Merge remote-tracking branch 'origin/master'
This commit is contained in:
EnderByEndera
@@ -12,4 +12,7 @@ public class AlertMessage {
|
||||
@JsonProperty("five_tuple_with_mask")
|
||||
private FiveTupleWithMask fiveTupleWithMask;
|
||||
|
||||
@JsonProperty("dynamic_rule_id")
|
||||
private Integer dynamicRuleId;
|
||||
|
||||
}
|
||||
|
||||
@@ -3,6 +3,8 @@ package com.realtime.protection.configuration.entity.rule.dynamicrule;
|
||||
import com.fasterxml.jackson.annotation.JsonProperty;
|
||||
import com.realtime.protection.configuration.entity.defense.object.ProtectObject;
|
||||
import io.swagger.v3.oas.annotations.media.Schema;
|
||||
import jakarta.validation.constraints.Max;
|
||||
import jakarta.validation.constraints.Min;
|
||||
import jakarta.validation.constraints.NotEmpty;
|
||||
import jakarta.validation.constraints.NotNull;
|
||||
import lombok.Data;
|
||||
@@ -71,7 +73,9 @@ public class DynamicRuleObject {
|
||||
private Integer templateId;
|
||||
@NotNull
|
||||
@JsonProperty("dynamic_rule_protect_level")
|
||||
@Schema(description = "防护等级", example = "1", requiredMode = Schema.RequiredMode.REQUIRED)
|
||||
@Max(value = 3)
|
||||
@Min(value = 1)
|
||||
@Schema(description = "防护等级:1代表日常态、2代表应急态、3代表紧急态", example = "1", requiredMode = Schema.RequiredMode.REQUIRED)
|
||||
private Integer dynamicRuleProtectLevel;
|
||||
|
||||
@NotNull
|
||||
|
||||
@@ -65,4 +65,9 @@ public class TaskCommandInfo {
|
||||
|
||||
@Schema(description = "最新下发时间", accessMode = Schema.AccessMode.READ_ONLY)
|
||||
private LocalDateTime latestSendTime;
|
||||
|
||||
@Schema(description = "防御策略模板ID", accessMode = Schema.AccessMode.READ_ONLY)
|
||||
private Integer templateId;
|
||||
@Schema(description = "防护等级", accessMode = Schema.AccessMode.READ_ONLY)
|
||||
private Integer protectLevel;
|
||||
}
|
||||
|
||||
@@ -21,7 +21,7 @@ public class AlertMessageController
|
||||
|
||||
@PostMapping("/new")
|
||||
public ResponseResult receiveAlertMessage(@RequestBody @Valid AlertMessage alertMessage){
|
||||
alertMessageService.receiveAlertMessage(alertMessage);
|
||||
alertMessageService.processAlertMessage(alertMessage);
|
||||
return ResponseResult.ok();
|
||||
}
|
||||
|
||||
|
||||
@@ -0,0 +1,16 @@
|
||||
package com.realtime.protection.server.alertmessage;
|
||||
|
||||
import com.realtime.protection.configuration.entity.defense.template.ProtectLevel;
|
||||
import com.realtime.protection.configuration.entity.task.FiveTupleWithMask;
|
||||
import com.realtime.protection.configuration.entity.task.TaskCommandInfo;
|
||||
import org.apache.ibatis.annotations.Mapper;
|
||||
|
||||
|
||||
@Mapper
|
||||
public interface AlertMessageMapper {
|
||||
|
||||
TaskCommandInfo getDynamicTaskInfos(Long taskId) ;
|
||||
|
||||
|
||||
ProtectLevel queryTemplateProtectLevel(Integer templateId, Integer protectLevel, FiveTupleWithMask fiveTupleWithMask);
|
||||
}
|
||||
@@ -1,7 +1,8 @@
|
||||
package com.realtime.protection.server.alertmessage;
|
||||
|
||||
import com.realtime.protection.configuration.entity.defense.template.ProtectLevel;
|
||||
import com.realtime.protection.configuration.entity.rule.dynamicrule.AlertMessage;
|
||||
import com.realtime.protection.configuration.entity.task.Task;
|
||||
import com.realtime.protection.configuration.entity.task.FiveTupleWithMask;
|
||||
import com.realtime.protection.configuration.entity.task.TaskCommandInfo;
|
||||
import com.realtime.protection.server.task.TaskService;
|
||||
import org.springframework.stereotype.Service;
|
||||
@@ -11,28 +12,62 @@ import com.realtime.protection.configuration.utils.enums.StateEnum;
|
||||
@Service
|
||||
public class AlertMessageService {
|
||||
private final CommandService commandService;
|
||||
private final AlertMessageMapper alertMessageMapper;
|
||||
private final TaskService taskService;
|
||||
|
||||
public AlertMessageService(CommandService commandService,TaskService taskService) {
|
||||
public AlertMessageService(CommandService commandService,TaskService taskService,
|
||||
AlertMessageMapper alertMessageMapper) {
|
||||
this.commandService = commandService;
|
||||
this.taskService = taskService;
|
||||
this.alertMessageMapper = alertMessageMapper;
|
||||
}
|
||||
|
||||
public void receiveAlertMessage(AlertMessage alertMessage) {
|
||||
public void processAlertMessage(AlertMessage alertMessage) {
|
||||
Long taskId = alertMessage.getTaskId();
|
||||
//查task信息
|
||||
Task task = taskService.queryTask(taskId);
|
||||
//检查task status是否为running?
|
||||
// if (task.getTaskStatus() != StateEnum.RUNNING.getStateNum()) {
|
||||
Integer taskStatus = taskService.queryTaskStatus(taskId);
|
||||
Integer temp = StateEnum.RUNNING.getStateNum();
|
||||
// if (taskStatus != StateEnum.RUNNING.getStateNum()) {
|
||||
// return;
|
||||
// }
|
||||
|
||||
//task信息和alertMessage中的fiveTuple信息 合并成 TaskCommandInfo
|
||||
TaskCommandInfo dynamicTaskCommandInfo = new TaskCommandInfo();
|
||||
//查task信息,和alertMessage中的fiveTuple信息 合并成 TaskCommandInfo
|
||||
TaskCommandInfo dynamicTaskCommandInfo = alertMessageMapper.getDynamicTaskInfos(taskId);
|
||||
|
||||
//根据策略模板更新五元组
|
||||
ProtectLevel templateProtectLevel = alertMessageMapper.queryTemplateProtectLevel(
|
||||
dynamicTaskCommandInfo.getTemplateId(),
|
||||
dynamicTaskCommandInfo.getProtectLevel(),
|
||||
alertMessage.getFiveTupleWithMask());
|
||||
updateFiveTupleWithMask(alertMessage.getFiveTupleWithMask(), templateProtectLevel);
|
||||
dynamicTaskCommandInfo.setFiveTupleWithMask(alertMessage.getFiveTupleWithMask());
|
||||
|
||||
//command入库
|
||||
//commandService.createCommand(staticTaskCommandInfo);
|
||||
// command入库
|
||||
commandService.createCommand(dynamicTaskCommandInfo);
|
||||
|
||||
}
|
||||
|
||||
private void updateFiveTupleWithMask(FiveTupleWithMask alertMessageFiveTupleW, ProtectLevel templateProtectLevel) {
|
||||
if(!templateProtectLevel.getHasProtectObjectIP()){
|
||||
alertMessageFiveTupleW.setDestinationIP(null);
|
||||
alertMessageFiveTupleW.setMaskDestinationIP(null);
|
||||
}
|
||||
if(!templateProtectLevel.getHasProtectObjectPort()){
|
||||
alertMessageFiveTupleW.setDestinationPort(null);
|
||||
alertMessageFiveTupleW.setMaskDestinationPort(null);
|
||||
}
|
||||
if(!templateProtectLevel.getHasPeerIP()){
|
||||
alertMessageFiveTupleW.setSourceIP(null);
|
||||
alertMessageFiveTupleW.setMaskSourceIP(null);
|
||||
}
|
||||
if(!templateProtectLevel.getHasPeerPort()){
|
||||
alertMessageFiveTupleW.setSourcePort(null);
|
||||
alertMessageFiveTupleW.setMaskSourcePort(null);
|
||||
}
|
||||
if (!templateProtectLevel.getHasProtocol()) {
|
||||
alertMessageFiveTupleW.setProtocol(null);
|
||||
alertMessageFiveTupleW.setMaskProtocol(null);
|
||||
}
|
||||
//目前告警信息还只是五元组,没有url、dns
|
||||
}
|
||||
}
|
||||
|
||||
87
src/main/resources/mappers/AlertMessageMapper.xml
Normal file
87
src/main/resources/mappers/AlertMessageMapper.xml
Normal file
@@ -0,0 +1,87 @@
|
||||
<?xml version="1.0" encoding="UTF-8" ?>
|
||||
<!DOCTYPE mapper
|
||||
PUBLIC "-//mybatis.org//DTD Mapper 3.0//EN"
|
||||
"http://mybatis.org/dtd/mybatis-3-mapper.dtd">
|
||||
<mapper namespace="com.realtime.protection.server.alertmessage.AlertMessageMapper">
|
||||
|
||||
<resultMap id="dynamicCommmandMap" type="com.realtime.protection.configuration.entity.task.TaskCommandInfo">
|
||||
<result column="task_name" property="taskName"/>
|
||||
<result column="task_create_username" property="taskCreateUsername"/>
|
||||
<result column="task_create_depart" property="taskCreateDepart"/>
|
||||
<result column="task_create_userid" property="taskCreateUserId"/>
|
||||
|
||||
<result column="task_id" property="taskId"/>
|
||||
<result column="dynamic_rule_id" property="ruleId"/>
|
||||
|
||||
<result column="task_act" property="taskAct"/>
|
||||
<result column="task_type" property="taskType"/>
|
||||
<result column="dynamic_rule_frequency" property="frequency"/>
|
||||
<result column="task_start_time" property="startTime"/>
|
||||
<result column="task_end_time" property="endTime"/>
|
||||
|
||||
<result column="template_id" property="templateId"/>
|
||||
<result column="dynamic_rule_protect_level" property="protectLevel"/>
|
||||
|
||||
</resultMap>
|
||||
<resultMap id="protectLevelMap" type="com.realtime.protection.configuration.entity.defense.template.ProtectLevel">
|
||||
<id column="protect_level_id" property="protectLevelId"/>
|
||||
<result column="has_protect_object_ip" property="hasProtectObjectIP"/>
|
||||
<result column="has_protect_object_port" property="hasProtectObjectPort"/>
|
||||
<result column="has_peer_ip" property="hasPeerIP"/>
|
||||
<result column="has_peer_port" property="hasPeerPort"/>
|
||||
<result column="has_protocol" property="hasProtocol"/>
|
||||
<result column="has_url" property="hasURL"/>
|
||||
<result column="has_dns" property="hasDNS"/>
|
||||
</resultMap>
|
||||
|
||||
<select id="queryTemplateProtectLevel" resultMap="protectLevelMap">
|
||||
SELECT
|
||||
t_protect_level.protect_level_id,
|
||||
t_protect_level.has_protect_object_ip,
|
||||
t_protect_level.has_protect_object_port,
|
||||
t_protect_level.has_peer_ip,
|
||||
t_protect_level.has_peer_port,
|
||||
t_protect_level.has_protocol,
|
||||
t_protect_level.has_url,
|
||||
t_protect_level.has_dns
|
||||
FROM t_strategy_template
|
||||
<if test="protectLevel == 1">
|
||||
left join t_protect_level on t_strategy_template.strategy_template_low_level_id = t_protect_level.protect_level_id
|
||||
</if>
|
||||
<if test="protectLevel == 2">
|
||||
left join t_protect_level on t_strategy_template.strategy_template_medium_level_id = t_protect_level.protect_level_id
|
||||
</if>
|
||||
<if test="protectLevel == 3">
|
||||
left join t_protect_level on t_strategy_template.strategy_template_high_level_id = t_protect_level.protect_level_id
|
||||
</if>
|
||||
WHERE t_strategy_template.strategy_template_id = #{templateId}
|
||||
</select>
|
||||
|
||||
<select id="getDynamicTaskInfos"
|
||||
resultMap="dynamicCommmandMap" >
|
||||
select
|
||||
t_task.task_name,
|
||||
|
||||
t_task.task_id,
|
||||
t_dr.dynamic_rule_id,
|
||||
|
||||
t_task.task_create_username,
|
||||
t_task.task_create_depart,
|
||||
t_task.task_create_userid,
|
||||
|
||||
t_task.task_type,
|
||||
t_task.task_act,
|
||||
t_dr.dynamic_rule_frequency,
|
||||
|
||||
t_task.task_start_time,
|
||||
t_task.task_end_time,
|
||||
|
||||
t_dr.template_id,
|
||||
t_dr.dynamic_rule_protect_level
|
||||
|
||||
from t_task
|
||||
left join realtime_protection.t_dynamic_rule t_dr on t_task.task_id = t_dr.dynamic_rule_used_task_id
|
||||
where
|
||||
t_task.task_id = #{task_id}
|
||||
</select>
|
||||
</mapper>
|
||||
@@ -104,12 +104,12 @@
|
||||
<result column="static_rule_create_user_id" property="staticRuleCreateUserId"/>
|
||||
<result column="static_rule_modify_time" property="staticRuleModifyTime"/>
|
||||
|
||||
<result column="static_rule_sip" property="staticRuleSip"/>
|
||||
<result column="static_rule_msip" property="staticRuleMsip"/>
|
||||
<result column="static_rule_sip_d" property="staticRuleSip"/>
|
||||
<result column="static_rule_msip_d" property="staticRuleMsip"/>
|
||||
<result column="static_rule_sport" property="staticRuleSport"/>
|
||||
<result column="static_rule_msport" property="staticRuleMsport"/>
|
||||
<result column="static_rule_dip" property="staticRuleDip"/>
|
||||
<result column="static_rule_mdip" property="staticRuleMdip"/>
|
||||
<result column="static_rule_dip_d" property="staticRuleDip"/>
|
||||
<result column="static_rule_mdip_d" property="staticRuleMdip"/>
|
||||
<result column="static_rule_dport" property="staticRuleDport"/>
|
||||
<result column="static_rule_mdport" property="staticRuleMdport"/>
|
||||
<result column="static_rule_protocol" property="staticRuleProtocol"/>
|
||||
@@ -122,7 +122,12 @@
|
||||
</resultMap>
|
||||
|
||||
<select id="queryStaticRule" resultMap="staticRuleMap">
|
||||
SELECT * FROM t_static_rule
|
||||
SELECT *,
|
||||
INET_NTOA(static_rule_sip) as static_rule_sip_d,
|
||||
INET_NTOA(static_rule_msip) as static_rule_msip_d,
|
||||
INET_NTOA(static_rule_dip) as static_rule_dip_d,
|
||||
INET_NTOA(static_rule_mdip) as static_rule_mdip_d
|
||||
FROM t_static_rule
|
||||
left join t_task on t_static_rule.static_rule_used_task_id = t_task.task_id
|
||||
<where>
|
||||
<if test="static_rule_name != null and static_rule_name != ''">
|
||||
|
||||
@@ -42,7 +42,7 @@
|
||||
<id column="white_list_id" property="whiteListId"/>
|
||||
<result column="white_list_name" property="whiteListName"/>
|
||||
<result column="white_list_system_name" property="whiteListSystemName"/>
|
||||
<result column="white_list_ip" property="whiteListIP"/>
|
||||
<result column="white_list_ip_d" property="whiteListIP"/>
|
||||
<result column="white_list_port" property="whiteListPort"/>
|
||||
<result column="white_list_url" property="whiteListUrl"/>
|
||||
<result column="white_list_protocol" property="whiteListProtocol"/>
|
||||
@@ -50,7 +50,8 @@
|
||||
</resultMap>
|
||||
|
||||
<select id="queryWhiteListObject" resultMap="whiteListMap">
|
||||
select * from t_white_list
|
||||
select *, INET_NTOA(white_list_ip) as white_list_ip_d
|
||||
from t_white_list
|
||||
<where>
|
||||
<if test="whiteListName != null">
|
||||
white_list_name like concat('%', #{whiteListName}, '%')
|
||||
|
||||
@@ -112,6 +112,12 @@ public class StaticRuleServiceTest extends ProtectionApplicationTests {
|
||||
System.out.println(object);
|
||||
}
|
||||
|
||||
@Test
|
||||
void testQueryStaticRules(){
|
||||
List<StaticRuleObject> staticRuleObjects = staticRuleService.queryStaticRule(null, null, null, null, 1, 10);
|
||||
System.out.println(staticRuleObjects);
|
||||
}
|
||||
|
||||
|
||||
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user