up
This commit is contained in:
parent
7081666199
commit
6a47b9e97d
|
@ -267,29 +267,7 @@ func (w *WaapSource) waapHandler(rw http.ResponseWriter, r *http.Request) {
|
||||||
w.InChan <- parsedRequest
|
w.InChan <- parsedRequest
|
||||||
|
|
||||||
response := <-parsedRequest.ResponseChannel
|
response := <-parsedRequest.ResponseChannel
|
||||||
|
log.Infof("resp %+v", response)
|
||||||
// //@tko this parts needs to be redone
|
|
||||||
// if message.Err != nil {
|
|
||||||
// log.Errorf("Error while processing InBAND: %s", err)
|
|
||||||
// rw.WriteHeader(http.StatusInternalServerError)
|
|
||||||
// return
|
|
||||||
// }
|
|
||||||
|
|
||||||
// //here we must rely on WaapRuntimeConfig to know what to do
|
|
||||||
// if message.Interruption != nil {
|
|
||||||
// rw.WriteHeader(http.StatusForbidden)
|
|
||||||
// action := message.Interruption.Action
|
|
||||||
// if action == "deny" { // bouncers understand "ban" and not "deny"
|
|
||||||
// action = "ban"
|
|
||||||
// }
|
|
||||||
// body, err := json.Marshal(BodyResponse{Action: action})
|
|
||||||
// if err != nil {
|
|
||||||
// log.Errorf("unable to build response: %s", err)
|
|
||||||
// } else {
|
|
||||||
// rw.Write(body)
|
|
||||||
// }
|
|
||||||
// return
|
|
||||||
// }
|
|
||||||
|
|
||||||
rw.WriteHeader(response.HTTPResponseCode)
|
rw.WriteHeader(response.HTTPResponseCode)
|
||||||
body, err := json.Marshal(BodyResponse{Action: response.Action})
|
body, err := json.Marshal(BodyResponse{Action: response.Action})
|
||||||
|
|
|
@ -43,6 +43,7 @@ func (r *WaapRunner) Run(t *tomb.Tomb) error {
|
||||||
r.logger.Errorf("unable to process PreEval rules: %s", err)
|
r.logger.Errorf("unable to process PreEval rules: %s", err)
|
||||||
continue
|
continue
|
||||||
}
|
}
|
||||||
|
log.Infof("now response is -> %s", r.WaapRuntime.Response.Action)
|
||||||
//inband WAAP rules
|
//inband WAAP rules
|
||||||
err = r.WaapRuntime.ProcessInBandRules(request)
|
err = r.WaapRuntime.ProcessInBandRules(request)
|
||||||
elapsed := time.Since(startParsing)
|
elapsed := time.Since(startParsing)
|
||||||
|
|
|
@ -26,7 +26,7 @@ func (t *ExtendedTransaction) RemoveRuleByIDWithError(id int) error {
|
||||||
}
|
}
|
||||||
|
|
||||||
// simply used to ease the compilation & runtime of the hooks
|
// simply used to ease the compilation & runtime of the hooks
|
||||||
func GetHookEnv(w WaapRuntimeConfig, request ParsedRequest) map[string]interface{} {
|
func GetHookEnv(w *WaapRuntimeConfig, request ParsedRequest) map[string]interface{} {
|
||||||
return map[string]interface{}{
|
return map[string]interface{}{
|
||||||
"inband_rules": w.InBandRules,
|
"inband_rules": w.InBandRules,
|
||||||
"outband_rules": w.OutOfBandRules,
|
"outband_rules": w.OutOfBandRules,
|
||||||
|
|
|
@ -32,7 +32,7 @@ func (h *Hook) Build() error {
|
||||||
h.FilterExpr = program
|
h.FilterExpr = program
|
||||||
}
|
}
|
||||||
for _, apply := range h.Apply {
|
for _, apply := range h.Apply {
|
||||||
program, err := expr.Compile(apply, GetExprWAFOptions(GetHookEnv(WaapRuntimeConfig{}, ParsedRequest{}))...)
|
program, err := expr.Compile(apply, GetExprWAFOptions(GetHookEnv(&WaapRuntimeConfig{}, ParsedRequest{}))...)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return fmt.Errorf("unable to compile apply %s : %w", apply, err)
|
return fmt.Errorf("unable to compile apply %s : %w", apply, err)
|
||||||
}
|
}
|
||||||
|
@ -220,7 +220,7 @@ func (w *WaapRuntimeConfig) ProcessOnMatchRules(request ParsedRequest) error {
|
||||||
func (w *WaapRuntimeConfig) ProcessPreEvalRules(request ParsedRequest) error {
|
func (w *WaapRuntimeConfig) ProcessPreEvalRules(request ParsedRequest) error {
|
||||||
for _, rule := range w.CompiledPreEval {
|
for _, rule := range w.CompiledPreEval {
|
||||||
if rule.FilterExpr != nil {
|
if rule.FilterExpr != nil {
|
||||||
output, err := expr.Run(rule.FilterExpr, GetHookEnv(*w, request))
|
output, err := expr.Run(rule.FilterExpr, GetHookEnv(w, request))
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return fmt.Errorf("unable to run filter %s : %w", rule.Filter, err)
|
return fmt.Errorf("unable to run filter %s : %w", rule.Filter, err)
|
||||||
}
|
}
|
||||||
|
@ -237,7 +237,7 @@ func (w *WaapRuntimeConfig) ProcessPreEvalRules(request ParsedRequest) error {
|
||||||
}
|
}
|
||||||
// here means there is no filter or the filter matched
|
// here means there is no filter or the filter matched
|
||||||
for _, applyExpr := range rule.ApplyExpr {
|
for _, applyExpr := range rule.ApplyExpr {
|
||||||
_, err := expr.Run(applyExpr, GetHookEnv(*w, request))
|
_, err := expr.Run(applyExpr, GetHookEnv(w, request))
|
||||||
if err != nil {
|
if err != nil {
|
||||||
log.Errorf("unable to apply filter: %s", err)
|
log.Errorf("unable to apply filter: %s", err)
|
||||||
continue
|
continue
|
||||||
|
@ -275,7 +275,24 @@ func (w *WaapRuntimeConfig) RemoveOutbandRuleByID(id int) error {
|
||||||
}
|
}
|
||||||
|
|
||||||
func (w *WaapRuntimeConfig) SetAction(action string) error {
|
func (w *WaapRuntimeConfig) SetAction(action string) error {
|
||||||
|
log.Infof("setting to %s", action)
|
||||||
|
switch action {
|
||||||
|
case "allow":
|
||||||
w.Response.Action = action
|
w.Response.Action = action
|
||||||
|
w.Response.HTTPResponseCode = w.Config.PassedHTTPCode
|
||||||
|
//how should we handle this ?
|
||||||
|
case "deny", "ban", "block":
|
||||||
|
w.Response.Action = "ban"
|
||||||
|
w.Response.HTTPResponseCode = w.Config.BlockedHTTPCode
|
||||||
|
case "log":
|
||||||
|
w.Response.Action = action
|
||||||
|
w.Response.HTTPResponseCode = w.Config.PassedHTTPCode
|
||||||
|
case "captcha":
|
||||||
|
w.Response.Action = action
|
||||||
|
w.Response.HTTPResponseCode = w.Config.BlockedHTTPCode
|
||||||
|
default:
|
||||||
|
return fmt.Errorf("unknown action %s", action)
|
||||||
|
}
|
||||||
return nil
|
return nil
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue