From d5e0c8a36b77552e41f37e70facdfaa4bb713dff Mon Sep 17 00:00:00 2001 From: Sebastien Blot Date: Thu, 14 Sep 2023 09:39:24 +0200 Subject: [PATCH] up --- pkg/waf/waap.go | 1 - pkg/waf/waap_rules_collection.go | 61 ++++++++++++++++++++++++++++++-- 2 files changed, 58 insertions(+), 4 deletions(-) diff --git a/pkg/waf/waap.go b/pkg/waf/waap.go index 0c4f4e232..f7128e991 100644 --- a/pkg/waf/waap.go +++ b/pkg/waf/waap.go @@ -117,7 +117,6 @@ func (wc *WaapConfig) Load(file string) error { wc.DefaultPassAction = "allow" } return nil - } func (wc *WaapConfig) Build() (*WaapRuntimeConfig, error) { diff --git a/pkg/waf/waap_rules_collection.go b/pkg/waf/waap_rules_collection.go index ce7e605ec..c641a2397 100644 --- a/pkg/waf/waap_rules_collection.go +++ b/pkg/waf/waap_rules_collection.go @@ -1,20 +1,75 @@ package waf -import corazatypes "github.com/crowdsecurity/coraza/v3/types" +import ( + "fmt" + "os" + + corazatypes "github.com/crowdsecurity/coraza/v3/types" + "github.com/crowdsecurity/crowdsec/pkg/cwhub" + "gopkg.in/yaml.v2" + + log "github.com/sirupsen/logrus" +) // to be filled w/ seb update type WaapCollection struct { + collectionName string } // to be filled w/ seb update type WaapCollectionConfig struct { + Type string `yaml:"type"` + Name string `yaml:"name"` SecLangFilesRules []string `yaml:"seclang_files_rules"` SecLangRules []string `yaml:"seclang_rules"` MergedRules []string `yaml:"-"` } func LoadCollection(collection string) (WaapCollection, error) { - return WaapCollection{}, nil + + //FIXME: do it once globally + var waapRules map[string]WaapCollectionConfig + for _, hubWafRuleItem := range cwhub.GetItemMap(cwhub.WAF_RULES) { + if !hubWafRuleItem.Installed { + continue + } + + content, err := os.ReadFile(hubWafRuleItem.LocalPath) + + if err != nil { + log.Warnf("unable to read file %s : %s", hubWafRuleItem.LocalPath, err) + continue + } + + var rule WaapCollectionConfig + + err = yaml.Unmarshal(content, &rule) + + if err != nil { + log.Warnf("unable to unmarshal file %s : %s", hubWafRuleItem.LocalPath, err) + continue + } + + if rule.Type != "waap-rule" { + log.Warnf("unexpected type %s instead of waap-rule for file %s", rule.Type, hubWafRuleItem.LocalPath) + continue + } + waapRules[rule.Name] = rule + } + + if len(waapRules) == 0 { + return WaapCollection{}, fmt.Errorf("no waap rules found in hub") + } + + var loadedRule WaapCollectionConfig + + if loadedRule, ok := waapRules[collection]; !ok { + return WaapCollection{}, fmt.Errorf("no waap rules found for collection %s", collection) + } + + return WaapCollection{ + collectionName: loadedRule.Name, + }, nil } func (wcc WaapCollectionConfig) LoadCollection(collection string) (WaapCollection, error) { @@ -30,5 +85,5 @@ func (w WaapCollection) Eval(req ParsedRequest) (*corazatypes.Interruption, erro } func (w WaapCollection) GetDisplayName() string { - return "rule XX" + return w.collectionName }