beenull/crowdsec
1
0
Fork 0
Code Issues Pull requests Packages Projects Releases Wiki Activity

up

Browse source
This commit is contained in:
Sebastien Blot 2023-11-08 21:14:03 +01:00
parent 927310a439
commit a0b0745f9d
No known key found for this signature in database
GPG key ID: DFC2902F40449F6A
2 changed files with 64 additions and 55 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
pkg/waf/waap.go
View file

@ -183,21 +183,21 @@ func (wc *WaapConfig) Build() (*WaapRuntimeConfig, error) {
//load rules //load rules
for _, rule := range wc.OutOfBandRules { for _, rule := range wc.OutOfBandRules {
wc.Logger.Infof("loading outofband rule %s", rule) wc.Logger.Infof("loading outofband rule %s", rule)
collection, err := LoadCollection(rule) collections, err := LoadCollection(rule)
if err != nil { if err != nil {
return nil, fmt.Errorf("unable to load outofband rule %s : %s", rule, err) return nil, fmt.Errorf("unable to load outofband rule %s : %s", rule, err)
} }
ret.OutOfBandRules = append(ret.OutOfBandRules, collection) ret.OutOfBandRules = append(ret.OutOfBandRules, collections...)
} }
wc.Logger.Infof("Loaded %d outofband rules", len(ret.OutOfBandRules)) wc.Logger.Infof("Loaded %d outofband rules", len(ret.OutOfBandRules))
for _, rule := range wc.InBandRules { for _, rule := range wc.InBandRules {
wc.Logger.Infof("loading inband rule %s", rule) wc.Logger.Infof("loading inband rule %s", rule)
collection, err := LoadCollection(rule) collections, err := LoadCollection(rule)
if err != nil { if err != nil {
return nil, fmt.Errorf("unable to load inband rule %s : %s", rule, err) return nil, fmt.Errorf("unable to load inband rule %s : %s", rule, err)
} }
ret.InBandRules = append(ret.InBandRules, collection) ret.InBandRules = append(ret.InBandRules, collections...)
} }
wc.Logger.Infof("Loaded %d inband rules", len(ret.InBandRules)) wc.Logger.Infof("Loaded %d inband rules", len(ret.InBandRules))

51
pkg/waf/waap_rules_collection.go
View file

@ -47,26 +47,34 @@ type RulesDetails struct {
// Is using the id is a good idea ? might be too specific to coraza and not easily reusable // Is using the id is a good idea ? might be too specific to coraza and not easily reusable
var WaapRulesDetails = make(map[int]RulesDetails) var WaapRulesDetails = make(map[int]RulesDetails)
func LoadCollection(collection string) (WaapCollection, error) { func LoadCollection(pattern string) ([]WaapCollection, error) {
hub, err := cwhub.GetHub() hub, err := cwhub.GetHub()
if err != nil { if err != nil {
return WaapCollection{}, fmt.Errorf("unable to load hub : %s", err) return nil, fmt.Errorf("unable to load hub : %s", err)
} }
var loadedRule WaapCollectionConfig ret := make([]WaapCollection, 0)
var ok bool
if loadedRule, ok = waapRules[collection]; !ok { for _, waapRule := range waapRules {
return WaapCollection{}, fmt.Errorf("no waap rules found for collection %s", collection)
matched, err := filepath.Match(pattern, waapRule.Name)
if err != nil {
log.Errorf("unable to match %s with %s : %s", waapRule.Name, pattern, err)
continue
}
if !matched {
continue
} }
waapCol := WaapCollection{ waapCol := WaapCollection{
collectionName: loadedRule.Name, collectionName: waapRule.Name,
} }
if loadedRule.SecLangFilesRules != nil { if waapRule.SecLangFilesRules != nil {
for _, rulesFile := range loadedRule.SecLangFilesRules { for _, rulesFile := range waapRule.SecLangFilesRules {
fullPath := filepath.Join(hub.GetDataDir(), rulesFile) fullPath := filepath.Join(hub.GetDataDir(), rulesFile)
c, err := os.ReadFile(fullPath) c, err := os.ReadFile(fullPath)
if err != nil { if err != nil {
@ -85,16 +93,16 @@ func LoadCollection(collection string) (WaapCollection, error) {
} }
} }
if loadedRule.SecLangRules != nil { if waapRule.SecLangRules != nil {
waapCol.Rules = append(waapCol.Rules, loadedRule.SecLangRules...) waapCol.Rules = append(waapCol.Rules, waapRule.SecLangRules...)
} }
if loadedRule.Rules != nil { if waapRule.Rules != nil {
for _, rule := range loadedRule.Rules { for _, rule := range waapRule.Rules {
strRule, rulesId, err := rule.Convert(waap_rule.ModsecurityRuleType, loadedRule.Name) strRule, rulesId, err := rule.Convert(waap_rule.ModsecurityRuleType, waapRule.Name)
if err != nil { if err != nil {
log.Errorf("unable to convert rule %s : %s", rule.Name, err) log.Errorf("unable to convert rule %s : %s", rule.Name, err)
return WaapCollection{}, err return nil, err
} }
log.Infof("Adding rule %s", strRule) log.Infof("Adding rule %s", strRule)
waapCol.Rules = append(waapCol.Rules, strRule) waapCol.Rules = append(waapCol.Rules, strRule)
@ -103,21 +111,22 @@ func LoadCollection(collection string) (WaapCollection, error) {
if _, ok := WaapRulesDetails[int(rulesId[0])]; !ok { if _, ok := WaapRulesDetails[int(rulesId[0])]; !ok {
WaapRulesDetails[int(rulesId[0])] = RulesDetails{ WaapRulesDetails[int(rulesId[0])] = RulesDetails{
LogLevel: log.InfoLevel, LogLevel: log.InfoLevel,
Hash: loadedRule.hash, Hash: waapRule.hash,
Version: loadedRule.version, Version: waapRule.version,
Name: loadedRule.Name, Name: waapRule.Name,
} }
} else { } else {
log.Warnf("conflicting id %d for rule %s !", rulesId[0], rule.Name) log.Warnf("conflicting id %d for rule %s !", rulesId[0], rule.Name)
} }
for _, id := range rulesId { for _, id := range rulesId {
SetRuleDebug(int(id), loadedRule.Debug) SetRuleDebug(int(id), waapRule.Debug)
} }
} }
} }
ret = append(ret, waapCol)
return waapCol, nil }
return ret, nil
} }
func (wcc WaapCollectionConfig) LoadCollection(collection string) (WaapCollection, error) { func (wcc WaapCollectionConfig) LoadCollection(collection string) (WaapCollection, error) {