more debug when loading rules
This commit is contained in:
Sebastien Blot
parent
1a1f4f6169
commit
52c1e16216
|
|
@ -94,6 +94,9 @@ func (r *AppsecRunner) Init(datadir string) error {
|
|||
}
|
||||
}
|
||||
|
||||
r.logger.Tracef("Loaded inband rules: %+v", r.AppsecInbandEngine.GetRuleGroup().GetRules())
|
||||
r.logger.Tracef("Loaded outband rules: %+v", r.AppsecOutbandEngine.GetRuleGroup().GetRules())
|
||||
|
||||
if err != nil {
|
||||
return fmt.Errorf("unable to initialize outband engine : %w", err)
|
||||
}
|
||||
|
|
@ -193,6 +196,7 @@ func (r *AppsecRunner) ProcessInBandRules(request *appsec.ParsedRequest) error {
|
|||
}
|
||||
|
||||
func (r *AppsecRunner) ProcessOutOfBandRules(request *appsec.ParsedRequest) error {
|
||||
r.logger.Infof("Processing out of band rules")
|
||||
tx := appsec.NewExtendedTransaction(r.AppsecOutbandEngine, request.UUID)
|
||||
r.AppsecRuntime.OutOfBandTx = tx
|
||||
err := r.processRequest(tx, request)
|
||||
|
|
|
|||
|
|
@ -214,10 +214,11 @@ func (wc *AppsecConfig) Build() (*AppsecRuntimeConfig, error) {
|
|||
ret.Config = wc
|
||||
ret.DefaultRemediation = wc.DefaultRemediation
|
||||
|
||||
wc.Logger.Tracef("Loading config %+v", wc)
|
||||
//load rules
|
||||
for _, rule := range wc.OutOfBandRules {
|
||||
wc.Logger.Infof("loading outofband rule %s", rule)
|
||||
collections, err := LoadCollection(rule)
|
||||
collections, err := LoadCollection(rule, wc.Logger.WithField("component", "appsec_collection_loader"))
|
||||
if err != nil {
|
||||
return nil, fmt.Errorf("unable to load outofband rule %s : %s", rule, err)
|
||||
}
|
||||
|
|
@ -227,7 +228,7 @@ func (wc *AppsecConfig) Build() (*AppsecRuntimeConfig, error) {
|
|||
wc.Logger.Infof("Loaded %d outofband rules", len(ret.OutOfBandRules))
|
||||
for _, rule := range wc.InBandRules {
|
||||
wc.Logger.Infof("loading inband rule %s", rule)
|
||||
collections, err := LoadCollection(rule)
|
||||
collections, err := LoadCollection(rule, wc.Logger.WithField("component", "appsec_collection_loader"))
|
||||
if err != nil {
|
||||
return nil, fmt.Errorf("unable to load inband rule %s : %s", rule, err)
|
||||
}
|
||||
|
|
|
|||
|
|
@ -46,8 +46,7 @@ type RulesDetails struct {
|
|||
// Is using the id is a good idea ? might be too specific to coraza and not easily reusable
|
||||
var AppsecRulesDetails = make(map[int]RulesDetails)
|
||||
|
||||
func LoadCollection(pattern string) ([]AppsecCollection, error) {
|
||||
//FIXME: have a proper logger here, inheriting from appsec-config to have consistent log levels
|
||||
func LoadCollection(pattern string, logger *log.Entry) ([]AppsecCollection, error) {
|
||||
ret := make([]AppsecCollection, 0)
|
||||
|
||||
for _, appsecRule := range appsecRules {
|
||||
|
|
@ -55,14 +54,14 @@ func LoadCollection(pattern string) ([]AppsecCollection, error) {
|
|||
tmpMatch, err := exprhelpers.Match(pattern, appsecRule.Name)
|
||||
|
||||
if err != nil {
|
||||
log.Errorf("unable to match %s with %s : %s", appsecRule.Name, pattern, err)
|
||||
logger.Errorf("unable to match %s with %s : %s", appsecRule.Name, pattern, err)
|
||||
continue
|
||||
}
|
||||
|
||||
matched, ok := tmpMatch.(bool)
|
||||
|
||||
if !ok {
|
||||
log.Errorf("unable to match %s with %s : %s", appsecRule.Name, pattern, err)
|
||||
logger.Errorf("unable to match %s with %s : %s", appsecRule.Name, pattern, err)
|
||||
continue
|
||||
}
|
||||
|
||||
|
|
@ -76,10 +75,11 @@ func LoadCollection(pattern string) ([]AppsecCollection, error) {
|
|||
|
||||
if appsecRule.SecLangFilesRules != nil {
|
||||
for _, rulesFile := range appsecRule.SecLangFilesRules {
|
||||
logger.Debugf("Adding rules from %s", rulesFile)
|
||||
fullPath := filepath.Join(hub.GetDataDir(), rulesFile)
|
||||
c, err := os.ReadFile(fullPath)
|
||||
if err != nil {
|
||||
log.Errorf("unable to read file %s : %s", rulesFile, err)
|
||||
logger.Errorf("unable to read file %s : %s", rulesFile, err)
|
||||
continue
|
||||
}
|
||||
for _, line := range strings.Split(string(c), "\n") {
|
||||
|
|
@ -95,6 +95,7 @@ func LoadCollection(pattern string) ([]AppsecCollection, error) {
|
|||
}
|
||||
|
||||
if appsecRule.SecLangRules != nil {
|
||||
logger.Tracef("Adding inline rules %+v", appsecRule.SecLangRules)
|
||||
appsecCol.Rules = append(appsecCol.Rules, appsecRule.SecLangRules...)
|
||||
}
|
||||
|
||||
|
|
@ -102,10 +103,10 @@ func LoadCollection(pattern string) ([]AppsecCollection, error) {
|
|||
for _, rule := range appsecRule.Rules {
|
||||
strRule, rulesId, err := rule.Convert(appsec_rule.ModsecurityRuleType, appsecRule.Name)
|
||||
if err != nil {
|
||||
log.Errorf("unable to convert rule %s : %s", rule.Name, err)
|
||||
logger.Errorf("unable to convert rule %s : %s", rule.Name, err)
|
||||
return nil, err
|
||||
}
|
||||
log.Debugf("Adding rule %s", strRule)
|
||||
logger.Debugf("Adding rule %s", strRule)
|
||||
appsecCol.Rules = append(appsecCol.Rules, strRule)
|
||||
|
||||
//We only take the first id, as it's the one of the "main" rule
|
||||
|
|
@ -117,7 +118,7 @@ func LoadCollection(pattern string) ([]AppsecCollection, error) {
|
|||
Name: appsecRule.Name,
|
||||
}
|
||||
} else {
|
||||
log.Warnf("conflicting id %d for rule %s !", rulesId[0], rule.Name)
|
||||
logger.Warnf("conflicting id %d for rule %s !", rulesId[0], rule.Name)
|
||||
}
|
||||
|
||||
for _, id := range rulesId {
|
||||
|
|
|
|||
Loading…
Reference in a new issue