WAF增加“在IP列表内”操作符/优化部分操作符代号

2025-11-03 06:40:25 +08:00 · 2023-01-08 10:15:46 +08:00
parent 8e68da7725
commit a2e6aaaa18
4 changed files with 14 additions and 38 deletions
--- a/internal/waf/rule.go
+++ b/internal/waf/rule.go
@@ -50,6 +50,7 @@ type Rule struct {

 	ipRangeListValue *values.IPRangeList
 	stringValues     []string
+	ipList           *values.StringList

 	floatValue float64
 	reg        *re.Regexp
@@ -122,6 +123,8 @@ func (this *Rule) Init() error {
 		if !this.isIP {
 			return errors.New("value should be a valid ip")
 		}
+	case RuleOperatorInIPList:
+		this.ipList = values.ParseStringList(this.Value, true)
 	case RuleOperatorIPRange, RuleOperatorNotIPRange:
 		this.ipRangeListValue = values.ParseIPRangeList(this.Value)
 	}
@@ -584,12 +587,12 @@ func (this *Rule) Test(value interface{}) bool {
 	case RuleOperatorNotIPRange:
 		return !this.containsIP(value)
 	case RuleOperatorIPMod:
-		pieces := strings.SplitN(this.Value, ",", 2)
+		var pieces = strings.SplitN(this.Value, ",", 2)
 		if len(pieces) == 1 {
-			rem := types.Int64(pieces[0])
+			var rem = types.Int64(pieces[0])
 			return this.ipToInt64(net.ParseIP(types.String(value)))%10 == rem
 		}
-		div := types.Int64(pieces[0])
+		var div = types.Int64(pieces[0])
 		if div == 0 {
 			return false
 		}
@@ -599,6 +602,11 @@ func (this *Rule) Test(value interface{}) bool {
 		return this.ipToInt64(net.ParseIP(types.String(value)))%10 == types.Int64(this.Value)
 	case RuleOperatorIPMod100:
 		return this.ipToInt64(net.ParseIP(types.String(value)))%100 == types.Int64(this.Value)
+	case RuleOperatorInIPList:
+		if this.ipList != nil {
+			return this.ipList.Contains(types.String(value))
+		}
+		return false
 	}
 	return false
 }
--- a/internal/waf/rule_operator.go
+++ b/internal/waf/rule_operator.go
@@ -18,8 +18,9 @@ const (
 	RuleOperatorNotContains  RuleOperator = "not contains"
 	RuleOperatorPrefix       RuleOperator = "prefix"
 	RuleOperatorSuffix       RuleOperator = "suffix"
-	RuleOperatorContainsAny  RuleOperator = "containsAny"
-	RuleOperatorContainsAll  RuleOperator = "containsAll"
+	RuleOperatorContainsAny  RuleOperator = "contains any"
+	RuleOperatorContainsAll  RuleOperator = "contains all"
+	RuleOperatorInIPList     RuleOperator = "in ip list"
 	RuleOperatorHasKey       RuleOperator = "has key" // has key in slice or map
 	RuleOperatorVersionGt    RuleOperator = "version gt"
 	RuleOperatorVersionLt    RuleOperator = "version lt"
--- a/internal/waf/values/ip_list.go
+++ b/internal/waf/values/ip_list.go
@@ -1,7 +0,0 @@
-// Copyright 2022 Liuxiangchao iwind.liu@gmail.com. All rights reserved. Official site: https://goedge.cn .
-
-package values
-
-func ParseIPList(v string) *StringList {
-	return ParseStringList(v, false)
-}
--- a/internal/waf/values/ip_list_test.go
+++ b/internal/waf/values/ip_list_test.go
@@ -1,26 +0,0 @@
-// Copyright 2022 Liuxiangchao iwind.liu@gmail.com. All rights reserved. Official site: https://goedge.cn .
-
-package values_test
-
-import (
-	"github.com/TeaOSLab/EdgeNode/internal/waf/values"
-	"github.com/iwind/TeaGo/assert"
-	"testing"
-)
-
-func TestParseIPList(t *testing.T) {
-	var a = assert.NewAssertion(t)
-
-	{
-		var list = values.ParseIPList("")
-		a.IsFalse(list.Contains("192.168.1.100"))
-	}
-
-	{
-		var list = values.ParseIPList(`
-192.168.1.1
-192.168.1.101`)
-		a.IsFalse(list.Contains("192.168.1.100"))
-		a.IsTrue(list.Contains("192.168.1.101"))
-	}
-}