diff --git a/src/main/java/com/dispose/ability/impl/DpTechAbilityImpl.java b/src/main/java/com/dispose/ability/impl/DpTechAbilityImpl.java index 4573f270..f3711997 100644 --- a/src/main/java/com/dispose/ability/impl/DpTechAbilityImpl.java +++ b/src/main/java/com/dispose/ability/impl/DpTechAbilityImpl.java @@ -6,15 +6,14 @@ import com.dispose.common.DisposeCapacityType; import com.dispose.common.DpTechAttackType; import com.dispose.common.DpTechConfigValue; import com.dispose.common.ErrorCode; +import com.dispose.common.Helper; import com.dispose.common.NetflowDirection; import com.dispose.pojo.po.MulReturnType; import com.dispose.pojo.vo.DeviceFirewareInfo; import com.dptech.dispose.AbnormalFlowCleaningServicePortType; import com.dptech.dispose.ArrayOfProtectionObjectDataForService; import com.dptech.dispose.NtcRequestResultInfo; -import inet.ipaddr.AddressStringException; import inet.ipaddr.IPAddress; -import inet.ipaddr.IPAddressSeqRange; import inet.ipaddr.IPAddressString; import lombok.extern.slf4j.Slf4j; import org.apache.cxf.endpoint.Client; @@ -54,39 +53,6 @@ public class DpTechAbilityImpl implements DisposeAbility { */ private AbnormalFlowCleaningServicePortType cleanTypePort; - /** - * Ip in range boolean. - * - * @param rangeIp the range ip - * @param ipAddr the ip addr - * @return the boolean - */ - private static boolean ipInRange(String rangeIp, String ipAddr) { - final int numIp = 2; - - // 范围为空字符串或者与IP相同时,返回真 - if (rangeIp.length() == 0 || rangeIp.equals(ipAddr)) { - return true; - } - - String[] ipList = rangeIp.split("-"); - - if (ipList.length != numIp) { - return false; - } - - try { - IPAddress lower = new IPAddressString(ipList[0]).toAddress(); - IPAddress upper = new IPAddressString(ipList[1]).toAddress(); - IPAddress addr = new IPAddressString(ipAddr).toAddress(); - IPAddressSeqRange range = lower.toSequentialRange(upper); - return range.contains(addr); - } catch (AddressStringException ignored) { - - } - return false; - } - /** * Init device env. * @@ -303,11 +269,11 @@ public class DpTechAbilityImpl implements DisposeAbility { IPAddress addr = new IPAddressString(ipAddr).getAddress(); synchronized (this) { if (addr.isIPv4()) { - return protectIpV4.stream().anyMatch(v -> DpTechAbilityImpl.ipInRange(v, ipAddr)); + return protectIpV4.stream().anyMatch(v -> Helper.ipInRange(v, ipAddr)); } if (addr.isIPv6()) { - return protectIpV6.stream().anyMatch(v -> DpTechAbilityImpl.ipInRange(v, ipAddr)); + return protectIpV6.stream().anyMatch(v -> Helper.ipInRange(v, ipAddr)); } } return false; diff --git a/src/main/java/com/dispose/common/Helper.java b/src/main/java/com/dispose/common/Helper.java index f22917bf..85c62b02 100644 --- a/src/main/java/com/dispose/common/Helper.java +++ b/src/main/java/com/dispose/common/Helper.java @@ -1,6 +1,8 @@ package com.dispose.common; +import inet.ipaddr.AddressStringException; import inet.ipaddr.IPAddress; +import inet.ipaddr.IPAddressSeqRange; import inet.ipaddr.IPAddressString; import java.sql.Timestamp; @@ -114,4 +116,46 @@ public class Helper { public static String ipPortNormalize(String ipPort, HttpType type) { return ipPort.length() == 0 ? (type == HttpType.HTTP ? "80" : "443") : ipPort; } + + /** + * Ip in range boolean. + * + * @param rangeIp the range ip + * @param ipAddr the ip addr + * @return the boolean + */ + public static boolean ipInRange(String rangeIp, String ipAddr) { + final int numIp = 2; + final String cidrSplit = "/"; + + // 范围为空字符串或者与IP相同时,返回真 + if (rangeIp.length() == 0 || rangeIp.equals(ipAddr)) { + return true; + } + + // 处理CIDR格式 + if(rangeIp.contains(cidrSplit)) { + IPAddressString network = new IPAddressString(rangeIp); + IPAddressString ip = new IPAddressString(ipAddr); + return network.prefixContains(ip); + } + + // 处理"-"连接格式 + String[] ipList = rangeIp.split("-"); + + if (ipList.length != numIp) { + return false; + } + + try { + IPAddress lower = new IPAddressString(ipList[0]).toAddress(); + IPAddress upper = new IPAddressString(ipList[1]).toAddress(); + IPAddress addr = new IPAddressString(ipAddr).toAddress(); + IPAddressSeqRange range = lower.toSequentialRange(upper); + return range.contains(addr); + } catch (AddressStringException ignored) { + + } + return false; + } }