From 7ee1cc9cf400720461ba51ccc74c761fc7481c23 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E5=88=98=E7=A5=A5=E8=B6=85?= <iwind.liu@gmail.com>
Date: Sat, 9 Dec 2023 15:28:55 +0800
Subject: [PATCH] =?UTF-8?q?WAF=E8=A7=84=E5=88=99=E6=A8=A1=E6=9D=BF?=
 =?UTF-8?q?=E4=B8=ADSQL=E6=B3=A8=E5=85=A5=E8=A7=84=E5=88=99=E4=BD=BF?=
 =?UTF-8?q?=E7=94=A8=E2=80=9C=E5=8C=85=E5=90=ABSQL=E6=B3=A8=E5=85=A5?=
 =?UTF-8?q?=E2=80=9D=E6=93=8D=E4=BD=9C=E7=AC=A6=E6=9B=BF=E4=BB=A3=E4=BB=A5?=
 =?UTF-8?q?=E5=BE=80=E7=9A=84=E6=AD=A3=E5=88=99=E8=A1=A8=E8=BE=BE=E5=BC=8F?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../firewallconfigs/http_firewall_template.go | 123 +-----------------
 1 file changed, 5 insertions(+), 118 deletions(-)

diff --git a/pkg/serverconfigs/firewallconfigs/http_firewall_template.go b/pkg/serverconfigs/firewallconfigs/http_firewall_template.go
index 6f2ddf4..2ed03e6 100644
--- a/pkg/serverconfigs/firewallconfigs/http_firewall_template.go
+++ b/pkg/serverconfigs/firewallconfigs/http_firewall_template.go
@@ -273,8 +273,8 @@ func HTTPFirewallTemplate() *HTTPFirewallPolicy {
 		{
 			var set = &HTTPFirewallRuleSet{}
 			set.IsOn = true
-			set.Name = "Union SQL Injection"
-			set.Code = "7001"
+			set.Name = "检测SQL注入"
+			set.Code = "7010"
 			set.Connector = HTTPFirewallRuleConnectorOr
 			set.Actions = []*HTTPFirewallActionConfig{
 				{
@@ -285,122 +285,9 @@ func HTTPFirewallTemplate() *HTTPFirewallPolicy {
 			set.AddRule(&HTTPFirewallRule{
 				IsOn:              true,
 				Param:             "${requestAll}",
-				Operator:          HTTPFirewallRuleOperatorMatch,
-				Value:             `union[\s/\*]+select`,
-				IsCaseInsensitive: true,
-			})
-
-			group.AddRuleSet(set)
-		}
-
-		{
-			var set = &HTTPFirewallRuleSet{}
-			set.IsOn = false
-			set.Name = "SQL注释"
-			set.Code = "7002"
-			set.Connector = HTTPFirewallRuleConnectorOr
-			set.Actions = []*HTTPFirewallActionConfig{
-				{
-					Code: HTTPFirewallActionBlock,
-				},
-			}
-
-			set.AddRule(&HTTPFirewallRule{
-				IsOn:              true,
-				Param:             "${requestAll}",
-				Operator:          HTTPFirewallRuleOperatorMatch,
-				Value:             `/\*(!|\x00)`,
-				IsCaseInsensitive: true,
-			})
-
-			group.AddRuleSet(set)
-		}
-
-		{
-			var set = &HTTPFirewallRuleSet{}
-			set.IsOn = true
-			set.Name = "SQL条件"
-			set.Code = "7003"
-			set.Connector = HTTPFirewallRuleConnectorOr
-			set.Actions = []*HTTPFirewallActionConfig{
-				{
-					Code: HTTPFirewallActionBlock,
-				},
-			}
-
-			set.AddRule(&HTTPFirewallRule{
-				IsOn:              true,
-				Param:             "${requestAll}",
-				Operator:          HTTPFirewallRuleOperatorMatch,
-				Value:             `\s(and|or|rlike)\s+(if|updatexml)\s*\(`,
-				IsCaseInsensitive: true,
-			})
-			set.AddRule(&HTTPFirewallRule{
-				IsOn:              true,
-				Param:             "${requestAll}",
-				Operator:          HTTPFirewallRuleOperatorMatch,
-				Value:             `\s+(and|or|rlike)\s+(select|case)\s+`,
-				IsCaseInsensitive: true,
-			})
-			set.AddRule(&HTTPFirewallRule{
-				IsOn:              true,
-				Param:             "${requestAll}",
-				Operator:          HTTPFirewallRuleOperatorMatch,
-				Value:             `\s+(and|or|procedure)\s+[\w\p{L}]+\s*=\s*[\w\p{L}]+(\s|$|--|#)`,
-				IsCaseInsensitive: true,
-			})
-			set.AddRule(&HTTPFirewallRule{
-				IsOn:              true,
-				Param:             "${requestAll}",
-				Operator:          HTTPFirewallRuleOperatorMatch,
-				Value:             `\(\s*case\s+when\s+[\w\p{L}]+\s*=\s*[\w\p{L}]+\s+then\s+`,
-				IsCaseInsensitive: true,
-			})
-
-			group.AddRuleSet(set)
-		}
-
-		{
-			var set = &HTTPFirewallRuleSet{}
-			set.IsOn = true
-			set.Name = "SQL函数"
-			set.Code = "7004"
-			set.Connector = HTTPFirewallRuleConnectorOr
-			set.Actions = []*HTTPFirewallActionConfig{
-				{
-					Code: HTTPFirewallActionBlock,
-				},
-			}
-
-			set.AddRule(&HTTPFirewallRule{
-				IsOn:              true,
-				Param:             "${requestAll}",
-				Operator:          HTTPFirewallRuleOperatorMatch,
-				Value:             `\b(updatexml|extractvalue|ascii|ord|char|chr|count|concat|rand|floor|substr|length|len|user|database|benchmark|analyse)\s*\(.*\)`,
-				IsCaseInsensitive: true,
-			})
-
-			group.AddRuleSet(set)
-		}
-
-		{
-			var set = &HTTPFirewallRuleSet{}
-			set.IsOn = true
-			set.Name = "SQL附加语句"
-			set.Code = "7005"
-			set.Connector = HTTPFirewallRuleConnectorOr
-			set.Actions = []*HTTPFirewallActionConfig{
-				{
-					Code: HTTPFirewallActionBlock,
-				},
-			}
-
-			set.AddRule(&HTTPFirewallRule{
-				IsOn:              true,
-				Param:             "${requestAll}",
-				Operator:          HTTPFirewallRuleOperatorMatch,
-				Value:             `;\s*(declare|use|drop|create|exec|delete|update|insert)\s`,
-				IsCaseInsensitive: true,
+				Operator:          HTTPFirewallRuleOperatorContainsSQLInjection,
+				Value:             "",
+				IsCaseInsensitive: false,
 			})
 
 			group.AddRuleSet(set)