EdgeNode/internal/waf/checkpoints/cc2.go

// Copyright 2021 Liuxiangchao iwind.liu@gmail.com. All rights reserved.

package checkpoints

import (
	"fmt"
	"github.com/TeaOSLab/EdgeNode/internal/ttlcache"
	"github.com/TeaOSLab/EdgeNode/internal/waf/requests"
	"github.com/TeaOSLab/EdgeNode/internal/zero"
	"github.com/iwind/TeaGo/maps"
	"github.com/iwind/TeaGo/types"
	"path/filepath"
	"strings"
	"time"
)

var ccCache = ttlcache.NewCache()

var commonFileExtensionsMap = map[string]zero.Zero{
	".ico":   zero.New(),
	".jpg":   zero.New(),
	".jpeg":  zero.New(),
	".gif":   zero.New(),
	".png":   zero.New(),
	".webp":  zero.New(),
	".woff2": zero.New(),
	".js":    zero.New(),
	".css":   zero.New(),
}

// CC2Checkpoint 新的CC
type CC2Checkpoint struct {
	Checkpoint
}

func (this *CC2Checkpoint) RequestValue(req requests.Request, param string, options maps.Map, ruleId int64) (value interface{}, hasRequestBody bool, sysErr error, userErr error) {
	var keys = options.GetSlice("keys")
	var keyValues = []string{}
	var hasRemoteAddr = false
	for _, key := range keys {
		if key == "${remoteAddr}" || key == "${rawRemoteAddr}" {
			hasRemoteAddr = true
		}
		keyValues = append(keyValues, req.Format(types.String(key)))
	}
	if len(keyValues) == 0 {
		return
	}

	var period = options.GetInt64("period")
	if period <= 0 {
		period = 60
	}

	var threshold = options.GetInt64("threshold")
	if threshold <= 0 {
		threshold = 1000
	}

	var ignoreCommonFiles = options.GetBool("ignoreCommonFiles")
	if ignoreCommonFiles {
		var rawReq = req.WAFRaw()
		if len(rawReq.Referer()) > 0 {
			var ext = filepath.Ext(rawReq.URL.Path)
			if len(ext) > 0 {
				_, ok := commonFileExtensionsMap[strings.ToLower(ext)]
				if ok {
					return
				}
			}
		}
	}

	var expiresAt = time.Now().Unix() + period
	var ccKey = "WAF-CC-" + types.String(ruleId) + "-" + strings.Join(keyValues, "@")
	value = ccCache.IncreaseInt64(ccKey, 1, expiresAt, false)

	// 基于指纹统计
	if hasRemoteAddr {
		var fingerprint = req.WAFFingerprint()
		if len(fingerprint) > 0 {
			var fpKeyValues = []string{}
			for _, key := range keys {
				if key == "${remoteAddr}" || key == "${rawRemoteAddr}" {
					fpKeyValues = append(fpKeyValues, fmt.Sprintf("%x", fingerprint))
					continue
				}
				fpKeyValues = append(fpKeyValues, req.Format(types.String(key)))
			}
			var fpCCKey = "WAF-CC-" + types.String(ruleId) + "-" + strings.Join(fpKeyValues, "@")
			var fpValue = ccCache.IncreaseInt64(fpCCKey, 1, expiresAt, false)
			if fpValue > value.(int64) {
				value = fpValue
			}
		}
	}

	return
}

func (this *CC2Checkpoint) ResponseValue(req requests.Request, resp *requests.Response, param string, options maps.Map, ruleId int64) (value interface{}, hasRequestBody bool, sysErr error, userErr error) {
	if this.IsRequest() {
		return this.RequestValue(req, param, options, ruleId)
	}

	return
}
实现新的CC 2021-07-19 10:49:56 +08:00			`// Copyright 2021 Liuxiangchao iwind.liu@gmail.com. All rights reserved.`

			`package checkpoints`

			`import (`
WAF cc2尝试使用指纹统计方法 2023-03-08 16:59:44 +08:00			`"fmt"`
实现新的CC 2021-07-19 10:49:56 +08:00			`"github.com/TeaOSLab/EdgeNode/internal/ttlcache"`
			`"github.com/TeaOSLab/EdgeNode/internal/waf/requests"`
cc2增加忽略常见文件扩展名选项 2022-07-15 12:02:19 +08:00			`"github.com/TeaOSLab/EdgeNode/internal/zero"`
实现新的CC 2021-07-19 10:49:56 +08:00			`"github.com/iwind/TeaGo/maps"`
			`"github.com/iwind/TeaGo/types"`
cc2增加忽略常见文件扩展名选项 2022-07-15 12:02:19 +08:00			`"path/filepath"`
实现新的CC 2021-07-19 10:49:56 +08:00			`"strings"`
			`"time"`
			`)`

优化ttlcache 2022-04-09 18:44:51 +08:00			`var ccCache = ttlcache.NewCache()`
实现新的CC 2021-07-19 10:49:56 +08:00
cc2增加忽略常见文件扩展名选项 2022-07-15 12:02:19 +08:00			`var commonFileExtensionsMap = map[string]zero.Zero{`
			`".ico": zero.New(),`
			`".jpg": zero.New(),`
			`".jpeg": zero.New(),`
			`".gif": zero.New(),`
			`".png": zero.New(),`
			`".webp": zero.New(),`
			`".woff2": zero.New(),`
			`".js": zero.New(),`
			`".css": zero.New(),`
			`}`

实现新的CC 2021-07-19 10:49:56 +08:00			`// CC2Checkpoint 新的CC`
			`type CC2Checkpoint struct {`
			`Checkpoint`
			`}`

WAF多个相同Key的cc2统计规则不再重复累加 2022-07-25 09:34:34 +08:00			`func (this *CC2Checkpoint) RequestValue(req requests.Request, param string, options maps.Map, ruleId int64) (value interface{}, hasRequestBody bool, sysErr error, userErr error) {`
实现新的CC 2021-07-19 10:49:56 +08:00			`var keys = options.GetSlice("keys")`
			`var keyValues = []string{}`
WAF cc2尝试使用指纹统计方法 2023-03-08 16:59:44 +08:00			`var hasRemoteAddr = false`
实现新的CC 2021-07-19 10:49:56 +08:00			`for _, key := range keys {`
WAF cc2尝试使用指纹统计方法 2023-03-08 16:59:44 +08:00			`if key == "${remoteAddr}" \|\| key == "${rawRemoteAddr}" {`
			`hasRemoteAddr = true`
			`}`
实现新的CC 2021-07-19 10:49:56 +08:00			`keyValues = append(keyValues, req.Format(types.String(key)))`
			`}`
			`if len(keyValues) == 0 {`
			`return`
			`}`

			`var period = options.GetInt64("period")`
			`if period <= 0 {`
			`period = 60`
			`}`

			`var threshold = options.GetInt64("threshold")`
			`if threshold <= 0 {`
			`threshold = 1000`
			`}`

cc2增加忽略常见文件扩展名选项 2022-07-15 12:02:19 +08:00			`var ignoreCommonFiles = options.GetBool("ignoreCommonFiles")`
			`if ignoreCommonFiles {`
			`var rawReq = req.WAFRaw()`
			`if len(rawReq.Referer()) > 0 {`
			`var ext = filepath.Ext(rawReq.URL.Path)`
			`if len(ext) > 0 {`
			`_, ok := commonFileExtensionsMap[strings.ToLower(ext)]`
			`if ok {`
			`return`
			`}`
			`}`
			`}`
			`}`

WAF cc2尝试使用指纹统计方法 2023-03-08 16:59:44 +08:00			`var expiresAt = time.Now().Unix() + period`
WAF多个相同Key的cc2统计规则不再重复累加 2022-07-25 09:34:34 +08:00			`var ccKey = "WAF-CC-" + types.String(ruleId) + "-" + strings.Join(keyValues, "@")`
WAF cc2尝试使用指纹统计方法 2023-03-08 16:59:44 +08:00			`value = ccCache.IncreaseInt64(ccKey, 1, expiresAt, false)`

			`// 基于指纹统计`
			`if hasRemoteAddr {`
			`var fingerprint = req.WAFFingerprint()`
			`if len(fingerprint) > 0 {`
			`var fpKeyValues = []string{}`
			`for _, key := range keys {`
			`if key == "${remoteAddr}" \|\| key == "${rawRemoteAddr}" {`
			`fpKeyValues = append(fpKeyValues, fmt.Sprintf("%x", fingerprint))`
			`continue`
			`}`
			`fpKeyValues = append(fpKeyValues, req.Format(types.String(key)))`
			`}`
			`var fpCCKey = "WAF-CC-" + types.String(ruleId) + "-" + strings.Join(fpKeyValues, "@")`
			`var fpValue = ccCache.IncreaseInt64(fpCCKey, 1, expiresAt, false)`
			`if fpValue > value.(int64) {`
			`value = fpValue`
			`}`
			`}`
			`}`
实现新的CC 2021-07-19 10:49:56 +08:00
			`return`
			`}`

WAF多个相同Key的cc2统计规则不再重复累加 2022-07-25 09:34:34 +08:00			`func (this CC2Checkpoint) ResponseValue(req requests.Request, resp requests.Response, param string, options maps.Map, ruleId int64) (value interface{}, hasRequestBody bool, sysErr error, userErr error) {`
			`if this.IsRequest() {`
			`return this.RequestValue(req, param, options, ruleId)`
			`}`

实现新的CC 2021-07-19 10:49:56 +08:00			`return`
			`}`