From 4270c08ab7855e599816b24fd24048ee97fc9d9a Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E5=88=98=E7=A5=A5=E8=B6=85?= <iwind.liu@gmail.com>
Date: Fri, 8 Dec 2023 10:15:29 +0800
Subject: [PATCH] =?UTF-8?q?WAF=E5=A2=9E=E5=8A=A0=E2=80=9C=E5=8C=85?=
 =?UTF-8?q?=E5=90=ABXSS=E6=B3=A8=E5=85=A5=E2=80=9D=E6=93=8D=E4=BD=9C?=
 =?UTF-8?q?=E7=AC=A6?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../firewallconfigs/http_firewall_rule_operator.go        | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/pkg/serverconfigs/firewallconfigs/http_firewall_rule_operator.go b/pkg/serverconfigs/firewallconfigs/http_firewall_rule_operator.go
index 6caae6d..47a6ae1 100644
--- a/pkg/serverconfigs/firewallconfigs/http_firewall_rule_operator.go
+++ b/pkg/serverconfigs/firewallconfigs/http_firewall_rule_operator.go
@@ -26,6 +26,7 @@ const (
 	HTTPFirewallRuleOperatorContainsAny          HTTPFirewallRuleOperator = "contains any"
 	HTTPFirewallRuleOperatorContainsAll          HTTPFirewallRuleOperator = "contains all"
 	HTTPFirewallRuleOperatorContainsSQLInjection HTTPFirewallRuleOperator = "contains sql injection"
+	HTTPFirewallRuleOperatorContainsXSS          HTTPFirewallRuleOperator = "contains xss"
 	HTTPFirewallRuleOperatorHasKey               HTTPFirewallRuleOperator = "has key" // has key in slice or map
 	HTTPFirewallRuleOperatorVersionGt            HTTPFirewallRuleOperator = "version gt"
 	HTTPFirewallRuleOperatorVersionLt            HTTPFirewallRuleOperator = "version lt"
@@ -174,6 +175,13 @@ var AllRuleOperators = []*RuleOperatorDefinition{
 		CaseInsensitive: HTTPFirewallRuleCaseInsensitiveNone,
 		DataType:        "none",
 	},
+	{
+		Name:            "包含XSS注入",
+		Code:            HTTPFirewallRuleOperatorContainsXSS,
+		Description:     "检测字符串内容是否包含XSS注入",
+		CaseInsensitive: HTTPFirewallRuleCaseInsensitiveNone,
+		DataType:        "none",
+	},
 	{
 		Name:            "包含二进制数据",
 		Code:            HTTPFirewallRuleOperatorContainsBinary,