From df7174c892868f97dab2c596fd50c4f3aa2f45ea Mon Sep 17 00:00:00 2001
From: GoEdgeLab <goedgecloud@gmail.com>
Date: Sat, 9 Dec 2023 17:00:21 +0800
Subject: [PATCH] =?UTF-8?q?WAF=E8=A7=84=E5=88=99=E6=A8=A1=E6=9D=BF?=
 =?UTF-8?q?=E4=B8=ADXSS=E6=B3=A8=E5=85=A5=E6=A3=80=E6=B5=8B=E8=A7=84?=
 =?UTF-8?q?=E5=88=99=E4=BD=BF=E7=94=A8=E2=80=9C=E5=8C=85=E5=90=ABXSS?=
 =?UTF-8?q?=E6=B3=A8=E5=85=A5=E2=80=9D=E6=93=8D=E4=BD=9C=E7=AC=A6=E6=9B=BF?=
 =?UTF-8?q?=E4=BB=A3=E4=BB=A5=E5=BE=80=E7=9A=84=E6=AD=A3=E5=88=99=E8=A1=A8?=
 =?UTF-8?q?=E8=BE=BE=E5=BC=8F?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 internal/waf/action_page.go   |  4 ++
 internal/waf/template_test.go | 91 +++++++++++++++++------------------
 2 files changed, 49 insertions(+), 46 deletions(-)

diff --git a/internal/waf/action_page.go b/internal/waf/action_page.go
index dfb626b..7333339 100644
--- a/internal/waf/action_page.go
+++ b/internal/waf/action_page.go
@@ -36,6 +36,10 @@ func (this *PageAction) WillChange() bool {
 
 // Perform the action
 func (this *PageAction) Perform(waf *WAF, group *RuleGroup, set *RuleSet, request requests.Request, writer http.ResponseWriter) (continueRequest bool, goNextSet bool) {
+	if writer == nil {
+		return
+	}
+
 	request.ProcessResponseHeaders(writer.Header(), this.Status)
 	writer.Header().Set("Content-Type", "text/html; charset=utf-8")
 	writer.WriteHeader(this.Status)
diff --git a/internal/waf/template_test.go b/internal/waf/template_test.go
index 69c355c..4304a7d 100644
--- a/internal/waf/template_test.go
+++ b/internal/waf/template_test.go
@@ -28,15 +28,13 @@ func Test_Template(t *testing.T) {
 		t.Fatal(err)
 	}
 
-	testTemplate1001(a, t, wafInstance)
-	testTemplate1002(a, t, wafInstance)
-	testTemplate1003(a, t, wafInstance)
+	testTemplate1010(a, t, wafInstance)
 	testTemplate2001(a, t, wafInstance)
 	testTemplate3001(a, t, wafInstance)
 	testTemplate4001(a, t, wafInstance)
 	testTemplate5001(a, t, wafInstance)
 	testTemplate6001(a, t, wafInstance)
-	testTemplate7001(a, t, wafInstance)
+	testTemplate7010(a, t, wafInstance)
 	testTemplate20001(a, t, wafInstance)
 }
 
@@ -86,49 +84,50 @@ func BenchmarkTemplate(b *testing.B) {
 	}
 }
 
-func testTemplate1001(a *assert.Assertion, t *testing.T, template *waf.WAF) {
-	req, err := http.NewRequest(http.MethodGet, "http://example.com/index.php?id=onmousedown%3D123", nil)
-	if err != nil {
-		t.Fatal(err)
+func testTemplate1010(a *assert.Assertion, t *testing.T, template *waf.WAF) {
+	for _, id := range []string{
+		"<script",
+		"<script src=\"123.js\">",
+		"<script>alert(123)</script>",
+		"<link",
+		"<link>",
+		"1 onfocus='alert(document.cookie)'",
+	} {
+		req, err := http.NewRequest(http.MethodGet, "https://example.com/index.php?id="+id, nil)
+		if err != nil {
+			t.Fatal(err)
+		}
+		req.Header.Set("User-Agent", testUserAgent)
+		_, _, _, result, err := template.MatchRequest(requests.NewTestRequest(req), nil, firewallconfigs.ServerCaptchaTypeNone)
+		if err != nil {
+			t.Fatal(err)
+		}
+		a.IsNotNil(result)
+		if result != nil {
+			a.IsTrue(result.Code == "1010")
+		} else {
+			t.Log("break at:", id)
+		}
 	}
-	req.Header.Set("User-Agent", testUserAgent)
-	_, _, _, result, err := template.MatchRequest(requests.NewTestRequest(req), nil, firewallconfigs.ServerCaptchaTypeNone)
-	if err != nil {
-		t.Fatal(err)
-	}
-	a.IsNotNil(result)
-	if result != nil {
-		a.IsTrue(result.Code == "1001")
-	}
-}
 
-func testTemplate1002(a *assert.Assertion, t *testing.T, template *waf.WAF) {
-	req, err := http.NewRequest(http.MethodGet, "http://example.com/index.php?id=eval%28", nil)
-	if err != nil {
-		t.Fatal(err)
-	}
-	_, _, _, result, err := template.MatchRequest(requests.NewTestRequest(req), nil, firewallconfigs.ServerCaptchaTypeNone)
-	if err != nil {
-		t.Fatal(err)
-	}
-	a.IsNotNil(result)
-	if result != nil {
-		a.IsTrue(result.Code == "1002")
-	}
-}
-
-func testTemplate1003(a *assert.Assertion, t *testing.T, template *waf.WAF) {
-	req, err := http.NewRequest(http.MethodGet, "http://example.com/index.php?id=<script src=\"123.js\">", nil)
-	if err != nil {
-		t.Fatal(err)
-	}
-	_, _, _, result, err := template.MatchRequest(requests.NewTestRequest(req), nil, firewallconfigs.ServerCaptchaTypeNone)
-	if err != nil {
-		t.Fatal(err)
-	}
-	a.IsNotNil(result)
-	if result != nil {
-		a.IsTrue(result.Code == "1003")
+	for _, id := range []string{
+		"123",
+		"abc",
+		"<html></html>",
+	} {
+		req, err := http.NewRequest(http.MethodGet, "https://example.com/index.php?id="+url.QueryEscape(id), nil)
+		if err != nil {
+			t.Fatal(err)
+		}
+		req.Header.Set("User-Agent", testUserAgent)
+		_, _, _, result, err := template.MatchRequest(requests.NewTestRequest(req), nil, firewallconfigs.ServerCaptchaTypeNone)
+		if err != nil {
+			t.Fatal(err)
+		}
+		a.IsNil(result)
+		if result != nil {
+			a.IsTrue(result.Code == "1010")
+		}
 	}
 }
 
@@ -290,7 +289,7 @@ func testTemplate6001(a *assert.Assertion, t *testing.T, template *waf.WAF) {
 	}
 }
 
-func testTemplate7001(a *assert.Assertion, t *testing.T, template *waf.WAF) {
+func testTemplate7010(a *assert.Assertion, t *testing.T, template *waf.WAF) {
 	for _, id := range []string{
 		" union all select id from credits",
 		"' or 1=1",