secubox-openwrt/package/secubox/secubox-app-mitmproxy/files/usr/sbin/mitmproxy-waf-sync

#!/bin/sh
# Sync mitmproxy WAF config from UCI to JSON

CONFIG_FILE="/srv/mitmproxy/waf-config.json"

# Read UCI values
enabled=$(uci -q get mitmproxy.waf_rules.enabled || echo 1)
sqli=$(uci -q get mitmproxy.waf_rules.sqli || echo 1)
xss=$(uci -q get mitmproxy.waf_rules.xss || echo 1)
lfi=$(uci -q get mitmproxy.waf_rules.lfi || echo 1)
rce=$(uci -q get mitmproxy.waf_rules.rce || echo 1)
cve_2024=$(uci -q get mitmproxy.waf_rules.cve_2024 || echo 1)
scanners=$(uci -q get mitmproxy.waf_rules.scanners || echo 1)
webmail=$(uci -q get mitmproxy.waf_rules.webmail || echo 1)
api_abuse=$(uci -q get mitmproxy.waf_rules.api_abuse || echo 1)
voip=$(uci -q get mitmproxy.waf_rules.voip || echo 1)
xmpp=$(uci -q get mitmproxy.waf_rules.xmpp || echo 1)
cve_voip=$(uci -q get mitmproxy.waf_rules.cve_voip || echo 1)
cve_xmpp=$(uci -q get mitmproxy.waf_rules.cve_xmpp || echo 1)
router_botnet=$(uci -q get mitmproxy.waf_rules.router_botnet || echo 1)

# Convert to JSON booleans
to_bool() { [ "$1" = "1" ] && echo "true" || echo "false"; }

cat > "$CONFIG_FILE" << EOF
{
  "enabled": $(to_bool $enabled),
  "categories": {
    "sqli": $(to_bool $sqli),
    "xss": $(to_bool $xss),
    "lfi": $(to_bool $lfi),
    "rce": $(to_bool $rce),
    "cve_2024": $(to_bool $cve_2024),
    "scanners": $(to_bool $scanners),
    "webmail": $(to_bool $webmail),
    "api_abuse": $(to_bool $api_abuse),
    "voip": $(to_bool $voip),
    "xmpp": $(to_bool $xmpp),
    "cve_voip": $(to_bool $cve_voip),
    "cve_xmpp": $(to_bool $cve_xmpp),
    "router_botnet": $(to_bool $router_botnet)
  }
}
EOF

echo "[WAF] Config synced to $CONFIG_FILE"