feat: 升级 wisp 版本, 增加命令过滤动作: 通知并告警

Author: Aaron3S

Dockerfile-base

@@ -29,7 +29,7 @@ RUN set -ex \
     && chmod 755 /usr/local/bin/check \
     && rm -f check-${CHECK_VERSION}-linux-${TARGETARCH}.tar.gz
 
-ARG WISP_VERSION=v0.1.22
+ARG WISP_VERSION=v0.2.0
 RUN set -ex \
     && wget https://github.com/jumpserver/wisp/releases/download/${WISP_VERSION}/wisp-${WISP_VERSION}-linux-${TARGETARCH}.tar.gz \
     && tar -xf wisp-${WISP_VERSION}-linux-${TARGETARCH}.tar.gz -C /usr/local/bin/ --strip-components=1 \

backend/framework/src/main/java/org/jumpserver/chen/framework/console/DataViewConsole.java

@@ -13,13 +13,17 @@
 import org.jumpserver.chen.framework.i18n.MessageUtils;
 import org.jumpserver.chen.framework.jms.entity.CommandRecord;
 import org.jumpserver.chen.framework.session.SessionManager;
+import org.jumpserver.chen.framework.session.controller.dialog.Button;
+import org.jumpserver.chen.framework.session.controller.dialog.Dialog;
 import org.jumpserver.chen.framework.utils.TreeUtils;
 import org.jumpserver.chen.framework.ws.io.Packet;
-import org.jumpserver.chen.wisp.Common;
+import org.jumpserver.wisp.Common;
 import org.springframework.web.socket.WebSocketSession;
 
 import java.sql.SQLException;
 import java.util.Map;
+import java.util.concurrent.CountDownLatch;
+import java.util.concurrent.atomic.AtomicBoolean;
 
 public class DataViewConsole extends AbstractConsole {
 
@@ -110,6 +114,7 @@ public void createDataView(String schemaName, String tableName) {
                     .getSqlActuator()
                     .createPlan(schemaName, tableName, null);
             var sql = plan.getTargetSQL();
+
             var aclResult = session.checkACL(sql);
             if (aclResult != null && (aclResult.getRiskLevel() == Common.RiskLevel.Reject || aclResult.getRiskLevel() == Common.RiskLevel.ReviewReject)) {
                 this.getConsoleLogger().error("%s", MessageUtils.get("ACLRejectError"));
@@ -121,6 +126,42 @@ public void createDataView(String schemaName, String tableName) {
                 this.stateManager.commit();
                 throw new SQLException(MessageUtils.get("ACLRejectError"));
             }
+
+            if (aclResult!=null && aclResult.isNotify()) {
+
+                var dialog = new Dialog(MessageUtils.get("Warning"));
+                dialog.setBody(MessageUtils.get("CommandWarningDialogMessage"));
+                var countDownLatch = new CountDownLatch(1);
+                AtomicBoolean hasNext = new AtomicBoolean(true);
+
+                dialog.addButton(new Button(MessageUtils.get("Submit"), "submit", countDownLatch::countDown));
+
+                dialog.addButton(new Button(MessageUtils.get("Cancel"), "cancel", () -> {
+                    hasNext.set(false);
+                    countDownLatch.countDown();
+                    this.getConsoleLogger().warn(MessageUtils.get("ExecutionCanceled"));
+                }));
+
+                SessionManager.getCurrentSession().getController().showDialog(dialog);
+
+                try {
+                    countDownLatch.await();
+
+                    if (!hasNext.get()) {
+                        throw new SQLException(MessageUtils.get("ExecutionCanceled"));
+                    }
+
+                } catch (InterruptedException e) {
+                    this.stateManager.commit();
+
+                    this.getConsoleLogger().error("get result error");
+                } finally {
+                    SessionManager.getCurrentSession().getController().closeDialog();
+                }
+            }
+
+
+
             plan.setSqlQueryParams(sqlQueryParams);
             plan.generateTargetSQL();
 

backend/framework/src/main/java/org/jumpserver/chen/framework/console/QueryConsole.java

@@ -20,9 +20,11 @@
 import org.jumpserver.chen.framework.jms.acl.ACLResult;
 import org.jumpserver.chen.framework.jms.entity.CommandRecord;
 import org.jumpserver.chen.framework.session.SessionManager;
+import org.jumpserver.chen.framework.session.controller.dialog.Button;
+import org.jumpserver.chen.framework.session.controller.dialog.Dialog;
 import org.jumpserver.chen.framework.utils.TreeUtils;
 import org.jumpserver.chen.framework.ws.io.Packet;
-import org.jumpserver.chen.wisp.Common;
+import org.jumpserver.wisp.Common;
 import org.springframework.web.socket.WebSocketSession;
 
 import java.io.IOException;
@@ -32,6 +34,8 @@
 import java.util.ArrayList;
 import java.util.HashMap;
 import java.util.Map;
+import java.util.concurrent.CountDownLatch;
+import java.util.concurrent.atomic.AtomicBoolean;
 
 @Slf4j
 public class QueryConsole extends AbstractConsole {
@@ -272,6 +276,42 @@ public void onSQL(String sql) {
                 this.stateManager.commit();
                 return;
             }
+
+            if (aclResult.isNotify()) {
+
+                var dialog = new Dialog(MessageUtils.get("Warning"));
+                dialog.setBody(MessageUtils.get("CommandWarningDialogMessage"));
+                var countDownLatch = new CountDownLatch(1);
+                AtomicBoolean hasNext = new AtomicBoolean(true);
+
+                dialog.addButton(new Button(MessageUtils.get("Submit"), "submit", countDownLatch::countDown));
+
+                dialog.addButton(new Button(MessageUtils.get("Cancel"), "cancel", () -> {
+                    hasNext.set(false);
+                    countDownLatch.countDown();
+                    this.getConsoleLogger().warn(MessageUtils.get("ExecutionCanceled"));
+                }));
+
+                SessionManager.getCurrentSession().getController().showDialog(dialog);
+
+                try {
+                    countDownLatch.await();
+
+                    if (!hasNext.get()) {
+                        this.getState().setInQuery(false);
+                        this.stateManager.commit();
+                        return;
+                    }
+
+                } catch (InterruptedException e) {
+                    this.getState().setInQuery(false);
+                    this.stateManager.commit();
+
+                    this.getConsoleLogger().error("获取结果失败!");
+                } finally {
+                    SessionManager.getCurrentSession().getController().closeDialog();
+                }
+            }
         }
 
 

backend/framework/src/main/java/org/jumpserver/chen/framework/jms/acl/ACLResult.java

@@ -1,7 +1,7 @@
 package org.jumpserver.chen.framework.jms.acl;
 
 import lombok.Data;
-import org.jumpserver.chen.wisp.Common;
+import org.jumpserver.wisp.Common;
 
 @Data
 public class ACLResult {
@@ -11,4 +11,6 @@ public class ACLResult {
 
     private String CmdGroupId;
 
+    private boolean Notify = false;
+
 }

backend/framework/src/main/java/org/jumpserver/chen/framework/jms/entity/CommandRecord.java

@@ -2,7 +2,7 @@
 
 import lombok.Data;
 import org.jumpserver.chen.framework.datasource.sql.SQLQueryResult;
-import org.jumpserver.chen.wisp.Common;
+import org.jumpserver.wisp.Common;
 
 @Data
 public class CommandRecord {

backend/framework/src/main/java/org/jumpserver/chen/framework/jms/impl/ACLFilterImpl.java

@@ -8,9 +8,9 @@
 import org.jumpserver.chen.framework.session.SessionManager;
 import org.jumpserver.chen.framework.session.controller.dialog.Button;
 import org.jumpserver.chen.framework.session.controller.dialog.Dialog;
-import org.jumpserver.chen.wisp.Common;
-import org.jumpserver.chen.wisp.ServiceGrpc;
-import org.jumpserver.chen.wisp.ServiceOuterClass;
+import org.jumpserver.wisp.Common;
+import org.jumpserver.wisp.ServiceGrpc;
+import org.jumpserver.wisp.ServiceOuterClass;
 
 import java.sql.Connection;
 import java.util.List;
@@ -55,6 +55,10 @@ public ACLResult commandACLFilter(String command, Connection connection) {
             case Warning -> {
                 result.setRiskLevel(Common.RiskLevel.Warning);
             }
+            case NotifyWarning -> {
+                result.setRiskLevel(Common.RiskLevel.Warning);
+                result.setNotify(true);
+            }
             case Reject -> {
                 result.setRiskLevel(Common.RiskLevel.Reject);
             }

backend/framework/src/main/java/org/jumpserver/chen/framework/jms/impl/CommandHandlerImpl.java

@@ -3,9 +3,9 @@
 import lombok.extern.slf4j.Slf4j;
 import org.jumpserver.chen.framework.jms.CommandHandler;
 import org.jumpserver.chen.framework.jms.entity.CommandRecord;
-import org.jumpserver.chen.wisp.Common;
-import org.jumpserver.chen.wisp.ServiceGrpc;
-import org.jumpserver.chen.wisp.ServiceOuterClass;
+import org.jumpserver.wisp.Common;
+import org.jumpserver.wisp.ServiceGrpc;
+import org.jumpserver.wisp.ServiceOuterClass;
 import org.springframework.scheduling.annotation.Async;
 
 @Slf4j

backend/framework/src/main/java/org/jumpserver/chen/framework/jms/impl/ReplayHandlerImpl.java

@@ -4,9 +4,9 @@
 import org.jumpserver.chen.framework.jms.ReplayHandler;
 import org.jumpserver.chen.framework.jms.asciinema.AsciinemaWriter;
 import org.jumpserver.chen.framework.jms.exception.ReplayException;
-import org.jumpserver.chen.wisp.Common;
-import org.jumpserver.chen.wisp.ServiceGrpc;
-import org.jumpserver.chen.wisp.ServiceOuterClass;
+import org.jumpserver.wisp.Common;
+import org.jumpserver.wisp.ServiceGrpc;
+import org.jumpserver.wisp.ServiceOuterClass;
 
 import java.io.File;
 import java.io.FileWriter;

backend/framework/src/main/java/org/jumpserver/chen/framework/session/impl/JMSSession.java

@@ -21,9 +21,9 @@
 import org.jumpserver.chen.framework.session.controller.message.MessageLevel;
 import org.jumpserver.chen.framework.session.exception.SessionException;
 import org.jumpserver.chen.framework.ws.io.PacketIO;
-import org.jumpserver.chen.wisp.Common;
-import org.jumpserver.chen.wisp.ServiceGrpc;
-import org.jumpserver.chen.wisp.ServiceOuterClass;
+import org.jumpserver.wisp.Common;
+import org.jumpserver.wisp.ServiceGrpc;
+import org.jumpserver.wisp.ServiceOuterClass;
 
 import java.sql.Connection;
 import java.sql.SQLException;

backend/web/src/main/java/org/jumpserver/chen/web/hook/RegisterJMSEvent.java

@@ -7,8 +7,8 @@
 import org.jumpserver.chen.framework.session.SessionManager;
 import org.jumpserver.chen.framework.session.impl.JMSSession;
 import org.jumpserver.chen.web.config.MockConfig;
-import org.jumpserver.chen.wisp.ServiceGrpc;
-import org.jumpserver.chen.wisp.ServiceOuterClass;
+import org.jumpserver.wisp.ServiceGrpc;
+import org.jumpserver.wisp.ServiceOuterClass;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.scheduling.annotation.Async;
 import org.springframework.stereotype.Component;

backend/web/src/main/java/org/jumpserver/chen/web/service/impl/JmsSessionService.java

@@ -8,9 +8,9 @@
 import org.jumpserver.chen.framework.session.Session;
 import org.jumpserver.chen.framework.session.impl.JMSSession;
 import org.jumpserver.chen.web.service.SessionService;
-import org.jumpserver.chen.wisp.Common;
-import org.jumpserver.chen.wisp.ServiceGrpc;
-import org.jumpserver.chen.wisp.ServiceOuterClass;
+import org.jumpserver.wisp.Common;
+import org.jumpserver.wisp.ServiceGrpc;
+import org.jumpserver.wisp.ServiceOuterClass;
 import org.springframework.stereotype.Service;
 
 import java.time.Instant;

backend/wisp/pom.xml

@@ -17,6 +17,11 @@
             <artifactId>grpc-all</artifactId>
             <version>1.55.1</version>
         </dependency>
+        <dependency>
+            <groupId>com.google.protobuf</groupId>
+            <artifactId>protobuf-java</artifactId>
+            <version>4.28.0</version>
+        </dependency>
         <dependency>
             <groupId>org.springframework</groupId>
             <artifactId>spring-context</artifactId>