1 year ago · e5906e6eea
--- a/pkg/acquisition/modules/waap/utils.go
+++ b/pkg/acquisition/modules/waap/utils.go
@@ -11,6 +11,7 @@ import (
 
				 	"github.com/crowdsecurity/crowdsec/pkg/types"
			
 
				 	"github.com/crowdsecurity/crowdsec/pkg/waf"
			
 
				 	"github.com/crowdsecurity/go-cs-lib/ptr"
			
 
				+	"github.com/davecgh/go-spew/spew"
			
 
				 	"github.com/prometheus/client_golang/prometheus"
			
 
				 	log "github.com/sirupsen/logrus"
			
 
				 )
			
@@ -196,6 +197,21 @@ func (r *WaapRunner) AccumulateTxToEvent(evt *types.Event, req waf.ParsedRequest
 
				 		}
			
 
				 		WafRuleHits.With(prometheus.Labels{"rule_id": fmt.Sprintf("%d", rule.Rule().ID()), "type": kind}).Inc()
			
 
				 
			
 
				+		spew.Dump(waf.WaapRulesDetails)
			
 
				+
			
 
				+		name := "NOT_SET"
			
 
				+		version := "NOT_SET"
			
 
				+		hash := "NOT_SET"
			
 
				+
			
 
				+		if details, ok := waf.WaapRulesDetails[rule.Rule().ID()]; ok {
			
 
				+			//Only set them for custom rules, not for rules written in seclang
			
 
				+			name = details.Name
			
 
				+			version = details.Version
			
 
				+			hash = details.Hash
			
 
				+
			
 
				+			r.logger.Debugf("custom rule for event, setting name: %s, version: %s, hash: %s", name, version, hash)
			
 
				+		}
			
 
				+
			
 
				 		corazaRule := map[string]interface{}{
			
 
				 			"id":         rule.Rule().ID(),
			
 
				 			"uri":        evt.Parsed["uri"],
			
@@ -210,9 +226,9 @@ func (r *WaapRunner) AccumulateTxToEvent(evt *types.Event, req waf.ParsedRequest
 
				 			"accuracy":   rule.Rule().Accuracy(),
			
 
				 			"msg":        rule.Message(),
			
 
				 			"severity":   rule.Rule().Severity().String(),
			
 
				-			"name":       "FIXFIXFIXFIXFIX",
			
 
				-			"hash":       "FIXIFIX",
			
 
				-			"version":    "FIXFIXFIX",
			
 
				+			"name":       name,
			
 
				+			"hash":       hash,
			
 
				+			"version":    version,
			
 
				 		}
			
 
				 		evt.Waap.MatchedRules = append(evt.Waap.MatchedRules, corazaRule)
			
 
				 	}
			
--- a/pkg/acquisition/modules/waap/waap_runner.go
+++ b/pkg/acquisition/modules/waap/waap_runner.go
@@ -92,6 +92,13 @@ func (r *WaapRunner) processRequest(tx experimental.FullTransaction, request *wa
 
				 	}()
			
 
				 
			
 
				 	request.Tx.ProcessConnection(request.RemoteAddr, 0, "", 0)
			
 
				+
			
 
				+	for k, v := range request.Args {
			
 
				+		for _, vv := range v {
			
 
				+			request.Tx.AddGetRequestArgument(k, vv)
			
 
				+		}
			
 
				+	}
			
 
				+
			
 
				 	request.Tx.ProcessURI(request.URI, request.Method, request.Proto) //TODO: The doc mentions that GET args needs to be added, but we never call AddArguments ?
			
 
				 
			
 
				 	for k, vr := range request.Headers {
			
--- a/pkg/waf/waap_rules_collection.go
+++ b/pkg/waf/waap_rules_collection.go
@@ -31,9 +31,23 @@ type WaapCollectionConfig struct {
 
				 	SecLangFilesRules []string               `yaml:"seclang_files_rules"`
			
 
				 	SecLangRules      []string               `yaml:"seclang_rules"`
			
 
				 	Rules             []waap_rule.CustomRule `yaml:"rules"`
			
 
				-	Data              interface{}            `yaml:"data"` //Ignore it
			
 
				+
			
 
				+	Data    interface{} `yaml:"data"` //Ignore it
			
 
				+	hash    string      `yaml:"-"`
			
 
				+	version string      `yaml:"-"`
			
 
				+}
			
 
				+
			
 
				+type RulesDetails struct {
			
 
				+	LogLevel log.Level
			
 
				+	Hash     string
			
 
				+	Version  string
			
 
				+	Name     string
			
 
				 }
			
 
				 
			
 
				+// Should it be a global ?
			
 
				+// Is using the id is a good idea ? might be too specific to coraza and not easily reusable
			
 
				+var WaapRulesDetails = make(map[int]RulesDetails)
			
 
				+
			
 
				 func LoadCollection(collection string) (WaapCollection, error) {
			
 
				 
			
 
				 	//FIXME: do it once globally
			
@@ -70,6 +84,10 @@ func LoadCollection(collection string) (WaapCollection, error) {
 
				 			log.Warnf("unexpected type %s instead of %s for file %s", rule.Type, WAAP_RULE, hubWafRuleItem.LocalPath)
			
 
				 			continue
			
 
				 		}
			
 
				+
			
 
				+		rule.hash = hubWafRuleItem.LocalHash
			
 
				+		rule.version = hubWafRuleItem.Version
			
 
				+
			
 
				 		log.Infof("Adding %s to waap rules", rule.Name)
			
 
				 		// if rule.Debug {
			
 
				 		// 	log.Infof("Enabling debug for collection %s", rule.Name)
			
@@ -122,13 +140,24 @@ func LoadCollection(collection string) (WaapCollection, error) {
 
				 
			
 
				 	if loadedRule.Rules != nil {
			
 
				 		for _, rule := range loadedRule.Rules {
			
 
				-			strRule, err := rule.Convert(waap_rule.ModsecurityRuleType, loadedRule.Name)
			
 
				+			strRule, ruleId, err := rule.Convert(waap_rule.ModsecurityRuleType, loadedRule.Name)
			
 
				 			if err != nil {
			
 
				 				log.Errorf("unable to convert rule %s : %s", rule.Name, err)
			
 
				 				return WaapCollection{}, err
			
 
				 			}
			
 
				 			log.Infof("Adding rule %s", strRule)
			
 
				 			waapCol.Rules = append(waapCol.Rules, strRule)
			
 
				+
			
 
				+			if _, ok := WaapRulesDetails[int(ruleId)]; !ok {
			
 
				+				WaapRulesDetails[int(ruleId)] = RulesDetails{
			
 
				+					LogLevel: log.InfoLevel,
			
 
				+					Hash:     loadedRule.hash,
			
 
				+					Version:  loadedRule.version,
			
 
				+					Name:     loadedRule.Name,
			
 
				+				}
			
 
				+			} else {
			
 
				+				log.Warnf("conflicting id %d for rule %s !", ruleId, rule.Name)
			
 
				+			}
			
 
				 		}
			
 
				 	}