gfwleak/tango-tfe
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

TSG-6072 Deny动作和Redirect动作日志中存在非格式化日志HTTP.Request Body

Browse Source 
TSG-6095 代理策略monitor动作产生的非格式化下载日志与策略配置不相符
This commit is contained in:
fengweihao
2021-05-10 10:21:31 +08:00
parent c184cf6ad6
commit 91facad80a
5 changed files with 73 additions and 52 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
cache/include/tango_cache_client.h vendored
View File

@@ -144,6 +144,7 @@ struct tango_cache_meta_put
const char* std_hdr[HDR_CONTENT_NUM]; //<2F><><EFBFBD><EFBFBD>ͷ<EFBFBD><CDB7><EFBFBD><EFBFBD><EFBFBD><EFBFBD>"Content-Type: text/html"<22><><EFBFBD><EFBFBD>Ҫ<EFBFBD><D2AA><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>У<EFBFBD>NULL<4C><4C>ʾû<CABE>и<EFBFBD>ͷ<EFBFBD><CDB7><EFBFBD><EFBFBD> const char* std_hdr[HDR_CONTENT_NUM]; //<2F><><EFBFBD><EFBFBD>ͷ<EFBFBD><CDB7><EFBFBD><EFBFBD><EFBFBD><EFBFBD>"Content-Type: text/html"<22><><EFBFBD><EFBFBD>Ҫ<EFBFBD><D2AA><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>У<EFBFBD>NULL<4C><4C>ʾû<CABE>и<EFBFBD>ͷ<EFBFBD><CDB7><EFBFBD><EFBFBD>
const char* usertag; //<2F><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ݣ<EFBFBD>GETʱ<54><CAB1>ԭ<EFBFBD><D4AD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> const char* usertag; //<2F><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ݣ<EFBFBD>GETʱ<54><CAB1>ԭ<EFBFBD><D4AD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
size_t usertag_len; //<2F><><EFBFBD>󳤶<EFBFBD>USER_TAG_MAX_LEN<45><4E>0<EFBFBD><30>ʾû<CABE>и<EFBFBD>ͷ<EFBFBD><CDB7> size_t usertag_len; //<2F><><EFBFBD>󳤶<EFBFBD>USER_TAG_MAX_LEN<45><4E>0<EFBFBD><30>ʾû<CABE>и<EFBFBD>ͷ<EFBFBD><CDB7>
size_t user_log_name;
struct response_freshness put; struct response_freshness put;
}; };

11
cache/src/tango_cache_client.cpp vendored
View File

@@ -414,7 +414,16 @@ struct tango_cache_ctx *tango_cache_update_prepare(struct tango_cache_instance *
if(instance->param->hash_object_key) if(instance->param->hash_object_key)
{ {
caculate_sha256(meta->url, strlen(meta->url), buffer, 72); caculate_sha256(meta->url, strlen(meta->url), buffer, 72);
snprintf(ctx->object_key, 256, "%s/%c%c_%c%c_%s", instance->param->bucketname, buffer[0], buffer[1], buffer[2], buffer[3], buffer+4); if(meta->user_log_name)
{
struct timespec start_time;
clock_gettime(CLOCK_REALTIME,&start_time);
snprintf(ctx->object_key, 256, "%s/%lu_%c%c_%c%c_%s", instance->param->bucketname, start_time.tv_nsec, buffer[0], buffer[1], buffer[2], buffer[3], buffer+4);
}
else
{
snprintf(ctx->object_key, 256, "%s/%c%c_%c%c_%s", instance->param->bucketname, buffer[0], buffer[1], buffer[2], buffer[3], buffer+4);
}
//<2F><><EFBFBD><EFBFBD>ԭʼURL //<2F><><EFBFBD><EFBFBD>ԭʼURL
snprintf(buffer, 2064, "x-amz-meta-url: %s", meta->url); snprintf(buffer, 2064, "x-amz-meta-url: %s", meta->url);
ctx->headers = curl_slist_append(ctx->headers, buffer); ctx->headers = curl_slist_append(ctx->headers, buffer);

2
plugin/business/doh/src/doh.cpp
View File

@@ -205,7 +205,7 @@ static void doh_maat_scan(const struct tfe_stream *stream, const struct tfe_http
{ {
int hit_cnt = 0; int hit_cnt = 0;
int scan_ret = 0; int scan_ret = 0;
int app_id = 135; int app_id = 8006;
struct ipaddr sapp_addr; struct ipaddr sapp_addr;
struct Maat_rule_t *p_result = NULL; struct Maat_rule_t *p_result = NULL;
struct Maat_rule_t result[MAX_SCAN_RESULT]; struct Maat_rule_t result[MAX_SCAN_RESULT];

2
plugin/business/pangu-http/src/pangu_http.cpp
View File

@@ -2374,7 +2374,7 @@ void pangu_on_http_begin(const struct tfe_stream * stream,
{ {
hit_cnt+=scan_ret; hit_cnt+=scan_ret;
} }
int scan_val=106; int scan_val=67;
scan_ret=Maat_scan_intval(g_pangu_rt->maat, g_pangu_rt->scan_table_id[PXY_CTRL_APP_ID], scan_val, result+hit_cnt, MAX_SCAN_RESULT-hit_cnt, &(ctx->scan_mid), (int) thread_id); scan_ret=Maat_scan_intval(g_pangu_rt->maat, g_pangu_rt->scan_table_id[PXY_CTRL_APP_ID], scan_val, result+hit_cnt, MAX_SCAN_RESULT-hit_cnt, &(ctx->scan_mid), (int) thread_id);
if(scan_ret>0) if(scan_ret>0)
{ {

109
plugin/business/pangu-http/src/pangu_logger.cpp
View File

@@ -219,60 +219,71 @@ int pangu_send_log(struct pangu_logger* handle, const struct pangu_log* log_msg)
cJSON_AddStringToObject(common_obj,resp_fields[i].log_filed_name, tmp_val); cJSON_AddStringToObject(common_obj,resp_fields[i].log_filed_name, tmp_val);
} }
} }
char log_file_upload_path[TFE_STRING_MAX]={0}, cont_type_whole[TFE_STRING_MAX]={0};
struct tango_cache_meta_put meta;
char* log_file_key=NULL;;
const char* cont_type_val;
if(log_msg->req_body!=NULL && log_msg->result[0].do_log==1)
{
memset(&meta, 0, sizeof(meta));
asprintf(&log_file_key, "%s.reqbody", http->req->req_spec.url);
meta.url=log_file_key;
cont_type_val=tfe_http_std_field_read(http->req, TFE_HTTP_CONT_TYPE);
if(cont_type_val!=NULL)
{
snprintf(cont_type_whole, sizeof(cont_type_whole), "Content-Type:%s", cont_type_val);
meta.std_hdr[0]=cont_type_whole;
}
tmp=cache_evbase_upload_once_evbuf(handle->log_file_upload_instance, NULL,
log_msg->req_body,
&meta,
log_file_upload_path, sizeof(log_file_upload_path));
if(tmp==0)
{
cJSON_AddStringToObject(common_obj, "http_request_body", log_file_upload_path);
}
else
{
TFE_LOG_ERROR(handle->local_logger, "Upload req_body failed.");
}
free(log_file_key);
}
if(log_msg->resp_body!=NULL && log_msg->result[0].do_log==1)
{
memset(&meta, 0, sizeof(meta));
asprintf(&log_file_key, "%s.respbody", http->req->req_spec.url);
meta.url=log_file_key;
cont_type_val=tfe_http_std_field_read(http->resp, TFE_HTTP_CONT_TYPE);
if(cont_type_val!=NULL)
{
snprintf(cont_type_whole, sizeof(cont_type_whole), "Content-Type:%s", cont_type_val);
meta.std_hdr[0]=cont_type_whole;
}
tmp=cache_evbase_upload_once_evbuf(handle->log_file_upload_instance, NULL,
log_msg->resp_body,
&meta,
log_file_upload_path, sizeof(log_file_upload_path));
if(tmp==0) for(size_t i=0; i<log_msg->result_num; i++)
{
if(log_msg->result[i].do_log!=1)
{ {
cJSON_AddStringToObject(common_obj, "http_response_body", log_file_upload_path); continue;
} }
else
char log_file_upload_path[TFE_STRING_MAX]={0}, cont_type_whole[TFE_STRING_MAX]={0};
struct tango_cache_meta_put meta;
char* log_file_key=NULL;;
const char* cont_type_val;
if(log_msg->req_body!=NULL)
{ {
TFE_LOG_ERROR(handle->local_logger, "Upload resp_body failed."); memset(&meta, 0, sizeof(meta));
asprintf(&log_file_key, "%s.reqbody", http->req->req_spec.url);
meta.url=log_file_key;
cont_type_val=tfe_http_std_field_read(http->req, TFE_HTTP_CONT_TYPE);
if(cont_type_val!=NULL)
{
snprintf(cont_type_whole, sizeof(cont_type_whole), "Content-Type:%s", cont_type_val);
meta.std_hdr[0]=cont_type_whole;
}
meta.user_log_name=1;
tmp=cache_evbase_upload_once_evbuf(handle->log_file_upload_instance, NULL,
log_msg->req_body,
&meta,
log_file_upload_path, sizeof(log_file_upload_path));
if(tmp==0)
{
cJSON_AddStringToObject(common_obj, "http_request_body", log_file_upload_path);
}
else
{
TFE_LOG_ERROR(handle->local_logger, "Upload req_body failed.");
}
free(log_file_key);
}
if(log_msg->resp_body!=NULL)
{
memset(&meta, 0, sizeof(meta));
asprintf(&log_file_key, "%s.respbody", http->req->req_spec.url);
meta.url=log_file_key;
cont_type_val=tfe_http_std_field_read(http->resp, TFE_HTTP_CONT_TYPE);
if(cont_type_val!=NULL)
{
snprintf(cont_type_whole, sizeof(cont_type_whole), "Content-Type:%s", cont_type_val);
meta.std_hdr[0]=cont_type_whole;
}
meta.user_log_name=1;
tmp=cache_evbase_upload_once_evbuf(handle->log_file_upload_instance, NULL,
log_msg->resp_body,
&meta,
log_file_upload_path, sizeof(log_file_upload_path));
if(tmp==0)
{
cJSON_AddStringToObject(common_obj, "http_response_body", log_file_upload_path);
}
else
{
TFE_LOG_ERROR(handle->local_logger, "Upload resp_body failed.");
}
free(log_file_key);
} }
free(log_file_key);
} }
for(size_t i=0; i<log_msg->result_num; i++) for(size_t i=0; i<log_msg->result_num; i++)