0hddlZddlZddlZddlZddlmZmZmZmZddl m Z ejejdejeZGddZy)N)ListDictAnyOptional)CountermeasurePluginz4%(asctime)s - %(name)s - %(levelname)s - %(message)s)levelformatc ~eZdZdZddefdZdeeeeffdZ dede fdZ d eeefd ed eeeeffd Z d eeefd eeeefd ed eeeeffdZ deeeefd eeefd ed eeeeffdZdeeeefdeeefd efdZded ed eeefdedeeeff dZdeeefd eeeffdZy) RuleEngineuC 规则引擎,负责解析规则并触发反制动作。 audit_log_filec.g|_i|_||_y)N)rulescountermeasuresr )selfr s $D:\code\IVE2\IVE\core\rule_engine.py__init__zRuleEngine.__init__s+- @B,rcV||_tjdt|dy)u加载反制规则zLoaded z rules.N)rloggerinfolen)rrs r load_ruleszRuleEngine.load_ruless"  gc%j\12rnameplugincR||j|<tjd|y)u注册反制动作插件z"Registered countermeasure plugin: N)rrr)rrrs rregister_countermeasurez"RuleEngine.register_countermeasures&%+T" 8?@rrequest_contextenvironment_idreturnc<|j|j||S)u 评估请求上下文并执行匹配的反制动作 (使用引擎内部加载的全局规则) :param request_context: 请求上下文信息 :param environment_id: 触发反制的环境ID :return: 执行的反制动作结果列表 )_evaluate_and_execute_rulesr)rrrs revaluate_and_executezRuleEngine.evaluate_and_execute#s// O^\\renvironment_rulesc(|j|||S)uP 评估请求上下文并执行匹配的反制动作 (使用为特定环境指定的规则) :param request_context: 请求上下文信息 :param environment_rules: 为该环境指定的规则列表 :param environment_id: 触发反制的环境ID :return: 执行的反制动作结果列表 )r!)rrr#rs r$evaluate_and_execute_for_environmentz/RuleEngine.evaluate_and_execute_for_environment-s//0A?Tbccrrules_to_evaluatec `g}|D]}|jdds|j|jdg|s9|jd}|jj|}|rj |j}|jdi|d<|j |} |d|| d} |j | |j |d|||| tjd |d |d|S#t$r,} tjd|d |dd | Yd } ~ #d } ~ wwxYw)u 内部方法:执行规则评估和反制动作 :param rules_to_evaluate: 要评估的规则列表 :param request_context: 请求上下文信息 :param environment_id: 触发反制的环境ID :return: 执行的反制动作结果列表 enabledT conditionsactionconfigid)rule_idr*resultzError executing countermeasure z for rule z: NzCountermeasure plugin 'z' not found for rule ) get_match_conditionsrcopyexecuteappend _log_audit Exceptionrerrorwarning) rr&rrresultsrule action_name cm_plugincontext_with_configr.execution_resultes rr!z&RuleEngine._evaluate_and_execute_rules8sQ%D88It,%%dhh|R&@/R"hhx0  0044[A q.=.B.B.D+8<28N+H5!*!2!23F!G'+Dz&1&,,(  '78T NOU`bhi NN%<[MI^_cdh_i^j#kl9&< %q 'F{mS]^bcg^h]iiklmkn%oppqs-A(C88 D-!D((D-r)contextc~|D]8}d}|jD]\}}||vr |||k7rd}n ||vsd}n|s8yy)u匹配规则条件TF)items)rr)r? conditionmatchkeyvalues rr0zRuleEngine._match_conditionsas_$IE'oo/ U'>gcle&;!E'!E 0$rr-r*r.ctj|||j|||d} tjj |j }|rtj |dt|j dd5}|jtj|dzdddy#1swYyxYw#t$r"} tjd | Yd} ~ yd} ~ wwxYw) u记录审计日志) timestampr-rrequestr*r.T)exist_okazutf-8)encoding NzFailed to write audit log: )time_sanitize_contextospathdirnamer makedirsopenwritejsondumpsr5rr6) rr-rrr*r. log_entrylog_dirfr>s rr4zRuleEngine._log_auditus,--o>   <ggood&9&9:G Gd3d))3AQ 9-45BAA < LL6qc: ; ; ^b(<#risS  ,,(',,/ef   8 $BBr