sqlinj.conf

server {
	listen 80;
	server_name 172.22.1.21;

	location = /sqlinj {
		allow 192.168.49.0/24;
		allow 192.168.48.0/24;
		deny all;

		default_type 'text/plain';
		access_by_lua_block {
			ngx.header.content_type="application/json;charset=utf8"
			local cjson = require "cjson"
			local cjson2 = cjson.new()
			local cjson_safe = require "cjson.safe"
			local redis = require "resty.redis"
			local red = redis:new()
			red:set_timeout(1000) -- 1 sec
			local ok, err = red:connect("172.22.1.44", 2000)
			if not ok then
				ngx.say("failed to connect: ", err)
				return
			end
			local res, err = red:auth("SEC")
			red:select("1")
			local sqlinj = red:hkeys('sqlinj')
			ngx.say("共发现sql注入漏洞: "..table.getn(sqlinj).." 个")
			
			for key, value in pairs(sqlinj) do
				req = cjson.decode(value)
				ngx.say('\n'..req['method']..'\thttp://'..req['host']..req['uri']..'?'..req['args'])
				ngx.say(value)
				ngx.say(red:hget('sqlinj',value))
			end
			red:close()
		}	
	}
}