8cca4346a5
Add a new datasource that: - Receives HTTP requests from remediation components - Apply rules on them to determine whether they are malicious or not - Rules can be evaluated in-band (the remediation component will block the request directly) or out-band (the RC will let the request through, but crowdsec can still process the rule matches with scenarios) The PR also adds support for 2 new hub items: - appsec-configs: Configure the Application Security Engine (which rules to load, in which phase) - appsec-rules: a rule that is added in the Application Security Engine (can use either our own format, or seclang) --------- Co-authored-by: alteredCoder <kevin@crowdsec.net> Co-authored-by: Sebastien Blot <sebastien@crowdsec.net> Co-authored-by: mmetc <92726601+mmetc@users.noreply.github.com> Co-authored-by: Marco Mariani <marco@crowdsec.net>
60 lines
2.1 KiB
Go
60 lines
2.1 KiB
Go
package appsec
|
|
|
|
import (
|
|
"github.com/crowdsecurity/crowdsec/pkg/types"
|
|
)
|
|
|
|
func GetOnLoadEnv(w *AppsecRuntimeConfig) map[string]interface{} {
|
|
return map[string]interface{}{
|
|
"RemoveInBandRuleByID": w.DisableInBandRuleByID,
|
|
"RemoveInBandRuleByTag": w.DisableInBandRuleByTag,
|
|
"RemoveInBandRuleByName": w.DisableInBandRuleByName,
|
|
"RemoveOutBandRuleByID": w.DisableOutBandRuleByID,
|
|
"RemoveOutBandRuleByTag": w.DisableOutBandRuleByTag,
|
|
"RemoveOutBandRuleByName": w.DisableOutBandRuleByName,
|
|
"SetRemediationByTag": w.SetActionByTag,
|
|
"SetRemediationByID": w.SetActionByID,
|
|
"SetRemediationByName": w.SetActionByName,
|
|
}
|
|
}
|
|
|
|
func GetPreEvalEnv(w *AppsecRuntimeConfig, request *ParsedRequest) map[string]interface{} {
|
|
return map[string]interface{}{
|
|
"IsInBand": request.IsInBand,
|
|
"IsOutBand": request.IsOutBand,
|
|
"RemoveInBandRuleByID": w.RemoveInbandRuleByID,
|
|
"RemoveInBandRuleByName": w.RemoveInbandRuleByName,
|
|
"RemoveInBandRuleByTag": w.RemoveInbandRuleByTag,
|
|
"RemoveOutBandRuleByID": w.RemoveOutbandRuleByID,
|
|
"RemoveOutBandRuleByTag": w.RemoveOutbandRuleByTag,
|
|
"RemoveOutBandRuleByName": w.RemoveOutbandRuleByName,
|
|
"SetRemediationByTag": w.SetActionByTag,
|
|
"SetRemediationByID": w.SetActionByID,
|
|
"SetRemediationByName": w.SetActionByName,
|
|
}
|
|
}
|
|
|
|
func GetPostEvalEnv(w *AppsecRuntimeConfig, request *ParsedRequest) map[string]interface{} {
|
|
return map[string]interface{}{
|
|
"IsInBand": request.IsInBand,
|
|
"IsOutBand": request.IsOutBand,
|
|
"DumpRequest": request.DumpRequest,
|
|
}
|
|
}
|
|
|
|
func GetOnMatchEnv(w *AppsecRuntimeConfig, request *ParsedRequest, evt types.Event) map[string]interface{} {
|
|
return map[string]interface{}{
|
|
"evt": evt,
|
|
"req": request,
|
|
"IsInBand": request.IsInBand,
|
|
"IsOutBand": request.IsOutBand,
|
|
"SetRemediation": w.SetAction,
|
|
"SetReturnCode": w.SetHTTPCode,
|
|
"CancelEvent": w.CancelEvent,
|
|
"SendEvent": w.SendEvent,
|
|
"CancelAlert": w.CancelAlert,
|
|
"SendAlert": w.SendAlert,
|
|
"DumpRequest": request.DumpRequest,
|
|
}
|
|
}
|