201 lines
8.7 KiB
XML
201 lines
8.7 KiB
XML
<?xml version="1.0" encoding="UTF-8" ?>
|
||
<!DOCTYPE mapper
|
||
PUBLIC "-//mybatis.org//DTD Mapper 3.0//EN"
|
||
"http://mybatis.org/dtd/mybatis-3-mapper.dtd">
|
||
<mapper namespace="com.realtime.protection.server.whitelist.WhiteListMapper">
|
||
<insert id="newWhiteListObject" useGeneratedKeys="true" keyProperty="whiteListId"
|
||
parameterType="com.realtime.protection.configuration.entity.whitelist.WhiteListObject">
|
||
insert into t_white_list(white_list_name, white_list_system_name,
|
||
white_list_ip, white_list_port,
|
||
white_list_url, white_list_protocol,
|
||
white_list_audit_status, create_time)
|
||
values (#{object.whiteListName}, #{object.whiteListSystemName},
|
||
INET_ATON(#{object.whiteListIP}), #{object.whiteListPort},
|
||
#{object.whiteListUrl}, #{object.whiteListProtocol},
|
||
0, NOW())
|
||
</insert>
|
||
|
||
<insert id="newWhiteListObjects">
|
||
insert into t_white_list(white_list_name, white_list_system_name,
|
||
white_list_ip, white_list_port,
|
||
white_list_url, white_list_protocol,
|
||
white_list_audit_status, create_time)
|
||
values
|
||
<foreach collection="whiteListObjects" item="object" separator=",">
|
||
(#{object.whiteListName}, #{object.whiteListSystemName},
|
||
INET_ATON(#{object.whiteListIP}), #{object.whiteListPort},
|
||
#{object.whiteListUrl}, #{object.whiteListProtocol},
|
||
0, NOW())
|
||
</foreach>
|
||
</insert>
|
||
|
||
<delete id="deleteWhiteListObjects">
|
||
delete from t_white_list
|
||
where white_list_id in
|
||
<foreach collection="whiteListIds" item="id" open="(" separator="," close=")">
|
||
#{id}
|
||
</foreach>
|
||
</delete>
|
||
|
||
|
||
<resultMap id="whiteListMap" type="com.realtime.protection.configuration.entity.whitelist.WhiteListObject">
|
||
<id column="white_list_id" property="whiteListId"/>
|
||
<result column="white_list_name" property="whiteListName"/>
|
||
<result column="white_list_system_name" property="whiteListSystemName"/>
|
||
<result column="white_list_ip" property="whiteListIP"/>
|
||
<result column="white_list_port" property="whiteListPort"/>
|
||
<result column="white_list_url" property="whiteListUrl"/>
|
||
<result column="white_list_protocol" property="whiteListProtocol"/>
|
||
<!-- <result column="white_list_audit_status" property="whiteListAuditStatus"/>-->
|
||
</resultMap>
|
||
|
||
<select id="queryWhiteListObject" resultMap="whiteListMap">
|
||
select * from t_white_list
|
||
<where>
|
||
<if test="whiteListName != null">
|
||
white_list_name like concat('%', #{whiteListName}, '%')
|
||
</if>
|
||
<if test="whiteListId != null">
|
||
and white_list_id = #{whiteListId}
|
||
</if>
|
||
</where>
|
||
LIMIT ${(page - 1) * pageSize}, #{pageSize}
|
||
</select>
|
||
|
||
<select id="queryWhiteListObjectById" resultMap="whiteListMap">
|
||
select *
|
||
from t_white_list
|
||
where white_list_id = #{whiteListId}
|
||
</select>
|
||
|
||
<update id="updateWhiteListObject">
|
||
update t_white_list
|
||
<set>
|
||
<if test="object.whiteListName != null">
|
||
white_list_name = #{object.whiteListName},
|
||
</if>
|
||
<if test="object.whiteListSystemName != null">
|
||
white_list_system_name = #{object.whiteListSystemName},
|
||
</if>
|
||
<if test="object.whiteListIP != null">
|
||
white_list_ip = INET_ATON(#{object.whiteListIP}),
|
||
</if>
|
||
<if test="object.whiteListPort != null">
|
||
white_list_port = #{object.whiteListPort},
|
||
</if>
|
||
<if test="object.whiteListUrl != null">
|
||
white_list_url = #{object.whiteListUrl},
|
||
</if>
|
||
<if test="object.whiteListProtocol != null">
|
||
white_list_protocol = #{object.whiteListProtocol},
|
||
</if>
|
||
<if test="object.whiteListAuditStatus != null">
|
||
white_list_audit_status = #{object.whiteListAuditStatus},
|
||
</if>
|
||
modify_time = NOW()
|
||
</set>
|
||
where white_list_id = #{id}
|
||
</update>
|
||
<update id="updateWhiteListObjectAuditStatus">
|
||
update t_white_list
|
||
set white_list_audit_status = #{status}
|
||
where white_list_id = #{id}
|
||
</update>
|
||
|
||
<select id="existWhiteListObject" resultType="java.lang.String">
|
||
select CONCAT(INET_NTOA(white_list_ip)," ", CAST(white_list_port)," ", white_list_url)
|
||
from t_white_list
|
||
<where>
|
||
|
||
<if test="staticRuleObject.staticRuleSip != null and staticRuleObject.staticRuleMsip == null">
|
||
(white_list_ip = #{staticRuleObject.staticRuleSip}
|
||
<if test="staticRuleObject.staticRuleSport != null">
|
||
and white_list_port = #{staticRuleObject.staticRuleSport}
|
||
</if>)
|
||
</if>
|
||
<if test="staticRuleObject.staticRuleSip != null and staticRuleObject.staticRuleMsip != null">
|
||
((white_list_ip & #{staticRuleObject.staticRuleMsip}) =
|
||
(#{staticRuleObject.staticRuleSip} & #{staticRuleObject.staticRuleMsip})
|
||
<if test="staticRuleObject.staticRuleSport != null">
|
||
and white_list_port = #{staticRuleObject.staticRuleSport}
|
||
</if>)
|
||
</if>
|
||
<if test="staticRuleObject.staticRuleDip != null and staticRuleObject.staticRuleMdip == null">
|
||
or (white_list_ip = #{staticRuleObject.staticRuleDip}
|
||
<if test="staticRuleObject.staticRuleDport != null">
|
||
and white_list_port = #{staticRuleObject.staticRuleDport}
|
||
</if>)
|
||
</if>
|
||
<if test="staticRuleObject.staticRuleDip != null and staticRuleObject.staticRuleMdip != null">
|
||
or ((white_list_ip & #{staticRuleObject.staticRuleMdip}) =
|
||
(#{staticRuleObject.staticRuleDip} & #{staticRuleObject.staticRuleMdip})
|
||
<if test="staticRuleObject.staticRuleDport != null">
|
||
and white_list_port = #{staticRuleObject.staticRuleDport}
|
||
</if>)
|
||
</if>
|
||
<if test="staticRuleObject.staticRuleUrl != null">
|
||
or white_list_url = #{staticRuleObject.staticRuleUrl}
|
||
</if>
|
||
|
||
</where>
|
||
</select>
|
||
|
||
<select id="queryWhiteListObjectAuditStuatusById" resultType="java.lang.Integer">
|
||
select white_list_audit_status
|
||
from t_white_list
|
||
where white_list_id = #{id}
|
||
</select>
|
||
|
||
<!--
|
||
判断逻辑
|
||
如果指令没有ip掩码:
|
||
whitelist_ip == ip
|
||
如果指令有端口:
|
||
判断端口是否相同
|
||
如果指令有ip掩码:
|
||
whitelist_ip & IP掩码 == 源IP & IP掩码 : 代表指令包含了whitelist_ip
|
||
如果指令有端口:
|
||
判断端口是否相同
|
||
(又分了一下指令的源ip和目的ip)
|
||
|
||
可能还要做的:
|
||
(1)端口掩码
|
||
(2)协议
|
||
(3)url
|
||
-->
|
||
|
||
<select id="whiteListCommandJudge" resultMap="whiteListMap">
|
||
select *
|
||
from t_white_list
|
||
<where>
|
||
<if test="command.sourceIP != null and command.maskSourceIP == null">
|
||
(white_list_ip = INET_ATON(#{command.sourceIP})
|
||
<if test="command.sourcePort != null">
|
||
and white_list_port = CAST(#{command.sourcePort} AS UNSIGNED)
|
||
</if>)
|
||
</if>
|
||
<if test="command.sourceIP != null and command.maskSourceIP != null">
|
||
(( white_list_ip & INET_ATON(#{command.maskSourceIP})) =
|
||
(INET_ATON(#{command.sourceIP}) & INET_ATON(#{command.maskSourceIP}))
|
||
<if test="command.sourcePort != null">
|
||
and white_list_port = CAST(#{command.sourcePort} AS UNSIGNED)
|
||
</if>)
|
||
</if>
|
||
<if test="command.destinationIP != null and command.maskDestinationIP == null">
|
||
or (white_list_ip = INET_ATON(#{command.destinationIP})
|
||
<if test="command.destinationPort != null">
|
||
and white_list_port = CAST(#{command.destinationPort} AS UNSIGNED)
|
||
</if>)
|
||
</if>
|
||
<if test="command.destinationIP != null and command.maskDestinationIP != null">
|
||
or ((white_list_ip & INET_ATON(#{command.maskDestinationIP})) =
|
||
(INET_ATON(#{command.destinationIP}) & INET_ATON(#{command.maskDestinationIP}))
|
||
<if test="command.destinationPort != null">
|
||
and white_list_port = CAST(#{command.destinationPort} AS UNSIGNED)
|
||
</if>)
|
||
</if>
|
||
|
||
</where>
|
||
</select>
|
||
|
||
</mapper> |