We use cookies to ensure you get the best experience on our website
Home Explore Help
Register Sign In
0ct0pu5
/
crowdsec
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

add options via WaapConfig for inband and outofband engines

bui 1 year ago
parent
82bb8a2789
commit
0cebf833c7
2 changed files with 46 additions and 34 deletions
Split View Show Diff Stats
  1. 21 19
      pkg/acquisition/modules/waap/waap_runner.go
  2. 25 15
      pkg/waf/waap.go

+ 21 - 19
pkg/acquisition/modules/waap/waap_runner.go
View File 

@@ -40,37 +40,39 @@ func (r *WaapRunner) Init(datadir string) error {
 
 	for _, collection := range r.WaapRuntime.OutOfBandRules {
 
 		outOfBandRules += collection.String()
 
 	}
 
-	//adapt the logger level to the WAAP
 
 	runnerLogger := r.logger.Dup()
 
-	runnerLogger.Infof("setting logger of %s to %s", r.WaapRuntime.Name, r.WaapRuntime.Config.LogLevel)
 
-	r.WaapInbandEngine, err = coraza.NewWAF(
 
-		coraza.NewWAFConfig().WithDirectives(inBandRules).WithRootFS(fs).WithDebugLogger(NewCrzLogger(runnerLogger)),
 
-	)
 
 
+	//setting up inband engine
 
+	inbandCfg := coraza.NewWAFConfig().WithDirectives(inBandRules).WithRootFS(fs).WithDebugLogger(NewCrzLogger(runnerLogger))
 
+	if !r.WaapRuntime.Config.InbandOptions.DisableBodyInspection {
 
+		inbandCfg = inbandCfg.WithRequestBodyAccess()
 
+	} else {
 
+		log.Warningf("Disabling body inspection, Inband rules will not be able to match on body's content.")
 
+	}
 
+	if r.WaapRuntime.Config.InbandOptions.RequestBodyInMemoryLimit != nil {
 
+		inbandCfg = inbandCfg.WithRequestBodyInMemoryLimit(*r.WaapRuntime.Config.InbandOptions.RequestBodyInMemoryLimit)
 
+	}
 
+	r.WaapInbandEngine, err = coraza.NewWAF(inbandCfg)
 
 	if err != nil {
 
 		return fmt.Errorf("unable to initialize inband engine : %w", err)
 
 	}
 
 
-	tx := r.WaapInbandEngine.NewTransaction()
 
-	if !tx.IsRequestBodyAccessible() {
 
-		runnerLogger.Warningf("request body is not accessible, inband rules won't be able to match on it")
 
+	//setting up outband engine
 
+	outbandCfg := coraza.NewWAFConfig().WithDirectives(outOfBandRules).WithRootFS(fs).WithDebugLogger(NewCrzLogger(runnerLogger))
 
+	if !r.WaapRuntime.Config.OutOfBandOptions.DisableBodyInspection {
 
+		outbandCfg = outbandCfg.WithRequestBodyAccess()
 
+	} else {
 
+		log.Warningf("Disabling body inspection, Out of band rules will not be able to match on body's content.")
 
 	}
 
-	tx.Close()
 
-
 
-	r.WaapOutbandEngine, err = coraza.NewWAF(
 
-		coraza.NewWAFConfig().WithDirectives(outOfBandRules).WithRootFS(fs).WithDebugLogger(NewCrzLogger(runnerLogger)),
 
-	)
 
+	if r.WaapRuntime.Config.OutOfBandOptions.RequestBodyInMemoryLimit != nil {
 
+		outbandCfg = outbandCfg.WithRequestBodyInMemoryLimit(*r.WaapRuntime.Config.OutOfBandOptions.RequestBodyInMemoryLimit)
 
+	}
 
+	r.WaapOutbandEngine, err = coraza.NewWAF(outbandCfg)
 
 
 	if err != nil {
 
 		return fmt.Errorf("unable to initialize outband engine : %w", err)
 
 	}
 
 
-	tx = r.WaapOutbandEngine.NewTransaction()
 
-	if !tx.IsRequestBodyAccessible() {
 
-		runnerLogger.Warningf("request body is not accessible, outband rules won't be able to match on it")
 
-	}
 
-	tx.Close()
 
-
 
 	return nil
 
 }

+ 25 - 15
pkg/waf/waap.go
View File 

@@ -48,12 +48,18 @@ type WaapTempResponse struct {
 
 	SendEvent          bool //do we send an internal event on rule match
 
 }
 
 
+type WaapSubEngineOpts struct {
 
+	DisableBodyInspection    bool `yaml:"disable_body_inspection"`
 
+	RequestBodyInMemoryLimit *int `yaml:"request_body_in_memory_limit"`
 
+}
 
+
 
 // runtime version of WaapConfig
 
 type WaapRuntimeConfig struct {
 
 	Name           string
 
 	OutOfBandRules []WaapCollection
 
-	//OutOfBandEngine XXX
 
-	InBandRules               []WaapCollection
 
+
 
+	InBandRules []WaapCollection
 
+
 
 	DefaultRemediation        string
 
 	CompiledOnLoad            []Hook
 
 	CompiledPreEval           []Hook
 
@@ -67,22 +73,26 @@ type WaapRuntimeConfig struct {
 
 	InBandTx    ExtendedTransaction //is it a good idea ?
 
 	Response    WaapTempResponse
 
 	//should we store matched rules here ?
 
+
 
 }
 
 
 type WaapConfig struct {
 
-	Name               string     `yaml:"name"`
 
-	OutOfBandRules     []string   `yaml:"outofband_rules"`
 
-	InBandRules        []string   `yaml:"inband_rules"`
 
-	DefaultRemediation string     `yaml:"default_remediation"`
 
-	DefaultPassAction  string     `yaml:"default_pass_action"`
 
-	BlockedHTTPCode    int        `yaml:"blocked_http_code"`
 
-	PassedHTTPCode     int        `yaml:"passed_http_code"`
 
-	OnLoad             []Hook     `yaml:"on_load"`
 
-	PreEval            []Hook     `yaml:"pre_eval"`
 
-	OnMatch            []Hook     `yaml:"on_match"`
 
-	VariablesTracking  []string   `yaml:"variables_tracking"`
 
-	LogLevel           *log.Level `yaml:"log_level"`
 
-	Logger             *log.Entry `yaml:"-"`
 
+	Name               string            `yaml:"name"`
 
+	OutOfBandRules     []string          `yaml:"outofband_rules"`
 
+	InBandRules        []string          `yaml:"inband_rules"`
 
+	DefaultRemediation string            `yaml:"default_remediation"`
 
+	DefaultPassAction  string            `yaml:"default_pass_action"`
 
+	BlockedHTTPCode    int               `yaml:"blocked_http_code"`
 
+	PassedHTTPCode     int               `yaml:"passed_http_code"`
 
+	OnLoad             []Hook            `yaml:"on_load"`
 
+	PreEval            []Hook            `yaml:"pre_eval"`
 
+	OnMatch            []Hook            `yaml:"on_match"`
 
+	VariablesTracking  []string          `yaml:"variables_tracking"`
 
+	InbandOptions      WaapSubEngineOpts `yaml:"inband_options"`
 
+	OutOfBandOptions   WaapSubEngineOpts `yaml:"outofband_options"`
 
+
 
+	LogLevel *log.Level `yaml:"log_level"`
 
+	Logger   *log.Entry `yaml:"-"`
 
 }
 
 
 func (w *WaapRuntimeConfig) ClearResponse() {

Contact | Legal | Takedown | Status
Self-hosted public services - About
NibbleSpot by 0ct0pu5