diff --git a/common/include/verify_policy.h b/common/include/verify_policy.h index f4580a6..4793949 100644 --- a/common/include/verify_policy.h +++ b/common/include/verify_policy.h @@ -29,6 +29,7 @@ enum manipulate_sacn_table PXY_CTRL_HTTP_RES_HDR, PXY_CTRL_HTTP_RES_BODY, PXY_CTRL_SUBSCRIBE_ID, + PXY_CTRL_APP_ID, __SCAN_TABLE_MAX }; diff --git a/platform/src/verify_policy.cpp b/platform/src/verify_policy.cpp index 76be087..6d49d8c 100644 --- a/platform/src/verify_policy.cpp +++ b/platform/src/verify_policy.cpp @@ -93,6 +93,7 @@ int protoco_field_type_str2idx(enum verify_policy_type type, const char *action_ table_name[PXY_CTRL_HTTP_RES_HDR] = "TSG_FIELD_HTTP_RES_HDR"; table_name[PXY_CTRL_HTTP_RES_BODY] = "TSG_FIELD_HTTP_RES_CONTENT"; table_name[PXY_CTRL_SUBSCRIBE_ID] = "TSG_OBJ_SUBSCRIBER_ID"; + table_name[PXY_CTRL_APP_ID] = "TSG_OBJ_APP_ID"; break; case PXY_TABLE_SECURITY: table_name[PXY_SECURITY_IP] = "TSG_OBJ_IP_ADDR"; diff --git a/resource/table_info_proxy.conf b/resource/table_info_proxy.conf index c86ce40..cb128d7 100644 --- a/resource/table_info_proxy.conf +++ b/resource/table_info_proxy.conf @@ -30,20 +30,23 @@ 11 TSG_FIELD_HTTP_REQ_CONTENT virtual TSG_OBJ_KEYWORDS -- 12 TSG_FIELD_HTTP_RES_CONTENT virtual TSG_OBJ_KEYWORDS -- 13 TSG_OBJ_SUBSCRIBER_ID expr UTF8 UTF8 yes 0 quickon +14 TSG_OBJ_APP_ID expr UTF8 UTF8 yes 0 +15 TSG_SECURITY_SOURCE_ADDR virtual TSG_OBJ_IP_ADDR -- +16 TSG_SECURITY_DESTINATION_ADDR virtual TSG_OBJ_IP_ADDR -- +17 TSG_SECURITY_ADDR composition {"source":"TSG_SECURITY_SOURCE_ADDR","destination":"TSG_SECURITY_DESTINATION_ADDR"} #eliminate the alarm -14 TSG_OBJ_ACCOUNT expr UTF8 UTF8 yes 0 -16 TSG_FIELD_SSL_SNI virtual TSG_OBJ_FQDN -- -17 TSG_FIELD_SSL_CN virtual TSG_OBJ_FQDN -- -18 TSG_FIELD_SSL_SAN virtual TSG_OBJ_FQDN -- -19 TSG_FIELD_DNS_QNAME virtual TSG_OBJ_FQDN -- -20 TSG_FIELD_MAIL_ACCOUNT virtual TSG_OBJ_ACCOUNT -- -21 TSG_FIELD_MAIL_FROM virtual TSG_OBJ_ACCOUNT -- -22 TSG_FIELD_MAIL_TO virtual TSG_OBJ_ACCOUNT -- -23 TSG_FIELD_MAIL_SUBJECT virtual TSG_OBJ_KEYWORDS -- -24 TSG_FIELD_MAIL_CONTENT virtual TSG_OBJ_KEYWORDS -- -25 TSG_FIELD_MAIL_ATT_NAME virtual TSG_OBJ_KEYWORDS -- -26 TSG_FIELD_MAIL_ATT_CONTENT virtual TSG_OBJ_KEYWORDS -- -27 TSG_FIELD_FTP_URI virtual TSG_OBJ_URL -- -28 TSG_FIELD_FTP_CONTENT virtual TSG_OBJ_KEYWORDS -- -29 TSG_FIELD_FTP_ACCOUNT virtual TSG_OBJ_ACCOUNT -- - +18 TSG_OBJ_ACCOUNT expr UTF8 UTF8 yes 0 +19 TSG_FIELD_SSL_SNI virtual TSG_OBJ_FQDN -- +20 TSG_FIELD_SSL_CN virtual TSG_OBJ_FQDN -- +21 TSG_FIELD_SSL_SAN virtual TSG_OBJ_FQDN -- +22 TSG_FIELD_DNS_QNAME virtual TSG_OBJ_FQDN -- +23 TSG_FIELD_MAIL_ACCOUNT virtual TSG_OBJ_ACCOUNT -- +24 TSG_FIELD_MAIL_FROM virtual TSG_OBJ_ACCOUNT -- +25 TSG_FIELD_MAIL_TO virtual TSG_OBJ_ACCOUNT -- +26 TSG_FIELD_MAIL_SUBJECT virtual TSG_OBJ_KEYWORDS -- +27 TSG_FIELD_MAIL_CONTENT virtual TSG_OBJ_KEYWORDS -- +28 TSG_FIELD_MAIL_ATT_NAME virtual TSG_OBJ_KEYWORDS -- +29 TSG_FIELD_MAIL_ATT_CONTENT virtual TSG_OBJ_KEYWORDS -- +30 TSG_FIELD_FTP_URI virtual TSG_OBJ_URL -- +31 TSG_FIELD_FTP_CONTENT virtual TSG_OBJ_KEYWORDS -- +32 TSG_FIELD_FTP_ACCOUNT virtual TSG_OBJ_ACCOUNT -- diff --git a/resource/table_info_security.conf b/resource/table_info_security.conf index ec41130..c193fb5 100644 --- a/resource/table_info_security.conf +++ b/resource/table_info_security.conf @@ -39,3 +39,6 @@ 27 TSG_FIELD_FTP_URI virtual TSG_OBJ_URL -- 28 TSG_FIELD_FTP_CONTENT virtual TSG_OBJ_KEYWORDS -- 29 TSG_FIELD_FTP_ACCOUNT virtual TSG_OBJ_ACCOUNT -- +30 TSG_SECURITY_SOURCE_ADDR virtual TSG_OBJ_IP_ADDR -- +31 TSG_SECURITY_DESTINATION_ADDR virtual TSG_OBJ_IP_ADDR -- +32 TSG_SECURITY_ADDR composition {"source":"TSG_SECURITY_SOURCE_ADDR","destination":"TSG_SECURITY_DESTINATION_ADDR"} diff --git a/scan/src/pangu_http.cpp b/scan/src/pangu_http.cpp index 63ff53d..8b672ab 100644 --- a/scan/src/pangu_http.cpp +++ b/scan/src/pangu_http.cpp @@ -216,10 +216,9 @@ void get_scan_status(struct verify_policy_query_obj *query_obj, cJSON *attribute cJSON_AddItemToArray(hitPaths, histObj); cJSON_AddNumberToObject(histObj, "itemId", ctx->hit_path[i].region_id); cJSON_AddNumberToObject(histObj, "objectId", ctx->hit_path[i].sub_group_id); + cJSON_AddNumberToObject(histObj, "topObjectId", ctx->hit_path[i].top_group_id); if(ctx->hit_path[i].compile_id > 0) { - cJSON_AddNumberToObject(histObj, "topObjectId", ctx->hit_path[i].top_group_id); - //cJSON_AddNumberToObject(histObj, "protocolField", ctx->hit_path[i].virtual_table_id); cJSON_AddNumberToObject(histObj, "policyId", ctx->hit_path[i].compile_id); } } @@ -474,7 +473,7 @@ int pangu_policy_init(struct verify_policy * verify, const char* profile_path) } const char * table_name[__SCAN_TABLE_MAX]; - table_name[PXY_CTRL_IP] = "TSG_OBJ_IP_ADDR"; + table_name[PXY_CTRL_IP] = "TSG_SECURITY_ADDR"; table_name[PXY_CTRL_HTTP_URL] = "TSG_FIELD_HTTP_URL"; table_name[PXY_CTRL_HTTP_FQDN] = "TSG_FIELD_HTTP_HOST"; table_name[PXY_CTRL_HTTP_REQ_HDR] = "TSG_FIELD_HTTP_REQ_HDR"; @@ -482,6 +481,7 @@ int pangu_policy_init(struct verify_policy * verify, const char* profile_path) table_name[PXY_CTRL_HTTP_RES_HDR] = "TSG_FIELD_HTTP_RES_HDR"; table_name[PXY_CTRL_HTTP_RES_BODY] = "TSG_FIELD_HTTP_RES_CONTENT"; table_name[PXY_CTRL_SUBSCRIBE_ID] = "TSG_OBJ_SUBSCRIBER_ID"; + table_name[PXY_CTRL_APP_ID] = "TSG_OBJ_APP_ID"; for (int i = 0; i < __SCAN_TABLE_MAX; i++) { g_pangu_rt->scan_table_id[PXY_TABLE_MANIPULATION][i] = Maat_table_register(g_pangu_rt->maat[PXY_TABLE_MANIPULATION], table_name[i]); @@ -527,7 +527,7 @@ int security_policy_init(struct verify_policy * verify, const char* profile_path goto error_out; } const char * table_name[__SECURITY_TABLE_MAX]; - table_name[PXY_SECURITY_IP] = "TSG_OBJ_IP_ADDR"; + table_name[PXY_SECURITY_IP] = "TSG_SECURITY_ADDR"; table_name[PXY_SECURITY_HTTP_URL] = "TSG_FIELD_HTTP_URL"; table_name[PXY_SECURITY_HTTP_FQDN] = "TSG_FIELD_HTTP_HOST"; table_name[PXY_SECURITY_HTTP_REQ_HDR] = "TSG_FIELD_HTTP_REQ_HDR";