From 5a13915d7565225019f9238a5be16dd888cb6e96 Mon Sep 17 00:00:00 2001
From: zhanghan <zhanghan@kylinos.cn>
Date: Tue, 9 Sep 2025 10:58:15 +0800
Subject: [PATCH] Create high-risk command rule interface URL

---
 .../controller/dangerous_rule.go              | 20 +++++++++++
 .../dangerous_rule/dao/dangerous_rule.go      | 10 ++++++
 .../dangerous_rule/model/dangerous_rule.go    | 33 +++++++++++++++++++
 .../internal/module/dangerous_rule/router.go  | 13 ++++++++
 .../dangerous_rule/service/dangerous_rule.go  | 24 ++++++++++++++
 automation/server/internal/router/router.go   |  2 ++
 automation/server/internal/service/mysql.go   |  3 ++
 7 files changed, 105 insertions(+)
 create mode 100644 automation/server/internal/module/dangerous_rule/controller/dangerous_rule.go
 create mode 100644 automation/server/internal/module/dangerous_rule/dao/dangerous_rule.go
 create mode 100644 automation/server/internal/module/dangerous_rule/model/dangerous_rule.go
 create mode 100644 automation/server/internal/module/dangerous_rule/router.go
 create mode 100644 automation/server/internal/module/dangerous_rule/service/dangerous_rule.go

diff --git a/automation/server/internal/module/dangerous_rule/controller/dangerous_rule.go b/automation/server/internal/module/dangerous_rule/controller/dangerous_rule.go
new file mode 100644
index 00000000..27b9f26a
--- /dev/null
+++ b/automation/server/internal/module/dangerous_rule/controller/dangerous_rule.go
@@ -0,0 +1,20 @@
+package controller
+
+import (
+	"github.com/gin-gonic/gin"
+	"openeuler.org/PilotGo/PilotGo-plugin-automation/internal/module/dangerous_rule/model"
+	"openeuler.org/PilotGo/PilotGo-plugin-automation/internal/module/dangerous_rule/service"
+)
+
+func AddDangerousRuleHandler(c *gin.Context) {
+	var rule model.DangerousRule
+	if err := c.ShouldBindJSON(&rule); err != nil {
+		c.JSON(400, gin.H{"error": err.Error()})
+		return
+	}
+	if err := service.AddDangerousRule(&rule); err != nil {
+		c.JSON(500, gin.H{"error": err.Error()})
+		return
+	}
+	c.JSON(200, gin.H{"message": "success"})
+}
diff --git a/automation/server/internal/module/dangerous_rule/dao/dangerous_rule.go b/automation/server/internal/module/dangerous_rule/dao/dangerous_rule.go
new file mode 100644
index 00000000..4e644404
--- /dev/null
+++ b/automation/server/internal/module/dangerous_rule/dao/dangerous_rule.go
@@ -0,0 +1,10 @@
+package dao
+
+import (
+	"openeuler.org/PilotGo/PilotGo-plugin-automation/internal/global"
+	"openeuler.org/PilotGo/PilotGo-plugin-automation/internal/module/dangerous_rule/model"
+)
+
+func AddDangerousRule(rule *model.DangerousRule) error {
+	return global.App.MySQL.Save(rule).Error
+}
diff --git a/automation/server/internal/module/dangerous_rule/model/dangerous_rule.go b/automation/server/internal/module/dangerous_rule/model/dangerous_rule.go
new file mode 100644
index 00000000..47418ea6
--- /dev/null
+++ b/automation/server/internal/module/dangerous_rule/model/dangerous_rule.go
@@ -0,0 +1,33 @@
+package model
+
+import (
+	"encoding/json"
+
+	"openeuler.org/PilotGo/PilotGo-plugin-automation/internal/module/common/enum/rule"
+	"openeuler.org/PilotGo/PilotGo-plugin-automation/internal/module/common/enum/script"
+)
+
+type DangerousRule struct {
+	ID          int               `json:"id" gorm:"primaryKey;autoIncrement"`
+	Expression  string            `json:"expression"`  // 语法检测表达式
+	Description string            `json:"description"` // 规则描述
+	ScriptType  script.ScriptType `json:"script_type"` // 脚本类型
+	Severity    rule.Severity     `json:"severity"`    // 风险等级： 拦截（脚本不可保存、带参数时是否可执行）, 警告（用户二次确认）
+	Creator     string            `json:"creator"`     // 创建人
+	CreatedAt   string            `json:"created_at"`  // 创建时间
+	UpdatedAt   string            `json:"updated_at"`  // 更新时间
+	Status      bool              `json:"status"`      // 规则启用、禁用
+}
+
+func (r DangerousRule) MarshalJSON() ([]byte, error) {
+	type Alias DangerousRule
+	return json.Marshal(&struct {
+		Severity   string `json:"severity"`
+		ScriptType string `json:"script_type"`
+		Alias
+	}{
+		Severity:   r.Severity.String(), // 把数字转成文字
+		ScriptType: r.ScriptType.String(),
+		Alias:      (Alias)(r),
+	})
+}
diff --git a/automation/server/internal/module/dangerous_rule/router.go b/automation/server/internal/module/dangerous_rule/router.go
new file mode 100644
index 00000000..d150b5a7
--- /dev/null
+++ b/automation/server/internal/module/dangerous_rule/router.go
@@ -0,0 +1,13 @@
+package dangerousrule
+
+import (
+	"github.com/gin-gonic/gin"
+	"openeuler.org/PilotGo/PilotGo-plugin-automation/internal/module/dangerous_rule/controller"
+)
+
+func DangerousRuleHandler(router *gin.RouterGroup) {
+	api := router.Group("/dangerousRule")
+	{
+		api.POST("/add", controller.AddDangerousRuleHandler)
+	}
+}
diff --git a/automation/server/internal/module/dangerous_rule/service/dangerous_rule.go b/automation/server/internal/module/dangerous_rule/service/dangerous_rule.go
new file mode 100644
index 00000000..53d10b70
--- /dev/null
+++ b/automation/server/internal/module/dangerous_rule/service/dangerous_rule.go
@@ -0,0 +1,24 @@
+package service
+
+import (
+	"time"
+
+	"openeuler.org/PilotGo/PilotGo-plugin-automation/internal/module/dangerous_rule/dao"
+	"openeuler.org/PilotGo/PilotGo-plugin-automation/internal/module/dangerous_rule/model"
+)
+
+func AddDangerousRule(rule *model.DangerousRule) error {
+	if err := dao.AddDangerousRule(&model.DangerousRule{
+		Expression:  rule.Expression,
+		Description: rule.Description,
+		ScriptType:  rule.ScriptType,
+		Severity:    rule.Severity,
+		Creator:     rule.Creator,
+		CreatedAt:   time.Now().Format("2006-01-02 15:04:05"),
+		UpdatedAt:   time.Now().Format("2006-01-02 15:04:05"),
+		Status:      rule.Status,
+	}); err != nil {
+		return err
+	}
+	return nil
+}
diff --git a/automation/server/internal/router/router.go b/automation/server/internal/router/router.go
index 6546bd16..12f0f336 100644
--- a/automation/server/internal/router/router.go
+++ b/automation/server/internal/router/router.go
@@ -8,6 +8,7 @@ import (
 	"github.com/gin-gonic/gin"
 	"openeuler.org/PilotGo/PilotGo-plugin-automation/internal/global"
 	customscripts "openeuler.org/PilotGo/PilotGo-plugin-automation/internal/module/custom_scripts"
+	dangerousrule "openeuler.org/PilotGo/PilotGo-plugin-automation/internal/module/dangerous_rule"
 	scriptlibrary "openeuler.org/PilotGo/PilotGo-plugin-automation/internal/module/script_library"
 	"openeuler.org/PilotGo/PilotGo-plugin-automation/internal/service"
 )
@@ -32,6 +33,7 @@ func initRouters() *gin.Engine {
 	api := Router.Group("/plugin/automation")
 	customscripts.CustomScriptsHandler(api)
 	scriptlibrary.ScriptLibraryHandler(api)
+	dangerousrule.DangerousRuleHandler(api)
 	return Router
 }
 
diff --git a/automation/server/internal/service/mysql.go b/automation/server/internal/service/mysql.go
index 9b981fd5..d347217e 100644
--- a/automation/server/internal/service/mysql.go
+++ b/automation/server/internal/service/mysql.go
@@ -7,6 +7,7 @@ import (
 	"gorm.io/gorm"
 	"gorm.io/gorm/schema"
 	"openeuler.org/PilotGo/PilotGo-plugin-automation/cmd/config/options"
+	dangerousRule "openeuler.org/PilotGo/PilotGo-plugin-automation/internal/module/dangerous_rule/model"
 )
 
 type MySQLService struct {
@@ -39,6 +40,8 @@ func (m *MySQLService) Init(ctx *AppContext) error {
 		return err
 	}
 
+	db.AutoMigrate(&dangerousRule.DangerousRule{})
+
 	ctx.MySQL = db
 	return nil
 }
-- 
Gitee