feat:single host owasp set detection

#467

model/hosts.go

@@ -53,6 +53,7 @@ type HostsDefense struct {
 	DEFENSE_RCE           int `json:"rce"`       //防御-scan工具扫描
 	DEFENSE_SENSITIVE     int `json:"sensitive"` //敏感词检测
 	DEFENSE_DIR_TRAVERSAL int `json:"traversal"` //目录穿越检测
+	DEFENSE_OWASP_SET     int `json:"owaspset"`  //OWASP集检测
 }
 
 // HealthyConfig 健康度检测
@@ -188,3 +189,28 @@ func ParseTransportConfig(transportJSON string) TransportConfig {
 	}
 	return config
 }
+
+// ParseHostsDefense 解析防御配置
+func ParseHostsDefense(defenseJSON string) HostsDefense {
+	var defense HostsDefense
+
+	// 设置默认值
+	defense.DEFENSE_BOT = 1
+	defense.DEFENSE_SQLI = 1
+	defense.DEFENSE_XSS = 1
+	defense.DEFENSE_SCAN = 1
+	defense.DEFENSE_RCE = 1
+	defense.DEFENSE_SENSITIVE = 1
+	defense.DEFENSE_DIR_TRAVERSAL = 1
+	defense.DEFENSE_OWASP_SET = 0
+
+	// 如果JSON不为空，则解析覆盖默认值
+	if defenseJSON != "" {
+		err := json.Unmarshal([]byte(defenseJSON), &defense)
+		if err != nil {
+			// 解析失败时使用默认值，可以记录日志
+			return defense
+		}
+	}
+	return defense
+}

wafenginecore/checkowasp.go

@@ -3,6 +3,7 @@ package wafenginecore
 import (
 	"SamWaf/global"
 	"SamWaf/innerbean"
+	"SamWaf/model"
 	"SamWaf/model/detection"
 	"SamWaf/model/wafenginmodel"
 	"net/http"
@@ -17,18 +18,20 @@ func (waf *WafEngine) CheckOwasp(r *http.Request, weblogbean *innerbean.WebLog,
 		Title:           "",
 		Content:         "",
 	}
-	if global.GCONFIG_RECORD_ENABLE_OWASP == 0 {
-		return result
-	}
-	isInteeruption, interruption, err := global.GWAF_OWASP.ProcessRequest(r, *weblogbean)
-	if err == nil && isInteeruption {
-		result.IsBlock = true
-		// 使用中断对象中的详细信息
-		if interruption.Data != "" {
-			result.Title = "OWASP:" + strconv.Itoa(interruption.RuleID) + interruption.Data
+	hostDefense := model.ParseHostsDefense(hostTarget.Host.DEFENSE_JSON)
+	globalHostDefense := model.ParseHostsDefense(globalHostTarget.Host.DEFENSE_JSON)
+	if global.GCONFIG_RECORD_ENABLE_OWASP == 1 || hostDefense.DEFENSE_OWASP_SET == 1 || globalHostDefense.DEFENSE_OWASP_SET == 1 {
+		isInteeruption, interruption, err := global.GWAF_OWASP.ProcessRequest(r, *weblogbean)
+		if err == nil && isInteeruption {
+			result.IsBlock = true
+			// 使用中断对象中的详细信息
+			if interruption.Data != "" {
+				result.Title = "OWASP:" + strconv.Itoa(interruption.RuleID) + interruption.Data
+			}
+			result.Content = "访问不合法"
+			weblogbean.RISK_LEVEL = 2
 		}
-		result.Content = "访问不合法"
-		weblogbean.RISK_LEVEL = 2
 	}
+
 	return result
 }

wafenginecore/wafengine.go

@@ -394,19 +394,7 @@ func (waf *WafEngine) ServeHTTP(w http.ResponseWriter, r *http.Request) {
 					return
 				}
 
-				hostDefense := model.HostsDefense{
-					DEFENSE_BOT:           1,
-					DEFENSE_SQLI:          1,
-					DEFENSE_XSS:           1,
-					DEFENSE_SCAN:          1,
-					DEFENSE_RCE:           1,
-					DEFENSE_SENSITIVE:     1,
-					DEFENSE_DIR_TRAVERSAL: 1,
-				}
-				err := json.Unmarshal([]byte(hostTarget.Host.DEFENSE_JSON), &hostDefense)
-				if err != nil {
-					zlog.Debug("解析defense json失败")
-				}
+				hostDefense := model.ParseHostsDefense(hostTarget.Host.DEFENSE_JSON)
 				//检测爬虫bot
 				if hostDefense.DEFENSE_BOT == 1 {
 					if handleBlock(waf.CheckBot) {