před 1 rokem · 25635a306f
--- a/pkg/acquisition/modules/appsec/appsec_runner.go
+++ b/pkg/acquisition/modules/appsec/appsec_runner.go
@@ -23,6 +23,7 @@ type AppsecRunner struct {
 
				 	AppsecRuntime       *appsec.AppsecRuntimeConfig //this holds the actual appsec runtime config, rules, remediations, hooks etc.
			
 
				 	AppsecInbandEngine  coraza.WAF
			
 
				 	AppsecOutbandEngine coraza.WAF
			
 
				+	Labels              map[string]string
			
 
				 	logger              *log.Entry
			
 
				 }
			
 
				 
			
@@ -205,7 +206,7 @@ func (r *AppsecRunner) ProcessOutOfBandRules(request *appsec.ParsedRequest) erro
 
				 
			
 
				 func (r *AppsecRunner) handleInBandInterrupt(request *appsec.ParsedRequest) {
			
 
				 	//create the associated event for crowdsec itself
			
 
				-	evt, err := EventFromRequest(request)
			
 
				+	evt, err := EventFromRequest(request, r.Labels)
			
 
				 	if err != nil {
			
 
				 		//let's not interrupt the pipeline for this
			
 
				 		r.logger.Errorf("unable to create event from request : %s", err)
			
@@ -253,7 +254,7 @@ func (r *AppsecRunner) handleInBandInterrupt(request *appsec.ParsedRequest) {
 
				 }
			
 
				 
			
 
				 func (r *AppsecRunner) handleOutBandInterrupt(request *appsec.ParsedRequest) {
			
 
				-	evt, err := EventFromRequest(request)
			
 
				+	evt, err := EventFromRequest(request, r.Labels)
			
 
				 	if err != nil {
			
 
				 		//let's not interrupt the pipeline for this
			
 
				 		r.logger.Errorf("unable to create event from request : %s", err)
			
--- a/pkg/acquisition/modules/appsec/utils.go
+++ b/pkg/acquisition/modules/appsec/utils.go
@@ -68,7 +68,7 @@ func AppsecEventGeneration(inEvt types.Event) (*types.Event, error) {
 
				 	return &evt, nil
			
 
				 }
			
 
				 
			
 
				-func EventFromRequest(r *appsec.ParsedRequest) (types.Event, error) {
			
 
				+func EventFromRequest(r *appsec.ParsedRequest, labels map[string]string) (types.Event, error) {
			
 
				 	evt := types.Event{}
			
 
				 	//we might want to change this based on in-band vs out-of-band ?
			
 
				 	evt.Type = types.LOG
			
@@ -91,7 +91,7 @@ func EventFromRequest(r *appsec.ParsedRequest) (types.Event, error) {
 
				 	evt.Line = types.Line{
			
 
				 		Time: time.Now(),
			
 
				 		//should we add some info like listen addr/port/path ?
			
 
				-		Labels:  map[string]string{"type": "crowdsec-appsec"}, //FIXME: use the labels from the acquis
			
 
				+		Labels:  labels,
			
 
				 		Process: true,
			
 
				 		Module:  "appsec",
			
 
				 		Src:     "appsec",