Documentation
¶
Index ¶
- Constants
- Variables
- func Eval(env *cel.Env, expression string, params map[string]any) (ref.Val, error)
- func ReadComplieOptions(reg ref.TypeRegistry) []cel.EnvOption
- func ReadProgramOptions(reg ref.TypeRegistry) []cel.ProgramOption
- func WriteRuleIsVulOptions(c CustomLib, key string, isVul bool)
- type Checker
- type CustomLib
- func (c *CustomLib) CompileOptions() []cel.EnvOption
- func (c *CustomLib) NewCelEnv() (env *cel.Env, err error)
- func (c *CustomLib) ProgramOptions() []cel.ProgramOption
- func (c *CustomLib) Reset()
- func (c *CustomLib) RunEval(expression string, variablemap map[string]any) (ref.Val, error)
- func (c *CustomLib) UpdateCompileOption(k string, t *exprpb.Type)
- func (c *CustomLib) WriteRuleFunctionsROptions(funcName string, returnBool bool)
- func (c *CustomLib) WriteRuleSetOptions(args yaml.MapSlice)
- type Engine
- type OnResult
- type Runner
- type TransData
Constants ¶
View Source
const (
ActiveTarget = -99
)
Variables ¶
View Source
var ( StrStrMapType = decls.NewMapType(decls.String, decls.String) NewEnvOptions = []cel.EnvOption{ cel.Container("proto"), cel.Types( &proto.UrlType{}, &proto.Request{}, &proto.Response{}, &proto.Reverse{}, StrStrMapType, ), cel.Declarations( decls.NewVar("request", decls.NewObjectType("proto.Request")), decls.NewVar("response", decls.NewObjectType("proto.Response")), ), cel.Declarations( decls.NewFunction("icontains", decls.NewInstanceOverload("string_icontains_string", []*exprpb.Type{decls.String, decls.String}, decls.Bool)), decls.NewFunction("substr", decls.NewOverload("substr_string_int_int", []*exprpb.Type{decls.String, decls.Int, decls.Int}, decls.String)), decls.NewFunction("replaceAll", decls.NewOverload("replaceAll_string_string_string", []*exprpb.Type{decls.String, decls.String, decls.String}, decls.String)), decls.NewFunction("printable", decls.NewOverload("printable_string", []*exprpb.Type{decls.String}, decls.String)), decls.NewFunction("toUintString", decls.NewOverload("toUintString_string_string", []*exprpb.Type{decls.String, decls.String}, decls.String)), decls.NewFunction("bcontains", decls.NewInstanceOverload("bytes_bcontains_bytes", []*exprpb.Type{decls.Bytes, decls.Bytes}, decls.Bool)), decls.NewFunction("ibcontains", decls.NewInstanceOverload("bytes_ibcontains_bytes", []*exprpb.Type{decls.Bytes, decls.Bytes}, decls.Bool)), decls.NewFunction("bstartsWith", decls.NewInstanceOverload("bytes_bstartsWith_bytes", []*exprpb.Type{decls.Bytes, decls.Bytes}, decls.Bool)), decls.NewFunction("md5", decls.NewOverload("md5_string", []*exprpb.Type{decls.String}, decls.String)), decls.NewFunction("base64", decls.NewOverload("base64_string", []*exprpb.Type{decls.String}, decls.String)), decls.NewFunction("base64", decls.NewOverload("base64_bytes", []*exprpb.Type{decls.Bytes}, decls.String)), decls.NewFunction("base64Decode", decls.NewOverload("base64Decode_string", []*exprpb.Type{decls.String}, decls.String)), decls.NewFunction("base64Decode", decls.NewOverload("base64Decode_bytes", []*exprpb.Type{decls.Bytes}, decls.String)), decls.NewFunction("urlencode", decls.NewOverload("urlencode_string", []*exprpb.Type{decls.String}, decls.String)), decls.NewFunction("urlencode", decls.NewOverload("urlencode_bytes", []*exprpb.Type{decls.Bytes}, decls.String)), decls.NewFunction("urldecode", decls.NewOverload("urldecode_string", []*exprpb.Type{decls.String}, decls.String)), decls.NewFunction("urldecode", decls.NewOverload("urldecode_bytes", []*exprpb.Type{decls.Bytes}, decls.String)), decls.NewFunction("faviconHash", decls.NewOverload("faviconHash_stringOrBytes", []*exprpb.Type{decls.Any}, decls.Int)), decls.NewFunction("randomInt", decls.NewOverload("randomInt_int_int", []*exprpb.Type{decls.Int, decls.Int}, decls.Int)), decls.NewFunction("randomLowercase", decls.NewOverload("randomLowercase_int", []*exprpb.Type{decls.Int}, decls.String)), decls.NewFunction("submatch", decls.NewInstanceOverload("string_submatch_string", []*exprpb.Type{decls.String, decls.String}, StrStrMapType, )), decls.NewFunction("bsubmatch", decls.NewInstanceOverload("string_bsubmatch_bytes", []*exprpb.Type{decls.String, decls.Bytes}, StrStrMapType, )), decls.NewFunction("bmatches", decls.NewInstanceOverload("string_bmatches_bytes", []*exprpb.Type{decls.String, decls.Bytes}, decls.Bool)), decls.NewFunction("wait", decls.NewInstanceOverload("reverse_wait_int", []*exprpb.Type{decls.Any, decls.Int}, decls.Bool)), decls.NewFunction("jndi", decls.NewInstanceOverload("reverse_jndi_int", []*exprpb.Type{decls.Any, decls.Int}, decls.Bool)), decls.NewFunction("sleep", decls.NewOverload("sleep_int", []*exprpb.Type{decls.Int}, decls.Null)), decls.NewFunction("year", decls.NewOverload("year_string", []*exprpb.Type{decls.Int}, decls.String)), decls.NewFunction("shortyear", decls.NewOverload("shortyear_string", []*exprpb.Type{decls.Int}, decls.String)), decls.NewFunction("month", decls.NewOverload("month_string", []*exprpb.Type{decls.Int}, decls.String)), decls.NewFunction("day", decls.NewOverload("day_string", []*exprpb.Type{decls.Int}, decls.String)), decls.NewFunction("timestamp_second", decls.NewOverload("timestamp_second_string", []*exprpb.Type{decls.Int}, decls.String)), ), } )
View Source
var CheckerPool = sync.Pool{ New: func() any { return &Checker{ Options: &config.Options{}, VariableMap: make(map[string]any), Result: &result.Result{}, CustomLib: NewCustomLib(), } }, }
View Source
var MMutex = &sync.Mutex{}
View Source
var ( NewProgramOptions = []cel.ProgramOption{ cel.Functions( &functions.Overload{ Operator: "string_icontains_string", Binary: func(lhs ref.Val, rhs ref.Val) ref.Val { v1, ok := lhs.(types.String) if !ok { return types.ValOrErr(lhs, "unexpected type '%v' passed to contains", lhs.Type()) } v2, ok := rhs.(types.String) if !ok { return types.ValOrErr(rhs, "unexpected type '%v' passed to contains", rhs.Type()) } return types.Bool(strings.Contains(strings.ToLower(string(v1)), strings.ToLower(string(v2)))) }, }, &functions.Overload{ Operator: "substr_string_int_int", Function: func(values ...ref.Val) ref.Val { if len(values) == 3 { str, ok := values[0].(types.String) if !ok { return types.NewErr("invalid string to 'substr'") } start, ok := values[1].(types.Int) if !ok { return types.NewErr("invalid start to 'substr'") } length, ok := values[2].(types.Int) if !ok { return types.NewErr("invalid length to 'substr'") } runes := []rune(str) if start < 0 || length < 0 || int(start+length) > len(runes) { return types.NewErr("invalid start or length to 'substr'") } return types.String(runes[start : start+length]) } else { return types.NewErr("too many arguments to 'substr'") } }, }, &functions.Overload{ Operator: "replaceAll_string_string_string", Function: func(values ...ref.Val) ref.Val { s, ok := values[0].(types.String) if !ok { return types.ValOrErr(s, "unexpected type '%v' passed to replaceAll", s.Type()) } old, ok := values[1].(types.String) if !ok { return types.ValOrErr(old, "unexpected type '%v' passed to replaceAll", old.Type()) } new, ok := values[2].(types.String) if !ok { return types.ValOrErr(new, "unexpected type '%v' passed to replaceAll", new.Type()) } return types.String(strings.ReplaceAll(string(s), string(old), string(new))) }, }, &functions.Overload{ Operator: "printable_string", Unary: func(value ref.Val) ref.Val { s, ok := value.(types.String) if !ok { return types.ValOrErr(s, "unexpected type '%v' passed to printable", s.Type()) } clean := strings.Map(func(r rune) rune { if unicode.IsPrint(r) { return r } return -1 }, string(s)) return types.String(clean) }, }, &functions.Overload{ Operator: "toUintString_string_string", Function: func(values ...ref.Val) ref.Val { s1, ok := values[0].(types.String) s := string(s1) if !ok { return types.ValOrErr(s1, "unexpected type '%v' passed to toUintString", s1.Type()) } direction, ok := values[1].(types.String) if !ok { return types.ValOrErr(direction, "unexpected type '%v' passed to toUintString", direction.Type()) } if direction == "<" { s = utils.ReverseString(s) } if _, err := strconv.Atoi(s); err == nil { return types.String(s) } else { return types.NewErr("%v", err) } }, }, &functions.Overload{ Operator: "bytes_bcontains_bytes", Binary: func(lhs ref.Val, rhs ref.Val) ref.Val { v1, ok := lhs.(types.Bytes) if !ok { return types.ValOrErr(lhs, "unexpected type '%v' passed to bcontains", lhs.Type()) } v2, ok := rhs.(types.Bytes) if !ok { return types.ValOrErr(rhs, "unexpected type '%v' passed to bcontains", rhs.Type()) } return types.Bool(bytes.Contains(v1, v2)) }, }, &functions.Overload{ Operator: "bytes_ibcontains_bytes", Binary: func(lhs ref.Val, rhs ref.Val) ref.Val { v1, ok := lhs.(types.Bytes) if !ok { return types.ValOrErr(lhs, "unexpected type '%v' passed to bcontains", lhs.Type()) } v2, ok := rhs.(types.Bytes) if !ok { return types.ValOrErr(rhs, "unexpected type '%v' passed to bcontains", rhs.Type()) } return types.Bool(bytes.Contains(bytes.ToLower(v1), bytes.ToLower(v2))) }, }, &functions.Overload{ Operator: "bytes_bstartsWith_bytes", Binary: func(lhs ref.Val, rhs ref.Val) ref.Val { v1, ok := lhs.(types.Bytes) if !ok { return types.ValOrErr(lhs, "unexpected type '%v' passed to bstartsWith", lhs.Type()) } v2, ok := rhs.(types.Bytes) if !ok { return types.ValOrErr(rhs, "unexpected type '%v' passed to bstartsWith", rhs.Type()) } return types.Bool(bytes.HasPrefix(v1, v2)) }, }, &functions.Overload{ Operator: "md5_string", Unary: func(value ref.Val) ref.Val { v, ok := value.(types.String) if !ok { return types.ValOrErr(value, "unexpected type '%v' passed to md5_string", value.Type()) } return types.String(fmt.Sprintf("%x", md5.Sum([]byte(v)))) }, }, &functions.Overload{ Operator: "base64_string", Unary: func(value ref.Val) ref.Val { v, ok := value.(types.String) if !ok { return types.ValOrErr(value, "unexpected type '%v' passed to base64_string", value.Type()) } return types.String(base64.StdEncoding.EncodeToString([]byte(v))) }, }, &functions.Overload{ Operator: "base64_bytes", Unary: func(value ref.Val) ref.Val { v, ok := value.(types.Bytes) if !ok { return types.ValOrErr(value, "unexpected type '%v' passed to base64_bytes", value.Type()) } return types.String(base64.StdEncoding.EncodeToString(v)) }, }, &functions.Overload{ Operator: "base64Decode_string", Unary: func(value ref.Val) ref.Val { v, ok := value.(types.String) if !ok { return types.ValOrErr(value, "unexpected type '%v' passed to base64Decode_string", value.Type()) } decodeBytes, err := base64.StdEncoding.DecodeString(string(v)) if err != nil { return types.NewErr("%v", err) } return types.String(decodeBytes) }, }, &functions.Overload{ Operator: "base64Decode_bytes", Unary: func(value ref.Val) ref.Val { v, ok := value.(types.Bytes) if !ok { return types.ValOrErr(value, "unexpected type '%v' passed to base64Decode_bytes", value.Type()) } decodeBytes, err := base64.StdEncoding.DecodeString(string(v)) if err != nil { return types.NewErr("%v", err) } return types.String(decodeBytes) }, }, &functions.Overload{ Operator: "urlencode_string", Unary: func(value ref.Val) ref.Val { v, ok := value.(types.String) if !ok { return types.ValOrErr(value, "unexpected type '%v' passed to urlencode_string", value.Type()) } return types.String(url.QueryEscape(string(v))) }, }, &functions.Overload{ Operator: "urlencode_bytes", Unary: func(value ref.Val) ref.Val { v, ok := value.(types.Bytes) if !ok { return types.ValOrErr(value, "unexpected type '%v' passed to urlencode_bytes", value.Type()) } return types.String(url.QueryEscape(string(v))) }, }, &functions.Overload{ Operator: "urldecode_string", Unary: func(value ref.Val) ref.Val { v, ok := value.(types.String) if !ok { return types.ValOrErr(value, "unexpected type '%v' passed to urldecode_string", value.Type()) } decodeString, err := url.QueryUnescape(string(v)) if err != nil { return types.NewErr("%v", err) } return types.String(decodeString) }, }, &functions.Overload{ Operator: "urldecode_bytes", Unary: func(value ref.Val) ref.Val { v, ok := value.(types.Bytes) if !ok { return types.ValOrErr(value, "unexpected type '%v' passed to urldecode_bytes", value.Type()) } decodeString, err := url.QueryUnescape(string(v)) if err != nil { return types.NewErr("%v", err) } return types.String(decodeString) }, }, &functions.Overload{ Operator: "faviconHash_stringOrBytes", Unary: func(value ref.Val) ref.Val { b, ok := value.(types.Bytes) if !ok { bStr, ok := value.(types.String) b = []byte(bStr) if !ok { return types.ValOrErr(bStr, "unexpected type '%v' passed to faviconHash", bStr.Type()) } } return types.Int(utils.Mmh3Hash32(utils.Base64Encode(b))) }, }, &functions.Overload{ Operator: "randomInt_int_int", Binary: func(lhs ref.Val, rhs ref.Val) ref.Val { from, ok := lhs.(types.Int) if !ok { return types.ValOrErr(lhs, "unexpected type '%v' passed to randomInt", lhs.Type()) } to, ok := rhs.(types.Int) if !ok { return types.ValOrErr(rhs, "unexpected type '%v' passed to randomInt", rhs.Type()) } min, max := int(from), int(to) return types.Int(rand.Intn(max-min) + min) }, }, &functions.Overload{ Operator: "randomLowercase_int", Unary: func(value ref.Val) ref.Val { n, ok := value.(types.Int) if !ok { return types.ValOrErr(value, "unexpected type '%v' passed to randomLowercase", value.Type()) } return types.String(utils.RandLetters(int(n))) }, }, &functions.Overload{ Operator: "string_bmatches_bytes", Binary: func(lhs ref.Val, rhs ref.Val) ref.Val { var isMatch = false var err error v1, ok := lhs.(types.String) if !ok { return types.ValOrErr(lhs, "unexpected type '%v' passed to bmatches", lhs.Type()) } v2, ok := rhs.(types.Bytes) if !ok { return types.ValOrErr(rhs, "unexpected type '%v' passed to bmatches", rhs.Type()) } re := regexp2.MustCompile(string(v1), 0) if isMatch, err = re.MatchString(string([]byte(v2))); err != nil { return types.NewErr("%v", err) } return types.Bool(isMatch) }, }, &functions.Overload{ Operator: "reverse_wait_int", Binary: func(lhs ref.Val, rhs ref.Val) ref.Val { reverse, ok := lhs.Value().(*proto.Reverse) if !ok { return types.ValOrErr(lhs, "unexpected type '%v' passed to 'wait'", lhs.Type()) } timeout, ok := rhs.Value().(int64) if !ok { return types.ValOrErr(rhs, "unexpected type '%v' passed to 'wait'", rhs.Type()) } return types.Bool(reverseCheck(reverse, timeout)) }, }, &functions.Overload{ Operator: "reverse_jndi_int", Binary: func(lhs ref.Val, rhs ref.Val) ref.Val { reverse, ok := lhs.Value().(*proto.Reverse) if !ok { return types.ValOrErr(lhs, "unexpected type '%v' passed to 'wait'", lhs.Type()) } timeout, ok := rhs.Value().(int64) if !ok { return types.ValOrErr(rhs, "unexpected type '%v' passed to 'wait'", rhs.Type()) } return types.Bool(jndiCheck(reverse, timeout)) }, }, &functions.Overload{ Operator: "sleep_int", Unary: func(value ref.Val) ref.Val { v, ok := value.(types.Int) if !ok { return types.ValOrErr(value, "unexpected type '%v' passed to sleep", value.Type()) } time.Sleep(time.Duration(v) * time.Second) return nil }, }, &functions.Overload{ Operator: "year_string", Unary: func(value ref.Val) ref.Val { year := time.Now().Format("2006") return types.String(year) }, }, &functions.Overload{ Operator: "shortyear_string", Unary: func(value ref.Val) ref.Val { year := time.Now().Format("06") return types.String(year) }, }, &functions.Overload{ Operator: "month_string", Unary: func(value ref.Val) ref.Val { month := time.Now().Format("01") return types.String(month) }, }, &functions.Overload{ Operator: "day_string", Unary: func(value ref.Val) ref.Val { day := time.Now().Format("02") return types.String(day) }, }, &functions.Overload{ Operator: "timestamp_second_string", Unary: func(value ref.Val) ref.Val { timestamp := strconv.FormatInt(time.Now().Unix(), 10) return types.String(timestamp) }, }, ), } )
Functions ¶
func ReadComplieOptions ¶
func ReadComplieOptions(reg ref.TypeRegistry) []cel.EnvOption
func ReadProgramOptions ¶
func ReadProgramOptions(reg ref.TypeRegistry) []cel.ProgramOption
func WriteRuleIsVulOptions ¶
追加rule变量到 cel options
Types ¶
type Checker ¶
type Checker struct {
Options *config.Options
// OriginalRequest *http.Request
VariableMap map[string]any
Result *result.Result
CustomLib *CustomLib
}
func (*Checker) UpdateVariableMap ¶
func (c *Checker) UpdateVariableMap(args yaml.MapSlice)
type CustomLib ¶
type CustomLib struct {
// contains filtered or unexported fields
}
func NewCustomLib ¶
func NewCustomLib() *CustomLib
func (*CustomLib) CompileOptions ¶
func (*CustomLib) ProgramOptions ¶
func (c *CustomLib) ProgramOptions() []cel.ProgramOption
func (*CustomLib) UpdateCompileOption ¶
func (*CustomLib) WriteRuleFunctionsROptions ¶
func (*CustomLib) WriteRuleSetOptions ¶
func (c *CustomLib) WriteRuleSetOptions(args yaml.MapSlice)
type Engine ¶
type Engine struct {
// contains filtered or unexported fields
}
func (*Engine) AcquireChecker ¶
func (*Engine) ReleaseChecker ¶
type Runner ¶
type Runner struct {
Report *report.Report
JsonReport *report.JsonReport
OnResult OnResult
PocsYaml utils.StringSlice
PocsEmbedYaml utils.StringSlice
// contains filtered or unexported fields
}
Source Files
Click to show internal directories.
Click to hide internal directories.