diff options
| author | fengweihao <[email protected]> | 2023-02-07 09:51:49 +0800 |
|---|---|---|
| committer | fengweihao <[email protected]> | 2023-02-07 09:51:49 +0800 |
| commit | 212cd1a4f6c83ee5a2099f1c8077deb05bb8d716 (patch) | |
| tree | 1c559f78f7f09224ca333637b8487eab1a312ce4 | |
| parent | 3e8e55b18163b97159e7d607e5b02326c3279c8f (diff) | |
bugfix:安全策略过滤命中路径v2.3.9-20230207
| -rw-r--r-- | scan/src/policy_scan.cpp | 32 |
1 files changed, 22 insertions, 10 deletions
diff --git a/scan/src/policy_scan.cpp b/scan/src/policy_scan.cpp index 3cecde4..7c37c50 100644 --- a/scan/src/policy_scan.cpp +++ b/scan/src/policy_scan.cpp @@ -754,6 +754,10 @@ static enum policy_action decide_ctrl_action(enum verify_policy_type policy_type { continue; } + if (shaping == 0 && __action == PG_ACTION_SHAPING) + { + continue; + } if (__action == PG_ACTION_MONIT) { memcpy(monit_rule + n_monit, hit_rules + i, sizeof(struct Maat_rule_t)); @@ -934,15 +938,23 @@ int http_hit_policy_match(int result_config[], int cnt, int config) return 0; } -int verify_shaping_policy_filter(struct Maat_rule_t *enforce_rules, size_t n_enforce, int config) +int verify_shaping_policy_filter(struct verify_policy_scan_ctx * ctx, int shaping, int config) { size_t i=0; - for(i=0; i<n_enforce; i++) + for (i = 0; i < ctx->hit_cnt; i++) { - if(enforce_rules[i].config_id == config) + if (ctx->result[i].config_id == config) { - return 1; + if(shaping == 1 && ctx->result[i].action == PG_ACTION_SHAPING) + { + return 1; + } + if(shaping == 0 && ctx->result[i].action != PG_ACTION_SHAPING) + { + return 1; + } + } } return 0; @@ -994,11 +1006,7 @@ void http_get_scan_status(struct verify_policy_query_obj *query_obj, int type, i { continue; } - //*Shaping Policy filtering */ - if(shaping == 1 && verify_shaping_policy_filter(ctx->enforce_rules, ctx->n_enforce, ctx->hit_path[i].compile_id) != 1) - { - continue; - } + histObj=cJSON_CreateObject(); cJSON_AddItemToArray(hitPaths, histObj); cJSON_AddNumberToObject(histObj, "itemId", ctx->hit_path[i].region_id); @@ -1008,7 +1016,7 @@ void http_get_scan_status(struct verify_policy_query_obj *query_obj, int type, i ctx->hit_path[i].top_group_id = ctx->hit_path[i].sub_group_id; } cJSON_AddNumberToObject(histObj, "topObjectId", ctx->hit_path[i].top_group_id); - if(ctx->hit_path[i].compile_id > 0) + if(ctx->hit_path[i].compile_id > 0 && verify_shaping_policy_filter(ctx, shaping, ctx->hit_path[i].compile_id) == 1) { result_hit_nth[k] = ctx->hit_path[i].compile_id; k++; @@ -1051,6 +1059,10 @@ int http_hit_policy_list(enum verify_policy_type policy_type, int shaping, size_ { continue; } + if(shaping == 0 && ctx->result[i].action == PG_ACTION_SHAPING) + { + continue; + } if(http_hit_policy_match(result_config, i, ctx->result[i].config_id)) { continue; |