gfwleak/tango-verify-policy
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

管控策略增加扫描app-id

Browse Source 
修改table_info支持ip虚表
This commit is contained in:
fengweihao
2020-04-01 14:29:24 +08:00
parent cd0fd581f1
commit 8f3a283b70
5 changed files with 28 additions and 20 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
common/include/verify_policy.h
View File

@@ -29,6 +29,7 @@ enum manipulate_sacn_table
PXY_CTRL_HTTP_RES_HDR,
PXY_CTRL_HTTP_RES_BODY,
PXY_CTRL_SUBSCRIBE_ID,
PXY_CTRL_APP_ID,
__SCAN_TABLE_MAX
};

1
platform/src/verify_policy.cpp
View File

@@ -93,6 +93,7 @@ int protoco_field_type_str2idx(enum verify_policy_type type, const char *action_
table_name[PXY_CTRL_HTTP_RES_HDR] = "TSG_FIELD_HTTP_RES_HDR";
table_name[PXY_CTRL_HTTP_RES_BODY] = "TSG_FIELD_HTTP_RES_CONTENT";
table_name[PXY_CTRL_SUBSCRIBE_ID] = "TSG_OBJ_SUBSCRIBER_ID";
table_name[PXY_CTRL_APP_ID] = "TSG_OBJ_APP_ID";
break;
case PXY_TABLE_SECURITY:
table_name[PXY_SECURITY_IP] = "TSG_OBJ_IP_ADDR";

35
resource/table_info_proxy.conf
View File

@@ -30,20 +30,23 @@
11 TSG_FIELD_HTTP_REQ_CONTENT virtual TSG_OBJ_KEYWORDS --
12 TSG_FIELD_HTTP_RES_CONTENT virtual TSG_OBJ_KEYWORDS --
13 TSG_OBJ_SUBSCRIBER_ID expr UTF8 UTF8 yes 0 quickon
14 TSG_OBJ_APP_ID expr UTF8 UTF8 yes 0
15 TSG_SECURITY_SOURCE_ADDR virtual TSG_OBJ_IP_ADDR --
16 TSG_SECURITY_DESTINATION_ADDR virtual TSG_OBJ_IP_ADDR --
17 TSG_SECURITY_ADDR composition {"source":"TSG_SECURITY_SOURCE_ADDR","destination":"TSG_SECURITY_DESTINATION_ADDR"}
#eliminate the alarm
14 TSG_OBJ_ACCOUNT expr UTF8 UTF8 yes 0
16 TSG_FIELD_SSL_SNI virtual TSG_OBJ_FQDN --
17 TSG_FIELD_SSL_CN virtual TSG_OBJ_FQDN --
18 TSG_FIELD_SSL_SAN virtual TSG_OBJ_FQDN --
19 TSG_FIELD_DNS_QNAME virtual TSG_OBJ_FQDN --
20 TSG_FIELD_MAIL_ACCOUNT virtual TSG_OBJ_ACCOUNT --
21 TSG_FIELD_MAIL_FROM virtual TSG_OBJ_ACCOUNT --
22 TSG_FIELD_MAIL_TO virtual TSG_OBJ_ACCOUNT --
23 TSG_FIELD_MAIL_SUBJECT virtual TSG_OBJ_KEYWORDS --
24 TSG_FIELD_MAIL_CONTENT virtual TSG_OBJ_KEYWORDS --
25 TSG_FIELD_MAIL_ATT_NAME virtual TSG_OBJ_KEYWORDS --
26 TSG_FIELD_MAIL_ATT_CONTENT virtual TSG_OBJ_KEYWORDS --
27 TSG_FIELD_FTP_URI virtual TSG_OBJ_URL --
28 TSG_FIELD_FTP_CONTENT virtual TSG_OBJ_KEYWORDS --
29 TSG_FIELD_FTP_ACCOUNT virtual TSG_OBJ_ACCOUNT --
18 TSG_OBJ_ACCOUNT expr UTF8 UTF8 yes 0
19 TSG_FIELD_SSL_SNI virtual TSG_OBJ_FQDN --
20 TSG_FIELD_SSL_CN virtual TSG_OBJ_FQDN --
21 TSG_FIELD_SSL_SAN virtual TSG_OBJ_FQDN --
22 TSG_FIELD_DNS_QNAME virtual TSG_OBJ_FQDN --
23 TSG_FIELD_MAIL_ACCOUNT virtual TSG_OBJ_ACCOUNT --
24 TSG_FIELD_MAIL_FROM virtual TSG_OBJ_ACCOUNT --
25 TSG_FIELD_MAIL_TO virtual TSG_OBJ_ACCOUNT --
26 TSG_FIELD_MAIL_SUBJECT virtual TSG_OBJ_KEYWORDS --
27 TSG_FIELD_MAIL_CONTENT virtual TSG_OBJ_KEYWORDS --
28 TSG_FIELD_MAIL_ATT_NAME virtual TSG_OBJ_KEYWORDS --
29 TSG_FIELD_MAIL_ATT_CONTENT virtual TSG_OBJ_KEYWORDS --
30 TSG_FIELD_FTP_URI virtual TSG_OBJ_URL --
31 TSG_FIELD_FTP_CONTENT virtual TSG_OBJ_KEYWORDS --
32 TSG_FIELD_FTP_ACCOUNT virtual TSG_OBJ_ACCOUNT --

3
resource/table_info_security.conf
View File

@@ -39,3 +39,6 @@
27 TSG_FIELD_FTP_URI virtual TSG_OBJ_URL --
28 TSG_FIELD_FTP_CONTENT virtual TSG_OBJ_KEYWORDS --
29 TSG_FIELD_FTP_ACCOUNT virtual TSG_OBJ_ACCOUNT --
30 TSG_SECURITY_SOURCE_ADDR virtual TSG_OBJ_IP_ADDR --
31 TSG_SECURITY_DESTINATION_ADDR virtual TSG_OBJ_IP_ADDR --
32 TSG_SECURITY_ADDR composition {"source":"TSG_SECURITY_SOURCE_ADDR","destination":"TSG_SECURITY_DESTINATION_ADDR"}

8
scan/src/pangu_http.cpp
View File

@@ -216,10 +216,9 @@ void get_scan_status(struct verify_policy_query_obj *query_obj, cJSON *attribute
cJSON_AddItemToArray(hitPaths, histObj);
cJSON_AddNumberToObject(histObj, "itemId", ctx->hit_path[i].region_id);
cJSON_AddNumberToObject(histObj, "objectId", ctx->hit_path[i].sub_group_id);
cJSON_AddNumberToObject(histObj, "topObjectId", ctx->hit_path[i].top_group_id);
if(ctx->hit_path[i].compile_id > 0)
{
cJSON_AddNumberToObject(histObj, "topObjectId", ctx->hit_path[i].top_group_id);
//cJSON_AddNumberToObject(histObj, "protocolField", ctx->hit_path[i].virtual_table_id);
cJSON_AddNumberToObject(histObj, "policyId", ctx->hit_path[i].compile_id);
}
}
@@ -474,7 +473,7 @@ int pangu_policy_init(struct verify_policy * verify, const char* profile_path)
}
const char * table_name[__SCAN_TABLE_MAX];
table_name[PXY_CTRL_IP] = "TSG_OBJ_IP_ADDR";
table_name[PXY_CTRL_IP] = "TSG_SECURITY_ADDR";
table_name[PXY_CTRL_HTTP_URL] = "TSG_FIELD_HTTP_URL";
table_name[PXY_CTRL_HTTP_FQDN] = "TSG_FIELD_HTTP_HOST";
table_name[PXY_CTRL_HTTP_REQ_HDR] = "TSG_FIELD_HTTP_REQ_HDR";
@@ -482,6 +481,7 @@ int pangu_policy_init(struct verify_policy * verify, const char* profile_path)
table_name[PXY_CTRL_HTTP_RES_HDR] = "TSG_FIELD_HTTP_RES_HDR";
table_name[PXY_CTRL_HTTP_RES_BODY] = "TSG_FIELD_HTTP_RES_CONTENT";
table_name[PXY_CTRL_SUBSCRIBE_ID] = "TSG_OBJ_SUBSCRIBER_ID";
table_name[PXY_CTRL_APP_ID] = "TSG_OBJ_APP_ID";
for (int i = 0; i < __SCAN_TABLE_MAX; i++)
{
g_pangu_rt->scan_table_id[PXY_TABLE_MANIPULATION][i] = Maat_table_register(g_pangu_rt->maat[PXY_TABLE_MANIPULATION], table_name[i]);
@@ -527,7 +527,7 @@ int security_policy_init(struct verify_policy * verify, const char* profile_path
goto error_out;
}
const char * table_name[__SECURITY_TABLE_MAX];
table_name[PXY_SECURITY_IP] = "TSG_OBJ_IP_ADDR";
table_name[PXY_SECURITY_IP] = "TSG_SECURITY_ADDR";
table_name[PXY_SECURITY_HTTP_URL] = "TSG_FIELD_HTTP_URL";
table_name[PXY_SECURITY_HTTP_FQDN] = "TSG_FIELD_HTTP_HOST";
table_name[PXY_SECURITY_HTTP_REQ_HDR] = "TSG_FIELD_HTTP_REQ_HDR";