up

pkg/acquisition/modules/waap/utils.go

@@ -11,6 +11,7 @@ import (
 	"github.com/crowdsecurity/crowdsec/pkg/types"
 	"github.com/crowdsecurity/crowdsec/pkg/waf"
 	"github.com/crowdsecurity/go-cs-lib/ptr"
+	"github.com/davecgh/go-spew/spew"
 	"github.com/prometheus/client_golang/prometheus"
 	log "github.com/sirupsen/logrus"
 )
@@ -196,6 +197,21 @@ func (r *WaapRunner) AccumulateTxToEvent(evt *types.Event, req waf.ParsedRequest
 		}
 		WafRuleHits.With(prometheus.Labels{"rule_id": fmt.Sprintf("%d", rule.Rule().ID()), "type": kind}).Inc()
 
+		spew.Dump(waf.WaapRulesDetails)
+
+		name := "NOT_SET"
+		version := "NOT_SET"
+		hash := "NOT_SET"
+
+		if details, ok := waf.WaapRulesDetails[rule.Rule().ID()]; ok {
+			//Only set them for custom rules, not for rules written in seclang
+			name = details.Name
+			version = details.Version
+			hash = details.Hash
+
+			r.logger.Debugf("custom rule for event, setting name: %s, version: %s, hash: %s", name, version, hash)
+		}
+
 		corazaRule := map[string]interface{}{
 			"id":         rule.Rule().ID(),
 			"uri":        evt.Parsed["uri"],
@@ -210,9 +226,9 @@ func (r *WaapRunner) AccumulateTxToEvent(evt *types.Event, req waf.ParsedRequest
 			"accuracy":   rule.Rule().Accuracy(),
 			"msg":        rule.Message(),
 			"severity":   rule.Rule().Severity().String(),
-			"name":       "FIXFIXFIXFIXFIX",
-			"hash":       "FIXIFIX",
-			"version":    "FIXFIXFIX",
+			"name":       name,
+			"hash":       hash,
+			"version":    version,
 		}
 		evt.Waap.MatchedRules = append(evt.Waap.MatchedRules, corazaRule)
 	}

pkg/acquisition/modules/waap/waap_runner.go

@@ -92,6 +92,13 @@ func (r *WaapRunner) processRequest(tx experimental.FullTransaction, request *wa
 	}()
 
 	request.Tx.ProcessConnection(request.RemoteAddr, 0, "", 0)
+
+	for k, v := range request.Args {
+		for _, vv := range v {
+			request.Tx.AddGetRequestArgument(k, vv)
+		}
+	}
+
 	request.Tx.ProcessURI(request.URI, request.Method, request.Proto) //TODO: The doc mentions that GET args needs to be added, but we never call AddArguments ?
 
 	for k, vr := range request.Headers {

pkg/waf/waap_rules_collection.go

@@ -31,9 +31,23 @@ type WaapCollectionConfig struct {
 	SecLangFilesRules []string               `yaml:"seclang_files_rules"`
 	SecLangRules      []string               `yaml:"seclang_rules"`
 	Rules             []waap_rule.CustomRule `yaml:"rules"`
-	Data              interface{}            `yaml:"data"` //Ignore it
+
+	Data    interface{} `yaml:"data"` //Ignore it
+	hash    string      `yaml:"-"`
+	version string      `yaml:"-"`
+}
+
+type RulesDetails struct {
+	LogLevel log.Level
+	Hash     string
+	Version  string
+	Name     string
 }
 
+// Should it be a global ?
+// Is using the id is a good idea ? might be too specific to coraza and not easily reusable
+var WaapRulesDetails = make(map[int]RulesDetails)
+
 func LoadCollection(collection string) (WaapCollection, error) {
 
 	//FIXME: do it once globally
@@ -70,6 +84,10 @@ func LoadCollection(collection string) (WaapCollection, error) {
 			log.Warnf("unexpected type %s instead of %s for file %s", rule.Type, WAAP_RULE, hubWafRuleItem.LocalPath)
 			continue
 		}
+
+		rule.hash = hubWafRuleItem.LocalHash
+		rule.version = hubWafRuleItem.Version
+
 		log.Infof("Adding %s to waap rules", rule.Name)
 		// if rule.Debug {
 		// 	log.Infof("Enabling debug for collection %s", rule.Name)
@@ -122,13 +140,24 @@ func LoadCollection(collection string) (WaapCollection, error) {
 
 	if loadedRule.Rules != nil {
 		for _, rule := range loadedRule.Rules {
-			strRule, err := rule.Convert(waap_rule.ModsecurityRuleType, loadedRule.Name)
+			strRule, ruleId, err := rule.Convert(waap_rule.ModsecurityRuleType, loadedRule.Name)
 			if err != nil {
 				log.Errorf("unable to convert rule %s : %s", rule.Name, err)
 				return WaapCollection{}, err
 			}
 			log.Infof("Adding rule %s", strRule)
 			waapCol.Rules = append(waapCol.Rules, strRule)
+
+			if _, ok := WaapRulesDetails[int(ruleId)]; !ok {
+				WaapRulesDetails[int(ruleId)] = RulesDetails{
+					LogLevel: log.InfoLevel,
+					Hash:     loadedRule.hash,
+					Version:  loadedRule.version,
+					Name:     loadedRule.Name,
+				}
+			} else {
+				log.Warnf("conflicting id %d for rule %s !", ruleId, rule.Name)
+			}
 		}
 	}