Merge branch 'coraza_poc_acquis' of github.com:crowdsecurity/crowdsec into coraza_poc_acquis

pkg/acquisition/modules/waap/waap.go

@@ -113,7 +113,7 @@ func (wc *WaapSource) UnmarshalConfig(yamlConfig []byte) error {
 	}
 
 	if wc.config.Path == "" {
-		return fmt.Errorf("path cannot be empty")
+		wc.config.Path = "/"
 	}
 
 	if wc.config.Path[0] != '/' {

pkg/acquisition/modules/waap/waap_runner.go

@@ -187,7 +187,7 @@ func (r *WaapRunner) handleInBandInterrupt(request *waf.ParsedRequest) {
 		r.WaapRuntime.Response.HTTPResponseCode = r.WaapRuntime.Config.BlockedHTTPCode
 		r.WaapRuntime.Response.Action = r.WaapRuntime.DefaultRemediation
 
-		err = r.WaapRuntime.ProcessOnMatchRules(request)
+		err = r.WaapRuntime.ProcessOnMatchRules(request, evt)
 		if err != nil {
 			r.logger.Errorf("unable to process OnMatch rules: %s", err)
 			return
@@ -223,7 +223,7 @@ func (r *WaapRunner) handleOutBandInterrupt(request *waf.ParsedRequest) {
 		r.logger.Debugf("inband rules matched : %d", in.RuleID)
 		r.WaapRuntime.Response.OutOfBandInterrupt = true
 
-		err = r.WaapRuntime.ProcessOnMatchRules(request)
+		err = r.WaapRuntime.ProcessOnMatchRules(request, evt)
 		if err != nil {
 			r.logger.Errorf("unable to process OnMatch rules: %s", err)
 			return

pkg/waf/waap.go

@@ -8,6 +8,7 @@ import (
 	"github.com/antonmedv/expr"
 	"github.com/antonmedv/expr/vm"
 	"github.com/crowdsecurity/crowdsec/pkg/cwhub"
+	"github.com/crowdsecurity/crowdsec/pkg/types"
 	log "github.com/sirupsen/logrus"
 	"gopkg.in/yaml.v2"
 )
@@ -37,7 +38,7 @@ func (h *Hook) Build(hookStage int) error {
 	case hookPreEval:
 		ctx = GetPreEvalEnv(&WaapRuntimeConfig{}, &ParsedRequest{})
 	case hookOnMatch:
-		ctx = GetOnMatchEnv(&WaapRuntimeConfig{}, &ParsedRequest{})
+		ctx = GetOnMatchEnv(&WaapRuntimeConfig{}, &ParsedRequest{}, types.Event{})
 	}
 	opts := GetExprWAFOptions(ctx)
 	if h.Filter != "" {
@@ -120,7 +121,7 @@ func (w *WaapRuntimeConfig) ClearResponse() {
 	log.Debugf("-> %p", w.Config)
 	w.Response.Action = w.Config.DefaultPassAction
 	w.Response.HTTPResponseCode = w.Config.PassedHTTPCode
-	w.Response.SendEvent = false
+	w.Response.SendEvent = true
 	w.Response.SendAlert = true
 }
 
@@ -285,11 +286,11 @@ func (w *WaapRuntimeConfig) ProcessOnLoadRules() error {
 	return nil
 }
 
-func (w *WaapRuntimeConfig) ProcessOnMatchRules(request *ParsedRequest) error {
+func (w *WaapRuntimeConfig) ProcessOnMatchRules(request *ParsedRequest, evt types.Event) error {
 
 	for _, rule := range w.CompiledOnMatch {
 		if rule.FilterExpr != nil {
-			output, err := expr.Run(rule.FilterExpr, GetOnMatchEnv(w, request))
+			output, err := expr.Run(rule.FilterExpr, GetOnMatchEnv(w, request, evt))
 			if err != nil {
 				return fmt.Errorf("unable to run waap on_match filter %s : %w", rule.Filter, err)
 			}
@@ -305,7 +306,7 @@ func (w *WaapRuntimeConfig) ProcessOnMatchRules(request *ParsedRequest) error {
 			}
 		}
 		for _, applyExpr := range rule.ApplyExpr {
-			_, err := expr.Run(applyExpr, GetOnMatchEnv(w, request))
+			_, err := expr.Run(applyExpr, GetOnMatchEnv(w, request, evt))
 			if err != nil {
 				log.Errorf("unable to apply waap on_match expr: %s", err)
 				continue

pkg/waf/waf_helpers.go

@@ -3,6 +3,7 @@ package waf
 import (
 	"github.com/antonmedv/expr"
 	"github.com/crowdsecurity/crowdsec/pkg/exprhelpers"
+	"github.com/crowdsecurity/crowdsec/pkg/types"
 )
 
 var exprFunctionOptions []expr.Option
@@ -53,9 +54,10 @@ func GetPreEvalEnv(w *WaapRuntimeConfig, request *ParsedRequest) map[string]inte
 	}
 }
 
-func GetOnMatchEnv(w *WaapRuntimeConfig, request *ParsedRequest) map[string]interface{} {
+func GetOnMatchEnv(w *WaapRuntimeConfig, request *ParsedRequest, evt types.Event) map[string]interface{} {
 	//FIXME: use expr.Function instead of this
 	return map[string]interface{}{
+		"evt":            evt,
 		"req":            request,
 		"IsInBand":       request.IsInBand,
 		"IsOutBand":      request.IsOutBand,