From b4dace125317d24cdb405944d34dc8246021efd9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E5=88=98=E7=A5=A5=E8=B6=85?= Date: Thu, 21 Mar 2024 17:38:24 +0800 Subject: [PATCH] =?UTF-8?q?=E4=BF=AE=E5=A4=8D=E9=9D=9Egcc=E4=B8=8B?= =?UTF-8?q?=E7=BC=96=E8=AF=91=E9=94=99=E8=AF=AF?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- internal/web/helpers/user_must_auth.go | 3 +-- internal/web/helpers/user_should_auth.go | 3 +-- internal/web/helpers/utils_gcc.go | 14 ++++++++++++++ internal/web/helpers/utils_none_gcc.go | 13 +++++++++++++ 4 files changed, 29 insertions(+), 4 deletions(-) create mode 100644 internal/web/helpers/utils_gcc.go create mode 100644 internal/web/helpers/utils_none_gcc.go diff --git a/internal/web/helpers/user_must_auth.go b/internal/web/helpers/user_must_auth.go index a8e4ff5a..21f871bc 100644 --- a/internal/web/helpers/user_must_auth.go +++ b/internal/web/helpers/user_must_auth.go @@ -7,7 +7,6 @@ import ( "github.com/TeaOSLab/EdgeAdmin/internal/goman" "github.com/TeaOSLab/EdgeAdmin/internal/rpc" "github.com/TeaOSLab/EdgeAdmin/internal/setup" - "github.com/TeaOSLab/EdgeAdmin/internal/waf/injectionutils" "github.com/TeaOSLab/EdgeAdmin/internal/web/actions/default/index/loginutils" "github.com/TeaOSLab/EdgeCommon/pkg/langs" "github.com/TeaOSLab/EdgeCommon/pkg/nodeconfigs" @@ -117,7 +116,7 @@ func (this *userMustAuth) BeforeAction(actionPtr actions.ActionWrapper, paramNam } // 检测注入 - if injectionutils.DetectXSS(action.Request.RequestURI, false) || injectionutils.DetectSQLInjection(action.Request.RequestURI, false) { + if !safeFilterRequest(action.Request) { action.ResponseWriter.WriteHeader(http.StatusForbidden) _, _ = action.ResponseWriter.Write([]byte("Denied By WAF")) return false diff --git a/internal/web/helpers/user_should_auth.go b/internal/web/helpers/user_should_auth.go index 82927959..7eda0e15 100644 --- a/internal/web/helpers/user_should_auth.go +++ b/internal/web/helpers/user_should_auth.go @@ -4,7 +4,6 @@ import ( "github.com/TeaOSLab/EdgeAdmin/internal/configloaders" teaconst "github.com/TeaOSLab/EdgeAdmin/internal/const" "github.com/TeaOSLab/EdgeAdmin/internal/utils/numberutils" - "github.com/TeaOSLab/EdgeAdmin/internal/waf/injectionutils" "github.com/TeaOSLab/EdgeAdmin/internal/web/actions/default/index/loginutils" "github.com/iwind/TeaGo/actions" "net/http" @@ -29,7 +28,7 @@ func (this *UserShouldAuth) BeforeAction(actionPtr actions.ActionWrapper, paramN } // 检测注入 - if injectionutils.DetectXSS(this.action.Request.RequestURI, false) || injectionutils.DetectSQLInjection(this.action.Request.RequestURI, false) { + if !safeFilterRequest(this.action.Request) { this.action.ResponseWriter.WriteHeader(http.StatusForbidden) _, _ = this.action.ResponseWriter.Write([]byte("Denied By WAF")) return false diff --git a/internal/web/helpers/utils_gcc.go b/internal/web/helpers/utils_gcc.go new file mode 100644 index 00000000..4c078896 --- /dev/null +++ b/internal/web/helpers/utils_gcc.go @@ -0,0 +1,14 @@ +// Copyright 2024 GoEdge CDN goedge.cdn@gmail.com. All rights reserved. Official site: https://goedge.cn . +//go:build gcc + +package helpers + +import ( + "github.com/TeaOSLab/EdgeAdmin/internal/waf/injectionutils" + "net/http" +) + +// filter request +func safeFilterRequest(req *http.Request) bool { + return !injectionutils.DetectXSS(req.RequestURI, false) && !injectionutils.DetectSQLInjection(req.RequestURI, false) +} diff --git a/internal/web/helpers/utils_none_gcc.go b/internal/web/helpers/utils_none_gcc.go new file mode 100644 index 00000000..2bfcb247 --- /dev/null +++ b/internal/web/helpers/utils_none_gcc.go @@ -0,0 +1,13 @@ +// Copyright 2024 GoEdge CDN goedge.cdn@gmail.com. All rights reserved. Official site: https://goedge.cn . +//go:build !gcc + +package helpers + +import ( + "net/http" +) + +// filter request +func safeFilterRequest(req *http.Request) bool { + return true +}