#!/usr/bin/env python
'''
Copyright (C) 2020, WAFW00F Developers.
See the LICENSE file for copying permission.
'''

NAME = 'UTM Web Protection (Sophos)'


def is_waf(self):
    # 定义两个检测模式。
    schema1 = [
        # 检查响应内容中是否包含'www.sophos.com'。
        self.matchContent(r'www\.sophos\.com'),
        # 检查响应内容中是否包含'Powered by.?(Sophos)? UTM Web Protection'。
        self.matchContent(r'Powered by.?(Sophos)? UTM Web Protection')
    ]
    schema2 = [
        # 检查响应内容中是否包含'<title>Access to the requested URL was blocked'。
        self.matchContent(r'<title>Access to the requested URL was blocked'),
        # 检查响应内容中是否包含'Access to the requested URL was blocked'。
        self.matchContent(r'Access to the requested URL was blocked'),
        # 检查响应内容中是否包含'incident was logged with the following log identifier'。
        self.matchContent(r'incident was logged with the following log identifier'),
        # 检查响应内容中是否包含'Inbound Anomaly Score exceeded'。
        self.matchContent(r'Inbound Anomaly Score exceeded'),
        # 检查响应内容中是否包含'Your cache administrator is'。
        self.matchContent(r'Your cache administrator is')
    ]
    # 如果 schema1 中的任何一个条件为真，则认为检测到了 WAF。
    if any(i for i in schema1):
        return True
    # 如果 schema2 中的所有条件都为真，则认为检测到了 WAF。
    if all(i for i in schema2):
        return True
    return False