From 1411bb163902dfc2ec9e70cbc72195b7966e32e1 Mon Sep 17 00:00:00 2001 From: midoks Date: Thu, 13 Oct 2022 20:43:46 +0800 Subject: [PATCH] up --- plugins/op_waf/class/luamaker.py | 56 +++++++++++++++++++++++++++++++ plugins/op_waf/conf/luawaf.conf | 2 +- plugins/op_waf/index.py | 41 ++++++++++++++++++++++ plugins/op_waf/t/ngx_demo.sh | 2 ++ plugins/op_waf/t/test.sh | 26 +++++++------- plugins/op_waf/waf/conf/readme.md | 1 + plugins/op_waf/waf/lua/init.lua | 8 +++-- plugins/webstats/install.sh | 1 - 8 files changed, 120 insertions(+), 17 deletions(-) create mode 100644 plugins/op_waf/class/luamaker.py create mode 100755 plugins/op_waf/waf/conf/readme.md diff --git a/plugins/op_waf/class/luamaker.py b/plugins/op_waf/class/luamaker.py new file mode 100644 index 000000000..bb9a6bad9 --- /dev/null +++ b/plugins/op_waf/class/luamaker.py @@ -0,0 +1,56 @@ +import sys +import os + + +class luamaker: + """ + lua 处理器 + """ + @staticmethod + def makeLuaTable(table): + """ + table 转换为 lua table 字符串 + """ + _tableMask = {} + _keyMask = {} + + def analysisTable(_table, _indent, _parent): + if isinstance(_table, tuple): + _table = list(_table) + if isinstance(_table, list): + _table = dict(zip(range(1, len(_table) + 1), _table)) + if isinstance(_table, dict): + _tableMask[id(_table)] = _parent + cell = [] + thisIndent = _indent + " " + for k in _table: + if sys.version_info[0] == 2: + if type(k) not in [int, float, bool, list, dict, tuple]: + k = k.encode() + + if not (isinstance(k, str) or isinstance(k, int) or isinstance(k, float)): + return + key = isinstance( + k, int) and "[" + str(k) + "]" or "[\"" + str(k) + "\"]" + if _parent + key in _keyMask.keys(): + return + _keyMask[_parent + key] = True + var = None + v = _table[k] + if sys.version_info[0] == 2: + if type(v) not in [int, float, bool, list, dict, tuple]: + v = v.encode() + if isinstance(v, str): + var = "\"" + v + "\"" + elif isinstance(v, bool): + var = v and "true" or "false" + elif isinstance(v, int) or isinstance(v, float): + var = str(v) + else: + var = analysisTable(v, thisIndent, _parent + key) + cell.append(thisIndent + key + " = " + str(var)) + lineJoin = ",\n" + return "{\n" + lineJoin.join(cell) + "\n" + _indent + "}" + else: + pass + return analysisTable(table, "", "root") diff --git a/plugins/op_waf/conf/luawaf.conf b/plugins/op_waf/conf/luawaf.conf index 1c26b405d..9777bcbf0 100755 --- a/plugins/op_waf/conf/luawaf.conf +++ b/plugins/op_waf/conf/luawaf.conf @@ -1,7 +1,7 @@ lua_shared_dict limit 30m; lua_shared_dict drop_ip 10m; lua_shared_dict drop_sum 10m; -lua_package_path "{$WAF_PATH}/lua/?.lua;{$ROOT_PATH}/openresty/lualib/?.lua;;"; +lua_package_path "{$WAF_PATH}/conf/?.lua;{$WAF_PATH}/lua/?.lua;{$ROOT_PATH}/openresty/lualib/?.lua;;"; init_worker_by_lua_file {$WAF_PATH}/lua/init_worker.lua; diff --git a/plugins/op_waf/index.py b/plugins/op_waf/index.py index b26c603f1..0058df63f 100755 --- a/plugins/op_waf/index.py +++ b/plugins/op_waf/index.py @@ -52,6 +52,16 @@ def checkArgs(data, ck=[]): return (True, mw.returnJson(True, 'ok')) +sys.path.append(getPluginDir() + "/class") +from luamaker import luamaker + + +def listToLuaFile(path, lists): + content = luamaker.makeLuaTable(lists) + content = "return " + content + mw.writeFile(path, content) + + def getConf(): path = mw.getServerDir() + "/openresty/nginx/conf/nginx.conf" return path @@ -211,6 +221,36 @@ def contentReplace(content): return content +def autoMakeLuaConfSingle(file): + path = getServerDir() + "/waf/rule/" + file + ".json" + to_path = getServerDir() + "/waf/conf/" + file + ".lua" + content = mw.readFile(path) + # print(content) + content = json.loads(content) + listToLuaFile(to_path, content) + + +def autoMakeLuaImportSingle(file): + path = getServerDir() + "/waf/" + file + ".json" + to_path = getServerDir() + "/waf/conf/" + file + ".lua" + content = mw.readFile(path) + # print(content) + content = json.loads(content) + listToLuaFile(to_path, content) + + +def autoMakeLuaConf(): + conf_list = ['args', 'cookie', 'ip_black', 'ip_white', + 'ipv6_black', 'post', 'scan_black', 'url', + 'user_agent'] + for x in conf_list: + autoMakeLuaConfSingle(x) + + import_list = ['config', 'site'] + for x in import_list: + autoMakeLuaImportSingle(x) + + def initDreplace(): path = getServerDir() @@ -259,6 +299,7 @@ def initDreplace(): initDomainInfo() initSiteInfo() initTotalInfo() + autoMakeLuaConf() if not mw.isAppleSystem(): mw.execShell("chown -R www:www " + path) diff --git a/plugins/op_waf/t/ngx_demo.sh b/plugins/op_waf/t/ngx_demo.sh index 800bb2057..c80363a59 100644 --- a/plugins/op_waf/t/ngx_demo.sh +++ b/plugins/op_waf/t/ngx_demo.sh @@ -6,6 +6,8 @@ pid=`ps -ef|grep openresty | grep -v grep | awk '{print $2}'` + +# perf record -F 99 -p 45266 -g -- sleep 60 perf record -F 99 -p $pid -g -- sleep 60 perf script -i perf.data &> perf.unfold diff --git a/plugins/op_waf/t/test.sh b/plugins/op_waf/t/test.sh index cb486275d..b651389f9 100755 --- a/plugins/op_waf/t/test.sh +++ b/plugins/op_waf/t/test.sh @@ -22,7 +22,7 @@ python3 index.py # yum -y kernel-devel kernel-headers gcc elfutils # stap -ve 'probe begin { log("hello systemtap!") exit() }' -stap -e 'probe vfs.add_to_page_cache {printf("dev=%d, devname=%s, ino=%d, index=%d, nrpages=%d\n", dev, devname, ino, index, nrpages )}' +# stap -e 'probe vfs.add_to_page_cache {printf("dev=%d, devname=%s, ino=%d, index=%d, nrpages=%d\n", dev, devname, ino, index, nrpages )}' # git clone https://github.com/openresty/openresty-systemtap-toolkit # http://openresty.org/en/build-systemtap.html @@ -33,22 +33,22 @@ stap -e 'probe vfs.add_to_page_cache {printf("dev=%d, devname=%s, ino=%d, index= # ./ngx-active-reqs -p 383774 -wget -O kernel-debuginfo-$(uname -r).rpm http://debuginfo.centos.org/8/x86_64/kernel-debuginfo-$(uname -r).rpm +# wget -O kernel-debuginfo-$(uname -r).rpm http://debuginfo.centos.org/8/x86_64/kernel-debuginfo-$(uname -r).rpm -wget -O kernel-debuginfo-4.18.0-348.el8.x86_64.rpm http://debuginfo.centos.org/8/x86_64/Packages/kernel-debuginfo-4.18.0-348.el8.x86_64.rpm -wget -O kernel-debuginfo-common-x86_64-4.18.0-348.el8.x86_64.rpm http://debuginfo.centos.org/8/x86_64/Packages/kernel-debuginfo-common-x86_64-4.18.0-348.el8.x86_64.rpm +# wget -O kernel-debuginfo-4.18.0-348.el8.x86_64.rpm http://debuginfo.centos.org/8/x86_64/Packages/kernel-debuginfo-4.18.0-348.el8.x86_64.rpm +# wget -O kernel-debuginfo-common-x86_64-4.18.0-348.el8.x86_64.rpm http://debuginfo.centos.org/8/x86_64/Packages/kernel-debuginfo-common-x86_64-4.18.0-348.el8.x86_64.rpm -rpm -ivh kernel-debuginfo-4.18.0-348.el8.x86_64.rpm -rpm -ivh kernel-debuginfo-common-x86_64-4.18.0-348.el8.x86_64.rpm +# rpm -ivh kernel-debuginfo-4.18.0-348.el8.x86_64.rpm +# rpm -ivh kernel-debuginfo-common-x86_64-4.18.0-348.el8.x86_64.rpm # uname -r # yum install kernel-devel-4.18.0-358.el8.x86_64 # yum install kernel-debuginfo-4.18.0-358.el8.x86_64 -yum search kernel-debuginfo -kernel-devel +# yum search kernel-debuginfo +# kernel-devel -rpm -ivh kernel-debuginfo-4.18.0-358.el8.x86_64 +# rpm -ivh kernel-debuginfo-4.18.0-358.el8.x86_64 # yum install systemtap -y # yum install perf -y @@ -56,11 +56,11 @@ rpm -ivh kernel-debuginfo-4.18.0-358.el8.x86_64 # perf record -F 99 -p 4452 -g -o test.data -- sleep 100 -perf record -F 99 -p 153145 -g -o test.data -- sleep 100 +# perf record -F 99 -p 153145 -g -o test.data -- sleep 100 -perf script -i test.data &> perf.unfold -./FlameGraph/stackcollapse-perf.pl perf.unfold &> perf.folded -./FlameGraph/flamegraph.pl perf.folded > perf.svg +# perf script -i test.data &> perf.unfold +# ./FlameGraph/stackcollapse-perf.pl perf.unfold &> perf.folded +# ./FlameGraph/flamegraph.pl perf.folded > perf.svg # # git clone https://github.com/brendangregg/FlameGraph.git diff --git a/plugins/op_waf/waf/conf/readme.md b/plugins/op_waf/waf/conf/readme.md new file mode 100755 index 000000000..2bbbd3c5c --- /dev/null +++ b/plugins/op_waf/waf/conf/readme.md @@ -0,0 +1 @@ +自动生成配置文件 \ No newline at end of file diff --git a/plugins/op_waf/waf/lua/init.lua b/plugins/op_waf/waf/lua/init.lua index 97617da45..6acb2b727 100644 --- a/plugins/op_waf/waf/lua/init.lua +++ b/plugins/op_waf/waf/lua/init.lua @@ -6,11 +6,15 @@ local C = __C:new() local waf_root = "{$WAF_ROOT}" -config = C:read_file_body_decode(waf_root.."/waf/"..'config.json') -local site_config = C:read_file_body_decode(waf_root.."/waf/"..'site.json') +-- config = C:read_file_body_decode(waf_root.."/waf/"..'config.json') +local config = require "config" +-- config = C:read_file_body_decode(waf_root.."/waf/"..'site.json') +local site_config = require "site" C:setConfData(config, site_config) C:setDebug(true) +-- C:D("conf"..C:to_json(config)) + local get_html = C:read_file_body(config["reqfile_path"] .. '/' .. config["get"]["reqfile"]) local post_html = C:read_file_body(config["reqfile_path"] .. '/' .. config["post"]["reqfile"]) diff --git a/plugins/webstats/install.sh b/plugins/webstats/install.sh index 2b279bb11..b15db97b8 100755 --- a/plugins/webstats/install.sh +++ b/plugins/webstats/install.sh @@ -89,7 +89,6 @@ Install_App() # https://github.com/P3TERX/GeoLite.mmdb pip install geoip2 if [ ! -f $serverPath/webstats/GeoLite2-City.mmdb ];then - # pip install geoip2 wget --no-check-certificate -O $serverPath/webstats/GeoLite2-City.mmdb https://git.io/GeoLite2-City.mmdb fi