feat:single host owasp set detection

#467
2025-12-06 14:59:18 +08:00 · 2025-10-15 10:37:32 +08:00
parent 0999725739
commit eff2cd46b6
3 changed files with 41 additions and 24 deletions
--- a/model/hosts.go
+++ b/model/hosts.go
@@ -53,6 +53,7 @@ type HostsDefense struct {
 	DEFENSE_RCE           int `json:"rce"`       //防御-scan工具扫描
 	DEFENSE_SENSITIVE     int `json:"sensitive"` //敏感词检测
 	DEFENSE_DIR_TRAVERSAL int `json:"traversal"` //目录穿越检测
+	DEFENSE_OWASP_SET     int `json:"owaspset"`  //OWASP集检测
 }

 // HealthyConfig 健康度检测
@@ -188,3 +189,28 @@ func ParseTransportConfig(transportJSON string) TransportConfig {
 	}
 	return config
 }
+
+// ParseHostsDefense 解析防御配置
+func ParseHostsDefense(defenseJSON string) HostsDefense {
+	var defense HostsDefense
+
+	// 设置默认值
+	defense.DEFENSE_BOT = 1
+	defense.DEFENSE_SQLI = 1
+	defense.DEFENSE_XSS = 1
+	defense.DEFENSE_SCAN = 1
+	defense.DEFENSE_RCE = 1
+	defense.DEFENSE_SENSITIVE = 1
+	defense.DEFENSE_DIR_TRAVERSAL = 1
+	defense.DEFENSE_OWASP_SET = 0
+
+	// 如果JSON不为空，则解析覆盖默认值
+	if defenseJSON != "" {
+		err := json.Unmarshal([]byte(defenseJSON), &defense)
+		if err != nil {
+			// 解析失败时使用默认值，可以记录日志
+			return defense
+		}
+	}
+	return defense
+}
--- a/wafenginecore/checkowasp.go
+++ b/wafenginecore/checkowasp.go
@@ -3,6 +3,7 @@ package wafenginecore
 import (
 	"SamWaf/global"
 	"SamWaf/innerbean"
+	"SamWaf/model"
 	"SamWaf/model/detection"
 	"SamWaf/model/wafenginmodel"
 	"net/http"
@@ -17,9 +18,9 @@ func (waf *WafEngine) CheckOwasp(r *http.Request, weblogbean *innerbean.WebLog,
 		Title:           "",
 		Content:         "",
 	}
-	if global.GCONFIG_RECORD_ENABLE_OWASP == 0 {
-		return result
-	}
+	hostDefense := model.ParseHostsDefense(hostTarget.Host.DEFENSE_JSON)
+	globalHostDefense := model.ParseHostsDefense(globalHostTarget.Host.DEFENSE_JSON)
+	if global.GCONFIG_RECORD_ENABLE_OWASP == 1 || hostDefense.DEFENSE_OWASP_SET == 1 || globalHostDefense.DEFENSE_OWASP_SET == 1 {
 		isInteeruption, interruption, err := global.GWAF_OWASP.ProcessRequest(r, *weblogbean)
 		if err == nil && isInteeruption {
 			result.IsBlock = true
@@ -30,5 +31,7 @@ func (waf *WafEngine) CheckOwasp(r *http.Request, weblogbean *innerbean.WebLog,
 			result.Content = "访问不合法"
 			weblogbean.RISK_LEVEL = 2
 		}
+	}
+
 	return result
 }
--- a/wafenginecore/wafengine.go
+++ b/wafenginecore/wafengine.go
@@ -394,19 +394,7 @@ func (waf *WafEngine) ServeHTTP(w http.ResponseWriter, r *http.Request) {
 					return
 				}

-				hostDefense := model.HostsDefense{
-					DEFENSE_BOT:           1,
-					DEFENSE_SQLI:          1,
-					DEFENSE_XSS:           1,
-					DEFENSE_SCAN:          1,
-					DEFENSE_RCE:           1,
-					DEFENSE_SENSITIVE:     1,
-					DEFENSE_DIR_TRAVERSAL: 1,
-				}
-				err := json.Unmarshal([]byte(hostTarget.Host.DEFENSE_JSON), &hostDefense)
-				if err != nil {
-					zlog.Debug("解析defense json失败")
-				}
+				hostDefense := model.ParseHostsDefense(hostTarget.Host.DEFENSE_JSON)
 				//检测爬虫bot
 				if hostDefense.DEFENSE_BOT == 1 {
 					if handleBlock(waf.CheckBot) {