gfwleak/tango-verify-policy
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

TSG-6016 修复请求应答头未解析district

Browse Source
This commit is contained in:
fengweihao
2021-04-19 16:35:36 +08:00
parent 0983935dfd
commit 51b607ea34
3 changed files with 15 additions and 16 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
common/include/verify_policy.h
View File

@@ -142,6 +142,7 @@ struct verify_policy_query_obj
int protocol_field; int protocol_field;
char *keyword; char *keyword;
char *district;
char *attri_name; char *attri_name;
struct ipaddr *ip_addr; struct ipaddr *ip_addr;

9
platform/src/verify_policy.cpp
View File

@@ -269,7 +269,16 @@ static int get_attribute_from_json(int curr_id, cJSON* subchild, struct verify_p
policy_query->verify_object[curr_id].ip_addr = get_ip_from_json(attributeValue, policy_query->verify_object[curr_id].attri_name); policy_query->verify_object[curr_id].ip_addr = get_ip_from_json(attributeValue, policy_query->verify_object[curr_id].attri_name);
goto end; goto end;
} }
item = cJSON_GetObjectItem(attributeValue,"district");
if(item!=NULL)
{
policy_query->verify_object[curr_id].district = item->valuestring;
p += snprintf(p, sizeof(buff) - (p - buff), ", district = %s",policy_query->verify_object[curr_id].district);
}
item = cJSON_GetObjectItem(attributeValue,"string"); item = cJSON_GetObjectItem(attributeValue,"string");
if(item!=NULL)
{ {
policy_query->verify_object[curr_id].keyword = item->valuestring; policy_query->verify_object[curr_id].keyword = item->valuestring;
p += snprintf(p, sizeof(buff) - (p - buff), ", content = %s",policy_query->verify_object[curr_id].keyword); p += snprintf(p, sizeof(buff) - (p - buff), ", content = %s",policy_query->verify_object[curr_id].keyword);

21
scan/src/policy_scan.cpp
View File

@@ -991,13 +991,6 @@ finish:
size_t verify_policy_scan(enum verify_policy_type policy_type, struct verify_policy_query_obj *query_obj, cJSON *data_obj, void *pme) size_t verify_policy_scan(enum verify_policy_type policy_type, struct verify_policy_query_obj *query_obj, cJSON *data_obj, void *pme)
{ {
int scan_ret=0, n_read; int scan_ret=0, n_read;
//size_t hit_cnt=0;
struct http_field_name req_fields[]={ {"User-Agent", HTTP_USER_AGENT},
{"Cookie", HTTP_COOKIE}};
struct http_field_name resp_fields[]={ {"Set-Cookie", HTTP_SET_COOKIE},
{"Content-Type", HTTP_CONT_TYPE}};
struct pangu_http_ctx * ctx = (struct pangu_http_ctx *) pme; struct pangu_http_ctx * ctx = (struct pangu_http_ctx *) pme;
size_t hit_cnt = ctx->hit_cnt; size_t hit_cnt = ctx->hit_cnt;
@@ -1048,11 +1041,9 @@ size_t verify_policy_scan(enum verify_policy_type policy_type, struct verify_pol
if ((protocol_field == PXY_CTRL_HTTP_REQ_HDR) || protocol_field == PXY_CTRL_HTTP_RES_HDR) if ((protocol_field == PXY_CTRL_HTTP_REQ_HDR) || protocol_field == PXY_CTRL_HTTP_RES_HDR)
{ {
struct http_field_name *field_name = (protocol_field == PXY_CTRL_HTTP_REQ_HDR) ? req_fields : resp_fields; if(query_obj->district != NULL)
for(size_t i=0;i<sizeof(req_fields)/sizeof(struct http_field_name);i++)
{ {
const char * str_field_name = field_name[i].field_name; const char * str_field_name = query_obj->district;
scan_ret = Maat_set_scan_status(g_pangu_rt->maat[policy_type], &(ctx->scan_mid), MAAT_SET_SCAN_DISTRICT, scan_ret = Maat_set_scan_status(g_pangu_rt->maat[policy_type], &(ctx->scan_mid), MAAT_SET_SCAN_DISTRICT,
str_field_name, strlen(str_field_name)); str_field_name, strlen(str_field_name));
assert(scan_ret == 0); assert(scan_ret == 0);
@@ -1063,12 +1054,10 @@ size_t verify_policy_scan(enum verify_policy_type policy_type, struct verify_pol
{ {
hit_cnt += scan_ret; hit_cnt += scan_ret;
} }
n_read=Maat_get_scan_status(g_pangu_rt->maat[policy_type], &(ctx->scan_mid), MAAT_GET_SCAN_HIT_PATH, ctx->hit_path, sizeof(ctx->hit_path));
query_obj->nth_scan[0] = ctx->hit_path[ctx->n_read].Nth_scan;
ctx->n_read=n_read;
} }
n_read=Maat_get_scan_status(g_pangu_rt->maat[policy_type], &(ctx->scan_mid), MAAT_GET_SCAN_HIT_PATH, ctx->hit_path, sizeof(ctx->hit_path));
query_obj->nth_scan[0] = ctx->hit_path[ctx->n_read].Nth_scan;
ctx->n_read=n_read;
goto decide;
} }
if(policy_type == PXY_TABLE_SECURITY &&(protocol_field == PXY_SECURITY_HTTP_FQDN || if(policy_type == PXY_TABLE_SECURITY &&(protocol_field == PXY_SECURITY_HTTP_FQDN ||