EdgeCommon/pkg/serverconfigs/firewallconfigs/http_firewall_rule.go

package firewallconfigs

import (
	"fmt"
	"regexp"
	"strings"
)

var namedParamReg = regexp.MustCompile(`^\${\s*(.+)\s*}$`)

type HTTPFirewallRule struct {
	Id                int64                  `yaml:"id" json:"id"`
	IsOn              bool                   `yaml:"isOn" json:"isOn"`
	Param             string                 `yaml:"param" json:"param"`
	ParamFilters      []*ParamFilter         `yaml:"paramFilters" json:"paramFilters"`
	Operator          string                 `yaml:"operator" json:"operator"`
	Value             string                 `yaml:"value" json:"value"`
	IsCaseInsensitive bool                   `yaml:"isCaseInsensitive" json:"isCaseInsensitive"`
	IsComposed        bool                   `yaml:"isComposed" json:"isComposed"`
	CheckpointOptions map[string]interface{} `yaml:"checkpointOptions" json:"checkpointOptions"`
	Description       string                 `yaml:"description" json:"description"`
}

func (this *HTTPFirewallRule) Init() error {
	// TODO 执行更严谨的校验

	switch this.Operator {
	case HTTPFirewallRuleOperatorMatch:
		_, err := regexp.Compile(this.Value)
		if err != nil {
			return fmt.Errorf("regexp validate failed: %w, expression: %s", err, this.Value)
		}
	case HTTPFirewallRuleOperatorNotMatch:
		_, err := regexp.Compile(this.Value)
		if err != nil {
			return fmt.Errorf("regexp validate failed: %w, expression: %s", err, this.Value)
		}
	}

	return nil
}

func (this *HTTPFirewallRule) Prefix() string {
	result := namedParamReg.FindStringSubmatch(this.Param)
	if len(result) > 0 {
		param := result[1]
		pieces := strings.Split(param, ".")
		return pieces[0]
	}
	return this.Param
}

func (this *HTTPFirewallRule) Summary() string {
	return this.Param + " " + FindRuleOperatorName(this.Operator) + " " + this.Value
}
实现WAF策略部分功能 2020-10-06 21:02:21 +08:00			`package firewallconfigs`

[WAF]规则中增加请求Header长度限制和响应Header长度限制 2020-11-18 19:48:27 +08:00			`import (`
优化错误提示相关代码 2023-08-11 15:26:59 +08:00			`"fmt"`
[WAF]规则中增加请求Header长度限制和响应Header长度限制 2020-11-18 19:48:27 +08:00			`"regexp"`
			`"strings"`
			`)`

			var namedParamReg = regexp.MustCompile(`^\${\s(.+)\s}$`)

实现WAF策略部分功能 2020-10-06 21:02:21 +08:00			`type HTTPFirewallRule struct {`
			Id int64 `yaml:"id" json:"id"`
			IsOn bool `yaml:"isOn" json:"isOn"`
			Param string `yaml:"param" json:"param"`
[waf]支持包含二进制、不支持二进制等操作符；支持对参数值编解码 2020-11-21 20:44:00 +08:00			ParamFilters []*ParamFilter `yaml:"paramFilters" json:"paramFilters"`
实现WAF策略部分功能 2020-10-06 21:02:21 +08:00			Operator string `yaml:"operator" json:"operator"`
			Value string `yaml:"value" json:"value"`
			IsCaseInsensitive bool `yaml:"isCaseInsensitive" json:"isCaseInsensitive"`
增加管理员和用户登录SESSION API 2023-02-04 15:17:27 +08:00			IsComposed bool `yaml:"isComposed" json:"isComposed"`
实现WAF策略部分功能 2020-10-06 21:02:21 +08:00			CheckpointOptions map[string]interface{} `yaml:"checkpointOptions" json:"checkpointOptions"`
			Description string `yaml:"description" json:"description"`
			`}`

			`func (this *HTTPFirewallRule) Init() error {`
实现WAF部分功能 2020-10-08 11:11:29 +08:00			`// TODO 执行更严谨的校验`
WAF中添加正则相关规则时校验正则表达式 2021-09-10 10:31:56 +08:00
			`switch this.Operator {`
			`case HTTPFirewallRuleOperatorMatch:`
			`_, err := regexp.Compile(this.Value)`
			`if err != nil {`
优化错误提示相关代码 2023-08-11 15:26:59 +08:00			`return fmt.Errorf("regexp validate failed: %w, expression: %s", err, this.Value)`
WAF中添加正则相关规则时校验正则表达式 2021-09-10 10:31:56 +08:00			`}`
			`case HTTPFirewallRuleOperatorNotMatch:`
			`_, err := regexp.Compile(this.Value)`
			`if err != nil {`
优化错误提示相关代码 2023-08-11 15:26:59 +08:00			`return fmt.Errorf("regexp validate failed: %w, expression: %s", err, this.Value)`
WAF中添加正则相关规则时校验正则表达式 2021-09-10 10:31:56 +08:00			`}`
			`}`

实现WAF策略部分功能 2020-10-06 21:02:21 +08:00			`return nil`
			`}`
[WAF]规则中增加请求Header长度限制和响应Header长度限制 2020-11-18 19:48:27 +08:00
			`func (this *HTTPFirewallRule) Prefix() string {`
			`result := namedParamReg.FindStringSubmatch(this.Param)`
			`if len(result) > 0 {`
			`param := result[1]`
			`pieces := strings.Split(param, ".")`
			`return pieces[0]`
			`}`
			`return this.Param`
			`}`
WAF规则校验错误不阻断执行 2021-09-25 19:41:10 +08:00
			`func (this *HTTPFirewallRule) Summary() string {`
			`return this.Param + " " + FindRuleOperatorName(this.Operator) + " " + this.Value`
			`}`