EdgeNode/internal/waf/rule_group.go

package waf

import (
	"fmt"

	"github.com/TeaOSLab/EdgeNode/internal/waf/requests"
)

// rule group
type RuleGroup struct {
	Id          int64      `yaml:"id" json:"id"`
	IsOn        bool       `yaml:"isOn" json:"isOn"`
	Name        string     `yaml:"name" json:"name"` // such as SQL Injection
	Description string     `yaml:"description" json:"description"`
	Code        string     `yaml:"code" json:"code"` // identify the group
	RuleSets    []*RuleSet `yaml:"ruleSets" json:"ruleSets"`
	IsInbound   bool       `yaml:"isInbound" json:"isInbound"`

	hasRuleSets bool
}

func NewRuleGroup() *RuleGroup {
	return &RuleGroup{
		IsOn: true,
	}
}

func (this *RuleGroup) Init(waf *WAF) error {
	this.hasRuleSets = len(this.RuleSets) > 0

	if this.hasRuleSets {
		for _, set := range this.RuleSets {
			err := set.Init(waf)
			if err != nil {
				return fmt.Errorf("init set '%d' failed: %w", set.Id, err)
			}
		}
	}
	return nil
}

func (this *RuleGroup) AddRuleSet(ruleSet *RuleSet) {
	this.RuleSets = append(this.RuleSets, ruleSet)
}

func (this *RuleGroup) FindRuleSet(id int64) *RuleSet {
	for _, ruleSet := range this.RuleSets {
		if ruleSet.Id == id {
			return ruleSet
		}
	}
	return nil
}

func (this *RuleGroup) FindRuleSetWithCode(code string) *RuleSet {
	if len(code) == 0 {
		return nil
	}
	for _, ruleSet := range this.RuleSets {
		if ruleSet.Code == code {
			return ruleSet
		}
	}
	return nil
}

func (this *RuleGroup) RemoveRuleSet(id int64) {
	result := []*RuleSet{}
	for _, ruleSet := range this.RuleSets {
		if ruleSet.Id == id {
			continue
		}
		result = append(result, ruleSet)
	}
	this.RuleSets = result
}

func (this *RuleGroup) MatchRequest(req requests.Request) (b bool, hasRequestBody bool, resultSet *RuleSet, err error) {
	if !this.hasRuleSets {
		return
	}
	for _, set := range this.RuleSets {
		if !set.IsOn {
			continue
		}
		b, hasRequestBody, err = set.MatchRequest(req)
		if err != nil {
			return false, hasRequestBody, nil, err
		}
		if b {
			return true, hasRequestBody, set, nil
		}
	}
	return
}

func (this *RuleGroup) MatchResponse(req requests.Request, resp *requests.Response) (b bool, hasRequestBody bool, resultSet *RuleSet, err error) {
	if !this.hasRuleSets {
		return
	}
	for _, set := range this.RuleSets {
		if !set.IsOn {
			continue
		}
		b, hasRequestBody, err = set.MatchResponse(req, resp)
		if err != nil {
			return false, hasRequestBody, nil, err
		}
		if b {
			return true, hasRequestBody, set, nil
		}
	}
	return
}

func (this *RuleGroup) MoveRuleSet(fromIndex int, toIndex int) {
	if fromIndex < 0 || fromIndex >= len(this.RuleSets) {
		return
	}
	if toIndex < 0 || toIndex >= len(this.RuleSets) {
		return
	}
	if fromIndex == toIndex {
		return
	}

	location := this.RuleSets[fromIndex]
	result := []*RuleSet{}
	for i := 0; i < len(this.RuleSets); i++ {
		if i == fromIndex {
			continue
		}
		if fromIndex > toIndex && i == toIndex {
			result = append(result, location)
		}
		result = append(result, this.RuleSets[i])
		if fromIndex < toIndex && i == toIndex {
			result = append(result, location)
		}
	}

	this.RuleSets = result
}
实现WAF 2020-10-08 15:06:42 +08:00			`package waf`

			`import (`
优化错误处理相关代码 2023-08-11 14:38:00 +08:00			`"fmt"`
v1.4.1 2024-07-27 15:42:50 +08:00
实现WAF 2020-10-08 15:06:42 +08:00			`"github.com/TeaOSLab/EdgeNode/internal/waf/requests"`
			`)`

			`// rule group`
			`type RuleGroup struct {`
IP名单中IP创建时保存相关节点、服务、WAF策略信息 2021-11-16 16:11:05 +08:00			Id int64 `yaml:"id" json:"id"`
实现WAF 2020-10-08 15:06:42 +08:00			IsOn bool `yaml:"isOn" json:"isOn"`
			Name string `yaml:"name" json:"name"` // such as SQL Injection
			Description string `yaml:"description" json:"description"`
			Code string `yaml:"code" json:"code"` // identify the group
			RuleSets []*RuleSet `yaml:"ruleSets" json:"ruleSets"`
			IsInbound bool `yaml:"isInbound" json:"isInbound"`

			`hasRuleSets bool`
			`}`

			`func NewRuleGroup() *RuleGroup {`
			`return &RuleGroup{`
			`IsOn: true,`
			`}`
			`}`

WAF增加多个动作 2021-07-18 15:51:49 +08:00			`func (this RuleGroup) Init(waf WAF) error {`
实现WAF 2020-10-08 15:06:42 +08:00			`this.hasRuleSets = len(this.RuleSets) > 0`

			`if this.hasRuleSets {`
			`for _, set := range this.RuleSets {`
WAF增加多个动作 2021-07-18 15:51:49 +08:00			`err := set.Init(waf)`
实现WAF 2020-10-08 15:06:42 +08:00			`if err != nil {`
优化错误处理相关代码 2023-08-11 14:38:00 +08:00			`return fmt.Errorf("init set '%d' failed: %w", set.Id, err)`
实现WAF 2020-10-08 15:06:42 +08:00			`}`
			`}`
			`}`
			`return nil`
			`}`

			`func (this RuleGroup) AddRuleSet(ruleSet RuleSet) {`
			`this.RuleSets = append(this.RuleSets, ruleSet)`
			`}`

IP名单中IP创建时保存相关节点、服务、WAF策略信息 2021-11-16 16:11:05 +08:00			`func (this RuleGroup) FindRuleSet(id int64) RuleSet {`
实现WAF 2020-10-08 15:06:42 +08:00			`for _, ruleSet := range this.RuleSets {`
			`if ruleSet.Id == id {`
			`return ruleSet`
			`}`
			`}`
			`return nil`
			`}`

			`func (this RuleGroup) FindRuleSetWithCode(code string) RuleSet {`
			`if len(code) == 0 {`
			`return nil`
			`}`
			`for _, ruleSet := range this.RuleSets {`
			`if ruleSet.Code == code {`
			`return ruleSet`
			`}`
			`}`
			`return nil`
			`}`

IP名单中IP创建时保存相关节点、服务、WAF策略信息 2021-11-16 16:11:05 +08:00			`func (this *RuleGroup) RemoveRuleSet(id int64) {`
实现WAF 2020-10-08 15:06:42 +08:00			`result := []*RuleSet{}`
			`for _, ruleSet := range this.RuleSets {`
			`if ruleSet.Id == id {`
			`continue`
			`}`
			`result = append(result, ruleSet)`
			`}`
			`this.RuleSets = result`
			`}`

WAF人机识别实现点击验证和滑动解锁验证/单个网站可以设置默认的人机识别方式 2023-11-15 15:10:25 +08:00			`func (this RuleGroup) MatchRequest(req requests.Request) (b bool, hasRequestBody bool, resultSet RuleSet, err error) {`
实现WAF 2020-10-08 15:06:42 +08:00			`if !this.hasRuleSets {`
			`return`
			`}`
			`for _, set := range this.RuleSets {`
			`if !set.IsOn {`
			`continue`
			`}`
WAF策略增加记录请求Body选项 2022-07-16 17:05:37 +08:00			`b, hasRequestBody, err = set.MatchRequest(req)`
实现WAF 2020-10-08 15:06:42 +08:00			`if err != nil {`
WAF策略增加记录请求Body选项 2022-07-16 17:05:37 +08:00			`return false, hasRequestBody, nil, err`
实现WAF 2020-10-08 15:06:42 +08:00			`}`
			`if b {`
WAF策略增加记录请求Body选项 2022-07-16 17:05:37 +08:00			`return true, hasRequestBody, set, nil`
实现WAF 2020-10-08 15:06:42 +08:00			`}`
			`}`
			`return`
			`}`

WAF人机识别实现点击验证和滑动解锁验证/单个网站可以设置默认的人机识别方式 2023-11-15 15:10:25 +08:00			`func (this RuleGroup) MatchResponse(req requests.Request, resp requests.Response) (b bool, hasRequestBody bool, resultSet *RuleSet, err error) {`
实现WAF 2020-10-08 15:06:42 +08:00			`if !this.hasRuleSets {`
			`return`
			`}`
			`for _, set := range this.RuleSets {`
			`if !set.IsOn {`
			`continue`
			`}`
WAF策略增加记录请求Body选项 2022-07-16 17:05:37 +08:00			`b, hasRequestBody, err = set.MatchResponse(req, resp)`
实现WAF 2020-10-08 15:06:42 +08:00			`if err != nil {`
WAF策略增加记录请求Body选项 2022-07-16 17:05:37 +08:00			`return false, hasRequestBody, nil, err`
实现WAF 2020-10-08 15:06:42 +08:00			`}`
			`if b {`
WAF策略增加记录请求Body选项 2022-07-16 17:05:37 +08:00			`return true, hasRequestBody, set, nil`
实现WAF 2020-10-08 15:06:42 +08:00			`}`
			`}`
			`return`
			`}`

			`func (this *RuleGroup) MoveRuleSet(fromIndex int, toIndex int) {`
			`if fromIndex < 0 \|\| fromIndex >= len(this.RuleSets) {`
			`return`
			`}`
			`if toIndex < 0 \|\| toIndex >= len(this.RuleSets) {`
			`return`
			`}`
			`if fromIndex == toIndex {`
			`return`
			`}`

			`location := this.RuleSets[fromIndex]`
			`result := []*RuleSet{}`
			`for i := 0; i < len(this.RuleSets); i++ {`
			`if i == fromIndex {`
			`continue`
			`}`
			`if fromIndex > toIndex && i == toIndex {`
			`result = append(result, location)`
			`}`
			`result = append(result, this.RuleSets[i])`
			`if fromIndex < toIndex && i == toIndex {`
			`result = append(result, location)`
			`}`
			`}`

			`this.RuleSets = result`
			`}`