mirror of
https://github.com/TeaOSLab/EdgeNode.git
synced 2025-11-16 01:50:26 +08:00
WAF操作符增加“包含XSS注入-严格模式”
This commit is contained in:
GoEdgeLab
@@ -12,18 +12,18 @@ import (
|
||||
|
||||
func TestDetectXSS(t *testing.T) {
|
||||
var a = assert.NewAssertion(t)
|
||||
a.IsFalse(injectionutils.DetectXSS(""))
|
||||
a.IsFalse(injectionutils.DetectXSS("abc"))
|
||||
a.IsTrue(injectionutils.DetectXSS("<script>"))
|
||||
a.IsTrue(injectionutils.DetectXSS("<link>"))
|
||||
a.IsFalse(injectionutils.DetectXSS("<html><span>"))
|
||||
a.IsFalse(injectionutils.DetectXSS("<script>"))
|
||||
a.IsTrue(injectionutils.DetectXSS("/path?onmousedown=a"))
|
||||
a.IsTrue(injectionutils.DetectXSS("/path?onkeyup=a"))
|
||||
a.IsTrue(injectionutils.DetectXSS("onkeyup=a"))
|
||||
a.IsTrue(injectionutils.DetectXSS("<iframe scrolling='no'>"))
|
||||
a.IsFalse(injectionutils.DetectXSS("<html><body><span>RequestId: 1234567890</span></body></html>"))
|
||||
a.IsTrue(injectionutils.DetectXSS("name=s&description=%3Cscript+src%3D%22a.js%22%3Edddd%3C%2Fscript%3E"))
|
||||
a.IsFalse(injectionutils.DetectXSS("", true))
|
||||
a.IsFalse(injectionutils.DetectXSS("abc", true))
|
||||
a.IsTrue(injectionutils.DetectXSS("<script>", true))
|
||||
a.IsTrue(injectionutils.DetectXSS("<link>", true))
|
||||
a.IsFalse(injectionutils.DetectXSS("<html><span>", true))
|
||||
a.IsFalse(injectionutils.DetectXSS("<script>", true))
|
||||
a.IsTrue(injectionutils.DetectXSS("/path?onmousedown=a", true))
|
||||
a.IsTrue(injectionutils.DetectXSS("/path?onkeyup=a", true))
|
||||
a.IsTrue(injectionutils.DetectXSS("onkeyup=a", true))
|
||||
a.IsTrue(injectionutils.DetectXSS("<iframe scrolling='no'>", true))
|
||||
a.IsFalse(injectionutils.DetectXSS("<html><body><span>RequestId: 1234567890</span></body></html>", true))
|
||||
a.IsTrue(injectionutils.DetectXSS("name=s&description=%3Cscript+src%3D%22a.js%22%3Edddd%3C%2Fscript%3E", true))
|
||||
a.IsFalse(injectionutils.DetectXSS(`<x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="XMP Core 6.0.0">
|
||||
<rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#">
|
||||
<rdf:Description rdf:about=""
|
||||
@@ -31,11 +31,21 @@ func TestDetectXSS(t *testing.T) {
|
||||
<tiff:Orientation>1</tiff:Orientation>
|
||||
</rdf:Description>
|
||||
</rdf:RDF>
|
||||
</x:xmpmeta>`)) // included in some photo files
|
||||
</x:xmpmeta>`, true)) // included in some photo files
|
||||
a.IsFalse(injectionutils.DetectXSS(`<xml>
|
||||
|
||||
</xml>`, true))
|
||||
}
|
||||
|
||||
func TestDetectXSS_Strict(t *testing.T) {
|
||||
var a = assert.NewAssertion(t)
|
||||
a.IsFalse(injectionutils.DetectXSS(`<xml>
|
||||
|
||||
</xml>`, false))
|
||||
}
|
||||
|
||||
func BenchmarkDetectXSS_MISS(b *testing.B) {
|
||||
var result = injectionutils.DetectXSS("<html><body><span>RequestId: 1234567890</span></body></html>")
|
||||
var result = injectionutils.DetectXSS("<html><body><span>RequestId: 1234567890</span></body></html>", false)
|
||||
if result {
|
||||
b.Fatal("'result' should not be 'true'")
|
||||
}
|
||||
@@ -44,13 +54,13 @@ func BenchmarkDetectXSS_MISS(b *testing.B) {
|
||||
|
||||
b.RunParallel(func(pb *testing.PB) {
|
||||
for pb.Next() {
|
||||
_ = injectionutils.DetectXSS("<html><body><span>RequestId: 1234567890</span></body></html>")
|
||||
_ = injectionutils.DetectXSS("<html><body><span>RequestId: 1234567890</span></body></html>", false)
|
||||
}
|
||||
})
|
||||
}
|
||||
|
||||
func BenchmarkDetectXSS_MISS_Cache(b *testing.B) {
|
||||
var result = injectionutils.DetectXSS("<html><body><span>RequestId: 1234567890</span></body></html>")
|
||||
var result = injectionutils.DetectXSS("<html><body><span>RequestId: 1234567890</span></body></html>", false)
|
||||
if result {
|
||||
b.Fatal("'result' should not be 'true'")
|
||||
}
|
||||
@@ -59,13 +69,13 @@ func BenchmarkDetectXSS_MISS_Cache(b *testing.B) {
|
||||
|
||||
b.RunParallel(func(pb *testing.PB) {
|
||||
for pb.Next() {
|
||||
_ = injectionutils.DetectXSSCache("<html><body><span>RequestId: 1234567890</span></body></html>", utils.CacheMiddleLife)
|
||||
_ = injectionutils.DetectXSSCache("<html><body><span>RequestId: 1234567890</span></body></html>", false, utils.CacheMiddleLife)
|
||||
}
|
||||
})
|
||||
}
|
||||
|
||||
func BenchmarkDetectXSS_HIT(b *testing.B) {
|
||||
var result = injectionutils.DetectXSS("<html><body><span>RequestId: 1234567890</span><script src=\"\"></script></body></html>")
|
||||
var result = injectionutils.DetectXSS("<html><body><span>RequestId: 1234567890</span><script src=\"\"></script></body></html>", false)
|
||||
if !result {
|
||||
b.Fatal("'result' should not be 'false'")
|
||||
}
|
||||
@@ -74,7 +84,7 @@ func BenchmarkDetectXSS_HIT(b *testing.B) {
|
||||
|
||||
b.RunParallel(func(pb *testing.PB) {
|
||||
for pb.Next() {
|
||||
_ = injectionutils.DetectXSS("<html><body><span>RequestId: 1234567890</span><script src=\"\"></script></body></html>")
|
||||
_ = injectionutils.DetectXSS("<html><body><span>RequestId: 1234567890</span><script src=\"\"></script></body></html>", false)
|
||||
}
|
||||
})
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user