EdgeNode/internal/waf/checkpoints/cc2.go

// Copyright 2021 Liuxiangchao iwind.liu@gmail.com. All rights reserved.

package checkpoints

import (
	"fmt"
	"github.com/TeaOSLab/EdgeNode/internal/utils/counters"
	"github.com/TeaOSLab/EdgeNode/internal/waf/requests"
	"github.com/TeaOSLab/EdgeNode/internal/waf/utils"
	"github.com/TeaOSLab/EdgeNode/internal/zero"
	"github.com/iwind/TeaGo/maps"
	"github.com/iwind/TeaGo/types"
	"path/filepath"
	"strings"
)

var commonFileExtensionsMap = map[string]zero.Zero{
	".ico":   zero.New(),
	".jpg":   zero.New(),
	".jpeg":  zero.New(),
	".gif":   zero.New(),
	".png":   zero.New(),
	".webp":  zero.New(),
	".woff2": zero.New(),
	".js":    zero.New(),
	".css":   zero.New(),
	".ttf":   zero.New(),
	".otf":   zero.New(),
	".fnt":   zero.New(),
	".svg":   zero.New(),
}

// CC2Checkpoint 新的CC
type CC2Checkpoint struct {
	Checkpoint
}

func (this *CC2Checkpoint) RequestValue(req requests.Request, param string, options maps.Map, ruleId int64) (value any, hasRequestBody bool, sysErr error, userErr error) {
	var keys = options.GetSlice("keys")
	var keyValues = []string{}
	var hasRemoteAddr = false
	for _, key := range keys {
		if key == "${remoteAddr}" || key == "${rawRemoteAddr}" {
			hasRemoteAddr = true
		}
		keyValues = append(keyValues, req.Format(types.String(key)))
	}
	if len(keyValues) == 0 {
		return
	}

	var period = options.GetInt("period")
	if period <= 0 {
		period = 60
	} else if period > 7*86400 {
		period = 7 * 86400
	}

	/**var threshold = options.GetInt64("threshold")
	if threshold <= 0 {
		threshold = 1000
	}**/

	var ignoreCommonFiles = options.GetBool("ignoreCommonFiles")
	if ignoreCommonFiles {
		var rawReq = req.WAFRaw()
		if len(rawReq.Referer()) > 0 {
			var ext = filepath.Ext(rawReq.URL.Path)
			if len(ext) > 0 {
				_, ok := commonFileExtensionsMap[strings.ToLower(ext)]
				if ok {
					return
				}
			}
		}
	}

	var ccKey = "WAF-CC-" + types.String(ruleId) + "-" + strings.Join(keyValues, "@")
	var ccValue = counters.SharedCounter.IncreaseKey(ccKey, period)
	value = ccValue

	// 基于指纹统计
	var enableFingerprint = true
	if options.Has("enableFingerprint") && !options.GetBool("enableFingerprint") {
		enableFingerprint = false
	}
	if hasRemoteAddr && enableFingerprint {
		var fingerprint = req.WAFFingerprint()
		if len(fingerprint) > 0 {
			var fpKeyValues = []string{}
			for _, key := range keys {
				if key == "${remoteAddr}" || key == "${rawRemoteAddr}" {
					fpKeyValues = append(fpKeyValues, fmt.Sprintf("%x", fingerprint))
					continue
				}
				fpKeyValues = append(fpKeyValues, req.Format(types.String(key)))
			}
			var fpCCKey = "WAF-CC-" + types.String(ruleId) + "-" + strings.Join(fpKeyValues, "@")
			var fpValue = counters.SharedCounter.IncreaseKey(fpCCKey, period)
			if fpValue > ccValue {
				value = fpValue
			}
		}
	}

	return
}

func (this *CC2Checkpoint) ResponseValue(req requests.Request, resp *requests.Response, param string, options maps.Map, ruleId int64) (value any, hasRequestBody bool, sysErr error, userErr error) {
	if this.IsRequest() {
		return this.RequestValue(req, param, options, ruleId)
	}

	return
}

func (this *CC2Checkpoint) CacheLife() utils.CacheLife {
	return utils.CacheDisabled
}
实现新的CC 2021-07-19 10:49:56 +08:00			`// Copyright 2021 Liuxiangchao iwind.liu@gmail.com. All rights reserved.`

			`package checkpoints`

			`import (`
WAF cc2尝试使用指纹统计方法 2023-03-08 16:59:44 +08:00			`"fmt"`
实现新的计数器算法（将时间分片，统计更加精准） 2023-07-13 15:37:08 +08:00			`"github.com/TeaOSLab/EdgeNode/internal/utils/counters"`
实现新的CC 2021-07-19 10:49:56 +08:00			`"github.com/TeaOSLab/EdgeNode/internal/waf/requests"`
优化WAF正则表达式缓存时间 2023-10-11 12:21:10 +08:00			`"github.com/TeaOSLab/EdgeNode/internal/waf/utils"`
cc2增加忽略常见文件扩展名选项 2022-07-15 12:02:19 +08:00			`"github.com/TeaOSLab/EdgeNode/internal/zero"`
实现新的CC 2021-07-19 10:49:56 +08:00			`"github.com/iwind/TeaGo/maps"`
			`"github.com/iwind/TeaGo/types"`
cc2增加忽略常见文件扩展名选项 2022-07-15 12:02:19 +08:00			`"path/filepath"`
实现新的CC 2021-07-19 10:49:56 +08:00			`"strings"`
			`)`

cc2增加忽略常见文件扩展名选项 2022-07-15 12:02:19 +08:00			`var commonFileExtensionsMap = map[string]zero.Zero{`
			`".ico": zero.New(),`
			`".jpg": zero.New(),`
			`".jpeg": zero.New(),`
			`".gif": zero.New(),`
			`".png": zero.New(),`
			`".webp": zero.New(),`
			`".woff2": zero.New(),`
			`".js": zero.New(),`
			`".css": zero.New(),`
增加cc使用的若干通用扩展名 2023-07-13 16:20:46 +08:00			`".ttf": zero.New(),`
			`".otf": zero.New(),`
			`".fnt": zero.New(),`
			`".svg": zero.New(),`
cc2增加忽略常见文件扩展名选项 2022-07-15 12:02:19 +08:00			`}`

实现新的CC 2021-07-19 10:49:56 +08:00			`// CC2Checkpoint 新的CC`
			`type CC2Checkpoint struct {`
			`Checkpoint`
			`}`

优化WAF正则表达式缓存时间 2023-10-11 12:21:10 +08:00			`func (this *CC2Checkpoint) RequestValue(req requests.Request, param string, options maps.Map, ruleId int64) (value any, hasRequestBody bool, sysErr error, userErr error) {`
实现新的CC 2021-07-19 10:49:56 +08:00			`var keys = options.GetSlice("keys")`
			`var keyValues = []string{}`
WAF cc2尝试使用指纹统计方法 2023-03-08 16:59:44 +08:00			`var hasRemoteAddr = false`
实现新的CC 2021-07-19 10:49:56 +08:00			`for _, key := range keys {`
WAF cc2尝试使用指纹统计方法 2023-03-08 16:59:44 +08:00			`if key == "${remoteAddr}" \|\| key == "${rawRemoteAddr}" {`
			`hasRemoteAddr = true`
			`}`
实现新的CC 2021-07-19 10:49:56 +08:00			`keyValues = append(keyValues, req.Format(types.String(key)))`
			`}`
			`if len(keyValues) == 0 {`
			`return`
			`}`

实现新的计数器算法（将时间分片，统计更加精准） 2023-07-13 15:37:08 +08:00			`var period = options.GetInt("period")`
实现新的CC 2021-07-19 10:49:56 +08:00			`if period <= 0 {`
			`period = 60`
实现新的计数器算法（将时间分片，统计更加精准） 2023-07-13 15:37:08 +08:00			`} else if period > 7*86400 {`
			`period = 7 * 86400`
实现新的CC 2021-07-19 10:49:56 +08:00			`}`

优化代码 2023-08-08 12:02:21 +08:00			`/**var threshold = options.GetInt64("threshold")`
实现新的CC 2021-07-19 10:49:56 +08:00			`if threshold <= 0 {`
			`threshold = 1000`
优化代码 2023-08-08 12:02:21 +08:00			`}**/`
实现新的CC 2021-07-19 10:49:56 +08:00
cc2增加忽略常见文件扩展名选项 2022-07-15 12:02:19 +08:00			`var ignoreCommonFiles = options.GetBool("ignoreCommonFiles")`
			`if ignoreCommonFiles {`
			`var rawReq = req.WAFRaw()`
			`if len(rawReq.Referer()) > 0 {`
			`var ext = filepath.Ext(rawReq.URL.Path)`
			`if len(ext) > 0 {`
			`_, ok := commonFileExtensionsMap[strings.ToLower(ext)]`
			`if ok {`
			`return`
			`}`
			`}`
			`}`
			`}`

WAF多个相同Key的cc2统计规则不再重复累加 2022-07-25 09:34:34 +08:00			`var ccKey = "WAF-CC-" + types.String(ruleId) + "-" + strings.Join(keyValues, "@")`
使用泛型优化计数器内存 2023-11-15 15:57:41 +08:00			`var ccValue = counters.SharedCounter.IncreaseKey(ccKey, period)`
			`value = ccValue`
WAF cc2尝试使用指纹统计方法 2023-03-08 16:59:44 +08:00
			`// 基于指纹统计`
WAF cc防护增加“检查请求来源指纹”选项 2023-03-10 10:41:16 +08:00			`var enableFingerprint = true`
			`if options.Has("enableFingerprint") && !options.GetBool("enableFingerprint") {`
			`enableFingerprint = false`
			`}`
			`if hasRemoteAddr && enableFingerprint {`
WAF cc2尝试使用指纹统计方法 2023-03-08 16:59:44 +08:00			`var fingerprint = req.WAFFingerprint()`
			`if len(fingerprint) > 0 {`
			`var fpKeyValues = []string{}`
			`for _, key := range keys {`
			`if key == "${remoteAddr}" \|\| key == "${rawRemoteAddr}" {`
			`fpKeyValues = append(fpKeyValues, fmt.Sprintf("%x", fingerprint))`
			`continue`
			`}`
			`fpKeyValues = append(fpKeyValues, req.Format(types.String(key)))`
			`}`
			`var fpCCKey = "WAF-CC-" + types.String(ruleId) + "-" + strings.Join(fpKeyValues, "@")`
合并多个计数器，便于统一的内存控制 2023-10-05 09:45:46 +08:00			`var fpValue = counters.SharedCounter.IncreaseKey(fpCCKey, period)`
使用泛型优化计数器内存 2023-11-15 15:57:41 +08:00			`if fpValue > ccValue {`
WAF cc2尝试使用指纹统计方法 2023-03-08 16:59:44 +08:00			`value = fpValue`
			`}`
			`}`
			`}`
实现新的CC 2021-07-19 10:49:56 +08:00
			`return`
			`}`

优化WAF正则表达式缓存时间 2023-10-11 12:21:10 +08:00			`func (this CC2Checkpoint) ResponseValue(req requests.Request, resp requests.Response, param string, options maps.Map, ruleId int64) (value any, hasRequestBody bool, sysErr error, userErr error) {`
WAF多个相同Key的cc2统计规则不再重复累加 2022-07-25 09:34:34 +08:00			`if this.IsRequest() {`
			`return this.RequestValue(req, param, options, ruleId)`
			`}`

实现新的CC 2021-07-19 10:49:56 +08:00			`return`
			`}`
优化WAF正则表达式缓存时间 2023-10-11 12:21:10 +08:00
			`func (this *CC2Checkpoint) CacheLife() utils.CacheLife {`
			`return utils.CacheDisabled`
			`}`