WAF增加“包含XSS注入”操作符

2025-12-25 06:26:34 +08:00 · 2023-12-08 10:15:18 +08:00
parent 63a1af9f74
commit a070c375e5
7 changed files with 131 additions and 2 deletions
--- a/internal/waf/injectionutils/utils_sqli.go
+++ b/internal/waf/injectionutils/utils_sqli.go
@@ -0,0 +1,56 @@
+// Copyright 2023 GoEdge CDN goedge.cdn@gmail.com. All rights reserved. Official site: https://goedge.cn .
+
+package injectionutils
+
+/*
+#cgo CFLAGS: -I./libinjection/src
+
+#include <libinjection.h>
+#include <stdlib.h>
+*/
+import "C"
+import (
+	"net/url"
+	"strings"
+	"unsafe"
+)
+
+// DetectSQLInjection detect sql injection in string
+func DetectSQLInjection(input string) bool {
+	if len(input) == 0 {
+		return false
+	}
+
+	if detectSQLInjectionOne(input) {
+		return true
+	}
+
+	// 兼容 /PATH?URI
+	if (input[0] == '/' || strings.HasPrefix(input, "http://") || strings.HasPrefix(input, "https://")) && len(input) < 4096 {
+		var argsIndex = strings.Index(input, "?")
+		if argsIndex > 0 {
+			var args = input[argsIndex+1:]
+			unescapeArgs, err := url.QueryUnescape(args)
+			if err == nil && args != unescapeArgs {
+				return detectSQLInjectionOne(args) || detectSQLInjectionOne(unescapeArgs)
+			} else {
+				return detectSQLInjectionOne(args)
+			}
+		}
+	}
+
+	return false
+}
+
+func detectSQLInjectionOne(input string) bool {
+	if len(input) == 0 {
+		return false
+	}
+
+	var fingerprint [8]C.char
+	var fingerprintPtr = (*C.char)(unsafe.Pointer(&fingerprint[0]))
+	var cInput = C.CString(input)
+	defer C.free(unsafe.Pointer(cInput))
+
+	return C.libinjection_sqli(cInput, C.size_t(len(input)), fingerprintPtr) == 1
+}