niuniu/lijiaoqiao
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
89104bd0db04c4b403a8b847c5774cb7a8f912bf
lijiaoqiao/supply-api/internal/audit/events/security_events.go

195 lines
4.9 KiB
Go
Raw Normal View History

feat(P1/P2): 完成TDD开发及P1/P2设计文档 ## 设计文档 - multi_role_permission_design: 多角色权限设计 (CONDITIONAL GO) - audit_log_enhancement_design: 审计日志增强 (CONDITIONAL GO) - routing_strategy_template_design: 路由策略模板 (CONDITIONAL GO) - sso_saml_technical_research: SSO/SAML调研 (CONDITIONAL GO) - compliance_capability_package_design: 合规能力包设计 (CONDITIONAL GO) ## TDD开发成果 - IAM模块: supply-api/internal/iam/ (111个测试) - 审计日志模块: supply-api/internal/audit/ (40+测试) - 路由策略模块: gateway/internal/router/ (33+测试) - 合规能力包: gateway/internal/compliance/ + scripts/ci/compliance/ ## 规范文档 - parallel_agent_output_quality_standards: 并行Agent产出质量规范 - project_experience_summary: 项目经验总结 (v2) - 2026-04-02-p1-p2-tdd-execution-plan: TDD执行计划 ## 评审报告 - 5个CONDITIONAL GO设计文档评审报告 - fix_verification_report: 修复验证报告 - full_verification_report: 全面质量验证报告 - tdd_module_quality_verification: TDD模块质量验证 - tdd_execution_summary: TDD执行总结 依据: Superpowers执行框架 + TDD规范
2026-04-02 23:35:53 +08:00
package events
import (
"fmt"
)
// SECURITY事件类别常量
const (
CategorySECURITY = "SECURITY"
SubCategoryVIOLATION = "VIOLATION"
SubCategoryALERT = "ALERT"
SubCategoryBREACH = "BREACH"
)
// SECURITY事件列表
var securityEvents = []string{
// 不变量违反事件 (INVARIANT-VIOLATION)
"INV-PKG-001", // 供应方资质过期
"INV-PKG-002", // 供应方余额为负
"INV-PKG-003", // 售价不得低于保护价
"INV-SET-001", // processing/completed 不可撤销
"INV-SET-002", // 提现金额不得超过可提现余额
"INV-SET-003", // 结算单金额与余额流水必须平衡
// 安全突破事件 (SECURITY-BREACH)
"SEC-BREACH-001", // 凭证泄露突破
"SEC-BREACH-002", // 权限绕过突破
// 安全告警事件 (SECURITY-ALERT)
"SEC-ALERT-001", // 可疑访问告警
"SEC-ALERT-002", // 异常行为告警
}
// 不变量违反事件到结果码的映射
var invariantResultCodes = map[string]string{
"INV-PKG-001": "SEC_INV_PKG_001",
"INV-PKG-002": "SEC_INV_PKG_002",
"INV-PKG-003": "SEC_INV_PKG_003",
"INV-SET-001": "SEC_INV_SET_001",
"INV-SET-002": "SEC_INV_SET_002",
"INV-SET-003": "SEC_INV_SET_003",
}
// 事件描述映射
var securityEventDescriptions = map[string]string{
"INV-PKG-001": "供应方资质过期,资质验证失败",
"INV-PKG-002": "供应方余额为负,余额检查失败",
"INV-PKG-003": "售价不得低于保护价,价格校验失败",
"INV-SET-001": "结算单状态为processing/completed不可撤销",
"INV-SET-002": "提现金额不得超过可提现余额",
"INV-SET-003": "结算单金额与余额流水不平衡",
"SEC-BREACH-001": "检测到凭证泄露安全突破",
"SEC-BREACH-002": "检测到权限绕过安全突破",
"SEC-ALERT-001": "检测到可疑访问行为",
"SEC-ALERT-002": "检测到异常行为",
}
// GetSECURITYEvents 返回所有SECURITY事件
func GetSECURITYEvents() []string {
return securityEvents
}
// GetInvariantViolationEvents 返回所有不变量违反事件
func GetInvariantViolationEvents() []string {
return []string{
"INV-PKG-001",
"INV-PKG-002",
"INV-PKG-003",
"INV-SET-001",
"INV-SET-002",
"INV-SET-003",
}
}
// GetSecurityAlertEvents 返回所有安全告警事件
func GetSecurityAlertEvents() []string {
return []string{
"SEC-ALERT-001",
"SEC-ALERT-002",
}
}
// GetSecurityBreachEvents 返回所有安全突破事件
func GetSecurityBreachEvents() []string {
return []string{
"SEC-BREACH-001",
"SEC-BREACH-002",
}
}
// GetEventCategory 返回事件的类别
func GetEventCategory(eventName string) string {
if isInvariantViolation(eventName) || isSecurityBreach(eventName) || isSecurityAlert(eventName) {
return CategorySECURITY
}
return ""
}
// GetEventSubCategory 返回事件的子类别
func GetEventSubCategory(eventName string) string {
if isInvariantViolation(eventName) {
return SubCategoryVIOLATION
}
if isSecurityBreach(eventName) {
return SubCategoryBREACH
}
if isSecurityAlert(eventName) {
return SubCategoryALERT
}
return ""
}
// GetResultCode 返回事件对应的结果码
func GetResultCode(eventName string) string {
if code, ok := invariantResultCodes[eventName]; ok {
return code
}
return ""
}
// GetEventDescription 返回事件的描述
func GetEventDescription(eventName string) string {
if desc, ok := securityEventDescriptions[eventName]; ok {
return desc
}
return ""
}
// IsValidEvent 检查事件名称是否有效
func IsValidEvent(eventName string) bool {
for _, e := range securityEvents {
if e == eventName {
return true
}
}
return false
}
// isInvariantViolation 检查是否为不变量违反事件
func isInvariantViolation(eventName string) bool {
for _, e := range getInvariantViolationEvents() {
if e == eventName {
return true
}
}
return false
}
// getInvariantViolationEvents 返回不变量违反事件列表(内部使用)
func getInvariantViolationEvents() []string {
return []string{
"INV-PKG-001",
"INV-PKG-002",
"INV-PKG-003",
"INV-SET-001",
"INV-SET-002",
"INV-SET-003",
}
}
// isSecurityBreach 检查是否为安全突破事件
func isSecurityBreach(eventName string) bool {
prefixes := []string{"SEC-BREACH"}
for _, prefix := range prefixes {
if len(eventName) >= len(prefix) && eventName[:len(prefix)] == prefix {
return true
}
}
return false
}
// isSecurityAlert 检查是否为安全告警事件
func isSecurityAlert(eventName string) bool {
prefixes := []string{"SEC-ALERT"}
for _, prefix := range prefixes {
if len(eventName) >= len(prefix) && eventName[:len(prefix)] == prefix {
return true
}
}
return false
}
// FormatSECURITYEvent 格式化SECURITY事件
func FormatSECURITYEvent(eventName string, params map[string]string) string {
desc := GetEventDescription(eventName)
if desc == "" {
return fmt.Sprintf("SECURITY event: %s", eventName)
}
// 如果有额外参数,追加到描述中
if len(params) > 0 {
return fmt.Sprintf("%s - %v", desc, params)
}
return desc
}
Reference in New Issue Copy Permalink