We use cookies to ensure you get the best experience on our website
首頁 探索 說明
註冊 登入
0ct0pu5
/
crowdsec
1
0
複刻 0
檔案 問題管理 0 合併請求 0 Wiki
瀏覽代碼

propagate labels from acquis to appsec events

Sebastien Blot 1 年之前
父節點
5503b2374a
當前提交
25635a306f
共有 2 個文件被更改,包括 5 次插入4 次删除
統一視圖 顯示文件統計
  1. 3 2
      pkg/acquisition/modules/appsec/appsec_runner.go
  2. 2 2
      pkg/acquisition/modules/appsec/utils.go

+ 3 - 2
pkg/acquisition/modules/appsec/appsec_runner.go
查看文件 

@@ -23,6 +23,7 @@ type AppsecRunner struct {
 
 	AppsecRuntime       *appsec.AppsecRuntimeConfig //this holds the actual appsec runtime config, rules, remediations, hooks etc.
 
 	AppsecRuntime       *appsec.AppsecRuntimeConfig //this holds the actual appsec runtime config, rules, remediations, hooks etc.
 
 	AppsecInbandEngine  coraza.WAF
 
 	AppsecInbandEngine  coraza.WAF
 
 	AppsecOutbandEngine coraza.WAF
 
 	AppsecOutbandEngine coraza.WAF
 
+	Labels              map[string]string
 
 	logger              *log.Entry
 
 	logger              *log.Entry
 
 }
 
 }
 
 
 
@@ -205,7 +206,7 @@ func (r *AppsecRunner) ProcessOutOfBandRules(request *appsec.ParsedRequest) erro
 
 
 
 func (r *AppsecRunner) handleInBandInterrupt(request *appsec.ParsedRequest) {
 
 func (r *AppsecRunner) handleInBandInterrupt(request *appsec.ParsedRequest) {
 
 	//create the associated event for crowdsec itself
 
 	//create the associated event for crowdsec itself
 
-	evt, err := EventFromRequest(request)
 
+	evt, err := EventFromRequest(request, r.Labels)
 
 	if err != nil {
 
 	if err != nil {
 
 		//let's not interrupt the pipeline for this
 
 		//let's not interrupt the pipeline for this
 
 		r.logger.Errorf("unable to create event from request : %s", err)
 
 		r.logger.Errorf("unable to create event from request : %s", err)
 
@@ -253,7 +254,7 @@ func (r *AppsecRunner) handleInBandInterrupt(request *appsec.ParsedRequest) {
 
 }
 
 }
 
 
 
 func (r *AppsecRunner) handleOutBandInterrupt(request *appsec.ParsedRequest) {
 
 func (r *AppsecRunner) handleOutBandInterrupt(request *appsec.ParsedRequest) {
 
-	evt, err := EventFromRequest(request)
 
+	evt, err := EventFromRequest(request, r.Labels)
 
 	if err != nil {
 
 	if err != nil {
 
 		//let's not interrupt the pipeline for this
 
 		//let's not interrupt the pipeline for this
 
 		r.logger.Errorf("unable to create event from request : %s", err)
 
 		r.logger.Errorf("unable to create event from request : %s", err)

+ 2 - 2
pkg/acquisition/modules/appsec/utils.go
查看文件 

@@ -68,7 +68,7 @@ func AppsecEventGeneration(inEvt types.Event) (*types.Event, error) {
 
 	return &evt, nil
 
 	return &evt, nil
 
 }
 
 }
 
 
 
-func EventFromRequest(r *appsec.ParsedRequest) (types.Event, error) {
 
+func EventFromRequest(r *appsec.ParsedRequest, labels map[string]string) (types.Event, error) {
 
 	evt := types.Event{}
 
 	evt := types.Event{}
 
 	//we might want to change this based on in-band vs out-of-band ?
 
 	//we might want to change this based on in-band vs out-of-band ?
 
 	evt.Type = types.LOG
 
 	evt.Type = types.LOG
 
@@ -91,7 +91,7 @@ func EventFromRequest(r *appsec.ParsedRequest) (types.Event, error) {
 
 	evt.Line = types.Line{
 
 	evt.Line = types.Line{
 
 		Time: time.Now(),
 
 		Time: time.Now(),
 
 		//should we add some info like listen addr/port/path ?
 
 		//should we add some info like listen addr/port/path ?
 
-		Labels:  map[string]string{"type": "crowdsec-appsec"}, //FIXME: use the labels from the acquis
 
+		Labels:  labels,
 
 		Process: true,
 
 		Process: true,
 
 		Module:  "appsec",
 
 		Module:  "appsec",
 
 		Src:     "appsec",
 
 		Src:     "appsec",

Contact | Legal | Takedown | Status
Self-hosted public services - About
NibbleSpot by 0ct0pu5