TRKJ/EdgeNode
2
0
Fork 0
mirror of https://github.com/TeaOSLab/EdgeNode.git synced 2025-12-26 06:56:35 +08:00
Code Issues Packages Projects Releases Wiki Activity

WAF操作符增加“包含XSS注入-严格模式”

Browse Source
This commit is contained in:
GoEdgeLab
2024-01-04 14:54:17 +08:00
parent e7fb706d8a
commit 84e9068381
8 changed files with 99 additions and 48 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
internal/waf/rule.go
View File

@@ -600,27 +600,28 @@ func (this *Rule) Test(value any) bool {
default:
return injectionutils.DetectSQLInjectionCache(this.stringifyValue(value), this.cacheLife)
}
case RuleOperatorContainsXSS:
case RuleOperatorContainsXSS, RuleOperatorContainsXSSStrictly:
if value == nil {
return false
}
var isStrict = this.Operator == RuleOperatorContainsXSSStrictly
switch xValue := value.(type) {
case []string:
for _, v := range xValue {
if injectionutils.DetectXSSCache(v, this.cacheLife) {
if injectionutils.DetectXSSCache(v, isStrict, this.cacheLife) {
return true
}
}
return false
case [][]byte:
for _, v := range xValue {
if injectionutils.DetectXSSCache(string(v), this.cacheLife) {
if injectionutils.DetectXSSCache(string(v), isStrict, this.cacheLife) {
return true
}
}
return false
default:
return injectionutils.DetectXSSCache(this.stringifyValue(value), this.cacheLife)
return injectionutils.DetectXSSCache(this.stringifyValue(value), isStrict, this.cacheLife)
}
case RuleOperatorContainsBinary:
data, _ := base64.StdEncoding.DecodeString(this.stringifyValue(this.Value))