gfwleak/tango-verify-policy
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

策略验证添加漏掉的TSG_OBJ_APP_ID表注册代码

Browse Source
This commit is contained in:
fengweihao
2020-03-18 15:40:21 +08:00
parent f3d800dd76
commit cd0fd581f1
3 changed files with 6 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
common/include/verify_policy.h
View File

@@ -56,6 +56,7 @@ enum security_scan_table
PXY_SECURITY_FTP_URI, PXY_SECURITY_FTP_URI,
PXY_SECURITY_FTP_CONTENT, PXY_SECURITY_FTP_CONTENT,
PXY_SECURITY_FTP_ACCOUNT, PXY_SECURITY_FTP_ACCOUNT,
PXY_SECURITY_APP_ID,
__SECURITY_TABLE_MAX __SECURITY_TABLE_MAX
}; };

5
platform/src/verify_policy.cpp
View File

@@ -117,6 +117,7 @@ int protoco_field_type_str2idx(enum verify_policy_type type, const char *action_
table_name[PXY_SECURITY_FTP_URI] = "TSG_FIELD_FTP_URI"; table_name[PXY_SECURITY_FTP_URI] = "TSG_FIELD_FTP_URI";
table_name[PXY_SECURITY_FTP_CONTENT] = "TSG_FIELD_FTP_CONTENT"; table_name[PXY_SECURITY_FTP_CONTENT] = "TSG_FIELD_FTP_CONTENT";
table_name[PXY_SECURITY_FTP_ACCOUNT] = "TSG_FIELD_FTP_ACCOUNT"; table_name[PXY_SECURITY_FTP_ACCOUNT] = "TSG_FIELD_FTP_ACCOUNT";
table_name[PXY_SECURITY_APP_ID] = "TSG_OBJ_APP_ID";
break; break;
case PXY_TABLE_DEFENCE: case PXY_TABLE_DEFENCE:
break; break;
@@ -243,8 +244,8 @@ cJSON *get_query_from_request(const char *data, int thread_id)
if(item && item->type==cJSON_String) if(item && item->type==cJSON_String)
{ {
policy_query->query_obj[i].protocol_field = protoco_field_type_str2idx(policy_query->type, item->valuestring, buff, &p); policy_query->query_obj[i].protocol_field = protoco_field_type_str2idx(policy_query->type, item->valuestring, buff, &p);
if(policy_query->query_obj[i].protocol_field == __SECURITY_TABLE_MAX || if ((policy_query->type == PXY_TABLE_MANIPULATION && policy_query->query_obj[i].protocol_field == __SCAN_TABLE_MAX)
policy_query->query_obj[i].protocol_field == __SCAN_TABLE_MAX) || (policy_query->type == PXY_TABLE_SECURITY && policy_query->query_obj[i].protocol_field == __SECURITY_TABLE_MAX))
{ {
mesa_runtime_log(RLOG_LV_FATAL, MODULE_NAME, "policy table name error, table name = %s", item->valuestring); mesa_runtime_log(RLOG_LV_FATAL, MODULE_NAME, "policy table name error, table name = %s", item->valuestring);
goto free; goto free;

3
scan/src/pangu_http.cpp
View File

@@ -63,7 +63,7 @@ struct pangu_http_ctx
size_t n_enforce; size_t n_enforce;
struct Maat_rule_t * enforce_rules; struct Maat_rule_t * enforce_rules;
int n_read; int n_read;
struct Maat_hit_path_t hit_path[128]; struct Maat_hit_path_t hit_path[2048];
int thread_id; int thread_id;
}; };
@@ -549,6 +549,7 @@ int security_policy_init(struct verify_policy * verify, const char* profile_path
table_name[PXY_SECURITY_FTP_URI] = "TSG_FIELD_FTP_URI"; table_name[PXY_SECURITY_FTP_URI] = "TSG_FIELD_FTP_URI";
table_name[PXY_SECURITY_FTP_CONTENT] = "TSG_FIELD_FTP_CONTENT"; table_name[PXY_SECURITY_FTP_CONTENT] = "TSG_FIELD_FTP_CONTENT";
table_name[PXY_SECURITY_FTP_ACCOUNT] = "TSG_FIELD_FTP_ACCOUNT"; table_name[PXY_SECURITY_FTP_ACCOUNT] = "TSG_FIELD_FTP_ACCOUNT";
table_name[PXY_SECURITY_APP_ID] = "TSG_OBJ_APP_ID";
for (int i = 0; i < __SECURITY_TABLE_MAX; i++) for (int i = 0; i < __SECURITY_TABLE_MAX; i++)
{ {