TRKJ/EdgeCommon
2
0
Fork 0
mirror of https://github.com/TeaOSLab/EdgeCommon.git synced 2025-11-03 12:20:27 +08:00
Code Issues Packages Projects Releases Wiki Activity

WAF操作符增加“包含SQL注入-严格模式”

Browse Source
This commit is contained in:
GoEdgeLab
2024-01-16 20:42:13 +08:00
parent f44c3cc2c5
commit aea3ebf328
1 changed files with 36 additions and 28 deletions
Download Patch File Download Diff File Expand all files Collapse all files

64
pkg/serverconfigs/firewallconfigs/http_firewall_rule_operator.go
View File

@@ -4,34 +4,35 @@ type HTTPFirewallRuleOperator = string
type HTTPFirewallRuleCaseInsensitive = string
const (
HTTPFirewallRuleOperatorGt HTTPFirewallRuleOperator = "gt"
HTTPFirewallRuleOperatorGte HTTPFirewallRuleOperator = "gte"
HTTPFirewallRuleOperatorLt HTTPFirewallRuleOperator = "lt"
HTTPFirewallRuleOperatorLte HTTPFirewallRuleOperator = "lte"
HTTPFirewallRuleOperatorEq HTTPFirewallRuleOperator = "eq"
HTTPFirewallRuleOperatorNeq HTTPFirewallRuleOperator = "neq"
HTTPFirewallRuleOperatorEqString HTTPFirewallRuleOperator = "eq string"
HTTPFirewallRuleOperatorNeqString HTTPFirewallRuleOperator = "neq string"
HTTPFirewallRuleOperatorMatch HTTPFirewallRuleOperator = "match"
HTTPFirewallRuleOperatorNotMatch HTTPFirewallRuleOperator = "not match"
HTTPFirewallRuleOperatorWildcardMatch HTTPFirewallRuleOperator = "wildcard match"
HTTPFirewallRuleOperatorWildcardNotMatch HTTPFirewallRuleOperator = "wildcard not match"
HTTPFirewallRuleOperatorContains HTTPFirewallRuleOperator = "contains"
HTTPFirewallRuleOperatorNotContains HTTPFirewallRuleOperator = "not contains"
HTTPFirewallRuleOperatorContainsAnyWord HTTPFirewallRuleOperator = "contains any word"
HTTPFirewallRuleOperatorContainsAllWords HTTPFirewallRuleOperator = "contains all words"
HTTPFirewallRuleOperatorNotContainsAnyWord HTTPFirewallRuleOperator = "not contains any word"
HTTPFirewallRuleOperatorPrefix HTTPFirewallRuleOperator = "prefix"
HTTPFirewallRuleOperatorSuffix HTTPFirewallRuleOperator = "suffix"
HTTPFirewallRuleOperatorContainsAny HTTPFirewallRuleOperator = "contains any"
HTTPFirewallRuleOperatorContainsAll HTTPFirewallRuleOperator = "contains all"
HTTPFirewallRuleOperatorContainsSQLInjection HTTPFirewallRuleOperator = "contains sql injection"
HTTPFirewallRuleOperatorContainsXSS HTTPFirewallRuleOperator = "contains xss"
HTTPFirewallRuleOperatorContainsXSSStrictly HTTPFirewallRuleOperator = "contains xss strictly"
HTTPFirewallRuleOperatorHasKey HTTPFirewallRuleOperator = "has key" // has key in slice or map
HTTPFirewallRuleOperatorVersionGt HTTPFirewallRuleOperator = "version gt"
HTTPFirewallRuleOperatorVersionLt HTTPFirewallRuleOperator = "version lt"
HTTPFirewallRuleOperatorVersionRange HTTPFirewallRuleOperator = "version range"
HTTPFirewallRuleOperatorGt HTTPFirewallRuleOperator = "gt"
HTTPFirewallRuleOperatorGte HTTPFirewallRuleOperator = "gte"
HTTPFirewallRuleOperatorLt HTTPFirewallRuleOperator = "lt"
HTTPFirewallRuleOperatorLte HTTPFirewallRuleOperator = "lte"
HTTPFirewallRuleOperatorEq HTTPFirewallRuleOperator = "eq"
HTTPFirewallRuleOperatorNeq HTTPFirewallRuleOperator = "neq"
HTTPFirewallRuleOperatorEqString HTTPFirewallRuleOperator = "eq string"
HTTPFirewallRuleOperatorNeqString HTTPFirewallRuleOperator = "neq string"
HTTPFirewallRuleOperatorMatch HTTPFirewallRuleOperator = "match"
HTTPFirewallRuleOperatorNotMatch HTTPFirewallRuleOperator = "not match"
HTTPFirewallRuleOperatorWildcardMatch HTTPFirewallRuleOperator = "wildcard match"
HTTPFirewallRuleOperatorWildcardNotMatch HTTPFirewallRuleOperator = "wildcard not match"
HTTPFirewallRuleOperatorContains HTTPFirewallRuleOperator = "contains"
HTTPFirewallRuleOperatorNotContains HTTPFirewallRuleOperator = "not contains"
HTTPFirewallRuleOperatorContainsAnyWord HTTPFirewallRuleOperator = "contains any word"
HTTPFirewallRuleOperatorContainsAllWords HTTPFirewallRuleOperator = "contains all words"
HTTPFirewallRuleOperatorNotContainsAnyWord HTTPFirewallRuleOperator = "not contains any word"
HTTPFirewallRuleOperatorPrefix HTTPFirewallRuleOperator = "prefix"
HTTPFirewallRuleOperatorSuffix HTTPFirewallRuleOperator = "suffix"
HTTPFirewallRuleOperatorContainsAny HTTPFirewallRuleOperator = "contains any"
HTTPFirewallRuleOperatorContainsAll HTTPFirewallRuleOperator = "contains all"
HTTPFirewallRuleOperatorContainsSQLInjection HTTPFirewallRuleOperator = "contains sql injection"
HTTPFirewallRuleOperatorContainsSQLInjectionStrictly HTTPFirewallRuleOperator = "contains sql injection strictly"
HTTPFirewallRuleOperatorContainsXSS HTTPFirewallRuleOperator = "contains xss"
HTTPFirewallRuleOperatorContainsXSSStrictly HTTPFirewallRuleOperator = "contains xss strictly"
HTTPFirewallRuleOperatorHasKey HTTPFirewallRuleOperator = "has key" // has key in slice or map
HTTPFirewallRuleOperatorVersionGt HTTPFirewallRuleOperator = "version gt"
HTTPFirewallRuleOperatorVersionLt HTTPFirewallRuleOperator = "version lt"
HTTPFirewallRuleOperatorVersionRange HTTPFirewallRuleOperator = "version range"
HTTPFirewallRuleOperatorContainsBinary HTTPFirewallRuleOperator = "contains binary" // contains binary
HTTPFirewallRuleOperatorNotContainsBinary HTTPFirewallRuleOperator = "not contains binary" // not contains binary
@@ -176,6 +177,13 @@ var AllRuleOperators = []*RuleOperatorDefinition{
CaseInsensitive: HTTPFirewallRuleCaseInsensitiveNone,
DataType: "none",
},
{
Name: "包含SQL注入-严格模式",
Code: HTTPFirewallRuleOperatorContainsSQLInjectionStrictly,
Description: "更加严格地检测字符串内容是否包含SQL注入相对于非严格模式有一定的误报几率。",
CaseInsensitive: HTTPFirewallRuleCaseInsensitiveNone,
DataType: "none",
},
{
Name: "包含XSS注入",
Code: HTTPFirewallRuleOperatorContainsXSS,