We use cookies to ensure you get the best experience on our website
Startseite Erkunden Hilfe
Registrieren Anmelden
0ct0pu5
/
crowdsec
1
0
Fork 0
Dateien Issues 0 Pull-Requests 0 Wiki
Quellcode durchsuchen

propagate labels from acquis to appsec events

Sebastien Blot vor 1 Jahr
Ursprung
5503b2374a
Commit
25635a306f
2 geänderte Dateien mit 5 neuen und 4 gelöschten Zeilen
Geteilte Ansicht Diff-Statistik anzeigen
  1. 3 2
      pkg/acquisition/modules/appsec/appsec_runner.go
  2. 2 2
      pkg/acquisition/modules/appsec/utils.go

+ 3 - 2
pkg/acquisition/modules/appsec/appsec_runner.go
Datei anzeigen 

@@ -23,6 +23,7 @@ type AppsecRunner struct {
 
 	AppsecRuntime       *appsec.AppsecRuntimeConfig //this holds the actual appsec runtime config, rules, remediations, hooks etc.
 
 	AppsecInbandEngine  coraza.WAF
 
 	AppsecOutbandEngine coraza.WAF
 
+	Labels              map[string]string
 
 	logger              *log.Entry
 
 }
 
 
@@ -205,7 +206,7 @@ func (r *AppsecRunner) ProcessOutOfBandRules(request *appsec.ParsedRequest) erro
 
 
 func (r *AppsecRunner) handleInBandInterrupt(request *appsec.ParsedRequest) {
 
 	//create the associated event for crowdsec itself
 
-	evt, err := EventFromRequest(request)
 
+	evt, err := EventFromRequest(request, r.Labels)
 
 	if err != nil {
 
 		//let's not interrupt the pipeline for this
 
 		r.logger.Errorf("unable to create event from request : %s", err)
 
@@ -253,7 +254,7 @@ func (r *AppsecRunner) handleInBandInterrupt(request *appsec.ParsedRequest) {
 
 }
 
 
 func (r *AppsecRunner) handleOutBandInterrupt(request *appsec.ParsedRequest) {
 
-	evt, err := EventFromRequest(request)
 
+	evt, err := EventFromRequest(request, r.Labels)
 
 	if err != nil {
 
 		//let's not interrupt the pipeline for this
 
 		r.logger.Errorf("unable to create event from request : %s", err)

+ 2 - 2
pkg/acquisition/modules/appsec/utils.go
Datei anzeigen 

@@ -68,7 +68,7 @@ func AppsecEventGeneration(inEvt types.Event) (*types.Event, error) {
 
 	return &evt, nil
 
 }
 
 
-func EventFromRequest(r *appsec.ParsedRequest) (types.Event, error) {
 
+func EventFromRequest(r *appsec.ParsedRequest, labels map[string]string) (types.Event, error) {
 
 	evt := types.Event{}
 
 	//we might want to change this based on in-band vs out-of-band ?
 
 	evt.Type = types.LOG
 
@@ -91,7 +91,7 @@ func EventFromRequest(r *appsec.ParsedRequest) (types.Event, error) {
 
 	evt.Line = types.Line{
 
 		Time: time.Now(),
 
 		//should we add some info like listen addr/port/path ?
 
-		Labels:  map[string]string{"type": "crowdsec-appsec"}, //FIXME: use the labels from the acquis
 
+		Labels:  labels,
 
 		Process: true,
 
 		Module:  "appsec",
 
 		Src:     "appsec",

Contact | Legal | Takedown | Status
Self-hosted public services - About
NibbleSpot by 0ct0pu5