增加sql的waf功能

2022-03-03 16:16:53 +08:00
parent 5910cb2983
commit fcace799df
54 changed files with 12617 additions and 73 deletions
--- a/waf/report.lua
+++ b/waf/report.lua
@@ -0,0 +1,11 @@
+local _M = {}
+function _M.violation(result)
+    full_violation_text = "violation: \n"
+    if result == g_violation_sql_detect then
+        g_result_sql_detect = full_violation_text .. "SQL Injection detected \n"
+    end
+    full_violation_text = full_violation_text .. ngx.var.request_uri .. " \n"
+    log(violation)
+    say_html()
+end
+return _M
--- a/waf/rule.lua
+++ b/waf/rule.lua
@@ -0,0 +1,6 @@
+local _M = {
+    sql_get = "'|\\b(and|or)\\b.+?(>|<|=|\\bin\\b|\\blike\\b)|\\/\\*.+?\\*\\/|<\\s*script\\b|\\bEXEC\\b|UNION.+?SELECT|UPDATE.+?SET|INSERT\\s+INTO.+?VALUES|(SELECT|DELETE).+?FROM|(CREATE|ALTER|DROP|TRUNCATE)\\s+(TABLE|DATABASE)",
+    sql_post = "\\b(and|or)\\b.{1,6}?(=|>|<|\\bin\\b|\\blike\\b)|\\/\\*.+?\\*\\/|<\\s*script\\b|\\bEXEC\\b|UNION.+?SELECT|UPDATE.+?SET|INSERT\\s+INTO.+?VALUES|(SELECT|DELETE).+?FROM|(CREATE|ALTER|DROP|TRUNCATE)\\s+(TABLE|DATABASE)",
+    sql_cookie = "\\b(and|or)\\b.{1,6}?(=|>|<|\\bin\\b|\\blike\\b)|\\/\\*.+?\\*\\/|<\\s*script\\b|\\bEXEC\\b|UNION.+?SELECT|UPDATE.+?SET|INSERT\\s+INTO.+?VALUES|(SELECT|DELETE).+?FROM|(CREATE|ALTER|DROP|TRUNCATE)\\s+(TABLE|DATABASE)"
+}
+return _M
--- a/waf/sql.lua
+++ b/waf/sql.lua
@@ -0,0 +1,37 @@
+local _M = {}
+local ngx_base = require "resty.core.base"
+local waf_rule = require "waf/rule"
+local waf_voilation = require "waf/violation_list"
+local waf_report = require "waf/report"
+
+function _M.waf_sql_filter_params(arg_tables, filter_rule)
+    if arg_tables then
+        for key, val in pairs(arg_tables) do
+            if match_string(val, filter_rule) then
+                --ngx.say(key .. ":" .. val)
+                waf_report.violation(waf_voilation.sql_detect)
+            end
+        end
+    end
+end
+
+function _M.waf_sql_filter()
+    --local get_arags = ngx.req.get_uri_args
+    --for k, v in ipairs(get_arags) do
+    --    print(v)
+    --end
+    if ngx_base.get_request() ~= nil then
+        _M.waf_sql_filter_params(ngx.req.get_uri_args(), waf_rule.sql_get)
+        ngx.say(get_cookie_raw())
+        if match_string(get_cookie_raw(), waf_rule.sql_cookie) then
+            waf_report.violation(waf_voilation.sql_detect)
+        end
+
+        local is_post_method = ngx.req.get_method() == "POST"
+        if is_post_method then
+            ngx.req.read_body()
+            _M.waf_sql_filter_params(ngx.req.get_post_args(), waf_rule.sql_post)
+        end
+    end
+end
+return _M
--- a/waf/violation_list.lua
+++ b/waf/violation_list.lua
@@ -0,0 +1,3 @@
+return {
+    sql_detect = 1
+}
--- a/waf/waf.lua
+++ b/waf/waf.lua
@@ -0,0 +1,8 @@
+local waf_sql = require "waf/sql"
+
+--以后加规则配置、插件这些.现在不加
+function waf_dispatch()
+    waf_sql.waf_sql_filter()
+end
+
+waf_dispatch()