From b3c3a4457d240164cdb458dd8c7b0db65a458e08 Mon Sep 17 00:00:00 2001 From: midoks Date: Sat, 7 Jan 2023 15:36:44 +0800 Subject: [PATCH] =?UTF-8?q?op=E9=98=B2=E7=81=AB=E5=A2=99=E4=BC=98=E5=8C=96?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit 1.适配openresty配置修改。 2.加入一个测试功能,便于测试。 --- plugins/op_waf/conf/luawaf.conf | 9 +- plugins/op_waf/index.py | 112 ++++++++++++++++++------- plugins/op_waf/info.json | 2 +- plugins/op_waf/js/op_waf.js | 16 +++- plugins/op_waf/t/index.py | 13 +-- plugins/op_waf/waf/lua/common.lua | 18 +++- plugins/op_waf/waf/lua/init.lua | 17 +++- plugins/op_waf/waf/lua/init_worker.lua | 15 +++- 8 files changed, 142 insertions(+), 60 deletions(-) diff --git a/plugins/op_waf/conf/luawaf.conf b/plugins/op_waf/conf/luawaf.conf index af9993e83..3c93a082d 100755 --- a/plugins/op_waf/conf/luawaf.conf +++ b/plugins/op_waf/conf/luawaf.conf @@ -1,10 +1,3 @@ lua_shared_dict waf_limit 30m; lua_shared_dict waf_drop_ip 10m; -lua_shared_dict waf_drop_sum 10m; -lua_package_path "{$WAF_PATH}/html/?.lua;{$WAF_PATH}/conf/?.lua;{$WAF_PATH}/lua/?.lua;{$ROOT_PATH}/openresty/lualib/?.lua;;"; -lua_package_cpath "{$WAF_PATH}/conf/?.so;{$ROOT_PATH}/openresty/lualib/?.so;;"; - -init_worker_by_lua_file {$WAF_PATH}/lua/init_worker.lua; -access_by_lua_file {$WAF_PATH}/lua/init.lua; - -# init_by_lua_file {$WAF_PATH}/lua/init.lua; +lua_shared_dict waf_drop_sum 10m; \ No newline at end of file diff --git a/plugins/op_waf/index.py b/plugins/op_waf/index.py index 99cdeac13..d3325ae9f 100755 --- a/plugins/op_waf/index.py +++ b/plugins/op_waf/index.py @@ -6,6 +6,7 @@ import os import time import subprocess import json +import re sys.path.append(os.getcwd() + "/class/core") import mw @@ -228,17 +229,8 @@ def initTotalInfo(): mw.writeFile(path_total, cjson) -def status(): - path = getConf() - if not os.path.exists(path): - return 'stop' - - conf = mw.readFile(path) - if conf.find("#include luawaf.conf;") != -1: - return 'stop' - if conf.find("luawaf.conf;") == -1: - return 'stop' - return 'start' +def dstWafConf(): + return mw.getServerDir() + "/web_conf/nginx/vhost/opwaf.conf" def contentReplace(content): @@ -328,7 +320,8 @@ def autoMakeConfig(): def restartWeb(): autoMakeConfig() - mw.restartWeb() + mw.opWeb('stop') + mw.opWeb('start') def initDreplace(): @@ -370,11 +363,12 @@ def initDreplace(): content = contentReplace(content) mw.writeFile(init_worker, content) - waf_conf = mw.getServerDir() + "/openresty/nginx/conf/luawaf.conf" - waf_tpl = getPluginDir() + "/conf/luawaf.conf" - content = mw.readFile(waf_tpl) - content = contentReplace(content) - mw.writeFile(waf_conf, content) + waf_conf = dstWafConf() + if not os.path.exists(waf_conf): + waf_tpl = getPluginDir() + "/conf/luawaf.conf" + content = mw.readFile(waf_tpl) + content = contentReplace(content) + mw.writeFile(waf_conf, content) initDomainInfo() initSiteInfo() @@ -388,37 +382,61 @@ def initDreplace(): mw.execShell("chown -R www:www " + path) +def status(): + path = getConf() + if not os.path.exists(path): + return 'stop' + + waf_conf = dstWafConf() + if not os.path.exists(waf_conf): + return 'stop' + return 'start' + + def start(): initDreplace() - path = getConf() + path = mw.getServerDir() + '/web_conf/nginx/lua/lua.conf' + init_worker_lua = getServerDir() + '/waf/lua/init_worker.lua' + init_lua = getServerDir() + '/waf/lua/init.lua' conf = mw.readFile(path) - conf = conf.replace('#include luawaf.conf;', "include luawaf.conf;") + conf = re.sub('init_worker_by_lua_file (.*);', + "init_worker_by_lua_file " + init_worker_lua + ";", conf) + conf = re.sub('access_by_lua_file (.*);', + "access_by_lua_file " + init_lua + ";", conf) mw.writeFile(path, conf) import tool_task tool_task.createBgTask() - mw.restartWeb() + restartWeb() return 'ok' def stop(): - path = getConf() - conf = mw.readFile(path) - conf = conf.replace('include luawaf.conf;', "#include luawaf.conf;") + path = mw.getServerDir() + '/web_conf/nginx/lua/lua.conf' + empty_lua = mw.getServerDir() + '/web_conf/nginx/lua/empty.lua' + conf = mw.readFile(path) + conf = re.sub('init_worker_by_lua_file (.*);', + "init_worker_by_lua_file " + empty_lua + ";", conf) + conf = re.sub('access_by_lua_file (.*);', + "access_by_lua_file " + empty_lua + ";", conf) mw.writeFile(path, conf) + wafconf = dstWafConf() + if os.path.exists(wafconf): + os.remove(wafconf) + import tool_task tool_task.removeBgTask() - mw.restartWeb() + restartWeb() return 'ok' def restart(): - mw.restartWeb() + restartWeb() return 'ok' @@ -428,6 +446,18 @@ def reload(): path = getServerDir() path_tpl = getPluginDir() + config = path + "/waf/lua/common.lua" + config_tpl = path_tpl + "/waf/lua/common.lua" + content = mw.readFile(config_tpl) + content = contentReplace(content) + mw.writeFile(config, content) + + config = path + "/waf/lua/init_worker.lua" + config_tpl = path_tpl + "/waf/lua/init_worker.lua" + content = mw.readFile(config_tpl) + content = contentReplace(content) + mw.writeFile(config, content) + config = path + "/waf/lua/init.lua" config_tpl = path_tpl + "/waf/lua/init.lua" content = mw.readFile(config_tpl) @@ -438,6 +468,8 @@ def reload(): mw.execShell('rm -rf ' + errlog) start() + + restartWeb() return 'ok' @@ -1167,6 +1199,28 @@ def getWafConf(): return mw.readFile(conf) +def cleanDropIp(): + url = "http://127.0.0.1/clean_waf_drop_ip" + data = mw.httpGet(url) + return mw.returnJson(True, 'ok!', data) + + +def testRun(): + # args = getArgs() + # data = checkArgs(args, ['siteName']) + # if not data[0]: + # return data[1] + + conf_json = getServerDir() + "/waf/default.json" + data = mw.readFile(conf_json) + pdata = json.loads(data) + default_site = pdata['default'] + + url = "http://" + default_site + '/?t=../etc/passwd' + returnData = mw.httpGet(url, 10) + return mw.returnJson(True, '测试运行成功!', returnData) + + def installPreInspection(): check_op = mw.getServerDir() + "/openresty" if not os.path.exists(check_op): @@ -1174,12 +1228,6 @@ def installPreInspection(): return 'ok' -def cleanDropIp(): - url = "http://127.0.0.1/clean_waf_drop_ip" - data = mw.httpGet(url) - return mw.returnJson(True, 'ok!', data) - - if __name__ == "__main__": func = sys.argv[1] if func == 'status': @@ -1268,5 +1316,7 @@ if __name__ == "__main__": print(getWafSite()) elif func == 'clean_drop_ip': print(cleanDropIp()) + elif func == 'test_run': + print(testRun()) else: print('error') diff --git a/plugins/op_waf/info.json b/plugins/op_waf/info.json index 841cf2c6f..e37a26fdb 100755 --- a/plugins/op_waf/info.json +++ b/plugins/op_waf/info.json @@ -12,5 +12,5 @@ "home":"https://github.com/loveshell/ngx_lua_waf", "date":"2019-04-21", "pid": "1", - "versions": ["0.2.3"] + "versions": ["0.2.4"] } \ No newline at end of file diff --git a/plugins/op_waf/js/op_waf.js b/plugins/op_waf/js/op_waf.js index 170c7a871..469029adb 100755 --- a/plugins/op_waf/js/op_waf.js +++ b/plugins/op_waf/js/op_waf.js @@ -1712,9 +1712,12 @@ function wafLogs(){ \ \ \ - \ + \ + \ +
\ + \ + \
\ -
\ \
\ '; @@ -1733,6 +1736,15 @@ function wafLogs(){ }); }); + //测试demo + $("#testRun").click(function(){ + owPost('test_run',{},function(data){ + var rdata = $.parseJSON(data.data); + showMsg(rdata.msg, function(){ + wafLogRequest(1); + },{icon:1,shade: [0.3, '#000']},2000); + }); + }); //日期范围 laydate.render({ diff --git a/plugins/op_waf/t/index.py b/plugins/op_waf/t/index.py index a1cd9f768..98bd75f28 100644 --- a/plugins/op_waf/t/index.py +++ b/plugins/op_waf/t/index.py @@ -309,12 +309,12 @@ def test_Upload(): def test_start(): # test_OK() - # test_Dir() + test_Dir() # test_UA() - test_Header() + # test_Header() # test_UA_for(1000) - test_POST() - test_scan() + # test_POST() + # test_scan() # test_CC() # test_url_ext() # test_cdn() @@ -322,6 +322,7 @@ def test_start(): if __name__ == "__main__": - os.system('cd /Users/midoks/Desktop/mwdev/server/mdserver-web/plugins/op_waf && sh install.sh uninstall 0.2.2 && sh install.sh install 0.2.2') - os.system('cd /Users/midoks/Desktop/mwdev/server/mdserver-web/ && python3 plugins/openresty/index.py stop && python3 plugins/openresty/index.py start') + # os.system('cd /Users/midoks/Desktop/mwdev/server/mdserver-web/plugins/op_waf && sh install.sh uninstall 0.2.2 && sh install.sh install 0.2.2') + os.system('cd /Users/midoks/Desktop/mwdev/server/mdserver-web/ && python3 /Users/midoks/Desktop/mwdev/server/mdserver-web/plugins/op_waf/index.py reload') + # os.system('cd /Users/midoks/Desktop/mwdev/server/mdserver-web/ && python3 plugins/openresty/index.py stop && python3 plugins/openresty/index.py start') test_start() diff --git a/plugins/op_waf/waf/lua/common.lua b/plugins/op_waf/waf/lua/common.lua index ca4003c03..f477fdbd6 100644 --- a/plugins/op_waf/waf/lua/common.lua +++ b/plugins/op_waf/waf/lua/common.lua @@ -1,3 +1,14 @@ +local waf_root = "{$WAF_ROOT}" +local waf_cpath = waf_root.."/waf/lua/?.lua;"..waf_root.."/waf/conf/?.lua;"..waf_root.."/waf/html/?.lua;" +local waf_sopath = waf_root.."/waf/conf/?.so;" + +if not package.path:find(waf_cpath) then + package.path = waf_cpath .. package.path +end + +if not package.cpath:find(waf_sopath) then + package.cpath = waf_sopath .. package.cpath +end local setmetatable = setmetatable local _M = { _VERSION = '0.02' } @@ -9,7 +20,6 @@ local sqlite3 = require "lsqlite3" local ngx_match = ngx.re.find local debug_mode = false -local waf_root = "{$WAF_ROOT}" local cpath = waf_root.."/waf/" local log_dir = waf_root.."/logs/" local rpath = cpath.."/rule/" @@ -62,12 +72,12 @@ end -- 后台任务 function _M.cron(self) - local timer_every_get_data = function (premature) - self.clean_log() + local timer_every_get_data = function(premature) + self:clean_log() end ngx.timer.every(10, timer_every_get_data) - local timer_every_import_data = function (premature) + local timer_every_import_data = function(premature) local llen, _ = ngx.shared.waf_limit:llen('waf_limit_logs') if llen == 0 then diff --git a/plugins/op_waf/waf/lua/init.lua b/plugins/op_waf/waf/lua/init.lua index 615f50db9..507c5d3da 100644 --- a/plugins/op_waf/waf/lua/init.lua +++ b/plugins/op_waf/waf/lua/init.lua @@ -1,3 +1,14 @@ +local waf_root = "{$WAF_ROOT}" +local waf_cpath = waf_root.."/waf/lua/?.lua;"..waf_root.."/waf/conf/?.lua;"..waf_root.."/waf/html/?.lua;" +local waf_sopath = waf_root.."/waf/conf/?.so;" + +if not package.path:find(waf_cpath) then + package.path = waf_cpath .. package.path +end + +if not package.cpath:find(waf_sopath) then + package.cpath = waf_sopath .. package.cpath +end local json = require "cjson" local ngx_match = ngx.re.find @@ -11,11 +22,11 @@ local config = require "waf_config" local site_config = require "waf_site" local config_domains = require "waf_domains" --- C:D("config:"..C:to_json(config)) C:setConfData(config, site_config) C:setDebug(true) +-- C:D("config:"..C:to_json(config)) local get_html = require "html_get" local post_html = require "html_post" @@ -521,7 +532,6 @@ end function waf() min_route() - -- white ip if waf_ip_white() then return true end @@ -550,9 +560,8 @@ function waf() -- 扫描软件禁止 if waf_scan_black() then return true end - if waf_post() then return true end - + if site_config[server_name] and site_config[server_name]['open'] then if X_Forwarded() then return true end if post_X_Forwarded() then return true end diff --git a/plugins/op_waf/waf/lua/init_worker.lua b/plugins/op_waf/waf/lua/init_worker.lua index 1da7710a5..5bf722c9d 100644 --- a/plugins/op_waf/waf/lua/init_worker.lua +++ b/plugins/op_waf/waf/lua/init_worker.lua @@ -1,13 +1,20 @@ +local waf_root = "{$WAF_ROOT}" +local waf_cpath = waf_root.."/waf/lua/?.lua;"..waf_root.."/waf/conf/?.lua;"..waf_root.."/waf/html/?.lua;" +local waf_sopath = waf_root.."/waf/conf/?.so;" -local json = require "cjson" +if not package.path:find(waf_cpath) then + package.path = waf_cpath .. package.path +end -local waf_root = "{$WAF_ROOT}" -local cpath = waf_root.."/waf/" +if not package.cpath:find(waf_sopath) then + package.cpath = waf_sopath .. package.cpath +end + +local json = require "cjson" local __C = require "common" local C = __C:getInstance() - local function timer_stats_total_log(premature) C:timer_stats_total() end