diff --git a/src/main/java/com/realtime/protection/configuration/entity/alert/AlertMessage.java b/src/main/java/com/realtime/protection/configuration/entity/alert/AlertMessage.java index 890e00a..06b5e26 100644 --- a/src/main/java/com/realtime/protection/configuration/entity/alert/AlertMessage.java +++ b/src/main/java/com/realtime/protection/configuration/entity/alert/AlertMessage.java @@ -5,19 +5,23 @@ import com.fasterxml.jackson.annotation.JsonProperty; import com.realtime.protection.configuration.entity.task.FiveTupleWithMask; import lombok.Data; + @Data public class AlertMessage { @JsonProperty("task_id") private Long taskId; - @JsonProperty("dynamic_rule_id") + @JsonProperty("rule_id") private Integer dynamicRuleId; @JsonProperty("five_tuple_with_mask") private FiveTupleWithMask fiveTupleWithMask; + @JsonProperty("content") + private String content; + // @JsonProperty("is_distribute") // private Boolean isDistribute;//待删除 diff --git a/src/main/java/com/realtime/protection/configuration/entity/rule/dynamicrule/DynamicRuleObject.java b/src/main/java/com/realtime/protection/configuration/entity/rule/dynamicrule/DynamicRuleObject.java index f9f4590..ac377d7 100644 --- a/src/main/java/com/realtime/protection/configuration/entity/rule/dynamicrule/DynamicRuleObject.java +++ b/src/main/java/com/realtime/protection/configuration/entity/rule/dynamicrule/DynamicRuleObject.java @@ -91,4 +91,8 @@ public class DynamicRuleObject { @Schema(description = "频率", example = "1", requiredMode = Schema.RequiredMode.REQUIRED) private Integer dynamicRuleFrequency; + @NotNull + @JsonProperty("log_rule_id") + @Schema(description = "筛选条件-日志规则id", example = "1", requiredMode = Schema.RequiredMode.REQUIRED) + private Integer logRuleId; } diff --git a/src/main/java/com/realtime/protection/server/alertmessage/AlertMessageController.java b/src/main/java/com/realtime/protection/server/alertmessage/AlertMessageController.java index f08a42d..69a29aa 100644 --- a/src/main/java/com/realtime/protection/server/alertmessage/AlertMessageController.java +++ b/src/main/java/com/realtime/protection/server/alertmessage/AlertMessageController.java @@ -19,7 +19,7 @@ public class AlertMessageController @PostMapping("/new") public ResponseResult receiveAlertMessage(@RequestBody @Valid AlertMessage alertMessage){ alertMessageService.processAlertMessage(alertMessage); - return ResponseResult.ok(); + return ResponseResult.ok().setData("success", true); } //实时任务、研判后任务:查看指令对应的告警信息 diff --git a/src/main/java/com/realtime/protection/server/alertmessage/AlertMessageService.java b/src/main/java/com/realtime/protection/server/alertmessage/AlertMessageService.java index bb325e8..b7f5c3b 100644 --- a/src/main/java/com/realtime/protection/server/alertmessage/AlertMessageService.java +++ b/src/main/java/com/realtime/protection/server/alertmessage/AlertMessageService.java @@ -70,8 +70,8 @@ public class AlertMessageService { // (1)查询生成指令所需信息:和alertMessage中的fiveTuple信息 合并成 TaskCommandInfo; // (2)额外信息:并额外查询templateId、protectLevel和taskStatus TaskCommandInfo dynamicCommandInfo = alertMessageMapper.getDynamicTaskInfos(taskId, DynamicRuleId); - if (dynamicCommandInfo.getTemplateId() == null){ - throw new IllegalArgumentException("taskId: " + taskId + " DynamicRuleId: " + DynamicRuleId + " 不匹配"); + if (dynamicCommandInfo == null || dynamicCommandInfo.getTemplateId() == null){ + throw new IllegalArgumentException("taskId: " + taskId + " DynamicRuleId: " + DynamicRuleId + " 不正确"); } // 根据templateId、protectLevel获取策略模板 ProtectLevel templateProtectLevel = alertMessageMapper.queryTemplateProtectLevel( diff --git a/src/main/java/com/realtime/protection/server/rule/dynamicrule/DynamicRuleService.java b/src/main/java/com/realtime/protection/server/rule/dynamicrule/DynamicRuleService.java index 6b56bfa..05c8e77 100644 --- a/src/main/java/com/realtime/protection/server/rule/dynamicrule/DynamicRuleService.java +++ b/src/main/java/com/realtime/protection/server/rule/dynamicrule/DynamicRuleService.java @@ -26,8 +26,6 @@ public class DynamicRuleService { @Transactional public Integer newDynamicRuleObject(DynamicRuleObject dynamicRule) { - dynamicRuleMapper.newDynamicRule(dynamicRule); - //判断protectObject id是否有效 boolean ProtectObjIdValid = dynamicRule.getProtectObjectIds().stream() .allMatch( @@ -36,6 +34,8 @@ public class DynamicRuleService { if (!ProtectObjIdValid) { throw new IllegalArgumentException("protect object id is invalid"); } + + dynamicRuleMapper.newDynamicRule(dynamicRule); Integer dynamicRuleId = dynamicRule.getDynamicRuleId(); dynamicRule.getProtectObjectIds().forEach( protectObjectId -> dynamicRuleMapper.newDynamicRulProtectObjectConcat(dynamicRuleId, protectObjectId)); @@ -104,9 +104,10 @@ public class DynamicRuleService { //template在表中删除了,需要重新设置template(感觉这种情况不多见) dynamicRuleObject.setDynamicRuleSourceSystem("need reset"); dynamicRuleObject.setDynamicRuleEventType("need reset"); - } + }else{ dynamicRuleObject.setDynamicRuleSourceSystem(template.getSourceSystem()); dynamicRuleObject.setDynamicRuleEventType(template.getTemplateName()); + } return dynamicRuleObject; } diff --git a/src/main/java/com/realtime/protection/server/rule/staticrule/StaticRuleService.java b/src/main/java/com/realtime/protection/server/rule/staticrule/StaticRuleService.java index 4657fd2..3b8b81c 100644 --- a/src/main/java/com/realtime/protection/server/rule/staticrule/StaticRuleService.java +++ b/src/main/java/com/realtime/protection/server/rule/staticrule/StaticRuleService.java @@ -7,6 +7,9 @@ import com.realtime.protection.configuration.utils.status.AuditStatusValidator; import org.springframework.stereotype.Service; import org.springframework.transaction.annotation.Transactional; +import java.net.InetAddress; +import java.net.UnknownHostException; +import java.nio.ByteBuffer; import java.time.LocalDateTime; import java.util.HashMap; import java.util.List; @@ -25,17 +28,39 @@ public class StaticRuleService { this.sqlSessionWrapper = sqlSessionWrapper; } + private static int ipToInt(String ip) { + try { + byte[] bytes = InetAddress.getByName(ip).getAddress(); + return ByteBuffer.wrap(bytes).getInt(); + } catch (UnknownHostException e) { + throw new RuntimeException(e); + } + } + private Boolean isIpMaskValid(String ip, String mip) { + if (ip == null && mip != null) throw new IllegalArgumentException("有ip掩码但没设置ip"); + if (mip == null) return true; + + int ipToInt = ipToInt(ip); + int mipToInt = ipToInt(mip); + return ( ipToInt == (ipToInt & mipToInt) ) ; + } + /* 新建静态规则 */ - public Integer newStaticRuleObject(StaticRuleObject object) { + public Integer newStaticRuleObject(StaticRuleObject object) { object.setStaticRuleCreateTime(LocalDateTime.now()); object.setStaticRuleAuditStatus(0); /* 待开发:设置静态规则对象的创建用户、用户所属部门等属性 */ + if (!isIpMaskValid(object.getStaticRuleSip(),object.getStaticRuleMsip()) || + !isIpMaskValid(object.getStaticRuleDip(),object.getStaticRuleMdip()) + ){ + throw new IllegalArgumentException("IP和IP掩码不匹配"); + } staticRuleMapper.newStaticRuleObject(object); return object.getStaticRuleId(); diff --git a/src/main/resources/mappers/AlertMessageMapper.xml b/src/main/resources/mappers/AlertMessageMapper.xml index f111079..98309a0 100644 --- a/src/main/resources/mappers/AlertMessageMapper.xml +++ b/src/main/resources/mappers/AlertMessageMapper.xml @@ -43,6 +43,7 @@ + @@ -56,6 +57,7 @@ + @@ -78,7 +80,8 @@ COMMAND_UUID, CREATE_TIME, LAST_UPDATE, - ALERT_MESSAGE_ID) + ALERT_MESSAGE_ID, + CONTENT) values ( #{taskId}, #{dynamicRuleId}, @@ -96,7 +99,8 @@ #{commandUUID}, NOW(), NOW(), - UUID()) + UUID(), + #{content}) @@ -175,7 +179,8 @@ t_alertmessage.COMMAND_UUID, t_alertmessage.CREATE_TIME, - t_alertmessage.LAST_UPDATE + t_alertmessage.LAST_UPDATE, + t_alertmessage.CONTENT from t_alertmessage where diff --git a/src/main/resources/mappers/DynamicRuleMapper.xml b/src/main/resources/mappers/DynamicRuleMapper.xml index c4759d3..ac09834 100644 --- a/src/main/resources/mappers/DynamicRuleMapper.xml +++ b/src/main/resources/mappers/DynamicRuleMapper.xml @@ -13,14 +13,14 @@ create_time, modify_time, dynamic_rule_create_username, dynamic_rule_create_depart, template_id, dynamic_rule_protect_level, dynamic_rule_priority, dynamic_rule_range, - dynamic_rule_frequency, dynamic_rule_create_user_id) + dynamic_rule_frequency, dynamic_rule_create_user_id, log_rule_id) values (#{object.dynamicRuleName}, NOW(), #{object.dynamicRuleModifyTime}, #{object.dynamicRuleCreateUsername}, #{object.dynamicRuleCreateDepart}, #{object.templateId}, #{object.dynamicRuleProtectLevel}, #{object.dynamicRulePriority}, #{object.dynamicRuleRange}, #{object.dynamicRuleFrequency}, - #{object.dynamicRuleCreateUserId}) + #{object.dynamicRuleCreateUserId},#{object.logRuleId}) @@ -35,7 +35,7 @@ create_time, modify_time, dynamic_rule_create_username, dynamic_rule_create_depart, template_id, dynamic_rule_protect_level, dynamic_rule_priority, dynamic_rule_range, - dynamic_rule_frequency, dynamic_rule_create_user_id + dynamic_rule_frequency, dynamic_rule_create_user_id,log_rule_id ) values @@ -45,7 +45,7 @@ #{object.templateId}, #{object.dynamicRuleProtectLevel}, #{object.dynamicRulePriority}, #{object.dynamicRuleRange}, #{object.dynamicRuleFrequency}, - #{object.dynamicRuleCreateUserId}) + #{object.dynamicRuleCreateUserId},#{object.logRuleId}) diff --git a/src/test/java/com/realtime/protection/server/alertmessage/AlertMessageTest.java b/src/test/java/com/realtime/protection/server/alertmessage/AlertMessageTest.java index e03833e..6fb3d43 100644 --- a/src/test/java/com/realtime/protection/server/alertmessage/AlertMessageTest.java +++ b/src/test/java/com/realtime/protection/server/alertmessage/AlertMessageTest.java @@ -1,38 +1,82 @@ package com.realtime.protection.server.alertmessage; +import com.realtime.protection.configuration.entity.alert.AlertMessage; +import com.realtime.protection.configuration.entity.defense.object.ProtectObject; +import com.realtime.protection.configuration.entity.defense.template.Template; +import com.realtime.protection.configuration.entity.rule.dynamicrule.DynamicRuleObject; +import com.realtime.protection.configuration.entity.task.FiveTupleWithMask; +import com.realtime.protection.configuration.entity.task.Task; +import com.realtime.protection.server.defense.object.ProtectObjectService; +import com.realtime.protection.server.defense.template.TemplateService; +import com.realtime.protection.server.rule.dynamicrule.DynamicRuleService; +import com.realtime.protection.server.task.TaskService; import org.junit.jupiter.api.Test; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.boot.test.context.SpringBootTest; +import java.time.LocalDateTime; +import java.util.List; + @SpringBootTest public class AlertMessageTest { private final AlertMessageService alertMessageService; + private final ProtectObjectService protectObjectService; + private final TemplateService templateService; + private final DynamicRuleService dynamicRuleService; + private final TaskService taskService; @Autowired - public AlertMessageTest(AlertMessageService alertMessageService) { + public AlertMessageTest(AlertMessageService alertMessageService + ,ProtectObjectService protectObjectService,TemplateService templateService, + DynamicRuleService dynamicRuleService,TaskService taskService) { this.alertMessageService = alertMessageService; + this.protectObjectService = protectObjectService; + this.templateService = templateService; + this.dynamicRuleService = dynamicRuleService; + this.taskService = taskService; } @Test void testReceiveAlertMessage() { - /* - for (int i = 1; i < 4; i++) { - AlertMessage alertMessage = new AlertMessage(); - FiveTupleWithMask fiveTupleWithMask = new FiveTupleWithMask(); - fiveTupleWithMask.setSourceIP("1.1.1." + i); - fiveTupleWithMask.setMaskSourceIP("255.255.255.0"); - fiveTupleWithMask.setDestinationIP("2.2.3." + i); - fiveTupleWithMask.setMaskDestinationIP("255.255.255.255"); - fiveTupleWithMask.setSourcePort("80"); - fiveTupleWithMask.setDestinationPort("80"); - fiveTupleWithMask.setProtocol("TCP"); - alertMessage.setTaskId(1937L); - alertMessage.setFiveTupleWithMask(fiveTupleWithMask); - alertMessage.setDynamicRuleId(31); - alertMessageService.processAlertMessage(alertMessage); - } - */ + List protectObject = protectObjectService.queryProtectObjects(null, null, 1, 1); + List