1hSSKrSSKrSSKrSSKrSSKJrJrJrJr SSK J r \R"\RSS9 \R"\5r"SS5rg)N)ListDictAnyOptional)CountermeasurePluginz4%(asctime)s - %(name)s - %(levelname)s - %(message)s)levelformatc \rSrSrSrSS\4SjjrS\\\\ 44Sjr S\S\ 4S jr S \\\ 4S \S \\\\ 44S jr S \\\ 4S\\\\ 4S \S \\\\ 44SjrS\\\\ 4S \\\ 4S \S \\\\ 44SjrS\\\\ 4S\\\ 4S \4SjrS\S \S \\\ 4S\S\\\ 44 SjrS\\\ 4S \\\ 44SjrSrg) RuleEngineu; 规则引擎,负责解析规则并触发反制动作。 audit_log_filec,/Ul0UlXlg)N)rulescountermeasuresr )selfr s core/rule_engine.py__init__RuleEngine.__init__s+- @B,rcTXl[RS[U5S35 g)u加载反制规则zLoaded z rules.N)rloggerinfolen)rrs r load_rulesRuleEngine.load_ruless   gc%j\12rnameplugincPX RU'[RSU35 g)u注册反制动作插件z"Registered countermeasure plugin: N)rrr)rrrs rregister_countermeasure"RuleEngine.register_countermeasures$%+T" 8?@rrequest_contextenvironment_idreturnc:URURX5$)u 评估请求上下文并执行匹配的反制动作 (使用引擎内部加载的全局规则) :param request_context: 请求上下文信息 :param environment_id: 触发反制的环境ID :return: 执行的反制动作结果列表 )_evaluate_and_execute_rulesr)rr!r"s revaluate_and_executeRuleEngine.evaluate_and_execute#s// O\\renvironment_rulesc&URX!U5$)u  评估请求上下文并执行匹配的反制动作 (使用为特定环境指定的规则) :param request_context: 请求上下文信息 :param environment_rules: 为该环境指定的规则列表 :param environment_id: 触发反制的环境ID :return: 执行的反制动作结果列表 )r%)rr!r(r"s r$evaluate_and_execute_for_environment/RuleEngine.evaluate_and_execute_for_environment-s//0ATbccrrules_to_evaluatec /nUGHnURSS5(dMURURS/5U5(dMFURS5nURRU5nU(aiUR5nURS05US'UR U5n USUU S.n UR U 5 UR USX2Xi5 M[RS US US35 GM U$![a-n [RSUS USS U 35 S n A GM9S n A ff=f)u 内部方法:执行规则评估和反制动作 :param rules_to_evaluate: 要评估的规则列表 :param request_context: 请求上下文信息 :param environment_id: 触发反制的环境ID :return: 执行的反制动作结果列表 enabledT conditionsactionconfigid)rule_idr0resultzError executing countermeasure z for rule z: NzCountermeasure plugin 'z' not found for rule ) get_match_conditionsrcopyexecuteappend _log_audit Exceptionrerrorwarning) rr,r!r"resultsrule action_name cm_plugincontext_with_configr4execution_resultes rr%&RuleEngine._evaluate_and_execute_rules8sR%D88It,,%%dhh|R&@/RR"hhx0  0044[A q.=.B.B.D+8<28N+H5!*!2!23F!G'+Dz&1&,,(  '78T NU`i NN%<[MI^_cdh_i^j#kl9&< %q 'F{mS]^bcg^h]iiklmkn%oppqs?A&D  E!D>>Er/contextcUHAnSnUR5HupVXR;a X%U:waSn O XR;dMSn O U(dMA g g)u匹配规则条件TF)items)rr/rF conditionmatchkeyvalues rr6RuleEngine._match_conditionsasY$IE'oo/ >gle&;!E'!E 0u$rr3r0r4c[R"5UUURU5UUS.n[RR UR 5nU(a[R "USS9 [UR SSS9nUR[R"U5S-5 SSS5 g!,(df  g=f![a"n [RS U 35 Sn A gSn A ff=f) u记录审计日志) timestampr3r"requestr0r4T)exist_okazutf-8)encoding NzFailed to write audit log: )time_sanitize_contextospathdirnamer makedirsopenwritejsondumpsr;rr<) rr3r"r!r0r4 log_entrylog_dirfrDs rr:RuleEngine._log_auditus,--o>   <ggood&9&9:G Gd3d))3AQ 9-45BAA < LL6qc: ; ; ^b(<#rusO  ,,(',,/ef   8 $BBr