beenull/crowdsec
1
0
Fork 0
Code Issues Pull requests Packages Projects Releases Wiki Activity

wip

Browse source
This commit is contained in:
Sebastien Blot 2023-06-13 17:07:42 +02:00
parent 40f65de7b9
commit 805752dc62
No known key found for this signature in database
GPG key ID: DFC2902F40449F6A
2 changed files with 23 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

17
pkg/acquisition/modules/waf/waf.go
View file

@ -17,6 +17,7 @@ import (
"github.com/crowdsecurity/crowdsec/pkg/types" "github.com/crowdsecurity/crowdsec/pkg/types"
"github.com/crowdsecurity/crowdsec/pkg/waf" "github.com/crowdsecurity/crowdsec/pkg/waf"
"github.com/crowdsecurity/go-cs-lib/pkg/trace" "github.com/crowdsecurity/go-cs-lib/pkg/trace"
"github.com/davecgh/go-spew/spew"
"github.com/google/uuid" "github.com/google/uuid"
"github.com/pkg/errors" "github.com/pkg/errors"
"github.com/prometheus/client_golang/prometheus" "github.com/prometheus/client_golang/prometheus"
@ -142,6 +143,14 @@ func (w *WafSource) Configure(yamlConfig []byte, logger *log.Entry) error {
WithDirectives(inBandRules).WithRootFS(fs), WithDirectives(inBandRules).WithRootFS(fs),
) )
//for _, rule := range inbandwaf.GetWAF().Rules.GetRules() {
// w.logger.Infof("Action for Rule %d: %+v ", rule.ID(), rule.GetActions())
//}
//betterwaf := experimental.ToBetterWAFEngine(inbandwaf)
//spew.Dump(betterwaf.Waf.Rules)
if err != nil { if err != nil {
return errors.Wrap(err, "Cannot create WAF") return errors.Wrap(err, "Cannot create WAF")
} }
@ -288,6 +297,8 @@ func processReqWithEngine(waf coraza.WAF, r ParsedRequest, uuid string, wafType
tx.Close() tx.Close()
}() }()
log.Infof("Processing request with %s WAF", wafType)
//this method is not exported by coraza, so we have to do it ourselves. //this method is not exported by coraza, so we have to do it ourselves.
//ideally, this would be dealt with by expr code, and we provide helpers to manipulate the transaction object?\ //ideally, this would be dealt with by expr code, and we provide helpers to manipulate the transaction object?\
//var txx experimental.FullTransaction //var txx experimental.FullTransaction
@ -317,6 +328,12 @@ func processReqWithEngine(waf coraza.WAF, r ParsedRequest, uuid string, wafType
} }
in = tx.ProcessRequestHeaders() in = tx.ProcessRequestHeaders()
//spew.Dump(in)
//spew.Dump(tx.MatchedRules())
for _, rule := range tx.MatchedRules() {
spew.Dump(rule.Rule())
}
//if we're inband, we should stop here, but for outofband go to the end //if we're inband, we should stop here, but for outofband go to the end
if in != nil && wafType == InBand { if in != nil && wafType == InBand {

8
pkg/waf/waf.go
View file

@ -61,7 +61,8 @@ func buildHook(hook Hook) (CompiledHook, error) {
} }
for _, apply := range hook.Apply { for _, apply := range hook.Apply {
program, err := expr.Compile(apply, GetExprWAFOptions(map[string]interface{}{ program, err := expr.Compile(apply, GetExprWAFOptions(map[string]interface{}{
"WafRules": []WafRule{}, "InBandRules": []WafRule{},
"OutOfBandRules": []WafRule{},
})...) })...)
if err != nil { if err != nil {
log.Errorf("unable to compile apply %s : %s", apply, err) log.Errorf("unable to compile apply %s : %s", apply, err)
@ -152,7 +153,10 @@ func (w *WafConfig) LoadWafRules() error {
//Ignore filter for on load ? //Ignore filter for on load ?
if onLoadHook.Apply != nil { if onLoadHook.Apply != nil {
for exprIdx, applyExpr := range onLoadHook.Apply { for exprIdx, applyExpr := range onLoadHook.Apply {
_, err := expr.Run(applyExpr, nil) //FIXME: give proper env _, err := expr.Run(applyExpr, map[string]interface{}{
"InBandRules": []WafRule{},
"OutOfBandRules": []WafRule{},
})
if err != nil { if err != nil {
w.logger.Errorf("unable to run apply for on_load rule %s : %s", wafRule.OnLoad[hookIdx].Apply[exprIdx], err) w.logger.Errorf("unable to run apply for on_load rule %s : %s", wafRule.OnLoad[hookIdx].Apply[exprIdx], err)
continue continue