TRKJ/EdgeAdmin
2
0
Fork 0
mirror of https://github.com/TeaOSLab/EdgeAdmin.git synced 2025-11-07 23:30:26 +08:00
Code Issues Packages Projects Releases Wiki Activity

管理系统增加XSS和SQL注入攻击防御

Browse Source
This commit is contained in:
GoEdgeLab
2024-03-18 12:42:49 +08:00
parent b31e26740e
commit 97dc434da5
22 changed files with 15277 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
internal/web/helpers/user_should_auth.go
View File

@@ -4,6 +4,7 @@ import (
"github.com/TeaOSLab/EdgeAdmin/internal/configloaders"
teaconst "github.com/TeaOSLab/EdgeAdmin/internal/const"
"github.com/TeaOSLab/EdgeAdmin/internal/utils/numberutils"
"github.com/TeaOSLab/EdgeAdmin/internal/waf/injectionutils"
"github.com/TeaOSLab/EdgeAdmin/internal/web/actions/default/index/loginutils"
"github.com/iwind/TeaGo/actions"
"net/http"
@@ -27,6 +28,13 @@ func (this *UserShouldAuth) BeforeAction(actionPtr actions.ActionWrapper, paramN
return false
}
// 检测注入
if injectionutils.DetectXSS(this.action.Request.RequestURI, false) || injectionutils.DetectSQLInjection(this.action.Request.RequestURI, false) {
this.action.ResponseWriter.WriteHeader(http.StatusForbidden)
_, _ = this.action.ResponseWriter.Write([]byte("Denied By WAF"))
return false
}
// 安全相关
var action = this.action
securityConfig, _ := configloaders.LoadSecurityConfig()