Fix Remove{in,out}bandby{name,tag}
This commit is contained in:
parent
6fb965bb3f
commit
cb030beaca
2
go.mod
2
go.mod
|
@ -90,7 +90,7 @@ require (
|
||||||
)
|
)
|
||||||
|
|
||||||
require (
|
require (
|
||||||
github.com/crowdsecurity/coraza/v3 v3.0.0-20231204125126-35deffad7734
|
github.com/crowdsecurity/coraza/v3 v3.0.0-20231204135508-23eef9bf7f39
|
||||||
golang.org/x/text v0.14.0
|
golang.org/x/text v0.14.0
|
||||||
gopkg.in/yaml.v3 v3.0.1
|
gopkg.in/yaml.v3 v3.0.1
|
||||||
gotest.tools/v3 v3.5.0
|
gotest.tools/v3 v3.5.0
|
||||||
|
|
4
go.sum
4
go.sum
|
@ -102,6 +102,10 @@ github.com/crowdsecurity/coraza/v3 v3.0.0-20231114091225-b0f8bc435a75 h1:Kp1sY2P
|
||||||
github.com/crowdsecurity/coraza/v3 v3.0.0-20231114091225-b0f8bc435a75/go.mod h1:jNww1Y9SujXQc89zDR+XOb70bkC7mZ6ep7iKhUBBsiI=
|
github.com/crowdsecurity/coraza/v3 v3.0.0-20231114091225-b0f8bc435a75/go.mod h1:jNww1Y9SujXQc89zDR+XOb70bkC7mZ6ep7iKhUBBsiI=
|
||||||
github.com/crowdsecurity/coraza/v3 v3.0.0-20231204125126-35deffad7734 h1:THMSMkBW/DLG5NvMAr/Mdg/eQOrEnMJ9Y+UdFG4yV8k=
|
github.com/crowdsecurity/coraza/v3 v3.0.0-20231204125126-35deffad7734 h1:THMSMkBW/DLG5NvMAr/Mdg/eQOrEnMJ9Y+UdFG4yV8k=
|
||||||
github.com/crowdsecurity/coraza/v3 v3.0.0-20231204125126-35deffad7734/go.mod h1:jNww1Y9SujXQc89zDR+XOb70bkC7mZ6ep7iKhUBBsiI=
|
github.com/crowdsecurity/coraza/v3 v3.0.0-20231204125126-35deffad7734/go.mod h1:jNww1Y9SujXQc89zDR+XOb70bkC7mZ6ep7iKhUBBsiI=
|
||||||
|
github.com/crowdsecurity/coraza/v3 v3.0.0-20231204135226-6c45fc2dedf9 h1:vFJiYtKOW5DwGQ9gxQi8+XDNc+YvuXXsJyWXXuiOn+M=
|
||||||
|
github.com/crowdsecurity/coraza/v3 v3.0.0-20231204135226-6c45fc2dedf9/go.mod h1:jNww1Y9SujXQc89zDR+XOb70bkC7mZ6ep7iKhUBBsiI=
|
||||||
|
github.com/crowdsecurity/coraza/v3 v3.0.0-20231204135508-23eef9bf7f39 h1:vY0KZvoS4Xl9IfGucBA4l1CV1auRPPJtjZSTz/Rl6iQ=
|
||||||
|
github.com/crowdsecurity/coraza/v3 v3.0.0-20231204135508-23eef9bf7f39/go.mod h1:jNww1Y9SujXQc89zDR+XOb70bkC7mZ6ep7iKhUBBsiI=
|
||||||
github.com/crowdsecurity/dlog v0.0.0-20170105205344-4fb5f8204f26 h1:r97WNVC30Uen+7WnLs4xDScS/Ex988+id2k6mDf8psU=
|
github.com/crowdsecurity/dlog v0.0.0-20170105205344-4fb5f8204f26 h1:r97WNVC30Uen+7WnLs4xDScS/Ex988+id2k6mDf8psU=
|
||||||
github.com/crowdsecurity/dlog v0.0.0-20170105205344-4fb5f8204f26/go.mod h1:zpv7r+7KXwgVUZnUNjyP22zc/D7LKjyoY02weH2RBbk=
|
github.com/crowdsecurity/dlog v0.0.0-20170105205344-4fb5f8204f26/go.mod h1:zpv7r+7KXwgVUZnUNjyP22zc/D7LKjyoY02weH2RBbk=
|
||||||
github.com/crowdsecurity/go-cs-lib v0.0.5 h1:eVLW+BRj3ZYn0xt5/xmgzfbbB8EBo32gM4+WpQQk2e8=
|
github.com/crowdsecurity/go-cs-lib v0.0.5 h1:eVLW+BRj3ZYn0xt5/xmgzfbbB8EBo32gM4+WpQQk2e8=
|
||||||
|
|
|
@ -70,6 +70,30 @@ func (r *WaapRunner) Init(datadir string) error {
|
||||||
}
|
}
|
||||||
r.WaapOutbandEngine, err = coraza.NewWAF(outbandCfg)
|
r.WaapOutbandEngine, err = coraza.NewWAF(outbandCfg)
|
||||||
|
|
||||||
|
if r.WaapRuntime.DisabledInBandRulesTags != nil {
|
||||||
|
for _, tag := range r.WaapRuntime.DisabledInBandRulesTags {
|
||||||
|
r.WaapInbandEngine.GetRuleGroup().DeleteByTag(tag)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
if r.WaapRuntime.DisabledOutOfBandRulesTags != nil {
|
||||||
|
for _, tag := range r.WaapRuntime.DisabledOutOfBandRulesTags {
|
||||||
|
r.WaapOutbandEngine.GetRuleGroup().DeleteByTag(tag)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
if r.WaapRuntime.DisabledInBandRuleIds != nil {
|
||||||
|
for _, id := range r.WaapRuntime.DisabledInBandRuleIds {
|
||||||
|
r.WaapInbandEngine.GetRuleGroup().DeleteByID(id)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
if r.WaapRuntime.DisabledOutOfBandRuleIds != nil {
|
||||||
|
for _, id := range r.WaapRuntime.DisabledOutOfBandRuleIds {
|
||||||
|
r.WaapOutbandEngine.GetRuleGroup().DeleteByID(id)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return fmt.Errorf("unable to initialize outband engine : %w", err)
|
return fmt.Errorf("unable to initialize outband engine : %w", err)
|
||||||
}
|
}
|
||||||
|
|
|
@ -103,11 +103,11 @@ type WaapRuntimeConfig struct {
|
||||||
Logger *log.Entry
|
Logger *log.Entry
|
||||||
|
|
||||||
//Set by on_load to ignore some rules on loading
|
//Set by on_load to ignore some rules on loading
|
||||||
disabledInBandRuleIds []int
|
DisabledInBandRuleIds []int
|
||||||
disabledInBandRulesTags []string //Also used for ByName, as the name (for modsec rules) is a tag crowdsec-NAME
|
DisabledInBandRulesTags []string //Also used for ByName, as the name (for modsec rules) is a tag crowdsec-NAME
|
||||||
|
|
||||||
disabledOutOfBandRuleIds []int
|
DisabledOutOfBandRuleIds []int
|
||||||
disabledOutOfBandRulesTags []string //Also used for ByName, as the name (for modsec rules) is a tag crowdsec-NAME
|
DisabledOutOfBandRulesTags []string //Also used for ByName, as the name (for modsec rules) is a tag crowdsec-NAME
|
||||||
}
|
}
|
||||||
|
|
||||||
type WaapConfig struct {
|
type WaapConfig struct {
|
||||||
|
@ -434,7 +434,7 @@ func (w *WaapRuntimeConfig) CancelEvent(params ...any) (any, error) {
|
||||||
// func (w *WaapRuntimeConfig) DisableInBandRuleByID(id int) error {
|
// func (w *WaapRuntimeConfig) DisableInBandRuleByID(id int) error {
|
||||||
// Disable a rule at load time, meaning it will not run for any request
|
// Disable a rule at load time, meaning it will not run for any request
|
||||||
func (w *WaapRuntimeConfig) DisableInBandRuleByID(params ...any) (any, error) {
|
func (w *WaapRuntimeConfig) DisableInBandRuleByID(params ...any) (any, error) {
|
||||||
w.disabledInBandRuleIds = append(w.disabledInBandRuleIds, params[0].(int))
|
w.DisabledInBandRuleIds = append(w.DisabledInBandRuleIds, params[0].(int))
|
||||||
return nil, nil
|
return nil, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -442,21 +442,21 @@ func (w *WaapRuntimeConfig) DisableInBandRuleByID(params ...any) (any, error) {
|
||||||
// Disable a rule at load time, meaning it will not run for any request
|
// Disable a rule at load time, meaning it will not run for any request
|
||||||
func (w *WaapRuntimeConfig) DisableInBandRuleByName(params ...any) (any, error) {
|
func (w *WaapRuntimeConfig) DisableInBandRuleByName(params ...any) (any, error) {
|
||||||
tagValue := fmt.Sprintf("crowdsec-%s", params[0].(string))
|
tagValue := fmt.Sprintf("crowdsec-%s", params[0].(string))
|
||||||
w.disabledInBandRulesTags = append(w.disabledInBandRulesTags, tagValue)
|
w.DisabledInBandRulesTags = append(w.DisabledInBandRulesTags, tagValue)
|
||||||
return nil, nil
|
return nil, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
// func (w *WaapRuntimeConfig) DisableInBandRuleByTag(tag string) error {
|
// func (w *WaapRuntimeConfig) DisableInBandRuleByTag(tag string) error {
|
||||||
// Disable a rule at load time, meaning it will not run for any request
|
// Disable a rule at load time, meaning it will not run for any request
|
||||||
func (w *WaapRuntimeConfig) DisableInBandRuleByTag(params ...any) (any, error) {
|
func (w *WaapRuntimeConfig) DisableInBandRuleByTag(params ...any) (any, error) {
|
||||||
w.disabledInBandRulesTags = append(w.disabledInBandRulesTags, params[0].(string))
|
w.DisabledInBandRulesTags = append(w.DisabledInBandRulesTags, params[0].(string))
|
||||||
return nil, nil
|
return nil, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
// func (w *WaapRuntimeConfig) DisableOutBandRuleByID(id int) error {
|
// func (w *WaapRuntimeConfig) DisableOutBandRuleByID(id int) error {
|
||||||
// Disable a rule at load time, meaning it will not run for any request
|
// Disable a rule at load time, meaning it will not run for any request
|
||||||
func (w *WaapRuntimeConfig) DisableOutBandRuleByID(params ...any) (any, error) {
|
func (w *WaapRuntimeConfig) DisableOutBandRuleByID(params ...any) (any, error) {
|
||||||
w.disabledOutOfBandRuleIds = append(w.disabledOutOfBandRuleIds, params[0].(int))
|
w.DisabledOutOfBandRuleIds = append(w.DisabledOutOfBandRuleIds, params[0].(int))
|
||||||
return nil, nil
|
return nil, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -464,14 +464,14 @@ func (w *WaapRuntimeConfig) DisableOutBandRuleByID(params ...any) (any, error) {
|
||||||
// Disable a rule at load time, meaning it will not run for any request
|
// Disable a rule at load time, meaning it will not run for any request
|
||||||
func (w *WaapRuntimeConfig) DisableOutBandRuleByName(params ...any) (any, error) {
|
func (w *WaapRuntimeConfig) DisableOutBandRuleByName(params ...any) (any, error) {
|
||||||
tagValue := fmt.Sprintf("crowdsec-%s", params[0].(string))
|
tagValue := fmt.Sprintf("crowdsec-%s", params[0].(string))
|
||||||
w.disabledOutOfBandRulesTags = append(w.disabledOutOfBandRulesTags, tagValue)
|
w.DisabledOutOfBandRulesTags = append(w.DisabledOutOfBandRulesTags, tagValue)
|
||||||
return nil, nil
|
return nil, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
// func (w *WaapRuntimeConfig) DisableOutBandRuleByTag(tag string) error {
|
// func (w *WaapRuntimeConfig) DisableOutBandRuleByTag(tag string) error {
|
||||||
// Disable a rule at load time, meaning it will not run for any request
|
// Disable a rule at load time, meaning it will not run for any request
|
||||||
func (w *WaapRuntimeConfig) DisableOutBandRuleByTag(params ...any) (any, error) {
|
func (w *WaapRuntimeConfig) DisableOutBandRuleByTag(params ...any) (any, error) {
|
||||||
w.disabledOutOfBandRulesTags = append(w.disabledOutOfBandRulesTags, params[0].(string))
|
w.DisabledOutOfBandRulesTags = append(w.DisabledOutOfBandRulesTags, params[0].(string))
|
||||||
return nil, nil
|
return nil, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -24,8 +24,10 @@ func GetOnLoadEnv(w *WaapRuntimeConfig) map[string]interface{} {
|
||||||
return map[string]interface{}{
|
return map[string]interface{}{
|
||||||
"RemoveInBandRuleByID": w.DisableInBandRuleByID,
|
"RemoveInBandRuleByID": w.DisableInBandRuleByID,
|
||||||
"RemoveOutBandRuleByID": w.DisableOutBandRuleByID,
|
"RemoveOutBandRuleByID": w.DisableOutBandRuleByID,
|
||||||
|
"RemoveInBandRuleByName": w.DisableInBandRuleByName,
|
||||||
"RemoveInBandRuleByTag": w.DisableInBandRuleByTag,
|
"RemoveInBandRuleByTag": w.DisableInBandRuleByTag,
|
||||||
"RemoveOutBandRuleByTag": w.DisableOutBandRuleByTag,
|
"RemoveOutBandRuleByTag": w.DisableOutBandRuleByTag,
|
||||||
|
"RemoveOutBandRuleByName": w.DisableOutBandRuleByName,
|
||||||
"SetRemediationByTag": w.SetActionByTag,
|
"SetRemediationByTag": w.SetActionByTag,
|
||||||
"SetRemediationByID": w.SetActionByID,
|
"SetRemediationByID": w.SetActionByID,
|
||||||
"SetRemediationByName": w.SetActionByName,
|
"SetRemediationByName": w.SetActionByName,
|
||||||
|
|
Loading…
Reference in a new issue