leveryd-asm / asm

Scanner platform based on Kubernetes and Argo-Workflow 基于k8s和argo工作流的扫描器

https://leveryd-asm.github.io/asm-document

MIT License

106 stars 6 forks source link

查询条件和查询结果不匹配 #29

Closed leveryd closed 1 year ago

leveryd commented 1 year ago

x es -esURL http://elasticsearch-master:9200 -index web-service -num 10000 -q 'port>=8000' -source url|grep 443

leveryd commented 1 year ago

/ # cat /argo/staging/script
query='status-code:200 and content-type:"html" and words>10 and parsed-domain.registered_domain:"baidu.com"'
query=$query' and port>=8000 and port<=9000'
echo $query
x es -esURL http://elasticsearch-master:9200 -index web-service -num 10000 -q "'"$query"'" -source url -of /tmp/result

/ # sh /argo/staging/script
status-code:200 and content-type:"html" and words>10 and parsed-domain.registered_domain:"baidu.com" and port>=8000 and port<=9000
total: 0

这个查询预期是有结果的，应该能返回17条数据

leveryd commented 1 year ago

/ # x es -esURL http://elasticsearch-master:9200 -index web-service -num 10000 -q 'status-code:200 and content-type:"html" and words>10 and parsed-domain.registered_domain:"baidu.com" and port>=8000 and port<=9000' -source url | wc -l
5168

为什么直接执行命令，又有5k条结果？

leveryd commented 1 year ago

代码调试 jsonencode时会对某些字符编码

jsonEncoder := json.NewEncoder(bf)
jsonEncoder.SetEscapeHTML(false)  //可以关闭编码

请求es接口测试

用profile参数很容易看到匹配时的逻辑,可以看到是不符合预期的。

为什么不符合预期？

URI的q参数查询时，只支持key-value格式，port>=8000 应该写成 port:>=8000；and、or等也必须大写