From a2e6aaaa189dbcc54f54b1fc45e8b883108c377b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E5=88=98=E7=A5=A5=E8=B6=85?= Date: Sun, 8 Jan 2023 10:15:46 +0800 Subject: [PATCH] =?UTF-8?q?WAF=E5=A2=9E=E5=8A=A0=E2=80=9C=E5=9C=A8IP?= =?UTF-8?q?=E5=88=97=E8=A1=A8=E5=86=85=E2=80=9D=E6=93=8D=E4=BD=9C=E7=AC=A6?= =?UTF-8?q?/=E4=BC=98=E5=8C=96=E9=83=A8=E5=88=86=E6=93=8D=E4=BD=9C?= =?UTF-8?q?=E7=AC=A6=E4=BB=A3=E5=8F=B7?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- internal/waf/rule.go | 14 +++++++++++--- internal/waf/rule_operator.go | 5 +++-- internal/waf/values/ip_list.go | 7 ------- internal/waf/values/ip_list_test.go | 26 -------------------------- 4 files changed, 14 insertions(+), 38 deletions(-) delete mode 100644 internal/waf/values/ip_list.go delete mode 100644 internal/waf/values/ip_list_test.go diff --git a/internal/waf/rule.go b/internal/waf/rule.go index de3a60b..3a6c431 100644 --- a/internal/waf/rule.go +++ b/internal/waf/rule.go @@ -50,6 +50,7 @@ type Rule struct { ipRangeListValue *values.IPRangeList stringValues []string + ipList *values.StringList floatValue float64 reg *re.Regexp @@ -122,6 +123,8 @@ func (this *Rule) Init() error { if !this.isIP { return errors.New("value should be a valid ip") } + case RuleOperatorInIPList: + this.ipList = values.ParseStringList(this.Value, true) case RuleOperatorIPRange, RuleOperatorNotIPRange: this.ipRangeListValue = values.ParseIPRangeList(this.Value) } @@ -584,12 +587,12 @@ func (this *Rule) Test(value interface{}) bool { case RuleOperatorNotIPRange: return !this.containsIP(value) case RuleOperatorIPMod: - pieces := strings.SplitN(this.Value, ",", 2) + var pieces = strings.SplitN(this.Value, ",", 2) if len(pieces) == 1 { - rem := types.Int64(pieces[0]) + var rem = types.Int64(pieces[0]) return this.ipToInt64(net.ParseIP(types.String(value)))%10 == rem } - div := types.Int64(pieces[0]) + var div = types.Int64(pieces[0]) if div == 0 { return false } @@ -599,6 +602,11 @@ func (this *Rule) Test(value interface{}) bool { return this.ipToInt64(net.ParseIP(types.String(value)))%10 == types.Int64(this.Value) case RuleOperatorIPMod100: return this.ipToInt64(net.ParseIP(types.String(value)))%100 == types.Int64(this.Value) + case RuleOperatorInIPList: + if this.ipList != nil { + return this.ipList.Contains(types.String(value)) + } + return false } return false } diff --git a/internal/waf/rule_operator.go b/internal/waf/rule_operator.go index 2576541..4352424 100644 --- a/internal/waf/rule_operator.go +++ b/internal/waf/rule_operator.go @@ -18,8 +18,9 @@ const ( RuleOperatorNotContains RuleOperator = "not contains" RuleOperatorPrefix RuleOperator = "prefix" RuleOperatorSuffix RuleOperator = "suffix" - RuleOperatorContainsAny RuleOperator = "containsAny" - RuleOperatorContainsAll RuleOperator = "containsAll" + RuleOperatorContainsAny RuleOperator = "contains any" + RuleOperatorContainsAll RuleOperator = "contains all" + RuleOperatorInIPList RuleOperator = "in ip list" RuleOperatorHasKey RuleOperator = "has key" // has key in slice or map RuleOperatorVersionGt RuleOperator = "version gt" RuleOperatorVersionLt RuleOperator = "version lt" diff --git a/internal/waf/values/ip_list.go b/internal/waf/values/ip_list.go deleted file mode 100644 index 16148fb..0000000 --- a/internal/waf/values/ip_list.go +++ /dev/null @@ -1,7 +0,0 @@ -// Copyright 2022 Liuxiangchao iwind.liu@gmail.com. All rights reserved. Official site: https://goedge.cn . - -package values - -func ParseIPList(v string) *StringList { - return ParseStringList(v, false) -} diff --git a/internal/waf/values/ip_list_test.go b/internal/waf/values/ip_list_test.go deleted file mode 100644 index 1937fb9..0000000 --- a/internal/waf/values/ip_list_test.go +++ /dev/null @@ -1,26 +0,0 @@ -// Copyright 2022 Liuxiangchao iwind.liu@gmail.com. All rights reserved. Official site: https://goedge.cn . - -package values_test - -import ( - "github.com/TeaOSLab/EdgeNode/internal/waf/values" - "github.com/iwind/TeaGo/assert" - "testing" -) - -func TestParseIPList(t *testing.T) { - var a = assert.NewAssertion(t) - - { - var list = values.ParseIPList("") - a.IsFalse(list.Contains("192.168.1.100")) - } - - { - var list = values.ParseIPList(` -192.168.1.1 -192.168.1.101`) - a.IsFalse(list.Contains("192.168.1.100")) - a.IsTrue(list.Contains("192.168.1.101")) - } -}