TRKJ/EdgeCommon
2
0
Fork 0
mirror of https://github.com/TeaOSLab/EdgeCommon.git synced 2025-12-22 17:56:34 +08:00
Code Issues Packages Projects Releases Wiki Activity

WAF规则模板中SQL注入规则使用“包含SQL注入”操作符替代以往的正则表达式

Browse Source
This commit is contained in:
GoEdgeLab
2023-12-09 15:28:55 +08:00
parent b2b0543ffe
commit 6add351c52
1 changed files with 5 additions and 118 deletions
Download Patch File Download Diff File Expand all files Collapse all files

123
pkg/serverconfigs/firewallconfigs/http_firewall_template.go
View File

@@ -273,8 +273,8 @@ func HTTPFirewallTemplate() *HTTPFirewallPolicy {
{ {
var set = &HTTPFirewallRuleSet{} var set = &HTTPFirewallRuleSet{}
set.IsOn = true set.IsOn = true
set.Name = "Union SQL Injection" set.Name = "检测SQL注入"
set.Code = "7001" set.Code = "7010"
set.Connector = HTTPFirewallRuleConnectorOr set.Connector = HTTPFirewallRuleConnectorOr
set.Actions = []*HTTPFirewallActionConfig{ set.Actions = []*HTTPFirewallActionConfig{
{ {
@@ -285,122 +285,9 @@ func HTTPFirewallTemplate() *HTTPFirewallPolicy {
set.AddRule(&HTTPFirewallRule{ set.AddRule(&HTTPFirewallRule{
IsOn: true, IsOn: true,
Param: "${requestAll}", Param: "${requestAll}",
Operator: HTTPFirewallRuleOperatorMatch, Operator: HTTPFirewallRuleOperatorContainsSQLInjection,
Value: `union[\s/\*]+select`, Value: "",
IsCaseInsensitive: true, IsCaseInsensitive: false,
})
group.AddRuleSet(set)
}
{
var set = &HTTPFirewallRuleSet{}
set.IsOn = false
set.Name = "SQL注释"
set.Code = "7002"
set.Connector = HTTPFirewallRuleConnectorOr
set.Actions = []*HTTPFirewallActionConfig{
{
Code: HTTPFirewallActionBlock,
},
}
set.AddRule(&HTTPFirewallRule{
IsOn: true,
Param: "${requestAll}",
Operator: HTTPFirewallRuleOperatorMatch,
Value: `/\*(!|\x00)`,
IsCaseInsensitive: true,
})
group.AddRuleSet(set)
}
{
var set = &HTTPFirewallRuleSet{}
set.IsOn = true
set.Name = "SQL条件"
set.Code = "7003"
set.Connector = HTTPFirewallRuleConnectorOr
set.Actions = []*HTTPFirewallActionConfig{
{
Code: HTTPFirewallActionBlock,
},
}
set.AddRule(&HTTPFirewallRule{
IsOn: true,
Param: "${requestAll}",
Operator: HTTPFirewallRuleOperatorMatch,
Value: `\s(and|or|rlike)\s+(if|updatexml)\s*\(`,
IsCaseInsensitive: true,
})
set.AddRule(&HTTPFirewallRule{
IsOn: true,
Param: "${requestAll}",
Operator: HTTPFirewallRuleOperatorMatch,
Value: `\s+(and|or|rlike)\s+(select|case)\s+`,
IsCaseInsensitive: true,
})
set.AddRule(&HTTPFirewallRule{
IsOn: true,
Param: "${requestAll}",
Operator: HTTPFirewallRuleOperatorMatch,
Value: `\s+(and|or|procedure)\s+[\w\p{L}]+\s*=\s*[\w\p{L}]+(\s|$|--|#)`,
IsCaseInsensitive: true,
})
set.AddRule(&HTTPFirewallRule{
IsOn: true,
Param: "${requestAll}",
Operator: HTTPFirewallRuleOperatorMatch,
Value: `\(\s*case\s+when\s+[\w\p{L}]+\s*=\s*[\w\p{L}]+\s+then\s+`,
IsCaseInsensitive: true,
})
group.AddRuleSet(set)
}
{
var set = &HTTPFirewallRuleSet{}
set.IsOn = true
set.Name = "SQL函数"
set.Code = "7004"
set.Connector = HTTPFirewallRuleConnectorOr
set.Actions = []*HTTPFirewallActionConfig{
{
Code: HTTPFirewallActionBlock,
},
}
set.AddRule(&HTTPFirewallRule{
IsOn: true,
Param: "${requestAll}",
Operator: HTTPFirewallRuleOperatorMatch,
Value: `\b(updatexml|extractvalue|ascii|ord|char|chr|count|concat|rand|floor|substr|length|len|user|database|benchmark|analyse)\s*\(.*\)`,
IsCaseInsensitive: true,
})
group.AddRuleSet(set)
}
{
var set = &HTTPFirewallRuleSet{}
set.IsOn = true
set.Name = "SQL附加语句"
set.Code = "7005"
set.Connector = HTTPFirewallRuleConnectorOr
set.Actions = []*HTTPFirewallActionConfig{
{
Code: HTTPFirewallActionBlock,
},
}
set.AddRule(&HTTPFirewallRule{
IsOn: true,
Param: "${requestAll}",
Operator: HTTPFirewallRuleOperatorMatch,
Value: `;\s*(declare|use|drop|create|exec|delete|update|insert)\s`,
IsCaseInsensitive: true,
}) })
group.AddRuleSet(set) group.AddRuleSet(set)