WAF允许动作默认跳过所有规则

2025-12-26 15:06:36 +08:00 · 2024-01-20 20:54:41 +08:00
parent 7d11b3c63b
commit 095c381ae5
22 changed files with 558 additions and 161 deletions
--- a/internal/waf/rule_set_test.go
+++ b/internal/waf/rule_set_test.go
@@ -6,6 +6,7 @@ import (
 	"github.com/TeaOSLab/EdgeNode/internal/waf/requests"
 	"github.com/cespare/xxhash"
 	"github.com/iwind/TeaGo/assert"
+	"github.com/iwind/TeaGo/maps"
 	"net/http"
 	"regexp"
 	"runtime"
@@ -74,6 +75,52 @@ func TestRuleSet_MatchRequest2(t *testing.T) {
 	a.IsTrue(set.MatchRequest(req))
 }

+func TestRuleSet_MatchRequest_Allow(t *testing.T) {
+	var a = assert.NewAssertion(t)
+
+	var set = waf.NewRuleSet()
+	set.Connector = waf.RuleConnectorOr
+
+	set.Rules = []*waf.Rule{
+		{
+			Param:    "${requestPath}",
+			Operator: waf.RuleOperatorMatch,
+			Value:    "hello",
+		},
+	}
+
+	set.Actions = []*waf.ActionConfig{
+		{
+			Code: "allow",
+			Options: maps.Map{
+				"scope": waf.AllowScopeGroup,
+			},
+		},
+	}
+
+	var wafInstance = waf.NewWAF()
+
+	err := set.Init(wafInstance)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	rawReq, err := http.NewRequest(http.MethodGet, "http://teaos.cn/hello?name=lu&age=20", nil)
+	if err != nil {
+		t.Fatal(err)
+	}
+	var req = requests.NewTestRequest(rawReq)
+	b, _, err := set.MatchRequest(req)
+	if err != nil {
+		t.Fatal(err)
+	}
+	a.IsTrue(b)
+
+	var result = set.PerformActions(wafInstance, &waf.RuleGroup{}, req, nil)
+	a.IsTrue(result.IsAllowed)
+	t.Log("scope:", result.AllowScope)
+}
+
 func BenchmarkRuleSet_MatchRequest(b *testing.B) {
 	runtime.GOMAXPROCS(1)