github.com/TeaOSLab/EdgeNode@v1.3.8/internal/waf/checkpoints/cc2.go

github.com/TeaOSLab/EdgeNode@v1.3.8/internal/waf/checkpoints/cc2.go (about)

     1  // Copyright 2021 Liuxiangchao iwind.liu@gmail.com. All rights reserved.
     2  
     3  package checkpoints
     4  
     5  import (
     6  	"fmt"
     7  	"github.com/TeaOSLab/EdgeNode/internal/utils"
     8  	"github.com/TeaOSLab/EdgeNode/internal/utils/counters"
     9  	"github.com/TeaOSLab/EdgeNode/internal/waf/requests"
    10  	wafutils "github.com/TeaOSLab/EdgeNode/internal/waf/utils"
    11  	"github.com/iwind/TeaGo/maps"
    12  	"github.com/iwind/TeaGo/types"
    13  	"path/filepath"
    14  	"strings"
    15  )
    16  
    17  // CC2Checkpoint 新的CC
    18  type CC2Checkpoint struct {
    19  	Checkpoint
    20  }
    21  
    22  func (this *CC2Checkpoint) RequestValue(req requests.Request, param string, options maps.Map, ruleId int64) (value any, hasRequestBody bool, sysErr error, userErr error) {
    23  	var keys = options.GetSlice("keys")
    24  	var keyValues = []string{}
    25  	var hasRemoteAddr = false
    26  	for _, key := range keys {
    27  		if key == "${remoteAddr}" || key == "${rawRemoteAddr}" {
    28  			hasRemoteAddr = true
    29  		}
    30  		keyValues = append(keyValues, req.Format(types.String(key)))
    31  	}
    32  	if len(keyValues) == 0 {
    33  		return
    34  	}
    35  
    36  	var period = options.GetInt("period")
    37  	if period <= 0 {
    38  		period = 60
    39  	} else if period > 7*86400 {
    40  		period = 7 * 86400
    41  	}
    42  
    43  	/**var threshold = options.GetInt64("threshold")
    44  	if threshold <= 0 {
    45  		threshold = 1000
    46  	}**/
    47  
    48  	if options.GetBool("ignoreCommonFiles") {
    49  		var rawReq = req.WAFRaw()
    50  		if len(rawReq.Referer()) > 0 {
    51  			var ext = filepath.Ext(rawReq.URL.Path)
    52  			if len(ext) > 0 && utils.IsCommonFileExtension(ext) {
    53  				return
    54  			}
    55  		}
    56  	}
    57  
    58  	var ccKey = "WAF-CC-" + types.String(ruleId) + "-" + strings.Join(keyValues, "@")
    59  	var ccValue = counters.SharedCounter.IncreaseKey(ccKey, period)
    60  	value = ccValue
    61  
    62  	// 基于指纹统计
    63  	var enableFingerprint = true
    64  	if options.Has("enableFingerprint") && !options.GetBool("enableFingerprint") {
    65  		enableFingerprint = false
    66  	}
    67  	if hasRemoteAddr && enableFingerprint {
    68  		var fingerprint = req.WAFFingerprint()
    69  		if len(fingerprint) > 0 {
    70  			var fpKeyValues = []string{}
    71  			for _, key := range keys {
    72  				if key == "${remoteAddr}" || key == "${rawRemoteAddr}" {
    73  					fpKeyValues = append(fpKeyValues, fmt.Sprintf("%x", fingerprint))
    74  					continue
    75  				}
    76  				fpKeyValues = append(fpKeyValues, req.Format(types.String(key)))
    77  			}
    78  			var fpCCKey = "WAF-CC-" + types.String(ruleId) + "-" + strings.Join(fpKeyValues, "@")
    79  			var fpValue = counters.SharedCounter.IncreaseKey(fpCCKey, period)
    80  			if fpValue > ccValue {
    81  				value = fpValue
    82  			}
    83  		}
    84  	}
    85  
    86  	return
    87  }
    88  
    89  func (this *CC2Checkpoint) ResponseValue(req requests.Request, resp *requests.Response, param string, options maps.Map, ruleId int64) (value any, hasRequestBody bool, sysErr error, userErr error) {
    90  	if this.IsRequest() {
    91  		return this.RequestValue(req, param, options, ruleId)
    92  	}
    93  
    94  	return
    95  }
    96  
    97  func (this *CC2Checkpoint) CacheLife() wafutils.CacheLife {
    98  	return wafutils.CacheDisabled
    99  }