From d335e74c817a73926fadf969065a26d02ee9f875 Mon Sep 17 00:00:00 2001 From: Sebastien Blot Date: Wed, 3 May 2023 16:35:28 +0200 Subject: [PATCH] wip --- pkg/acquisition/modules/waf/waf.go | 72 ++++++++++++++++++++++++++++++ 1 file changed, 72 insertions(+) diff --git a/pkg/acquisition/modules/waf/waf.go b/pkg/acquisition/modules/waf/waf.go index b00f53d1a..b1255247a 100644 --- a/pkg/acquisition/modules/waf/waf.go +++ b/pkg/acquisition/modules/waf/waf.go @@ -3,6 +3,8 @@ package wafacquisition import ( "context" "fmt" + "io" + "io/ioutil" "net/http" "github.com/corazawaf/coraza/v3" @@ -179,5 +181,75 @@ func (w *WafSource) wafHandler(rw http.ResponseWriter, r *http.Request) { return } + defer func() { + tx.ProcessLogging() + tx.Close() + }() + + tx.ProcessConnection(r.RemoteAddr, 0, "", 0) + + tx.ProcessURI(r.URL.String(), r.Method, r.Proto) //FIXME: get it from the headers + + for k, vr := range r.Header { + for _, v := range vr { + tx.AddRequestHeader(k, v) + } + } + + if r.Host != "" { + tx.AddRequestHeader("Host", r.Host) + // This connector relies on the host header (now host field) to populate ServerName + tx.SetServerName(r.Host) + } + + if r.TransferEncoding != nil { + tx.AddRequestHeader("Transfer-Encoding", r.TransferEncoding[0]) + } + + in := tx.ProcessRequestHeaders() + if in != nil { + w.logger.Warnf("WAF blocked request: %+v", in) + rw.WriteHeader(http.StatusForbidden) + return + } + + in = tx.ProcessRequestHeaders() + + if in != nil { + w.logger.Warnf("WAF blocked request: %+v", in) + rw.WriteHeader(http.StatusForbidden) + return + } + + if tx.IsRequestBodyAccessible() { + if r.Body != nil && r.Body != http.NoBody { + _, _, err := tx.ReadRequestBodyFrom(r.Body) + if err != nil { + w.logger.Errorf("Cannot read request body: %s", err) + rw.WriteHeader(http.StatusInternalServerError) + return + } + bodyReader, err := tx.RequestBodyReader() + if err != nil { + w.logger.Errorf("Cannot read request body: %s", err) + rw.WriteHeader(http.StatusInternalServerError) + return + } + body := io.MultiReader(bodyReader, r.Body) + r.Body = ioutil.NopCloser(body) + in, err = tx.ProcessRequestBody() + if err != nil { + w.logger.Errorf("Cannot process request body: %s", err) + rw.WriteHeader(http.StatusInternalServerError) + return + } + if in != nil { + w.logger.Warnf("WAF blocked request: %+v", in) + rw.WriteHeader(http.StatusForbidden) + return + } + } + } + rw.WriteHeader(http.StatusOK) }