rt->local_logger, "TSG_PROFILE_RESPONSE_PAGES parse table_line failed. table_line:%s", table_line); + TFE_LOG_ERROR(g_proxy_rt->local_logger, "RESPONSE_PAGE parse table_line failed. table_line:%s", table_line); return; } @@ -892,7 +892,7 @@ void ma_insert_profile_table_new_cb(const char *table_name, const char* key, con cJSON* insert_script = cJSON_Parse(table_line); if(insert_script == NULL) { - TFE_LOG_ERROR(g_proxy_rt->local_logger, "PXY_PROFILE_INSERT_SCRIPTS parse table_line failed. table_line:%s", table_line); + TFE_LOG_ERROR(g_proxy_rt->local_logger, "PROXY_INJECT_SCRIPT parse table_line failed. table_line:%s", table_line); return; } @@ -952,7 +952,7 @@ void ma_hijack_profile_table_new_cb(const char *table_name, const char* key, con cJSON* hihijack_files = cJSON_Parse(table_line); if(hihijack_files == NULL) { - TFE_LOG_ERROR(g_proxy_rt->local_logger, "PXY_PROFILE_HIJACK_FILES parse table_line failed. table_line:%s", table_line); + TFE_LOG_ERROR(g_proxy_rt->local_logger, "PROXY_HIJACK_FILE parse table_line failed. table_line:%s", table_line); return; } @@ -994,7 +994,7 @@ void ma_lua_profile_table_new_cb(const char *table_name, const char* key, const cJSON* run_scripts = cJSON_Parse(table_line); if(run_scripts == NULL) { - TFE_LOG_ERROR(g_proxy_rt->local_logger, "PXY_PROFILE_RUN_SCRIPTS parse table_line failed. table_line:%s", table_line); + TFE_LOG_ERROR(g_proxy_rt->local_logger, "HTTP_MANIPULATION_SCRIPT parse table_line failed. table_line:%s", table_line); return; } @@ -1108,10 +1108,10 @@ void ma_profile_table_dup_cb(const char *table_name, void **to, void **from, lon const char* table_name_idx2str(int profile_idx) { - const char *table_name_map[] = {"TSG_PROFILE_RESPONSE_PAGES", - "PXY_PROFILE_INSERT_SCRIPTS", - "PXY_PROFILE_HIJACK_FILES", - "PXY_PROFILE_RUN_SCRIPTS"}; + const char *table_name_map[] = {"RESPONSE_PAGE", + "PROXY_INJECT_SCRIPT", + "PROXY_HIJACK_FILE", + "HTTP_MANIPULATION_SCRIPT"}; return table_name_map[profile_idx]; } @@ -1159,7 +1159,7 @@ int proxy_policy_init(const char* profile_path, const char* static_section, cons goto error_out; } - ret = maat_table_callback_register(g_proxy_rt->feather, "PXY_PROFILE_TRUSTED_CA_CERT", + ret = maat_table_callback_register(g_proxy_rt->feather, "TRUSTED_CERTIFICATE_AUTHORITY", trusted_CA_update_start_cb, trusted_CA_update_cert_cb, trusted_CA_update_finish_cb, @@ -1781,7 +1781,13 @@ static int html_generate(char *profile_uuid, const char* msg, char ** page_buff, { int ret = 0; - struct manipulate_profile* block_profile=get_profile_by_id("TSG_PROFILE_RESPONSE_PAGES", profile_uuid); + if(profile_uuid==NULL) + { + ret=-1; + return ret; + } + + struct manipulate_profile* block_profile=get_profile_by_id("RESPONSE_PAGE", profile_uuid); if(block_profile==NULL) { ret=-1; @@ -1832,7 +1838,7 @@ int http_lua_profile(char *profile_uuid_str, struct elua_script ***elua_ctx, cha { int ret = 0; - struct manipulate_profile* lua_profile=get_profile_by_id("PXY_PROFILE_RUN_SCRIPTS", profile_uuid_str); + struct manipulate_profile* lua_profile=get_profile_by_id("HTTP_MANIPULATION_SCRIPT", profile_uuid_str); if(lua_profile==NULL) { ret=-1; @@ -2323,12 +2329,6 @@ static void http_block(const struct tfe_stream * stream, const struct tfe_http_s int resp_code = param->status_code; char *message = param->message; - if (param->profile_uuid_str< 0){ - TFE_LOG_ERROR(g_proxy_rt->local_logger, "Invalid block rule %s", ctx->enforce_rules[0].config_uuid_string); - ctx->action = PX_ACTION_NONE; - return; - } - struct tfe_http_session * to_write_sess = NULL; if (events & EV_HTTP_RESP_HDR || tfe_http_in_hdr(events)) { @@ -2399,7 +2399,7 @@ static void http_hijack(const struct tfe_http_session * session, enum tfe_http_e if(events & EV_HTTP_RESP_HDR) { - struct manipulate_profile* hijack_profile=get_profile_by_id("PXY_PROFILE_HIJACK_FILES", param->profile_uuid_str); + struct manipulate_profile* hijack_profile=get_profile_by_id("PROXY_HIJACK_FILE", param->profile_uuid_str); if (NULL == hijack_profile) { TFE_LOG_ERROR(g_proxy_rt->local_logger, "get table obj faild, profile_id = %s", param->profile_uuid_str); @@ -2469,7 +2469,7 @@ static int format_insert_rule(char *profile_uuid, struct insert_rule *rule) { int ret = 0; - struct manipulate_profile* insert_profile=get_profile_by_id("PXY_PROFILE_INSERT_SCRIPTS", profile_uuid); + struct manipulate_profile* insert_profile=get_profile_by_id("PROXY_INJECT_SCRIPT", profile_uuid); if(insert_profile==NULL) { ret=-1; @@ -2882,14 +2882,14 @@ enum proxy_action http_scan(const struct tfe_http_session * session, enum tfe_ht break; } - scan_ret = maat_scan_string(g_proxy_rt->feather, "TSG_OBJ_KEYWORDS", attribute_name, field_val, strlen(field_val), + scan_ret = maat_scan_string(g_proxy_rt->feather, "TSG_OBJ_KEYWORD", attribute_name, field_val, strlen(field_val), result + hit_cnt, MAX_SCAN_RESULT - hit_cnt, &n_hit_result, ctx->scan_mid); if (scan_ret == MAAT_SCAN_HIT) { hit_cnt += n_hit_result; } } - scan_ret = maat_scan_not_logic(g_proxy_rt->feather, "TSG_OBJ_KEYWORDS", attribute_name, result + hit_cnt, MAX_SCAN_RESULT - hit_cnt, + scan_ret = maat_scan_not_logic(g_proxy_rt->feather, "TSG_OBJ_KEYWORD", attribute_name, result + hit_cnt, MAX_SCAN_RESULT - hit_cnt, &n_hit_result, ctx->scan_mid); if (scan_ret == MAAT_SCAN_HIT) { @@ -2901,7 +2901,7 @@ enum proxy_action http_scan(const struct tfe_http_session * session, enum tfe_ht { assert(ctx->sp == NULL); attribute_name = events & EV_HTTP_REQ_BODY_BEGIN ? "ATTR_HTTP_REQ_BODY" : "ATTR_HTTP_RES_BODY"; - ctx->sp = maat_stream_new(g_proxy_rt->feather, "TSG_OBJ_KEYWORDS", attribute_name, ctx->scan_mid); + ctx->sp = maat_stream_new(g_proxy_rt->feather, "TSG_OBJ_KEYWORD", attribute_name, ctx->scan_mid); } const unsigned char *scan_body_frag=NULL; size_t scan_len=0; @@ -2925,7 +2925,7 @@ enum proxy_action http_scan(const struct tfe_http_session * session, enum tfe_ht if ((events & EV_HTTP_REQ_BODY_END) | (events & EV_HTTP_RESP_BODY_END)) { attribute_name = events & EV_HTTP_REQ_BODY_END ? "ATTR_HTTP_REQ_BODY" : "ATTR_HTTP_RES_BODY"; - scan_ret = maat_scan_not_logic(g_proxy_rt->feather, "TSG_OBJ_KEYWORDS", "attribute_name", result + hit_cnt, MAX_SCAN_RESULT - hit_cnt, + scan_ret = maat_scan_not_logic(g_proxy_rt->feather, "TSG_OBJ_KEYWORD", "attribute_name", result + hit_cnt, MAX_SCAN_RESULT - hit_cnt, &n_hit_result, ctx->scan_mid); if (scan_ret == MAAT_SCAN_HIT) { diff --git a/resource/pangu/doh.json b/resource/pangu/doh.json index 895b6ff..864c58d 100644 --- a/resource/pangu/doh.json +++ b/resource/pangu/doh.json @@ -10,7 +10,7 @@ "log_option": "all", "action_parameter":{"protocol":"DoH","method":"redirect","resolution":[{"qtype":"A","answer":[{"atype":"CNAME","value":"www.abc.com","ttl":{"min":60,"max":300}},{"atype":"A","value":"1.1.1.1","ttl":{"min":60,"max":300}}]},{"qtype":"AAAA","answer":[{"atype":"AAAA","value":"aaaa:ffff:00","ttl":{"min":60,"max":300}},{"atype":"CNAME","value":"abc.com.cn","ttl":{"min":60,"max":300}}]}]}, "is_valid": "yes", - "conditions": [ + "and_conditions": [ { "attribute_name": "ATTR_DOH_QNAME", "objects": [ @@ -38,7 +38,7 @@ "log_option": "all", "action_parameter":{"protocol":"DoH","method":"redirect","resolution":[{"qtype":"A","answer":[{"atype":"CNAME","value":"www.a.shifen.com","ttl":{"min":10,"max":10}},{"atype":"A","value":"182.61.200.6","ttl":{"min":20,"max":30}},{"atype":"A","value":"182.61.200.7","ttl":{"min":60,"max":61}}]},{"qtype":"AAAA","answer":[{"atype":"CNAME","value":"www.taobao.com.danuoyi.tbcache.com","ttl":{"min":100,"max":100}},{"atype":"AAAA","value":"2408:871a:2800:4:3::3fa","ttl":{"min":200,"max":300}},{"atype":"AAAA","value":"2408:871a:2800:2:3::3fa","ttl":{"min":600,"max":310}}]}]}, "is_valid": "yes", - "conditions": [ + "and_conditions": [ { "attribute_name": "ATTR_DOH_QNAME", "objects": [ @@ -65,27 +65,9 @@ "table_content": [ {"uuid":"TRAFFIC0-MIRR-0000-0000-000000000001","vlan_ids":[1,2,3,4,5,6,7,8,9],"is_valid":1} ] - }, - { - "table_name": "TSG_PROFILE_RESPONSE_PAGES", - "table_content": [ - {"uuid":"RESPONSE-PAGES-0000-0000-000000000001","profile_name":"404","format":"html","path":"./resource/pangu/policy_file/404.html","is_valid":1,"modified_time":"1716531859000000"} - ] - }, - { - "table_name": "PXY_PROFILE_HIJACK_FILES", - "table_content": [ - {"uuid":"HIJACK-FILES-0000-0000-000000000001","profile_name":"chakanqi","content_name":"chakanqi-947KB.exe","content_type":"application/x-msdos-program","path":"./resource/pangu/policy_file/chakanqi-947KB.exe","is_valid":1,"modified_time":"1716531859000000"} - ] - }, - { - "table_name": "PXY_PROFILE_INSERT_SCRIPTS", - "table_content": [ - {"uuid":"INSERT-SCRIPTS-0000-0000-000000000001","profile_name":"time","format":"js","insert_on":"before_page_load","path":"./resource/pangu/policy_file/time.js","is_valid":1,"modified_time":"1716531859000000"} - ] }, { - "table_name": "PXY_PROFILE_DECRYPTION", + "table_name": " DECRYPTION_PROFILE", "table_content": [ {"uuid":"DECRYPT0-0000-0000-0000-000000000001","decryption":{"dynamic_bypass":{"ev_cert":0,"cert_transparency":0,"mutual_authentication":1,"cert_pinning":1,"protocol_errors":1,"trusted_root_cert_is_not_installed_on_client":1},"protocol_version":{"min":"ssl3","max":"ssl3","mirror_client":1,"allow_http2":1},"certificate_checks":{"approach":{"cn":1,"issuer":1,"self-signed":1,"expiration":0},"fail_action":"pass-through"}},"is_valid":1}, {"uuid":"DECRYPT0-0000-0000-0000-000000000003","decryption":{"dynamic_bypass":{"ev_cert":1,"cert_transparency":1,"mutual_authentication":1,"cert_pinning":1,"protocol_errors":1,"trusted_root_cert_is_not_installed_on_client":0},"protocol_version":{"min":"ssl3","max":"tls13","mirror_client":1,"allow_http2":1},"certificate_checks":{"approach":{"cn":1,"issuer":1,"self-signed":1,"expiration":1},"fail_action":"fail-close"}},"is_valid":1}, @@ -107,7 +89,7 @@ ] }, { - "table_name": "PXY_PROFILE_TCP_OPTION", + "table_name": "PROXY_TCP_OPTION", "table_content": [ {"uuid":"TCPOPT00-0000-0000-0000-000000000001","tcp_passthrough":0,"bypass_duplicated_packet":0,"client_side_conn_param":{"tcp_maxseg":{"enable":0,"maxseg":1500},"nodelay":1,"keep_alive":{"enable":1,"tcp_keepcnt":8,"tcp_keepidle":30,"tcp_keepintvl":15},"ttl":70,"user_timeout":{"enable":1,"timeout_ms":600}},"server_side_conn_param":{"tcp_maxseg":{"enable":0,"maxseg":1500},"nodelay":1,"keep_alive":{"enable":1,"tcp_keepcnt":8,"tcp_keepidle":30,"tcp_keepintvl":15},"ttl":70,"user_timeout":{"enable":1,"timeout_ms":600}},"is_valid":1} ] diff --git a/resource/pangu/pangu_http.json b/resource/pangu/pangu_http.json index c1d4820..b62d573 100644 --- a/resource/pangu/pangu_http.json +++ b/resource/pangu/pangu_http.json @@ -10,7 +10,7 @@ "log_option": "all", "action_parameter": {"protocol":"http","method":"redirect","code":302,"to":"https://www.jd.com"}, "is_valid": "yes", - "conditions": [ + "and_conditions": [ { "attribute_name": "ATTR_HTTP_URL", "objects": [ @@ -43,9 +43,9 @@ "action": "manipulate", "blacklist_option": 1, "log_option": "all", - "action_parameter": {"protocol":"http","method":"replace","rules":[{"search_in":"http_resp_body","find":"����","replace_with":"test"}]}, + "action_parameter": {"protocol":"http","method":"replace","rules":[{"search_in":"http_resp_body","find":"邮箱","replace_with":"test"}]}, "is_valid": "yes", - "conditions": [ + "and_conditions": [ { "attribute_name": "ATTR_SERVER_FQDN", "objects": [ @@ -73,7 +73,7 @@ "log_option": "all", "action_parameter": {"protocol":"http","method":"block","code":403,"message":"error"}, "is_valid": "yes", - "conditions": [ + "and_conditions": [ { "attribute_name": "ATTR_HTTP_REQ_HDR", "objects": [ @@ -118,7 +118,7 @@ "log_option": "all", "action_parameter": {"protocol":"http","method":"block","code":403,"message":"error"}, "is_valid": "yes", - "conditions": [ + "and_conditions": [ { "attribute_name": "ATTR_HTTP_URL", "objects": [ @@ -147,25 +147,25 @@ ] }, { - "table_name": "TSG_PROFILE_RESPONSE_PAGES", + "table_name": "RESPONSE_PAGE", "table_content": [ {"uuid":"00000101-0000-0000-0000-000000000000","profile_name":"404","format":"html","path":"./resource/pangu/policy_file/404.html","is_valid":1,"modified_time":"1716531859000000"} ] }, { - "table_name": "PXY_PROFILE_HIJACK_FILES", + "table_name": "PROXY_HIJACK_FILE", "table_content": [ {"uuid":"00000201-0000-0000-0000-000000000000","profile_name":"chakanqi","content_name":"chakanqi-947KB.exe","content_type":"application/x-msdos-program","path":"./resource/pangu/policy_file/chakanqi-947KB.exe","is_valid":1,"modified_time":"1716531859000000"} ] }, { - "table_name": "PXY_PROFILE_INSERT_SCRIPTS", + "table_name": "PROXY_INJECT_SCRIPT", "table_content": [ {"uuid":"00000301-0000-0000-0000-000000000000","profile_name":"time","format":"js","insert_on":"before_page_load","path":"./resource/pangu/policy_file/time.js","is_valid":1,"modified_time":"1716531859000000"} ] }, { - "table_name": "PXY_PROFILE_DECRYPTION", + "table_name": " DECRYPTION_PROFILE", "table_content": [ {"uuid":"DECRYPT0-0000-0000-0000-000000000001","decryption":{"dynamic_bypass":{"ev_cert":0,"cert_transparency":0,"mutual_authentication":1,"cert_pinning":1,"protocol_errors":1,"trusted_root_cert_is_not_installed_on_client":1},"protocol_version":{"min":"ssl3","max":"ssl3","mirror_client":1,"allow_http2":1},"certificate_checks":{"approach":{"cn":1,"issuer":1,"self-signed":1,"expiration":0},"fail_action":"pass-through"}},"is_valid":1}, {"uuid":"DECRYPT0-0000-0000-0000-000000000003","decryption":{"dynamic_bypass":{"ev_cert":1,"cert_transparency":1,"mutual_authentication":1,"cert_pinning":1,"protocol_errors":1,"trusted_root_cert_is_not_installed_on_client":0},"protocol_version":{"min":"ssl3","max":"tls13","mirror_client":1,"allow_http2":1},"certificate_checks":{"approach":{"cn":1,"issuer":1,"self-signed":1,"expiration":1},"fail_action":"fail-close"}},"is_valid":1}, @@ -187,7 +187,7 @@ ] }, { - "table_name": "PXY_PROFILE_TCP_OPTION", + "table_name": "PROXY_TCP_OPTION", "table_content": [ {"uuid":"TCPOPT00-0000-0000-0000-000000000001","tcp_passthrough":0,"bypass_duplicated_packet":0,"client_side_conn_param":{"tcp_maxseg":{"enable":0,"maxseg":1500},"nodelay":1,"keep_alive":{"enable":1,"tcp_keepcnt":8,"tcp_keepidle":30,"tcp_keepintvl":15},"ttl":70,"user_timeout":{"enable":1,"timeout_ms":600}},"server_side_conn_param":{"tcp_maxseg":{"enable":0,"maxseg":1500},"nodelay":1,"keep_alive":{"enable":1,"tcp_keepcnt":8,"tcp_keepidle":30,"tcp_keepintvl":15},"ttl":70,"user_timeout":{"enable":1,"timeout_ms":600}},"is_valid":1} ] @@ -195,8 +195,8 @@ { "table_name": "APP_ID_DICT", "table_content": [ - {"app_id":67,"object_uuid":"00000201-0000-0000-0000-000000000000","app_name":"http","parent_app_id":0,"parent_app_name":null,"category":"general-internet","subcategory":"internet-utility","content":"unknown","risk":"1","characteristics":null,"deny_action":null,"depends_on_app_ids":"null","implicitly_uses_app_ids":"null","continue_scanning":0,"tcp_timeout":120,"udp_timeout":120,"tcp_half_close":0,"tcp_time_wait":0,"is_valid":1,"modified_time":"1716531859000000"}, - {"app_id":68,"object_uuid":"00068000-0000-0000-0000-000000000000","app_name":"https","parent_app_id":0,"parent_app_name":null,"category":"general-internet","subcategory":"internet-utility","content":"unknown","risk":"1","characteristics":null,"deny_action":null,"depends_on_app_ids":"null","implicitly_uses_app_ids":"null","continue_scanning":0,"tcp_timeout":120,"udp_timeout":120,"tcp_half_close":0,"tcp_time_wait":0,"is_valid":1,"modified_time":"1716531859000000"} + {"app_id":67,"object_uuid":"00000201-0000-0000-0000-000000000000","app_name":"http","is_valid":1}, + {"app_id":68,"object_uuid":"00068000-0000-0000-0000-000000000000","app_name":"https","is_valid":1} ] } ] diff --git a/resource/pangu/table_info.conf b/resource/pangu/table_info.conf index 75697eb..5b74357 100644 --- a/resource/pangu/table_info.conf +++ b/resource/pangu/table_info.conf @@ -28,7 +28,7 @@ }, { "table_id":4, - "table_name":"TSG_OBJ_IP", + "table_name":"TSG_OBJ_IP_ADDR", "table_type":"ip" }, { @@ -43,7 +43,7 @@ }, { "table_id":7, - "table_name":"TSG_OBJ_KEYWORDS", + "table_name":"TSG_OBJ_KEYWORD", "table_type":"expr" }, { @@ -85,11 +85,13 @@ }, { "table_id":14, - "table_name": "PXY_PROFILE_TRUSTED_CA_CERT", + "table_name": "TRUSTED_CERTIFICATE_AUTHORITY", "table_type": "plugin", "custom": { "key_name":"uuid", - "key_type":"pointer" + "key_type":"pointer", + "foreign_names":["cert_file"] + } }, { @@ -103,29 +105,32 @@ }, { "table_id":16, - "table_name":"TSG_PROFILE_RESPONSE_PAGES", + "table_name":"RESPONSE_PAGE", "table_type":"plugin", "custom": { "key_name":"uuid", - "key_type":"pointer" + "key_type":"pointer", + "foreign_names": ["path"] } }, { "table_id":17, - "table_name":"PXY_PROFILE_HIJACK_FILES", + "table_name":"PROXY_HIJACK_FILE", "table_type":"plugin", "custom": { "key_name":"uuid", - "key_type":"pointer" + "key_type":"pointer", + "foreign_names": ["path"] } }, { "table_id":18, - "table_name":"PXY_PROFILE_INSERT_SCRIPTS", + "table_name":"PROXY_INJECT_SCRIPT", "table_type":"plugin", "custom": { "key_name":"uuid", - "key_type":"pointer" + "key_type":"pointer", + "foreign_names": ["path"] } }, { @@ -148,7 +153,7 @@ }, { "table_id":21, - "table_name":"PXY_PROFILE_DECRYPTION", + "table_name":"DECRYPTION_PROFILE", "table_type":"plugin", "custom": { "key_type":"pointer", @@ -157,16 +162,17 @@ }, { "table_id":23, - "table_name":"PXY_PROFILE_RUN_SCRIPTS", + "table_name":"HTTP_MANIPULATION_SCRIPT", "table_type":"plugin", "custom": { "key_type":"pointer", - "key_name":"uuid" + "key_name":"uuid", + "foreign_names": ["path"] } }, { "table_id":24, - "table_name":"PXY_PROFILE_TCP_OPTION", + "table_name":"PROXY_TCP_OPTION", "table_type":"plugin", "custom": { "key_type":"pointer", @@ -187,19 +193,15 @@ "table_name": "APP_ID_DICT", "table_type": "plugin", "custom": { - "key_name":"app_id", "key_type":"integer", - "key_len":8 + "key_len":8, + "key_name":"app_id" } }, { "table_id":27, - "table_name": "TSG_IP_PROTOCOL", - "table_type": "plugin", - "custom": { - "key_name":"uuid", - "key_type":"pointer" - } + "table_name":"TSG_OBJ_IP_PROTOCOL", + "table_type":"expr" }, { "table_id":28,