1 年之前 · e4e2bb5504
--- a/pkg/acquisition/modules/waf/utils.go
+++ b/pkg/acquisition/modules/waf/utils.go
@@ -2,7 +2,6 @@ package wafacquisition
 
				 
			
 
				 import (
			
 
				 	"fmt"
			
 
				-	"regexp"
			
 
				 	"time"
			
 
				 
			
 
				 	"github.com/crowdsecurity/coraza/v3/collection"
			
@@ -104,16 +103,12 @@ func (r *WafRunner) AccumulateTxToEvent(tx experimental.FullTransaction, kind st
 
				 				continue
			
 
				 			}
			
 
				 			for _, collectionToKeep := range r.VariablesTracking {
			
 
				-				match, err := regexp.MatchString("(?i)"+collectionToKeep, key)
			
 
				-				if err != nil {
			
 
				-					r.logger.Warningf("error matching %s with %s: %s", key, collectionToKeep, err)
			
 
				-					continue
			
 
				-				}
			
 
				+				match := collectionToKeep.MatchString(key)
			
 
				 				if match {
			
 
				 					evt.Waap.Vars[key] = variable.Value()
			
 
				 					r.logger.Infof("%s.%s = %s", variable.Variable().Name(), variable.Key(), variable.Value())
			
 
				 				} else {
			
 
				-					r.logger.Infof("%s.%s != %s (%s) (not kept)", variable.Variable().Name(), variable.Key(), collectionToKeep, variable.Value())
			
 
				+					r.logger.Debugf("%s.%s != %s (%s) (not kept)", variable.Variable().Name(), variable.Key(), collectionToKeep, variable.Value())
			
 
				 				}
			
 
				 			}
			
 
				 		}
			
--- a/pkg/acquisition/modules/waf/waf.go
+++ b/pkg/acquisition/modules/waf/waf.go
@@ -6,6 +6,7 @@ import (
 
				 	"fmt"
			
 
				 	"net/http"
			
 
				 	"os"
			
 
				+	"regexp"
			
 
				 	"strings"
			
 
				 	"time"
			
 
				 
			
@@ -38,7 +39,7 @@ type WafRunner struct {
 
				 	UUID              string
			
 
				 	RulesCollections  []*waf.WafRulesCollection
			
 
				 	logger            *log.Entry
			
 
				-	VariablesTracking []string
			
 
				+	VariablesTracking []*regexp.Regexp
			
 
				 }
			
 
				 
			
 
				 type WafSourceConfig struct {
			
@@ -251,6 +252,16 @@ func (w *WafSource) Configure(yamlConfig []byte, logger *log.Entry) error {
 
				 			})
			
 
				 		}
			
 
				 
			
 
				+		var compiledVariableRules []*regexp.Regexp
			
 
				+
			
 
				+		for _, variable := range w.config.VariablesTracking {
			
 
				+			compiledVariableRule, err := regexp.Compile(variable)
			
 
				+			if err != nil {
			
 
				+				return fmt.Errorf("cannot compile variable regexp %s: %w", variable, err)
			
 
				+			}
			
 
				+			compiledVariableRules = append(compiledVariableRules, compiledVariableRule)
			
 
				+		}
			
 
				+
			
 
				 		runner := WafRunner{
			
 
				 			outOfBandWaf:      outofbandwaf,
			
 
				 			inBandWaf:         inbandwaf,
			
@@ -258,7 +269,7 @@ func (w *WafSource) Configure(yamlConfig []byte, logger *log.Entry) error {
 
				 			UUID:              wafUUID,
			
 
				 			RulesCollections:  rulesCollections,
			
 
				 			logger:            wafLogger,
			
 
				-			VariablesTracking: w.config.VariablesTracking,
			
 
				+			VariablesTracking: compiledVariableRules,
			
 
				 		}
			
 
				 		w.WafRunners[nbRoutine] = runner
			
 
				 	}