cmhi
/
dispose
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

OCT 

REM:
1. 修正处置IP防护范围判断不能识别CIDR网络格式问题
This commit is contained in:
HuangXin 2020-09-13 11:24:34 +08:00
parent 321379873e
commit c6c7874ac8
2 changed files with 47 additions and 37 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

40
src/main/java/com/dispose/ability/impl/DpTechAbilityImpl.java
View File

@ -6,15 +6,14 @@ import com.dispose.common.DisposeCapacityType;
import com.dispose.common.DpTechAttackType;
import com.dispose.common.DpTechConfigValue;
import com.dispose.common.ErrorCode;
import com.dispose.common.Helper;
import com.dispose.common.NetflowDirection;
import com.dispose.pojo.po.MulReturnType;
import com.dispose.pojo.vo.DeviceFirewareInfo;
import com.dptech.dispose.AbnormalFlowCleaningServicePortType;
import com.dptech.dispose.ArrayOfProtectionObjectDataForService;
import com.dptech.dispose.NtcRequestResultInfo;
import inet.ipaddr.AddressStringException;
import inet.ipaddr.IPAddress;
import inet.ipaddr.IPAddressSeqRange;
import inet.ipaddr.IPAddressString;
import lombok.extern.slf4j.Slf4j;
import org.apache.cxf.endpoint.Client;
@ -54,39 +53,6 @@ public class DpTechAbilityImpl implements DisposeAbility {
*/
private AbnormalFlowCleaningServicePortType cleanTypePort;
/**
* Ip in range boolean.
*
* @param rangeIp the range ip
* @param ipAddr the ip addr
* @return the boolean
*/
private static boolean ipInRange(String rangeIp, String ipAddr) {
final int numIp = 2;
// 范围为空字符串或者与IP相同时返回真
if (rangeIp.length() == 0 || rangeIp.equals(ipAddr)) {
return true;
}
String[] ipList = rangeIp.split("-");
if (ipList.length != numIp) {
return false;
}
try {
IPAddress lower = new IPAddressString(ipList[0]).toAddress();
IPAddress upper = new IPAddressString(ipList[1]).toAddress();
IPAddress addr = new IPAddressString(ipAddr).toAddress();
IPAddressSeqRange range = lower.toSequentialRange(upper);
return range.contains(addr);
} catch (AddressStringException ignored) {
}
return false;
}
/**
* Init device env.
*
@ -303,11 +269,11 @@ public class DpTechAbilityImpl implements DisposeAbility {
IPAddress addr = new IPAddressString(ipAddr).getAddress();
synchronized (this) {
if (addr.isIPv4()) {
return protectIpV4.stream().anyMatch(v -> DpTechAbilityImpl.ipInRange(v, ipAddr));
return protectIpV4.stream().anyMatch(v -> Helper.ipInRange(v, ipAddr));
}
if (addr.isIPv6()) {
return protectIpV6.stream().anyMatch(v -> DpTechAbilityImpl.ipInRange(v, ipAddr));
return protectIpV6.stream().anyMatch(v -> Helper.ipInRange(v, ipAddr));
}
}
return false;

44
src/main/java/com/dispose/common/Helper.java
View File

@ -1,6 +1,8 @@
package com.dispose.common;
import inet.ipaddr.AddressStringException;
import inet.ipaddr.IPAddress;
import inet.ipaddr.IPAddressSeqRange;
import inet.ipaddr.IPAddressString;
import java.sql.Timestamp;
@ -114,4 +116,46 @@ public class Helper {
public static String ipPortNormalize(String ipPort, HttpType type) {
return ipPort.length() == 0 ? (type == HttpType.HTTP ? "80" : "443") : ipPort;
}
/**
* Ip in range boolean.
*
* @param rangeIp the range ip
* @param ipAddr the ip addr
* @return the boolean
*/
public static boolean ipInRange(String rangeIp, String ipAddr) {
final int numIp = 2;
final String cidrSplit = "/";
// 范围为空字符串或者与IP相同时返回真
if (rangeIp.length() == 0 || rangeIp.equals(ipAddr)) {
return true;
}
// 处理CIDR格式
if(rangeIp.contains(cidrSplit)) {
IPAddressString network = new IPAddressString(rangeIp);
IPAddressString ip = new IPAddressString(ipAddr);
return network.prefixContains(ip);
}
// 处理"-"连接格式
String[] ipList = rangeIp.split("-");
if (ipList.length != numIp) {
return false;
}
try {
IPAddress lower = new IPAddressString(ipList[0]).toAddress();
IPAddress upper = new IPAddressString(ipList[1]).toAddress();
IPAddress addr = new IPAddressString(ipAddr).toAddress();
IPAddressSeqRange range = lower.toSequentialRange(upper);
return range.contains(addr);
} catch (AddressStringException ignored) {
}
return false;
}
}