jiazhizhong/higress
1
0
Fork 0
mirror of https://github.com/alibaba/higress.git synced 2026-05-30 23:57:28 +08:00
Code Issues Packages Projects Releases Wiki Activity

waf skip body when protocol is grpc, websocket or sse (#943)

Browse Source
This commit is contained in:
rinfx
2024-05-15 20:34:47 +08:00
committed by GitHub
parent 8736188e6a
commit 42c9c3d824
3 changed files with 49 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
plugins/wasm-go/extensions/waf/wasmplugin/plugin.go
View File

@@ -69,6 +69,15 @@ func parseConfig(json gjson.Result, config *WafConfig, log wrapper.Log) error {
}
func onHttpRequestHeaders(ctx wrapper.HttpContext, config WafConfig, log wrapper.Log) types.Action {
ctx.SetContext("skipwaf", false)
if ignoreBody() {
ctx.DontReadRequestBody()
ctx.DontReadResponseBody()
ctx.SetContext("skipwaf", true)
return types.ActionContinue
}
ctx.SetContext("interruptionHandled", false)
ctx.SetContext("processedRequestBody", false)
ctx.SetContext("processedResponseBody", false)
@@ -192,6 +201,10 @@ func onHttpRequestBody(ctx wrapper.HttpContext, config WafConfig, body []byte, l
}
func onHttpResponseHeaders(ctx wrapper.HttpContext, config WafConfig, log wrapper.Log) types.Action {
if ctx.GetContext("skipwaf").(bool) {
return types.ActionContinue
}
if ctx.GetContext("interruptionHandled").(bool) {
return types.ActionContinue
}
@@ -306,6 +319,10 @@ func onHttpResponseBody(ctx wrapper.HttpContext, config WafConfig, body []byte,
}
func onHttpStreamDone(ctx wrapper.HttpContext, config WafConfig, log wrapper.Log) {
if ctx.GetContext("skipwaf").(bool) {
return
}
tx := ctx.GetContext("tx").(ctypes.Transaction)
if !tx.IsRuleEngineOff() {

31
plugins/wasm-go/extensions/waf/wasmplugin/utils.go
View File

@@ -138,3 +138,34 @@ func logError(error ctypes.MatchedRule) {
proxywasm.LogDebug(msg)
}
}
func isWebSocketRequest() bool {
if value, err := proxywasm.GetHttpRequestHeader("Upgrade"); err == nil {
if value == "websocket" {
return true
}
}
return false
}
func isSSERequest() bool {
if value, err := proxywasm.GetHttpRequestHeader("Accept"); err == nil {
if value == "text/event-stream" {
return true
}
}
return false
}
func isGrpcRequest() bool {
if value, err := proxywasm.GetHttpRequestHeader("Content-Type"); err == nil {
if value == "application/grpc" {
return true
}
}
return false
}
func ignoreBody() bool {
return isWebSocketRequest() || isSSERequest() || isGrpcRequest()
}