TSG-22707 Adaptation of DB indicates changes, fixes self-check process testing issues

2024-10-16 16:16:44 +08:00
parent 8e38bbcf48
commit 48cba684fe
9 changed files with 82 additions and 98 deletions
--- a/resource/pangu/doh.json
+++ b/resource/pangu/doh.json
@@ -10,7 +10,7 @@
            "log_option": "all",
            "action_parameter":{"protocol":"DoH","method":"redirect","resolution":[{"qtype":"A","answer":[{"atype":"CNAME","value":"www.abc.com","ttl":{"min":60,"max":300}},{"atype":"A","value":"1.1.1.1","ttl":{"min":60,"max":300}}]},{"qtype":"AAAA","answer":[{"atype":"AAAA","value":"aaaa:ffff:00","ttl":{"min":60,"max":300}},{"atype":"CNAME","value":"abc.com.cn","ttl":{"min":60,"max":300}}]}]},
            "is_valid": "yes",
-            "conditions": [
+            "and_conditions": [
                {
                    "attribute_name": "ATTR_DOH_QNAME",
                    "objects": [
@@ -38,7 +38,7 @@
            "log_option": "all",
            "action_parameter":{"protocol":"DoH","method":"redirect","resolution":[{"qtype":"A","answer":[{"atype":"CNAME","value":"www.a.shifen.com","ttl":{"min":10,"max":10}},{"atype":"A","value":"182.61.200.6","ttl":{"min":20,"max":30}},{"atype":"A","value":"182.61.200.7","ttl":{"min":60,"max":61}}]},{"qtype":"AAAA","answer":[{"atype":"CNAME","value":"www.taobao.com.danuoyi.tbcache.com","ttl":{"min":100,"max":100}},{"atype":"AAAA","value":"2408:871a:2800:4:3::3fa","ttl":{"min":200,"max":300}},{"atype":"AAAA","value":"2408:871a:2800:2:3::3fa","ttl":{"min":600,"max":310}}]}]},
            "is_valid": "yes",
-            "conditions": [
+            "and_conditions": [
                {
                    "attribute_name": "ATTR_DOH_QNAME",
                    "objects": [
@@ -65,27 +65,9 @@
            "table_content": [
                {"uuid":"TRAFFIC0-MIRR-0000-0000-000000000001","vlan_ids":[1,2,3,4,5,6,7,8,9],"is_valid":1}
            ]
-        },
-        {
-            "table_name": "TSG_PROFILE_RESPONSE_PAGES",
-            "table_content": [
-                {"uuid":"RESPONSE-PAGES-0000-0000-000000000001","profile_name":"404","format":"html","path":"./resource/pangu/policy_file/404.html","is_valid":1,"modified_time":"1716531859000000"}
-            ]
-        },
-        {
-            "table_name": "PXY_PROFILE_HIJACK_FILES",
-            "table_content": [
-                {"uuid":"HIJACK-FILES-0000-0000-000000000001","profile_name":"chakanqi","content_name":"chakanqi-947KB.exe","content_type":"application/x-msdos-program","path":"./resource/pangu/policy_file/chakanqi-947KB.exe","is_valid":1,"modified_time":"1716531859000000"}
-            ]
-        },
-		{
-            "table_name": "PXY_PROFILE_INSERT_SCRIPTS",
-            "table_content": [
-                {"uuid":"INSERT-SCRIPTS-0000-0000-000000000001","profile_name":"time","format":"js","insert_on":"before_page_load","path":"./resource/pangu/policy_file/time.js","is_valid":1,"modified_time":"1716531859000000"}
-            ]
        },
 		{		
-            "table_name": "PXY_PROFILE_DECRYPTION",
+            "table_name": " DECRYPTION_PROFILE",
            "table_content": [
                {"uuid":"DECRYPT0-0000-0000-0000-000000000001","decryption":{"dynamic_bypass":{"ev_cert":0,"cert_transparency":0,"mutual_authentication":1,"cert_pinning":1,"protocol_errors":1,"trusted_root_cert_is_not_installed_on_client":1},"protocol_version":{"min":"ssl3","max":"ssl3","mirror_client":1,"allow_http2":1},"certificate_checks":{"approach":{"cn":1,"issuer":1,"self-signed":1,"expiration":0},"fail_action":"pass-through"}},"is_valid":1},
                {"uuid":"DECRYPT0-0000-0000-0000-000000000003","decryption":{"dynamic_bypass":{"ev_cert":1,"cert_transparency":1,"mutual_authentication":1,"cert_pinning":1,"protocol_errors":1,"trusted_root_cert_is_not_installed_on_client":0},"protocol_version":{"min":"ssl3","max":"tls13","mirror_client":1,"allow_http2":1},"certificate_checks":{"approach":{"cn":1,"issuer":1,"self-signed":1,"expiration":1},"fail_action":"fail-close"}},"is_valid":1},
@@ -107,7 +89,7 @@
            ]
        },
        {
-            "table_name": "PXY_PROFILE_TCP_OPTION",
+            "table_name": "PROXY_TCP_OPTION",
            "table_content": [
                {"uuid":"TCPOPT00-0000-0000-0000-000000000001","tcp_passthrough":0,"bypass_duplicated_packet":0,"client_side_conn_param":{"tcp_maxseg":{"enable":0,"maxseg":1500},"nodelay":1,"keep_alive":{"enable":1,"tcp_keepcnt":8,"tcp_keepidle":30,"tcp_keepintvl":15},"ttl":70,"user_timeout":{"enable":1,"timeout_ms":600}},"server_side_conn_param":{"tcp_maxseg":{"enable":0,"maxseg":1500},"nodelay":1,"keep_alive":{"enable":1,"tcp_keepcnt":8,"tcp_keepidle":30,"tcp_keepintvl":15},"ttl":70,"user_timeout":{"enable":1,"timeout_ms":600}},"is_valid":1}
            ]
--- a/resource/pangu/pangu_http.json
+++ b/resource/pangu/pangu_http.json
@@ -10,7 +10,7 @@
            "log_option": "all",
            "action_parameter": {"protocol":"http","method":"redirect","code":302,"to":"https://www.jd.com"},
            "is_valid": "yes",
-            "conditions": [
+            "and_conditions": [
                {
                    "attribute_name": "ATTR_HTTP_URL",
                    "objects": [
@@ -43,9 +43,9 @@
            "action": "manipulate",
            "blacklist_option": 1,
            "log_option": "all",
-            "action_parameter": {"protocol":"http","method":"replace","rules":[{"search_in":"http_resp_body","find":"<EFBFBD><EFBFBD><EFBFBD><EFBFBD>","replace_with":"test"}]},
+            "action_parameter": {"protocol":"http","method":"replace","rules":[{"search_in":"http_resp_body","find":"邮箱","replace_with":"test"}]},
            "is_valid": "yes",
-            "conditions": [
+            "and_conditions": [
                {
                    "attribute_name": "ATTR_SERVER_FQDN",
                    "objects": [
@@ -73,7 +73,7 @@
            "log_option": "all",
            "action_parameter": {"protocol":"http","method":"block","code":403,"message":"error"},
            "is_valid": "yes",
-            "conditions": [
+            "and_conditions": [
                {
                    "attribute_name": "ATTR_HTTP_REQ_HDR",
                    "objects": [
@@ -118,7 +118,7 @@
            "log_option": "all",
            "action_parameter": {"protocol":"http","method":"block","code":403,"message":"error"},
            "is_valid": "yes",
-            "conditions": [
+            "and_conditions": [
                {
                    "attribute_name": "ATTR_HTTP_URL",
                    "objects": [
@@ -147,25 +147,25 @@
            ]
        },
        {
-            "table_name": "TSG_PROFILE_RESPONSE_PAGES",
+            "table_name": "RESPONSE_PAGE",
            "table_content": [
                {"uuid":"00000101-0000-0000-0000-000000000000","profile_name":"404","format":"html","path":"./resource/pangu/policy_file/404.html","is_valid":1,"modified_time":"1716531859000000"}
            ]
        },
        {
-            "table_name": "PXY_PROFILE_HIJACK_FILES",
+            "table_name": "PROXY_HIJACK_FILE",
            "table_content": [
                {"uuid":"00000201-0000-0000-0000-000000000000","profile_name":"chakanqi","content_name":"chakanqi-947KB.exe","content_type":"application/x-msdos-program","path":"./resource/pangu/policy_file/chakanqi-947KB.exe","is_valid":1,"modified_time":"1716531859000000"}
            ]
        },
 		{
-            "table_name": "PXY_PROFILE_INSERT_SCRIPTS",
+            "table_name": "PROXY_INJECT_SCRIPT",
            "table_content": [
                {"uuid":"00000301-0000-0000-0000-000000000000","profile_name":"time","format":"js","insert_on":"before_page_load","path":"./resource/pangu/policy_file/time.js","is_valid":1,"modified_time":"1716531859000000"}
            ]
        },
 		{		
-            "table_name": "PXY_PROFILE_DECRYPTION",
+            "table_name": " DECRYPTION_PROFILE",
            "table_content": [
                {"uuid":"DECRYPT0-0000-0000-0000-000000000001","decryption":{"dynamic_bypass":{"ev_cert":0,"cert_transparency":0,"mutual_authentication":1,"cert_pinning":1,"protocol_errors":1,"trusted_root_cert_is_not_installed_on_client":1},"protocol_version":{"min":"ssl3","max":"ssl3","mirror_client":1,"allow_http2":1},"certificate_checks":{"approach":{"cn":1,"issuer":1,"self-signed":1,"expiration":0},"fail_action":"pass-through"}},"is_valid":1},
                {"uuid":"DECRYPT0-0000-0000-0000-000000000003","decryption":{"dynamic_bypass":{"ev_cert":1,"cert_transparency":1,"mutual_authentication":1,"cert_pinning":1,"protocol_errors":1,"trusted_root_cert_is_not_installed_on_client":0},"protocol_version":{"min":"ssl3","max":"tls13","mirror_client":1,"allow_http2":1},"certificate_checks":{"approach":{"cn":1,"issuer":1,"self-signed":1,"expiration":1},"fail_action":"fail-close"}},"is_valid":1},
@@ -187,7 +187,7 @@
            ]
        },
        {
-            "table_name": "PXY_PROFILE_TCP_OPTION",
+            "table_name": "PROXY_TCP_OPTION",
            "table_content": [
                {"uuid":"TCPOPT00-0000-0000-0000-000000000001","tcp_passthrough":0,"bypass_duplicated_packet":0,"client_side_conn_param":{"tcp_maxseg":{"enable":0,"maxseg":1500},"nodelay":1,"keep_alive":{"enable":1,"tcp_keepcnt":8,"tcp_keepidle":30,"tcp_keepintvl":15},"ttl":70,"user_timeout":{"enable":1,"timeout_ms":600}},"server_side_conn_param":{"tcp_maxseg":{"enable":0,"maxseg":1500},"nodelay":1,"keep_alive":{"enable":1,"tcp_keepcnt":8,"tcp_keepidle":30,"tcp_keepintvl":15},"ttl":70,"user_timeout":{"enable":1,"timeout_ms":600}},"is_valid":1}
            ]
@@ -195,8 +195,8 @@
 		{
            "table_name": "APP_ID_DICT",
            "table_content": [
-	            {"app_id":67,"object_uuid":"00000201-0000-0000-0000-000000000000","app_name":"http","parent_app_id":0,"parent_app_name":null,"category":"general-internet","subcategory":"internet-utility","content":"unknown","risk":"1","characteristics":null,"deny_action":null,"depends_on_app_ids":"null","implicitly_uses_app_ids":"null","continue_scanning":0,"tcp_timeout":120,"udp_timeout":120,"tcp_half_close":0,"tcp_time_wait":0,"is_valid":1,"modified_time":"1716531859000000"},
-                {"app_id":68,"object_uuid":"00068000-0000-0000-0000-000000000000","app_name":"https","parent_app_id":0,"parent_app_name":null,"category":"general-internet","subcategory":"internet-utility","content":"unknown","risk":"1","characteristics":null,"deny_action":null,"depends_on_app_ids":"null","implicitly_uses_app_ids":"null","continue_scanning":0,"tcp_timeout":120,"udp_timeout":120,"tcp_half_close":0,"tcp_time_wait":0,"is_valid":1,"modified_time":"1716531859000000"}
+	            {"app_id":67,"object_uuid":"00000201-0000-0000-0000-000000000000","app_name":"http","is_valid":1},
+                {"app_id":68,"object_uuid":"00068000-0000-0000-0000-000000000000","app_name":"https","is_valid":1}
            ]
        }
    ]
--- a/resource/pangu/table_info.conf
+++ b/resource/pangu/table_info.conf
@@ -28,7 +28,7 @@
    },
    {
        "table_id":4,
-		"table_name":"TSG_OBJ_IP",
+		"table_name":"TSG_OBJ_IP_ADDR",
        "table_type":"ip"
    },
 	{
@@ -43,7 +43,7 @@
    }, 
 	{
        "table_id":7,
-        "table_name":"TSG_OBJ_KEYWORDS",
+        "table_name":"TSG_OBJ_KEYWORD",
        "table_type":"expr"
    },
 	{
@@ -85,11 +85,13 @@
    },
    {
        "table_id":14,
-        "table_name": "PXY_PROFILE_TRUSTED_CA_CERT",
+        "table_name": "TRUSTED_CERTIFICATE_AUTHORITY",
        "table_type": "plugin",
        "custom": {
            "key_name":"uuid",
-            "key_type":"pointer"
+            "key_type":"pointer",
+            "foreign_names":["cert_file"]
+
        }
    },
    {
@@ -103,29 +105,32 @@
    },
 	{
        "table_id":16,
-        "table_name":"TSG_PROFILE_RESPONSE_PAGES",
+        "table_name":"RESPONSE_PAGE",
        "table_type":"plugin",
        "custom": {
            "key_name":"uuid",
-            "key_type":"pointer"
+            "key_type":"pointer",
+            "foreign_names": ["path"]
        }
    },
 	{
        "table_id":17,
-        "table_name":"PXY_PROFILE_HIJACK_FILES",
+        "table_name":"PROXY_HIJACK_FILE",
        "table_type":"plugin",
        "custom": {
            "key_name":"uuid",
-            "key_type":"pointer"
+            "key_type":"pointer",
+            "foreign_names": ["path"]
        }
    },
 	{
        "table_id":18,
-        "table_name":"PXY_PROFILE_INSERT_SCRIPTS",
+        "table_name":"PROXY_INJECT_SCRIPT",
        "table_type":"plugin",
        "custom": {
            "key_name":"uuid",
-            "key_type":"pointer"
+            "key_type":"pointer",
+            "foreign_names": ["path"]
        }
    },
 	{
@@ -148,7 +153,7 @@
    },
 	{
        "table_id":21,
-        "table_name":"PXY_PROFILE_DECRYPTION",
+        "table_name":"DECRYPTION_PROFILE",
        "table_type":"plugin",
        "custom": {
            "key_type":"pointer",
@@ -157,16 +162,17 @@
    },
 	{
        "table_id":23,
-        "table_name":"PXY_PROFILE_RUN_SCRIPTS",
+        "table_name":"HTTP_MANIPULATION_SCRIPT",
        "table_type":"plugin",
        "custom": {
            "key_type":"pointer",
-            "key_name":"uuid"
+            "key_name":"uuid",
+            "foreign_names": ["path"]
        }
    },
 	{
        "table_id":24,
-        "table_name":"PXY_PROFILE_TCP_OPTION",
+        "table_name":"PROXY_TCP_OPTION",
        "table_type":"plugin",
        "custom": {
            "key_type":"pointer",
@@ -187,19 +193,15 @@
        "table_name": "APP_ID_DICT",
        "table_type": "plugin",
        "custom": {
-            "key_name":"app_id",
            "key_type":"integer",
-            "key_len":8
+            "key_len":8,
+            "key_name":"app_id"
        }
    },
    {
        "table_id":27,
-        "table_name": "TSG_IP_PROTOCOL",
-        "table_type": "plugin",
-        "custom": {
-            "key_name":"uuid",
-            "key_type":"pointer"
-        }
+        "table_name":"TSG_OBJ_IP_PROTOCOL",
+        "table_type":"expr"
    },
    {
        "table_id":28,