1、AlertMessage实体类增加content字段，并同步mapper中新增、查询方法增加content字段

2、DynamicRuleObject实体类新增log_rule_id属性，并同步mapper中新增、查询方法增加log_rule_id字段 3、StaticRule新建增加ip、maskip是否匹配的判断，批量新建和更新还没增加。
2024-01-29 23:41:13 +08:00
parent e48f837b64
commit 1be5269d1d
11 changed files with 129 additions and 61 deletions
--- a/src/main/java/com/realtime/protection/configuration/entity/alert/AlertMessage.java
+++ b/src/main/java/com/realtime/protection/configuration/entity/alert/AlertMessage.java
@@ -5,19 +5,23 @@ import com.fasterxml.jackson.annotation.JsonProperty;
 import com.realtime.protection.configuration.entity.task.FiveTupleWithMask;
 import lombok.Data;
@Data
 public class AlertMessage {
    @JsonProperty("task_id")
    private Long taskId;
-    @JsonProperty("dynamic_rule_id")
+    @JsonProperty("rule_id")
    private Integer dynamicRuleId;
    @JsonProperty("five_tuple_with_mask")
    private FiveTupleWithMask fiveTupleWithMask;
    @JsonProperty("content")
    private String content;
 //    @JsonProperty("is_distribute")
 //    private Boolean isDistribute;//待删除
--- a/src/main/java/com/realtime/protection/configuration/entity/rule/dynamicrule/DynamicRuleObject.java
+++ b/src/main/java/com/realtime/protection/configuration/entity/rule/dynamicrule/DynamicRuleObject.java
@@ -91,4 +91,8 @@ public class DynamicRuleObject {
    @Schema(description = "频率", example = "1", requiredMode = Schema.RequiredMode.REQUIRED)
    private Integer dynamicRuleFrequency;
    @NotNull
    @JsonProperty("log_rule_id")
    @Schema(description = "筛选条件-日志规则id", example = "1", requiredMode = Schema.RequiredMode.REQUIRED)
    private Integer logRuleId;
 }
--- a/src/main/java/com/realtime/protection/server/alertmessage/AlertMessageController.java
+++ b/src/main/java/com/realtime/protection/server/alertmessage/AlertMessageController.java
@@ -19,7 +19,7 @@ public class AlertMessageController
    @PostMapping("/new")
    public ResponseResult receiveAlertMessage(@RequestBody @Valid AlertMessage alertMessage){
        alertMessageService.processAlertMessage(alertMessage);
-        return ResponseResult.ok();
+        return ResponseResult.ok().setData("success", true);
    }
    //实时任务、研判后任务：查看指令对应的告警信息
--- a/src/main/java/com/realtime/protection/server/alertmessage/AlertMessageService.java
+++ b/src/main/java/com/realtime/protection/server/alertmessage/AlertMessageService.java
@@ -70,8 +70,8 @@ public class AlertMessageService {
 //        （1）查询生成指令所需信息：和alertMessage中的fiveTuple信息 合并成 TaskCommandInfo;
 //        （2）额外信息：并额外查询templateId、protectLevel和taskStatus
        TaskCommandInfo dynamicCommandInfo = alertMessageMapper.getDynamicTaskInfos(taskId, DynamicRuleId);
-        if (dynamicCommandInfo.getTemplateId() == null){
+        if (dynamicCommandInfo == null || dynamicCommandInfo.getTemplateId() == null){
-            throw new IllegalArgumentException("taskId: " + taskId + " DynamicRuleId: " + DynamicRuleId + " 不匹配");
+            throw new IllegalArgumentException("taskId: " + taskId + " DynamicRuleId: " + DynamicRuleId + " 不正确");
        }
 //        根据templateId、protectLevel获取策略模板
        ProtectLevel templateProtectLevel = alertMessageMapper.queryTemplateProtectLevel(
--- a/src/main/java/com/realtime/protection/server/rule/dynamicrule/DynamicRuleService.java
+++ b/src/main/java/com/realtime/protection/server/rule/dynamicrule/DynamicRuleService.java
@@ -26,8 +26,6 @@ public class DynamicRuleService {
    @Transactional
    public Integer newDynamicRuleObject(DynamicRuleObject dynamicRule) {
        dynamicRuleMapper.newDynamicRule(dynamicRule);
        //判断protectObject id是否有效
        boolean ProtectObjIdValid = dynamicRule.getProtectObjectIds().stream()
                .allMatch(
@@ -36,6 +34,8 @@ public class DynamicRuleService {
        if (!ProtectObjIdValid) {
            throw new IllegalArgumentException("protect object id is invalid");
        }
        dynamicRuleMapper.newDynamicRule(dynamicRule);
        Integer dynamicRuleId = dynamicRule.getDynamicRuleId();
        dynamicRule.getProtectObjectIds().forEach(
                protectObjectId -> dynamicRuleMapper.newDynamicRulProtectObjectConcat(dynamicRuleId, protectObjectId));
@@ -104,9 +104,10 @@ public class DynamicRuleService {
            //template在表中删除了，需要重新设置template（感觉这种情况不多见）
            dynamicRuleObject.setDynamicRuleSourceSystem("need reset");
            dynamicRuleObject.setDynamicRuleEventType("need reset");
-        }
+        }else{
        dynamicRuleObject.setDynamicRuleSourceSystem(template.getSourceSystem());
        dynamicRuleObject.setDynamicRuleEventType(template.getTemplateName());
        }
        return dynamicRuleObject;
    }
--- a/src/main/java/com/realtime/protection/server/rule/staticrule/StaticRuleService.java
+++ b/src/main/java/com/realtime/protection/server/rule/staticrule/StaticRuleService.java
@@ -7,6 +7,9 @@ import com.realtime.protection.configuration.utils.status.AuditStatusValidator;
 import org.springframework.stereotype.Service;
 import org.springframework.transaction.annotation.Transactional;
 import java.net.InetAddress;
 import java.net.UnknownHostException;
 import java.nio.ByteBuffer;
 import java.time.LocalDateTime;
 import java.util.HashMap;
 import java.util.List;
@@ -25,6 +28,23 @@ public class StaticRuleService {
        this.sqlSessionWrapper = sqlSessionWrapper;
    }
    private static int ipToInt(String ip)  {
        try {
            byte[] bytes = InetAddress.getByName(ip).getAddress();
            return ByteBuffer.wrap(bytes).getInt();
        } catch (UnknownHostException e) {
            throw new RuntimeException(e);
        }
    }
    private Boolean isIpMaskValid(String ip, String mip)  {
        if (ip == null && mip != null)  throw new IllegalArgumentException("有ip掩码但没设置ip");
        if (mip == null) return true;
        int ipToInt = ipToInt(ip);
        int mipToInt = ipToInt(mip);
        return ( ipToInt == (ipToInt & mipToInt) ) ;
    }
    /*
    新建静态规则
@@ -36,6 +56,11 @@ public class StaticRuleService {
        /*
        待开发：设置静态规则对象的创建用户、用户所属部门等属性
         */
        if (!isIpMaskValid(object.getStaticRuleSip(),object.getStaticRuleMsip()) ||
                !isIpMaskValid(object.getStaticRuleDip(),object.getStaticRuleMdip())
            ){
            throw new IllegalArgumentException("IP和IP掩码不匹配");
        }
        staticRuleMapper.newStaticRuleObject(object);
        return object.getStaticRuleId();
--- a/src/main/resources/mappers/AlertMessageMapper.xml
+++ b/src/main/resources/mappers/AlertMessageMapper.xml
@@ -43,6 +43,7 @@
        <result column="CREATE_TIME" property="createTime"/>
        <result column="LAST_UPDATE" property="modifyTime"/>
        <result column="CONTENT" property="content"/>
        <association property="fiveTupleWithMask">
            <result column="ADDR_TYPE" property="addrType"/>
@@ -56,6 +57,7 @@
            <result column="MASK_DST_IP" property="maskDestinationIP"/>
            <result column="MASK_DST_PORT" property="maskDestinationPort"/>
            <result column="MASK_PROTOCOL" property="maskProtocol"/>
        </association>
    </resultMap>
@@ -78,7 +80,8 @@
                            COMMAND_UUID,
                            CREATE_TIME,
                            LAST_UPDATE,
-                            ALERT_MESSAGE_ID)
+                            ALERT_MESSAGE_ID,
                            CONTENT)
        values (
                #{taskId},
                #{dynamicRuleId},
@@ -96,7 +99,8 @@
                #{commandUUID},
                NOW(),
                NOW(),
-                UUID())
+                UUID(),
                #{content})
    </insert>
@@ -175,7 +179,8 @@
            t_alertmessage.COMMAND_UUID,
            t_alertmessage.CREATE_TIME,
-            t_alertmessage.LAST_UPDATE
+            t_alertmessage.LAST_UPDATE,
            t_alertmessage.CONTENT
            from t_alertmessage
            where
--- a/src/main/resources/mappers/DynamicRuleMapper.xml
+++ b/src/main/resources/mappers/DynamicRuleMapper.xml
@@ -13,14 +13,14 @@
         create_time, modify_time, dynamic_rule_create_username,
         dynamic_rule_create_depart, template_id, dynamic_rule_protect_level,
         dynamic_rule_priority, dynamic_rule_range,
-         dynamic_rule_frequency, dynamic_rule_create_user_id)
+         dynamic_rule_frequency, dynamic_rule_create_user_id, log_rule_id)
        values (#{object.dynamicRuleName},
                NOW(), #{object.dynamicRuleModifyTime},
                #{object.dynamicRuleCreateUsername}, #{object.dynamicRuleCreateDepart},
                #{object.templateId}, #{object.dynamicRuleProtectLevel},
                #{object.dynamicRulePriority}, #{object.dynamicRuleRange},
                #{object.dynamicRuleFrequency},
-                #{object.dynamicRuleCreateUserId})
+                #{object.dynamicRuleCreateUserId},#{object.logRuleId})
    </insert>
@@ -35,7 +35,7 @@
        create_time, modify_time, dynamic_rule_create_username,
        dynamic_rule_create_depart, template_id, dynamic_rule_protect_level,
        dynamic_rule_priority, dynamic_rule_range,
-        dynamic_rule_frequency, dynamic_rule_create_user_id
+        dynamic_rule_frequency, dynamic_rule_create_user_id,log_rule_id
        )
        values
        <foreach collection="dynamicRuleObjects" item="object" separator=",">
@@ -45,7 +45,7 @@
            #{object.templateId}, #{object.dynamicRuleProtectLevel},
            #{object.dynamicRulePriority}, #{object.dynamicRuleRange},
            #{object.dynamicRuleFrequency},
-            #{object.dynamicRuleCreateUserId})
+            #{object.dynamicRuleCreateUserId},#{object.logRuleId})
        </foreach>
    </insert>
    <insert id="newDynamicRulProtectObjectsConcat">
--- a/src/test/java/com/realtime/protection/server/alertmessage/AlertMessageTest.java
+++ b/src/test/java/com/realtime/protection/server/alertmessage/AlertMessageTest.java
@@ -1,38 +1,82 @@
 package com.realtime.protection.server.alertmessage;
 import com.realtime.protection.configuration.entity.alert.AlertMessage;
 import com.realtime.protection.configuration.entity.defense.object.ProtectObject;
 import com.realtime.protection.configuration.entity.defense.template.Template;
 import com.realtime.protection.configuration.entity.rule.dynamicrule.DynamicRuleObject;
 import com.realtime.protection.configuration.entity.task.FiveTupleWithMask;
 import com.realtime.protection.configuration.entity.task.Task;
 import com.realtime.protection.server.defense.object.ProtectObjectService;
 import com.realtime.protection.server.defense.template.TemplateService;
 import com.realtime.protection.server.rule.dynamicrule.DynamicRuleService;
 import com.realtime.protection.server.task.TaskService;
 import org.junit.jupiter.api.Test;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.boot.test.context.SpringBootTest;
 import java.time.LocalDateTime;
 import java.util.List;
@SpringBootTest
 public class AlertMessageTest {
    private final AlertMessageService alertMessageService;
    private final ProtectObjectService protectObjectService;
    private final TemplateService templateService;
    private final DynamicRuleService dynamicRuleService;
    private final TaskService taskService;
    @Autowired
-    public AlertMessageTest(AlertMessageService alertMessageService) {
+    public AlertMessageTest(AlertMessageService alertMessageService
    ,ProtectObjectService protectObjectService,TemplateService templateService,
                            DynamicRuleService dynamicRuleService,TaskService taskService) {
        this.alertMessageService = alertMessageService;
        this.protectObjectService = protectObjectService;
        this.templateService = templateService;
        this.dynamicRuleService = dynamicRuleService;
        this.taskService = taskService;
    }
    @Test
    void testReceiveAlertMessage() {
        /*
        for (int i = 1; i < 4; i++) {
            AlertMessage alertMessage = new AlertMessage();
            FiveTupleWithMask fiveTupleWithMask = new FiveTupleWithMask();
            fiveTupleWithMask.setSourceIP("1.1.1." + i);
            fiveTupleWithMask.setMaskSourceIP("255.255.255.0");
            fiveTupleWithMask.setDestinationIP("2.2.3." + i);
            fiveTupleWithMask.setMaskDestinationIP("255.255.255.255");
            fiveTupleWithMask.setSourcePort("80");
            fiveTupleWithMask.setDestinationPort("80");
            fiveTupleWithMask.setProtocol("TCP");
-            alertMessage.setTaskId(1937L);
+        List<ProtectObject> protectObject = protectObjectService.queryProtectObjects(null, null, 1, 1);
-            alertMessage.setFiveTupleWithMask(fiveTupleWithMask);
+        List<Template> templates = templateService.queryTemplates(null, 1, 1);
-            alertMessage.setDynamicRuleId(31);
+
-            alertMessageService.processAlertMessage(alertMessage);
+        DynamicRuleObject object = new DynamicRuleObject();
-        }
+        object.setDynamicRuleName("UpdateDynamicRule2");
-        */
+        object.setDynamicRuleFrequency(1);
        object.setDynamicRulePriority(1);
        object.setDynamicRuleRange("北京");
        object.setDynamicRuleProtectLevel(2);
        object.setTemplateId(templates.get(0).getTemplateId());
        object.setProtectObjectIds(List.of(new Integer[]{protectObject.get(0).getProtectObjectId()}));
        Integer dynamicRuleId = dynamicRuleService.newDynamicRuleObject(object);
        Task task = new Task();
        task.setTaskName("dong态测试2");
        LocalDateTime taskStartTime = LocalDateTime.now().plusMinutes(1);
        LocalDateTime taskEndTime = LocalDateTime.now().plusYears(5);
        task.setTaskStartTime(taskStartTime);
        task.setTaskEndTime(taskEndTime);
        task.setTaskAct("阻断");
        task.setTaskType(2);
        task.setTaskCreateUserId(1);
        task.setTaskCreateUsername("xxx");
        task.setTaskCreateDepart("xxx");
        task.setDynamicRuleIds(List.of(new Integer[]{dynamicRuleId}));
        Long taskId = taskService.newTask(task);
        AlertMessage alert = new AlertMessage();
        FiveTupleWithMask fiveTupleWithMask = new FiveTupleWithMask();
        fiveTupleWithMask.setSourceIP("1.1.1.1");
        alert.setDynamicRuleId(dynamicRuleId);
        alert.setTaskId(taskId);
        alert.setFiveTupleWithMask(fiveTupleWithMask);
        alert.setContent("testcontent");
        alertMessageService.processAlertMessage(alert);
    }
--- a/src/test/java/com/realtime/protection/server/rule/dynamic/DynamicRuleServiceTest.java
+++ b/src/test/java/com/realtime/protection/server/rule/dynamic/DynamicRuleServiceTest.java
@@ -35,18 +35,19 @@ public class DynamicRuleServiceTest extends ProtectionApplicationTests {
    @Test
    void testNewDynamicRule() {
        List<ProtectObject> protectObject = protectObjectService.queryProtectObjects(null, null, 1, 1);
        List<Template> templates = templateService.queryTemplates(null, 1, 1);
        DynamicRuleObject object = new DynamicRuleObject();
        object.setDynamicRuleName("UpdateDynamicRule2");
        object.setDynamicRuleFrequency(1);
        object.setDynamicRulePriority(1);
        object.setDynamicRuleRange("北京");
        object.setDynamicRuleProtectLevel(2);
-        object.setTemplateId(1);
+        object.setTemplateId(templates.get(0).getTemplateId());
-        object.setProtectObjectIds(List.of(new Integer[]{5521, 5520}));
+        object.setLogRuleId(1);
-
+        object.setProtectObjectIds(List.of(new Integer[]{protectObject.get(0).getProtectObjectId()}));
-
+        Integer dynamicRuleId = dynamicRuleService.newDynamicRuleObject(object);
 //        Integer objectId = dynamicRuleService.newDynamicRuleObject(object);
 //        assertTrue(objectId > 0);
    }
    @Test
--- a/src/test/java/com/realtime/protection/server/rule/staticrule/StaticRuleServiceTest.java
+++ b/src/test/java/com/realtime/protection/server/rule/staticrule/StaticRuleServiceTest.java
@@ -7,7 +7,6 @@ import org.junit.jupiter.api.Test;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.boot.test.context.SpringBootTest;
 import java.time.LocalDateTime;
 import java.util.ArrayList;
 import java.util.List;
@@ -26,13 +25,16 @@ public class StaticRuleServiceTest extends ProtectionApplicationTests {
    void setUp() {
        staticRuleTest = new StaticRuleObject();
        staticRuleTest.setStaticRuleName("test_staticrule");
        staticRuleTest.setStaticRuleCreateTime(LocalDateTime.now());
        staticRuleTest.setStaticRuleCreateUsername("mh");
        staticRuleTest.setStaticRuleCreateDepart("mmeess");
        staticRuleTest.setStaticRuleCreateUserId(2);
        staticRuleTest.setStaticRuleAuditStatus(0);
-        staticRuleTest.setStaticRuleSip("1.1.2.3");
+        staticRuleTest.setStaticRuleSip("1.1.2.0");
        staticRuleTest.setStaticRuleMsip("255.255.255.0");
 //        staticRuleTest.setStaticRuleDip("1.1.1.2");
 //        staticRuleTest.setStaticRuleMdip("255.255.255.0");
        staticRuleTest.setStaticRuleSport(80);
        staticRuleTest.setStaticRulePriority(1);
@@ -43,25 +45,7 @@ public class StaticRuleServiceTest extends ProtectionApplicationTests {
    @Test
    void testNewStaticRule(){
-        Integer i = 0;
+        staticRuleService.newStaticRuleObject(staticRuleTest);
        while(i<2) {
            i++;
            StaticRuleObject object = new StaticRuleObject();
            object.setStaticRuleName("test_staticrule" + i);
            //object.setStaticRuleCreateTime(LocalDateTime.now());
            object.setStaticRuleCreateUsername("boy" + i);
            object.setStaticRuleCreateDepart("2chu" + i);
            object.setStaticRuleCreateUserId(i);
            object.setStaticRuleSip("1.1.1." + i);
            object.setStaticRuleSport(i);
            object.setStaticRuleDip("2.2.3." + i);
            object.setStaticRulePriority(2);
            object.setStaticRuleFrequency(1);
            object.setStaticRuleRange("北京");
            Integer id = staticRuleService.newStaticRuleObject(object);
        }
        //assertTrue(id>0);
    }
    @Test