add evt to on_match hoks

This commit is contained in:
Sebastien Blot 2023-12-01 14:04:18 +01:00
parent a258cc0b4a
commit 68148e031c
No known key found for this signature in database
GPG key ID: DFC2902F40449F6A
3 changed files with 10 additions and 7 deletions

View file

@ -187,7 +187,7 @@ func (r *WaapRunner) handleInBandInterrupt(request *waf.ParsedRequest) {
r.WaapRuntime.Response.HTTPResponseCode = r.WaapRuntime.Config.BlockedHTTPCode
r.WaapRuntime.Response.Action = r.WaapRuntime.DefaultRemediation
err = r.WaapRuntime.ProcessOnMatchRules(request)
err = r.WaapRuntime.ProcessOnMatchRules(request, evt)
if err != nil {
r.logger.Errorf("unable to process OnMatch rules: %s", err)
return
@ -223,7 +223,7 @@ func (r *WaapRunner) handleOutBandInterrupt(request *waf.ParsedRequest) {
r.logger.Debugf("inband rules matched : %d", in.RuleID)
r.WaapRuntime.Response.OutOfBandInterrupt = true
err = r.WaapRuntime.ProcessOnMatchRules(request)
err = r.WaapRuntime.ProcessOnMatchRules(request, evt)
if err != nil {
r.logger.Errorf("unable to process OnMatch rules: %s", err)
return

View file

@ -8,6 +8,7 @@ import (
"github.com/antonmedv/expr"
"github.com/antonmedv/expr/vm"
"github.com/crowdsecurity/crowdsec/pkg/cwhub"
"github.com/crowdsecurity/crowdsec/pkg/types"
log "github.com/sirupsen/logrus"
"gopkg.in/yaml.v2"
)
@ -37,7 +38,7 @@ func (h *Hook) Build(hookStage int) error {
case hookPreEval:
ctx = GetPreEvalEnv(&WaapRuntimeConfig{}, &ParsedRequest{})
case hookOnMatch:
ctx = GetOnMatchEnv(&WaapRuntimeConfig{}, &ParsedRequest{})
ctx = GetOnMatchEnv(&WaapRuntimeConfig{}, &ParsedRequest{}, types.Event{})
}
opts := GetExprWAFOptions(ctx)
if h.Filter != "" {
@ -285,11 +286,11 @@ func (w *WaapRuntimeConfig) ProcessOnLoadRules() error {
return nil
}
func (w *WaapRuntimeConfig) ProcessOnMatchRules(request *ParsedRequest) error {
func (w *WaapRuntimeConfig) ProcessOnMatchRules(request *ParsedRequest, evt types.Event) error {
for _, rule := range w.CompiledOnMatch {
if rule.FilterExpr != nil {
output, err := expr.Run(rule.FilterExpr, GetOnMatchEnv(w, request))
output, err := expr.Run(rule.FilterExpr, GetOnMatchEnv(w, request, evt))
if err != nil {
return fmt.Errorf("unable to run waap on_match filter %s : %w", rule.Filter, err)
}
@ -305,7 +306,7 @@ func (w *WaapRuntimeConfig) ProcessOnMatchRules(request *ParsedRequest) error {
}
}
for _, applyExpr := range rule.ApplyExpr {
_, err := expr.Run(applyExpr, GetOnMatchEnv(w, request))
_, err := expr.Run(applyExpr, GetOnMatchEnv(w, request, evt))
if err != nil {
log.Errorf("unable to apply waap on_match expr: %s", err)
continue

View file

@ -3,6 +3,7 @@ package waf
import (
"github.com/antonmedv/expr"
"github.com/crowdsecurity/crowdsec/pkg/exprhelpers"
"github.com/crowdsecurity/crowdsec/pkg/types"
)
var exprFunctionOptions []expr.Option
@ -53,9 +54,10 @@ func GetPreEvalEnv(w *WaapRuntimeConfig, request *ParsedRequest) map[string]inte
}
}
func GetOnMatchEnv(w *WaapRuntimeConfig, request *ParsedRequest) map[string]interface{} {
func GetOnMatchEnv(w *WaapRuntimeConfig, request *ParsedRequest, evt types.Event) map[string]interface{} {
//FIXME: use expr.Function instead of this
return map[string]interface{}{
"evt": evt,
"req": request,
"IsInBand": request.IsInBand,
"IsOutBand": request.IsOutBand,