WAF SQL注入和XSS检测增加缓存/优化部分WAF相关测试用例

2025-12-10 12:00:28 +08:00 · 2023-12-09 11:46:50 +08:00
parent 86ab242f68
commit 5a7247b8be
12 changed files with 325 additions and 567 deletions
--- a/internal/waf/injectionutils/utils_sqli.go
+++ b/internal/waf/injectionutils/utils_sqli.go
@@ -10,11 +10,43 @@ package injectionutils
 */
 import "C"
 import (
+	"github.com/TeaOSLab/EdgeNode/internal/utils/fasttime"
+	"github.com/TeaOSLab/EdgeNode/internal/waf/utils"
+	"github.com/cespare/xxhash/v2"
 	"net/url"
+	"strconv"
 	"strings"
 	"unsafe"
 )

+// DetectSQLInjectionCache detect sql injection in string with cache
+func DetectSQLInjectionCache(input string, cacheLife utils.CacheLife) bool {
+	var l = len(input)
+
+	if l == 0 {
+		return false
+	}
+
+	if cacheLife <= 0 || l < 128 || l > utils.MaxCacheDataSize {
+		return DetectSQLInjection(input)
+	}
+
+	var hash = xxhash.Sum64String(input)
+	var key = "WAF@SQLI@" + strconv.FormatUint(hash, 10)
+	var item = utils.SharedCache.Read(key)
+	if item != nil {
+		return item.Value == 1
+	}
+
+	var result = DetectSQLInjection(input)
+	if result {
+		utils.SharedCache.Write(key, 1, fasttime.Now().Unix()+cacheLife)
+	} else {
+		utils.SharedCache.Write(key, 0, fasttime.Now().Unix()+cacheLife)
+	}
+	return result
+}
+
 // DetectSQLInjection detect sql injection in string
 func DetectSQLInjection(input string) bool {
 	if len(input) == 0 {
@@ -26,7 +58,7 @@ func DetectSQLInjection(input string) bool {
 	}

 	// 兼容 /PATH?URI
-	if (input[0] == '/' || strings.HasPrefix(input, "http://") || strings.HasPrefix(input, "https://")) && len(input) < 4096 {
+	if (input[0] == '/' || strings.HasPrefix(input, "http://") || strings.HasPrefix(input, "https://")) && len(input) < 1024 {
 		var argsIndex = strings.Index(input, "?")
 		if argsIndex > 0 {
 			var args = input[argsIndex+1:]