feat: SafeLine CE 9.3.9 with pro features
MCP Docker / build-and-push (push) Has been cancelled

- Remove telemetry: disabled all phone-home (installation notify, false positives, behavior tracking, upgrade tips)
- Version branding: removed 'ce-' prefix, product name changed to '长亭雷池 WAF'
- Detection engine enhancement: strict preset enables all 17 modules with aggressive configs
- Multi-user RBAC: admin/operator/viewer roles with password + TOTP 2FA
- Rate limiting: nginx limit_req per website (RPS, burst, action)
- JS Challenge: browser fingerprint verification page with cookie-based bypass
- Security fixes: removed InsecureSkipVerify, hardcoded credentials, NO_AUTH backdoor
This commit is contained in:
2026-07-04 07:59:04 +08:00
commit b8788c239e
259 changed files with 23055 additions and 0 deletions
@@ -0,0 +1,66 @@
package rule
import (
"context"
"github.com/chaitin/SafeLine/mcp_server/internal/api"
"github.com/chaitin/SafeLine/mcp_server/internal/api/rule"
"github.com/chaitin/SafeLine/mcp_server/pkg/logger"
)
type CreateBlacklistRule struct{}
type CreateBlacklistRuleParams struct {
Name string `json:"name" desc:"name" required:"true"`
IP []string `json:"ip" desc:"ip" required:"false"`
URINoQuery []string `json:"uri_no_query" desc:"uri_no_query" required:"false"`
}
func (t *CreateBlacklistRule) Name() string {
return "create_blacklist_rule"
}
func (t *CreateBlacklistRule) Description() string {
return "create a new blacklist rule"
}
func (t *CreateBlacklistRule) Validate(params CreateBlacklistRuleParams) error {
return nil
}
func (t *CreateBlacklistRule) Execute(ctx context.Context, params CreateBlacklistRuleParams) (int64, error) {
var pattern [][]api.Pattern
if len(params.IP) > 0 {
pattern = append(pattern, []api.Pattern{
{
K: api.KeySrcIP,
Op: api.OpEq,
V: params.IP,
SubK: "",
},
})
}
if len(params.URINoQuery) > 0 {
pattern = append(pattern, []api.Pattern{
{
K: api.KeyURINoQuery,
Op: api.OpEq,
V: params.URINoQuery,
SubK: "",
},
})
}
id, err := rule.CreateRule(ctx, &rule.CreateRuleRequest{
Name: params.Name,
IP: params.IP,
IsEnabled: true,
Action: int(api.PolicyRuleActionDeny),
Pattern: pattern,
})
if err != nil {
return 0, err
}
logger.With("id", id).Info("create blacklist rule success")
return id, nil
}
@@ -0,0 +1,66 @@
package rule
import (
"context"
"github.com/chaitin/SafeLine/mcp_server/internal/api"
"github.com/chaitin/SafeLine/mcp_server/internal/api/rule"
"github.com/chaitin/SafeLine/mcp_server/pkg/logger"
)
type CreateWhitelistRule struct{}
type CreateWhitelistRuleParams struct {
Name string `json:"name" desc:"name" required:"true"`
IP []string `json:"ip" desc:"ip" required:"false"`
URINoQuery []string `json:"uri_no_query" desc:"uri_no_query" required:"false"`
}
func (t *CreateWhitelistRule) Name() string {
return "create_whitelist_rule"
}
func (t *CreateWhitelistRule) Description() string {
return "create a new whitelist rule"
}
func (t *CreateWhitelistRule) Validate(params CreateWhitelistRuleParams) error {
return nil
}
func (t *CreateWhitelistRule) Execute(ctx context.Context, params CreateWhitelistRuleParams) (int64, error) {
var pattern [][]api.Pattern
if len(params.IP) > 0 {
pattern = append(pattern, []api.Pattern{
{
K: api.KeySrcIP,
Op: api.OpEq,
V: params.IP,
SubK: "",
},
})
}
if len(params.URINoQuery) > 0 {
pattern = append(pattern, []api.Pattern{
{
K: api.KeyURINoQuery,
Op: api.OpEq,
V: params.URINoQuery,
SubK: "",
},
})
}
id, err := rule.CreateRule(ctx, &rule.CreateRuleRequest{
Name: params.Name,
IP: params.IP,
IsEnabled: true,
Action: int(api.PolicyRuleActionAllow),
Pattern: pattern,
})
if err != nil {
return 0, err
}
logger.With("id", id).Info("create whitelist rule success")
return id, nil
}