文章目录 1. 构造 keyword 的查询条件 2. 构造 threatSubType 的查询条件 3. 相应的实体类
List < AlertWhiteEntity > findListByKeyword ( Integer offset, Integer limit, String keyword, String order, String sortKey, List < String > ) ;
@Override
public List < AlertWhiteEntity > findListByKeyword ( Integer offset, Integer limit, String keyword, String order, String sortKey, List < String > ) { Query query = new Query ( ) ; if ( ! StringUtils . isEmpty ( keyword) ) { query. addCriteria ( dealKeyword ( keyword) ) ; } Sort. Order orderSort = Sort. Order . desc ( sortKey) ; if ( Objects . equals ( order, ASC ) ) { orderSort = Sort. Order . asc ( sortKey) ; } getThreatSubTypeFilter ( threatSubType, query) ; query. with ( Sort . by ( Sort. Order . desc ( "status" ) , orderSort) ) ; query. skip ( ( long ) ( offset - 1 ) * limit) . limit ( limit) ; return incidentMongoTemplate. find ( query, AlertWhiteEntity . class ) ;
}
private CriteriaDefinition dealKeyword ( String keyword) { Pattern pattern = Pattern . compile ( "^.*" + keyword + ".*$" , Pattern . CASE_INSENSITIVE ) ; Criteria criteria = new Criteria ( ) ; Criteria [ ] criteriaArray = null ; String fullIp = "" ; if ( IpUtil . judgeLegalIp ( keyword) ) { if ( IpUtil . judgeIpv6 ( keyword) ) { fullIp = IpUtil . formatIpv6Full ( keyword) ; } else if ( IpUtil . judgeIpv4 ( keyword) ) { fullIp = IpUtil . formatIpv4Full ( keyword) ; } criteriaArray = new Criteria [ ] { new Criteria ( ) . and ( "ruleList.ruleList" ) . elemMatch ( new Criteria ( ) . andOperator ( new Criteria ( ) . orOperator ( new Criteria ( ) . and ( "type" ) . is ( "srcIp" ) , new Criteria ( ) . and ( "type" ) . is ( "dstIp" ) ) , new Criteria ( ) . and ( "value" ) . regex ( pattern) ) ) , new Criteria ( ) . and ( "creator" ) . regex ( pattern) , new Criteria ( ) . and ( "name" ) . regex ( pattern) , new Criteria ( ) . and ( "ruleList.ipRange" ) . elemMatch ( new Criteria ( ) . and ( "value" ) . elemMatch ( new Criteria ( ) . andOperator ( Criteria . where ( "startIp" ) . lte ( fullIp) , Criteria . where ( "endIp" ) . gte ( fullIp) ) ) ) } ; } else { criteriaArray = new Criteria [ ] { new Criteria ( ) . and ( "ruleList.ruleList" ) . elemMatch ( new Criteria ( ) . andOperator ( new Criteria ( ) . orOperator ( new Criteria ( ) . and ( "type" ) . is ( "srcIp" ) , new Criteria ( ) . and ( "type" ) . is ( "dstIp" ) ) , new Criteria ( ) . and ( "value" ) . regex ( pattern) ) ) , new Criteria ( ) . and ( "creator" ) . regex ( pattern) , new Criteria ( ) . and ( "name" ) . regex ( pattern) } ; } criteria. orOperator ( criteriaArray) ; return criteria;
}
private void getThreatSubTypeFilter ( List < String > , Query query) { if ( threatSubType != null && threatSubType. size ( ) != 0 ) { if ( ! threatSubType. contains ( ALL ) ) { threatSubType. add ( ALL ) ; } query. addCriteria ( Criteria . where ( "threatSubTypeId" ) . in ( threatSubType) ) ; } query. addCriteria ( Criteria . where ( "deleted" ) . is ( false ) ) ;
}
@Data
@Document ( "t_alert_white_rules" )
public class AlertWhiteEntity { @JsonProperty ( "_id" ) @MongoId @ApiModelProperty ( value = "元api id" ) @JsonSerialize ( using = ObjectIdSerializer . class ) private ObjectId id; @Field ( "whiteId" ) @ApiModelProperty ( value = "白名单id" ) private String whiteId; @Field ( "alertType" ) @ApiModelProperty ( value = "告警类型,前端使用控制展示哪种模板" ) private String alertType; @ApiModelProperty ( value = "告警类型,前端使用控制渲染告警类型" ) private String originAlertType; @Field ( "threatSubType" ) @ApiModelProperty ( value = "攻击小类数量" , example = "{[\"label\":\"aaaa\",\"value\":\"1_2_3\"]}" ) private List < WhiteScreenEntity > ; @Field ( "threatSubTypeView" ) @ApiModelProperty ( value = "攻击小类展示数组" , example = "[\"aaa\"]" ) private List < String > ; @Field ( "threatSubTypeId" ) @ApiModelProperty ( value = "攻击小类ID数组" , example = "[\"1_2_3\"]" ) private List < String > ; @Field ( "hostIp" ) @ApiModelProperty ( value = "生效主机" , example = "1.1.1.1" ) private List < String > ; @Field ( "isHostAll" ) @ApiModelProperty ( value = "是否勾选全部" ) private Boolean isHostAll; @Field ( "repeatMd5" ) @ApiModelProperty ( value = "用于判断是否重复md5" ) private String repeatMd5; @Field ( "status" ) @ApiModelProperty ( value = "状态" , notes = "启用enable | 禁用disable" ) private String status; @Field ( "name" ) @ApiModelProperty ( value = "规则名称" ) private String name; @Field ( "isUnlimited" ) @ApiModelProperty ( value = "是否永久生效" , notes = "永久生效1 | 自定义0" ) private Integer isUnlimited; @Field ( "sort_status" ) @ApiModelProperty ( value = "分类状态" , notes = "status是enable时1 | status是disable时0" ) private Integer sortStatus; @Field ( "reason" ) @ApiModelProperty ( value = "备注" ) private String reason; @Field ( "ruleList" ) @ApiModelProperty ( value = "规则列表" ) private RuleEntity ruleList; @Field ( "creator" ) @ApiModelProperty ( value = "创建人" ) private String creator; @Field ( "creatorId" ) @ApiModelProperty ( value = "创建人Id" ) private String creatorId; @Field ( "startTime" ) @ApiModelProperty ( value = "开始时间" ) private Long startTime; @Field ( "endTime" ) @ApiModelProperty ( value = "结束时间" ) private Long endTime; @Field ( "createTime" ) @ApiModelProperty ( value = "创建时间" ) private long createTime; @Field ( "updateTime" ) @ApiModelProperty ( value = "更新时间" ) private long updateTime; @Field ( "deleted" ) @ApiModelProperty ( value = "是否删除" , notes = "否0 | 是1" ) private boolean deleted;
}
@Data
public class RuleEntity { @ApiModelProperty ( value = "规则列表" ) private List < RuleInfoEntity < String > > ; @ApiModelProperty ( value = "IP范围" ) private List < RuleInfoEntity < IpInfoEntity > > ; @ApiModelProperty ( value = "IOA类型" ) private List < List < RuleInfoEntity < String > > > ; }
@AllArgsConstructor
@NoArgsConstructor
@Data
@JsonInclude ( JsonInclude. Include . NON_NULL )
@ApiModel ( description = "匹配规则" )
public class RuleInfoEntity < T > implements ValidateAble { @ApiModelProperty ( value = "匹配字段" , required = true , example = "srcIp" ) private String type; @ApiModelProperty ( value = "匹配值" , required = true ) private List < T > ; @ApiModelProperty ( value = "TMG匹配值" , required = true ) private List < T > ; @ApiModelProperty ( value = "中文名称" , example = "srcIp" ) private String title; @ApiModelProperty ( value = "匹配模式" , required = true , example = "IN" ) private String mode; @ApiModelProperty ( value = "匹配值" ) private List < String > ; @ApiModelProperty ( value = "是否忽略大小写" ) private Boolean isIgnorecase;
}
@Data
public class IpInfoEntity { @ApiModelProperty ( value = "开始IP" ) private String startIp; @ApiModelProperty ( value = "结束ip" ) private String endIp; }
