o h@spddlZddlZddlZddlZddlmZmZmZmZddl m Z ej ej dde eZGdddZdS)N)ListDictAnyOptional)CountermeasurePluginz4%(asctime)s - %(name)s - %(levelname)s - %(message)s)levelformatc @sdeZdZdZd$defddZdeeeeffddZ d ed e fd d Z d eeefdedeeeeffddZ d eeefdeeeefdedeeeeffddZ deeeefd eeefdedeeeeffddZdeeeefdeeefdefddZdeded eeefdedeeeff dd Zdeeefdeeeffd!d"Zd#S)% RuleEngineuC 规则引擎,负责解析规则并触发反制动作。 logs/countermeasure_audit.logaudit_log_filecCsg|_i|_||_dS)N)rulescountermeasuresr )selfr r/root/ive/core/rule_engine.py__init__s zRuleEngine.__init__r cCs ||_tdt|ddS)u加载反制规则zLoaded z rules.N)r loggerinfolen)rr rrr load_rulesszRuleEngine.load_rulesnameplugincCs||j|<td|dS)u注册反制动作插件z"Registered countermeasure plugin: N)r rr)rrrrrrregister_countermeasures z"RuleEngine.register_countermeasurerequest_contextenvironment_idreturncCs||j||S)u 评估请求上下文并执行匹配的反制动作 (使用引擎内部加载的全局规则) :param request_context: 请求上下文信息 :param environment_id: 触发反制的环境ID :return: 执行的反制动作结果列表 )_evaluate_and_execute_rulesr )rrrrrrevaluate_and_execute#szRuleEngine.evaluate_and_executeenvironment_rulescCs||||S)uP 评估请求上下文并执行匹配的反制动作 (使用为特定环境指定的规则) :param request_context: 请求上下文信息 :param environment_rules: 为该环境指定的规则列表 :param environment_id: 触发反制的环境ID :return: 执行的反制动作结果列表 )r)rrrrrrr$evaluate_and_execute_for_environment-s z/RuleEngine.evaluate_and_execute_for_environmentrules_to_evaluatec Csg}|D]{}|dds q||dg|r|d}|j|}|rrz+|}|di|d<||} |d|| d} || ||d|||| Wqtyq} zt d|d |dd | WYd } ~ qd } ~ wwt d |d |dq|S)u 内部方法:执行规则评估和反制动作 :param rules_to_evaluate: 要评估的规则列表 :param request_context: 请求上下文信息 :param environment_id: 触发反制的环境ID :return: 执行的反制动作结果列表 enabledT conditionsactionconfigid)rule_idr#resultzError executing countermeasure z for rule z: NzCountermeasure plugin 'z' not found for rule ) get_match_conditionsr copyexecuteappend _log_audit Exceptionrerrorwarning) rr rrresultsruleZ action_name cm_pluginZcontext_with_configr'Zexecution_resulterrrr8s2     ,z&RuleEngine._evaluate_and_execute_rulesr"contextcCsZ|D](}d}|D]\}}||vr|||krd}n ||vr$d}nq |r*dSqdS)u匹配规则条件TF)items)rr"r5 conditionmatchkeyvaluerrrr)aszRuleEngine._match_conditionsr&r#r'c Cst||||||d}z7tj|j}|rtj|ddt|jddd}|t |dWdWdS1s>wYWdSt y`} zt d | WYd} ~ dSd} ~ ww) u记录审计日志) timestampr&rrequestr#r'T)exist_okazutf-8)encoding NzFailed to write audit log: )time_sanitize_contextospathdirnamer makedirsopenwritejsondumpsr.rr/) rr&rrr#r'Z log_entryZlog_dirfr4rrrr-us$ &zRuleEngine._log_auditcCs |}|S)u?对请求上下文进行脱敏处理,避免记录敏感信息)r*)rr5Z sanitizedrrrrBszRuleEngine._sanitize_contextN)r )__name__ __module__ __qualname____doc__strrrrrrrrrrrboolr)r-rBrrrrr s*: : *).&r )rArIloggingrCtypingrrrrpluginsr basicConfigINFO getLoggerrLrr rrrrs