TRKJ/EdgeNode
2
0
Fork 0
mirror of https://github.com/TeaOSLab/EdgeNode.git synced 2025-11-10 04:20:27 +08:00
Code Issues Packages Projects Releases Wiki Activity

WAF SQL注入检测时支持 (http|https):// 开头的URL

Browse Source
This commit is contained in:
刘祥超
2023-12-07 20:38:06 +08:00
parent cc10372fe1
commit 50c6c60abf
2 changed files with 2 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
internal/waf/injectionutils/utils.go
View File

@@ -27,7 +27,7 @@ func DetectSQLInjection(input string) bool {
} }
// 兼容 /PATH?URI // 兼容 /PATH?URI
if input[0] == '/' { if input[0] == '/' || strings.HasPrefix(input, "http://") || strings.HasPrefix(input, "https://") {
var argsIndex = strings.Index(input, "?") var argsIndex = strings.Index(input, "?")
if argsIndex > 0 { if argsIndex > 0 {
var args = input[argsIndex+1:] var args = input[argsIndex+1:]

1
internal/waf/injectionutils/utils_test.go
View File

@@ -21,6 +21,7 @@ func TestDetectSQLInjection(t *testing.T) {
a.IsFalse(injectionutils.DetectSQLInjection("/hello?age=22")) a.IsFalse(injectionutils.DetectSQLInjection("/hello?age=22"))
a.IsTrue(injectionutils.DetectSQLInjection("/sql/injection?id=123 or 1=1")) a.IsTrue(injectionutils.DetectSQLInjection("/sql/injection?id=123 or 1=1"))
a.IsTrue(injectionutils.DetectSQLInjection("/sql/injection?id=123%20or%201=1")) a.IsTrue(injectionutils.DetectSQLInjection("/sql/injection?id=123%20or%201=1"))
a.IsTrue(injectionutils.DetectSQLInjection("https://example.com/sql/injection?id=123%20or%201=1"))
} }
func BenchmarkDetectSQLInjection(b *testing.B) { func BenchmarkDetectSQLInjection(b *testing.B) {