From 84606eb2073f12009ef019926936e4d7263ac052 Mon Sep 17 00:00:00 2001 From: blotus Date: Mon, 22 Jan 2024 13:33:20 +0100 Subject: [PATCH] Appsec hooks fixes (#2769) --- pkg/appsec/appsec.go | 64 ++++++++++++++++++++++++++++++------------- pkg/appsec/request.go | 11 ++++++-- 2 files changed, 53 insertions(+), 22 deletions(-) diff --git a/pkg/appsec/appsec.go b/pkg/appsec/appsec.go index cbf9b5876..ec7e7bef3 100644 --- a/pkg/appsec/appsec.go +++ b/pkg/appsec/appsec.go @@ -130,9 +130,9 @@ type AppsecConfig struct { } func (w *AppsecRuntimeConfig) ClearResponse() { - log.Debugf("#-> %p", w) + w.Logger.Debugf("#-> %p", w) w.Response = AppsecTempResponse{} - log.Debugf("-> %p", w.Config) + w.Logger.Debugf("-> %p", w.Config) w.Response.Action = w.Config.DefaultPassAction w.Response.HTTPResponseCode = w.Config.PassedHTTPCode w.Response.SendEvent = true @@ -290,20 +290,26 @@ func (w *AppsecRuntimeConfig) ProcessOnLoadRules() error { switch t := output.(type) { case bool: if !t { - log.Debugf("filter didnt match") + w.Logger.Debugf("filter didnt match") continue } default: - log.Errorf("Filter must return a boolean, can't filter") + w.Logger.Errorf("Filter must return a boolean, can't filter") continue } } for _, applyExpr := range rule.ApplyExpr { - _, err := exprhelpers.Run(applyExpr, GetOnLoadEnv(w), w.Logger, w.Logger.Level >= log.DebugLevel) + o, err := exprhelpers.Run(applyExpr, GetOnLoadEnv(w), w.Logger, w.Logger.Level >= log.DebugLevel) if err != nil { - log.Errorf("unable to apply appsec on_load expr: %s", err) + w.Logger.Errorf("unable to apply appsec on_load expr: %s", err) continue } + switch t := o.(type) { + case error: + w.Logger.Errorf("unable to apply appsec on_load expr: %s", t) + continue + default: + } } } return nil @@ -320,27 +326,33 @@ func (w *AppsecRuntimeConfig) ProcessOnMatchRules(request *ParsedRequest, evt ty switch t := output.(type) { case bool: if !t { - log.Debugf("filter didnt match") + w.Logger.Debugf("filter didnt match") continue } default: - log.Errorf("Filter must return a boolean, can't filter") + w.Logger.Errorf("Filter must return a boolean, can't filter") continue } } for _, applyExpr := range rule.ApplyExpr { - _, err := exprhelpers.Run(applyExpr, GetOnMatchEnv(w, request, evt), w.Logger, w.Logger.Level >= log.DebugLevel) + o, err := exprhelpers.Run(applyExpr, GetOnMatchEnv(w, request, evt), w.Logger, w.Logger.Level >= log.DebugLevel) if err != nil { - log.Errorf("unable to apply appsec on_match expr: %s", err) + w.Logger.Errorf("unable to apply appsec on_match expr: %s", err) continue } + switch t := o.(type) { + case error: + w.Logger.Errorf("unable to apply appsec on_match expr: %s", t) + continue + default: + } } } return nil } func (w *AppsecRuntimeConfig) ProcessPreEvalRules(request *ParsedRequest) error { - log.Debugf("processing %d pre_eval rules", len(w.CompiledPreEval)) + w.Logger.Debugf("processing %d pre_eval rules", len(w.CompiledPreEval)) for _, rule := range w.CompiledPreEval { if rule.FilterExpr != nil { output, err := exprhelpers.Run(rule.FilterExpr, GetPreEvalEnv(w, request), w.Logger, w.Logger.Level >= log.DebugLevel) @@ -350,21 +362,27 @@ func (w *AppsecRuntimeConfig) ProcessPreEvalRules(request *ParsedRequest) error switch t := output.(type) { case bool: if !t { - log.Debugf("filter didnt match") + w.Logger.Debugf("filter didnt match") continue } default: - log.Errorf("Filter must return a boolean, can't filter") + w.Logger.Errorf("Filter must return a boolean, can't filter") continue } } // here means there is no filter or the filter matched for _, applyExpr := range rule.ApplyExpr { - _, err := exprhelpers.Run(applyExpr, GetPreEvalEnv(w, request), w.Logger, w.Logger.Level >= log.DebugLevel) + o, err := exprhelpers.Run(applyExpr, GetPreEvalEnv(w, request), w.Logger, w.Logger.Level >= log.DebugLevel) if err != nil { - log.Errorf("unable to apply appsec pre_eval expr: %s", err) + w.Logger.Errorf("unable to apply appsec pre_eval expr: %s", err) continue } + switch t := o.(type) { + case error: + w.Logger.Errorf("unable to apply appsec pre_eval expr: %s", t) + continue + default: + } } } @@ -381,21 +399,29 @@ func (w *AppsecRuntimeConfig) ProcessPostEvalRules(request *ParsedRequest) error switch t := output.(type) { case bool: if !t { - log.Debugf("filter didnt match") + w.Logger.Debugf("filter didnt match") continue } default: - log.Errorf("Filter must return a boolean, can't filter") + w.Logger.Errorf("Filter must return a boolean, can't filter") continue } } // here means there is no filter or the filter matched for _, applyExpr := range rule.ApplyExpr { - _, err := exprhelpers.Run(applyExpr, GetPostEvalEnv(w, request), w.Logger, w.Logger.Level >= log.DebugLevel) + o, err := exprhelpers.Run(applyExpr, GetPostEvalEnv(w, request), w.Logger, w.Logger.Level >= log.DebugLevel) + if err != nil { - log.Errorf("unable to apply appsec post_eval expr: %s", err) + w.Logger.Errorf("unable to apply appsec post_eval expr: %s", err) continue } + + switch t := o.(type) { + case error: + w.Logger.Errorf("unable to apply appsec post_eval expr: %s", t) + continue + default: + } } } diff --git a/pkg/appsec/request.go b/pkg/appsec/request.go index e2378277a..f244cee9c 100644 --- a/pkg/appsec/request.go +++ b/pkg/appsec/request.go @@ -38,7 +38,7 @@ type ParsedRequest struct { Body []byte `json:"body,omitempty"` TransferEncoding []string `json:"transfer_encoding,omitempty"` UUID string `json:"uuid,omitempty"` - Tx ExtendedTransaction `json:"transaction,omitempty"` + Tx ExtendedTransaction `json:"-"` ResponseChannel chan AppsecTempResponse `json:"-"` IsInBand bool `json:"-"` IsOutBand bool `json:"-"` @@ -260,12 +260,17 @@ func (r *ReqDumpFilter) ToJSON() error { req := r.GetFilteredRequest() - log.Warningf("dumping : %+v", req) + log.Tracef("dumping : %+v", req) if err := enc.Encode(req); err != nil { + //Don't clobber the temp directory with empty files + err2 := os.Remove(fd.Name()) + if err2 != nil { + log.Errorf("while removing temp file %s: %s", fd.Name(), err) + } return fmt.Errorf("while encoding request: %w", err) } - log.Warningf("request dumped to %s", fd.Name()) + log.Infof("request dumped to %s", fd.Name()) return nil }