lucaspalomodevelop/core
1
0
Fork 0
mirror of https://github.com/lucaspalomodevelop/core.git synced 2026-03-14 00:24:40 +00:00
Code Issues Packages Projects Releases Wiki Activity

Services: Intrusion Detection: Policy - show rule origin in rule adjustments grid. As we need to fetch all rule labels in order to link them and the number of installed rules may be quite large (>100k) we need a small work-around here to prevent other model callers from always having to wait for [msg, source] being populated.

Browse Source 
closes https://github.com/opnsense/core/issues/7121
This commit is contained in:
Ad Schellevis 2024-01-07 16:22:17 +01:00
parent e385b1cd3e
commit 3daff54655
8 changed files with 123 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
plist
View File

@ -605,6 +605,7 @@
/usr/local/opnsense/mvc/app/models/OPNsense/Firewall/static_aliases/core.json
/usr/local/opnsense/mvc/app/models/OPNsense/IDS/ACL/ACL.xml
/usr/local/opnsense/mvc/app/models/OPNsense/IDS/FieldTypes/PolicyContentField.php
/usr/local/opnsense/mvc/app/models/OPNsense/IDS/FieldTypes/PolicyRulesField.php
/usr/local/opnsense/mvc/app/models/OPNsense/IDS/IDS.php
/usr/local/opnsense/mvc/app/models/OPNsense/IDS/IDS.xml
/usr/local/opnsense/mvc/app/models/OPNsense/IDS/Menu/Menu.xml

24
src/opnsense/mvc/app/controllers/OPNsense/IDS/Api/SettingsController.php
View File

@ -42,6 +42,22 @@ class SettingsController extends ApiMutableModelControllerBase
{
protected static $internalModelName = 'ids';
protected static $internalModelClass = '\OPNsense\IDS\IDS';
private $modelHandle = null;
/**
* Get (or create) model object
* @return null|BaseModel
* @throws \ReflectionException
*/
protected function getModel()
{
if ($this->modelHandle == null) {
$this->modelHandle = (new \ReflectionClass(static::$internalModelClass))->newInstance();
}
return $this->modelHandle;
}
/**
* Query non layered model items
@ -699,7 +715,11 @@ class SettingsController extends ApiMutableModelControllerBase
*/
public function searchPolicyRuleAction()
{
return $this->searchBase("rules.rule", array("sid", "enabled", "action"), "sid");
/* XXX: toggle search backend data for rule information as this action can be rather slow and we don't want
to enforce this on all callers */
$this->getModel()->rules->rule->queryRuleInfo();
$this->modelHandle = null;
return $this->searchBase("rules.rule", ["sid", "msg", "source", "enabled", "action"], "sid");
}
/**
@ -762,7 +782,7 @@ class SettingsController extends ApiMutableModelControllerBase
}
/**
* return then number of custom defined policy rules
* return the number of custom defined policy rules
*/
public function checkPolicyRuleAction()
{

70
src/opnsense/mvc/app/models/OPNsense/IDS/FieldTypes/PolicyRulesField.php Normal file
View File

@ -0,0 +1,70 @@
<?php
/**
* Copyright (C) 2023 Deciso B.V.
*
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are met:
*
* 1. Redistributions of source code must retain the above copyright notice,
* this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
* INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
* AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
* AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
* OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
* SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
* INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
* CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
* POSSIBILITY OF SUCH DAMAGE.
*
*/
namespace OPNsense\IDS\FieldTypes;
use OPNsense\Base\FieldTypes\ArrayField;
use OPNsense\Base\FieldTypes\TextField;
use OPNsense\Core\Backend;
class PolicyRulesField extends ArrayField
{
protected static $internalRuleData = null;
private static $queryRules = false;
/**
* by default the PolicyRulesField acts as a standard ArrayField, unless queryRuleInfo() in which case
* the next created object will query for local rule data. (to limit load)
*/
public function queryRuleInfo()
{
static::$queryRules = true;
}
protected function actionPostLoadingEvent()
{
parent::actionPostLoadingEvent();
if (static::$queryRules) {
if (static::$internalRuleData === null) {
static::$internalRuleData = json_decode((new Backend())->configdRun('ids list rules'), true) ?? [];
}
foreach ($this->iterateItems() as $node) {
$rule = static::$internalRuleData[(string)$node->sid] ?? [];
foreach (['msg', 'source'] as $fieldname) {
$field = new TextField();
$field->setInternalIsVirtual();
$field->setValue($rule[$fieldname] ?? '');
$node->addChildNode($fieldname, $field);
}
}
}
}
}

2
src/opnsense/mvc/app/models/OPNsense/IDS/IDS.xml
View File

@ -4,7 +4,7 @@
<description>OPNsense IDS</description>
<items>
<rules>
<rule type="ArrayField">
<rule type=".\PolicyRulesField">
<sid type="IntegerField">
<ValidationMessage>Sid should be a number.</ValidationMessage>
<Required>Y</Required>

2
src/opnsense/mvc/app/views/OPNsense/IDS/policy.volt
View File

@ -162,6 +162,8 @@ POSSIBILITY OF SUCH DAMAGE.
<tr>
<th data-column-id="sid" data-width="6em" data-type="string">{{ lang._('SID') }}</th>
<th data-column-id="enabled" data-width="6em" data-type="string" data-formatter="rowtoggle">{{ lang._('Enabled') }}</th>
<th data-column-id="msg" data-type="string">{{ lang._('Msg') }}</th>
<th data-column-id="source" data-type="string">{{ lang._('Source') }}</th>
<th data-column-id="action" data-type="string">{{ lang._('Action') }}</th>
<th data-column-id="commands" data-width="7em" data-formatter="commands" data-sortable="false">{{ lang._('Commands') }}</th>
<th data-column-id="uuid" data-type="string" data-identifier="true" data-visible="false">{{ lang._('ID') }}</th>

10
src/opnsense/scripts/suricata/lib/rulecache.py
View File

@ -474,3 +474,13 @@ class RuleCache(object):
result[record[0]] = list()
result[record[0]].append(record[1])
return result
def list_rule_metadata(self):
result = {}
if os.path.exists(self.cachefile):
db = sqlite3.connect(self.cachefile)
cur = db.cursor()
cur.execute("SELECT sid, msg, source FROM rules")
for record in cur.fetchall():
result[record[0]] = {'msg': record[1], 'source': record[2]}
return result

12
src/opnsense/scripts/suricata/listRuleMetadata.py
View File

@ -1,7 +1,7 @@
#!/usr/local/bin/python3
"""
Copyright (c) 2020 Ad Schellevis <ad@opnsense.org>
Copyright (c) 2020-2023 Ad Schellevis <ad@opnsense.org>
All rights reserved.
Redistribution and use in source and binary forms, with or without
@ -30,6 +30,7 @@
script to fetch all metadata types from the installed suricata rules using the shared rule cache
"""
import argparse
import ujson
from lib.rulecache import RuleCache
@ -38,4 +39,11 @@ if __name__ == '__main__':
if rc.is_changed():
rc.create()
print(ujson.dumps(rc.list_metadata()))
parser = argparse.ArgumentParser()
parser.add_argument('--mode', help='fetch mode', default='properties', choices=['properties', 'rules'])
args = parser.parse_args()
if args.mode == 'properties':
print(ujson.dumps(rc.list_metadata()))
else:
print(ujson.dumps(rc.list_rule_metadata()))

8
src/opnsense/service/conf/actions.d/actions_ids.conf
View File

@ -1,9 +1,15 @@
[list.rulemetadata]
command:/usr/local/opnsense/scripts/suricata/listRuleMetadata.py
parameters:
parameters: --mode properties
type:script_output
message:request suricata rule metadata
[list.rules]
command:/usr/local/opnsense/scripts/suricata/listRuleMetadata.py
parameters: --mode rules
type:script_output
message:request suricata rules
[list.installablerulesets]
command:/usr/local/opnsense/scripts/suricata/listInstallableRulesets.py
parameters: