CoCalc -- waf.go

GitHub Repository: projectdiscovery/nuclei
Path: blob/dev/pkg/output/stats/waf/waf.go
²⁰⁷⁰ views
1
package waf
2

3
import (
4
	_ "embed"
5
	"encoding/json"
6
	"log"
7
	"regexp"
8
)
9

10
type WafDetector struct {
11
	wafs       map[string]waf
12
	regexCache map[string]*regexp.Regexp
13
}
14

15
// waf represents a web application firewall definition
16
type waf struct {
17
	Company string `json:"company"`
18
	Name    string `json:"name"`
19
	Regex   string `json:"regex"`
20
}
21

22
// wafData represents the root JSON structure
23
type wafData struct {
24
	WAFs map[string]waf `json:"wafs"`
25
}
26

27
//go:embed regexes.json
28
var wafContentRegexes string
29

30
func NewWafDetector() *WafDetector {
31
	var data wafData
32
	if err := json.Unmarshal([]byte(wafContentRegexes), &data); err != nil {
33
		log.Printf("could not unmarshal waf content regexes: %s", err)
34
	}
35

36
	store := &WafDetector{
37
		wafs:       data.WAFs,
38
		regexCache: make(map[string]*regexp.Regexp),
39
	}
40

41
	for id, waf := range store.wafs {
42
		if waf.Regex == "" {
43
			continue
44
		}
45
		compiled, err := regexp.Compile(waf.Regex)
46
		if err != nil {
47
			log.Printf("invalid WAF regex for %s: %v", id, err)
48
			continue
49
		}
50
		store.regexCache[id] = compiled
51
	}
52
	return store
53
}
54

55
func (d *WafDetector) DetectWAF(content string) (string, bool) {
56
	if d == nil || d.regexCache == nil {
57
		return "", false
58
	}
59

60
	for id, regex := range d.regexCache {
61
		if regex != nil && regex.MatchString(content) {
62
			return id, true
63
		}
64
	}
65
	return "", false
66
}
67

68
func (d *WafDetector) GetWAF(id string) (waf, bool) {
69
	waf, ok := d.wafs[id]
70
	return waf, ok
71
}
72

73
Product

Resources

Company
