leftyer/SamWaf
1
0
Fork 0
mirror of https://gitee.com/samwaf/SamWaf.git synced 2025-12-06 14:59:18 +08:00
Code Issues Packages Projects Releases Wiki Activity
Files
c7d82acdbc846866bfe7d5cf3829fcaf29339900
SamWaf/wafenginecore/check_dir_traversal.go
samwaf e68c1e809d fix:check logic 
#170
2025-03-04 14:53:40 +08:00

44 lines
1.0 KiB
Go
Raw Blame History

package wafenginecore
import (
"SamWaf/innerbean"
"SamWaf/libinjection-go"
"SamWaf/model/detection"
"SamWaf/model/wafenginmodel"
"net/http"
"net/url"
)
// CheckDirTraversal 穿越漏洞检测
func (waf *WafEngine) CheckDirTraversal(r *http.Request, weblogbean *innerbean.WebLog, formValue url.Values, hostTarget *wafenginmodel.HostSafe, globalHostTarget *wafenginmodel.HostSafe) detection.Result {
result := detection.Result{
JumpGuardResult: false,
IsBlock: false,
Title: "",
Content: "",
}
var flag = false
//检测sql注入
if libinjection.HasDirTraversal(weblogbean.RawQuery) ||
libinjection.HasDirTraversal(weblogbean.BODY) {
flag = true
}
if flag == false {
for _, value := range formValue {
for _, v := range value {
if libinjection.HasDirTraversal(v) {
flag = true
}
}
}
}
if flag == true {
weblogbean.RISK_LEVEL = 2
result.IsBlock = true
result.Title = "目录穿越漏洞"
result.Content = "请正确访问"
return result
}
return result
}
Reference in New Issue View Git Blame Copy Permalink