From c42f064edc8d03d36614c4a5f528d93a75ebf58d Mon Sep 17 00:00:00 2001
From: GoEdgeLab <goedgecloud@gmail.com>
Date: Sun, 13 Aug 2023 10:37:58 +0800
Subject: [PATCH] =?UTF-8?q?WAF=E5=A2=9E=E5=8A=A0=E9=80=9A=E9=85=8D?=
 =?UTF-8?q?=E7=AC=A6=E5=8C=B9=E9=85=8D/=E4=B8=8D=E5=8C=B9=E9=85=8D?=
 =?UTF-8?q?=E6=93=8D=E4=BD=9C=E7=AC=A6?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 internal/waf/rule.go          | 19 +++++++++++++--
 internal/waf/rule_operator.go | 44 ++++++++++++++++++-----------------
 2 files changed, 40 insertions(+), 23 deletions(-)

diff --git a/internal/waf/rule.go b/internal/waf/rule.go
index 6bed948..b331249 100644
--- a/internal/waf/rule.go
+++ b/internal/waf/rule.go
@@ -127,6 +127,21 @@ func (this *Rule) Init() error {
 		this.ipList = values.ParseStringList(this.Value, true)
 	case RuleOperatorIPRange, RuleOperatorNotIPRange:
 		this.ipRangeListValue = values.ParseIPRangeList(this.Value)
+	case RuleOperatorWildcardMatch, RuleOperatorWildcardNotMatch:
+		var pieces = strings.Split(this.Value, "*")
+		for index, piece := range pieces {
+			pieces[index] = regexp.QuoteMeta(piece)
+		}
+		var pattern = strings.Join(pieces, "(.*)")
+		var expr = "^" + pattern + "$"
+		if this.IsCaseInsensitive {
+			expr = "(?i)" + expr
+		}
+		reg, err := re.Compile(expr)
+		if err != nil {
+			return err
+		}
+		this.reg = reg
 	}
 
 	if singleParamRegexp.MatchString(this.Param) {
@@ -369,7 +384,7 @@ func (this *Rule) Test(value interface{}) bool {
 		} else {
 			return types.String(value) != this.Value
 		}
-	case RuleOperatorMatch:
+	case RuleOperatorMatch, RuleOperatorWildcardMatch:
 		if value == nil {
 			return false
 		}
@@ -393,7 +408,7 @@ func (this *Rule) Test(value interface{}) bool {
 
 		// string
 		return utils.MatchStringCache(this.reg, types.String(value))
-	case RuleOperatorNotMatch:
+	case RuleOperatorNotMatch, RuleOperatorWildcardNotMatch:
 		if value == nil {
 			return true
 		}
diff --git a/internal/waf/rule_operator.go b/internal/waf/rule_operator.go
index 4352424..36afc30 100644
--- a/internal/waf/rule_operator.go
+++ b/internal/waf/rule_operator.go
@@ -4,27 +4,29 @@ type RuleOperator = string
 type RuleCaseInsensitive = string
 
 const (
-	RuleOperatorGt           RuleOperator = "gt"
-	RuleOperatorGte          RuleOperator = "gte"
-	RuleOperatorLt           RuleOperator = "lt"
-	RuleOperatorLte          RuleOperator = "lte"
-	RuleOperatorEq           RuleOperator = "eq"
-	RuleOperatorNeq          RuleOperator = "neq"
-	RuleOperatorEqString     RuleOperator = "eq string"
-	RuleOperatorNeqString    RuleOperator = "neq string"
-	RuleOperatorMatch        RuleOperator = "match"
-	RuleOperatorNotMatch     RuleOperator = "not match"
-	RuleOperatorContains     RuleOperator = "contains"
-	RuleOperatorNotContains  RuleOperator = "not contains"
-	RuleOperatorPrefix       RuleOperator = "prefix"
-	RuleOperatorSuffix       RuleOperator = "suffix"
-	RuleOperatorContainsAny  RuleOperator = "contains any"
-	RuleOperatorContainsAll  RuleOperator = "contains all"
-	RuleOperatorInIPList     RuleOperator = "in ip list"
-	RuleOperatorHasKey       RuleOperator = "has key" // has key in slice or map
-	RuleOperatorVersionGt    RuleOperator = "version gt"
-	RuleOperatorVersionLt    RuleOperator = "version lt"
-	RuleOperatorVersionRange RuleOperator = "version range"
+	RuleOperatorGt               RuleOperator = "gt"
+	RuleOperatorGte              RuleOperator = "gte"
+	RuleOperatorLt               RuleOperator = "lt"
+	RuleOperatorLte              RuleOperator = "lte"
+	RuleOperatorEq               RuleOperator = "eq"
+	RuleOperatorNeq              RuleOperator = "neq"
+	RuleOperatorEqString         RuleOperator = "eq string"
+	RuleOperatorNeqString        RuleOperator = "neq string"
+	RuleOperatorMatch            RuleOperator = "match"
+	RuleOperatorNotMatch         RuleOperator = "not match"
+	RuleOperatorWildcardMatch    RuleOperator = "wildcard match"
+	RuleOperatorWildcardNotMatch RuleOperator = "wildcard not match"
+	RuleOperatorContains         RuleOperator = "contains"
+	RuleOperatorNotContains      RuleOperator = "not contains"
+	RuleOperatorPrefix           RuleOperator = "prefix"
+	RuleOperatorSuffix           RuleOperator = "suffix"
+	RuleOperatorContainsAny      RuleOperator = "contains any"
+	RuleOperatorContainsAll      RuleOperator = "contains all"
+	RuleOperatorInIPList         RuleOperator = "in ip list"
+	RuleOperatorHasKey           RuleOperator = "has key" // has key in slice or map
+	RuleOperatorVersionGt        RuleOperator = "version gt"
+	RuleOperatorVersionLt        RuleOperator = "version lt"
+	RuleOperatorVersionRange     RuleOperator = "version range"
 
 	RuleOperatorContainsBinary    RuleOperator = "contains binary"     // contains binary
 	RuleOperatorNotContainsBinary RuleOperator = "not contains binary" // not contains binary