Merge pull request #1191 from pikasTech/fix/web-sentinel-public-exposure-health-probe
fix: 修正 Web 哨兵 public exposure health 判定
This commit is contained in:
@@ -3311,7 +3311,7 @@ function probeSentinelPublicExposure(state: SentinelCicdState, timeoutSeconds: n
|
||||
"body=$(mktemp)",
|
||||
"writeout=$(curl -sS -D \"$headers\" -o \"$body\" --connect-timeout 8 --max-time 20 --write-out '%{http_code} %{ssl_verify_result} %{remote_ip}' \"$url\" 2>/tmp/web-probe-sentinel-public.err)",
|
||||
"curl_rc=$?",
|
||||
"body_head=$(head -c 1000 \"$body\" | base64 | tr -d '\\n')",
|
||||
"body_head=$(head -c 4000 \"$body\" | base64 | tr -d '\\n')",
|
||||
"node - \"$dns\" \"$expected\" \"$writeout\" \"$curl_rc\" \"$url\" \"$body_head\" \"$headers\" <<'NODE'",
|
||||
"const fs=require('node:fs');",
|
||||
"const [dns,expected,writeout,rcRaw,url,bodyB64,headersPath]=process.argv.slice(2);",
|
||||
@@ -3321,9 +3321,10 @@ function probeSentinelPublicExposure(state: SentinelCicdState, timeoutSeconds: n
|
||||
"const addrs=dns?dns.split(',').filter(Boolean):[];",
|
||||
"const headers=(()=>{try{return fs.readFileSync(headersPath,'utf8')}catch{return ''}})();",
|
||||
"const body=Buffer.from(bodyB64||'', 'base64').toString('utf8');",
|
||||
"let bodyJson=null; try{bodyJson=JSON.parse(body)}catch{}",
|
||||
"const authCovered=status===401||status===403||status>=200&&status<300;",
|
||||
"const edgeOk=Number(rcRaw)===0&&ssl===0&&status>0&&status<500;",
|
||||
"const upstreamOk=status>=200&&status<300&&body.includes('valuesRedacted');",
|
||||
"const upstreamOk=status>=200&&status<300&&(bodyJson?.ok===true||body.includes('valuesRedacted'));",
|
||||
"const dnsMatches=addrs.includes(expected);",
|
||||
"console.log(JSON.stringify({ok:dnsMatches&&edgeOk&&authCovered&&upstreamOk,publicUrl:url,dns:{addresses:addrs,expectedA:expected,matches:dnsMatches},tls:{verified:ssl===0,sslVerifyResult:ssl,remoteIp:remoteIp||null},https:{curlExitCode:Number(rcRaw),httpStatus:status,edgeOk},auth:{requestAuthorizationHeader:false,covered:authCovered,status},upstream:{ok:upstreamOk,bodyPreview:body.slice(0,200)},headers:{wwwAuthenticate:/^www-authenticate:/im.test(headers)},valuesRedacted:true}));",
|
||||
"NODE",
|
||||
|
||||
Reference in New Issue
Block a user