feat:Support blacklist filtering.

Author: taolx0

sqle/api/controller/v1/audit_plan.go

@@ -6,9 +6,7 @@ import (
 	"encoding/csv"
 	"fmt"
 	"mime"
-	"net"
 	"net/http"
-	"regexp"
 	"strconv"
 	"strings"
 	"time"
@@ -849,93 +847,6 @@ func GetAuditPlanReport(c echo.Context) error {
 	})
 }
 
-func filterSQLsByBlackList(sqls []*AuditPlanSQLReqV1, blackList []*model.BlackListAuditPlanSQL) []*AuditPlanSQLReqV1 {
-	if len(blackList) == 0 {
-		return sqls
-	}
-	filteredSQLs := []*AuditPlanSQLReqV1{}
-	filter := ConvertToBlackFilter(blackList)
-	for _, sql := range sqls {
-		if filter.HasEndpointInBlackList([]string{sql.Endpoint}) || filter.IsSqlInBlackList(sql.LastReceiveText) {
-			continue
-		}
-		filteredSQLs = append(filteredSQLs, sql)
-	}
-	return filteredSQLs
-}
-
-func ConvertToBlackFilter(blackList []*model.BlackListAuditPlanSQL) *BlackFilter {
-	var blackFilter BlackFilter
-	for _, filter := range blackList {
-		switch filter.FilterType {
-		case model.FilterTypeSQL:
-			blackFilter.BlackSqlList = append(blackFilter.BlackSqlList, utils.FullFuzzySearchRegexp(filter.FilterContent))
-		case model.FilterTypeHost:
-			blackFilter.BlackHostList = append(blackFilter.BlackHostList, utils.FullFuzzySearchRegexp(filter.FilterContent))
-		case model.FilterTypeIP:
-			ip := net.ParseIP(filter.FilterContent)
-			if ip == nil {
-				log.Logger().Errorf("wrong ip in black list,ip:%s", filter.FilterContent)
-				continue
-			}
-			blackFilter.BlackIpList = append(blackFilter.BlackIpList, ip)
-		case model.FilterTypeCIDR:
-			_, cidr, err := net.ParseCIDR(filter.FilterContent)
-			if err != nil {
-				log.Logger().Errorf("wrong cidr in black list,cidr:%s,err:%v", filter.FilterContent, err)
-				continue
-			}
-			blackFilter.BlackCidrList = append(blackFilter.BlackCidrList, cidr)
-		}
-	}
-	return &blackFilter
-}
-
-// 构造BlackFilter的目的是缓存黑名单中需要使用的结构体，在每个循环中复用
-type BlackFilter struct {
-	BlackSqlList  []*regexp.Regexp //更换正则匹配提高效率
-	BlackIpList   []net.IP
-	BlackHostList []*regexp.Regexp
-	BlackCidrList []*net.IPNet
-}
-
-func (f BlackFilter) IsSqlInBlackList(checkSql string) bool {
-	for _, blackSql := range f.BlackSqlList {
-		if blackSql.MatchString(checkSql) {
-			return true
-		}
-	}
-	return false
-}
-
-// 输入一组ip若其中有一个ip在黑名单中则返回true
-func (f BlackFilter) HasEndpointInBlackList(checkIps []string) bool {
-	var checkNetIp net.IP
-	for _, checkIp := range checkIps {
-		checkNetIp = net.ParseIP(checkIp)
-		if checkNetIp == nil {
-			// 无法解析IP，可能是域名，需要正则匹配
-			for _, blackHost := range f.BlackHostList {
-				if blackHost.MatchString(checkIp) {
-					return true
-				}
-			}
-		} else {
-			for _, blackIp := range f.BlackIpList {
-				if blackIp.Equal(checkNetIp) {
-					return true
-				}
-			}
-			for _, blackCidr := range f.BlackCidrList {
-				if blackCidr.Contains(checkNetIp) {
-					return true
-				}
-			}
-		}
-	}
-	return false
-}
-
 type FullSyncAuditPlanSQLsReqV1 struct {
 	SQLs []*AuditPlanSQLReqV1 `json:"audit_plan_sql_list" form:"audit_plan_sql_list" valid:"dive"`
 }
@@ -989,13 +900,7 @@ func FullSyncAuditPlanSQLs(c echo.Context) error {
 
 	l := log.NewEntry()
 	reqSQLs := req.SQLs
-	blackList, err := s.GetBlackListAuditPlanSQLsByProjectID(model.ProjectUID(projectUid))
-	if err == nil {
-		reqSQLs = filterSQLsByBlackList(reqSQLs, blackList)
-	} else {
-		l.Warnf("blacklist is not used, err:%v", err)
-	}
-	if len(reqSQLs) == 0 {
+	if len(req.SQLs) == 0 {
 		return controller.JSONBaseErrorReq(c, nil)
 	}
 	sqls, err := convertToModelAuditPlanSQL(c, ap, reqSQLs)
@@ -1045,12 +950,6 @@ func PartialSyncAuditPlanSQLs(c echo.Context) error {
 
 	l := log.NewEntry()
 	reqSQLs := req.SQLs
-	blackList, err := s.GetBlackListAuditPlanSQLsByProjectID(model.ProjectUID(projectUid))
-	if err == nil {
-		reqSQLs = filterSQLsByBlackList(reqSQLs, blackList)
-	} else {
-		l.Warnf("blacklist is not used, err:%v", err)
-	}
 	if len(reqSQLs) == 0 {
 		return controller.JSONBaseErrorReq(c, nil)
 	}

sqle/api/controller/v1/blacklist.go

@@ -4,7 +4,6 @@ import (
 	"context"
 	"fmt"
 	"net/http"
-	"strings"
 	"time"
 
 	"github.com/actiontech/sqle/sqle/api/controller"
@@ -41,7 +40,6 @@ func CreateBlacklist(c echo.Context) error {
 	if err != nil {
 		return controller.JSONBaseErrorReq(c, err)
 	}
-
 	s := model.GetStorage()
 	err = s.Save(&model.BlackListAuditPlanSQL{
 		ProjectId:     model.ProjectUID(projectUid),
@@ -134,7 +132,7 @@ func UpdateBlacklist(c echo.Context) error {
 		blacklist.FilterContent = *req.Content
 	}
 	if req.Type != nil {
-		blacklist.FilterType = model.BlacklistFilterType(strings.ToUpper(*req.Type))
+		blacklist.FilterType = model.BlacklistFilterType(*req.Type)
 	}
 	if req.Desc != nil {
 		blacklist.Desc = *req.Desc
@@ -195,7 +193,7 @@ func GetBlacklist(c echo.Context) error {
 	}
 
 	s := model.GetStorage()
-	blacklistList, count, err := s.GetBlacklistList(model.ProjectUID(projectUid), model.BlacklistFilterType(strings.ToUpper(req.FilterType)), req.FuzzySearchContent, req.PageIndex, req.PageSize)
+	blacklistList, count, err := s.GetBlacklistList(model.ProjectUID(projectUid), model.BlacklistFilterType(req.FilterType), req.FuzzySearchContent, req.PageIndex, req.PageSize)
 	if err != nil {
 		return controller.JSONBaseErrorReq(c, err)
 	}

sqle/api/controller/v2/audit_plan.go

@@ -312,21 +312,6 @@ type AuditPlanSQLReqV2 struct {
 	Endpoints            []string  `json:"endpoints" from:"endpoints"`
 }
 
-func filterSQLsByBlackList(sqls []*AuditPlanSQLReqV2, blackList []*model.BlackListAuditPlanSQL) []*AuditPlanSQLReqV2 {
-	if len(blackList) == 0 {
-		return sqls
-	}
-	filteredSQLs := []*AuditPlanSQLReqV2{}
-	filter := v1.ConvertToBlackFilter(blackList)
-	for _, sql := range sqls {
-		if filter.HasEndpointInBlackList(sql.Endpoints) || filter.IsSqlInBlackList(sql.LastReceiveText) {
-			continue
-		}
-		filteredSQLs = append(filteredSQLs, sql)
-	}
-	return filteredSQLs
-}
-
 func convertToModelAuditPlanSQL(dbType string, reqSQLs []*AuditPlanSQLReqV2) ([]*auditplan.SQL, error) {
 	var p driver.Plugin
 	var err error
@@ -448,12 +433,6 @@ func PartialSyncAuditPlanSQLs(c echo.Context) error {
 
 	l := log.NewEntry()
 	reqSQLs := req.SQLs
-	blackList, err := s.GetBlackListAuditPlanSQLsByProjectID(model.ProjectUID(projectUid))
-	if err == nil {
-		reqSQLs = filterSQLsByBlackList(reqSQLs, blackList)
-	} else {
-		l.Warnf("blacklist is not used, err:%v", err)
-	}
 	if len(reqSQLs) == 0 {
 		return controller.JSONBaseErrorReq(c, nil)
 	}
@@ -502,12 +481,6 @@ func FullSyncAuditPlanSQLs(c echo.Context) error {
 
 	l := log.NewEntry()
 	reqSQLs := req.SQLs
-	blackList, err := s.GetBlackListAuditPlanSQLsByProjectID(model.ProjectUID(projectUid))
-	if err == nil {
-		reqSQLs = filterSQLsByBlackList(reqSQLs, blackList)
-	} else {
-		l.Warnf("blacklist is not used, err:%v", err)
-	}
 	if len(reqSQLs) == 0 {
 		return controller.JSONBaseErrorReq(c, nil)
 	}
@@ -544,11 +517,6 @@ func UploadInstanceAuditPlanSQLs(c echo.Context) error {
 		return controller.JSONBaseErrorReq(c, err)
 	}
 
-	projectUid, err := dms.GetPorjectUIDByName(c.Request().Context(), c.Param("project_name"), true)
-	if err != nil {
-		return controller.JSONBaseErrorReq(c, err)
-	}
-
 	s := model.GetStorage()
 
 	ap, exist, err := s.GetActiveAuditPlanDetail(uint(apID))
@@ -560,13 +528,17 @@ func UploadInstanceAuditPlanSQLs(c echo.Context) error {
 	}
 
 	l := log.NewEntry()
-	reqSQLs := req.SQLs
-	blackList, err := s.GetBlackListAuditPlanSQLsByProjectID(model.ProjectUID(projectUid))
-	if err == nil {
-		reqSQLs = filterSQLsByBlackList(reqSQLs, blackList)
+	instance, exist, err := dms.GetInstancesById(c.Request().Context(), ap.InstanceID)
+	if err != nil {
+		return controller.JSONBaseErrorReq(c, err)
+	}
+	if exist {
+		ap.Instance = instance
 	} else {
-		l.Warnf("blacklist is not used, err:%v", err)
+		l.Errorf("instance not found, instance id: %s", ap.InstanceID)
 	}
+
+	reqSQLs := req.SQLs
 	if len(reqSQLs) == 0 {
 		return controller.JSONBaseErrorReq(c, nil)
 	}

sqle/model/audit_plan.go

@@ -58,20 +58,20 @@ type AuditPlanSQLV2 struct {
 type BlacklistFilterType string
 
 const (
-	FilterTypeSQL      BlacklistFilterType = "SQL"
-	FilterTypeFpSQL    BlacklistFilterType = "FP_SQL"
-	FilterTypeIP       BlacklistFilterType = "IP"
-	FilterTypeCIDR     BlacklistFilterType = "CIDR"
-	FilterTypeHost     BlacklistFilterType = "HOST"
-	FilterTypeInstance BlacklistFilterType = "INSTANCE"
+	FilterTypeSQL      BlacklistFilterType = "sql"
+	FilterTypeFpSQL    BlacklistFilterType = "fp_sql"
+	FilterTypeIP       BlacklistFilterType = "ip"
+	FilterTypeCIDR     BlacklistFilterType = "cidr"
+	FilterTypeHost     BlacklistFilterType = "host"
+	FilterTypeInstance BlacklistFilterType = "instance"
 )
 
 type BlackListAuditPlanSQL struct {
 	Model
 	ProjectId     ProjectUID          `gorm:"index; not null"`
-	FilterContent string              `json:"filter_content" gorm:"type:varchar(512);not null;"`
+	FilterContent string              `json:"filter_content" gorm:"type:varchar(3000);not null;"`
 	Desc          string              `json:"desc" gorm:"type:varchar(512)"`
-	FilterType    BlacklistFilterType `json:"filter_type" gorm:"type:enum('SQL','FP_SQL','IP','CIDR','HOST','INSTANCE');default:'SQL';not null;"`
+	FilterType    BlacklistFilterType `json:"filter_type" gorm:"type:enum('sql','fp_sql','ip','cidr','host','instance');default:'SQL';not null;"`
 	MatchedCount  uint                `json:"matched_count" gorm:"default:0"`
 	LastMatchTime *time.Time          `json:"last_match_time"`
 }
@@ -89,7 +89,7 @@ func (s *Storage) GetBlacklistByID(projectID ProjectUID, id string) (*BlackListA
 	return bl, true, errors.New(errors.ConnectStorageError, err)
 }
 
-func (s *Storage) GetBlackListAuditPlanSQLsByProjectID(projectID ProjectUID) ([]*BlackListAuditPlanSQL, error) {
+func (s *Storage) GetBlackListByProjectID(projectID ProjectUID) ([]*BlackListAuditPlanSQL, error) {
 	var blackListAPS []*BlackListAuditPlanSQL
 	err := s.db.Model(BlackListAuditPlanSQL{}).Where("project_id = ?", projectID).Find(&blackListAPS).Error
 	return blackListAPS, errors.New(errors.ConnectStorageError, err)
@@ -113,6 +113,16 @@ func (s *Storage) GetBlacklistList(projectID ProjectUID, FilterType BlacklistFil
 	return blackListAPS, uint64(count), errors.New(errors.ConnectStorageError, err)
 }
 
+func (s *Storage) BatchUpdateBlackListCount(IdList []uint, matchedCount uint, lastMatchTime time.Time) error {
+	m := map[string]interface{}{
+		"matched_count":   gorm.Expr("matched_count + ?", matchedCount),
+		"last_match_time": lastMatchTime,
+	}
+
+	err := s.db.Model(BlackListAuditPlanSQL{}).Where("id in (?)", IdList).Updates(m).Error
+	return errors.New(errors.ConnectStorageError, err)
+}
+
 func (a AuditPlanSQLV2) TableName() string {
 	return "audit_plan_sqls_v2"
 }

sqle/model/instance_audit_plan.go

@@ -50,6 +50,13 @@ type AuditPlanDetail struct {
 	Instance *Instance `gorm:"-"`
 }
 
+func (a AuditPlanDetail) GetInstanceName() string {
+	if a.Instance == nil {
+		return ""
+	}
+	return a.Instance.Name
+}
+
 func (s *Storage) ListActiveAuditPlanDetail() ([]*AuditPlanDetail, error) {
 	var aps []*AuditPlanDetail
 	err := s.db.Model(AuditPlanV2{}).Joins("JOIN instance_audit_plans ON instance_audit_plans.id = audit_plans_v2.instance_audit_plan_id").
@@ -95,6 +102,7 @@ func (s *Storage) getAuditPlanDetailByID(id uint, status string) (*AuditPlanDeta
 	if ap == nil {
 		return nil, false, nil
 	}
+
 	return ap, true, nil
 }