WAF增加“包含SQL注入”操作符

2025-11-03 12:20:27 +08:00 · 2023-12-07 20:24:55 +08:00
parent 8c77249ad8
commit 0ee9c990dd
1 changed files with 34 additions and 25 deletions
--- a/pkg/serverconfigs/firewallconfigs/http_firewall_rule_operator.go
+++ b/pkg/serverconfigs/firewallconfigs/http_firewall_rule_operator.go
@@ -4,36 +4,38 @@ type HTTPFirewallRuleOperator = string
 type HTTPFirewallRuleCaseInsensitive = string

 const (
-	HTTPFirewallRuleOperatorGt                 HTTPFirewallRuleOperator = "gt"
-	HTTPFirewallRuleOperatorGte                HTTPFirewallRuleOperator = "gte"
-	HTTPFirewallRuleOperatorLt                 HTTPFirewallRuleOperator = "lt"
-	HTTPFirewallRuleOperatorLte                HTTPFirewallRuleOperator = "lte"
-	HTTPFirewallRuleOperatorEq                 HTTPFirewallRuleOperator = "eq"
-	HTTPFirewallRuleOperatorNeq                HTTPFirewallRuleOperator = "neq"
-	HTTPFirewallRuleOperatorEqString           HTTPFirewallRuleOperator = "eq string"
-	HTTPFirewallRuleOperatorNeqString          HTTPFirewallRuleOperator = "neq string"
-	HTTPFirewallRuleOperatorMatch              HTTPFirewallRuleOperator = "match"
-	HTTPFirewallRuleOperatorNotMatch           HTTPFirewallRuleOperator = "not match"
-	HTTPFirewallRuleOperatorWildcardMatch      HTTPFirewallRuleOperator = "wildcard match"
-	HTTPFirewallRuleOperatorWildcardNotMatch   HTTPFirewallRuleOperator = "wildcard not match"
-	HTTPFirewallRuleOperatorContains           HTTPFirewallRuleOperator = "contains"
-	HTTPFirewallRuleOperatorNotContains        HTTPFirewallRuleOperator = "not contains"
-	HTTPFirewallRuleOperatorContainsAnyWord    HTTPFirewallRuleOperator = "contains any word"
-	HTTPFirewallRuleOperatorContainsAllWords   HTTPFirewallRuleOperator = "contains all words"
-	HTTPFirewallRuleOperatorNotContainsAnyWord HTTPFirewallRuleOperator = "not contains any word"
-	HTTPFirewallRuleOperatorPrefix             HTTPFirewallRuleOperator = "prefix"
-	HTTPFirewallRuleOperatorSuffix             HTTPFirewallRuleOperator = "suffix"
-	HTTPFirewallRuleOperatorContainsAny        HTTPFirewallRuleOperator = "contains any"
-	HTTPFirewallRuleOperatorContainsAll        HTTPFirewallRuleOperator = "contains all"
-	HTTPFirewallRuleOperatorHasKey             HTTPFirewallRuleOperator = "has key" // has key in slice or map
-	HTTPFirewallRuleOperatorVersionGt          HTTPFirewallRuleOperator = "version gt"
-	HTTPFirewallRuleOperatorVersionLt          HTTPFirewallRuleOperator = "version lt"
-	HTTPFirewallRuleOperatorVersionRange       HTTPFirewallRuleOperator = "version range"
+	HTTPFirewallRuleOperatorGt                   HTTPFirewallRuleOperator = "gt"
+	HTTPFirewallRuleOperatorGte                  HTTPFirewallRuleOperator = "gte"
+	HTTPFirewallRuleOperatorLt                   HTTPFirewallRuleOperator = "lt"
+	HTTPFirewallRuleOperatorLte                  HTTPFirewallRuleOperator = "lte"
+	HTTPFirewallRuleOperatorEq                   HTTPFirewallRuleOperator = "eq"
+	HTTPFirewallRuleOperatorNeq                  HTTPFirewallRuleOperator = "neq"
+	HTTPFirewallRuleOperatorEqString             HTTPFirewallRuleOperator = "eq string"
+	HTTPFirewallRuleOperatorNeqString            HTTPFirewallRuleOperator = "neq string"
+	HTTPFirewallRuleOperatorMatch                HTTPFirewallRuleOperator = "match"
+	HTTPFirewallRuleOperatorNotMatch             HTTPFirewallRuleOperator = "not match"
+	HTTPFirewallRuleOperatorWildcardMatch        HTTPFirewallRuleOperator = "wildcard match"
+	HTTPFirewallRuleOperatorWildcardNotMatch     HTTPFirewallRuleOperator = "wildcard not match"
+	HTTPFirewallRuleOperatorContains             HTTPFirewallRuleOperator = "contains"
+	HTTPFirewallRuleOperatorNotContains          HTTPFirewallRuleOperator = "not contains"
+	HTTPFirewallRuleOperatorContainsAnyWord      HTTPFirewallRuleOperator = "contains any word"
+	HTTPFirewallRuleOperatorContainsAllWords     HTTPFirewallRuleOperator = "contains all words"
+	HTTPFirewallRuleOperatorNotContainsAnyWord   HTTPFirewallRuleOperator = "not contains any word"
+	HTTPFirewallRuleOperatorPrefix               HTTPFirewallRuleOperator = "prefix"
+	HTTPFirewallRuleOperatorSuffix               HTTPFirewallRuleOperator = "suffix"
+	HTTPFirewallRuleOperatorContainsAny          HTTPFirewallRuleOperator = "contains any"
+	HTTPFirewallRuleOperatorContainsAll          HTTPFirewallRuleOperator = "contains all"
+	HTTPFirewallRuleOperatorContainsSQLInjection HTTPFirewallRuleOperator = "contains sql injection"
+	HTTPFirewallRuleOperatorHasKey               HTTPFirewallRuleOperator = "has key" // has key in slice or map
+	HTTPFirewallRuleOperatorVersionGt            HTTPFirewallRuleOperator = "version gt"
+	HTTPFirewallRuleOperatorVersionLt            HTTPFirewallRuleOperator = "version lt"
+	HTTPFirewallRuleOperatorVersionRange         HTTPFirewallRuleOperator = "version range"

 	HTTPFirewallRuleOperatorContainsBinary    HTTPFirewallRuleOperator = "contains binary"     // contains binary
 	HTTPFirewallRuleOperatorNotContainsBinary HTTPFirewallRuleOperator = "not contains binary" // not contains binary

 	// ip
+
 	HTTPFirewallRuleOperatorEqIP       HTTPFirewallRuleOperator = "eq ip"
 	HTTPFirewallRuleOperatorInIPList   HTTPFirewallRuleOperator = "in ip list"
 	HTTPFirewallRuleOperatorGtIP       HTTPFirewallRuleOperator = "gt ip"
@@ -165,6 +167,13 @@ var AllRuleOperators = []*RuleOperatorDefinition{
 		CaseInsensitive: HTTPFirewallRuleCaseInsensitiveNo,
 		DataType:        "strings",
 	},
+	{
+		Name:            "包含SQL注入",
+		Code:            HTTPFirewallRuleOperatorContainsSQLInjection,
+		Description:     "检测字符串内容是否包含SQL注入",
+		CaseInsensitive: HTTPFirewallRuleCaseInsensitiveNone,
+		DataType:        "none",
+	},
 	{
 		Name:            "包含二进制数据",
 		Code:            HTTPFirewallRuleOperatorContainsBinary,