Главная Обзор Помощь
Вход
waibao
/
NN2022081301
2
0
Ответвить 0
Файлы Задачи 0 Запросы на слияние 0 Вики
Дерево: 13529345a8
Ветки Метки
NN2022081301
/
application
/
agent
/
middleware
/
AttackCheckMiddleware.php

AttackCheckMiddleware.php 8.7 KB
История Исходник

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136 
  1. <?php
    2. 

  2. 

  3. 

  4. namespace app\agent\middleware;
    5. 

  5. 

  6. 

  7. use Lettered\Support\Exceptions\ForbiddenException;
    8. 

  8. 

  9. class AttackCheckMiddleware
    10. 

  10. {
    11. 

  11. 

  12.     private $config = [];
    13. 

  13. 

  14.     /**
    15. 

  15.      * AttackCheckMiddleware constructor.
    16. 

  16.      */
    17. 

  17.     public function __construct()
    18. 

  18.     {
    19. 

  19.         //默认配置
    20. 

  20.         $_config = [
    21. 

  21.             'url' => $_SERVER['REQUEST_URI'], //验证的url
    22. 

  22.             'white_urls' => [
    23. 

  23.                 '^/admin/*', //路径白名单 (^)匹配开头(*)匹配任意字符 不含括号
    24. 

  24.                 '^/ajax_format.html=>post.code,get.code,cookie.code', //路径参数白名单 当匹配到指定地址时 不验证指定的参数
    25. 

  25.            ],
    26. 

  26.             'http_html' =>'PCFET0NUWVBFIEhUTUw+DQo8aHRtbD4NCjxoZWFkPg0KPG1ldGEgaHR0cC1lcXVpdj0iQ29udGVudC1UeXBlIiBjb250ZW50PSJ0ZXh0L2h0bWw7IGNoYXJzZXQ9dXRmLTgiIC8+DQo8dGl0bGU+572R56uZ6Ziy54Gr5aKZPC90aXRsZT4NCjxzdHlsZT4NCip7cGFkZGluZzowO21hcmdpbjowfQ0KYm9keXtmb250OjE0cHgvMS41IE1pY3Jvc29mdCBZYWhlaSzlrovkvZMsc2Fucy1zZXJpZjtjb2xvcjojNTU1O2xpbmUtaGVpZ2h0OjI1cHh9DQo8L3N0eWxlPg0KPC9oZWFkPg0KPGJvZHk+DQo8ZGl2IHN0eWxlPSJ3aWR0aDo2MDBweDtjbGVhcjpib3RoO21hcmdpbjowIGF1dG87bWFyZ2luLXRvcDoxMCUiPg0KICA8ZGl2IHN0eWxlPSJsaW5lLWhlaWdodDo0MHB4O2NvbG9yOiNmZmY7Zm9udC1zaXplOjE2cHg7YmFja2dyb3VuZDojNmJiM2Y2O3BhZGRpbmctbGVmdDoyMHB4OyI+572R56uZ6Ziy54Gr5aKZPC9kaXY+DQogIDxkaXYgc3R5bGU9ImJvcmRlcjoxcHggZGFzaGVkICNjZGNlY2U7Ym9yZGVyLXRvcDpub25lO2ZvbnQtc2l6ZToxNHB4O2hlaWdodDoyMjBweDtwYWRkaW5nOjIwcHg7YmFja2dyb3VuZDojZjNmN2Y5OyI+DQogICAgPHAgc3R5bGU9ImZvbnQtd2VpZ2h0OjYwMDtjb2xvcjojZmM0ZjAzOyI+5oKo55qE6K+35rGC5bim5pyJ5LiN5ZCI5rOV5Y+C5pWw77yM5bey6KKr572R56uZ566h55CG5ZGY6K6+572u5oum5oiq77yBPC9wPg0KICAgIDxwPuWPr+iDveWOn+WboO+8muaCqOaPkOS6pOeahOWGheWuueWMheWQq+WNsemZqeeahOaUu+WHu+ivt+axgjwvcD4NCiAgICA8cCBzdHlsZT0ibWFyZ2luLXRvcDoxNXB4OyI+5aaC5L2V6Kej5Yaz77yaPC9wPg0KICAgIDxwPjHvvInmo4Dmn6Xmj5DkuqTlhoXlrrnvvJs8L3A+DQogICAgPHA+Mu+8ieWmgue9keermeaJmOeuoe+8jOivt+iBlOezu+epuumXtOaPkOS+m+WVhu+8mzwvcD4NCiAgICA8cD4z77yJ5pmu6YCa572R56uZ6K6/5a6i77yM6K+36IGU57O7572R56uZ566h55CG5ZGY77ybPC9wPg0KICA8L2Rpdj4NCjwvZGl2Pg0KPC9ib2R5Pg0KPC9odG1sPg==',
    27. 

  27.             'rules' => [
    28. 

  28.                 'get' => [
    29. 

  29.                     'content' => $_GET,
    30. 

  30.                     'filter' => "\\<.+javascript:window\\[.{1}\\\\x|<.*=(&#\\d+?;?)+?>|<.*(data|src)=data:text\\/html.*>|\\b(alert\\(|confirm\\(|expression\\(|prompt\\(|benchmark\s*?\(.*\)|sleep\s*?\(.*\)|\\b(group_)?concat[\\s\\/\\*]*?\\([^\\)]+?\\)|\bcase[\s\/\*]*?when[\s\/\*]*?\([^\)]+?\)|load_file\s*?\\()|<[a-z]+?\\b[^>]*?\\bon([a-z]{4,})\s*?=|^\\+\\/v(8|9)|\\b(and|or)\\b\\s*?([\\(\\)'\"\\d]+?=[\\(\\)'\"\\d]+?|[\\(\\)'\"a-zA-Z]+?=[\\(\\)'\"a-zA-Z]+?|>|<|\s+?[\\w]+?\\s+?\\bin\\b\\s*?\(|\\blike\\b\\s+?[\"'])|\\/\\*.*\\*\\/|<\\s*script\\b|\\bEXEC\\b|UNION.+?SELECT\s*(\(.+\)\s*|@{1,2}.+?\s*|\s+?.+?|(`|'|\").*?(`|'|\")\s*)|UPDATE\s*(\(.+\)\s*|@{1,2}.+?\s*|\s+?.+?|(`|'|\").*?(`|'|\")\s*)SET|INSERT\\s+INTO.+?VALUES|(SELECT|DELETE)@{0,2}(\\(.+\\)|\\s+?.+?\\s+?|(`|'|\").*?(`|'|\"))FROM(\\(.+\\)|\\s+?.+?|(`|'|\").*?(`|'|\"))|(CREATE|ALTER|DROP|TRUNCATE)\\s+(TABLE|DATABASE)",
    31. 

  31.                ],
    32. 

  32.                 'post' => [
    33. 

  33.                     'content' => $_POST,
    34. 

  34.                     'filter' => "<.*=(&#\\d+?;?)+?>|<.*data=data:text\\/html.*>|\\b(alert\\(|confirm\\(|expression\\(|prompt\\(|benchmark\s*?\(.*\)|sleep\s*?\(.*\)|\\b(group_)?concat[\\s\\/\\*]*?\\([^\\)]+?\\)|\bcase[\s\/\*]*?when[\s\/\*]*?\([^\)]+?\)|load_file\s*?\\()|<[^>]*?\\b(onerror|onmousemove|onload|onclick|onmouseover)\\b|\\b(and|or)\\b\\s*?([\\(\\)'\"\\d]+?=[\\(\\)'\"\\d]+?|[\\(\\)'\"a-zA-Z]+?=[\\(\\)'\"a-zA-Z]+?|>|<|\s+?[\\w]+?\\s+?\\bin\\b\\s*?\(|\\blike\\b\\s+?[\"'])|\\/\\*.*\\*\\/|<\\s*script\\b|\\bEXEC\\b|UNION.+?SELECT\s*(\(.+\)\s*|@{1,2}.+?\s*|\s+?.+?|(`|'|\").*?(`|'|\")\s*)|UPDATE\s*(\(.+\)\s*|@{1,2}.+?\s*|\s+?.+?|(`|'|\").*?(`|'|\")\s*)SET|INSERT\\s+INTO.+?VALUES|(SELECT|DELETE)(\\(.+\\)|\\s+?.+?\\s+?|(`|'|\").*?(`|'|\"))FROM(\\(.+\\)|\\s+?.+?|(`|'|\").*?(`|'|\"))|(CREATE|ALTER|DROP|TRUNCATE)\\s+(TABLE|DATABASE)",
    35. 

  35.                ],
    36. 

  36.                 'cookie' => [
    37. 

  37.                     'content' => $_COOKIE,
    38. 

  38.                     'filter' => "benchmark\s*?\(.*\)|sleep\s*?\(.*\)|load_file\s*?\\(|\\b(and|or)\\b\\s*?([\\(\\)'\"\\d]+?=[\\(\\)'\"\\d]+?|[\\(\\)'\"a-zA-Z]+?=[\\(\\)'\"a-zA-Z]+?|>|<|\s+?[\\w]+?\\s+?\\bin\\b\\s*?\(|\\blike\\b\\s+?[\"'])|\\/\\*.*\\*\\/|<\\s*script\\b|\\bEXEC\\b|UNION.+?SELECT\s*(\(.+\)\s*|@{1,2}.+?\s*|\s+?.+?|(`|'|\").*?(`|'|\")\s*)|UPDATE\s*(\(.+\)\s*|@{1,2}.+?\s*|\s+?.+?|(`|'|\").*?(`|'|\")\s*)SET|INSERT\\s+INTO.+?VALUES|(SELECT|DELETE)@{0,2}(\\(.+\\)|\\s+?.+?\\s+?|(`|'|\").*?(`|'|\"))FROM(\\(.+\\)|\\s+?.+?|(`|'|\").*?(`|'|\"))|(CREATE|ALTER|DROP|TRUNCATE)\\s+(TABLE|DATABASE)",
    39. 

  39.                ],
    40. 

  40.                 'referer' => [
    41. 

  41.                     'content' => isset($_SERVER['HTTP_REFERER']) ?: '',
    42. 

  42.                     'filter' => "\\<.+javascript:window\\[.{1}\\\\x|<.*=(&#\\d+?;?)+?>|<.*(data|src)=data:text\\/html.*>|\\b(alert\\(|confirm\\(|expression\\(|prompt\\(|benchmark\s*?\(.*\)|sleep\s*?\(.*\)|\\b(group_)?concat[\\s\\/\\*]*?\\([^\\)]+?\\)|\bcase[\s\/\*]*?when[\s\/\*]*?\([^\)]+?\)|load_file\s*?\\()|<[a-z]+?\\b[^>]*?\\bon([a-z]{4,})\s*?=|^\\+\\/v(8|9)|\\b(and|or)\\b\\s*?([\\(\\)'\"\\d]+?=[\\(\\)'\"\\d]+?|[\\(\\)'\"a-zA-Z]+?=[\\(\\)'\"a-zA-Z]+?|>|<|\s+?[\\w]+?\\s+?\\bin\\b\\s*?\(|\\blike\\b\\s+?[\"'])|\\/\\*.*\\*\\/|<\\s*script\\b|\\bEXEC\\b|UNION.+?SELECT\s*(\(.+\)\s*|@{1,2}.+?\s*|\s+?.+?|(`|'|\").*?(`|'|\")\s*)|UPDATE\s*(\(.+\)\s*|@{1,2}.+?\s*|\s+?.+?|(`|'|\").*?(`|'|\")\s*)SET|INSERT\\s+INTO.+?VALUES|(SELECT|DELETE)@{0,2}(\\(.+\\)|\\s+?.+?\\s+?|(`|'|\").*?(`|'|\"))FROM(\\(.+\\)|\\s+?.+?|(`|'|\").*?(`|'|\"))|(CREATE|ALTER|DROP|TRUNCATE)\\s+(TABLE|DATABASE)",
    43. 

  43.                ],
    44. 

  44.            ],
    45. 

  45.         ];
    46. 

  46. 

  47.         //默认配置
    48. 

  48.         if (empty($config)) {
    49. 

  49.             $config = $_config;
    50. 

  50.         }
    51. 

  51. 

  52.         //格式化白名单
    53. 

  53.         if (!is_array($config['white_urls']) && $config['white_urls']) {
    54. 

  54.             $config['white_urls'] = explode("\n", $config['white_urls']);
    55. 

  55.         }
    56. 

  56. 

  57.         //遍历规则排除白名单参数 并删除 该白名单网址
    58. 

  58.         foreach ($config['white_urls'] as $index => $url) {
    59. 

  59.             $url = trim($url);
    60. 

  60.             if (strpos($url, '=>')) {
    61. 

  61.                 //获取白名单参数
    62. 

  62.                 list($_url, $_param) = explode('=>', $url);
    63. 

  63.                 //判断是否符合当前url
    64. 

  64.                 $_url = preg_quote($_url, '/');
    65. 

  65.                 $_url = str_replace('\^', '^', $_url);
    66. 

  66.                 $_url = str_replace('\*', '[\s\S]*', $_url);
    67. 

  67.                 if (preg_match("/" . $_url . "/is", $config['url'], $matches)) {
    68. 

  68.                     $params = explode(',', $_param);
    69. 

  69.                     foreach ($params as $param) {
    70. 

  70.                         list($type, $name) = explode('.', $param);
    71. 

  71.                         unset($config['rules'][$type]['content'][$name]);
    72. 

  72.                     }
    73. 

  73.                 }
    74. 

  74.                 unset($config['white_urls'][$index]);
    75. 

  75.             }
    76. 

  76.         }
    77. 

  77.         $this->config = $config;
    78. 

  78.     }
    79. 

  79. 

  80.     /**
    81. 

  81.      *
    82. 

  82.      *
    83. 

  83.      * @author 许祖兴 < zuxing.xu@lettered.cn>
    84. 

  84.      * @date 2020/3/23 16:42
    85. 

  85.      *
    86. 

  86.      * @param $request
    87. 

  87.      * @param \Closure $next
    88. 

  88.      * @return bool|mixed
    89. 

  89.      * @throws ForbiddenException
    90. 

  90.      */
    91. 

  91.     public function handle($request, \Closure $next)
    92. 

  92.     {
    93. 

  93.         //判断白名单
    94. 

  94.         if (!$this->inWhiteList()) {
    95. 

  95.             //遍历判断规则
    96. 

  96.             foreach ($this->config['rules'] as $rule) {
    97. 

  97.                 if ($rule['content'] && $rule['filter']) {
    98. 

  98.                     $content = var_export($rule['content'], true);
    99. 

  99.                     if (preg_match("/" . $rule['filter'] . "/is", $content, $matches)) {
    100. 

  100.                         //exit(base64_decode($this->config['http_html']));
    101. 

  101.                         throw new ForbiddenException([
    102. 

  102.                             'errmsg' => 'Forbidden: Invalid request params!'
    103. 

  103.                         ]);
    104. 

  104.                     }
    105. 

  105.                 }
    106. 

  106.             }
    107. 

  107.         }
    108. 

  108.         return $next($request);
    109. 

  109.     }
    110. 

  110. 

  111.     /**
    112. 

  112.      * 判断是否在白名单里
    113. 

  113.      *
    114. 

  114.      * @author 许祖兴 < zuxing.xu@lettered.cn>
    115. 

  115.      * @date 2020/3/23 16:40
    116. 

  116.      *
    117. 

  117.      * @return bool
    118. 

  118.      */
    119. 

  119.     private function inWhiteList()
    120. 

  120.     {
    121. 

  121.         if (!$this->config['white_urls']) {
    122. 

  122.             return false;
    123. 

  123.         }
    124. 

  124.         //判断白名单(^)匹配开头(*)匹配任意字符 不含括号
    125. 

  125.         foreach ($this->config['white_urls'] as $url) {
    126. 

  126.             $url = trim($url);
    127. 

  127.             $url = preg_quote($url, '/');
    128. 

  128.             $url = str_replace('\^', '^', $url);
    129. 

  129.             $url = str_replace('\*', '[\s\S]*', $url);
    130. 

  130.             if (preg_match("/" . $url . "/is", $this->config['url'], $matches)) {
    131. 

  131.                 return true;
    132. 

  132.             }
    133. 

  133.         }
    134. 

  134.         return false;
    135. 

  135.     }
    136. 

  136. }
    137.