add evt to on_match hoks
This commit is contained in:
parent
a258cc0b4a
commit
68148e031c
3 changed files with 10 additions and 7 deletions
|
@ -187,7 +187,7 @@ func (r *WaapRunner) handleInBandInterrupt(request *waf.ParsedRequest) {
|
|||
r.WaapRuntime.Response.HTTPResponseCode = r.WaapRuntime.Config.BlockedHTTPCode
|
||||
r.WaapRuntime.Response.Action = r.WaapRuntime.DefaultRemediation
|
||||
|
||||
err = r.WaapRuntime.ProcessOnMatchRules(request)
|
||||
err = r.WaapRuntime.ProcessOnMatchRules(request, evt)
|
||||
if err != nil {
|
||||
r.logger.Errorf("unable to process OnMatch rules: %s", err)
|
||||
return
|
||||
|
@ -223,7 +223,7 @@ func (r *WaapRunner) handleOutBandInterrupt(request *waf.ParsedRequest) {
|
|||
r.logger.Debugf("inband rules matched : %d", in.RuleID)
|
||||
r.WaapRuntime.Response.OutOfBandInterrupt = true
|
||||
|
||||
err = r.WaapRuntime.ProcessOnMatchRules(request)
|
||||
err = r.WaapRuntime.ProcessOnMatchRules(request, evt)
|
||||
if err != nil {
|
||||
r.logger.Errorf("unable to process OnMatch rules: %s", err)
|
||||
return
|
||||
|
|
|
@ -8,6 +8,7 @@ import (
|
|||
"github.com/antonmedv/expr"
|
||||
"github.com/antonmedv/expr/vm"
|
||||
"github.com/crowdsecurity/crowdsec/pkg/cwhub"
|
||||
"github.com/crowdsecurity/crowdsec/pkg/types"
|
||||
log "github.com/sirupsen/logrus"
|
||||
"gopkg.in/yaml.v2"
|
||||
)
|
||||
|
@ -37,7 +38,7 @@ func (h *Hook) Build(hookStage int) error {
|
|||
case hookPreEval:
|
||||
ctx = GetPreEvalEnv(&WaapRuntimeConfig{}, &ParsedRequest{})
|
||||
case hookOnMatch:
|
||||
ctx = GetOnMatchEnv(&WaapRuntimeConfig{}, &ParsedRequest{})
|
||||
ctx = GetOnMatchEnv(&WaapRuntimeConfig{}, &ParsedRequest{}, types.Event{})
|
||||
}
|
||||
opts := GetExprWAFOptions(ctx)
|
||||
if h.Filter != "" {
|
||||
|
@ -285,11 +286,11 @@ func (w *WaapRuntimeConfig) ProcessOnLoadRules() error {
|
|||
return nil
|
||||
}
|
||||
|
||||
func (w *WaapRuntimeConfig) ProcessOnMatchRules(request *ParsedRequest) error {
|
||||
func (w *WaapRuntimeConfig) ProcessOnMatchRules(request *ParsedRequest, evt types.Event) error {
|
||||
|
||||
for _, rule := range w.CompiledOnMatch {
|
||||
if rule.FilterExpr != nil {
|
||||
output, err := expr.Run(rule.FilterExpr, GetOnMatchEnv(w, request))
|
||||
output, err := expr.Run(rule.FilterExpr, GetOnMatchEnv(w, request, evt))
|
||||
if err != nil {
|
||||
return fmt.Errorf("unable to run waap on_match filter %s : %w", rule.Filter, err)
|
||||
}
|
||||
|
@ -305,7 +306,7 @@ func (w *WaapRuntimeConfig) ProcessOnMatchRules(request *ParsedRequest) error {
|
|||
}
|
||||
}
|
||||
for _, applyExpr := range rule.ApplyExpr {
|
||||
_, err := expr.Run(applyExpr, GetOnMatchEnv(w, request))
|
||||
_, err := expr.Run(applyExpr, GetOnMatchEnv(w, request, evt))
|
||||
if err != nil {
|
||||
log.Errorf("unable to apply waap on_match expr: %s", err)
|
||||
continue
|
||||
|
|
|
@ -3,6 +3,7 @@ package waf
|
|||
import (
|
||||
"github.com/antonmedv/expr"
|
||||
"github.com/crowdsecurity/crowdsec/pkg/exprhelpers"
|
||||
"github.com/crowdsecurity/crowdsec/pkg/types"
|
||||
)
|
||||
|
||||
var exprFunctionOptions []expr.Option
|
||||
|
@ -53,9 +54,10 @@ func GetPreEvalEnv(w *WaapRuntimeConfig, request *ParsedRequest) map[string]inte
|
|||
}
|
||||
}
|
||||
|
||||
func GetOnMatchEnv(w *WaapRuntimeConfig, request *ParsedRequest) map[string]interface{} {
|
||||
func GetOnMatchEnv(w *WaapRuntimeConfig, request *ParsedRequest, evt types.Event) map[string]interface{} {
|
||||
//FIXME: use expr.Function instead of this
|
||||
return map[string]interface{}{
|
||||
"evt": evt,
|
||||
"req": request,
|
||||
"IsInBand": request.IsInBand,
|
||||
"IsOutBand": request.IsOutBand,
|
||||
|
|
Loading…
Reference in a new issue