more debug when loading rules
This commit is contained in:
parent
1a1f4f6169
commit
52c1e16216
|
@ -94,6 +94,9 @@ func (r *AppsecRunner) Init(datadir string) error {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
r.logger.Tracef("Loaded inband rules: %+v", r.AppsecInbandEngine.GetRuleGroup().GetRules())
|
||||||
|
r.logger.Tracef("Loaded outband rules: %+v", r.AppsecOutbandEngine.GetRuleGroup().GetRules())
|
||||||
|
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return fmt.Errorf("unable to initialize outband engine : %w", err)
|
return fmt.Errorf("unable to initialize outband engine : %w", err)
|
||||||
}
|
}
|
||||||
|
@ -193,6 +196,7 @@ func (r *AppsecRunner) ProcessInBandRules(request *appsec.ParsedRequest) error {
|
||||||
}
|
}
|
||||||
|
|
||||||
func (r *AppsecRunner) ProcessOutOfBandRules(request *appsec.ParsedRequest) error {
|
func (r *AppsecRunner) ProcessOutOfBandRules(request *appsec.ParsedRequest) error {
|
||||||
|
r.logger.Infof("Processing out of band rules")
|
||||||
tx := appsec.NewExtendedTransaction(r.AppsecOutbandEngine, request.UUID)
|
tx := appsec.NewExtendedTransaction(r.AppsecOutbandEngine, request.UUID)
|
||||||
r.AppsecRuntime.OutOfBandTx = tx
|
r.AppsecRuntime.OutOfBandTx = tx
|
||||||
err := r.processRequest(tx, request)
|
err := r.processRequest(tx, request)
|
||||||
|
|
|
@ -214,10 +214,11 @@ func (wc *AppsecConfig) Build() (*AppsecRuntimeConfig, error) {
|
||||||
ret.Config = wc
|
ret.Config = wc
|
||||||
ret.DefaultRemediation = wc.DefaultRemediation
|
ret.DefaultRemediation = wc.DefaultRemediation
|
||||||
|
|
||||||
|
wc.Logger.Tracef("Loading config %+v", wc)
|
||||||
//load rules
|
//load rules
|
||||||
for _, rule := range wc.OutOfBandRules {
|
for _, rule := range wc.OutOfBandRules {
|
||||||
wc.Logger.Infof("loading outofband rule %s", rule)
|
wc.Logger.Infof("loading outofband rule %s", rule)
|
||||||
collections, err := LoadCollection(rule)
|
collections, err := LoadCollection(rule, wc.Logger.WithField("component", "appsec_collection_loader"))
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, fmt.Errorf("unable to load outofband rule %s : %s", rule, err)
|
return nil, fmt.Errorf("unable to load outofband rule %s : %s", rule, err)
|
||||||
}
|
}
|
||||||
|
@ -227,7 +228,7 @@ func (wc *AppsecConfig) Build() (*AppsecRuntimeConfig, error) {
|
||||||
wc.Logger.Infof("Loaded %d outofband rules", len(ret.OutOfBandRules))
|
wc.Logger.Infof("Loaded %d outofband rules", len(ret.OutOfBandRules))
|
||||||
for _, rule := range wc.InBandRules {
|
for _, rule := range wc.InBandRules {
|
||||||
wc.Logger.Infof("loading inband rule %s", rule)
|
wc.Logger.Infof("loading inband rule %s", rule)
|
||||||
collections, err := LoadCollection(rule)
|
collections, err := LoadCollection(rule, wc.Logger.WithField("component", "appsec_collection_loader"))
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, fmt.Errorf("unable to load inband rule %s : %s", rule, err)
|
return nil, fmt.Errorf("unable to load inband rule %s : %s", rule, err)
|
||||||
}
|
}
|
||||||
|
|
|
@ -46,8 +46,7 @@ type RulesDetails struct {
|
||||||
// Is using the id is a good idea ? might be too specific to coraza and not easily reusable
|
// Is using the id is a good idea ? might be too specific to coraza and not easily reusable
|
||||||
var AppsecRulesDetails = make(map[int]RulesDetails)
|
var AppsecRulesDetails = make(map[int]RulesDetails)
|
||||||
|
|
||||||
func LoadCollection(pattern string) ([]AppsecCollection, error) {
|
func LoadCollection(pattern string, logger *log.Entry) ([]AppsecCollection, error) {
|
||||||
//FIXME: have a proper logger here, inheriting from appsec-config to have consistent log levels
|
|
||||||
ret := make([]AppsecCollection, 0)
|
ret := make([]AppsecCollection, 0)
|
||||||
|
|
||||||
for _, appsecRule := range appsecRules {
|
for _, appsecRule := range appsecRules {
|
||||||
|
@ -55,14 +54,14 @@ func LoadCollection(pattern string) ([]AppsecCollection, error) {
|
||||||
tmpMatch, err := exprhelpers.Match(pattern, appsecRule.Name)
|
tmpMatch, err := exprhelpers.Match(pattern, appsecRule.Name)
|
||||||
|
|
||||||
if err != nil {
|
if err != nil {
|
||||||
log.Errorf("unable to match %s with %s : %s", appsecRule.Name, pattern, err)
|
logger.Errorf("unable to match %s with %s : %s", appsecRule.Name, pattern, err)
|
||||||
continue
|
continue
|
||||||
}
|
}
|
||||||
|
|
||||||
matched, ok := tmpMatch.(bool)
|
matched, ok := tmpMatch.(bool)
|
||||||
|
|
||||||
if !ok {
|
if !ok {
|
||||||
log.Errorf("unable to match %s with %s : %s", appsecRule.Name, pattern, err)
|
logger.Errorf("unable to match %s with %s : %s", appsecRule.Name, pattern, err)
|
||||||
continue
|
continue
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -76,10 +75,11 @@ func LoadCollection(pattern string) ([]AppsecCollection, error) {
|
||||||
|
|
||||||
if appsecRule.SecLangFilesRules != nil {
|
if appsecRule.SecLangFilesRules != nil {
|
||||||
for _, rulesFile := range appsecRule.SecLangFilesRules {
|
for _, rulesFile := range appsecRule.SecLangFilesRules {
|
||||||
|
logger.Debugf("Adding rules from %s", rulesFile)
|
||||||
fullPath := filepath.Join(hub.GetDataDir(), rulesFile)
|
fullPath := filepath.Join(hub.GetDataDir(), rulesFile)
|
||||||
c, err := os.ReadFile(fullPath)
|
c, err := os.ReadFile(fullPath)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
log.Errorf("unable to read file %s : %s", rulesFile, err)
|
logger.Errorf("unable to read file %s : %s", rulesFile, err)
|
||||||
continue
|
continue
|
||||||
}
|
}
|
||||||
for _, line := range strings.Split(string(c), "\n") {
|
for _, line := range strings.Split(string(c), "\n") {
|
||||||
|
@ -95,6 +95,7 @@ func LoadCollection(pattern string) ([]AppsecCollection, error) {
|
||||||
}
|
}
|
||||||
|
|
||||||
if appsecRule.SecLangRules != nil {
|
if appsecRule.SecLangRules != nil {
|
||||||
|
logger.Tracef("Adding inline rules %+v", appsecRule.SecLangRules)
|
||||||
appsecCol.Rules = append(appsecCol.Rules, appsecRule.SecLangRules...)
|
appsecCol.Rules = append(appsecCol.Rules, appsecRule.SecLangRules...)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -102,10 +103,10 @@ func LoadCollection(pattern string) ([]AppsecCollection, error) {
|
||||||
for _, rule := range appsecRule.Rules {
|
for _, rule := range appsecRule.Rules {
|
||||||
strRule, rulesId, err := rule.Convert(appsec_rule.ModsecurityRuleType, appsecRule.Name)
|
strRule, rulesId, err := rule.Convert(appsec_rule.ModsecurityRuleType, appsecRule.Name)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
log.Errorf("unable to convert rule %s : %s", rule.Name, err)
|
logger.Errorf("unable to convert rule %s : %s", rule.Name, err)
|
||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
log.Debugf("Adding rule %s", strRule)
|
logger.Debugf("Adding rule %s", strRule)
|
||||||
appsecCol.Rules = append(appsecCol.Rules, strRule)
|
appsecCol.Rules = append(appsecCol.Rules, strRule)
|
||||||
|
|
||||||
//We only take the first id, as it's the one of the "main" rule
|
//We only take the first id, as it's the one of the "main" rule
|
||||||
|
@ -117,7 +118,7 @@ func LoadCollection(pattern string) ([]AppsecCollection, error) {
|
||||||
Name: appsecRule.Name,
|
Name: appsecRule.Name,
|
||||||
}
|
}
|
||||||
} else {
|
} else {
|
||||||
log.Warnf("conflicting id %d for rule %s !", rulesId[0], rule.Name)
|
logger.Warnf("conflicting id %d for rule %s !", rulesId[0], rule.Name)
|
||||||
}
|
}
|
||||||
|
|
||||||
for _, id := range rulesId {
|
for _, id := range rulesId {
|
||||||
|
|
Loading…
Reference in a new issue