From 871ae179c3b716943a5c724668283c65a90c879f Mon Sep 17 00:00:00 2001 From: 007gzs <007gzs@gmail.com> Date: Tue, 22 Oct 2024 21:39:01 +0800 Subject: [PATCH 1/2] Ai data masking fix (#1420) --- plugins/README.md | 1 + .../extensions/ai-data-masking/src/lib.rs | 9 ++++++--- plugins/wasm-rust/src/plugin_wrapper.rs | 19 ++++++++++++++++++- plugins/wasm-rust/src/request_wrapper.rs | 2 +- 4 files changed, 26 insertions(+), 5 deletions(-) diff --git a/plugins/README.md b/plugins/README.md index dc2ac8b1ca..7cdabde1d8 100644 --- a/plugins/README.md +++ b/plugins/README.md @@ -1,5 +1,6 @@ ## Wasm 插件 + 目前 Higress 提供了 c++ 和 golang 两种 Wasm 插件开发框架,支持 Wasm 插件路由&域名级匹配生效。 同时提供了多个内置插件,用户可以基于 Higress 提供的官方镜像仓库直接使用这些插件(以 c++ 版本举例): diff --git a/plugins/wasm-rust/extensions/ai-data-masking/src/lib.rs b/plugins/wasm-rust/extensions/ai-data-masking/src/lib.rs index 01573585ac..99d0144e97 100644 --- a/plugins/wasm-rust/extensions/ai-data-masking/src/lib.rs +++ b/plugins/wasm-rust/extensions/ai-data-masking/src/lib.rs @@ -16,6 +16,7 @@ use fancy_regex::Regex; use grok::patterns; use higress_wasm_rust::log::Log; use higress_wasm_rust::plugin_wrapper::{HttpContextWrapper, RootContextWrapper}; +use higress_wasm_rust::request_wrapper::has_request_body; use higress_wasm_rust::rule_matcher::{on_configure, RuleMatcher, SharedRuleMatcher}; use jieba_rs::Jieba; use jsonpath_rust::{JsonPath, JsonPathValue}; @@ -519,7 +520,11 @@ impl HttpContext for AiDataMasking { _num_headers: usize, _end_of_stream: bool, ) -> HeaderAction { - HeaderAction::StopIteration + if has_request_body() { + HeaderAction::StopIteration + } else { + HeaderAction::Continue + } } fn on_http_response_headers( &mut self, @@ -669,14 +674,12 @@ impl HttpContextWrapper for AiDataMasking { } fn on_http_response_complete_body(&mut self, res_body: &Bytes) -> DataAction { if self.config.is_none() { - self.reset_http_response(); return DataAction::Continue; } let config = self.config.as_ref().unwrap(); let mut res_body = match String::from_utf8(res_body.clone()) { Ok(r) => r, Err(_) => { - self.reset_http_response(); return DataAction::Continue; } }; diff --git a/plugins/wasm-rust/src/plugin_wrapper.rs b/plugins/wasm-rust/src/plugin_wrapper.rs index 5a00c0bda4..abe188a99f 100644 --- a/plugins/wasm-rust/src/plugin_wrapper.rs +++ b/plugins/wasm-rust/src/plugin_wrapper.rs @@ -309,7 +309,9 @@ where fn on_http_request_headers(&mut self, num_headers: usize, end_of_stream: bool) -> HeaderAction { let binding = self.rule_matcher.borrow(); self.config = binding.get_match_config().map(|config| config.1.clone()); - + if self.config.is_none() { + return HeaderAction::Continue; + } for (k, v) in self.get_http_request_headers_bytes() { match String::from_utf8(v) { Ok(header_value) => { @@ -340,6 +342,9 @@ where } fn on_http_request_body(&mut self, body_size: usize, end_of_stream: bool) -> DataAction { + if self.config.is_none() { + return DataAction::Continue; + } if !self.http_content.borrow().cache_request_body() { return self .http_content @@ -362,6 +367,9 @@ where } fn on_http_request_trailers(&mut self, num_trailers: usize) -> Action { + if self.config.is_none() { + return Action::Continue; + } self.http_content .borrow_mut() .on_http_request_trailers(num_trailers) @@ -372,6 +380,9 @@ where num_headers: usize, end_of_stream: bool, ) -> HeaderAction { + if self.config.is_none() { + return HeaderAction::Continue; + } for (k, v) in self.get_http_response_headers_bytes() { match String::from_utf8(v) { Ok(header_value) => { @@ -399,6 +410,9 @@ where } fn on_http_response_body(&mut self, body_size: usize, end_of_stream: bool) -> DataAction { + if self.config.is_none() { + return DataAction::Continue; + } if !self.http_content.borrow().cache_response_body() { return self .http_content @@ -423,6 +437,9 @@ where } fn on_http_response_trailers(&mut self, num_trailers: usize) -> Action { + if self.config.is_none() { + return Action::Continue; + } self.http_content .borrow_mut() .on_http_response_trailers(num_trailers) diff --git a/plugins/wasm-rust/src/request_wrapper.rs b/plugins/wasm-rust/src/request_wrapper.rs index bc9624f6a9..c9a997456c 100644 --- a/plugins/wasm-rust/src/request_wrapper.rs +++ b/plugins/wasm-rust/src/request_wrapper.rs @@ -68,7 +68,7 @@ pub fn has_request_body() -> bool { content_type, content_length_str, transfer_encoding ) ).unwrap(); - if !content_type.is_some_and(|x| !x.is_empty()) { + if content_type.is_some_and(|x| !x.is_empty()) { return true; } if let Some(cl) = content_length_str { From 0d79386ce2e10d5ead08f7384773bde7557b7bda Mon Sep 17 00:00:00 2001 From: Bingkun Zhao <49975170+sjtuzbk@users.noreply.github.com> Date: Tue, 22 Oct 2024 22:17:56 +0800 Subject: [PATCH 2/2] fix a bug of ip-restriction plugin (#1422) --- plugins/wasm-go/extensions/ip-restriction/main.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/plugins/wasm-go/extensions/ip-restriction/main.go b/plugins/wasm-go/extensions/ip-restriction/main.go index bd2d1eb61b..7752639813 100644 --- a/plugins/wasm-go/extensions/ip-restriction/main.go +++ b/plugins/wasm-go/extensions/ip-restriction/main.go @@ -60,7 +60,7 @@ func parseConfig(json gjson.Result, config *RestrictionConfig, log wrapper.Log) } status := json.Get("status") if status.Exists() && status.Uint() > 1 { - config.Status = uint32(header.Uint()) + config.Status = uint32(status.Uint()) } else { config.Status = DefaultDenyStatus }