bugfix: plugin will block GET request

alibaba · Oct 24, 2024 · 6f18814 · 6f18814
1 parent d76f574
commit 6f18814
Show file tree

Hide file tree

Showing 2 changed files with 30 additions and 5 deletions.
diff --git a/plugins/wasm-go/extensions/ai-security-guard/main.go b/plugins/wasm-go/extensions/ai-security-guard/main.go
@@ -187,10 +187,6 @@ func onHttpRequestHeaders(ctx wrapper.HttpContext, config AISecurityConfig, log
 		log.Debugf("request checking is disabled")
 		ctx.DontReadRequestBody()
 	}
-	if !config.checkResponse {
-		log.Debugf("response checking is disabled")
-		ctx.DontReadResponseBody()
-	}
 	return types.ActionContinue
 }
 
@@ -199,7 +195,7 @@ func onHttpRequestBody(ctx wrapper.HttpContext, config AISecurityConfig, body []
 	content := gjson.GetBytes(body, config.requestContentJsonPath).Raw
 	model := gjson.GetBytes(body, "model").Raw
 	ctx.SetContext("requestModel", model)
-	log.Debugf("Raw response content is: %s", content)
+	log.Debugf("Raw request content is: %s", content)
 	if len(content) > 0 {
 		timestamp := time.Now().UTC().Format("2006-01-02T15:04:05Z")
 		randomID, _ := generateHexID(16)
@@ -326,6 +322,14 @@ func onHttpResponseHeaders(ctx wrapper.HttpContext, config AISecurityConfig, log
 		log.Warnf("failed to get response headers: %v", err)
 		return types.ActionContinue
 	}
+	if !config.checkResponse {
+		log.Debugf("response checking is disabled")
+		ctx.DontReadResponseBody()
+		return types.ActionContinue
+	}
+	if !wrapper.HasResponseBody() {
+		return types.ActionContinue
+	}
 	hdsMap := convertHeaders(headers)
 	ctx.SetContext("headers", hdsMap)
 	return types.HeaderStopIteration

diff --git a/plugins/wasm-go/pkg/wrapper/response_wrapper.go b/plugins/wasm-go/pkg/wrapper/response_wrapper.go
@@ -15,6 +15,9 @@
 package wrapper
 
 import (
+	"strconv"
+	"strings"
+
 	"github.com/higress-group/proxy-wasm-go-sdk/proxywasm"
 )
 
@@ -26,3 +29,21 @@ func IsResponseFromUpstream() bool {
 		return false
 	}
 }
+
+func HasResponseBody() bool {
+	contentTypeStr, _ := proxywasm.GetHttpResponseHeader("content-type")
+	contentLengthStr, _ := proxywasm.GetHttpResponseHeader("content-length")
+	transferEncodingStr, _ := proxywasm.GetHttpResponseHeader("transfer-encoding")
+	proxywasm.LogDebugf("check has response body: contentType:%s, contentLengthStr:%s, transferEncodingStr:%s",
+		contentTypeStr, contentLengthStr, transferEncodingStr)
+	if contentTypeStr != "" {
+		return true
+	}
+	if contentLengthStr != "" {
+		contentLength, err := strconv.Atoi(contentLengthStr)
+		if err == nil && contentLength > 0 {
+			return true
+		}
+	}
+	return strings.Contains(transferEncodingStr, "chunked")
+}