envoy-filter-log4shell/main.go at main · codexlynx/envoy-filter-log4shell · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
package main

import (
	"fmt"
	"github.com/tetratelabs/proxy-wasm-go-sdk/proxywasm"
	"github.com/tetratelabs/proxy-wasm-go-sdk/proxywasm/types"
	"regexp"
)

var (
	blockMessage = "This request has been blocked for security reasons."

	regexRules = []string{
		"(?i)(\\$|%24)(\\{|%7b).*j.*n.*d.*i.*(:|%3a)",
	}
)

type vmContext struct {
	types.DefaultVMContext
}

type pluginContext struct {
	types.DefaultPluginContext
}

type httpContext struct {
	types.DefaultHttpContext
}

func (*httpContext) OnHttpRequestHeaders(numHeaders int, endOfStream bool) types.Action {
	if endOfStream {
		headers, err := proxywasm.GetHttpRequestHeaders()
		if err != nil {
			proxywasm.LogCriticalf("failed to get request headers: %v", err)
		}

		fullHeaders := fmt.Sprintf("%v", headers)
		for _, rule := range regexRules {
			regex, err := regexp.Compile(rule)
			if err != nil {
				proxywasm.LogCriticalf("%v", err)
			} else {
				if regex.MatchString(fullHeaders) {
					err := proxywasm.SendHttpResponse(302, nil, []byte(blockMessage), -1)
					if err != nil {
						proxywasm.LogCriticalf("%v", err)
					}

					return types.ActionPause
				}
			}
		}

		return types.ActionContinue
	}
	return types.ActionPause
}

func (*httpContext) OnHttpRequestBody(bodySize int, endOfStream bool) types.Action {
	if endOfStream {
		body, err := proxywasm.GetHttpRequestBody(0, bodySize)
		if err != nil {
			proxywasm.LogCriticalf("failed to get request body: %v", err)
		}

		for _, rule := range regexRules {
			regex, err := regexp.Compile(rule)
			if err != nil {
				proxywasm.LogCriticalf("%v", err)
			} else {
				if regex.MatchString(string(body)) {
					err := proxywasm.SendHttpResponse(302, nil, []byte(blockMessage), -1)
					if err != nil {
						proxywasm.LogCriticalf("%v", err)
					}

					return types.ActionPause
				}
			}
		}

		return types.ActionContinue
	}
	return types.ActionPause
}

func (*pluginContext) NewHttpContext(contextId uint32) types.HttpContext {
	return &httpContext{}
}

func (*vmContext) NewPluginContext(contextId uint32) types.PluginContext {
	return &pluginContext{}
}

func main() {
	proxywasm.SetVMContext(&vmContext{})
}