Appsec improvement and fixes after merge (#2645)
This commit is contained in:
AlteredCoder
GitHub
parent
518c7f178a
commit
b1f85693c2
|
|
@ -298,8 +298,9 @@ func (r *AppsecRunner) handleRequest(request *appsec.ParsedRequest) {
|
|||
request.IsInBand = true
|
||||
request.IsOutBand = false
|
||||
|
||||
//to measure the time spent in the Application Security Engine
|
||||
startParsing := time.Now()
|
||||
//to measure the time spent in the Application Security Engine for InBand rules
|
||||
startInBandParsing := time.Now()
|
||||
startGlobalParsing := time.Now()
|
||||
|
||||
//inband appsec rules
|
||||
err := r.ProcessInBandRules(request)
|
||||
|
|
@ -308,13 +309,14 @@ func (r *AppsecRunner) handleRequest(request *appsec.ParsedRequest) {
|
|||
return
|
||||
}
|
||||
|
||||
// time spent to process in band rules
|
||||
inBandParsingElapsed := time.Since(startInBandParsing)
|
||||
AppsecInbandParsingHistogram.With(prometheus.Labels{"source": request.RemoteAddrNormalized}).Observe(inBandParsingElapsed.Seconds())
|
||||
|
||||
if request.Tx.IsInterrupted() {
|
||||
r.handleInBandInterrupt(request)
|
||||
}
|
||||
|
||||
elapsed := time.Since(startParsing)
|
||||
AppsecInbandParsingHistogram.With(prometheus.Labels{"source": request.RemoteAddr}).Observe(elapsed.Seconds())
|
||||
|
||||
// send back the result to the HTTP handler for the InBand part
|
||||
request.ResponseChannel <- r.AppsecRuntime.Response
|
||||
|
||||
|
|
@ -325,12 +327,23 @@ func (r *AppsecRunner) handleRequest(request *appsec.ParsedRequest) {
|
|||
r.AppsecRuntime.Response.SendAlert = false
|
||||
r.AppsecRuntime.Response.SendEvent = true
|
||||
|
||||
//to measure the time spent in the Application Security Engine for OutOfBand rules
|
||||
startOutOfBandParsing := time.Now()
|
||||
|
||||
err = r.ProcessOutOfBandRules(request)
|
||||
if err != nil {
|
||||
logger.Errorf("unable to process OutOfBand rules: %s", err)
|
||||
return
|
||||
}
|
||||
|
||||
// time spent to process out of band rules
|
||||
outOfBandParsingElapsed := time.Since(startOutOfBandParsing)
|
||||
AppsecOutbandParsingHistogram.With(prometheus.Labels{"source": request.RemoteAddrNormalized}).Observe(outOfBandParsingElapsed.Seconds())
|
||||
|
||||
// time spent to process inband AND out of band rules
|
||||
globalParsingElapsed := time.Since(startGlobalParsing)
|
||||
AppsecGlobalParsingHistogram.With(prometheus.Labels{"source": request.RemoteAddrNormalized}).Observe(globalParsingElapsed.Seconds())
|
||||
|
||||
if request.Tx.IsInterrupted() {
|
||||
r.handleOutBandInterrupt(request)
|
||||
}
|
||||
|
|
|
|||
|
|
@ -6,7 +6,7 @@ var AppsecGlobalParsingHistogram = prometheus.NewHistogramVec(
|
|||
prometheus.HistogramOpts{
|
||||
Help: "Time spent processing a request by the Application Security Engine.",
|
||||
Name: "cs_appsec_parsing_time_seconds",
|
||||
Buckets: []float64{0.0005, 0.001, 0.0015, 0.002, 0.0025, 0.003, 0.004, 0.005, 0.0075, 0.01},
|
||||
Buckets: []float64{0.005, 0.01, 0.025, 0.050, 0.1, 0.2, 0.3, 0.4, 0.5, 1},
|
||||
},
|
||||
[]string{"source"},
|
||||
)
|
||||
|
|
@ -15,7 +15,7 @@ var AppsecInbandParsingHistogram = prometheus.NewHistogramVec(
|
|||
prometheus.HistogramOpts{
|
||||
Help: "Time spent processing a request by the inband Application Security Engine.",
|
||||
Name: "cs_appsec_inband_parsing_time_seconds",
|
||||
Buckets: []float64{0.0005, 0.001, 0.0015, 0.002, 0.0025, 0.003, 0.004, 0.005, 0.0075, 0.01},
|
||||
Buckets: []float64{0.005, 0.01, 0.025, 0.050, 0.1, 0.2, 0.3, 0.4, 0.5, 1},
|
||||
},
|
||||
[]string{"source"},
|
||||
)
|
||||
|
|
@ -24,7 +24,7 @@ var AppsecOutbandParsingHistogram = prometheus.NewHistogramVec(
|
|||
prometheus.HistogramOpts{
|
||||
Help: "Time spent processing a request by the Application Security Engine.",
|
||||
Name: "cs_appsec_outband_parsing_time_seconds",
|
||||
Buckets: []float64{0.0005, 0.001, 0.0015, 0.002, 0.0025, 0.003, 0.004, 0.005, 0.0075, 0.01},
|
||||
Buckets: []float64{0.005, 0.01, 0.025, 0.050, 0.1, 0.2, 0.3, 0.4, 0.5, 1},
|
||||
},
|
||||
[]string{"source"},
|
||||
)
|
||||
|
|
|
|||
|
|
@ -63,18 +63,7 @@ func AppsecEventGeneration(inEvt types.Event) (*types.Event, error) {
|
|||
alert.Meta = append(alert.Meta, &meta)
|
||||
}
|
||||
}
|
||||
for _, key := range evt.Appsec.MatchedRules.GetMatchedZones() {
|
||||
valueByte, err := json.Marshal([]string{key})
|
||||
if err != nil {
|
||||
log.Debugf("unable to serialize key %s", key)
|
||||
continue
|
||||
}
|
||||
meta := models.MetaItems0{
|
||||
Key: "matched_zones",
|
||||
Value: string(valueByte),
|
||||
}
|
||||
alert.Meta = append(alert.Meta, &meta)
|
||||
}
|
||||
|
||||
alert.EventsCount = ptr.Of(int32(1))
|
||||
alert.Leakspeed = ptr.Of("")
|
||||
alert.Scenario = ptr.Of(inEvt.Appsec.MatchedRules.GetName())
|
||||
|
|
|
|||
|
|
@ -2,6 +2,7 @@ package types
|
|||
|
||||
import (
|
||||
"regexp"
|
||||
"slices"
|
||||
|
||||
log "github.com/sirupsen/logrus"
|
||||
)
|
||||
|
|
@ -132,7 +133,11 @@ func (w MatchedRules) GetMatchedZones() []string {
|
|||
ret := make([]string, 0)
|
||||
|
||||
for _, rule := range w {
|
||||
ret = append(ret, rule["matched_zones"].([]string)...)
|
||||
for _, zone := range rule["matched_zones"].([]string) {
|
||||
if !slices.Contains(ret, zone) {
|
||||
ret = append(ret, zone)
|
||||
}
|
||||
}
|
||||
}
|
||||
return ret
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in a new issue