From bb06108a6d0fed076f2c16b77320a42914844682 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E6=9C=89=E5=AE=89=E7=A7=91=E6=8A=80?=
 <Safe3@users.noreply.github.com>
Date: Wed, 16 Oct 2024 21:53:46 +0800
Subject: [PATCH] update

---
 docs/api/README.md  | 23 +++++++++++++++--------
 rules/data-mask.lua | 20 ++++++++++++++------
 2 files changed, 29 insertions(+), 14 deletions(-)

diff --git a/docs/api/README.md b/docs/api/README.md
index 66d7fe7..2c73e4b 100644
--- a/docs/api/README.md
+++ b/docs/api/README.md
@@ -279,8 +279,8 @@ return false
 
 ```lua
 --[[
-规则名称: datamask
-过滤阶段: 返回内容阶段
+规则名称: 数据脱敏
+过滤阶段: 返回页面阶段
 危险等级: 中危
 规则描述: 对返回页面中的身份证和手机号进行*替换脱敏
 --]]
@@ -291,25 +291,32 @@ if waf.respContentLength == 0 or waf.respContentLength >= 2097152 then
 end
 
 -- 只保留身份证号前2位和后2位
-local newstr, _, err = waf.rgxGsub(waf.respBody, [[\b((1[1-5]|2[1-3]|3[1-7]|4[1-6]|5[0-4]|6[1-5]|[7-9]1)\d{4}(18|19|20)\d{2}((0[1-9])|(1[0-2]))(([0-2][1-9])|10|20|30|31)\d{3}[0-9Xx])\b]], function(m)
+local newstr, n, err = waf.rgxGsub(waf.respBody, [[\b((1[1-5]|2[1-3]|3[1-7]|4[1-6]|5[0-4]|6[1-5]|[7-9]1)\d{4}(18|19|20)\d{2}((0[1-9])|(1[0-2]))(([0-2][1-9])|10|20|30|31)\d{3}[0-9Xx])\b]], function(m)
     return m[0]:sub(1, 2) .. "**************" .. m[0]:sub(-2)
 end, "jos")
 if not newstr then
     waf.errLog("error: ", err)
     return
 end
-waf.respBody = newstr
+if n > 0 then
+    waf.respBody = newstr
+    -- 通知南墙进行数据替换
+    waf.replaceFilter = true
+end
+
 -- 只保留手机号前3位和后4位
-newstr, _, err = waf.rgxGsub(waf.respBody, [[\b1(?:(((3[0-9])|(4[5-9])|(5[0-35-9])|(6[2,5-7])|(7[0135-8])|(8[0-9])|(9[0-35-9]))[ -]?\d{4}[ -]?\d{4})|((74)[ -]?[0-5]\d{3}[ -]?\d{4}))\b]], function(m)
+newstr, n, err = waf.rgxGsub(waf.respBody, [[\b1(?:(((3[0-9])|(4[5-9])|(5[0-35-9])|(6[2,5-7])|(7[0135-8])|(8[0-9])|(9[0-35-9]))[ -]?\d{4}[ -]?\d{4})|((74)[ -]?[0-5]\d{3}[ -]?\d{4}))\b]], function(m)
     return m[0]:sub(1, 3) .. "****" .. m[0]:sub(-4)
 end, "jos")
 if not newstr then
     waf.errLog("error: ", err)
     return
 end
-waf.respBody = newstr
--- 通知南墙进行数据替换
-waf.replaceFilter = true
+if n > 0 then
+    waf.respBody = newstr
+    -- 通知南墙进行数据替换
+    waf.replaceFilter = true
+end
 ```
 
 
diff --git a/rules/data-mask.lua b/rules/data-mask.lua
index c52e0bd..80ceadc 100644
--- a/rules/data-mask.lua
+++ b/rules/data-mask.lua
@@ -11,22 +11,30 @@ if waf.respContentLength == 0 or waf.respContentLength >= 2097152 then
 end
 
 -- 只保留身份证号前2位和后2位
-local newstr, _, err = waf.rgxGsub(waf.respBody, [[\b((1[1-5]|2[1-3]|3[1-7]|4[1-6]|5[0-4]|6[1-5]|[7-9]1)\d{4}(18|19|20)\d{2}((0[1-9])|(1[0-2]))(([0-2][1-9])|10|20|30|31)\d{3}[0-9Xx])\b]], function(m)
+local newstr, n, err = waf.rgxGsub(waf.respBody, [[\b((1[1-5]|2[1-3]|3[1-7]|4[1-6]|5[0-4]|6[1-5]|[7-9]1)\d{4}(18|19|20)\d{2}((0[1-9])|(1[0-2]))(([0-2][1-9])|10|20|30|31)\d{3}[0-9Xx])\b]], function(m)
     return m[0]:sub(1, 2) .. "**************" .. m[0]:sub(-2)
 end, "jos")
 if not newstr then
     waf.errLog("error: ", err)
     return
 end
-waf.respBody = newstr
+if n > 0 then
+    waf.respBody = newstr
+    -- 通知南墙进行数据替换
+    waf.replaceFilter = true
+end
+
 -- 只保留手机号前3位和后4位
-newstr, _, err = waf.rgxGsub(waf.respBody, [[\b1(?:(((3[0-9])|(4[5-9])|(5[0-35-9])|(6[2,5-7])|(7[0135-8])|(8[0-9])|(9[0-35-9]))[ -]?\d{4}[ -]?\d{4})|((74)[ -]?[0-5]\d{3}[ -]?\d{4}))\b]], function(m)
+newstr, n, err = waf.rgxGsub(waf.respBody, [[\b1(?:(((3[0-9])|(4[5-9])|(5[0-35-9])|(6[2,5-7])|(7[0135-8])|(8[0-9])|(9[0-35-9]))[ -]?\d{4}[ -]?\d{4})|((74)[ -]?[0-5]\d{3}[ -]?\d{4}))\b]], function(m)
     return m[0]:sub(1, 3) .. "****" .. m[0]:sub(-4)
 end, "jos")
 if not newstr then
     waf.errLog("error: ", err)
     return
 end
-waf.respBody = newstr
--- 通知南墙进行数据替换
-waf.replaceFilter = true
\ No newline at end of file
+if n > 0 then
+    waf.respBody = newstr
+    -- 通知南墙进行数据替换
+    waf.replaceFilter = true
+end
+