Fix panic in DetectWaf function

2025-12-17 17:35:28 +00:00 · 2025-09-24 23:16:40 +05:30 · 2025-09-24 23:16:40 +05:30 · afb13e2c5b
commit afb13e2c5b
parent 8ea5061f5e
1 changed files with 42 additions and 2 deletions
--- a/pkg/output/stats/waf/waf.go
+++ b/pkg/output/stats/waf/waf.go
@ -5,11 +5,15 @@ import (
 	"encoding/json"
 	"log"
 	"regexp"
 	"runtime"
 	"strings"
 	"sync"
 )
 type WafDetector struct {
 	wafs       map[string]waf
 	regexCache map[string]*regexp.Regexp
 	mu         sync.RWMutex
 }
 // waf represents a web application firewall definition
@ -53,19 +57,55 @@ func NewWafDetector() *WafDetector {
 }
 func (d *WafDetector) DetectWAF(content string) (string, bool) {
-	if d == nil || d.regexCache == nil {
+	if d == nil || d.regexCache == nil || len(content) == 0 {
 		return "", false
 	}
 	d.mu.RLock()
 	defer d.mu.RUnlock()
 	// Limit content size to prevent regex catastrophic backtracking
 	maxContentSize := 50000 // 50KB limit
 	if len(content) > maxContentSize {
 		content = content[:maxContentSize]
 	}
 	for id, regex := range d.regexCache {
-		if regex != nil && regex.MatchString(content) {
+		if regex == nil {
 			continue
 		}
 		// Safely test each regex with panic recovery
 		matched := func() bool {
 			defer func() {
 				if r := recover(); r != nil {
 					// Get stack trace and format in one line
 					buf := make([]byte, 4096)
 					n := runtime.Stack(buf, false)
 					stack := strings.ReplaceAll(string(buf[:n]), "\n", " | ")
 					log.Printf("regex panic for WAF %s: %v: %v", id, r, stack)
 				}
 			}()
 			return regex.MatchString(content)
 		}()
 		if matched {
 			return id, true
 		}
 	}
 	return "", false
 }
 func (d *WafDetector) GetWAF(id string) (waf, bool) {
 	if d == nil {
 		return waf{}, false
 	}
 	d.mu.RLock()
 	defer d.mu.RUnlock()
 	waf, ok := d.wafs[id]
 	return waf, ok
 }