diff --git a/roles/api/files/replace_metadata.json b/roles/api/files/replace_metadata.json index f4fc69536c..02030fc2d3 100644 --- a/roles/api/files/replace_metadata.json +++ b/roles/api/files/replace_metadata.json @@ -16106,15 +16106,15 @@ } }, { - "name": "uiuser", + "name": "created_import", "using": { - "foreign_key_constraint_on": "rule_owner" + "foreign_key_constraint_on": "rule_created" } }, { - "name": "uiuserByRuleLastCertifier", + "name": "last_modified_import", "using": { - "foreign_key_constraint_on": "rule_last_certifier" + "foreign_key_constraint_on": "rule_last_modified" } } ], @@ -16162,22 +16162,13 @@ "permission": { "check": {}, "columns": [ - "last_change_admin", "mgm_id", "rule_created", - "rule_decert_date", "rule_first_hit", "rule_hit_counter", - "rule_last_certified", - "rule_last_certifier", - "rule_last_certifier_dn", "rule_last_hit", "rule_last_modified", "rule_metadata_id", - "rule_owner", - "rule_owner_dn", - "rule_recertification_comment", - "rule_to_be_removed", "rule_uid" ] } @@ -16188,22 +16179,13 @@ "role": "auditor", "permission": { "columns": [ - "last_change_admin", "mgm_id", "rule_created", - "rule_decert_date", "rule_first_hit", "rule_hit_counter", - "rule_last_certified", - "rule_last_certifier", - "rule_last_certifier_dn", "rule_last_hit", "rule_last_modified", "rule_metadata_id", - "rule_owner", - "rule_owner_dn", - "rule_recertification_comment", - "rule_to_be_removed", "rule_uid" ], "filter": {}, @@ -16214,22 +16196,13 @@ "role": "fw-admin", "permission": { "columns": [ - "last_change_admin", "mgm_id", "rule_created", - "rule_decert_date", "rule_first_hit", "rule_hit_counter", - "rule_last_certified", - "rule_last_certifier", - "rule_last_certifier_dn", "rule_last_hit", "rule_last_modified", "rule_metadata_id", - "rule_owner", - "rule_owner_dn", - "rule_recertification_comment", - "rule_to_be_removed", "rule_uid" ], "filter": {}, @@ -16240,22 +16213,13 @@ "role": "importer", "permission": { "columns": [ - "last_change_admin", "mgm_id", "rule_created", - "rule_decert_date", "rule_first_hit", "rule_hit_counter", - "rule_last_certified", - "rule_last_certifier", - "rule_last_certifier_dn", "rule_last_hit", "rule_last_modified", "rule_metadata_id", - "rule_owner", - "rule_owner_dn", - "rule_recertification_comment", - "rule_to_be_removed", "rule_uid" ], "filter": {}, @@ -16266,22 +16230,13 @@ "role": "middleware-server", "permission": { "columns": [ - "last_change_admin", "mgm_id", "rule_created", - "rule_decert_date", "rule_first_hit", "rule_hit_counter", - "rule_last_certified", - "rule_last_certifier", - "rule_last_certifier_dn", "rule_last_hit", "rule_last_modified", "rule_metadata_id", - "rule_owner", - "rule_owner_dn", - "rule_recertification_comment", - "rule_to_be_removed", "rule_uid" ], "filter": {}, @@ -16292,22 +16247,13 @@ "role": "modeller", "permission": { "columns": [ - "last_change_admin", "mgm_id", "rule_created", - "rule_decert_date", "rule_first_hit", "rule_hit_counter", - "rule_last_certified", - "rule_last_certifier", - "rule_last_certifier_dn", "rule_last_hit", "rule_last_modified", "rule_metadata_id", - "rule_owner", - "rule_owner_dn", - "rule_recertification_comment", - "rule_to_be_removed", "rule_uid" ], "filter": {}, @@ -16318,22 +16264,13 @@ "role": "recertifier", "permission": { "columns": [ - "last_change_admin", "mgm_id", "rule_created", - "rule_decert_date", "rule_first_hit", "rule_hit_counter", - "rule_last_certified", - "rule_last_certifier", - "rule_last_certifier_dn", "rule_last_hit", "rule_last_modified", "rule_metadata_id", - "rule_owner", - "rule_owner_dn", - "rule_recertification_comment", - "rule_to_be_removed", "rule_uid" ], "filter": {}, @@ -16344,22 +16281,13 @@ "role": "reporter", "permission": { "columns": [ - "last_change_admin", "mgm_id", "rule_created", - "rule_decert_date", "rule_first_hit", "rule_hit_counter", - "rule_last_certified", - "rule_last_certifier", - "rule_last_certifier_dn", "rule_last_hit", "rule_last_modified", "rule_metadata_id", - "rule_owner", - "rule_owner_dn", - "rule_recertification_comment", - "rule_to_be_removed", "rule_uid" ], "filter": {}, @@ -16370,22 +16298,13 @@ "role": "reporter-viewall", "permission": { "columns": [ - "last_change_admin", "mgm_id", "rule_created", - "rule_decert_date", "rule_first_hit", "rule_hit_counter", - "rule_last_certified", - "rule_last_certifier", - "rule_last_certifier_dn", "rule_last_hit", "rule_last_modified", "rule_metadata_id", - "rule_owner", - "rule_owner_dn", - "rule_recertification_comment", - "rule_to_be_removed", "rule_uid" ], "filter": {}, @@ -16398,22 +16317,13 @@ "role": "importer", "permission": { "columns": [ - "last_change_admin", "mgm_id", "rule_created", - "rule_decert_date", "rule_first_hit", "rule_hit_counter", - "rule_last_certified", - "rule_last_certifier", - "rule_last_certifier_dn", "rule_last_hit", "rule_last_modified", "rule_metadata_id", - "rule_owner", - "rule_owner_dn", - "rule_recertification_comment", - "rule_to_be_removed", "rule_uid" ], "filter": {}, @@ -16423,14 +16333,7 @@ { "role": "recertifier", "permission": { - "columns": [ - "rule_decert_date", - "rule_last_certified", - "rule_last_certifier", - "rule_last_certifier_dn", - "rule_recertification_comment", - "rule_to_be_removed" - ], + "columns": [], "filter": {}, "check": {} } @@ -22258,30 +22161,6 @@ } } }, - { - "name": "ruleMetadataByRuleOwner", - "using": { - "foreign_key_constraint_on": { - "column": "rule_owner", - "table": { - "name": "rule_metadata", - "schema": "public" - } - } - } - }, - { - "name": "rule_metadata", - "using": { - "foreign_key_constraint_on": { - "column": "rule_last_certifier", - "table": { - "name": "rule_metadata", - "schema": "public" - } - } - } - }, { "name": "rules", "using": { @@ -24077,7 +23956,6 @@ "owner_id", "recert_interval", "rule_from_zone", - "rule_last_certifier", "rule_to_zone", "track_id", "rule_num_numeric", @@ -24112,7 +23990,6 @@ "owner_id", "recert_interval", "rule_from_zone", - "rule_last_certifier", "rule_to_zone", "track_id", "rule_num_numeric", @@ -24155,7 +24032,6 @@ "owner_id", "recert_interval", "rule_from_zone", - "rule_last_certifier", "rule_to_zone", "track_id", "rule_num_numeric", @@ -24198,7 +24074,6 @@ "owner_id", "recert_interval", "rule_from_zone", - "rule_last_certifier", "rule_to_zone", "track_id", "rule_num_numeric", @@ -29310,4 +29185,4 @@ ] } } -} +} \ No newline at end of file diff --git a/roles/common/files/fwo-api-calls/recertification/fragments/ruleOpenCertOverview.graphql b/roles/common/files/fwo-api-calls/recertification/fragments/ruleOpenCertOverview.graphql index 01c52ec9ed..24c5b72087 100644 --- a/roles/common/files/fwo-api-calls/recertification/fragments/ruleOpenCertOverview.graphql +++ b/roles/common/files/fwo-api-calls/recertification/fragments/ruleOpenCertOverview.graphql @@ -16,11 +16,8 @@ fragment ruleOpenCertOverview on rule { rule_first_hit rule_last_hit rule_last_modified - rule_last_certified - rule_last_certifier_dn - rule_to_be_removed - rule_decert_date - rule_recertification_comment + created_import { start_time } + last_modified_import { start_time } recertification: recertifications (where: { owner: $ownerWhere, recert_date: {_is_null: true}, next_recert_date: {_lte: $refdate1}}, order_by: { owner: { name: asc }}) { recert_date recertified diff --git a/roles/common/files/fwo-api-calls/rule/fragments/ruleDetailsChangesNew.graphql b/roles/common/files/fwo-api-calls/rule/fragments/ruleDetailsChangesNew.graphql index 56ffcb18a8..eb24b8c88d 100644 --- a/roles/common/files/fwo-api-calls/rule/fragments/ruleDetailsChangesNew.graphql +++ b/roles/common/files/fwo-api-calls/rule/fragments/ruleDetailsChangesNew.graphql @@ -19,11 +19,8 @@ rule_first_hit rule_last_hit rule_last_modified - rule_last_certified - rule_last_certifier_dn - rule_to_be_removed - rule_decert_date - rule_recertification_comment + created_import { start_time } + last_modified_import { start_time } } active rule_create diff --git a/roles/common/files/fwo-api-calls/rule/fragments/ruleDetailsChangesOld.graphql b/roles/common/files/fwo-api-calls/rule/fragments/ruleDetailsChangesOld.graphql index 3f9f72418b..02716355a6 100644 --- a/roles/common/files/fwo-api-calls/rule/fragments/ruleDetailsChangesOld.graphql +++ b/roles/common/files/fwo-api-calls/rule/fragments/ruleDetailsChangesOld.graphql @@ -19,11 +19,8 @@ rule_first_hit rule_last_hit rule_last_modified - rule_last_certified - rule_last_certifier_dn - rule_to_be_removed - rule_decert_date - rule_recertification_comment + created_import { start_time } + last_modified_import { start_time } } active rule_create diff --git a/roles/common/files/fwo-api-calls/rule/fragments/ruleDetailsForReport.graphql b/roles/common/files/fwo-api-calls/rule/fragments/ruleDetailsForReport.graphql index 206e2ed58c..45c693bb0c 100644 --- a/roles/common/files/fwo-api-calls/rule/fragments/ruleDetailsForReport.graphql +++ b/roles/common/files/fwo-api-calls/rule/fragments/ruleDetailsForReport.graphql @@ -20,11 +20,8 @@ rule_first_hit rule_last_hit rule_last_modified - rule_last_certified - rule_last_certifier_dn - rule_to_be_removed - rule_decert_date - rule_recertification_comment + created_import { start_time } + last_modified_import { start_time } } active rule_create diff --git a/roles/common/files/fwo-api-calls/rule/fragments/ruleOverview.graphql b/roles/common/files/fwo-api-calls/rule/fragments/ruleOverview.graphql index 08d3e9b5fc..fa61319b21 100644 --- a/roles/common/files/fwo-api-calls/rule/fragments/ruleOverview.graphql +++ b/roles/common/files/fwo-api-calls/rule/fragments/ruleOverview.graphql @@ -20,11 +20,8 @@ fragment ruleOverview on rule { rule_first_hit rule_last_hit rule_last_modified - rule_last_certified - rule_last_certifier_dn - rule_to_be_removed - rule_decert_date - rule_recertification_comment + created_import { start_time } + last_modified_import { start_time } } rule_src_neg rule_dst_neg diff --git a/roles/common/files/fwo-api-calls/rule/fragments/ruleOverviewChangesNew.graphql b/roles/common/files/fwo-api-calls/rule/fragments/ruleOverviewChangesNew.graphql index 0e6c7f10da..0311014439 100644 --- a/roles/common/files/fwo-api-calls/rule/fragments/ruleOverviewChangesNew.graphql +++ b/roles/common/files/fwo-api-calls/rule/fragments/ruleOverviewChangesNew.graphql @@ -19,11 +19,8 @@ fragment ruleOverviewChangesNew on rule { rule_first_hit rule_last_hit rule_last_modified - rule_last_certified - rule_last_certifier_dn - rule_to_be_removed - rule_decert_date - rule_recertification_comment + created_import { start_time } + last_modified_import { start_time } } rule_src_neg rule_dst_neg diff --git a/roles/common/files/fwo-api-calls/rule/fragments/ruleOverviewChangesOld.graphql b/roles/common/files/fwo-api-calls/rule/fragments/ruleOverviewChangesOld.graphql index 4a19c3b1e4..5e573ed8a0 100644 --- a/roles/common/files/fwo-api-calls/rule/fragments/ruleOverviewChangesOld.graphql +++ b/roles/common/files/fwo-api-calls/rule/fragments/ruleOverviewChangesOld.graphql @@ -19,11 +19,8 @@ fragment ruleOverviewChangesOld on rule { rule_first_hit rule_last_hit rule_last_modified - rule_last_certified - rule_last_certifier_dn - rule_to_be_removed - rule_decert_date - rule_recertification_comment + created_import { start_time } + last_modified_import { start_time } } rule_src_neg rule_dst_neg diff --git a/roles/database/files/sql/creation/fworch-create-foreign-keys.sql b/roles/database/files/sql/creation/fworch-create-foreign-keys.sql index 11722b4f8e..8722140846 100755 --- a/roles/database/files/sql/creation/fworch-create-foreign-keys.sql +++ b/roles/database/files/sql/creation/fworch-create-foreign-keys.sql @@ -127,10 +127,10 @@ Alter table "rule_from" add foreign key ("user_id") references "usr" ("user_id" -- Alter table "rule_metadata" add constraint "rule_metadata_device_dev_id_f_key" -- foreign key ("dev_id") references "device" ("dev_id") on update restrict on delete cascade; -Alter table "rule_metadata" add constraint "rule_metadata_rule_last_certifier_uiuser_uiuser_id_f_key" - foreign key ("rule_last_certifier") references "uiuser" ("uiuser_id") on update restrict on delete cascade; -Alter table "rule_metadata" add constraint "rule_metadata_rule_owner_uiuser_uiuser_id_f_key" - foreign key ("rule_owner") references "uiuser" ("uiuser_id") on update restrict on delete cascade; +Alter table "rule_metadata" add constraint "rule_metadata_rule_created_import_control_control_id_f_key" + foreign key ("rule_created") references "import_control" ("control_id") on update restrict on delete restrict; +Alter table "rule_metadata" add constraint "rule_metadata_rule_last_modified_import_control_control_id_f_key" + foreign key ("rule_last_modified") references "import_control" ("control_id") on update restrict on delete restrict; ALTER TABLE rule_metadata ADD CONSTRAINT rule_metadata_mgm_id_management_id_fk FOREIGN KEY (mgm_id) REFERENCES management(mgm_id) ON update restrict on delete cascade; diff --git a/roles/database/files/sql/creation/fworch-create-tables.sql b/roles/database/files/sql/creation/fworch-create-tables.sql index 276cdd09d1..2af7e17016 100755 --- a/roles/database/files/sql/creation/fworch-create-tables.sql +++ b/roles/database/files/sql/creation/fworch-create-tables.sql @@ -199,20 +199,11 @@ Create table "rule_metadata" "rule_metadata_id" BIGSERIAL, "rule_uid" Text NOT NULL, "mgm_id" Integer NOT NULL, - "rule_created" Timestamp NOT NULL Default now(), - "rule_last_modified" Timestamp NOT NULL Default now(), + "rule_created" BIGINT NOT NULL, + "rule_last_modified" BIGINT NOT NULL, "rule_first_hit" Timestamp, "rule_last_hit" Timestamp, "rule_hit_counter" BIGINT, - "rule_last_certified" Timestamp, - "rule_last_certifier" Integer, - "rule_last_certifier_dn" VARCHAR, - "rule_owner" Integer, -- points to a uiuser (not an owner) - "rule_owner_dn" Varchar, -- distinguished name pointing to ldap group, path or user - "rule_to_be_removed" Boolean NOT NULL Default FALSE, - "last_change_admin" Integer, - "rule_decert_date" Timestamp, - "rule_recertification_comment" Varchar, primary key ("rule_metadata_id") ); diff --git a/roles/database/files/sql/creation/fworch-views-materialized.sql b/roles/database/files/sql/creation/fworch-views-materialized.sql index 3cfacac9f4..562c4bbc05 100644 --- a/roles/database/files/sql/creation/fworch-views-materialized.sql +++ b/roles/database/files/sql/creation/fworch-views-materialized.sql @@ -21,7 +21,19 @@ DROP VIEW IF EXISTS v_rule_with_dst_owner CASCADE; DROP VIEW IF EXISTS v_rule_with_ip_owner CASCADE; CREATE OR REPLACE VIEW v_active_access_allow_rules AS - SELECT * FROM rule r + SELECT rule_id, + rule_src, rule_dst, rule_svc, + rule_svc_neg, rule_src_neg, rule_dst_neg, + mgm_id, rule_uid, + rule_num_numeric, rule_disabled, + rule_src_refs, rule_dst_refs, rule_svc_refs, + rule_from_zone, rule_to_zone, + rule_action, rule_track, track_id, action_id, + rule_installon, rule_comment, rule_name, rule_implied, rule_custom_fields, + rule_create, removed, + is_global, + rulebase_id + FROM rule r WHERE r.active AND -- only show current (not historical) rules r.access_rule AND -- only show access rules (no NAT) r.rule_head_text IS NULL AND -- do not show header rules @@ -34,13 +46,14 @@ CREATE OR REPLACE VIEW v_rule_ownership_mode AS CREATE OR REPLACE VIEW v_rule_with_rule_owner AS SELECT r.rule_id, ow.id as owner_id, ow.name as owner_name, 'rule' AS matches, - ow.recert_interval, met.rule_last_certified, met.rule_last_certifier + ow.recert_interval, max(rec.recert_date) AS rule_last_certified FROM v_active_access_allow_rules r LEFT JOIN rule_metadata met ON (r.rule_uid=met.rule_uid) LEFT JOIN rule_owner ro ON (ro.rule_metadata_id=met.rule_metadata_id) LEFT JOIN owner ow ON (ro.owner_id=ow.id) + LEFT JOIN recertification rec ON (rec.rule_metadata_id = met.rule_metadata_id AND rec.owner_id = ow.id AND rec.recertified IS TRUE) WHERE NOT ow.id IS NULL - GROUP BY r.rule_id, ow.id, ow.name, met.rule_last_certified, met.rule_last_certifier; + GROUP BY r.rule_id, ow.id, ow.name, ow.recert_interval; CREATE OR REPLACE VIEW v_excluded_src_ips AS SELECT distinct o.obj_ip @@ -82,7 +95,7 @@ CREATE OR REPLACE VIEW v_rule_with_src_owner AS END END AS matching_ip, 'source' AS match_in, - ow.recert_interval, met.rule_last_certified, met.rule_last_certifier + ow.recert_interval, max(rec.recert_date) AS rule_last_certified FROM v_active_access_allow_rules r LEFT JOIN rule_from ON (r.rule_id=rule_from.rule_id) LEFT JOIN objgrp_flat of ON (rule_from.obj_id=of.objgrp_flat_id) @@ -90,12 +103,13 @@ CREATE OR REPLACE VIEW v_rule_with_src_owner AS LEFT JOIN owner_network onw ON (onw.ip_end >= o.obj_ip AND onw.ip <= o.obj_ip_end) LEFT JOIN owner ow ON (onw.owner_id=ow.id) LEFT JOIN rule_metadata met ON (r.rule_uid=met.rule_uid) + LEFT JOIN recertification rec ON (rec.rule_metadata_id = met.rule_metadata_id AND rec.owner_id = ow.id AND rec.recertified IS TRUE) WHERE r.rule_id NOT IN (SELECT distinct rwo.rule_id FROM v_rule_with_rule_owner rwo) AND CASE when (select mode from v_rule_ownership_mode) = 'exclusive' then (NOT o.obj_ip IS NULL) AND o.obj_ip NOT IN (select * from v_excluded_src_ips) else NOT o.obj_ip IS NULL END - GROUP BY r.rule_id, o.obj_ip, o.obj_ip_end, onw.ip, onw.ip_end, ow.id, ow.name, met.rule_last_certified, met.rule_last_certifier; + GROUP BY r.rule_id, o.obj_ip, o.obj_ip_end, onw.ip, onw.ip_end, ow.id, ow.name, ow.recert_interval; CREATE OR REPLACE VIEW v_rule_with_dst_owner AS SELECT @@ -114,7 +128,7 @@ CREATE OR REPLACE VIEW v_rule_with_dst_owner AS END END AS matching_ip, 'destination' AS match_in, - ow.recert_interval, met.rule_last_certified, met.rule_last_certifier + ow.recert_interval, max(rec.recert_date) AS rule_last_certified FROM v_active_access_allow_rules r LEFT JOIN rule_to rt ON (r.rule_id=rt.rule_id) LEFT JOIN objgrp_flat of ON (rt.obj_id=of.objgrp_flat_id) @@ -122,19 +136,20 @@ CREATE OR REPLACE VIEW v_rule_with_dst_owner AS LEFT JOIN owner_network onw ON (onw.ip_end >= o.obj_ip AND onw.ip <= o.obj_ip_end) LEFT JOIN owner ow ON (onw.owner_id=ow.id) LEFT JOIN rule_metadata met ON (r.rule_uid=met.rule_uid) + LEFT JOIN recertification rec ON (rec.rule_metadata_id = met.rule_metadata_id AND rec.owner_id = ow.id AND rec.recertified IS TRUE) WHERE r.rule_id NOT IN (SELECT distinct rwo.rule_id FROM v_rule_with_rule_owner rwo) AND CASE when (select mode from v_rule_ownership_mode) = 'exclusive' then (NOT o.obj_ip IS NULL) AND o.obj_ip NOT IN (select * from v_excluded_dst_ips) else NOT o.obj_ip IS NULL END - GROUP BY r.rule_id, o.obj_ip, o.obj_ip_end, onw.ip, onw.ip_end, ow.id, ow.name, met.rule_last_certified, met.rule_last_certifier; + GROUP BY r.rule_id, o.obj_ip, o.obj_ip_end, onw.ip, onw.ip_end, ow.id, ow.name, ow.recert_interval; CREATE OR REPLACE VIEW v_rule_with_ip_owner AS SELECT DISTINCT uno.rule_id, uno.owner_id, uno.owner_name, string_agg(DISTINCT match_in || ':' || matching_ip::VARCHAR, '; ' order by match_in || ':' || matching_ip::VARCHAR desc) as matches, - uno.recert_interval, uno.rule_last_certified, uno.rule_last_certifier + uno.recert_interval, uno.rule_last_certified FROM ( SELECT DISTINCT * FROM v_rule_with_src_owner AS src UNION SELECT DISTINCT * FROM v_rule_with_dst_owner AS dst) AS uno - GROUP BY uno.rule_id, uno.owner_id, uno.owner_name, uno.recert_interval, uno.rule_last_certified, uno.rule_last_certifier; + GROUP BY uno.rule_id, uno.owner_id, uno.owner_name, uno.recert_interval, uno.rule_last_certified; CREATE OR REPLACE FUNCTION purge_view_rule_with_owner () RETURNS VOID AS $$ DECLARE @@ -157,13 +172,13 @@ DROP FUNCTION purge_view_rule_with_owner(); -- LargeOwnerChange: remove MATERIALIZED for small installations -- SmallOwnerChange: add MATERIALIZED for large installations CREATE MATERIALIZED VIEW view_rule_with_owner AS - SELECT DISTINCT ar.rule_id, ar.owner_id, ar.owner_name, ar.matches, ar.recert_interval, ar.rule_last_certified, ar.rule_last_certifier, + SELECT DISTINCT ar.rule_id, ar.owner_id, ar.owner_name, ar.matches, ar.recert_interval, ar.rule_last_certified, r.rule_num_numeric, r.track_id, r.action_id, r.rule_from_zone, r.rule_to_zone, r.mgm_id, r.rule_uid, r.rule_action, r.rule_name, r.rule_comment, r.rule_track, r.rule_src_neg, r.rule_dst_neg, r.rule_svc_neg, r.rule_head_text, r.rule_disabled, r.access_rule, r.xlate_rule, r.nat_rule FROM ( SELECT DISTINCT * FROM v_rule_with_rule_owner AS rul UNION SELECT DISTINCT * FROM v_rule_with_ip_owner AS ips) AS ar LEFT JOIN rule AS r USING (rule_id) - GROUP BY ar.rule_id, ar.owner_id, ar.owner_name, ar.matches, ar.recert_interval, ar.rule_last_certified, ar.rule_last_certifier, + GROUP BY ar.rule_id, ar.owner_id, ar.owner_name, ar.matches, ar.recert_interval, ar.rule_last_certified, r.rule_num_numeric, r.track_id, r.action_id, r.rule_from_zone, r.rule_to_zone, r.mgm_id, r.rule_uid, r.rule_action, r.rule_name, r.rule_comment, r.rule_track, r.rule_src_neg, r.rule_dst_neg, r.rule_svc_neg, r.rule_head_text, r.rule_disabled, r.access_rule, r.xlate_rule, r.nat_rule; diff --git a/roles/database/files/upgrade/9.0.sql b/roles/database/files/upgrade/9.0.sql index 4a65dff012..5bb9712a53 100644 --- a/roles/database/files/upgrade/9.0.sql +++ b/roles/database/files/upgrade/9.0.sql @@ -628,25 +628,263 @@ Alter table "rule" DROP constraint IF EXISTS "rule_rule_metadata_rule_uid_f_key" Alter table "rule" add constraint "rule_rule_metadata_rule_uid_f_key" foreign key ("rule_uid") references "rule_metadata" ("rule_uid") on update restrict on delete cascade; +-- rule_metadata add mgm_id + fk, drop constraint +ALTER TABLE rule_metadata ADD COLUMN IF NOT EXISTS mgm_id Integer; +DO $$ +BEGIN + IF NOT EXISTS ( + SELECT 1 + FROM pg_constraint + WHERE conname = 'rule_metadata_mgm_id_management_id_fk' + ) THEN + ALTER TABLE rule_metadata + ADD CONSTRAINT rule_metadata_mgm_id_management_id_fk + FOREIGN KEY (mgm_id) REFERENCES management(mgm_id) + ON UPDATE RESTRICT ON DELETE CASCADE; + END IF; +END$$; + +DO $$ +DECLARE + rec RECORD; + v_do_not_import_true_count INT; + v_do_not_import_false_count INT; + missing_uids TEXT; + too_many_mgm_ids_on_uid_and_no_resolve TEXT; + all_errors_with_no_resolve TEXT := ''; + +BEGIN +--Check rule_metadata has entries in rule + SELECT string_agg(rm.rule_uid::text, ', ') + INTO missing_uids + FROM rule_metadata rm + LEFT JOIN rule r ON rm.rule_uid = r.rule_uid + WHERE r.rule_uid IS NULL; + + IF missing_uids IS NOT NULL THEN + RAISE NOTICE 'Missing rule(s): %', missing_uids; + DELETE FROM rule_metadata + WHERE rule_uid IN ( + SELECT rm.rule_uid + FROM rule_metadata rm + LEFT JOIN rule r ON rm.rule_uid = r.rule_uid + WHERE r.rule_uid IS NULL + ); + END IF; + + -- Constraints droppen + ALTER TABLE rule DROP CONSTRAINT IF EXISTS rule_metadatum; + ALTER TABLE rule DROP CONSTRAINT IF EXISTS rule_rule_metadata_rule_uid_f_key; + ALTER TABLE rule_metadata DROP CONSTRAINT IF EXISTS rule_metadata_rule_uid_unique; + +-- Start loop for rule_uid und mgm_id import/transfer + FOR rec IN + SELECT + rm.rule_uid, + COUNT(DISTINCT r.mgm_id) AS mgm_count + FROM rule_metadata rm + JOIN rule r ON rm.rule_uid = r.rule_uid + GROUP BY rm.rule_uid + HAVING COUNT(DISTINCT r.mgm_id) >= 1 + LOOP + -- Case 1: exactly one mgm_id gefunden + IF rec.mgm_count = 1 THEN + -- + UPDATE rule_metadata rm + SET mgm_id = r.mgm_id + FROM rule r + WHERE rm.rule_uid = r.rule_uid + AND rm.mgm_id IS NULL + AND rm.rule_uid = rec.rule_uid; + + -- Case 2: found more then two mgm_id found + ELSIF rec.mgm_count >= 2 THEN + -- Count flag "do_not_import" for rule_uid + SELECT + COUNT(*) FILTER (WHERE m.do_not_import IS TRUE), + COUNT(*) FILTER (WHERE m.do_not_import IS FALSE) + INTO v_do_not_import_true_count, v_do_not_import_false_count + FROM rule r + JOIN management m ON r.mgm_id = m.mgm_id + WHERE r.rule_uid = rec.rule_uid; + + -- check if there is just 1 "do_not_import" = false + IF v_do_not_import_false_count = 1 THEN + UPDATE rule_metadata rm + SET mgm_id = r.mgm_id + FROM rule r + JOIN management m ON r.mgm_id = m.mgm_id + WHERE rm.rule_uid = r.rule_uid + AND m.do_not_import IS FALSE + AND rm.rule_uid = rec.rule_uid + AND rm.mgm_id IS NULL; + + -- Warning: Not used mgm_ids where do_not_import=true + RAISE NOTICE 'rule_uid % has % additional mgm_id(s) marked do_not_import=true: %', + rec.rule_uid, v_do_not_import_true_count, + (SELECT string_agg(format('mgm_id=%s', r.mgm_id), ', ') + FROM rule r + JOIN management m ON r.mgm_id = m.mgm_id + WHERE r.rule_uid = rec.rule_uid + AND m.do_not_import IS TRUE); + + ELSE + -- No resolve + SELECT string_agg( + format('rule_uid=%s → mgm_id=%s (do_not_import=%s)', + r.rule_uid, r.mgm_id, m.do_not_import), + E'\n' + ) + INTO too_many_mgm_ids_on_uid_and_no_resolve + FROM rule r + JOIN management m ON r.mgm_id = m.mgm_id + WHERE r.rule_uid = rec.rule_uid; + + all_errors_with_no_resolve := all_errors_with_no_resolve || format( + E'\n\nrule_uid %s has ambiguous mgm_id assignments:\n%s', + rec.rule_uid, + too_many_mgm_ids_on_uid_and_no_resolve + ); + + END IF; + END IF; + END LOOP; + + IF all_errors_with_no_resolve <> '' THEN + RAISE EXCEPTION 'Ambiguous mgm_id assignments detected:%s', all_errors_with_no_resolve; + END IF; + + -- redo constraints + ALTER TABLE rule_metadata ALTER COLUMN mgm_id SET NOT NULL; + ALTER TABLE rule_metadata ADD CONSTRAINT rule_metadata_rule_uid_unique UNIQUE(rule_uid); + ALTER TABLE rule ADD CONSTRAINT rule_rule_metadata_rule_uid_f_key + FOREIGN KEY (rule_uid) REFERENCES rule_metadata (rule_uid); + + -- set Unique constraint to (mgm_id + rule_uid) + IF NOT EXISTS ( + SELECT 1 + FROM pg_constraint + WHERE conname = 'rule_metadata_mgm_id_rule_uid_unique' + ) THEN + ALTER TABLE rule_metadata ADD CONSTRAINT rule_metadata_mgm_id_rule_uid_unique UNIQUE (mgm_id, rule_uid); + END IF; +END$$; + +-- rework rule_metadata timestamps to reference import_control and drop unused columns +ALTER TABLE IF EXISTS rule_metadata DROP CONSTRAINT IF EXISTS rule_metadata_rule_last_certifier_uiuser_uiuser_id_f_key CASCADE; +ALTER TABLE IF EXISTS rule_metadata DROP CONSTRAINT IF EXISTS rule_metadata_rule_owner_uiuser_uiuser_id_f_key CASCADE; + +ALTER TABLE IF EXISTS rule_metadata ADD COLUMN IF NOT EXISTS rule_created_new BIGINT; +ALTER TABLE IF EXISTS rule_metadata ADD COLUMN IF NOT EXISTS rule_last_modified_new BIGINT; + +UPDATE rule_metadata m SET + rule_created_new = r.rule_create, + rule_last_modified_new = r.rule_last_seen +FROM rule r +WHERE r.rule_uid = m.rule_uid; + +UPDATE rule_metadata SET rule_created_new = COALESCE(rule_created_new, 0) WHERE TRUE; +UPDATE rule_metadata SET rule_last_modified_new = COALESCE(rule_last_modified_new, rule_created_new) WHERE TRUE; + +ALTER TABLE IF EXISTS rule_metadata DROP COLUMN IF EXISTS rule_created; +ALTER TABLE IF EXISTS rule_metadata DROP COLUMN IF EXISTS rule_last_modified; + +ALTER TABLE IF EXISTS rule_metadata RENAME COLUMN rule_created_new TO rule_created; +ALTER TABLE IF EXISTS rule_metadata RENAME COLUMN rule_last_modified_new TO rule_last_modified; + +ALTER TABLE IF EXISTS rule_metadata + ALTER COLUMN rule_created SET NOT NULL, + ALTER COLUMN rule_last_modified SET NOT NULL; + + +-- rebuild recertification related views/materialized view +DROP MATERIALIZED VIEW IF EXISTS view_rule_with_owner CASCADE; +DROP VIEW IF EXISTS v_rule_with_ip_owner CASCADE; +DROP VIEW IF EXISTS v_rule_with_dst_owner CASCADE; +DROP VIEW IF EXISTS v_rule_with_src_owner CASCADE; +DROP VIEW IF EXISTS v_rule_with_rule_owner CASCADE; +DROP VIEW IF EXISTS v_rule_ownership_mode CASCADE; +DROP VIEW IF EXISTS v_active_access_allow_rules CASCADE; +DROP VIEW IF EXISTS v_excluded_src_ips CASCADE; +DROP VIEW IF EXISTS v_excluded_dst_ips CASCADE; + +ALTER TABLE IF EXISTS rule_metadata + DROP COLUMN IF EXISTS rule_last_certified, + DROP COLUMN IF EXISTS rule_last_certifier, + DROP COLUMN IF EXISTS rule_last_certifier_dn, + DROP COLUMN IF EXISTS rule_owner, + DROP COLUMN IF EXISTS rule_owner_dn, + DROP COLUMN IF EXISTS rule_to_be_removed, + DROP COLUMN IF EXISTS last_change_admin, + DROP COLUMN IF EXISTS rule_decert_date, + DROP COLUMN IF EXISTS rule_recertification_comment; + +ALTER TABLE IF EXISTS rule_metadata DROP CONSTRAINT IF EXISTS rule_metadata_rule_created_import_control_control_id_f_key CASCADE; +ALTER TABLE IF EXISTS rule_metadata DROP CONSTRAINT IF EXISTS rule_metadata_rule_last_modified_import_control_control_id_f_key CASCADE; +ALTER TABLE IF EXISTS rule_metadata ADD CONSTRAINT rule_metadata_rule_created_import_control_control_id_f_key + FOREIGN KEY (rule_created) REFERENCES import_control(control_id) ON UPDATE RESTRICT ON DELETE RESTRICT; +ALTER TABLE IF EXISTS rule_metadata ADD CONSTRAINT rule_metadata_rule_last_modified_import_control_control_id_f_key + FOREIGN KEY (rule_last_modified) REFERENCES import_control(control_id) ON UPDATE RESTRICT ON DELETE RESTRICT; + +CREATE OR REPLACE VIEW v_active_access_allow_rules AS + SELECT rule_id, + rule_src, rule_dst, rule_svc, + rule_svc_neg, rule_src_neg, rule_dst_neg, + mgm_id, rule_uid, + rule_num_numeric, rule_disabled, + rule_src_refs, rule_dst_refs, rule_svc_refs, + rule_from_zone, rule_to_zone, + rule_action, rule_track, track_id, action_id, + rule_installon, rule_comment, rule_name, rule_implied, rule_custom_fields, + rule_create, removed, + is_global, + rulebase_id + FROM rule r + WHERE r.active + AND r.access_rule + AND r.rule_head_text IS NULL + AND NOT r.rule_disabled + AND NOT r.action_id IN (2,3,7); + +CREATE OR REPLACE VIEW v_rule_ownership_mode AS + SELECT c.config_value as mode FROM config c + WHERE c.config_key = 'ruleOwnershipMode'; CREATE OR REPLACE VIEW v_rule_with_rule_owner AS SELECT r.rule_id, ow.id as owner_id, ow.name as owner_name, 'rule' AS matches, - ow.recert_interval, met.rule_last_certified, met.rule_last_certifier + ow.recert_interval, max(rec.recert_date) AS rule_last_certified FROM v_active_access_allow_rules r LEFT JOIN rule_metadata met ON (r.rule_uid=met.rule_uid) LEFT JOIN rule_owner ro ON (ro.rule_metadata_id=met.rule_metadata_id) LEFT JOIN owner ow ON (ro.owner_id=ow.id) + LEFT JOIN recertification rec ON (rec.rule_metadata_id = met.rule_metadata_id AND rec.owner_id = ow.id AND rec.recertified IS TRUE) WHERE NOT ow.id IS NULL - GROUP BY r.rule_id, ow.id, ow.name, met.rule_last_certified, met.rule_last_certifier; + GROUP BY r.rule_id, ow.id, ow.name, ow.recert_interval; + +CREATE OR REPLACE VIEW v_excluded_src_ips AS + SELECT distinct o.obj_ip + FROM v_rule_with_rule_owner r + LEFT JOIN rule_from rf ON (r.rule_id=rf.rule_id) + LEFT JOIN objgrp_flat of ON (rf.obj_id=of.objgrp_flat_id) + LEFT JOIN object o ON (of.objgrp_flat_member_id=o.obj_id) + WHERE NOT o.obj_ip='0.0.0.0/0'; + +CREATE OR REPLACE VIEW v_excluded_dst_ips AS + SELECT distinct o.obj_ip + FROM v_rule_with_rule_owner r + LEFT JOIN rule_to rt ON (r.rule_id=rt.rule_id) + LEFT JOIN objgrp_flat of ON (rt.obj_id=of.objgrp_flat_id) + LEFT JOIN object o ON (of.objgrp_flat_member_id=o.obj_id) + WHERE NOT o.obj_ip='0.0.0.0/0'; CREATE OR REPLACE VIEW v_rule_with_src_owner AS SELECT r.rule_id, ow.id as owner_id, ow.name as owner_name, CASE WHEN onw.ip = onw.ip_end - THEN SPLIT_PART(CAST(onw.ip AS VARCHAR), '/', 1) -- Single IP overlap, removing netmask + THEN SPLIT_PART(CAST(onw.ip AS VARCHAR), '/', 1) ELSE - CASE WHEN -- range is a single network + CASE WHEN host(broadcast(inet_merge(onw.ip, onw.ip_end))) = host (onw.ip_end) AND host(inet_merge(onw.ip, onw.ip_end)) = host (onw.ip) THEN @@ -656,7 +894,7 @@ CREATE OR REPLACE VIEW v_rule_with_src_owner AS END END AS matching_ip, 'source' AS match_in, - ow.recert_interval, met.rule_last_certified, met.rule_last_certifier + ow.recert_interval, max(rec.recert_date) AS rule_last_certified FROM v_active_access_allow_rules r LEFT JOIN rule_from ON (r.rule_id=rule_from.rule_id) LEFT JOIN objgrp_flat of ON (rule_from.obj_id=of.objgrp_flat_id) @@ -664,21 +902,22 @@ CREATE OR REPLACE VIEW v_rule_with_src_owner AS LEFT JOIN owner_network onw ON (onw.ip_end >= o.obj_ip AND onw.ip <= o.obj_ip_end) LEFT JOIN owner ow ON (onw.owner_id=ow.id) LEFT JOIN rule_metadata met ON (r.rule_uid=met.rule_uid) + LEFT JOIN recertification rec ON (rec.rule_metadata_id = met.rule_metadata_id AND rec.owner_id = ow.id AND rec.recertified IS TRUE) WHERE r.rule_id NOT IN (SELECT distinct rwo.rule_id FROM v_rule_with_rule_owner rwo) AND CASE when (select mode from v_rule_ownership_mode) = 'exclusive' then (NOT o.obj_ip IS NULL) AND o.obj_ip NOT IN (select * from v_excluded_src_ips) else NOT o.obj_ip IS NULL END - GROUP BY r.rule_id, o.obj_ip, o.obj_ip_end, onw.ip, onw.ip_end, ow.id, ow.name, met.rule_last_certified, met.rule_last_certifier; + GROUP BY r.rule_id, o.obj_ip, o.obj_ip_end, onw.ip, onw.ip_end, ow.id, ow.name, ow.recert_interval; CREATE OR REPLACE VIEW v_rule_with_dst_owner AS SELECT r.rule_id, ow.id as owner_id, ow.name as owner_name, CASE WHEN onw.ip = onw.ip_end - THEN SPLIT_PART(CAST(onw.ip AS VARCHAR), '/', 1) -- Single IP overlap, removing netmask + THEN SPLIT_PART(CAST(onw.ip AS VARCHAR), '/', 1) ELSE - CASE WHEN -- range is a single network + CASE WHEN host(broadcast(inet_merge(onw.ip, onw.ip_end))) = host (onw.ip_end) AND host(inet_merge(onw.ip, onw.ip_end)) = host (onw.ip) THEN @@ -688,7 +927,7 @@ CREATE OR REPLACE VIEW v_rule_with_dst_owner AS END END AS matching_ip, 'destination' AS match_in, - ow.recert_interval, met.rule_last_certified, met.rule_last_certifier + ow.recert_interval, max(rec.recert_date) AS rule_last_certified FROM v_active_access_allow_rules r LEFT JOIN rule_to rt ON (r.rule_id=rt.rule_id) LEFT JOIN objgrp_flat of ON (rt.obj_id=of.objgrp_flat_id) @@ -696,13 +935,34 @@ CREATE OR REPLACE VIEW v_rule_with_dst_owner AS LEFT JOIN owner_network onw ON (onw.ip_end >= o.obj_ip AND onw.ip <= o.obj_ip_end) LEFT JOIN owner ow ON (onw.owner_id=ow.id) LEFT JOIN rule_metadata met ON (r.rule_uid=met.rule_uid) + LEFT JOIN recertification rec ON (rec.rule_metadata_id = met.rule_metadata_id AND rec.owner_id = ow.id AND rec.recertified IS TRUE) WHERE r.rule_id NOT IN (SELECT distinct rwo.rule_id FROM v_rule_with_rule_owner rwo) AND CASE when (select mode from v_rule_ownership_mode) = 'exclusive' then (NOT o.obj_ip IS NULL) AND o.obj_ip NOT IN (select * from v_excluded_dst_ips) else NOT o.obj_ip IS NULL END - GROUP BY r.rule_id, o.obj_ip, o.obj_ip_end, onw.ip, onw.ip_end, ow.id, ow.name, met.rule_last_certified, met.rule_last_certifier; + GROUP BY r.rule_id, o.obj_ip, o.obj_ip_end, onw.ip, onw.ip_end, ow.id, ow.name, ow.recert_interval; + +CREATE OR REPLACE VIEW v_rule_with_ip_owner AS + SELECT DISTINCT uno.rule_id, uno.owner_id, uno.owner_name, + string_agg(DISTINCT match_in || ':' || matching_ip::VARCHAR, '; ' order by match_in || ':' || matching_ip::VARCHAR desc) as matches, + uno.recert_interval, uno.rule_last_certified + FROM ( SELECT DISTINCT * FROM v_rule_with_src_owner AS src UNION SELECT DISTINCT * FROM v_rule_with_dst_owner AS dst) AS uno + GROUP BY uno.rule_id, uno.owner_id, uno.owner_name, uno.recert_interval, uno.rule_last_certified; + +CREATE MATERIALIZED VIEW view_rule_with_owner AS + SELECT DISTINCT ar.rule_id, ar.owner_id, ar.owner_name, ar.matches, ar.recert_interval, ar.rule_last_certified, + r.rule_num_numeric, r.track_id, r.action_id, r.rule_from_zone, r.rule_to_zone, r.mgm_id, r.rule_uid, + r.rule_action, r.rule_name, r.rule_comment, r.rule_track, r.rule_src_neg, r.rule_dst_neg, r.rule_svc_neg, + r.rule_head_text, r.rule_disabled, r.access_rule, r.xlate_rule, r.nat_rule + FROM ( SELECT DISTINCT * FROM v_rule_with_rule_owner AS rul UNION SELECT DISTINCT * FROM v_rule_with_ip_owner AS ips) AS ar + LEFT JOIN rule AS r USING (rule_id) + GROUP BY ar.rule_id, ar.owner_id, ar.owner_name, ar.matches, ar.recert_interval, ar.rule_last_certified, + r.rule_num_numeric, r.track_id, r.action_id, r.rule_from_zone, r.rule_to_zone, r.mgm_id, r.rule_uid, + r.rule_action, r.rule_name, r.rule_comment, r.rule_track, r.rule_src_neg, r.rule_dst_neg, r.rule_svc_neg, + r.rule_head_text, r.rule_disabled, r.access_rule, r.xlate_rule, r.nat_rule; +GRANT SELECT ON TABLE view_rule_with_owner TO GROUP secuadmins, reporters, configimporters; ALTER TABLE rule_metadata DROP COLUMN IF EXISTS "rulebase_id"; ALTER TABLE rule_metadata DROP COLUMN IF EXISTS "dev_id"; @@ -1843,166 +2103,6 @@ insert into stm_dev_typ (dev_typ_id,dev_typ_name,dev_typ_version,dev_typ_manufac VALUES (29,'Cisco Asa on FirePower','9','Cisco','',false,true,false) ON CONFLICT (dev_typ_id) DO NOTHING; - -DROP MATERIALIZED VIEW IF EXISTS view_rule_with_owner; -CREATE MATERIALIZED VIEW view_rule_with_owner AS - SELECT DISTINCT ar.rule_id, ar.owner_id, ar.owner_name, ar.matches, ar.recert_interval, ar.rule_last_certified, ar.rule_last_certifier, - r.rule_num_numeric, r.track_id, r.action_id, r.rule_from_zone, r.rule_to_zone, r.mgm_id, r.rule_uid, - r.rule_action, r.rule_name, r.rule_comment, r.rule_track, r.rule_src_neg, r.rule_dst_neg, r.rule_svc_neg, - r.rule_head_text, r.rule_disabled, r.access_rule, r.xlate_rule, r.nat_rule - FROM ( SELECT DISTINCT * FROM v_rule_with_rule_owner AS rul UNION SELECT DISTINCT * FROM v_rule_with_ip_owner AS ips) AS ar - LEFT JOIN rule AS r USING (rule_id) - GROUP BY ar.rule_id, ar.owner_id, ar.owner_name, ar.matches, ar.recert_interval, ar.rule_last_certified, ar.rule_last_certifier, - r.rule_num_numeric, r.track_id, r.action_id, r.rule_from_zone, r.rule_to_zone, r.mgm_id, r.rule_uid, - r.rule_action, r.rule_name, r.rule_comment, r.rule_track, r.rule_src_neg, r.rule_dst_neg, r.rule_svc_neg, - r.rule_head_text, r.rule_disabled, r.access_rule, r.xlate_rule, r.nat_rule; - - - --- rule_metadata add mgm_id + fk, drop constraint -ALTER TABLE rule_metadata ADD COLUMN IF NOT EXISTS mgm_id Integer; -DO $$ -BEGIN - IF NOT EXISTS ( - SELECT 1 - FROM pg_constraint - WHERE conname = 'rule_metadata_mgm_id_management_id_fk' - ) THEN - ALTER TABLE rule_metadata - ADD CONSTRAINT rule_metadata_mgm_id_management_id_fk - FOREIGN KEY (mgm_id) REFERENCES management(mgm_id) - ON UPDATE RESTRICT ON DELETE CASCADE; - END IF; -END$$; - - - -DO $$ -DECLARE - rec RECORD; - v_do_not_import_true_count INT; - v_do_not_import_false_count INT; - missing_uids TEXT; - too_many_mgm_ids_on_uid_and_no_resolve TEXT; - all_errors_with_no_resolve TEXT := ''; - -BEGIN ---Check rule_metadata has entries in rule - SELECT string_agg(rm.rule_uid::text, ', ') - INTO missing_uids - FROM rule_metadata rm - LEFT JOIN rule r ON rm.rule_uid = r.rule_uid - WHERE r.rule_uid IS NULL; - - IF missing_uids IS NOT NULL THEN - RAISE NOTICE 'Missing rule(s): %', missing_uids; - DELETE FROM rule_metadata - WHERE rule_uid IN ( - SELECT rm.rule_uid - FROM rule_metadata rm - LEFT JOIN rule r ON rm.rule_uid = r.rule_uid - WHERE r.rule_uid IS NULL - ); - END IF; - - -- Constraints droppen - ALTER TABLE rule DROP CONSTRAINT IF EXISTS rule_metadatum; - ALTER TABLE rule DROP CONSTRAINT IF EXISTS rule_rule_metadata_rule_uid_f_key; - ALTER TABLE rule_metadata DROP CONSTRAINT IF EXISTS rule_metadata_rule_uid_unique; - --- Start loop for rule_uid und mgm_id import/transfer - FOR rec IN - SELECT - rm.rule_uid, - COUNT(DISTINCT r.mgm_id) AS mgm_count - FROM rule_metadata rm - JOIN rule r ON rm.rule_uid = r.rule_uid - GROUP BY rm.rule_uid - HAVING COUNT(DISTINCT r.mgm_id) >= 1 - LOOP - -- Case 1: exactly one mgm_id gefunden - IF rec.mgm_count = 1 THEN - -- - UPDATE rule_metadata rm - SET mgm_id = r.mgm_id - FROM rule r - WHERE rm.rule_uid = r.rule_uid - AND rm.mgm_id IS NULL - AND rm.rule_uid = rec.rule_uid; - - -- Case 2: found more then two mgm_id found - ELSIF rec.mgm_count >= 2 THEN - -- Count flag "do_not_import" for rule_uid - SELECT - COUNT(*) FILTER (WHERE m.do_not_import IS TRUE), - COUNT(*) FILTER (WHERE m.do_not_import IS FALSE) - INTO v_do_not_import_true_count, v_do_not_import_false_count - FROM rule r - JOIN management m ON r.mgm_id = m.mgm_id - WHERE r.rule_uid = rec.rule_uid; - - -- check if there is just 1 "do_not_import" = false - IF v_do_not_import_false_count = 1 THEN - UPDATE rule_metadata rm - SET mgm_id = r.mgm_id - FROM rule r - JOIN management m ON r.mgm_id = m.mgm_id - WHERE rm.rule_uid = r.rule_uid - AND m.do_not_import IS FALSE - AND rm.rule_uid = rec.rule_uid - AND rm.mgm_id IS NULL; - - -- Warning: Not used mgm_ids where do_not_import=true - RAISE NOTICE 'rule_uid % has % additional mgm_id(s) marked do_not_import=true: %', - rec.rule_uid, v_do_not_import_true_count, - (SELECT string_agg(format('mgm_id=%s', r.mgm_id), ', ') - FROM rule r - JOIN management m ON r.mgm_id = m.mgm_id - WHERE r.rule_uid = rec.rule_uid - AND m.do_not_import IS TRUE); - - ELSE - -- No resolve - SELECT string_agg( - format('rule_uid=%s → mgm_id=%s (do_not_import=%s)', - r.rule_uid, r.mgm_id, m.do_not_import), - E'\n' - ) - INTO too_many_mgm_ids_on_uid_and_no_resolve - FROM rule r - JOIN management m ON r.mgm_id = m.mgm_id - WHERE r.rule_uid = rec.rule_uid; - - all_errors_with_no_resolve := all_errors_with_no_resolve || format( - E'\n\nrule_uid %s has ambiguous mgm_id assignments:\n%s', - rec.rule_uid, - too_many_mgm_ids_on_uid_and_no_resolve - ); - - END IF; - END IF; - END LOOP; - - IF all_errors_with_no_resolve <> '' THEN - RAISE EXCEPTION 'Ambiguous mgm_id assignments detected:%s', all_errors_with_no_resolve; - END IF; - - -- redo constraints - ALTER TABLE rule_metadata ALTER COLUMN mgm_id SET NOT NULL; - ALTER TABLE rule_metadata ADD CONSTRAINT rule_metadata_rule_uid_unique UNIQUE(rule_uid); - ALTER TABLE rule ADD CONSTRAINT rule_rule_metadata_rule_uid_f_key - FOREIGN KEY (rule_uid) REFERENCES rule_metadata (rule_uid); - - -- set Unique constraint to (mgm_id + rule_uid) - IF NOT EXISTS ( - SELECT 1 - FROM pg_constraint - WHERE conname = 'rule_metadata_mgm_id_rule_uid_unique' - ) THEN - ALTER TABLE rule_metadata ADD CONSTRAINT rule_metadata_mgm_id_rule_uid_unique UNIQUE (mgm_id, rule_uid); - END IF; -END$$; - -- Set stm* tables hardcoded only - no Serial - stm_color filled via csv ALTER TABLE stm_link_type ALTER COLUMN id DROP DEFAULT; ALTER TABLE stm_track ALTER COLUMN track_id DROP DEFAULT; @@ -2019,4 +2119,4 @@ DROP SEQUENCE IF EXISTS public.stm_obj_typ_obj_typ_id_seq; DROP SEQUENCE IF EXISTS public.stm_change_type_change_type_id_seq; DROP SEQUENCE IF EXISTS public.stm_action_action_id_seq; DROP SEQUENCE IF EXISTS public.stm_dev_typ_dev_typ_id_seq; -DROP SEQUENCE IF EXISTS public.parent_rule_type_id_seq; \ No newline at end of file +DROP SEQUENCE IF EXISTS public.parent_rule_type_id_seq; diff --git a/roles/importer/files/importer/models/rule_metadatum.py b/roles/importer/files/importer/models/rule_metadatum.py index 8799644367..a8a75a3cb9 100644 --- a/roles/importer/files/importer/models/rule_metadatum.py +++ b/roles/importer/files/importer/models/rule_metadatum.py @@ -7,18 +7,7 @@ class RuleMetadatum(BaseModel): mgm_id: int rule_created: str | None = None rule_last_modified: str | None = None - rule_first_hit: str | None = None rule_last_hit: str | None = None - rule_hit_counter: int | None = None - rule_last_certified: str | None = None - rule_last_certifier: str | None = None - rule_last_certifier_dn: str | None = None - rule_owner: int | None = None - rule_owner_dn: str | None = None - rule_to_be_removed: bool = False - last_change_admin: str | None = None - rule_decert_date: int | None = None - rule_recertification_comment: str | None = None # RuleForImport is the model for a rule to be imported into the DB (containing IDs) diff --git a/roles/lib/files/FWO.Compliance/ComplianceCheck.cs b/roles/lib/files/FWO.Compliance/ComplianceCheck.cs index b158f19fa1..f8d04e68a0 100644 --- a/roles/lib/files/FWO.Compliance/ComplianceCheck.cs +++ b/roles/lib/files/FWO.Compliance/ComplianceCheck.cs @@ -316,7 +316,7 @@ public Task PostProcessRulesAsync(List ruleFromDb) HashSet currentKeySet = currentViolationsWithKeys.Select(v => v.Key).ToHashSet(StringComparer.Ordinal); HashSet dbKeySet = dbViolationsWithKeys.Select(v => v.Key).ToHashSet(StringComparer.Ordinal); - + ParallelOptions parallelOptions = new() { MaxDegreeOfParallelism = Math.Max(1, _maxDegreeOfParallelism) diff --git a/roles/lib/files/FWO.Data/RuleMetadata.cs b/roles/lib/files/FWO.Data/RuleMetadata.cs index c298a8ba7a..fdff81e4ed 100644 --- a/roles/lib/files/FWO.Data/RuleMetadata.cs +++ b/roles/lib/files/FWO.Data/RuleMetadata.cs @@ -1,5 +1,8 @@ +using System.Linq; using System.Text.Json.Serialization; using Newtonsoft.Json; +using NewtonsoftJsonIgnore = Newtonsoft.Json.JsonIgnoreAttribute; +using SystemTextJsonIgnore = System.Text.Json.Serialization.JsonIgnoreAttribute; namespace FWO.Data { @@ -9,10 +12,16 @@ public class RuleMetadata public long Id { get; set; } [JsonProperty("rule_created"), JsonPropertyName("rule_created")] - public DateTime? Created { get; set; } + public long? CreatedImportId { get; set; } + + [JsonProperty("created_import"), JsonPropertyName("created_import")] + public ImportControl? CreatedImport { get; set; } [JsonProperty("rule_last_modified"), JsonPropertyName("rule_last_modified")] - public DateTime? LastModified { get; set; } + public long? LastModifiedImportId { get; set; } + + [JsonProperty("last_modified_import"), JsonPropertyName("last_modified_import")] + public ImportControl? LastModifiedImport { get; set; } [JsonProperty("rule_first_hit"), JsonPropertyName("rule_first_hit")] public DateTime? FirstHit { get; set; } @@ -20,21 +29,6 @@ public class RuleMetadata [JsonProperty("rule_last_hit"), JsonPropertyName("rule_last_hit")] public DateTime? LastHit { get; set; } - [JsonProperty("rule_last_certified"), JsonPropertyName("rule_last_certified")] - public DateTime? LastCertified { get; set; } - - [JsonProperty("rule_last_certifier_dn"), JsonPropertyName("rule_last_certifier_dn")] - public string LastCertifierDn { get; set; } = ""; - - [JsonProperty("rule_to_be_removed"), JsonPropertyName("rule_to_be_removed")] - public bool ToBeRemoved { get; set; } - - [JsonProperty("rule_decert_date"), JsonPropertyName("rule_decert_date")] - public DateTime? DecertificationDate { get; set; } - - [JsonProperty("rule_recertification_comment"), JsonPropertyName("rule_recertification_comment")] - public string Comment { get; set; } = ""; - [JsonProperty("recertification"), JsonPropertyName("recertification")] public List RuleRecertification { get; set; } = []; @@ -47,6 +41,26 @@ public class RuleMetadata [JsonProperty("rules"), JsonPropertyName("rules")] public Rule[] Rules { get; set; } = []; + [SystemTextJsonIgnore, NewtonsoftJsonIgnore] + public DateTime? Created => CreatedImport?.StartTime; + + [SystemTextJsonIgnore, NewtonsoftJsonIgnore] + public DateTime? LastModified => LastModifiedImport?.StartTime; + + [SystemTextJsonIgnore, NewtonsoftJsonIgnore] + public string Comment => RecertHistory.OrderByDescending(r => r.RecertDate).FirstOrDefault()?.Comment ?? ""; + + [SystemTextJsonIgnore, NewtonsoftJsonIgnore] + public DateTime? LastCertified => RecertHistory.Where(r => r.Recertified) + .OrderByDescending(r => r.RecertDate).FirstOrDefault()?.RecertDate; + + [SystemTextJsonIgnore, NewtonsoftJsonIgnore] + public DateTime? DecertificationDate => RecertHistory.Where(r => !r.Recertified) + .OrderByDescending(r => r.RecertDate).FirstOrDefault()?.RecertDate; + + [SystemTextJsonIgnore, NewtonsoftJsonIgnore] + public bool ToBeRemoved { get; set; } + public DateTime NextRecert { get; set; } public string LastCertifierName { get; set; } = ""; @@ -57,20 +71,15 @@ public class RuleMetadata public void UpdateRecertPeriods(int recertificationPeriod, int recertificationNoticePeriod) { - LastCertifierName = string.IsNullOrEmpty(LastCertifierDn) ? "-" : new DistName(LastCertifierDn).UserName; + Recertification? latestRecert = RecertHistory.OrderByDescending(r => r.RecertDate).FirstOrDefault(); + LastCertifierName = latestRecert?.UserDn != null ? new DistName(latestRecert.UserDn).UserName : "-"; - if (LastCertified != null) - { - NextRecert = ((DateTime)LastCertified).AddDays(recertificationPeriod); - } - else if (Created != null) - { - NextRecert = ((DateTime)Created).AddDays(recertificationPeriod); - } - else - { - NextRecert = DateTime.Now; - } + DateTime? nextRecertFromData = RuleRecertification.Where(r => r.NextRecertDate != null) + .Select(r => r.NextRecertDate) + .OrderBy(d => d) + .FirstOrDefault(); + + NextRecert = nextRecertFromData ?? DateTime.Now; if (NextRecert <= DateTime.Now) { diff --git a/roles/lib/files/FWO.Report.Filter/DynGraphqlQuery.cs b/roles/lib/files/FWO.Report.Filter/DynGraphqlQuery.cs index 53e367f1a4..d790846452 100644 --- a/roles/lib/files/FWO.Report.Filter/DynGraphqlQuery.cs +++ b/roles/lib/files/FWO.Report.Filter/DynGraphqlQuery.cs @@ -669,7 +669,7 @@ private static void SetUnusedFilter(ref DynGraphqlQuery query, UnusedFilter? unu query.QueryVariables["tolerance"] = DateTime.Now.AddDays(-unusedFilter.CreationTolerance); query.RuleWhereStatement += $@"{{rule_metadatum: {{_or: [ {{_and: [{{rule_last_hit: {{_is_null: false}} }}, {{rule_last_hit: {{_lte: $cut}} }} ] }}, - {{_and: [{{rule_last_hit: {{_is_null: true}} }}, {{rule_created: {{_lte: $tolerance}} }} ] }} + {{_and: [{{rule_last_hit: {{_is_null: true}} }}, {{created_import: {{ start_time: {{_lte: $tolerance}} }} }} ] }} ]}} }}"; } } diff --git a/roles/tests-unit/files/FWO.Test/ExportTest.cs b/roles/tests-unit/files/FWO.Test/ExportTest.cs index 6420eaed45..662f0f20f8 100644 --- a/roles/tests-unit/files/FWO.Test/ExportTest.cs +++ b/roles/tests-unit/files/FWO.Test/ExportTest.cs @@ -1,4 +1,4 @@ -using NUnit.Framework; +using NUnit.Framework; using NUnit.Framework.Legacy; using FWO.Logging; using FWO.Report; @@ -66,9 +66,9 @@ public void RulesGenerateHtml() Log.WriteInfo("Test Log", "starting rules report html generation"); var reportRules = ConstructReportRules(false, query, userConfig, ReportType.Rules); - + string expectedHtmlResult = "Rules Report

Rules Report

Time of configuration: 2023-04-20T15:50:04Z (UTC)

Generated on: Z (UTC)

Devices: TestMgt [Mock Device 1]

Filter: TestFilter

TestMgt

Mock Device 1

No.NameSource ZoneSourceDestination ZoneDestinationServicesActionTrackEnabledUidComment
TestRule1srczn1
srczn2
srczn3		 TestIp1 (1.2.3.4/32)
 TestIp2 (127.0.0.1/32)		dstzn1
dstzn2
dstzn3		 TestIpRange (1.2.3.4-1.2.3.5) TestService1 (443/TCP)acceptnoneYuid1comment1
TestRule2not
 TestUser1@ TestIp1 (1.2.3.4/32)
 TestUser1@ TestIp2 (127.0.0.1/32)		not
 TestUser2@ TestIpRange (1.2.3.4-1.2.3.5)		not
 TestService2 (6666-7777/UDP)		denynoneYuid2:123comment2

Network Objects

No.NameTypeIP AddressMembersUidComment
1TestIp1Network1.2.3.4/32
2TestIp2Network127.0.0.1/32
3TestIpRangeIP Range1.2.3.4-1.2.3.5

Network Services

No.NameTypeProtocolPortMembersUidComment
1TestService1TCP443
2TestService2UDP6666-7777

Users

No.NameTypeMembersUidComment
1TestUser1
2TestUser2Group
"; - + string reportHtml = RemoveLinebreaks(RemoveGenDate(reportRules.ExportToHtml(), true)); IEnumerable matches = reportHtml.GetMatches(ToCRegexPattern, ToCAnkerIdGroupName); @@ -97,10 +97,10 @@ public void ResolvedRulesGenerateHtml() public void ResolvedRulesTechGenerateHtml() { Log.WriteInfo("Test Log", "starting rules report resolved html generation"); - + ReportRules reportRules = ConstructReportRules(true, query, userConfig, ReportType.ResolvedRulesTech); - string expectedHtmlResult = "Rules Report (technical)

Rules Report (technical)

Time of configuration: 2023-04-20T15:50:04Z (UTC)

Generated on: Z (UTC)

Devices: TestMgt [Mock Device 1]

Filter: TestFilter

Table of content

TestMgt

Mock Device 1

No.NameSource ZoneSourceDestination ZoneDestinationServicesActionTrackEnabledUidComment
TestRule1srczn1
srczn2
srczn3		1.2.3.4/32
127.0.0.1/32		dstzn1
dstzn2
dstzn3		1.2.3.4-1.2.3.5443/TCPacceptnoneYuid1comment1
TestRule2not
TestUser1@1.2.3.4/32
TestUser1@127.0.0.1/32		not
TestUser2@1.2.3.4-1.2.3.5		not
6666-7777/UDP		denynoneYuid2:123comment2
"; string reportHtml = RemoveLinebreaks(RemoveGenDate(reportRules.ExportToHtml(), true)); + string expectedHtmlResult = "Rules Report (technical)

Rules Report (technical)

Time of configuration: 2023-04-20T15:50:04Z (UTC)

Generated on: Z (UTC)

Devices: TestMgt [Mock Device 1]

Filter: TestFilter

Table of content

TestMgt

Mock Device 1

No.NameSource ZoneSourceDestination ZoneDestinationServicesActionTrackEnabledUidComment
TestRule1srczn1
srczn2
srczn3		1.2.3.4/32
127.0.0.1/32		dstzn1
dstzn2
dstzn3		1.2.3.4-1.2.3.5443/TCPacceptnoneYuid1comment1
TestRule2not
TestUser1@1.2.3.4/32
TestUser1@127.0.0.1/32		not
TestUser2@1.2.3.4-1.2.3.5		not
6666-7777/UDP		denynoneYuid2:123comment2
"; string reportHtml = RemoveLinebreaks(RemoveGenDate(reportRules.ExportToHtml(), true)); IEnumerable matches = reportHtml.GetMatches(ToCRegexPattern, ToCAnkerIdGroupName); reportHtml = reportHtml.ReplaceAll(matches, StaticAnkerId); @@ -314,7 +314,7 @@ public void ResolvedRulesGenerateCsv() { Log.WriteInfo("Test Log", "starting rules report resolved csv generation"); ReportRules reportRules = ConstructReportRules(true, query, userConfig, ReportType.ResolvedRules); - + string expectedCsvResult = "# report type: Rules Report (resolved)" + "# report generation date: Z (UTC)" + "# date of configuration shown: 2023-04-20T15:50:04Z (UTC)" + @@ -326,7 +326,7 @@ public void ResolvedRulesGenerateCsv() "\"TestMgt\",\"Mock Device 1\",\"\",\"TestRule1\",\"\"srczn1\",\"srczn2\",\"srczn3\"\",\"TestIp1 (1.2.3.4/32),TestIp2 (127.0.0.1/32)\",\"\"dstzn1\",\"dstzn2\",\"dstzn3\"\",\"TestIpRange (1.2.3.4-1.2.3.5)\",\"TestService1 (443/TCP)\",\"accept\",\"none\",\"enabled\",\"uid1\",\"comment1\"" + "\"TestMgt\",\"Mock Device 1\",\"\",\"TestRule2\",\"\",\"not(TestUser1@TestIp1 (1.2.3.4/32),TestUser1@TestIp2 (127.0.0.1/32))\",\"\",\"not(TestUser2@TestIpRange (1.2.3.4-1.2.3.5))\",\"not(TestService2 (6666-7777/UDP))\",\"deny\",\"none\",\"enabled\",\"uid2:123\",\"comment2\""; string csvExport = RemoveLinebreaks(RemoveGenDate(reportRules.ExportToCsv())); - ClassicAssert.AreEqual(expectedCsvResult,csvExport); + ClassicAssert.AreEqual(expectedCsvResult, csvExport); } [Test] @@ -409,51 +409,51 @@ public void RulesGenerateJson() int id = reportRules.ReportData.ManagementData.First().Rulebases.First().Id; string expectedJsonResult = "[{\"id\": 0,\"uid\": \"\",\"name\": \"TestMgt\"," + - "\"devices\": [{\"uid\": \"device-1\",\"id\": 1,\"name\": \"Mock Device 1\"," + - "\"rulebase_links\": [{\"gw_id\": 0,\"from_rule_id\": null,\"rule\": null,\"rulebaseByFromRulebaseId\": null,\"from_rulebase_id\": null,\"rulebase\": null,\"link_type\": 0,\"stm_link_type\": null,\"is_initial\": true,\"is_global\": false,\"is_section\": false}]," + - "\"changelog_rules\": null,\"rules_aggregate\": {\"aggregate\": {\"count\": 0}}," + - "\"unusedRules_Count\": {\"aggregate\": {\"count\": 0}}}]," + - "\"rulebases\": [{\"id\": " + id + ",\"name\": \"Mock Rulebase " + id + "\",\"changelog_rules\": null," + - "\"rules_aggregate\": {\"aggregate\": {\"count\": 0}}," + - "\"rules\": [" + - "{\"rule_id\": 0,\"rule_uid\": \"uid1\",\"mgm_id\": 0,\"rule_num_numeric\": 0,\"rule_name\": \"TestRule1\",\"rule_comment\": \"comment1\",\"rule_disabled\": false," + + "\"devices\": [{\"uid\": \"device-1\",\"id\": 1,\"name\": \"Mock Device 1\"," + + "\"rulebase_links\": [{\"gw_id\": 0,\"from_rule_id\": null,\"rule\": null,\"rulebaseByFromRulebaseId\": null,\"from_rulebase_id\": null,\"rulebase\": null,\"link_type\": 0,\"stm_link_type\": null,\"is_initial\": true,\"is_global\": false,\"is_section\": false}]," + + "\"changelog_rules\": null,\"rules_aggregate\": {\"aggregate\": {\"count\": 0}}," + + "\"unusedRules_Count\": {\"aggregate\": {\"count\": 0}}}]," + + "\"rulebases\": [{\"id\": " + id + ",\"name\": \"Mock Rulebase " + id + "\",\"changelog_rules\": null," + + "\"rules_aggregate\": {\"aggregate\": {\"count\": 0}}," + + "\"rules\": [" + + "{\"rule_id\": 0,\"rule_uid\": \"uid1\",\"mgm_id\": 0,\"rule_num_numeric\": 0,\"rule_name\": \"TestRule1\",\"rule_comment\": \"comment1\",\"rule_disabled\": false," + "\"rule_services\": [{\"service\": {\"svc_id\": 1,\"svc_name\": \"TestService1\",\"svc_uid\": \"\",\"svc_port\": 443,\"svc_port_end\": 443,\"svc_source_port\": null,\"svc_source_port_end\": null,\"svc_code\": \"\",\"svc_timeout\": null,\"svc_typ_id\": null,\"active\": false,\"svc_create\": 0,\"svc_create_time\": {\"time\": \"0001-01-01T00:00:00\"},\"svc_last_seen\": 0,\"service_type\": {\"name\": \"\"},\"svc_comment\": \"\",\"svc_color_id\": null,\"stm_color\": null,\"ip_proto_id\": null,\"protocol_name\": {\"id\": 6,\"name\": \"TCP\"},\"svc_member_names\": \"\",\"svc_member_refs\": \"\",\"svcgrps\": [],\"svcgrp_flats\": [],\"svc_rpcnr\": null}}]," + - "\"rule_svc_neg\": false,\"rule_svc\": \"\",\"rule_svc_refs\": \"\",\"rule_src_neg\": false,\"rule_src\": \"\",\"rule_src_refs\": \"\",\"rule_from_zones\": [{\"zone\": {\"zone_id\": 0,\"zone_name\": \"srczn1\"}},{\"zone\": {\"zone_id\": 0,\"zone_name\": \"srczn2\"}},{\"zone\": {\"zone_id\": 0,\"zone_name\": \"srczn3\"}}]," + - "\"rule_froms\": [" + - "{\"object\": {\"obj_id\": 1,\"obj_name\": \"TestIp1\",\"obj_ip\": \"1.2.3.4/32\",\"obj_ip_end\": \"1.2.3.4/32\",\"obj_uid\": \"\",\"zone\": null,\"active\": false,\"obj_create\": 0,\"obj_create_time\": {\"time\": \"0001-01-01T00:00:00\"},\"obj_last_seen\": 0,\"type\": {\"id\": 0,\"name\": \"network\"},\"obj_color\": null,\"obj_comment\": \"\",\"obj_member_names\": \"\",\"obj_member_refs\": \"\",\"objgrps\": [],\"objgrp_flats\": []},\"usr\": {\"user_id\": 0,\"user_uid\": \"\",\"user_name\": \"\",\"user_comment\": \"\",\"user_lastname\": \"\",\"user_firstname\": \"\",\"usr_typ_id\": 0,\"type\": {\"usr_typ_name\": \"\"},\"user_create\": 0,\"user_create_time\": {\"time\": \"0001-01-01T00:00:00\"},\"user_last_seen\": 0,\"user_member_names\": \"\",\"user_member_refs\": \"\",\"usergrps\": [],\"usergrp_flats\": []}}," + + "\"rule_svc_neg\": false,\"rule_svc\": \"\",\"rule_svc_refs\": \"\",\"rule_src_neg\": false,\"rule_src\": \"\",\"rule_src_refs\": \"\",\"rule_from_zones\": [{\"zone\": {\"zone_id\": 0,\"zone_name\": \"srczn1\"}},{\"zone\": {\"zone_id\": 0,\"zone_name\": \"srczn2\"}},{\"zone\": {\"zone_id\": 0,\"zone_name\": \"srczn3\"}}]," + + "\"rule_froms\": [" + + "{\"object\": {\"obj_id\": 1,\"obj_name\": \"TestIp1\",\"obj_ip\": \"1.2.3.4/32\",\"obj_ip_end\": \"1.2.3.4/32\",\"obj_uid\": \"\",\"zone\": null,\"active\": false,\"obj_create\": 0,\"obj_create_time\": {\"time\": \"0001-01-01T00:00:00\"},\"obj_last_seen\": 0,\"type\": {\"id\": 0,\"name\": \"network\"},\"obj_color\": null,\"obj_comment\": \"\",\"obj_member_names\": \"\",\"obj_member_refs\": \"\",\"objgrps\": [],\"objgrp_flats\": []},\"usr\": {\"user_id\": 0,\"user_uid\": \"\",\"user_name\": \"\",\"user_comment\": \"\",\"user_lastname\": \"\",\"user_firstname\": \"\",\"usr_typ_id\": 0,\"type\": {\"usr_typ_name\": \"\"},\"user_create\": 0,\"user_create_time\": {\"time\": \"0001-01-01T00:00:00\"},\"user_last_seen\": 0,\"user_member_names\": \"\",\"user_member_refs\": \"\",\"usergrps\": [],\"usergrp_flats\": []}}," + "{\"object\": {\"obj_id\": 2,\"obj_name\": \"TestIp2\",\"obj_ip\": \"127.0.0.1/32\",\"obj_ip_end\": \"127.0.0.1/32\",\"obj_uid\": \"\",\"zone\": null,\"active\": false,\"obj_create\": 0,\"obj_create_time\": {\"time\": \"0001-01-01T00:00:00\"},\"obj_last_seen\": 0,\"type\": {\"id\": 0,\"name\": \"network\"},\"obj_color\": null,\"obj_comment\": \"\",\"obj_member_names\": \"\",\"obj_member_refs\": \"\",\"objgrps\": [],\"objgrp_flats\": []},\"usr\": {\"user_id\": 0,\"user_uid\": \"\",\"user_name\": \"\",\"user_comment\": \"\",\"user_lastname\": \"\",\"user_firstname\": \"\",\"usr_typ_id\": 0,\"type\": {\"usr_typ_name\": \"\"},\"user_create\": 0,\"user_create_time\": {\"time\": \"0001-01-01T00:00:00\"},\"user_last_seen\": 0,\"user_member_names\": \"\",\"user_member_refs\": \"\",\"usergrps\": [],\"usergrp_flats\": []}}]," + "\"rule_dst_neg\": false,\"rule_dst\": \"\",\"rule_dst_refs\": \"\",\"rule_to_zones\": [{\"zone\": {\"zone_id\": 0,\"zone_name\": \"dstzn1\"}},{\"zone\": {\"zone_id\": 0,\"zone_name\": \"dstzn2\"}},{\"zone\": {\"zone_id\": 0,\"zone_name\": \"dstzn3\"}}]," + - "\"rule_tos\": [" + - "{\"object\": {\"obj_id\": 3,\"obj_name\": \"TestIpRange\",\"obj_ip\": \"1.2.3.4/32\",\"obj_ip_end\": \"1.2.3.5/32\",\"obj_uid\": \"\",\"zone\": null,\"active\": false,\"obj_create\": 0,\"obj_create_time\": {\"time\": \"0001-01-01T00:00:00\"},\"obj_last_seen\": 0,\"type\": {\"id\": 0,\"name\": \"ip_range\"},\"obj_color\": null,\"obj_comment\": \"\",\"obj_member_names\": \"\",\"obj_member_refs\": \"\",\"objgrps\": [],\"objgrp_flats\": []},\"usr\": {\"user_id\": 0,\"user_uid\": \"\",\"user_name\": \"\",\"user_comment\": \"\",\"user_lastname\": \"\",\"user_firstname\": \"\",\"usr_typ_id\": 0,\"type\": {\"usr_typ_name\": \"\"},\"user_create\": 0,\"user_create_time\": {\"time\": \"0001-01-01T00:00:00\"},\"user_last_seen\": 0,\"user_member_names\": \"\",\"user_member_refs\": \"\",\"usergrps\": [],\"usergrp_flats\": []}}]," + - "\"rule_action\": \"accept\",\"rule_track\": \"none\",\"section_header\": \"\"," + - "\"rule_metadatum\": {\"rule_metadata_id\": 0,\"rule_created\": null,\"rule_last_modified\": null,\"rule_first_hit\": null,\"rule_last_hit\": \"2022-04-19T00:00:00\",\"rule_last_certified\": null,\"rule_last_certifier_dn\": \"\",\"rule_to_be_removed\": false,\"rule_decert_date\": null,\"rule_recertification_comment\": \"\",\"recertification\": [],\"recert_history\": [],\"rule_uid\": \"\",\"rules\": [],\"NextRecert\": \"0001-01-01T00:00:00\",\"LastCertifierName\": \"\",\"Recert\": false,\"Style\": \"\"}," + - "\"translate\": {\"rule_svc_neg\": false,\"rule_svc\": \"\",\"rule_services\": [],\"rule_src_neg\": false,\"rule_src\": \"\",\"rule_froms\": [],\"rule_dst_neg\": false,\"rule_dst\": \"\",\"rule_tos\": []}," + - "\"owner_name\": \"\",\"owner_id\": null,\"matches\": \"\",\"rule_custom_fields\": \"\",\"rule_implied\": false,\"nat_rule\": false,\"rulebase_id\": 0,\"rule_num\": 0,\"rule_enforced_on_gateways\": [],\"rule_installon\": null,\"rule_time\": null,\"violations\": [],\"rulebase\": {\"id\": 0,\"name\": \"\",\"uid\": \"\",\"mgm_id\": 0,\"is_global\": false,\"created\": 0,\"removed\": 0,\"rules\": []},\"uiuser\": null,\"rule\": null,\"ChangeID\": \"\",\"AdoITID\": \"\",\"Compliance\": 0,\"ViolationDetails\": \"\",\"DisplayOrderNumberString\": \"\",\"DisplayOrderNumber\": 1,\"Certified\": false,\"DeviceName\": \"\",\"RulebaseName\": \"\",\"DisregardedFroms\": [],\"DisregardedTos\": [],\"DisregardedServices\": [],\"ShowDisregarded\": false}," + - "{\"rule_id\": 0,\"rule_uid\": \"uid2:123\",\"mgm_id\": 0,\"rule_num_numeric\": 0,\"rule_name\": \"TestRule2\",\"rule_comment\": \"comment2\",\"rule_disabled\": false," + + "\"rule_tos\": [" + + "{\"object\": {\"obj_id\": 3,\"obj_name\": \"TestIpRange\",\"obj_ip\": \"1.2.3.4/32\",\"obj_ip_end\": \"1.2.3.5/32\",\"obj_uid\": \"\",\"zone\": null,\"active\": false,\"obj_create\": 0,\"obj_create_time\": {\"time\": \"0001-01-01T00:00:00\"},\"obj_last_seen\": 0,\"type\": {\"id\": 0,\"name\": \"ip_range\"},\"obj_color\": null,\"obj_comment\": \"\",\"obj_member_names\": \"\",\"obj_member_refs\": \"\",\"objgrps\": [],\"objgrp_flats\": []},\"usr\": {\"user_id\": 0,\"user_uid\": \"\",\"user_name\": \"\",\"user_comment\": \"\",\"user_lastname\": \"\",\"user_firstname\": \"\",\"usr_typ_id\": 0,\"type\": {\"usr_typ_name\": \"\"},\"user_create\": 0,\"user_create_time\": {\"time\": \"0001-01-01T00:00:00\"},\"user_last_seen\": 0,\"user_member_names\": \"\",\"user_member_refs\": \"\",\"usergrps\": [],\"usergrp_flats\": []}}]," + + "\"rule_action\": \"accept\",\"rule_track\": \"none\",\"section_header\": \"\"," + + "\"rule_metadatum\": {\"rule_metadata_id\": 0,\"rule_created\": null,\"created_import\": null,\"rule_last_modified\": null,\"last_modified_import\": null,\"rule_first_hit\": null,\"rule_last_hit\": \"2022-04-19T00:00:00\",\"recertification\": [],\"recert_history\": [],\"rule_uid\": \"\",\"rules\": [],\"NextRecert\": \"0001-01-01T00:00:00\",\"LastCertifierName\": \"\",\"Recert\": false,\"Style\": \"\"}," + + "\"translate\": {\"rule_svc_neg\": false,\"rule_svc\": \"\",\"rule_services\": [],\"rule_src_neg\": false,\"rule_src\": \"\",\"rule_froms\": [],\"rule_dst_neg\": false,\"rule_dst\": \"\",\"rule_tos\": []}," + + "\"owner_name\": \"\",\"owner_id\": null,\"matches\": \"\",\"rule_custom_fields\": \"\",\"rule_implied\": false,\"nat_rule\": false,\"rulebase_id\": 0,\"rule_num\": 0,\"rule_enforced_on_gateways\": [],\"rule_installon\": null,\"rule_time\": null,\"violations\": [],\"rulebase\": {\"id\": 0,\"name\": \"\",\"uid\": \"\",\"mgm_id\": 0,\"is_global\": false,\"created\": 0,\"removed\": 0,\"rules\": []},\"uiuser\": null,\"rule\": null,\"ChangeID\": \"\",\"AdoITID\": \"\",\"Compliance\": 0,\"ViolationDetails\": \"\",\"DisplayOrderNumberString\": \"\",\"DisplayOrderNumber\": 1,\"Certified\": false,\"DeviceName\": \"\",\"RulebaseName\": \"\",\"DisregardedFroms\": [],\"DisregardedTos\": [],\"DisregardedServices\": [],\"ShowDisregarded\": false}," + + "{\"rule_id\": 0,\"rule_uid\": \"uid2:123\",\"mgm_id\": 0,\"rule_num_numeric\": 0,\"rule_name\": \"TestRule2\",\"rule_comment\": \"comment2\",\"rule_disabled\": false," + "\"rule_services\": [{\"service\": {\"svc_id\": 2,\"svc_name\": \"TestService2\",\"svc_uid\": \"\",\"svc_port\": 6666,\"svc_port_end\": 7777,\"svc_source_port\": null,\"svc_source_port_end\": null,\"svc_code\": \"\",\"svc_timeout\": null,\"svc_typ_id\": null,\"active\": false,\"svc_create\": 0,\"svc_create_time\": {\"time\": \"0001-01-01T00:00:00\"},\"svc_last_seen\": 0,\"service_type\": {\"name\": \"\"},\"svc_comment\": \"\",\"svc_color_id\": null,\"stm_color\": null,\"ip_proto_id\": null,\"protocol_name\": {\"id\": 17,\"name\": \"UDP\"},\"svc_member_names\": \"\",\"svc_member_refs\": \"\",\"svcgrps\": [],\"svcgrp_flats\": [],\"svc_rpcnr\": null}}]," + "\"rule_svc_neg\": true,\"rule_svc\": \"\",\"rule_svc_refs\": \"\",\"rule_src_neg\": true,\"rule_src\": \"\",\"rule_src_refs\": \"\",\"rule_from_zones\": []," + - "\"rule_froms\": [" + - "{\"object\": {\"obj_id\": 1,\"obj_name\": \"TestIp1\",\"obj_ip\": \"1.2.3.4/32\",\"obj_ip_end\": \"1.2.3.4/32\",\"obj_uid\": \"\",\"zone\": null,\"active\": false,\"obj_create\": 0,\"obj_create_time\": {\"time\": \"0001-01-01T00:00:00\"},\"obj_last_seen\": 0,\"type\": {\"id\": 0,\"name\": \"network\"},\"obj_color\": null,\"obj_comment\": \"\",\"obj_member_names\": \"\",\"obj_member_refs\": \"\",\"objgrps\": [],\"objgrp_flats\": []},\"usr\": {\"user_id\": 1,\"user_uid\": \"\",\"user_name\": \"TestUser1\",\"user_comment\": \"\",\"user_lastname\": \"\",\"user_firstname\": \"\",\"usr_typ_id\": 0,\"type\": {\"usr_typ_name\": \"\"},\"user_create\": 0,\"user_create_time\": {\"time\": \"0001-01-01T00:00:00\"},\"user_last_seen\": 0,\"user_member_names\": \"\",\"user_member_refs\": \"\",\"usergrps\": [],\"usergrp_flats\": []}}," + + "\"rule_froms\": [" + + "{\"object\": {\"obj_id\": 1,\"obj_name\": \"TestIp1\",\"obj_ip\": \"1.2.3.4/32\",\"obj_ip_end\": \"1.2.3.4/32\",\"obj_uid\": \"\",\"zone\": null,\"active\": false,\"obj_create\": 0,\"obj_create_time\": {\"time\": \"0001-01-01T00:00:00\"},\"obj_last_seen\": 0,\"type\": {\"id\": 0,\"name\": \"network\"},\"obj_color\": null,\"obj_comment\": \"\",\"obj_member_names\": \"\",\"obj_member_refs\": \"\",\"objgrps\": [],\"objgrp_flats\": []},\"usr\": {\"user_id\": 1,\"user_uid\": \"\",\"user_name\": \"TestUser1\",\"user_comment\": \"\",\"user_lastname\": \"\",\"user_firstname\": \"\",\"usr_typ_id\": 0,\"type\": {\"usr_typ_name\": \"\"},\"user_create\": 0,\"user_create_time\": {\"time\": \"0001-01-01T00:00:00\"},\"user_last_seen\": 0,\"user_member_names\": \"\",\"user_member_refs\": \"\",\"usergrps\": [],\"usergrp_flats\": []}}," + "{\"object\": {\"obj_id\": 2,\"obj_name\": \"TestIp2\",\"obj_ip\": \"127.0.0.1/32\",\"obj_ip_end\": \"127.0.0.1/32\",\"obj_uid\": \"\",\"zone\": null,\"active\": false,\"obj_create\": 0,\"obj_create_time\": {\"time\": \"0001-01-01T00:00:00\"},\"obj_last_seen\": 0,\"type\": {\"id\": 0,\"name\": \"network\"},\"obj_color\": null,\"obj_comment\": \"\",\"obj_member_names\": \"\",\"obj_member_refs\": \"\",\"objgrps\": [],\"objgrp_flats\": []},\"usr\": {\"user_id\": 1,\"user_uid\": \"\",\"user_name\": \"TestUser1\",\"user_comment\": \"\",\"user_lastname\": \"\",\"user_firstname\": \"\",\"usr_typ_id\": 0,\"type\": {\"usr_typ_name\": \"\"},\"user_create\": 0,\"user_create_time\": {\"time\": \"0001-01-01T00:00:00\"},\"user_last_seen\": 0,\"user_member_names\": \"\",\"user_member_refs\": \"\",\"usergrps\": [],\"usergrp_flats\": []}}]," + "\"rule_dst_neg\": true,\"rule_dst\": \"\",\"rule_dst_refs\": \"\",\"rule_to_zones\": []," + - "\"rule_tos\": [" + - "{\"object\": {\"obj_id\": 3,\"obj_name\": \"TestIpRange\",\"obj_ip\": \"1.2.3.4/32\",\"obj_ip_end\": \"1.2.3.5/32\",\"obj_uid\": \"\",\"zone\": null,\"active\": false,\"obj_create\": 0,\"obj_create_time\": {\"time\": \"0001-01-01T00:00:00\"},\"obj_last_seen\": 0,\"type\": {\"id\": 0,\"name\": \"ip_range\"},\"obj_color\": null,\"obj_comment\": \"\",\"obj_member_names\": \"\",\"obj_member_refs\": \"\",\"objgrps\": [],\"objgrp_flats\": []},\"usr\": {\"user_id\": 2,\"user_uid\": \"\",\"user_name\": \"TestUser2\",\"user_comment\": \"\",\"user_lastname\": \"\",\"user_firstname\": \"\",\"usr_typ_id\": 0,\"type\": {\"usr_typ_name\": \"group\"},\"user_create\": 0,\"user_create_time\": {\"time\": \"0001-01-01T00:00:00\"},\"user_last_seen\": 0,\"user_member_names\": \"\",\"user_member_refs\": \"\",\"usergrps\": [],\"usergrp_flats\": []}}]," + - "\"rule_action\": \"deny\",\"rule_track\": \"none\",\"section_header\": \"\"," + - "\"rule_metadatum\": {\"rule_metadata_id\": 0,\"rule_created\": null,\"rule_last_modified\": null,\"rule_first_hit\": null,\"rule_last_hit\": null,\"rule_last_certified\": null,\"rule_last_certifier_dn\": \"\",\"rule_to_be_removed\": false,\"rule_decert_date\": null,\"rule_recertification_comment\": \"\",\"recertification\": [],\"recert_history\": [],\"rule_uid\": \"\",\"rules\": [],\"NextRecert\": \"0001-01-01T00:00:00\",\"LastCertifierName\": \"\",\"Recert\": false,\"Style\": \"\"}," + - "\"translate\": {\"rule_svc_neg\": false,\"rule_svc\": \"\",\"rule_services\": [],\"rule_src_neg\": false,\"rule_src\": \"\",\"rule_froms\": [],\"rule_dst_neg\": false,\"rule_dst\": \"\",\"rule_tos\": []}," + - "\"owner_name\": \"\",\"owner_id\": null,\"matches\": \"\",\"rule_custom_fields\": \"\",\"rule_implied\": false,\"nat_rule\": false,\"rulebase_id\": 0,\"rule_num\": 0,\"rule_enforced_on_gateways\": [],\"rule_installon\": null,\"rule_time\": null,\"violations\": [],\"rulebase\": {\"id\": 0,\"name\": \"\",\"uid\": \"\",\"mgm_id\": 0,\"is_global\": false,\"created\": 0,\"removed\": 0,\"rules\": []},\"uiuser\": null,\"rule\": null,\"ChangeID\": \"\",\"AdoITID\": \"\",\"Compliance\": 0,\"ViolationDetails\": \"\",\"DisplayOrderNumberString\": \"\",\"DisplayOrderNumber\": 2,\"Certified\": false,\"DeviceName\": \"\",\"RulebaseName\": \"\",\"DisregardedFroms\": [],\"DisregardedTos\": [],\"DisregardedServices\": [],\"ShowDisregarded\": false}]}]," + - "\"import\": {\"aggregate\": {\"max\": {\"id\": null}}}," + - "\"import_controls\": [],\"RelevantImportId\": null,\"is_super_manager\": false,\"multi_device_manager_id\": null,\"management\": null,\"managementByMultiDeviceManagerId\": [],\"networkObjects\": [],\"serviceObjects\": [],\"userObjects\": [],\"zoneObjects\": []," + - "\"reportNetworkObjects\": [" + - "{\"obj_id\": 1,\"obj_name\": \"TestIp1\",\"obj_ip\": \"1.2.3.4/32\",\"obj_ip_end\": \"1.2.3.4/32\",\"obj_uid\": \"\",\"zone\": null,\"active\": false,\"obj_create\": 0,\"obj_create_time\": {\"time\": \"0001-01-01T00:00:00\"},\"obj_last_seen\": 0,\"type\": {\"id\": 0,\"name\": \"network\"},\"obj_color\": null,\"obj_comment\": \"\",\"obj_member_names\": \"\",\"obj_member_refs\": \"\",\"objgrps\": [],\"objgrp_flats\": []}," + - "{\"obj_id\": 2,\"obj_name\": \"TestIp2\",\"obj_ip\": \"127.0.0.1/32\",\"obj_ip_end\": \"127.0.0.1/32\",\"obj_uid\": \"\",\"zone\": null,\"active\": false,\"obj_create\": 0,\"obj_create_time\": {\"time\": \"0001-01-01T00:00:00\"},\"obj_last_seen\": 0,\"type\": {\"id\": 0,\"name\": \"network\"},\"obj_color\": null,\"obj_comment\": \"\",\"obj_member_names\": \"\",\"obj_member_refs\": \"\",\"objgrps\": [],\"objgrp_flats\": []}," + - "{\"obj_id\": 3,\"obj_name\": \"TestIpRange\",\"obj_ip\": \"1.2.3.4/32\",\"obj_ip_end\": \"1.2.3.5/32\",\"obj_uid\": \"\",\"zone\": null,\"active\": false,\"obj_create\": 0,\"obj_create_time\": {\"time\": \"0001-01-01T00:00:00\"},\"obj_last_seen\": 0,\"type\": {\"id\": 0,\"name\": \"ip_range\"},\"obj_color\": null,\"obj_comment\": \"\",\"obj_member_names\": \"\",\"obj_member_refs\": \"\",\"objgrps\": [],\"objgrp_flats\": []}]," + - "\"reportServiceObjects\": [" + - "{\"svc_id\": 1,\"svc_name\": \"TestService1\",\"svc_uid\": \"\",\"svc_port\": 443,\"svc_port_end\": 443,\"svc_source_port\": null,\"svc_source_port_end\": null,\"svc_code\": \"\",\"svc_timeout\": null,\"svc_typ_id\": null,\"active\": false,\"svc_create\": 0,\"svc_create_time\": {\"time\": \"0001-01-01T00:00:00\"},\"svc_last_seen\": 0,\"service_type\": {\"name\": \"\"},\"svc_comment\": \"\",\"svc_color_id\": null,\"stm_color\": null,\"ip_proto_id\": null,\"protocol_name\": {\"id\": 6,\"name\": \"TCP\"},\"svc_member_names\": \"\",\"svc_member_refs\": \"\",\"svcgrps\": [],\"svcgrp_flats\": [],\"svc_rpcnr\": null}," + - "{\"svc_id\": 2,\"svc_name\": \"TestService2\",\"svc_uid\": \"\",\"svc_port\": 6666,\"svc_port_end\": 7777,\"svc_source_port\": null,\"svc_source_port_end\": null,\"svc_code\": \"\",\"svc_timeout\": null,\"svc_typ_id\": null,\"active\": false,\"svc_create\": 0,\"svc_create_time\": {\"time\": \"0001-01-01T00:00:00\"},\"svc_last_seen\": 0,\"service_type\": {\"name\": \"\"},\"svc_comment\": \"\",\"svc_color_id\": null,\"stm_color\": null,\"ip_proto_id\": null,\"protocol_name\": {\"id\": 17,\"name\": \"UDP\"},\"svc_member_names\": \"\",\"svc_member_refs\": \"\",\"svcgrps\": [],\"svcgrp_flats\": [],\"svc_rpcnr\": null}]," + - "\"reportUserObjects\": [" + - "{\"user_id\": 1,\"user_uid\": \"\",\"user_name\": \"TestUser1\",\"user_comment\": \"\",\"user_lastname\": \"\",\"user_firstname\": \"\",\"usr_typ_id\": 0,\"type\": {\"usr_typ_name\": \"\"},\"user_create\": 0,\"user_create_time\": {\"time\": \"0001-01-01T00:00:00\"},\"user_last_seen\": 0,\"user_member_names\": \"\",\"user_member_refs\": \"\",\"usergrps\": [],\"usergrp_flats\": []}," + - "{\"user_id\": 2,\"user_uid\": \"\",\"user_name\": \"TestUser2\",\"user_comment\": \"\",\"user_lastname\": \"\",\"user_firstname\": \"\",\"usr_typ_id\": 0,\"type\": {\"usr_typ_name\": \"group\"},\"user_create\": 0,\"user_create_time\": {\"time\": \"0001-01-01T00:00:00\"},\"user_last_seen\": 0,\"user_member_names\": \"\",\"user_member_refs\": \"\",\"usergrps\": [],\"usergrp_flats\": []}]," + + "\"rule_tos\": [" + + "{\"object\": {\"obj_id\": 3,\"obj_name\": \"TestIpRange\",\"obj_ip\": \"1.2.3.4/32\",\"obj_ip_end\": \"1.2.3.5/32\",\"obj_uid\": \"\",\"zone\": null,\"active\": false,\"obj_create\": 0,\"obj_create_time\": {\"time\": \"0001-01-01T00:00:00\"},\"obj_last_seen\": 0,\"type\": {\"id\": 0,\"name\": \"ip_range\"},\"obj_color\": null,\"obj_comment\": \"\",\"obj_member_names\": \"\",\"obj_member_refs\": \"\",\"objgrps\": [],\"objgrp_flats\": []},\"usr\": {\"user_id\": 2,\"user_uid\": \"\",\"user_name\": \"TestUser2\",\"user_comment\": \"\",\"user_lastname\": \"\",\"user_firstname\": \"\",\"usr_typ_id\": 0,\"type\": {\"usr_typ_name\": \"group\"},\"user_create\": 0,\"user_create_time\": {\"time\": \"0001-01-01T00:00:00\"},\"user_last_seen\": 0,\"user_member_names\": \"\",\"user_member_refs\": \"\",\"usergrps\": [],\"usergrp_flats\": []}}]," + + "\"rule_action\": \"deny\",\"rule_track\": \"none\",\"section_header\": \"\"," + + "\"rule_metadatum\": {\"rule_metadata_id\": 0,\"rule_created\": null,\"created_import\": null,\"rule_last_modified\": null,\"last_modified_import\": null,\"rule_first_hit\": null,\"rule_last_hit\": null,\"recertification\": [],\"recert_history\": [],\"rule_uid\": \"\",\"rules\": [],\"NextRecert\": \"0001-01-01T00:00:00\",\"LastCertifierName\": \"\",\"Recert\": false,\"Style\": \"\"}," + + "\"translate\": {\"rule_svc_neg\": false,\"rule_svc\": \"\",\"rule_services\": [],\"rule_src_neg\": false,\"rule_src\": \"\",\"rule_froms\": [],\"rule_dst_neg\": false,\"rule_dst\": \"\",\"rule_tos\": []}," + + "\"owner_name\": \"\",\"owner_id\": null,\"matches\": \"\",\"rule_custom_fields\": \"\",\"rule_implied\": false,\"nat_rule\": false,\"rulebase_id\": 0,\"rule_num\": 0,\"rule_enforced_on_gateways\": [],\"rule_installon\": null,\"rule_time\": null,\"violations\": [],\"rulebase\": {\"id\": 0,\"name\": \"\",\"uid\": \"\",\"mgm_id\": 0,\"is_global\": false,\"created\": 0,\"removed\": 0,\"rules\": []},\"uiuser\": null,\"rule\": null,\"ChangeID\": \"\",\"AdoITID\": \"\",\"Compliance\": 0,\"ViolationDetails\": \"\",\"DisplayOrderNumberString\": \"\",\"DisplayOrderNumber\": 2,\"Certified\": false,\"DeviceName\": \"\",\"RulebaseName\": \"\",\"DisregardedFroms\": [],\"DisregardedTos\": [],\"DisregardedServices\": [],\"ShowDisregarded\": false}]}]," + + "\"import\": {\"aggregate\": {\"max\": {\"id\": null}}}," + + "\"import_controls\": [],\"RelevantImportId\": null,\"is_super_manager\": false,\"multi_device_manager_id\": null,\"management\": null,\"managementByMultiDeviceManagerId\": [],\"networkObjects\": [],\"serviceObjects\": [],\"userObjects\": [],\"zoneObjects\": []," + + "\"reportNetworkObjects\": [" + + "{\"obj_id\": 1,\"obj_name\": \"TestIp1\",\"obj_ip\": \"1.2.3.4/32\",\"obj_ip_end\": \"1.2.3.4/32\",\"obj_uid\": \"\",\"zone\": null,\"active\": false,\"obj_create\": 0,\"obj_create_time\": {\"time\": \"0001-01-01T00:00:00\"},\"obj_last_seen\": 0,\"type\": {\"id\": 0,\"name\": \"network\"},\"obj_color\": null,\"obj_comment\": \"\",\"obj_member_names\": \"\",\"obj_member_refs\": \"\",\"objgrps\": [],\"objgrp_flats\": []}," + + "{\"obj_id\": 2,\"obj_name\": \"TestIp2\",\"obj_ip\": \"127.0.0.1/32\",\"obj_ip_end\": \"127.0.0.1/32\",\"obj_uid\": \"\",\"zone\": null,\"active\": false,\"obj_create\": 0,\"obj_create_time\": {\"time\": \"0001-01-01T00:00:00\"},\"obj_last_seen\": 0,\"type\": {\"id\": 0,\"name\": \"network\"},\"obj_color\": null,\"obj_comment\": \"\",\"obj_member_names\": \"\",\"obj_member_refs\": \"\",\"objgrps\": [],\"objgrp_flats\": []}," + + "{\"obj_id\": 3,\"obj_name\": \"TestIpRange\",\"obj_ip\": \"1.2.3.4/32\",\"obj_ip_end\": \"1.2.3.5/32\",\"obj_uid\": \"\",\"zone\": null,\"active\": false,\"obj_create\": 0,\"obj_create_time\": {\"time\": \"0001-01-01T00:00:00\"},\"obj_last_seen\": 0,\"type\": {\"id\": 0,\"name\": \"ip_range\"},\"obj_color\": null,\"obj_comment\": \"\",\"obj_member_names\": \"\",\"obj_member_refs\": \"\",\"objgrps\": [],\"objgrp_flats\": []}]," + + "\"reportServiceObjects\": [" + + "{\"svc_id\": 1,\"svc_name\": \"TestService1\",\"svc_uid\": \"\",\"svc_port\": 443,\"svc_port_end\": 443,\"svc_source_port\": null,\"svc_source_port_end\": null,\"svc_code\": \"\",\"svc_timeout\": null,\"svc_typ_id\": null,\"active\": false,\"svc_create\": 0,\"svc_create_time\": {\"time\": \"0001-01-01T00:00:00\"},\"svc_last_seen\": 0,\"service_type\": {\"name\": \"\"},\"svc_comment\": \"\",\"svc_color_id\": null,\"stm_color\": null,\"ip_proto_id\": null,\"protocol_name\": {\"id\": 6,\"name\": \"TCP\"},\"svc_member_names\": \"\",\"svc_member_refs\": \"\",\"svcgrps\": [],\"svcgrp_flats\": [],\"svc_rpcnr\": null}," + + "{\"svc_id\": 2,\"svc_name\": \"TestService2\",\"svc_uid\": \"\",\"svc_port\": 6666,\"svc_port_end\": 7777,\"svc_source_port\": null,\"svc_source_port_end\": null,\"svc_code\": \"\",\"svc_timeout\": null,\"svc_typ_id\": null,\"active\": false,\"svc_create\": 0,\"svc_create_time\": {\"time\": \"0001-01-01T00:00:00\"},\"svc_last_seen\": 0,\"service_type\": {\"name\": \"\"},\"svc_comment\": \"\",\"svc_color_id\": null,\"stm_color\": null,\"ip_proto_id\": null,\"protocol_name\": {\"id\": 17,\"name\": \"UDP\"},\"svc_member_names\": \"\",\"svc_member_refs\": \"\",\"svcgrps\": [],\"svcgrp_flats\": [],\"svc_rpcnr\": null}]," + + "\"reportUserObjects\": [" + + "{\"user_id\": 1,\"user_uid\": \"\",\"user_name\": \"TestUser1\",\"user_comment\": \"\",\"user_lastname\": \"\",\"user_firstname\": \"\",\"usr_typ_id\": 0,\"type\": {\"usr_typ_name\": \"\"},\"user_create\": 0,\"user_create_time\": {\"time\": \"0001-01-01T00:00:00\"},\"user_last_seen\": 0,\"user_member_names\": \"\",\"user_member_refs\": \"\",\"usergrps\": [],\"usergrp_flats\": []}," + + "{\"user_id\": 2,\"user_uid\": \"\",\"user_name\": \"TestUser2\",\"user_comment\": \"\",\"user_lastname\": \"\",\"user_firstname\": \"\",\"usr_typ_id\": 0,\"type\": {\"usr_typ_name\": \"group\"},\"user_create\": 0,\"user_create_time\": {\"time\": \"0001-01-01T00:00:00\"},\"user_last_seen\": 0,\"user_member_names\": \"\",\"user_member_refs\": \"\",\"usergrps\": [],\"usergrp_flats\": []}]," + "\"ReportedRuleIds\": [0],\"ReportedNetworkServiceIds\": [],\"objects_aggregate\": {\"aggregate\": {\"count\": 0}},\"services_aggregate\": {\"aggregate\": {\"count\": 0}},\"usrs_aggregate\": {\"aggregate\": {\"count\": 0}},\"rules_aggregate\": {\"aggregate\": {\"count\": 0}},\"unusedRules_Count\": {\"aggregate\": {\"count\": 0}},\"Ignore\": false}]"; string jsonExport = RemoveLinebreaks(RemoveGenDate(reportRules.ExportToJson(), false, true)); ClassicAssert.AreEqual(expectedJsonResult, jsonExport); @@ -548,7 +548,7 @@ public void ChangesGenerateJson() "\"usr\": {\"user_id\": 0,\"user_uid\": \"\",\"user_name\": \"\",\"user_comment\": \"\",\"user_lastname\": \"\",\"user_firstname\": \"\",\"usr_typ_id\": 0,\"type\": {\"usr_typ_name\": \"\"},\"user_create\": 0,\"user_create_time\": {\"time\": \"0001-01-01T00:00:00\"},\"user_last_seen\": 0,\"user_member_names\": \"\",\"user_member_refs\": \"\",\"usergrps\": [],\"usergrp_flats\": []}}]," + "\"rule_dst_neg\": false,\"rule_dst\": \"\",\"dst_zone\": {\"zone_id\": 0,\"zone_name\": \"dstzn\"},\"rule_tos\": [{\"object\": {\"obj_id\": 3,\"obj_name\": \"TestIpRange\",\"obj_ip\": \"1.2.3.4/32\",\"obj_ip_end\": \"1.2.3.5/32\",\"obj_uid\": \"\",\"zone\": null,\"active\": false,\"obj_create\": 0,\"obj_create_time\": {\"time\": \"0001-01-01T00:00:00\"},\"obj_last_seen\": 0,\"type\": {\"name\": \"ip_range\"},\"obj_comment\": \"\",\"obj_member_names\": \"\",\"obj_member_refs\": \"\",\"objgrps\": [],\"objgrp_flats\": []}," + "\"usr\": {\"user_id\": 0,\"user_uid\": \"\",\"user_name\": \"\",\"user_comment\": \"\",\"user_lastname\": \"\",\"user_firstname\": \"\",\"usr_typ_id\": 0,\"type\": {\"usr_typ_name\": \"\"},\"user_create\": 0,\"user_create_time\": {\"time\": \"0001-01-01T00:00:00\"},\"user_last_seen\": 0,\"user_member_names\": \"\",\"user_member_refs\": \"\",\"usergrps\": [],\"usergrp_flats\": []}}]," + - "\"rule_action\": \"accept\",\"rule_track\": \"none\",\"section_header\": \"\",\"rule_metadatum\": {\"rule_metadata_id\": 0,\"rule_created\": null,\"rule_last_modified\": null,\"rule_first_hit\": null,\"rule_last_hit\": \"2022-04-19T00:00:00\",\"rule_last_certified\": null,\"rule_last_certifier_dn\": \"\",\"rule_to_be_removed\": false,\"rule_decert_date\": null,\"rule_recertification_comment\": \"\",\"recertification\": [],\"recert_history\": [],\"rule_uid\": \"\",\"NextRecert\": \"0001-01-01T00:00:00\",\"LastCertifierName\": \"\",\"Recert\": false,\"Style\": \"\"}," + + "\"rule_action\": \"accept\",\"rule_track\": \"none\",\"section_header\": \"\",\"rule_metadatum\": {\"rule_metadata_id\": 0,\"rule_created\": null,\"created_import\": null,\"rule_last_modified\": null,\"last_modified_import\": null,\"rule_first_hit\": null,\"rule_last_hit\": \"2022-04-19T00:00:00\",\"recertification\": [],\"recert_history\": [],\"rule_uid\": \"\",\"NextRecert\": \"0001-01-01T00:00:00\",\"LastCertifierName\": \"\",\"Recert\": false,\"Style\": \"\"}," + "\"translate\": {\"rule_svc_neg\": false,\"rule_svc\": \"\",\"rule_services\": [],\"rule_src_neg\": false,\"rule_src\": \"\",\"rule_froms\": [],\"rule_dst_neg\": false,\"rule_dst\": \"\",\"rule_tos\": []}," + "\"owner_name\": \"\",\"owner_id\": null,\"matches\": \"\",\"dev_id\": 0,\"rule_custom_fields\": \"\",\"DisplayOrderNumber\": 1,\"Certified\": false,\"DeviceName\": \"\",\"DisregardedFroms\": [],\"DisregardedTos\": [],\"DisregardedServices\": [],\"ShowDisregarded\": false},\"DeviceName\": \"\"}," + "{\"import\": {\"time\": \"2023-04-05T12:00:00\"},\"change_action\": \"C\",\"old\": {\"rule_id\": 0,\"rule_uid\": \"uid1\",\"mgm_id\": 0,\"rule_num_numeric\": 0,\"rule_name\": \"TestRule1\",\"rule_comment\": \"comment1\",\"rule_disabled\": false," + @@ -559,7 +559,7 @@ public void ChangesGenerateJson() "\"usr\": {\"user_id\": 0,\"user_uid\": \"\",\"user_name\": \"\",\"user_comment\": \"\",\"user_lastname\": \"\",\"user_firstname\": \"\",\"usr_typ_id\": 0,\"type\": {\"usr_typ_name\": \"\"},\"user_create\": 0,\"user_create_time\": {\"time\": \"0001-01-01T00:00:00\"},\"user_last_seen\": 0,\"user_member_names\": \"\",\"user_member_refs\": \"\",\"usergrps\": [],\"usergrp_flats\": []}}]," + "\"rule_dst_neg\": false,\"rule_dst\": \"\",\"dst_zone\": {\"zone_id\": 0,\"zone_name\": \"dstzn\"},\"rule_tos\": [{\"object\": {\"obj_id\": 3,\"obj_name\": \"TestIpRange\",\"obj_ip\": \"1.2.3.4/32\",\"obj_ip_end\": \"1.2.3.5/32\",\"obj_uid\": \"\",\"zone\": null,\"active\": false,\"obj_create\": 0,\"obj_create_time\": {\"time\": \"0001-01-01T00:00:00\"},\"obj_last_seen\": 0,\"type\": {\"name\": \"ip_range\"},\"obj_comment\": \"\",\"obj_member_names\": \"\",\"obj_member_refs\": \"\",\"objgrps\": [],\"objgrp_flats\": []}," + "\"usr\": {\"user_id\": 0,\"user_uid\": \"\",\"user_name\": \"\",\"user_comment\": \"\",\"user_lastname\": \"\",\"user_firstname\": \"\",\"usr_typ_id\": 0,\"type\": {\"usr_typ_name\": \"\"},\"user_create\": 0,\"user_create_time\": {\"time\": \"0001-01-01T00:00:00\"},\"user_last_seen\": 0,\"user_member_names\": \"\",\"user_member_refs\": \"\",\"usergrps\": [],\"usergrp_flats\": []}}]," + - "\"rule_action\": \"accept\",\"rule_track\": \"none\",\"section_header\": \"\",\"rule_metadatum\": {\"rule_metadata_id\": 0,\"rule_created\": null,\"rule_last_modified\": null,\"rule_first_hit\": null,\"rule_last_hit\": \"2022-04-19T00:00:00\",\"rule_last_certified\": null,\"rule_last_certifier_dn\": \"\",\"rule_to_be_removed\": false,\"rule_decert_date\": null,\"rule_recertification_comment\": \"\",\"recertification\": [],\"recert_history\": [],\"rule_uid\": \"\",\"NextRecert\": \"0001-01-01T00:00:00\",\"LastCertifierName\": \"\",\"Recert\": false,\"Style\": \"\"}," + + "\"rule_action\": \"accept\",\"rule_track\": \"none\",\"section_header\": \"\",\"rule_metadatum\": {\"rule_metadata_id\": 0,\"rule_created\": null,\"created_import\": null,\"rule_last_modified\": null,\"last_modified_import\": null,\"rule_first_hit\": null,\"rule_last_hit\": \"2022-04-19T00:00:00\",\"recertification\": [],\"recert_history\": [],\"rule_uid\": \"\",\"NextRecert\": \"0001-01-01T00:00:00\",\"LastCertifierName\": \"\",\"Recert\": false,\"Style\": \"\"}," + "\"translate\": {\"rule_svc_neg\": false,\"rule_svc\": \"\",\"rule_services\": [],\"rule_src_neg\": false,\"rule_src\": \"\",\"rule_froms\": [],\"rule_dst_neg\": false,\"rule_dst\": \"\",\"rule_tos\": []}," + "\"owner_name\": \"\",\"owner_id\": null,\"matches\": \"\",\"dev_id\": 0,\"rule_custom_fields\": \"\",\"DisplayOrderNumber\": 1,\"Certified\": false,\"DeviceName\": \"\",\"DisregardedFroms\": [],\"DisregardedTos\": [],\"DisregardedServices\": [],\"ShowDisregarded\": false},\"new\": {\"rule_id\": 0,\"rule_uid\": \"\",\"mgm_id\": 0,\"rule_num_numeric\": 0,\"rule_name\": \"TestRule1\",\"rule_comment\": \"new comment\",\"rule_disabled\": false," + "\"rule_services\": [{\"service\": {\"svc_id\": 1,\"svc_name\": \"TestService1\",\"svc_uid\": \"\",\"svc_port\": 443,\"svc_port_end\": 443,\"svc_source_port\": null,\"svc_source_port_end\": null,\"svc_code\": \"\",\"svc_timeout\": null,\"svc_typ_id\": null,\"active\": false,\"svc_create\": 0,\"svc_create_time\": {\"time\": \"0001-01-01T00:00:00\"},\"svc_last_seen\": 0,\"service_type\": {\"name\": \"\"},\"svc_comment\": \"\",\"svc_color_id\": null,\"ip_proto_id\": null,\"protocol_name\": {\"id\": 6,\"name\": \"TCP\"},\"svc_member_names\": \"\",\"svc_member_refs\": \"\",\"svcgrps\": [],\"svcgrp_flats\": []}}]," + @@ -569,7 +569,7 @@ public void ChangesGenerateJson() "\"rule_dst_neg\": false,\"rule_dst\": \"\",\"dst_zone\": {\"zone_id\": 0,\"zone_name\": \"dstzn\"},\"rule_tos\": [{\"object\": {\"obj_id\": 3,\"obj_name\": \"TestIpRange\",\"obj_ip\": \"1.2.3.4/32\",\"obj_ip_end\": \"1.2.3.5/32\",\"obj_uid\": \"\",\"zone\": null,\"active\": false,\"obj_create\": 0,\"obj_create_time\": {\"time\": \"0001-01-01T00:00:00\"},\"obj_last_seen\": 0,\"type\": {\"name\": \"ip_range\"},\"obj_comment\": \"\",\"obj_member_names\": \"\",\"obj_member_refs\": \"\",\"objgrps\": [],\"objgrp_flats\": []}," + "\"usr\": {\"user_id\": 0,\"user_uid\": \"\",\"user_name\": \"\",\"user_comment\": \"\",\"user_lastname\": \"\",\"user_firstname\": \"\",\"usr_typ_id\": 0,\"type\": {\"usr_typ_name\": \"\"},\"user_create\": 0,\"user_create_time\": {\"time\": \"0001-01-01T00:00:00\"},\"user_last_seen\": 0,\"user_member_names\": \"\",\"user_member_refs\": \"\",\"usergrps\": [],\"usergrp_flats\": []}},{\"object\": {\"obj_id\": 4,\"obj_name\": \"TestIpNew\",\"obj_ip\": \"10.0.6.0/32\",\"obj_ip_end\": \"10.0.6.255/32\",\"obj_uid\": \"\",\"zone\": null,\"active\": false,\"obj_create\": 0,\"obj_create_time\": {\"time\": \"0001-01-01T00:00:00\"},\"obj_last_seen\": 0,\"type\": {\"name\": \"network\"},\"obj_comment\": \"\",\"obj_member_names\": \"\",\"obj_member_refs\": \"\",\"objgrps\": [],\"objgrp_flats\": []}," + "\"usr\": {\"user_id\": 0,\"user_uid\": \"\",\"user_name\": \"\",\"user_comment\": \"\",\"user_lastname\": \"\",\"user_firstname\": \"\",\"usr_typ_id\": 0,\"type\": {\"usr_typ_name\": \"\"},\"user_create\": 0,\"user_create_time\": {\"time\": \"0001-01-01T00:00:00\"},\"user_last_seen\": 0,\"user_member_names\": \"\",\"user_member_refs\": \"\",\"usergrps\": [],\"usergrp_flats\": []}}]," + - "\"rule_action\": \"accept\",\"rule_track\": \"none\",\"section_header\": \"\",\"rule_metadatum\": {\"rule_metadata_id\": 0,\"rule_created\": null,\"rule_last_modified\": null,\"rule_first_hit\": null,\"rule_last_hit\": \"2022-04-19T00:00:00\",\"rule_last_certified\": null,\"rule_last_certifier_dn\": \"\",\"rule_to_be_removed\": false,\"rule_decert_date\": null,\"rule_recertification_comment\": \"\",\"recertification\": [],\"recert_history\": [],\"rule_uid\": \"\",\"NextRecert\": \"0001-01-01T00:00:00\",\"LastCertifierName\": \"\",\"Recert\": false,\"Style\": \"\"}," + + "\"rule_action\": \"accept\",\"rule_track\": \"none\",\"section_header\": \"\",\"rule_metadatum\": {\"rule_metadata_id\": 0,\"rule_created\": null,\"created_import\": null,\"rule_last_modified\": null,\"last_modified_import\": null,\"rule_first_hit\": null,\"rule_last_hit\": \"2022-04-19T00:00:00\",\"recertification\": [],\"recert_history\": [],\"rule_uid\": \"\",\"NextRecert\": \"0001-01-01T00:00:00\",\"LastCertifierName\": \"\",\"Recert\": false,\"Style\": \"\"}," + "\"translate\": {\"rule_svc_neg\": false,\"rule_svc\": \"\",\"rule_services\": [],\"rule_src_neg\": false,\"rule_src\": \"\",\"rule_froms\": [],\"rule_dst_neg\": false,\"rule_dst\": \"\",\"rule_tos\": []}," + "\"owner_name\": \"\",\"owner_id\": null,\"matches\": \"\",\"dev_id\": 0,\"rule_custom_fields\": \"\",\"DisplayOrderNumber\": 1,\"Certified\": false,\"DeviceName\": \"\",\"DisregardedFroms\": [],\"DisregardedTos\": [],\"DisregardedServices\": [],\"ShowDisregarded\": false},\"DeviceName\": \"\"}," + "{\"import\": {\"time\": \"2023-04-05T12:00:00\"},\"change_action\": \"C\",\"old\": {\"rule_id\": 0,\"rule_uid\": \"uid2:123\",\"mgm_id\": 0,\"rule_num_numeric\": 0,\"rule_name\": \"TestRule2\",\"rule_comment\": \"comment2\",\"rule_disabled\": false," + @@ -580,7 +580,7 @@ public void ChangesGenerateJson() "\"usr\": {\"user_id\": 1,\"user_uid\": \"\",\"user_name\": \"TestUser1\",\"user_comment\": \"\",\"user_lastname\": \"\",\"user_firstname\": \"\",\"usr_typ_id\": 0,\"type\": {\"usr_typ_name\": \"\"},\"user_create\": 0,\"user_create_time\": {\"time\": \"0001-01-01T00:00:00\"},\"user_last_seen\": 0,\"user_member_names\": \"\",\"user_member_refs\": \"\",\"usergrps\": [],\"usergrp_flats\": []}}]," + "\"rule_dst_neg\": true,\"rule_dst\": \"\",\"dst_zone\": null,\"rule_tos\": [{\"object\": {\"obj_id\": 3,\"obj_name\": \"TestIpRange\",\"obj_ip\": \"1.2.3.4/32\",\"obj_ip_end\": \"1.2.3.5/32\",\"obj_uid\": \"\",\"zone\": null,\"active\": false,\"obj_create\": 0,\"obj_create_time\": {\"time\": \"0001-01-01T00:00:00\"},\"obj_last_seen\": 0,\"type\": {\"name\": \"ip_range\"},\"obj_comment\": \"\",\"obj_member_names\": \"\",\"obj_member_refs\": \"\",\"objgrps\": [],\"objgrp_flats\": []}," + "\"usr\": {\"user_id\": 2,\"user_uid\": \"\",\"user_name\": \"TestUser2\",\"user_comment\": \"\",\"user_lastname\": \"\",\"user_firstname\": \"\",\"usr_typ_id\": 0,\"type\": {\"usr_typ_name\": \"group\"},\"user_create\": 0,\"user_create_time\": {\"time\": \"0001-01-01T00:00:00\"},\"user_last_seen\": 0,\"user_member_names\": \"\",\"user_member_refs\": \"\",\"usergrps\": [],\"usergrp_flats\": []}}]," + - "\"rule_action\": \"deny\",\"rule_track\": \"none\",\"section_header\": \"\",\"rule_metadatum\": {\"rule_metadata_id\": 0,\"rule_created\": null,\"rule_last_modified\": null,\"rule_first_hit\": null,\"rule_last_hit\": null,\"rule_last_certified\": null,\"rule_last_certifier_dn\": \"\",\"rule_to_be_removed\": false,\"rule_decert_date\": null,\"rule_recertification_comment\": \"\",\"recertification\": [],\"recert_history\": [],\"rule_uid\": \"\",\"NextRecert\": \"0001-01-01T00:00:00\",\"LastCertifierName\": \"\",\"Recert\": false,\"Style\": \"\"}," + + "\"rule_action\": \"deny\",\"rule_track\": \"none\",\"section_header\": \"\",\"rule_metadatum\": {\"rule_metadata_id\": 0,\"rule_created\": null,\"created_import\": null,\"rule_last_modified\": null,\"last_modified_import\": null,\"rule_first_hit\": null,\"rule_last_hit\": null,\"recertification\": [],\"recert_history\": [],\"rule_uid\": \"\",\"NextRecert\": \"0001-01-01T00:00:00\",\"LastCertifierName\": \"\",\"Recert\": false,\"Style\": \"\"}," + "\"translate\": {\"rule_svc_neg\": false,\"rule_svc\": \"\",\"rule_services\": [],\"rule_src_neg\": false,\"rule_src\": \"\",\"rule_froms\": [],\"rule_dst_neg\": false,\"rule_dst\": \"\",\"rule_tos\": []}," + "\"owner_name\": \"\",\"owner_id\": null,\"matches\": \"\",\"dev_id\": 0,\"rule_custom_fields\": \"\",\"DisplayOrderNumber\": 2,\"Certified\": false,\"DeviceName\": \"\",\"DisregardedFroms\": [],\"DisregardedTos\": [],\"DisregardedServices\": [],\"ShowDisregarded\": false},\"new\": {\"rule_id\": 0,\"rule_uid\": \"uid2:123\",\"mgm_id\": 0,\"rule_num_numeric\": 0,\"rule_name\": \"TestRule2\",\"rule_comment\": \"comment2\",\"rule_disabled\": true," + "\"rule_services\": [{\"service\": {\"svc_id\": 2,\"svc_name\": \"TestService2\",\"svc_uid\": \"\",\"svc_port\": 6666,\"svc_port_end\": 7777,\"svc_source_port\": null,\"svc_source_port_end\": null,\"svc_code\": \"\",\"svc_timeout\": null,\"svc_typ_id\": null,\"active\": false,\"svc_create\": 0,\"svc_create_time\": {\"time\": \"0001-01-01T00:00:00\"},\"svc_last_seen\": 0,\"service_type\": {\"name\": \"\"},\"svc_comment\": \"\",\"svc_color_id\": null,\"ip_proto_id\": null,\"protocol_name\": {\"id\": 17,\"name\": \"UDP\"},\"svc_member_names\": \"\",\"svc_member_refs\": \"\",\"svcgrps\": [],\"svcgrp_flats\": []}}]," + @@ -590,7 +590,7 @@ public void ChangesGenerateJson() "\"usr\": {\"user_id\": 1,\"user_uid\": \"\",\"user_name\": \"TestUser1\",\"user_comment\": \"\",\"user_lastname\": \"\",\"user_firstname\": \"\",\"usr_typ_id\": 0,\"type\": {\"usr_typ_name\": \"\"},\"user_create\": 0,\"user_create_time\": {\"time\": \"0001-01-01T00:00:00\"},\"user_last_seen\": 0,\"user_member_names\": \"\",\"user_member_refs\": \"\",\"usergrps\": [],\"usergrp_flats\": []}}]," + "\"rule_dst_neg\": false,\"rule_dst\": \"\",\"dst_zone\": null,\"rule_tos\": [{\"object\": {\"obj_id\": 3,\"obj_name\": \"TestIpRange\",\"obj_ip\": \"1.2.3.4/32\",\"obj_ip_end\": \"1.2.3.5/32\",\"obj_uid\": \"\",\"zone\": null,\"active\": false,\"obj_create\": 0,\"obj_create_time\": {\"time\": \"0001-01-01T00:00:00\"},\"obj_last_seen\": 0,\"type\": {\"name\": \"ip_range\"},\"obj_comment\": \"\",\"obj_member_names\": \"\",\"obj_member_refs\": \"\",\"objgrps\": [],\"objgrp_flats\": []}," + "\"usr\": {\"user_id\": 2,\"user_uid\": \"\",\"user_name\": \"TestUser2\",\"user_comment\": \"\",\"user_lastname\": \"\",\"user_firstname\": \"\",\"usr_typ_id\": 0,\"type\": {\"usr_typ_name\": \"group\"},\"user_create\": 0,\"user_create_time\": {\"time\": \"0001-01-01T00:00:00\"},\"user_last_seen\": 0,\"user_member_names\": \"\",\"user_member_refs\": \"\",\"usergrps\": [],\"usergrp_flats\": []}}]," + - "\"rule_action\": \"deny\",\"rule_track\": \"none\",\"section_header\": \"\",\"rule_metadatum\": {\"rule_metadata_id\": 0,\"rule_created\": null,\"rule_last_modified\": null,\"rule_first_hit\": null,\"rule_last_hit\": null,\"rule_last_certified\": null,\"rule_last_certifier_dn\": \"\",\"rule_to_be_removed\": false,\"rule_decert_date\": null,\"rule_recertification_comment\": \"\",\"recertification\": [],\"recert_history\": [],\"rule_uid\": \"\",\"NextRecert\": \"0001-01-01T00:00:00\",\"LastCertifierName\": \"\",\"Recert\": false,\"Style\": \"\"}," + + "\"rule_action\": \"deny\",\"rule_track\": \"none\",\"section_header\": \"\",\"rule_metadatum\": {\"rule_metadata_id\": 0,\"rule_created\": null,\"created_import\": null,\"rule_last_modified\": null,\"last_modified_import\": null,\"rule_first_hit\": null,\"rule_last_hit\": null,\"recertification\": [],\"recert_history\": [],\"rule_uid\": \"\",\"NextRecert\": \"0001-01-01T00:00:00\",\"LastCertifierName\": \"\",\"Recert\": false,\"Style\": \"\"}," + "\"translate\": {\"rule_svc_neg\": false,\"rule_svc\": \"\",\"rule_services\": [],\"rule_src_neg\": false,\"rule_src\": \"\",\"rule_froms\": [],\"rule_dst_neg\": false,\"rule_dst\": \"\",\"rule_tos\": []}," + "\"owner_name\": \"\",\"owner_id\": null,\"matches\": \"\",\"dev_id\": 0,\"rule_custom_fields\": \"\",\"DisplayOrderNumber\": 2,\"Certified\": false,\"DeviceName\": \"\",\"DisregardedFroms\": [],\"DisregardedTos\": [],\"DisregardedServices\": [],\"ShowDisregarded\": false},\"DeviceName\": \"\"}," + "{\"import\": {\"time\": \"2023-04-05T12:00:00\"},\"change_action\": \"D\",\"old\": {\"rule_id\": 0,\"rule_uid\": \"uid2:123\",\"mgm_id\": 0,\"rule_num_numeric\": 0,\"rule_name\": \"TestRule2\",\"rule_comment\": \"comment2\",\"rule_disabled\": false," + @@ -601,7 +601,7 @@ public void ChangesGenerateJson() "\"usr\": {\"user_id\": 1,\"user_uid\": \"\",\"user_name\": \"TestUser1\",\"user_comment\": \"\",\"user_lastname\": \"\",\"user_firstname\": \"\",\"usr_typ_id\": 0,\"type\": {\"usr_typ_name\": \"\"},\"user_create\": 0,\"user_create_time\": {\"time\": \"0001-01-01T00:00:00\"},\"user_last_seen\": 0,\"user_member_names\": \"\",\"user_member_refs\": \"\",\"usergrps\": [],\"usergrp_flats\": []}}]," + "\"rule_dst_neg\": true,\"rule_dst\": \"\",\"dst_zone\": null,\"rule_tos\": [{\"object\": {\"obj_id\": 3,\"obj_name\": \"TestIpRange\",\"obj_ip\": \"1.2.3.4/32\",\"obj_ip_end\": \"1.2.3.5/32\",\"obj_uid\": \"\",\"zone\": null,\"active\": false,\"obj_create\": 0,\"obj_create_time\": {\"time\": \"0001-01-01T00:00:00\"},\"obj_last_seen\": 0,\"type\": {\"name\": \"ip_range\"},\"obj_comment\": \"\",\"obj_member_names\": \"\",\"obj_member_refs\": \"\",\"objgrps\": [],\"objgrp_flats\": []}," + "\"usr\": {\"user_id\": 2,\"user_uid\": \"\",\"user_name\": \"TestUser2\",\"user_comment\": \"\",\"user_lastname\": \"\",\"user_firstname\": \"\",\"usr_typ_id\": 0,\"type\": {\"usr_typ_name\": \"group\"},\"user_create\": 0,\"user_create_time\": {\"time\": \"0001-01-01T00:00:00\"},\"user_last_seen\": 0,\"user_member_names\": \"\",\"user_member_refs\": \"\",\"usergrps\": [],\"usergrp_flats\": []}}]," + - "\"rule_action\": \"deny\",\"rule_track\": \"none\",\"section_header\": \"\",\"rule_metadatum\": {\"rule_metadata_id\": 0,\"rule_created\": null,\"rule_last_modified\": null,\"rule_first_hit\": null,\"rule_last_hit\": null,\"rule_last_certified\": null,\"rule_last_certifier_dn\": \"\",\"rule_to_be_removed\": false,\"rule_decert_date\": null,\"rule_recertification_comment\": \"\",\"recertification\": [],\"recert_history\": [],\"rule_uid\": \"\",\"NextRecert\": \"0001-01-01T00:00:00\",\"LastCertifierName\": \"\",\"Recert\": false,\"Style\": \"\"}," + + "\"rule_action\": \"deny\",\"rule_track\": \"none\",\"section_header\": \"\",\"rule_metadatum\": {\"rule_metadata_id\": 0,\"rule_created\": null,\"created_import\": null,\"rule_last_modified\": null,\"last_modified_import\": null,\"rule_first_hit\": null,\"rule_last_hit\": null,\"recertification\": [],\"recert_history\": [],\"rule_uid\": \"\",\"NextRecert\": \"0001-01-01T00:00:00\",\"LastCertifierName\": \"\",\"Recert\": false,\"Style\": \"\"}," + "\"translate\": {\"rule_svc_neg\": false,\"rule_svc\": \"\",\"rule_services\": [],\"rule_src_neg\": false,\"rule_src\": \"\",\"rule_froms\": [],\"rule_dst_neg\": false,\"rule_dst\": \"\",\"rule_tos\": []}," + "\"owner_name\": \"\",\"owner_id\": null,\"matches\": \"\",\"dev_id\": 0,\"rule_custom_fields\": \"\",\"DisplayOrderNumber\": 2,\"Certified\": false,\"DeviceName\": \"\",\"DisregardedFroms\": [],\"DisregardedTos\": [],\"DisregardedServices\": [],\"ShowDisregarded\": false},\"new\": {\"rule_id\": 0,\"rule_uid\": \"\",\"mgm_id\": 0,\"rule_num_numeric\": 0,\"rule_name\": \"\",\"rule_comment\": \"\",\"rule_disabled\": false," + "\"rule_services\": [],\"rule_svc_neg\": false,\"rule_svc\": \"\",\"rule_src_neg\": false,\"rule_src\": \"\",\"src_zone\": null,\"rule_froms\": [],\"rule_dst_neg\": false,\"rule_dst\": \"\",\"dst_zone\": null,\"rule_tos\": [],\"rule_action\": \"\",\"rule_track\": \"\",\"section_header\": \"\"," + @@ -816,7 +816,7 @@ private static ReportData ConstructRuleReportData(bool resolved) ] }; } - + private static ReportRules ConstructReportRules(bool resolved, DynGraphqlQuery query, UserConfig userConfig, ReportType reportType) { RulebaseReport[] rulebases = [ @@ -829,7 +829,7 @@ private static ReportRules ConstructReportRules(bool resolved, DynGraphqlQuery q MockReportRules reportRules = new MockReportRules(query, userConfig, reportType); var managementData = reportRules.ReportData.ManagementData.First(); - + managementData.Rulebases = rulebases; managementData.Devices.First().RulebaseLinks = rulebaseLinks; @@ -838,7 +838,7 @@ private static ReportRules ConstructReportRules(bool resolved, DynGraphqlQuery q InitRule1(resolved), InitRule2(resolved) ]; - + managementData.Rulebases.First().Rules = rules; managementData.Name = "TestMgt"; managementData.ReportObjects = [TestIp1, TestIp2, TestIpRange]; @@ -848,7 +848,7 @@ private static ReportRules ConstructReportRules(bool resolved, DynGraphqlQuery q reportRules.ReportData.ManagementData = [managementData]; reportRules.TryBuildMockRuleTree(); - + return reportRules; } diff --git a/roles/ui/files/FWO.UI/FWO.Ui.csproj b/roles/ui/files/FWO.UI/FWO.Ui.csproj index af4b65ff1b..ea90c18e12 100644 --- a/roles/ui/files/FWO.UI/FWO.Ui.csproj +++ b/roles/ui/files/FWO.UI/FWO.Ui.csproj @@ -4,6 +4,7 @@ net8.0 enable enable + $(NoWarn);CS8669 @@ -28,4 +29,4 @@ - \ No newline at end of file + diff --git a/roles/ui/files/FWO.UI/Pages/Help/HelpApiFwoQuery.cshtml b/roles/ui/files/FWO.UI/Pages/Help/HelpApiFwoQuery.cshtml index 990fa6859f..0b0f350c11 100644 --- a/roles/ui/files/FWO.UI/Pages/Help/HelpApiFwoQuery.cshtml +++ b/roles/ui/files/FWO.UI/Pages/Help/HelpApiFwoQuery.cshtml @@ -64,6 +64,6 @@ curl --request POST \ --header 'content-type: application/json' \ --header 'Accept: application/json' \ --header 'Authorization: Bearer eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1bmlxdWVfbmFtZSI6InVzZXIxX2RlbW8iLCJ4LWhhc3VyYS11c2VyLWlkIjoiMSIsIngtaGFzdXJhLXV1aWQiOiJ1aWQ9dXNlcjFfZGVtbyxvdT10ZW5hbnQxX2RlbW8sb3U9b3BlcmF0b3Isb3U9dXNlcixkYz1md29yY2gsZGM9aW50ZXJuYWwiLCJ4LWhhc3VyYS10ZW5hbnQtaWQiOiIyIiwieC1oYXN1cmEtdmlzaWJsZS1tYW5hZ2VtZW50cyI6InsgMSB9IiwieC1oYXN1cmEtdmlzaWJsZS1kZXZpY2VzIjoieyAxIH0iLCJyb2xlIjoicmVwb3J0ZXIiLCJ4LWhhc3VyYS1hbGxvd2VkLXJvbGVzIjpbInJlcG9ydGVyIl0sIngtaGFzdXJhLWRlZmF1bHQtcm9sZSI6InJlcG9ydGVyIiwibmJmIjoxNjI3MTQ1OTI1LCJleHAiOjE2MjcxNjAzODUsImlhdCI6MTYyNzE0NTkyNSwiaXNzIjoiRldPIE1pZGRsZXdhcmUgTW9kdWxlIiwiYXVkIjoiRldPIn0.imp8Y-DTz-PyZKxD_l9fN9QvCuNmQTZzGngY3VNJ7vkTCaV9lMdx_gv1eQSANzRwt5e9jIDO6NSoC3laqTgfeaGRkDi4X_JejFTlL3O3AlBjp7g5Npty1P9uqrBKJMxtETlwV7bfd5pFHT81-NdsjNmI8TI3X3tW6EpAxcvAK8xPirofZK5TCQTkDOl2dVFXYTY-aiYYj0SECJph86-OKeIOz6SFXwTdITvh0QotlHMCw3HOqoD0XqjjCvAqcFLjTTV2uEA6wLRC20dBwdDiiEoVDdnf0-jADWs3jI33OyIkuQjL_CkNNqYMqwNsQ0AUahs3lPi38QHmO51ety89QQ' \ - --data '{"variables":{"device_id":1},"query":"fragment userOverview on usr { user_id user_uid user_name stm_usr_typ { usr_typ_name } } fragment networkObjectOverview on object { obj_ip obj_ip_end obj_name obj_id type: stm_obj_typ { id: obj_typ_id name: obj_typ_name } obj_color_id } fragment networkServiceOverview on service { svc_id svc_name svc_uid svc_port svc_port_end service_type: stm_svc_typ { id: svc_typ_id name: svc_typ_name } svc_color_id protocol_name: stm_ip_proto { id: ip_proto_id name: ip_proto_name } } fragment ruleOverview on rule { rule_id rule_uid rule_action section_header: rule_head_text rule_comment rule_track rule_disabled src_zone: zone { zone_name zone_id } rule_metadatum { rule_metadata_id rule_created rule_first_hit rule_last_hit rule_last_modified rule_last_certified rule_to_be_removed rule_decert_date rule_recertification_comment } rule_src_neg rule_dst_neg rule_svc_neg rule_num_numeric rule_name rule_froms { usr { ...userOverview } object { ...networkObjectOverview } } dst_zone: zoneByRuleToZone { zone_name zone_id } rule_tos { object { ...networkObjectOverview } } rule_services { service { ...networkServiceOverview } } } query listRulesOverview($device_id: [Int!]) { management { id: mgm_id name: mgm_name devices( where: { dev_id: { _in: $device_id } } ) { dev_id dev_name rules( where: { active: { _eq: true } } order_by: { rule_num_numeric: asc } ) { ...ruleOverview } } } }"}' + --data '{"variables":{"device_id":1},"query":"fragment userOverview on usr { user_id user_uid user_name stm_usr_typ { usr_typ_name } } fragment networkObjectOverview on object { obj_ip obj_ip_end obj_name obj_id type: stm_obj_typ { id: obj_typ_id name: obj_typ_name } obj_color_id } fragment networkServiceOverview on service { svc_id svc_name svc_uid svc_port svc_port_end service_type: stm_svc_typ { id: svc_typ_id name: svc_typ_name } svc_color_id protocol_name: stm_ip_proto { id: ip_proto_id name: ip_proto_name } } fragment ruleOverview on rule { rule_id rule_uid rule_action section_header: rule_head_text rule_comment rule_track rule_disabled src_zone: zone { zone_name zone_id } rule_metadatum { rule_metadata_id rule_created rule_first_hit rule_last_hit rule_last_modified } rule_src_neg rule_dst_neg rule_svc_neg rule_num_numeric rule_name rule_froms { usr { ...userOverview } object { ...networkObjectOverview } } dst_zone: zoneByRuleToZone { zone_name zone_id } rule_tos { object { ...networkObjectOverview } } rule_services { service { ...networkServiceOverview } } } query listRulesOverview($device_id: [Int!]) { management { id: mgm_id name: mgm_name devices( where: { dev_id: { _in: $device_id } } ) { dev_id dev_name rules( where: { active: { _eq: true } } order_by: { rule_num_numeric: asc } ) { ...ruleOverview } } } }"}' diff --git a/roles/ui/files/FWO.UI/Pages/Reporting/ReportedRules.razor b/roles/ui/files/FWO.UI/Pages/Reporting/ReportedRules.razor index 6e29bfbd24..7d527630b2 100644 --- a/roles/ui/files/FWO.UI/Pages/Reporting/ReportedRules.razor +++ b/roles/ui/files/FWO.UI/Pages/Reporting/ReportedRules.razor @@ -168,7 +168,7 @@ - + // // TODO: not able to get this syntactically working, but implicit info is there: ToBeRemoved == NOT DecertificationDate IS NULL diff --git a/roles/ui/files/FWO.UI/Pages/Reporting/ReportedRulesForDiff.razor b/roles/ui/files/FWO.UI/Pages/Reporting/ReportedRulesForDiff.razor index df7f22a5db..9f43748815 100644 --- a/roles/ui/files/FWO.UI/Pages/Reporting/ReportedRulesForDiff.razor +++ b/roles/ui/files/FWO.UI/Pages/Reporting/ReportedRulesForDiff.razor @@ -62,7 +62,7 @@ - + diff --git a/roles/ui/files/FWO.UI/Pages/Reporting/Reports/ComplianceReport.razor b/roles/ui/files/FWO.UI/Pages/Reporting/Reports/ComplianceReport.razor index f93e58b2fc..793910e84d 100644 --- a/roles/ui/files/FWO.UI/Pages/Reporting/Reports/ComplianceReport.razor +++ b/roles/ui/files/FWO.UI/Pages/Reporting/Reports/ComplianceReport.razor @@ -206,7 +206,7 @@ - + diff --git a/roles/ui/files/FWO.UI/Pages/Reporting/Reports/RuleBaseReport.razor b/roles/ui/files/FWO.UI/Pages/Reporting/Reports/RuleBaseReport.razor index 418427a8b0..616ddb8189 100644 --- a/roles/ui/files/FWO.UI/Pages/Reporting/Reports/RuleBaseReport.razor +++ b/roles/ui/files/FWO.UI/Pages/Reporting/Reports/RuleBaseReport.razor @@ -161,7 +161,7 @@ - + @* // TODO: not able to get this syntactically working, but implicit info is there: ToBeRemoved == NOT DecertificationDate IS NULL *@ diff --git a/roles/ui/files/FWO.UI/Pages/Reporting/Reports/RulesReport.razor b/roles/ui/files/FWO.UI/Pages/Reporting/Reports/RulesReport.razor index 517efa86ec..8d8f63278e 100644 --- a/roles/ui/files/FWO.UI/Pages/Reporting/Reports/RulesReport.razor +++ b/roles/ui/files/FWO.UI/Pages/Reporting/Reports/RulesReport.razor @@ -172,7 +172,7 @@ - + @* // TODO: not able to get this syntactically working, but implicit info is there: ToBeRemoved == NOT DecertificationDate IS NULL *@