EdgeNode/internal/waf/rule_set_test.go

package waf_test

import (
	"bytes"
	"github.com/TeaOSLab/EdgeNode/internal/waf"
	"github.com/TeaOSLab/EdgeNode/internal/waf/requests"
	"github.com/cespare/xxhash"
	"github.com/iwind/TeaGo/assert"
	"net/http"
	"regexp"
	"runtime"
	"testing"
)

func TestRuleSet_MatchRequest(t *testing.T) {
	var set = waf.NewRuleSet()
	set.Connector = waf.RuleConnectorAnd

	set.Rules = []*waf.Rule{
		{
			Param:    "${arg.name}",
			Operator: waf.RuleOperatorEqString,
			Value:    "lu",
		},
		{
			Param:    "${arg.age}",
			Operator: waf.RuleOperatorEq,
			Value:    "20",
		},
	}

	err := set.Init(nil)
	if err != nil {
		t.Fatal(err)
	}

	rawReq, err := http.NewRequest(http.MethodGet, "http://teaos.cn/hello?name=lu&age=20", nil)
	if err != nil {
		t.Fatal(err)
	}
	req := requests.NewTestRequest(rawReq)
	t.Log(set.MatchRequest(req))
}

func TestRuleSet_MatchRequest2(t *testing.T) {
	var a = assert.NewAssertion(t)

	var set = waf.NewRuleSet()
	set.Connector = waf.RuleConnectorOr

	set.Rules = []*waf.Rule{
		{
			Param:    "${arg.name}",
			Operator: waf.RuleOperatorEqString,
			Value:    "lu",
		},
		{
			Param:    "${arg.age}",
			Operator: waf.RuleOperatorEq,
			Value:    "21",
		},
	}

	err := set.Init(nil)
	if err != nil {
		t.Fatal(err)
	}

	rawReq, err := http.NewRequest(http.MethodGet, "http://teaos.cn/hello?name=lu&age=20", nil)
	if err != nil {
		t.Fatal(err)
	}
	req := requests.NewTestRequest(rawReq)
	a.IsTrue(set.MatchRequest(req))
}

func BenchmarkRuleSet_MatchRequest(b *testing.B) {
	runtime.GOMAXPROCS(1)

	var set = waf.NewRuleSet()
	set.Connector = waf.RuleConnectorOr

	set.Rules = []*waf.Rule{
		{
			Param:    "${requestAll}",
			Operator: waf.RuleOperatorMatch,
			Value:    `(onmouseover|onmousemove|onmousedown|onmouseup|onerror|onload|onclick|ondblclick|onkeydown|onkeyup|onkeypress)\s*=`,
		},
		{
			Param:    "${requestAll}",
			Operator: waf.RuleOperatorMatch,
			Value:    `\b(eval|system|exec|execute|passthru|shell_exec|phpinfo)\s*\(`,
		},
		{
			Param:    "${arg.name}",
			Operator: waf.RuleOperatorEqString,
			Value:    "lu",
		},
		{
			Param:    "${arg.age}",
			Operator: waf.RuleOperatorEq,
			Value:    "21",
		},
	}

	err := set.Init(nil)
	if err != nil {
		b.Fatal(err)
	}

	rawReq, err := http.NewRequest(http.MethodPost, "http://teaos.cn/hello?name=lu&age=20", bytes.NewBuffer(bytes.Repeat([]byte("HELLO"), 1024)))
	if err != nil {
		b.Fatal(err)
	}
	req := requests.NewTestRequest(rawReq)
	for i := 0; i < b.N; i++ {
		_, _, _ = set.MatchRequest(req)
	}
}

func BenchmarkRuleSet_MatchRequest_Regexp(b *testing.B) {
	runtime.GOMAXPROCS(1)

	var set = waf.NewRuleSet()
	set.Connector = waf.RuleConnectorOr

	set.Rules = []*waf.Rule{
		{
			Param:             "${requestBody}",
			Operator:          waf.RuleOperatorMatch,
			Value:             `\b(eval|system|exec|execute|passthru|shell_exec|phpinfo)\s*\(`,
			IsCaseInsensitive: false,
		},
	}

	err := set.Init(nil)
	if err != nil {
		b.Fatal(err)
	}

	rawReq, err := http.NewRequest(http.MethodPost, "http://teaos.cn/hello?name=lu&age=20", bytes.NewBuffer(bytes.Repeat([]byte("HELLO"), 2048)))
	if err != nil {
		b.Fatal(err)
	}
	req := requests.NewTestRequest(rawReq)
	for i := 0; i < b.N; i++ {
		_, _, _ = set.MatchRequest(req)
	}
}

func BenchmarkRuleSet_MatchRequest_Regexp2(b *testing.B) {
	reg, err := regexp.Compile(`(?iU)\b(eval|system|exec|execute|passthru|shell_exec|phpinfo)\b`)
	if err != nil {
		b.Fatal(err)
	}

	buf := bytes.Repeat([]byte(" HELLO "), 10240)

	for i := 0; i < b.N; i++ {
		_ = reg.Match(buf)
	}
}

func BenchmarkRuleSet_MatchRequest_Regexp3(b *testing.B) {
	reg, err := regexp.Compile(`(?iU)^(eval|system|exec|execute|passthru|shell_exec|phpinfo)`)
	if err != nil {
		b.Fatal(err)
	}

	buf := bytes.Repeat([]byte(" HELLO "), 1024)

	for i := 0; i < b.N; i++ {
		_ = reg.Match(buf)
	}
}

func BenchmarkHash(b *testing.B) {
	runtime.GOMAXPROCS(1)

	for i := 0; i < b.N; i++ {
		_ = xxhash.Sum64(bytes.Repeat([]byte("HELLO"), 10240))
	}
}
WAF SQL注入和XSS检测增加缓存/优化部分WAF相关测试用例 2023-12-09 11:46:50 +08:00			`package waf_test`
实现WAF 2020-10-08 15:06:42 +08:00
			`import (`
			`"bytes"`
WAF SQL注入和XSS检测增加缓存/优化部分WAF相关测试用例 2023-12-09 11:46:50 +08:00			`"github.com/TeaOSLab/EdgeNode/internal/waf"`
实现WAF 2020-10-08 15:06:42 +08:00			`"github.com/TeaOSLab/EdgeNode/internal/waf/requests"`
采用更快的Hash算法 2020-11-21 22:29:57 +08:00			`"github.com/cespare/xxhash"`
实现WAF 2020-10-08 15:06:42 +08:00			`"github.com/iwind/TeaGo/assert"`
			`"net/http"`
			`"regexp"`
			`"runtime"`
			`"testing"`
			`)`

			`func TestRuleSet_MatchRequest(t *testing.T) {`
WAF SQL注入和XSS检测增加缓存/优化部分WAF相关测试用例 2023-12-09 11:46:50 +08:00			`var set = waf.NewRuleSet()`
			`set.Connector = waf.RuleConnectorAnd`
实现WAF 2020-10-08 15:06:42 +08:00
WAF SQL注入和XSS检测增加缓存/优化部分WAF相关测试用例 2023-12-09 11:46:50 +08:00			`set.Rules = []*waf.Rule{`
实现WAF 2020-10-08 15:06:42 +08:00			`{`
			`Param: "${arg.name}",`
WAF SQL注入和XSS检测增加缓存/优化部分WAF相关测试用例 2023-12-09 11:46:50 +08:00			`Operator: waf.RuleOperatorEqString,`
实现WAF 2020-10-08 15:06:42 +08:00			`Value: "lu",`
			`},`
			`{`
			`Param: "${arg.age}",`
WAF SQL注入和XSS检测增加缓存/优化部分WAF相关测试用例 2023-12-09 11:46:50 +08:00			`Operator: waf.RuleOperatorEq,`
实现WAF 2020-10-08 15:06:42 +08:00			`Value: "20",`
			`},`
			`}`

WAF增加多个动作 2021-07-18 15:51:49 +08:00			`err := set.Init(nil)`
实现WAF 2020-10-08 15:06:42 +08:00			`if err != nil {`
			`t.Fatal(err)`
			`}`

			`rawReq, err := http.NewRequest(http.MethodGet, "http://teaos.cn/hello?name=lu&age=20", nil)`
			`if err != nil {`
			`t.Fatal(err)`
			`}`
WAF增加多个动作 2021-07-18 15:51:49 +08:00			`req := requests.NewTestRequest(rawReq)`
实现WAF 2020-10-08 15:06:42 +08:00			`t.Log(set.MatchRequest(req))`
			`}`

			`func TestRuleSet_MatchRequest2(t *testing.T) {`
WAF SQL注入和XSS检测增加缓存/优化部分WAF相关测试用例 2023-12-09 11:46:50 +08:00			`var a = assert.NewAssertion(t)`
实现WAF 2020-10-08 15:06:42 +08:00
WAF SQL注入和XSS检测增加缓存/优化部分WAF相关测试用例 2023-12-09 11:46:50 +08:00			`var set = waf.NewRuleSet()`
			`set.Connector = waf.RuleConnectorOr`
实现WAF 2020-10-08 15:06:42 +08:00
WAF SQL注入和XSS检测增加缓存/优化部分WAF相关测试用例 2023-12-09 11:46:50 +08:00			`set.Rules = []*waf.Rule{`
实现WAF 2020-10-08 15:06:42 +08:00			`{`
			`Param: "${arg.name}",`
WAF SQL注入和XSS检测增加缓存/优化部分WAF相关测试用例 2023-12-09 11:46:50 +08:00			`Operator: waf.RuleOperatorEqString,`
实现WAF 2020-10-08 15:06:42 +08:00			`Value: "lu",`
			`},`
			`{`
			`Param: "${arg.age}",`
WAF SQL注入和XSS检测增加缓存/优化部分WAF相关测试用例 2023-12-09 11:46:50 +08:00			`Operator: waf.RuleOperatorEq,`
实现WAF 2020-10-08 15:06:42 +08:00			`Value: "21",`
			`},`
			`}`

WAF增加多个动作 2021-07-18 15:51:49 +08:00			`err := set.Init(nil)`
实现WAF 2020-10-08 15:06:42 +08:00			`if err != nil {`
			`t.Fatal(err)`
			`}`

			`rawReq, err := http.NewRequest(http.MethodGet, "http://teaos.cn/hello?name=lu&age=20", nil)`
			`if err != nil {`
			`t.Fatal(err)`
			`}`
WAF增加多个动作 2021-07-18 15:51:49 +08:00			`req := requests.NewTestRequest(rawReq)`
实现WAF 2020-10-08 15:06:42 +08:00			`a.IsTrue(set.MatchRequest(req))`
			`}`

			`func BenchmarkRuleSet_MatchRequest(b *testing.B) {`
			`runtime.GOMAXPROCS(1)`

WAF SQL注入和XSS检测增加缓存/优化部分WAF相关测试用例 2023-12-09 11:46:50 +08:00			`var set = waf.NewRuleSet()`
			`set.Connector = waf.RuleConnectorOr`
实现WAF 2020-10-08 15:06:42 +08:00
WAF SQL注入和XSS检测增加缓存/优化部分WAF相关测试用例 2023-12-09 11:46:50 +08:00			`set.Rules = []*waf.Rule{`
实现WAF 2020-10-08 15:06:42 +08:00			`{`
			`Param: "${requestAll}",`
WAF SQL注入和XSS检测增加缓存/优化部分WAF相关测试用例 2023-12-09 11:46:50 +08:00			`Operator: waf.RuleOperatorMatch,`
实现WAF 2020-10-08 15:06:42 +08:00			Value: `(onmouseover\|onmousemove\|onmousedown\|onmouseup\|onerror\|onload\|onclick\|ondblclick\|onkeydown\|onkeyup\|onkeypress)\s*=`,
			`},`
			`{`
			`Param: "${requestAll}",`
WAF SQL注入和XSS检测增加缓存/优化部分WAF相关测试用例 2023-12-09 11:46:50 +08:00			`Operator: waf.RuleOperatorMatch,`
实现WAF 2020-10-08 15:06:42 +08:00			Value: `\b(eval\|system\|exec\|execute\|passthru\|shell_exec\|phpinfo)\s*\(`,
			`},`
			`{`
			`Param: "${arg.name}",`
WAF SQL注入和XSS检测增加缓存/优化部分WAF相关测试用例 2023-12-09 11:46:50 +08:00			`Operator: waf.RuleOperatorEqString,`
实现WAF 2020-10-08 15:06:42 +08:00			`Value: "lu",`
			`},`
			`{`
			`Param: "${arg.age}",`
WAF SQL注入和XSS检测增加缓存/优化部分WAF相关测试用例 2023-12-09 11:46:50 +08:00			`Operator: waf.RuleOperatorEq,`
实现WAF 2020-10-08 15:06:42 +08:00			`Value: "21",`
			`},`
			`}`

WAF增加多个动作 2021-07-18 15:51:49 +08:00			`err := set.Init(nil)`
实现WAF 2020-10-08 15:06:42 +08:00			`if err != nil {`
			`b.Fatal(err)`
			`}`

			`rawReq, err := http.NewRequest(http.MethodPost, "http://teaos.cn/hello?name=lu&age=20", bytes.NewBuffer(bytes.Repeat([]byte("HELLO"), 1024)))`
			`if err != nil {`
			`b.Fatal(err)`
			`}`
WAF增加多个动作 2021-07-18 15:51:49 +08:00			`req := requests.NewTestRequest(rawReq)`
实现WAF 2020-10-08 15:06:42 +08:00			`for i := 0; i < b.N; i++ {`
WAF策略增加记录请求Body选项 2022-07-16 17:05:37 +08:00			`_, _, _ = set.MatchRequest(req)`
实现WAF 2020-10-08 15:06:42 +08:00			`}`
			`}`

			`func BenchmarkRuleSet_MatchRequest_Regexp(b *testing.B) {`
			`runtime.GOMAXPROCS(1)`

WAF SQL注入和XSS检测增加缓存/优化部分WAF相关测试用例 2023-12-09 11:46:50 +08:00			`var set = waf.NewRuleSet()`
			`set.Connector = waf.RuleConnectorOr`
实现WAF 2020-10-08 15:06:42 +08:00
WAF SQL注入和XSS检测增加缓存/优化部分WAF相关测试用例 2023-12-09 11:46:50 +08:00			`set.Rules = []*waf.Rule{`
实现WAF 2020-10-08 15:06:42 +08:00			`{`
			`Param: "${requestBody}",`
WAF SQL注入和XSS检测增加缓存/优化部分WAF相关测试用例 2023-12-09 11:46:50 +08:00			`Operator: waf.RuleOperatorMatch,`
实现WAF 2020-10-08 15:06:42 +08:00			Value: `\b(eval\|system\|exec\|execute\|passthru\|shell_exec\|phpinfo)\s*\(`,
			`IsCaseInsensitive: false,`
			`},`
			`}`

WAF增加多个动作 2021-07-18 15:51:49 +08:00			`err := set.Init(nil)`
实现WAF 2020-10-08 15:06:42 +08:00			`if err != nil {`
			`b.Fatal(err)`
			`}`

			`rawReq, err := http.NewRequest(http.MethodPost, "http://teaos.cn/hello?name=lu&age=20", bytes.NewBuffer(bytes.Repeat([]byte("HELLO"), 2048)))`
			`if err != nil {`
			`b.Fatal(err)`
			`}`
WAF增加多个动作 2021-07-18 15:51:49 +08:00			`req := requests.NewTestRequest(rawReq)`
实现WAF 2020-10-08 15:06:42 +08:00			`for i := 0; i < b.N; i++ {`
WAF策略增加记录请求Body选项 2022-07-16 17:05:37 +08:00			`_, _, _ = set.MatchRequest(req)`
实现WAF 2020-10-08 15:06:42 +08:00			`}`
			`}`

			`func BenchmarkRuleSet_MatchRequest_Regexp2(b *testing.B) {`
			reg, err := regexp.Compile(`(?iU)\b(eval\|system\|exec\|execute\|passthru\|shell_exec\|phpinfo)\b`)
			`if err != nil {`
			`b.Fatal(err)`
			`}`

			`buf := bytes.Repeat([]byte(" HELLO "), 10240)`

			`for i := 0; i < b.N; i++ {`
			`_ = reg.Match(buf)`
			`}`
			`}`

			`func BenchmarkRuleSet_MatchRequest_Regexp3(b *testing.B) {`
			reg, err := regexp.Compile(`(?iU)^(eval\|system\|exec\|execute\|passthru\|shell_exec\|phpinfo)`)
			`if err != nil {`
			`b.Fatal(err)`
			`}`

			`buf := bytes.Repeat([]byte(" HELLO "), 1024)`

			`for i := 0; i < b.N; i++ {`
			`_ = reg.Match(buf)`
			`}`
			`}`

			`func BenchmarkHash(b *testing.B) {`
采用更快的Hash算法 2020-11-21 22:29:57 +08:00			`runtime.GOMAXPROCS(1)`

实现WAF 2020-10-08 15:06:42 +08:00			`for i := 0; i < b.N; i++ {`
采用更快的Hash算法 2020-11-21 22:29:57 +08:00			`_ = xxhash.Sum64(bytes.Repeat([]byte("HELLO"), 10240))`
实现WAF 2020-10-08 15:06:42 +08:00			`}`
			`}`