EdgeNode/internal/waf/checkpoints/cc2.go

// Copyright 2021 GoEdge goedge.cdn@gmail.com. All rights reserved.

package checkpoints

import (
	"fmt"
	"path/filepath"
	"strings"

	"github.com/TeaOSLab/EdgeNode/internal/utils"
	"github.com/TeaOSLab/EdgeNode/internal/utils/counters"
	"github.com/TeaOSLab/EdgeNode/internal/waf/requests"
	wafutils "github.com/TeaOSLab/EdgeNode/internal/waf/utils"
	"github.com/iwind/TeaGo/maps"
	"github.com/iwind/TeaGo/types"
)

// CC2Checkpoint 新的CC
type CC2Checkpoint struct {
	Checkpoint
}

func (this *CC2Checkpoint) RequestValue(req requests.Request, param string, options maps.Map, ruleId int64) (value any, hasRequestBody bool, sysErr error, userErr error) {
	var keys = options.GetSlice("keys")
	var keyValues = []string{}
	var hasRemoteAddr = false
	for _, key := range keys {
		if key == "${remoteAddr}" || key == "${rawRemoteAddr}" {
			hasRemoteAddr = true
		}
		keyValues = append(keyValues, req.Format(types.String(key)))
	}
	if len(keyValues) == 0 {
		return
	}

	var period = options.GetInt("period")
	if period <= 0 {
		period = 60
	} else if period > 7*86400 {
		period = 7 * 86400
	}

	/**var threshold = options.GetInt64("threshold")
	if threshold <= 0 {
		threshold = 1000
	}**/

	if options.GetBool("ignoreCommonFiles") {
		var rawReq = req.WAFRaw()
		if len(rawReq.Referer()) > 0 {
			var ext = filepath.Ext(rawReq.URL.Path)
			if len(ext) > 0 && utils.IsCommonFileExtension(ext) {
				return
			}
		}
	}

	var ccKey = "WAF-CC-" + types.String(ruleId) + "-" + strings.Join(keyValues, "@")
	var ccValue = counters.SharedCounter.IncreaseKey(ccKey, period)
	value = ccValue

	// 基于指纹统计
	var enableFingerprint = true
	if options.Has("enableFingerprint") && !options.GetBool("enableFingerprint") {
		enableFingerprint = false
	}
	if hasRemoteAddr && enableFingerprint {
		var fingerprint = req.WAFFingerprint()
		if len(fingerprint) > 0 {
			var fpKeyValues = []string{}
			for _, key := range keys {
				if key == "${remoteAddr}" || key == "${rawRemoteAddr}" {
					fpKeyValues = append(fpKeyValues, fmt.Sprintf("%x", fingerprint))
					continue
				}
				fpKeyValues = append(fpKeyValues, req.Format(types.String(key)))
			}
			var fpCCKey = "WAF-CC-" + types.String(ruleId) + "-" + strings.Join(fpKeyValues, "@")
			var fpValue = counters.SharedCounter.IncreaseKey(fpCCKey, period)
			if fpValue > ccValue {
				value = fpValue
			}
		}
	}

	return
}

func (this *CC2Checkpoint) ResponseValue(req requests.Request, resp *requests.Response, param string, options maps.Map, ruleId int64) (value any, hasRequestBody bool, sysErr error, userErr error) {
	if this.IsRequest() {
		return this.RequestValue(req, param, options, ruleId)
	}

	return
}

func (this *CC2Checkpoint) CacheLife() wafutils.CacheLife {
	return wafutils.CacheDisabled
}
修改copyright 2024-05-17 18:30:33 +08:00			`// Copyright 2021 GoEdge goedge.cdn@gmail.com. All rights reserved.`
实现新的CC 2021-07-19 10:49:56 +08:00
			`package checkpoints`

			`import (`
WAF cc2尝试使用指纹统计方法 2023-03-08 16:59:44 +08:00			`"fmt"`
v1.4.1 2024-07-27 15:42:50 +08:00			`"path/filepath"`
			`"strings"`

CC防护增加“忽略常用文件”选项 2024-04-13 20:39:21 +08:00			`"github.com/TeaOSLab/EdgeNode/internal/utils"`
实现新的计数器算法（将时间分片，统计更加精准） 2023-07-13 15:37:08 +08:00			`"github.com/TeaOSLab/EdgeNode/internal/utils/counters"`
实现新的CC 2021-07-19 10:49:56 +08:00			`"github.com/TeaOSLab/EdgeNode/internal/waf/requests"`
CC防护增加“忽略常用文件”选项 2024-04-13 20:39:21 +08:00			`wafutils "github.com/TeaOSLab/EdgeNode/internal/waf/utils"`
实现新的CC 2021-07-19 10:49:56 +08:00			`"github.com/iwind/TeaGo/maps"`
			`"github.com/iwind/TeaGo/types"`
			`)`

			`// CC2Checkpoint 新的CC`
			`type CC2Checkpoint struct {`
			`Checkpoint`
			`}`

优化WAF正则表达式缓存时间 2023-10-11 12:21:10 +08:00			`func (this *CC2Checkpoint) RequestValue(req requests.Request, param string, options maps.Map, ruleId int64) (value any, hasRequestBody bool, sysErr error, userErr error) {`
实现新的CC 2021-07-19 10:49:56 +08:00			`var keys = options.GetSlice("keys")`
			`var keyValues = []string{}`
WAF cc2尝试使用指纹统计方法 2023-03-08 16:59:44 +08:00			`var hasRemoteAddr = false`
实现新的CC 2021-07-19 10:49:56 +08:00			`for _, key := range keys {`
WAF cc2尝试使用指纹统计方法 2023-03-08 16:59:44 +08:00			`if key == "${remoteAddr}" \|\| key == "${rawRemoteAddr}" {`
			`hasRemoteAddr = true`
			`}`
实现新的CC 2021-07-19 10:49:56 +08:00			`keyValues = append(keyValues, req.Format(types.String(key)))`
			`}`
			`if len(keyValues) == 0 {`
			`return`
			`}`

实现新的计数器算法（将时间分片，统计更加精准） 2023-07-13 15:37:08 +08:00			`var period = options.GetInt("period")`
实现新的CC 2021-07-19 10:49:56 +08:00			`if period <= 0 {`
			`period = 60`
实现新的计数器算法（将时间分片，统计更加精准） 2023-07-13 15:37:08 +08:00			`} else if period > 7*86400 {`
			`period = 7 * 86400`
实现新的CC 2021-07-19 10:49:56 +08:00			`}`

优化代码 2023-08-08 12:02:21 +08:00			`/**var threshold = options.GetInt64("threshold")`
实现新的CC 2021-07-19 10:49:56 +08:00			`if threshold <= 0 {`
			`threshold = 1000`
优化代码 2023-08-08 12:02:21 +08:00			`}**/`
实现新的CC 2021-07-19 10:49:56 +08:00
CC防护增加“忽略常用文件”选项 2024-04-13 20:39:21 +08:00			`if options.GetBool("ignoreCommonFiles") {`
cc2增加忽略常见文件扩展名选项 2022-07-15 12:02:19 +08:00			`var rawReq = req.WAFRaw()`
			`if len(rawReq.Referer()) > 0 {`
			`var ext = filepath.Ext(rawReq.URL.Path)`
CC防护增加“忽略常用文件”选项 2024-04-13 20:39:21 +08:00			`if len(ext) > 0 && utils.IsCommonFileExtension(ext) {`
			`return`
cc2增加忽略常见文件扩展名选项 2022-07-15 12:02:19 +08:00			`}`
			`}`
			`}`

WAF多个相同Key的cc2统计规则不再重复累加 2022-07-25 09:34:34 +08:00			`var ccKey = "WAF-CC-" + types.String(ruleId) + "-" + strings.Join(keyValues, "@")`
使用泛型优化计数器内存 2023-11-15 15:57:41 +08:00			`var ccValue = counters.SharedCounter.IncreaseKey(ccKey, period)`
			`value = ccValue`
WAF cc2尝试使用指纹统计方法 2023-03-08 16:59:44 +08:00
			`// 基于指纹统计`
WAF cc防护增加“检查请求来源指纹”选项 2023-03-10 10:41:16 +08:00			`var enableFingerprint = true`
			`if options.Has("enableFingerprint") && !options.GetBool("enableFingerprint") {`
			`enableFingerprint = false`
			`}`
			`if hasRemoteAddr && enableFingerprint {`
WAF cc2尝试使用指纹统计方法 2023-03-08 16:59:44 +08:00			`var fingerprint = req.WAFFingerprint()`
			`if len(fingerprint) > 0 {`
			`var fpKeyValues = []string{}`
			`for _, key := range keys {`
			`if key == "${remoteAddr}" \|\| key == "${rawRemoteAddr}" {`
			`fpKeyValues = append(fpKeyValues, fmt.Sprintf("%x", fingerprint))`
			`continue`
			`}`
			`fpKeyValues = append(fpKeyValues, req.Format(types.String(key)))`
			`}`
			`var fpCCKey = "WAF-CC-" + types.String(ruleId) + "-" + strings.Join(fpKeyValues, "@")`
合并多个计数器，便于统一的内存控制 2023-10-05 09:45:46 +08:00			`var fpValue = counters.SharedCounter.IncreaseKey(fpCCKey, period)`
使用泛型优化计数器内存 2023-11-15 15:57:41 +08:00			`if fpValue > ccValue {`
WAF cc2尝试使用指纹统计方法 2023-03-08 16:59:44 +08:00			`value = fpValue`
			`}`
			`}`
			`}`
实现新的CC 2021-07-19 10:49:56 +08:00
			`return`
			`}`

优化WAF正则表达式缓存时间 2023-10-11 12:21:10 +08:00			`func (this CC2Checkpoint) ResponseValue(req requests.Request, resp requests.Response, param string, options maps.Map, ruleId int64) (value any, hasRequestBody bool, sysErr error, userErr error) {`
WAF多个相同Key的cc2统计规则不再重复累加 2022-07-25 09:34:34 +08:00			`if this.IsRequest() {`
			`return this.RequestValue(req, param, options, ruleId)`
			`}`

实现新的CC 2021-07-19 10:49:56 +08:00			`return`
			`}`
优化WAF正则表达式缓存时间 2023-10-11 12:21:10 +08:00
CC防护增加“忽略常用文件”选项 2024-04-13 20:39:21 +08:00			`func (this *CC2Checkpoint) CacheLife() wafutils.CacheLife {`
			`return wafutils.CacheDisabled`
优化WAF正则表达式缓存时间 2023-10-11 12:21:10 +08:00			`}`