WAF增加通配符匹配/不匹配操作符

internal/waf/rule.go

@@ -127,6 +127,21 @@ func (this *Rule) Init() error {
 		this.ipList = values.ParseStringList(this.Value, true)
 	case RuleOperatorIPRange, RuleOperatorNotIPRange:
 		this.ipRangeListValue = values.ParseIPRangeList(this.Value)
+	case RuleOperatorWildcardMatch, RuleOperatorWildcardNotMatch:
+		var pieces = strings.Split(this.Value, "*")
+		for index, piece := range pieces {
+			pieces[index] = regexp.QuoteMeta(piece)
+		}
+		var pattern = strings.Join(pieces, "(.*)")
+		var expr = "^" + pattern + "$"
+		if this.IsCaseInsensitive {
+			expr = "(?i)" + expr
+		}
+		reg, err := re.Compile(expr)
+		if err != nil {
+			return err
+		}
+		this.reg = reg
 	}
 
 	if singleParamRegexp.MatchString(this.Param) {
@@ -369,7 +384,7 @@ func (this *Rule) Test(value interface{}) bool {
 		} else {
 			return types.String(value) != this.Value
 		}
-	case RuleOperatorMatch:
+	case RuleOperatorMatch, RuleOperatorWildcardMatch:
 		if value == nil {
 			return false
 		}
@@ -393,7 +408,7 @@ func (this *Rule) Test(value interface{}) bool {
 
 		// string
 		return utils.MatchStringCache(this.reg, types.String(value))
-	case RuleOperatorNotMatch:
+	case RuleOperatorNotMatch, RuleOperatorWildcardNotMatch:
 		if value == nil {
 			return true
 		}

internal/waf/rule_operator.go

@@ -4,27 +4,29 @@ type RuleOperator = string
 type RuleCaseInsensitive = string
 
 const (
-	RuleOperatorGt           RuleOperator = "gt"
+	RuleOperatorGt               RuleOperator = "gt"
-	RuleOperatorGte          RuleOperator = "gte"
+	RuleOperatorGte              RuleOperator = "gte"
-	RuleOperatorLt           RuleOperator = "lt"
+	RuleOperatorLt               RuleOperator = "lt"
-	RuleOperatorLte          RuleOperator = "lte"
+	RuleOperatorLte              RuleOperator = "lte"
-	RuleOperatorEq           RuleOperator = "eq"
+	RuleOperatorEq               RuleOperator = "eq"
-	RuleOperatorNeq          RuleOperator = "neq"
+	RuleOperatorNeq              RuleOperator = "neq"
-	RuleOperatorEqString     RuleOperator = "eq string"
+	RuleOperatorEqString         RuleOperator = "eq string"
-	RuleOperatorNeqString    RuleOperator = "neq string"
+	RuleOperatorNeqString        RuleOperator = "neq string"
-	RuleOperatorMatch        RuleOperator = "match"
+	RuleOperatorMatch            RuleOperator = "match"
-	RuleOperatorNotMatch     RuleOperator = "not match"
+	RuleOperatorNotMatch         RuleOperator = "not match"
-	RuleOperatorContains     RuleOperator = "contains"
+	RuleOperatorWildcardMatch    RuleOperator = "wildcard match"
-	RuleOperatorNotContains  RuleOperator = "not contains"
+	RuleOperatorWildcardNotMatch RuleOperator = "wildcard not match"
-	RuleOperatorPrefix       RuleOperator = "prefix"
+	RuleOperatorContains         RuleOperator = "contains"
-	RuleOperatorSuffix       RuleOperator = "suffix"
+	RuleOperatorNotContains      RuleOperator = "not contains"
-	RuleOperatorContainsAny  RuleOperator = "contains any"
+	RuleOperatorPrefix           RuleOperator = "prefix"
-	RuleOperatorContainsAll  RuleOperator = "contains all"
+	RuleOperatorSuffix           RuleOperator = "suffix"
-	RuleOperatorInIPList     RuleOperator = "in ip list"
+	RuleOperatorContainsAny      RuleOperator = "contains any"
-	RuleOperatorHasKey       RuleOperator = "has key" // has key in slice or map
+	RuleOperatorContainsAll      RuleOperator = "contains all"
-	RuleOperatorVersionGt    RuleOperator = "version gt"
+	RuleOperatorInIPList         RuleOperator = "in ip list"
-	RuleOperatorVersionLt    RuleOperator = "version lt"
+	RuleOperatorHasKey           RuleOperator = "has key" // has key in slice or map
-	RuleOperatorVersionRange RuleOperator = "version range"
+	RuleOperatorVersionGt        RuleOperator = "version gt"
+	RuleOperatorVersionLt        RuleOperator = "version lt"
+	RuleOperatorVersionRange     RuleOperator = "version range"
 
 	RuleOperatorContainsBinary    RuleOperator = "contains binary"     // contains binary
 	RuleOperatorNotContainsBinary RuleOperator = "not contains binary" // not contains binary