diff --git a/plugin/business/tsg-http/src/tsg_http.cpp b/plugin/business/tsg-http/src/tsg_http.cpp index 82ccbb0..02b28ce 100644 --- a/plugin/business/tsg-http/src/tsg_http.cpp +++ b/plugin/business/tsg-http/src/tsg_http.cpp @@ -36,18 +36,25 @@ enum proxy_action { PX_ACTION_NONE = 0, - PX_ACTION_DENY = 1, - PX_ACTION_ALLOW = 2, + PX_ACTION_ALLOW = 1, + PX_ACTION_DENY = 2, PX_ACTION_MONITOR = 3, PX_ACTION_REDIRECT = 4, - PX_ACTION_REPLACE = 5, - PX_ACTION_HIJACK = 6, - PX_ACTION_REJECT = 7, - PX_ACTION_EDIT_ELEMENT = 8, - PX_ACTION_RUN_SCRIPT = 9, + PX_ACTION_EXECUTE = 5, + PX_ACTION_MANIPULATE = 6, __PX_ACTION_MAX }; +enum manipulate_action +{ + MA_ACTION_REPLACE_TEXT, + MA_ACTION_REPLACE_FILE, + MA_ACTION_EDIT_ELEMENT, + MA_ACTION_INJECT_JAVESCRIPT, + MA_ACTION_INJECT_CSS, + __MA_ACTION_MAX +}; + enum scan_table { PXY_CTRL_HTTP_URL, @@ -82,7 +89,8 @@ enum proxy_http_stat enum manipulate_profile_table { POLICY_PROFLIE_TABLE_REJECT, - POLICY_PROFILE_TABLE_INSERT, + POLICY_PROFILE_TABLE_JS, + POLICY_PROFILE_TABLE_CSS, POLICY_PROFILE_TABLE_HIJACK, POLICY_PROFILE_TABLE_LUA, POLICY_PROFILE_TABLE_MAX @@ -118,7 +126,7 @@ struct maat_rule_t struct policy_action_param { int ref_cnt; - enum proxy_action action; + enum manipulate_action action; char *message; char *position; float enforcement_ratio; @@ -329,6 +337,25 @@ void trusted_CA_update_finish_cb(void* u_para) } } +static enum manipulate_action manipulate_action_str2idx(const char *action_str) +{ + const char *clue_action_map[__MA_ACTION_MAX]; + clue_action_map[MA_ACTION_REPLACE_TEXT]= "replace_text"; + clue_action_map[MA_ACTION_REPLACE_FILE]= "replace_file"; + clue_action_map[MA_ACTION_EDIT_ELEMENT]= "edit_element"; + clue_action_map[MA_ACTION_INJECT_JAVESCRIPT]= "inject_javascript"; + clue_action_map[MA_ACTION_INJECT_CSS]= "inject_css"; + + size_t i = 0; + + for (i = 0; i < sizeof(clue_action_map) / sizeof(const char *); i++) + { + if (0 == strcasecmp(action_str, clue_action_map[i])) + break; + } + return (enum manipulate_action)i; +} + void octal_utf8_escapes(char *input) { #define AFMTSIZE (67+2+1+2) @@ -406,15 +433,12 @@ unsigned char action_type_str2idx(const char *action_str) { const char * action_name[__PX_ACTION_MAX] ={0}; action_name[PX_ACTION_NONE] = "none"; - action_name[PX_ACTION_DENY] = "deny"; action_name[PX_ACTION_ALLOW] = "allow"; + action_name[PX_ACTION_DENY] = "deny"; action_name[PX_ACTION_MONITOR] = "monitor"; action_name[PX_ACTION_REDIRECT] = "redirect"; - action_name[PX_ACTION_REPLACE] = "replace"; - action_name[PX_ACTION_HIJACK] = "hijack"; - action_name[PX_ACTION_REJECT] = "inject"; - action_name[PX_ACTION_EDIT_ELEMENT] = "edit_element"; - action_name[PX_ACTION_RUN_SCRIPT] = "run_script"; + action_name[PX_ACTION_EXECUTE] = "execute"; + action_name[PX_ACTION_MANIPULATE] = "modify"; int action = 0; for ( action = PX_ACTION_NONE; action < __PX_ACTION_MAX; action++) @@ -435,7 +459,6 @@ unsigned char log_option_type_str2idx(const char *log_option) break; } return i; - } void policy_action_param_new(const char *table_name, const char* key, const char* table_line, void **ad, long argl, void* argp) @@ -482,23 +505,15 @@ void policy_action_param_new(const char *table_name, const char* key, const char return; } - param->ref_cnt=1; + param->ref_cnt=1; pthread_mutex_init(&(param->lock), NULL); param->hit_rule.action_parameter = cJSON_PrintUnformatted(action_parameter); - param->action = (enum proxy_action)param->hit_rule.action; int rule_id=0; cJSON *rules=NULL, *item=NULL, *sub_item=NULL; - switch(param->action) + + switch(param->hit_rule.action) { - case PX_ACTION_ALLOW: - case PX_ACTION_MONITOR: - item=cJSON_GetObjectItem(action_parameter,"vsys_id"); - if(item && item->type==cJSON_Number) - { - param->hit_rule.vsys_id=item->valueint; - } - break; case PX_ACTION_REDIRECT: item=cJSON_GetObjectItem(action_parameter,"vsys_id"); if(item && item->type==cJSON_Number) @@ -547,7 +562,40 @@ void policy_action_param_new(const char *table_name, const char* key, const char param->profile_uuid_str = tfe_strdup(item->valuestring); } break; - case PX_ACTION_REPLACE: + case PX_ACTION_EXECUTE: + item=cJSON_GetObjectItem(action_parameter,"vsys_id"); + if(item && item->type==cJSON_Number) + { + param->hit_rule.vsys_id=item->valueint; + } + item=cJSON_GetObjectItem(action_parameter,"lua_script"); + if(item && item->type==cJSON_String) + { + param->profile_uuid_str =tfe_strdup(item->valuestring); + } + item=cJSON_GetObjectItem(action_parameter,"enforcement_ratio"); + if(item && item->type==cJSON_Number) + { + param->enforcement_ratio = item->valuedouble; + } + else + { + param->enforcement_ratio = 1; + } + break; + default: + break; + } + + cJSON *method=cJSON_GetObjectItem(action_parameter, "sub_action"); + if(method && method->type==cJSON_String) + { + param->action=manipulate_action_str2idx(method->valuestring); + } + + switch(param->action) + { + case MA_ACTION_REPLACE_TEXT: item=cJSON_GetObjectItem(action_parameter,"vsys_id"); if(item && item->type==cJSON_Number) { @@ -587,13 +635,13 @@ void policy_action_param_new(const char *table_name, const char* key, const char } param->n_rule = rule_id; break; - case PX_ACTION_HIJACK: + case MA_ACTION_REPLACE_FILE: item=cJSON_GetObjectItem(action_parameter,"vsys_id"); if(item && item->type==cJSON_Number) { param->hit_rule.vsys_id=item->valueint; } - item=cJSON_GetObjectItem(action_parameter,"hijack_profile"); + item=cJSON_GetObjectItem(action_parameter,"replacement_file"); if(item && item->type==cJSON_String) { param->profile_uuid_str =tfe_strdup(item->valuestring); @@ -608,18 +656,18 @@ void policy_action_param_new(const char *table_name, const char* key, const char param->enforcement_ratio = 1; } break; - case PX_ACTION_REJECT: + case MA_ACTION_INJECT_JAVESCRIPT: item=cJSON_GetObjectItem(action_parameter,"vsys_id"); if(item && item->type==cJSON_Number) { param->hit_rule.vsys_id=item->valueint; } - item=cJSON_GetObjectItem(action_parameter,"inject_profile"); + item=cJSON_GetObjectItem(action_parameter,"js_file"); if(item && item->type==cJSON_String) { param->profile_uuid_str =tfe_strdup(item->valuestring); } - item=cJSON_GetObjectItem(action_parameter,"position"); + item=cJSON_GetObjectItem(action_parameter,"injection_section"); if(item && item->type==cJSON_String){ param->position = tfe_strdup(item->valuestring); } @@ -633,7 +681,28 @@ void policy_action_param_new(const char *table_name, const char* key, const char param->enforcement_ratio = 1; } break; - case PX_ACTION_EDIT_ELEMENT: + case MA_ACTION_INJECT_CSS: + item=cJSON_GetObjectItem(action_parameter,"vsys_id"); + if(item && item->type==cJSON_Number) + { + param->hit_rule.vsys_id=item->valueint; + } + item=cJSON_GetObjectItem(action_parameter,"css_file"); + if(item && item->type==cJSON_String) + { + param->profile_uuid_str =tfe_strdup(item->valuestring); + } + item=cJSON_GetObjectItem(action_parameter,"enforcement_ratio"); + if(item && item->type==cJSON_Number) + { + param->enforcement_ratio = item->valuedouble; + } + else + { + param->enforcement_ratio = 1; + } + break; + case MA_ACTION_EDIT_ELEMENT: item=cJSON_GetObjectItem(action_parameter,"vsys_id"); if(item && item->type==cJSON_Number) { @@ -676,29 +745,7 @@ void policy_action_param_new(const char *table_name, const char* key, const char } param->e_rule = rule_id; break; - case PX_ACTION_RUN_SCRIPT: - item=cJSON_GetObjectItem(action_parameter,"vsys_id"); - if(item && item->type==cJSON_Number) - { - param->hit_rule.vsys_id=item->valueint; - } - item=cJSON_GetObjectItem(action_parameter,"run_script_profile"); - if(item && item->type==cJSON_String) - { - param->profile_uuid_str =tfe_strdup(item->valuestring); - } - item=cJSON_GetObjectItem(action_parameter,"enforcement_ratio"); - if(item && item->type==cJSON_Number) - { - param->enforcement_ratio = item->valuedouble; - } - else - { - param->enforcement_ratio = 1; - } - break; - default: - assert(0); + default: break; } *ad=param; @@ -874,10 +921,7 @@ void ma_insert_profile_table_new_cb(const char *table_name, const char* key, con ply_profile->ref_cnt=1; pthread_mutex_init(&(ply_profile->lock), NULL); - if(strcasecmp(ply_profile->profile_type, "template") == 0) - { - ply_profile->tpl = ctemplate::Template::GetTemplate(profile_path, ctemplate::DO_NOT_STRIP); - }else + if(profile_path != NULL) { ply_profile->profile_msg = tfe_read_file(profile_path, &ply_profile->msg_len); if (ply_profile->profile_msg == NULL) @@ -899,7 +943,7 @@ void ma_hijack_profile_table_new_cb(const char *table_name, const char* key, con cJSON* hihijack_files = cJSON_Parse(table_line); if(hihijack_files == NULL) { - TFE_LOG_ERROR(g_proxy_rt->local_logger, "PROXY_HIJACK_FILE parse table_line failed. table_line:%s", table_line); + TFE_LOG_ERROR(g_proxy_rt->local_logger, "PROXY_REPLACEMENT_FILE parse table_line failed. table_line:%s", table_line); return; } @@ -941,7 +985,7 @@ void ma_lua_profile_table_new_cb(const char *table_name, const char* key, const cJSON* run_scripts = cJSON_Parse(table_line); if(run_scripts == NULL) { - TFE_LOG_ERROR(g_proxy_rt->local_logger, "HTTP_MANIPULATION_SCRIPT parse table_line failed. table_line:%s", table_line); + TFE_LOG_ERROR(g_proxy_rt->local_logger, "PROXY_LUA_SCRIPT parse table_line failed. table_line:%s", table_line); return; } @@ -1056,9 +1100,10 @@ void ma_profile_table_dup_cb(const char *table_name, void **to, void **from, lon const char* table_name_idx2str(int profile_idx) { const char *table_name_map[] = {"RESPONSE_PAGE", - "PROXY_INJECT_SCRIPT", - "PROXY_HIJACK_FILE", - "HTTP_MANIPULATION_SCRIPT"}; + "PROXY_JS_FILE", + "PROXY_CSS_FILE", + "PROXY_REPLACEMENT_FILE", + "PROXY_LUA_SCRIPT"}; return table_name_map[profile_idx]; } @@ -1072,7 +1117,8 @@ int maat_table_ex_init(int profile_idx, const char *table_name = table_name_idx2str(profile_idx); maat_ex_new_func_t *new_func[] = { [POLICY_PROFLIE_TABLE_REJECT] = ma_profile_table_new_cb, - [POLICY_PROFILE_TABLE_INSERT] = ma_insert_profile_table_new_cb, + [POLICY_PROFILE_TABLE_JS] = ma_insert_profile_table_new_cb, + [POLICY_PROFILE_TABLE_CSS] = ma_insert_profile_table_new_cb, [POLICY_PROFILE_TABLE_HIJACK] = ma_hijack_profile_table_new_cb, [POLICY_PROFILE_TABLE_LUA] = ma_lua_profile_table_new_cb, }; @@ -1245,7 +1291,9 @@ struct proxy_http_ctx static inline int ctx_actually_replaced(struct proxy_http_ctx * ctx) { - if(ctx->action == PX_ACTION_REPLACE && ctx->rep_ctx->actually_replaced==1) + if(ctx->action == PX_ACTION_MANIPULATE && + ctx->param->action == MA_ACTION_REPLACE_TEXT && + ctx->rep_ctx->actually_replaced==1) { return 1; } @@ -1257,7 +1305,7 @@ static inline int ctx_actually_replaced(struct proxy_http_ctx * ctx) static inline int ctx_actually_ran_script(struct proxy_http_ctx * ctx) { - if(ctx->action == PX_ACTION_RUN_SCRIPT && ctx->tsg_ctx->actually_executed==1) + if(ctx->action == PX_ACTION_EXECUTE && ctx->tsg_ctx->actually_executed==1) { return 1; } @@ -1269,7 +1317,8 @@ static inline int ctx_actually_ran_script(struct proxy_http_ctx * ctx) static inline int ctx_actually_inserted(struct proxy_http_ctx * ctx) { - if(ctx->action == PX_ACTION_REJECT && ctx->ins_ctx->actually_inserted==1) + if((ctx->action == PX_ACTION_MANIPULATE && ctx->param->action == MA_ACTION_INJECT_JAVESCRIPT && ctx->ins_ctx->actually_inserted==1) + || (ctx->action == PX_ACTION_MANIPULATE && ctx->param->action == MA_ACTION_INJECT_CSS && ctx->ins_ctx->actually_inserted==1)) { return 1; } @@ -1281,7 +1330,9 @@ static inline int ctx_actually_inserted(struct proxy_http_ctx * ctx) static inline int ctx_actually_edited(struct proxy_http_ctx * ctx) { - if(ctx->action == PX_ACTION_EDIT_ELEMENT && ctx->edit_ctx != NULL && ctx->edit_ctx->actually_edited==1) + if(ctx->action == PX_ACTION_MANIPULATE && + ctx->param->action == MA_ACTION_EDIT_ELEMENT && ctx->edit_ctx != NULL && + ctx->edit_ctx->actually_edited==1) { return 1; } @@ -1293,7 +1344,8 @@ static inline int ctx_actually_edited(struct proxy_http_ctx * ctx) static inline int ctx_actually_manipulate(struct proxy_http_ctx * ctx) { - if((ctx->action == PX_ACTION_REDIRECT || ctx->action == PX_ACTION_HIJACK) && ctx->manipulate_replaced==1) + if((ctx->action == PX_ACTION_REDIRECT && ctx->manipulate_replaced==1) || + (ctx->action == PX_ACTION_MANIPULATE && ctx->param->action == MA_ACTION_REPLACE_FILE && ctx->manipulate_replaced==1)) { return 1; } @@ -1454,7 +1506,8 @@ void proxy_send_metric_log(const struct tfe_stream * stream, struct proxy_http_c { size_t i=0; int hit_cnt=0; - const char *manipulate_action_map[]= {"none","deny","allow","monitor","redirect","replace","hijack","inject","edit_element","run_script"}; + const char *manipulate_action_map[]= {"replace_text","replace_file","edit_element","inject_javascript","inject_css"}; + const char *proxy_action_map[] = {"none", "allow", "deny", "monitor", "redirect", "execute", "modify"}; struct filedstat_easy_manipulation *fieldstat = tfe_get_fieldstat_handle()->manipulation; if(fieldstat == NULL) @@ -1466,8 +1519,16 @@ void proxy_send_metric_log(const struct tfe_stream * stream, struct proxy_http_c { fieldstat->tags[thread_id][TAG_VSYS_ID].value_longlong = ctx->enforce_rules[i].vsys_id; fieldstat->tags[thread_id][TAG_RULE_ID].value_str = ctx->enforce_rules[i].config_uuid_string; - fieldstat->tags[thread_id][TAG_ACTION].value_longlong = 48; - fieldstat->tags[thread_id][TAG_SUB_ACTION].value_str = manipulate_action_map[ctx->param->action]; + fieldstat->tags[thread_id][TAG_ACTION].value_longlong = PX_ACTION_MANIPULATE; + if(ctx->enforce_rules[i].action == PX_ACTION_MANIPULATE) + { + fieldstat->tags[thread_id][TAG_SUB_ACTION].value_str = manipulate_action_map[ctx->param->action]; + } + else + { + fieldstat->tags[thread_id][TAG_SUB_ACTION].value_str = proxy_action_map[ctx->enforce_rules[i].action]; + } + size_t c2s_byte_num = 0, s2c_byte_num =0; tfe_stream_info_get(stream, INFO_FROM_DOWNSTREAM_RX_OFFSET, &c2s_byte_num, sizeof(c2s_byte_num)); tfe_stream_info_get(stream, INFO_FROM_UPSTREAM_RX_OFFSET, &s2c_byte_num, sizeof(s2c_byte_num)); @@ -1541,11 +1602,8 @@ void __pangu_action_weight_init() pangu_action_weight[PX_ACTION_NONE] = 0; pangu_action_weight[PX_ACTION_MONITOR] = 1; pangu_action_weight[PX_ACTION_REDIRECT] = 2; - pangu_action_weight[PX_ACTION_REPLACE] = 2; - pangu_action_weight[PX_ACTION_HIJACK] = 2; - pangu_action_weight[PX_ACTION_REJECT] = 2; - pangu_action_weight[PX_ACTION_EDIT_ELEMENT] = 2; - pangu_action_weight[PX_ACTION_RUN_SCRIPT] = 2; + pangu_action_weight[PX_ACTION_EXECUTE] = 2; + pangu_action_weight[PX_ACTION_MANIPULATE] = 2; pangu_action_weight[PX_ACTION_DENY] = 3; pangu_action_weight[PX_ACTION_ALLOW] = 4; } @@ -1767,7 +1825,7 @@ int http_lua_profile(char *profile_uuid_str, struct elua_script ***elua_ctx, cha { int ret = 0; - struct manipulate_profile* lua_profile=get_profile_by_id("HTTP_MANIPULATION_SCRIPT", profile_uuid_str); + struct manipulate_profile* lua_profile=get_profile_by_id("PROXY_LUA_SCRIPT", profile_uuid_str); if(lua_profile==NULL) { ret=-1; @@ -2328,7 +2386,7 @@ static void http_hijack(const struct tfe_http_session * session, enum tfe_http_e if(events & EV_HTTP_RESP_HDR) { - struct manipulate_profile* hijack_profile=get_profile_by_id("PROXY_HIJACK_FILE", param->profile_uuid_str); + struct manipulate_profile* hijack_profile=get_profile_by_id("PROXY_REPLACEMENT_FILE", param->profile_uuid_str); if (NULL == hijack_profile) { TFE_LOG_ERROR(g_proxy_rt->local_logger, "get table obj faild, profile_id = %s", param->profile_uuid_str); @@ -2394,7 +2452,7 @@ static void http_hijack(const struct tfe_http_session * session, enum tfe_http_e return; } -static int format_insert_rule(char *profile_uuid, struct insert_rule *rule) +static int format_insert_rule(char *profile_uuid, char *position, enum manipulate_action action, struct insert_rule *rule) { int ret = 0; @@ -2404,15 +2462,20 @@ static int format_insert_rule(char *profile_uuid, struct insert_rule *rule) return ret; } - struct manipulate_profile* insert_profile=get_profile_by_id("PROXY_INJECT_SCRIPT", profile_uuid); + const char *profile_type = (action==MA_ACTION_INJECT_JAVESCRIPT)? "js" : "css"; + const char *proflie_table_name = (action==MA_ACTION_INJECT_JAVESCRIPT)? "PROXY_JS_FILE" : "PROXY_CSS_FILE"; + struct manipulate_profile* insert_profile=get_profile_by_id(proflie_table_name, profile_uuid); if(insert_profile==NULL) { ret=-1; return ret; } rule->script = tfe_strdup(insert_profile->profile_msg); - rule->type = tfe_strdup(insert_profile->profile_type); - rule->position = tfe_strdup(insert_profile->profile_position); + rule->type = tfe_strdup(profile_type); + if(position) + { + rule->position = tfe_strdup(position); + } rule->inject_sz = insert_profile->msg_len; ma_profile_table_free(insert_profile); @@ -2421,7 +2484,7 @@ static int format_insert_rule(char *profile_uuid, struct insert_rule *rule) } static void http_insert(const struct tfe_stream * stream, const struct tfe_http_session * session, enum tfe_http_event events, - const unsigned char * body_frag, size_t frag_size, struct proxy_http_ctx * ctx) + const unsigned char * body_frag, size_t frag_size, enum manipulate_action action, struct proxy_http_ctx * ctx) { struct tfe_http_session * to_write_sess = NULL; char * rewrite_buff = NULL; @@ -2452,7 +2515,7 @@ static void http_insert(const struct tfe_stream * stream, const struct tfe_http_ { ctx->ins_ctx = ins_ctx = ALLOC(struct insert_ctx, 1); ins_ctx->rule = ALLOC(struct insert_rule, 1); - int ret=format_insert_rule(param->profile_uuid_str, ins_ctx->rule); + int ret=format_insert_rule(param->profile_uuid_str, param->position, action, ins_ctx->rule); if (ret<0) { TFE_LOG_ERROR(g_proxy_rt->local_logger, "Failed to get policy table, profile_id = %s", param->profile_uuid_str); @@ -2697,24 +2760,19 @@ static void http_manipulate(const struct tfe_stream * stream, const struct tfe_h switch(param->action) { - case PX_ACTION_REDIRECT: - http_redirect(stream, session, events, ctx); - break; - case PX_ACTION_REPLACE: + case MA_ACTION_REPLACE_TEXT: http_replace(stream, session, events, body_frag, frag_size, ctx); break; - case PX_ACTION_HIJACK: + case MA_ACTION_REPLACE_FILE: http_hijack(session, events, ctx); break; - case PX_ACTION_REJECT: - http_insert(stream, session, events, body_frag, frag_size, ctx); + case MA_ACTION_INJECT_JAVESCRIPT: + case MA_ACTION_INJECT_CSS: + http_insert(stream, session, events, body_frag, frag_size, param->action, ctx); break; - case PX_ACTION_EDIT_ELEMENT: + case MA_ACTION_EDIT_ELEMENT: http_element(stream, session, events, body_frag, frag_size, ctx); break; - case PX_ACTION_RUN_SCRIPT: - http_lua(stream, session, events, body_frag, frag_size, ctx); - break; default: assert(0); break; } @@ -2813,6 +2871,7 @@ enum proxy_action http_scan(const struct tfe_http_session * session, enum tfe_ht { break; } + scan_ret = maat_scan_string(g_proxy_rt->feather, "TSG_OBJ_KEYWORD", attribute_name, field_val, strlen(field_val), result + hit_cnt, MAX_SCAN_RESULT - hit_cnt, &n_hit_result, ctx->scan_mid); if (scan_ret == MAAT_SCAN_HIT) @@ -2915,12 +2974,20 @@ void enforce_control_policy(const struct tfe_stream * stream, const struct tfe_h case PX_ACTION_DENY: http_block(stream, session, events, ctx); break; + case PX_ACTION_MANIPULATE: + http_manipulate(stream, session, events, body_frag, frag_size, ctx); + break; case PX_ACTION_ALLOW: tfe_http_session_detach(session); ATOMIC_INC(&(g_proxy_rt->stat_val[STAT_ACTION_WHITELSIT])); break; - default: - http_manipulate(stream, session, events, body_frag, frag_size, ctx); + case PX_ACTION_REDIRECT: + http_redirect(stream, session, events, ctx); + break; + case PX_ACTION_EXECUTE: + http_lua(stream, session, events, body_frag, frag_size, ctx); + break; + default: assert(0); break; } @@ -3041,11 +3108,11 @@ void proxy_on_http_end(const struct tfe_stream * stream, size_t i=0, j=0; int ret=0; - if(ctx->param != NULL && ctx->param->action == PX_ACTION_REPLACE && ctx->rep_ctx->actually_replaced==0) + if(ctx->action == PX_ACTION_MANIPULATE && ctx->param->action == MA_ACTION_REPLACE_TEXT && ctx->rep_ctx->actually_replaced==0) { for(i=0; i< ctx->n_enforce; i++) { - if((unsigned char)ctx->enforce_rules[i].action == PX_ACTION_REPLACE) + if((unsigned char)ctx->enforce_rules[i].action == PX_ACTION_MANIPULATE) { if(i+1 > ctx->n_enforce) { @@ -3062,8 +3129,12 @@ void proxy_on_http_end(const struct tfe_stream * stream, } } struct proxy_log log_msg = {.stream=stream, .http=session, .result=(struct log_rule_t *)ctx->enforce_rules, .result_num=ctx->n_enforce, - .req_body=ctx->log_req_body, .resp_body=ctx->log_resp_body, .action=ctx->action, .inject_sz=ctx->inject_sz, .c2s_byte_num=ctx->c2s_byte_num, + .req_body=ctx->log_req_body, .resp_body=ctx->log_resp_body, .action=0, .inject_sz=ctx->inject_sz, .c2s_byte_num=ctx->c2s_byte_num, .s2c_byte_num=ctx->s2c_byte_num}; + if(ctx->action == PX_ACTION_MANIPULATE) + { + log_msg.action = ctx->param->action; + } if(ctx->action != PX_ACTION_NONE && (((ctx_actually_replaced(ctx)) || (ctx_actually_inserted(ctx)) || (ctx_actually_edited(ctx)) || diff --git a/plugin/business/tsg-http/src/tsg_logger.cpp b/plugin/business/tsg-http/src/tsg_logger.cpp index 3e25f82..256a5d5 100644 --- a/plugin/business/tsg-http/src/tsg_logger.cpp +++ b/plugin/business/tsg-http/src/tsg_logger.cpp @@ -32,15 +32,12 @@ struct proxy_logger enum _log_action { LG_ACTION_NONE = 0, - LG_ACTION_DENY = 1, - LG_ACTION_ALLOW = 2, + LG_ACTION_ALLOW = 1, + LG_ACTION_DENY = 2, LG_ACTION_MONITOR = 3, LG_ACTION_REDIRECT = 4, - LG_ACTION_REPLACE = 5, - LG_ACTION_HIJACK = 6, - LG_ACTION_REJECT = 7, - LG_ACTION_EDIT_ELEMENT = 8, - LG_ACTION_RUN_SCRIPT = 9, + LG_ACTION_EXECUTE = 5, + LG_ACTION_MANIPULATE = 6, __LG_ACTION_MAX }; @@ -214,7 +211,9 @@ int proxy_send_log(struct proxy_logger* handle, const struct proxy_log* log_msg) char dst_ip_str[MAX(INET6_ADDRSTRLEN,INET_ADDRSTRLEN)] = {0}; const char *app_proto[]= {"unkonw","http1", "http2"}; - const char *manipulate_action_map[]= {"none","deny","allow","monitor","redirect","replace","hijack","inject","edit_element","run_script"}; + + const char *manipulate_action_map[]= {"replace_text","replace_file","edit_element","inject_javascript","inject_css"}; + const char *panggu_action_map[] = {"none", "allow", "deny", "monitor", "redirect", "execute", "modify"}; struct json_spec req_fields[]={ {"http_cookie", TFE_HTTP_COOKIE}, {"http_referer", TFE_HTTP_REFERER}, @@ -235,7 +234,7 @@ int proxy_send_log(struct proxy_logger* handle, const struct proxy_log* log_msg) gettimeofday(&cur_time, NULL); cJSON_AddNumberToObject(common_obj, "start_timestamp_ms", get_time_ms(http->start_time)); cJSON_AddNumberToObject(common_obj, "end_timestamp_ms", get_time_ms(cur_time)); - + struct tfe_cmsg *cmsg = tfe_stream_get0_cmsg(log_msg->stream); if (cmsg != NULL) { @@ -394,8 +393,16 @@ int proxy_send_log(struct proxy_logger* handle, const struct proxy_log* log_msg) } cJSON_AddItemToObject(per_hit_obj, "proxy_rule_list", proxy_rule_list); cJSON_AddNumberToObject(per_hit_obj, "vsys_id", log_msg->result[i].vsys_id); - cJSON_AddStringToObject(per_hit_obj, "proxy_action", manipulate_action_map[log_msg->result[i].action]); - cJSON_AddNumberToObject(per_hit_obj, "http_action_file_size", log_msg->inject_sz); + if(log_msg->result[i].action == LG_ACTION_MANIPULATE) + { + cJSON_AddStringToObject(per_hit_obj, "proxy_action", manipulate_action_map[log_msg->action]); + cJSON_AddNumberToObject(per_hit_obj, "http_action_file_size", log_msg->inject_sz); + } + else + { + cJSON_AddStringToObject(per_hit_obj, "proxy_action", panggu_action_map[(unsigned char)(log_msg->result[i].action)]); + } + log_payload = cJSON_PrintUnformatted(per_hit_obj); TFE_LOG_DEBUG(handle->local_logger, "%s", log_payload); diff --git a/resource/pangu/doh.json b/resource/pangu/doh.json index 2fa0870..1927492 100644 --- a/resource/pangu/doh.json +++ b/resource/pangu/doh.json @@ -1,6 +1,6 @@ { "rule_table": "PXY_CTRL_RULE", - "object2object_table": "OBJECT_GROUP", + "object_group_table": "OBJECT_GROUP", "rules": [ { "uuid": "40c9c6a7-70a9-48ae-9fba-ec7966edd3c6", diff --git a/resource/pangu/pangu_http.json b/resource/pangu/pangu_http.json index 1ab7205..6ab23cb 100644 --- a/resource/pangu/pangu_http.json +++ b/resource/pangu/pangu_http.json @@ -1,6 +1,6 @@ { "rule_table": "PXY_CTRL_RULE", - "object2object_table": "OBJECT_GROUP", + "object_group_table": "OBJECT_GROUP", "rules": [ { "uuid": "00001021-0000-0000-0000-000000000000", @@ -153,13 +153,13 @@ ] }, { - "table_name": "PROXY_HIJACK_FILE", + "table_name": "PROXY_REPLACEMENT_FILE", "table_content": [ {"uuid":"00000201-0000-0000-0000-000000000000","profile_name":"chakanqi","content_name":"chakanqi-947KB.exe","content_type":"application/x-msdos-program","path":"./resource/pangu/policy_file/chakanqi-947KB.exe","is_valid":1,"modified_time":"1716531859000000"} ] }, { - "table_name": "PROXY_INJECT_SCRIPT", + "table_name": "PROXY_JS_FILE", "table_content": [ {"uuid":"00000301-0000-0000-0000-000000000000","profile_name":"time","format":"js","insert_on":"before_page_load","path":"./resource/pangu/policy_file/time.js","is_valid":1,"modified_time":"1716531859000000"} ] diff --git a/resource/pangu/table_info.conf b/resource/pangu/table_info.conf index 4a378be..33551ef 100644 --- a/resource/pangu/table_info.conf +++ b/resource/pangu/table_info.conf @@ -24,7 +24,7 @@ { "table_id":3, "table_name":"OBJECT_GROUP", - "table_type":"object2object" + "table_type":"object_group" }, { "table_id":4, @@ -115,7 +115,7 @@ }, { "table_id":17, - "table_name":"PROXY_HIJACK_FILE", + "table_name":"PROXY_REPLACEMENT_FILE", "table_type":"plugin", "custom": { "key_name":"uuid", @@ -123,9 +123,19 @@ "foreign_names": ["path"] } }, - { + { "table_id":18, - "table_name":"PROXY_INJECT_SCRIPT", + "table_name":"PROXY_JS_FILE", + "table_type":"plugin", + "custom": { + "key_name":"uuid", + "key_type":"pointer", + "foreign_names": ["path"] + } + }, + { + "table_id":19, + "table_name":"PROXY_CSS_FILE", "table_type":"plugin", "custom": { "key_name":"uuid", @@ -134,7 +144,7 @@ } }, { - "table_id":19, + "table_id":20, "table_name":"PXY_INTERCEPT_RULE", "table_type":"plugin", "custom": { @@ -143,7 +153,7 @@ } }, { - "table_id":20, + "table_id":21, "table_name":"TRAFFIC_MIRRORING_PROFILE", "table_type":"plugin", "custom": { @@ -152,7 +162,7 @@ } }, { - "table_id":21, + "table_id":22, "table_name":"DECRYPTION_PROFILE", "table_type":"plugin", "custom": { @@ -162,7 +172,7 @@ }, { "table_id":23, - "table_name":"HTTP_MANIPULATION_SCRIPT", + "table_name":"PROXY_LUA_SCRIPT", "table_type":"plugin", "custom": { "key_type":"pointer",