fix: remove attackClassDesp

962041ba · qiuqunfeng · 8af8dde1 · 962041ba
Commit 962041ba authored Jun 21, 2025 by qiuqunfeng
Show whitespace changes
Inline Side-by-side

Showing with 36 additions and 2 deletions

internal/service/log_consumer.go internal/service/log_consumer.go +36 -2

No files found.
--- a/internal/service/log_consumer.go
+++ b/internal/service/log_consumer.go
@@ -48,6 +48,36 @@ const (
 	KafkaAuthScram       = "scram"
 )

+type AttackClassDesp struct {
+	En string
+	Zh string
+}
+
+var AttackClassDespMap = map[string]AttackClassDesp{
+	"RCE_OS":      {En: "Remote Command Execution", Zh: "远程代码执行"},
+	"SQLI":        {En: "SQL Injection", Zh: "SQL注入"},
+	"XSS":         {En: "Cross-Site Scripting", Zh: "跨站脚本攻击"},
+	"AOIC":        {En: "Access of Internal Components", Zh: "内部组件访问"},
+	"DT":          {En: "Directory Traversal", Zh: "路径穿越"},
+	"DL":          {En: "Data Leakage", Zh: "数据泄露"},
+	"SCD":         {En: "Source Code Disclosure", Zh: "源码泄露"},
+	"RCE_PHP":     {En: "Php remote code execution", Zh: "PHP远程代码执行"},
+	"RCE_JAVA":    {En: "Java remote code execution", Zh: "JAVA远程代码执行"},
+	"LFI":         {En: "Local file include", Zh: "本地文件包含"},
+	"RFI":         {En: "Remote file include", Zh: "远程文件包含"},
+	"UR":          {En: "Url Redirect", Zh: "URL重定向（CVE）"},
+	"DOS":         {En: "DOS", Zh: "DOS攻击"},
+	"UFL":         {En: "Unauthorized File Upload", Zh: "未授权文件上传"},
+	"GR":          {En: "General Rule", Zh: "一般文件规则"},
+	"SS":          {En: "Site Scanning/Probing", Zh: "网站扫描/探测"},
+	"SSRF":        {En: "Server-side request forgery", Zh: "跨站请求伪造"},
+	"FAPPV":       {En: "Famous application vulnerable", Zh: "针对知名应用的针对性规则"},
+	"Other":       {En: "Other", Zh: "其它"},
+	"black":       {En: "blacklist", Zh: "黑名单"},
+	"white":       {En: "whitelist", Zh: "白名单"},
+	"force-white": {En: "strong whitelist", Zh: "强白名单"},
+}
+
 // func getSASLMechanismByEnv() (sasl.Mechanism, bool, error) {
 // 	authMethod := os.Getenv(EnvKafkaAuthMethod)
 // 	username := os.Getenv(EnvKafkaAuthUsername)
@@ -194,16 +224,20 @@ func (s *LogConsumerService) genWafDetectionSignal(wafDetectionMessage model.Waf
 		},
 		CreatedAt:         attackedLog.AttackTime,
 		IsWhitelistFilter: false,
-		WhitelistIDs:      []int64{},
 	}
 	return signal, nil
 }

 func (s *LogConsumerService) genWafDetectionEvent(wafDetectionMessage model.WafDetectionMessage, attackedLog model.WafDetectionAttackedLog) (model.Event, error) {
+	// attackClass := AttackClassDespMap[attackedLog.AttackType]
+	// attackClassDesp := attackClass.Zh
+	// if lang == "en" {
+	// 	attackClassDesp = attackClass.En
+	// }
 	event := model.Event{
 		ID:          id.Str(),
 		Type:        "waf_detection",
-		Description: "waf detection",
+		Description: attackedLog.AttackType,
 		RuleKeys: []model.RuleKey{
 			{
 				Version1: 0,