From 74b95d15dc95b9a3f46f996afc2c2d7e2c602552 Mon Sep 17 00:00:00 2001 From: fengweihao Date: Mon, 26 Sep 2022 16:13:24 +0800 Subject: [PATCH] =?UTF-8?q?TSG-11996=20=E7=AD=96=E7=95=A5=E9=AA=8C?= =?UTF-8?q?=E8=AF=81=E6=94=AF=E6=8C=81Tunnel=20Object,=E4=BF=AE=E5=A4=8D?= =?UTF-8?q?=E5=90=88=E5=B9=B6tunnel=E9=97=AE=E9=A2=98?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- common/include/verify_policy.h | 4 +++- platform/src/verify_policy.cpp | 17 +++++++++++++++++ scan/src/policy_scan.cpp | 27 +++++++++++++++++++++------ 3 files changed, 41 insertions(+), 7 deletions(-) diff --git a/common/include/verify_policy.h b/common/include/verify_policy.h index dec653d..8a1ab6a 100644 --- a/common/include/verify_policy.h +++ b/common/include/verify_policy.h @@ -149,7 +149,7 @@ struct verify_policy_query_obj char *subscriberid; - int nth_scan[8]; + int nth_scan[256]; int nth_scan_num; cJSON* attributes; @@ -180,4 +180,6 @@ int security_policy_init(struct verify_policy * verify, const char* profile_path int http_hit_policy_list(enum verify_policy_type policy_type, size_t hit_cnt, cJSON *data_obj, void *pme); +void verify_policy_tunnle_add(void * pme); + #endif diff --git a/platform/src/verify_policy.cpp b/platform/src/verify_policy.cpp index b5ae9cb..c18b1b0 100644 --- a/platform/src/verify_policy.cpp +++ b/platform/src/verify_policy.cpp @@ -370,6 +370,23 @@ cJSON *get_query_from_request(const char *data, int thread_id) { void *ctx = pangu_http_ctx_new(thread_id); + for (subchild = attributes->child; subchild != NULL; subchild = subchild->next) + { + item = cJSON_GetObjectItem(subchild, "attributeName"); + if(item && item->type==cJSON_String) + { + if(0 == strcasecmp(item->valuestring, "tunnel_endpointa")) + { + verify_policy_tunnle_add(ctx); + } + + if(0 == strcasecmp(item->valuestring, "tunnel_endpointb")) + { + verify_policy_tunnle_add(ctx); + } + } + } + for (subchild = attributes->child; subchild != NULL; subchild = subchild->next) { xret = get_attribute_from_json(i, subchild, verify_policy); diff --git a/scan/src/policy_scan.cpp b/scan/src/policy_scan.cpp index 89f3349..78857af 100644 --- a/scan/src/policy_scan.cpp +++ b/scan/src/policy_scan.cpp @@ -129,7 +129,7 @@ struct verify_policy_scan_ctx int n_read; struct Maat_hit_path_t hit_path[2048]; - int tunnel_hit_hath; + int tunnel_endpoint_x; int bool_id_array_idx; unsigned long long bool_id_array[128]; @@ -156,6 +156,13 @@ struct verify_policy_rt * g_policy_rt; #define MAAT_INPUT_REDIS 1 #define MAAT_INPUT_FILE 2 +void verify_policy_tunnle_add(void * pme) +{ + struct verify_policy_scan_ctx * ctx = (struct verify_policy_scan_ctx *) pme; + ctx->tunnel_endpoint_x++; +} + + void * pangu_http_ctx_new(unsigned int thread_id) { struct verify_policy_scan_ctx * ctx = ALLOC(struct verify_policy_scan_ctx, 1); @@ -927,22 +934,30 @@ void http_get_scan_status(struct verify_policy_query_obj *query_obj, int type, c int i=0, j=0, k=0; int result_hit_nth[MAX_SCAN_RESULT] = {-1}; cJSON *attributeObj=NULL,*hitPaths=NULL; + cJSON *item = NULL; struct verify_policy_scan_ctx * ctx = (struct verify_policy_scan_ctx *) pme; - if(ctx->tunnel_hit_hath) + attributeObj=query_obj->attributes; + + if(ctx->tunnel_endpoint_x == 2) { - return; + item = cJSON_GetObjectItem(attributeObj, "attributeName"); + if(item && item->type==cJSON_String) + { + if(0 == strcasecmp(item->valuestring, "tunnel_endpointa")) + { + return; + } + } } - attributeObj=query_obj->attributes; if(type == PXY_TABLE_SECURITY && query_obj->protocol_field == TSG_SECURITY_TUNNEL) { attributeObj=query_obj->attributes; cJSON_DeleteItemFromObject(attributeObj, "attributeName"); cJSON_AddStringToObject(attributeObj, "attributeName", "tunnel_endpoint_object"); cJSON_DeleteItemFromObject(attributeObj, "attributeValue"); - ctx->tunnel_hit_hath=1; } cJSON_AddItemToArray(attributes, attributeObj); @@ -1347,8 +1362,8 @@ int verify_tunnle_id_scan(struct Maat_rule_t *result, struct ip_address *sip, in ctx->n_read=n_read; hit_path_cnt++; } + tunnel_table_free(tunnel_catalog[i]); } - tunnel_table_free(tunnel_catalog[i]); query_obj->nth_scan_num = hit_path_cnt; return hit_cnt_tunnel; }