TRKJ/EdgeAPI
2
0
Fork 0
mirror of https://github.com/TeaOSLab/EdgeAPI.git synced 2025-11-08 19:40:24 +08:00
Code Issues Packages Projects Releases Wiki Activity

自动升级一个SQL注入规则

Browse Source
This commit is contained in:
GoEdgeLab
2022-03-20 11:54:17 +08:00
parent bea88fa46a
commit e21ab5b140
1 changed files with 17 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
internal/setup/sql_upgrade.go
View File

@@ -606,7 +606,7 @@ func upgradeV0_4_5(db *dbs.DB) error {
if len(valueJSON) > 0 { if len(valueJSON) > 0 {
var config = &serverconfigs.AccessLogQueueConfig{} var config = &serverconfigs.AccessLogQueueConfig{}
err = json.Unmarshal(valueJSON, config) err = json.Unmarshal(valueJSON, config)
if err == nil { if err == nil && config.RowsPerTable == 0 {
config.EnableAutoPartial = true config.EnableAutoPartial = true
config.RowsPerTable = 500_000 config.RowsPerTable = 500_000
configJSON, err := json.Marshal(config) configJSON, err := json.Marshal(config)
@@ -620,5 +620,21 @@ func upgradeV0_4_5(db *dbs.DB) error {
} }
} }
// 升级一个SQL注入规则
{
var dao = models.NewHTTPFirewallRuleDAO()
ones, _, err := dao.Instance.FindOnes(`SELECT id FROM edgeHTTPFirewallRules WHERE value=?`, "(updatexml|extractvalue|ascii|ord|char|chr|count|concat|rand|floor|substr|length|len|user|database|benchmark|analyse)\\s*\\(")
if err != nil {
return err
}
for _, one := range ones {
var ruleId = one.GetInt64("id")
_, err = dao.Instance.Exec(`UPDATE edgeHTTPFirewallRules SET value=? WHERE id=? LIMIT 1`, `\b(updatexml|extractvalue|ascii|ord|char|chr|count|concat|rand|floor|substr|length|len|user|database|benchmark|analyse)\s*\(.*\)`, ruleId)
if err != nil {
return err
}
}
}
return nil return nil
} }