自动升级一个SQL注入规则

2025-11-04 07:50:25 +08:00 · 2022-03-20 11:54:17 +08:00
parent bea88fa46a
commit e21ab5b140
1 changed files with 17 additions and 1 deletions
--- a/internal/setup/sql_upgrade.go
+++ b/internal/setup/sql_upgrade.go
@@ -606,7 +606,7 @@ func upgradeV0_4_5(db *dbs.DB) error {
 		if len(valueJSON) > 0 {
 			var config = &serverconfigs.AccessLogQueueConfig{}
 			err = json.Unmarshal(valueJSON, config)
-			if err == nil {
+			if err == nil && config.RowsPerTable == 0 {
 				config.EnableAutoPartial = true
 				config.RowsPerTable = 500_000
 				configJSON, err := json.Marshal(config)
@@ -620,5 +620,21 @@ func upgradeV0_4_5(db *dbs.DB) error {
 		}
 	}

+	// 升级一个SQL注入规则
+	{
+		var dao = models.NewHTTPFirewallRuleDAO()
+		ones, _, err := dao.Instance.FindOnes(`SELECT id FROM edgeHTTPFirewallRules WHERE value=?`, "(updatexml|extractvalue|ascii|ord|char|chr|count|concat|rand|floor|substr|length|len|user|database|benchmark|analyse)\\s*\\(")
+		if err != nil {
+			return err
+		}
+		for _, one := range ones {
+			var ruleId = one.GetInt64("id")
+			_, err = dao.Instance.Exec(`UPDATE edgeHTTPFirewallRules SET value=? WHERE id=? LIMIT 1`, `\b(updatexml|extractvalue|ascii|ord|char|chr|count|concat|rand|floor|substr|length|len|user|database|benchmark|analyse)\s*\(.*\)`, ruleId)
+			if err != nil {
+				return err
+			}
+		}
+	}
+
 	return nil
 }