亚洲激情专区-91九色丨porny丨老师-久久久久久久女国产乱让韩-国产精品午夜小视频观看

溫馨提示×

溫馨提示×

您好,登錄后才能下訂單哦!

密碼登錄×
登錄注冊×
其他方式登錄
點擊 登錄注冊 即表示同意《億速云用戶服務條款》

對一套WAF防護規則(正則表達式)的整理和分析。

發布時間:2020-07-28 03:33:28 來源:網絡 閱讀:879 作者:w2sft 欄目:安全技術

//此套WAF防護正則表達式規則來源于ShareWAF(http://www.sharewaf.com/)
//測試方法建議:請依下方測試使用的test語句進行,根據true、false,可知是否能識別出***并記錄到數據庫

var regexp_debug = 0;
exports.anti_sqlinj_rule =[
? ?// /select|update|delete|truncate|join|union|exec|insert|drop|count|Sp_sqlexec|order by|’|"|>| ? ?/select.+(from|limit)/,
? ?/(?:(union(.*?)select))/,
? ?// /having|rongjitest/,
? ?/sleep\((\s*)(\d*)(\s*)\)/,
? ?/group\s+by.+\(/,
? ?/(?:from\W+information_schema\W)/,
? ?/(?:(?:current_)user|database|schema|connection_id)\s*\(/,

//新增
? ?/\s*or\s+.*=.*/i,
? ?/order\s+by\s+.*--$/i
];

if( regexp_debug == 1) {
? ? ///select|update|delete|truncate|join|union|exec|insert|drop|count|Sp_sqlexec|order ?by|’|"|>| ? ?//不區分大小寫的字符串匹配,留給影衛字符匹配,這里不使用

//.匹配除“\n”之外的任何單個字符
? ?//含意:匹配select from或select limit語句
? ?//注意:區分大小寫,如要取消大小寫區分,加:/i

? ?//新增,匹配' or 1=1 –,規則:/空格出現或不出現 or 空格出現1次或多次 任何字符不限次數 = 任意字符不限次數
? ?console.log( /\s*or\s+.*=.*/i.test("'or 1=1") ); //true
? ?console.log( /\s*or\s+.*=.*/i.test("'or 1!=2") ); //true
? ?console.log( /\s*or\s+.*=.*/i.test("'or 'a'='a'") ); //true
? ?console.log( /\s*or\s+.*=.*/i.test("'or'a'='a'") ); //false
? ?console.log( /\s*or\s+.*=.*/i.test("'or1=1") ); //false

? ?//新增,匹配:order by 1 --
? ?console.log( /order\s+by\s+.*--$/i.test("order by 1 --") ); //true
? ?console.log( /order\s+by\s+.*--$/i.test("order ? by 2 ?--") ); //true
? ?console.log( /order\s+by\s+.*--$/i.test("order BY 3 --") ); //true

console.log( /select.+(from|limit)/.test("select * from abc") ); //true
? ?console.log( /select.+(from|limit)/.test("select top 10 * from abc") ); //true
? ?console.log( /select.+(from|limit)/.test("select top 10") ); //false
? ?console.log( /select.+(from|limit)/.test("Select top 10 from") ); //false

//(?:X):僅分組
? ?//.:任意字符號
? ?//X*?:字符出現0次或多次
? ?//(.*):任意字符出現0次或多次
? ?//含意:匹配union select語法
? ?//注意:區分大小寫,如要取消大小寫區分,加:/i
? ?console.log( /(?:(union(.*?)select))/.test("union select 1,2,3 from") ); //true
? ?console.log( /(?:(union(.*?)select))/.test("UNION select 1,2,3 from") ); //false
? ?console.log( /(?:(union(.*?)select))/.test("abc union abc select 1,2,3 from") ); //true
? ?console.log( /(?:(union(.*?)select))/.test("abc union /* */ select 1,2,3 from") ); //true
? ?console.log( /(?:(union(.*?)select))/.test("abc union /* */") ); //false
? ?console.log( /(?:(union(.*?)select))/.test("select col from table union all select col2 from table2") ); //true
? ?//對這條語法存疑,寫的可能有問題,下面一行的測試說明:(?:)(僅分組,不記錄分組序號,也不捕獲該匹配)是無意義的
? ?console.log( /union(.*?)select/.test("abc union /* */ select 1,2,3 from"),"test" ); //true

//\s :空白字符
? ?//\s* :空白字符出現0次或多次(出現或不出現)
? ?//\d:數字
? ?//\d*:任意數字出現0次或多次
? ?//含意:匹配sleep(數字)函數,括號里可以有任何空白字符
? ?//注意:區分大小寫,如要取消大小寫區分,加:/i
? ?console.log( /sleep\((\s*)(\d*)(\s*)\)/.test("sleep(1)") ); //true
? ?console.log( /sleep\((\s*)(\d*)(\s*)\)/.test("sleep( ? 1 )") ); //true
? ?console.log( /sleep\((\s*)(\d*)(\s*)\)/.test("sleep('abc')") ); //false
? ?console.log( /sleep\((\s*)(\d*)(\s*)\)/.test("sleep(' abc')") ); //false
? ?console.log( /sleep\((\s*)(\d*)(\s*)\)/.test("SLEEP(1)") ); //false
? ?//加i,不區分大小寫
? ?console.log( /sleep\((\s*)(\d*)(\s*)\)/i.test("SLEEP(1)"),"test2" ); //true

//\s :空白字符
? ?//.:任意字符號
? ?//含意:匹配group by語法
? ?//注意:區分大小寫,如要取消大小寫區分,加:/i
? ?//不確定:這條規則可能有誤,不應該有(符號,group by語句沒有(
? ?console.log( /group\s+by.+\(/.test("group by id(") ); //true
? ?console.log( /group\s+by.+\(/.test("group by id") ); //false

//information_schema:mysql自帶數據庫
? ?//\W:不能構成單詞的字符,等價于[^A-Za-z0-9_]
? ?//(?:X)僅分組
? ?console.log( /(?:from\W+information_schema\W)/.test("select TABLES from * information_schema * ") ); //true
? ?console.log( /(?:from\W+information_schema\W)/.test("select TABLES from/**/information_schema/**/") ); //true
? ?console.log( /(?:from\W+information_schema\W)/.test("select TABLES from 123 /**/ union information_schema/**/") ); //false
? ?//(?:X)僅分組無意義,應該可改為:
? ?console.log( /from\W+information_schema\W/.test("select TABLES from/**/information_schema/**/") ); //true

//(?:X):僅分組
? ?//|:或
? ?//\s:空白字符
? ?//注意:區分大小寫,如要取消大小寫區分,加:/i
? ?console.log( /(?:(?:current_)user|database|schema|connection_id)\s*\(/.test("current_user (") ); //true
? ?console.log( /(?:(?:current_)user|database|schema|connection_id)\s*\(/.test("current_database(") ); //true
? ?console.log( /(?:(?:current_)user|database|schema|connection_id)\s*\(/.test("current_connection_id ? (") ); //true
? ?console.log( /(?:(?:current_)user|database|schema|connection_id)\s*\(/.test("current_connection_id = (") ); //false
? ?console.log( /(?:(?:current_)user|database|schema|connection_id)\s*\(/.test("connection_id(") ); //true
? ?console.log( /(?:(?:current_)user|database|schema|connection_id)\s*\(/.test("connection_ID(") ); //false
? ?//應該可簡化為:
? ?console.log( /(?:current_)user|database|schema|connection_id\s*\(/.test("current_connection_id ? (") ); //true
? ?console.log( /(?:current_)user|database|schema|connection_id\s*\(/.test("connection_id(") ); //true
}


exports.anti_cookieinj_rule =[
? ?/select.+(from|limit)/,
? ?/(?:(union(.*?)select))/,
? ?///having|rongjitest/,
? ?/sleep\((\s*)(\d*)(\s*)\)/,
? ?/benchmark\((.*)\,(.*)\)/,
? ?/base64_decode\(/,
? ?/(?:from\W+information_schema\W)/,
? ?//修改,增加version
? ?/(?:(?:current_)user|database|version|schema|connection_id)\s*\(/,
? ?/(?:etc\/\W*passwd)/,
? ?/into(\s+)+(?:dump|out)file\s*/,
? ?/group\s+by.+\(/,
? ?/xwork.MethodAccessor/,
? ? /(?:define|eval|file_get_contents|include|require|require_once|shell_exec|phpinfo|system|passthru|preg_\w+|execute|echo|print|print_r|var_dump|(fp)open|alert|showmodaldialog)\(/
];
if( regexp_debug == 1) {
? ?//\i大小寫區分問題不再贅述,普遍存在
? ?//mysql函數benchmark
? ?//檢測例::benchmark(1000,encode("hello","goodbye"))
? ?console.log( /benchmark\((.*)\,(.*)\)/.test('select BENCHMARK(1000000,encode("hello","goodbye"))') ); //false
? ?console.log( /benchmark\((.*)\,(.*)\)/.test('select benchmark(1000000,encode("hello","goodbye"))'),"benchmark"); //true

///base64_decode\(/
? ?//檢測base64_decode()函數
? ?//到此,大至可理解:此套規則是針對mysql、php的
? ?console.log( /base64_decode\(/.test("base64_decode('abc')") ); //true
? ?console.log( /base64_decode\(/.test("base64_Decode('abc')") ); //false

console.log( /(?:(?:current_)user|database|schema|connection_id)\s*\(/.test("user(") ); //false
? ?console.log( /(?:(?:current_)user|database|schema|connection_id)\s*\(/.test("current_user(") ); //true
? ?console.log( /(?:(?:current_)user|database|schema|connection_id)\s*\(/.test("current_user (") ); //true
? ?console.log( /(?:(?:current_)user|database|schema|connection_id)\s*\(/.test("current_user ? (") ); //true
? ?console.log( /(?:(?:current_)user|database|schema|connection_id)\s*\(/.test("current_usEr ? (") ); //false
? ?console.log( /(?:(?:current_)user|database|schema|connection_id)\s*\(/.test("current_user ?* (") ); //false

//etc路徑加passwd檢測
? ?//\W:不能構成單詞的字符
? ?console.log( /(?:etc\/\W*passwd)/.test("etc/passwd") ); //true
? ?console.log( /(?:etc\/\W*passwd)/.test("etc//passwd") ); //true
? ?console.log( /(?:etc\/\W*passwd)/.test("etc passwd") ); //false
? ?console.log( /(?:etc\/\W*passwd)/.test("etc////passwd") ); //true
? ?console.log( /(?:etc\/\W*passwd)/.test("etc////PASSWD") ); //false

//mysql的file系列函數檢測:dumpfile\outfile
? ?//X+,X字符出現一次或多次
? ?//\s:空白字符
? ?console.log ( /into(\s+)+(?:dump|out)file\s*/.test("select * from test into outfile '/tmp/test.txt'") ); //true
? ?console.log ( /into(\s+)+(?:dump|out)file\s*/.test("select * from test into dumpfile '/tmp/test.txt'") ); //true
? ?console.log ( /into(\s+)+(?:dump|out)file\s*/.test("select * from test into dumpFILE '/tmp/test.txt'") ); //false

///xwork.MethodAccessor/,
? ?//這是struts2相關的一個漏洞關鍵字
? ?console.log( /xwork.MethodAccessor/.test("xwork.MethodAccessor") ); //true
? ?console.log( /xwork.MethodAccessor/.test("xwork.MethodAccessoR") ); //false

//w+:可以構成單詞的字符
? ?//檢測各種函數
? ? /(?:define|eval|file_get_contents|include|require|require_once|shell_exec|phpinfo|system|passthru|preg_\w+|execute|echo|print|print_r|var_dump|(fp)open|alert|showmodaldialog)\(/
? ?console.log( ? /(?:define|eval|file_get_contents|include|require|require_once|shell_exec|phpinfo|system|passthru|preg_\w+|execute|echo|print|print_r|var_dump|(fp)open|alert|showmodaldialog)\(/.test("define") ?); //false
? ?console.log( ? /(?:define|eval|file_get_contents|include|require|require_once|shell_exec|phpinfo|system|passthru|preg_\w+|execute|echo|print|print_r|var_dump|(fp)open|alert|showmodaldialog)\(/.test("define(") ?); //true
? ?console.log( ? /(?:define|eval|file_get_contents|include|require|require_once|shell_exec|phpinfo|system|passthru|preg_\w+|execute|echo|print|print_r|var_dump|(fp)open|alert|showmodaldialog)\(/.test("define(") ?); //true
? ?console.log( ? /(?:define|eval|file_get_contents|include|require|require_once|shell_exec|phpinfo|system|passthru|preg_\w+|execute|echo|print|print_r|var_dump|(fp)open|alert|showmodaldialog)\(/.test("preg_a(") ?); //true
}

exports.anti_xss_rule = [
? ?//注釋掉
? ?// /<|>|:|'|""|`|--|()|[]|{}|/,
? ?/\<(iframe|script|body|img|layer|div|meta|style|base|object|input)/,
? ?/(onmouseover|onmousemove|onerror|onload)\=/i,
? ?//新增
? ?/javascript:/i
];

if( regexp_debug == 1){

console.log( /\<(iframe|script|body|img|layer|div|meta|style|base|object|input)/.test(" ? ?console.log( /\<(iframe|script|body|img|layer|div|meta|style|base|object|input)/.test("iframe")); //false

console.log( /\<(iframe|script|body|img|layer|div|meta|style|base|object|input)/.test("

console.log( /(onmouseover|onmousemove|onerror|onload)\=/i.test("onerror='alert(1)'")); //true


console.log( /javascript:/i.test("javascript:alert(1);") );

}


exports.anti_folder_iterator_rule = [


/..\/..\//,

// /(?:etc\/\W*passwd\/shadow)/

//修改:

// /(?:etc\/\W*passwd)/i


];

if( regexp_debug == 1){

//匹配:../../

console.log( /..\/..\//.test("../../pass/") ); //true

console.log( /..\/..\//.test("../pass/") ); //false

}


exports.anti_cmdinj_rule = [

//修改

// || 命令

/\|\|.*(?:ls|pwd|whoami|ll|ifconfog|ipconfig|&&|chmod|cd|mkdir|rmdir|cp|mv)/,

//命令||

/(?:ls|pwd|whoami|ll|ifconfog|ipconfig|&&|chmod|cd|mkdir|rmdir|cp|mv).*\|\|/

];

if(regexp_debug == 1){

console.log( ? /\|\|.*(?:ls|pwd|whoami|ll|ifconfog|ipconfig|&&|chmod|cd|mkdir|rmdir|cp|mv)/.test("||ipconfig") ?); //true

console.log( /\|\|.*(?:ls|pwd|whoami|ll|ifconfog|ipconfig|&&|chmod|cd|mkdir|rmdir|cp|mv)/.test("||cd") ); //true

console.log( /\|\|.*(?:ls|pwd|whoami|ll|ifconfog|ipconfig|&&|chmod|cd|mkdir|rmdir|cp|mv)/.test("cd") ); //false

console.log( /\|\|.*(?:ls|pwd|whoami|ll|ifconfog|ipconfig|&&|chmod|cd|mkdir|rmdir|cp|mv)/.test("|cd") ); //false

}


exports.anti_remote_file_include_rule = [

/http:\/\/|https:\/\//,

/(?:define|eval|file_get_contents|include|require|require_once|shell_exec|phpinfo|system|passthru|preg_\w+|execute|echo|print|print_r|var_dump|(fp)open|alert|showmodaldialog)\(/,

//注釋

// /(gopher|doc|php|glob|file|phar|zlib|ftp|ldap|dict|ogg|data)\:\//,

];

if(regexp_debug == 1){

console.log( /http:\/\/|https:\/\/|..\/..\//.test("http://") ); //true

console.log( /http:\/\/|https:\/\/|..\/..\//.test("http:") ); //false

console.log( /http:\/\/|https:\/\/|..\/..\//.test("https:") ); //false

}


exports.anti_local_file_include_rule = [

//這行容易誤報

// /..\//,

/(?:etc\/\W*passwd)/,

//注釋

// ? /(?:define|eval|file_get_contents|include|require|require_once|shell_exec|phpinfo|system|passthru|preg_\w+|execute|echo|print|print_r|var_dump|(fp)open|alert|showmodaldialog)\(/,

/(gopher|doc|php|glob|file|phar|zlib|ftp|ldap|dict|ogg|data)\:\//

];

if( regexp_debug == 1){

//匹配:etc/ 不能構成單詞的任意字符不出現或出現或出現多次 password

console.log( /(?:etc\/\W*passwd)/i.test("etc//passwd") ); //true

console.log( /(?:etc\/\W*passwd)/i.test("etc/passwd") ); //true

console.log( /(?:etc\/\W*passwd)/i.test("etc//**/passwd") ); //true

console.log( /(?:etc\/\W*passwd)/i.test("etc\\passwd") ); //false


console.log( /(gopher|doc|php|glob|file|phar|zlib|ftp|ldap|dict|ogg|data)\:\//.test("file:/") ); //true

console.log( /(gopher|doc|php|glob|file|phar|zlib|ftp|ldap|dict|ogg|data)\:\//.test("file:") ); //false

}


向AI問一下細節

免責聲明:本站發布的內容(圖片、視頻和文字)以原創、轉載和分享為主,文章觀點不代表本網站立場,如果涉及侵權請聯系站長郵箱:is@yisu.com進行舉報,并提供相關證據,一經查實,將立刻刪除涉嫌侵權內容。

AI

东方市| 昌都县| 晋城| 蒙山县| 安阳市| 浙江省| 阜宁县| 青浦区| 隆子县| 安远县| 民乐县| 阳谷县| 吐鲁番市| 安丘市| 西和县| 姜堰市| 招远市| 延长县| 德令哈市| 庄河市| 鄂尔多斯市| 习水县| 白玉县| 云南省| 黄陵县| 桃源县| 金寨县| 青浦区| 松桃| 江川县| 当阳市| 石台县| 铁力市| 右玉县| 海南省| 辽宁省| 健康| 宣城市| 玉溪市| 依安县| 黑水县|