up

pkg/acquisition/modules/waap/waap.go

@@ -267,29 +267,7 @@ func (w *WaapSource) waapHandler(rw http.ResponseWriter, r *http.Request) {
 	w.InChan <- parsedRequest
 
 	response := <-parsedRequest.ResponseChannel
-
-	// //@tko this parts needs to be redone
-	// if message.Err != nil {
-	// 	log.Errorf("Error while processing InBAND: %s", err)
-	// 	rw.WriteHeader(http.StatusInternalServerError)
-	// 	return
-	// }
-
-	// //here we must rely on WaapRuntimeConfig to know what to do
-	// if message.Interruption != nil {
-	// 	rw.WriteHeader(http.StatusForbidden)
-	// 	action := message.Interruption.Action
-	// 	if action == "deny" { // bouncers understand "ban" and not "deny"
-	// 		action = "ban"
-	// 	}
-	// 	body, err := json.Marshal(BodyResponse{Action: action})
-	// 	if err != nil {
-	// 		log.Errorf("unable to build response: %s", err)
-	// 	} else {
-	// 		rw.Write(body)
-	// 	}
-	// 	return
-	// }
+	log.Infof("resp %+v", response)
 
 	rw.WriteHeader(response.HTTPResponseCode)
 	body, err := json.Marshal(BodyResponse{Action: response.Action})

pkg/acquisition/modules/waap/waap_runner.go

@@ -43,6 +43,7 @@ func (r *WaapRunner) Run(t *tomb.Tomb) error {
 				r.logger.Errorf("unable to process PreEval rules: %s", err)
 				continue
 			}
+			log.Infof("now response is -> %s", r.WaapRuntime.Response.Action)
 			//inband WAAP rules
 			err = r.WaapRuntime.ProcessInBandRules(request)
 			elapsed := time.Since(startParsing)

pkg/waf/env.go

@@ -26,7 +26,7 @@ func (t *ExtendedTransaction) RemoveRuleByIDWithError(id int) error {
 }
 
 // simply used to ease the compilation & runtime of the hooks
-func GetHookEnv(w WaapRuntimeConfig, request ParsedRequest) map[string]interface{} {
+func GetHookEnv(w *WaapRuntimeConfig, request ParsedRequest) map[string]interface{} {
 	return map[string]interface{}{
 		"inband_rules":          w.InBandRules,
 		"outband_rules":         w.OutOfBandRules,

pkg/waf/waap.go

@@ -32,7 +32,7 @@ func (h *Hook) Build() error {
 		h.FilterExpr = program
 	}
 	for _, apply := range h.Apply {
-		program, err := expr.Compile(apply, GetExprWAFOptions(GetHookEnv(WaapRuntimeConfig{}, ParsedRequest{}))...)
+		program, err := expr.Compile(apply, GetExprWAFOptions(GetHookEnv(&WaapRuntimeConfig{}, ParsedRequest{}))...)
 		if err != nil {
 			return fmt.Errorf("unable to compile apply %s : %w", apply, err)
 		}
@@ -220,7 +220,7 @@ func (w *WaapRuntimeConfig) ProcessOnMatchRules(request ParsedRequest) error {
 func (w *WaapRuntimeConfig) ProcessPreEvalRules(request ParsedRequest) error {
 	for _, rule := range w.CompiledPreEval {
 		if rule.FilterExpr != nil {
-			output, err := expr.Run(rule.FilterExpr, GetHookEnv(*w, request))
+			output, err := expr.Run(rule.FilterExpr, GetHookEnv(w, request))
 			if err != nil {
 				return fmt.Errorf("unable to run filter %s : %w", rule.Filter, err)
 			}
@@ -237,7 +237,7 @@ func (w *WaapRuntimeConfig) ProcessPreEvalRules(request ParsedRequest) error {
 		}
 		// here means there is no filter or the filter matched
 		for _, applyExpr := range rule.ApplyExpr {
-			_, err := expr.Run(applyExpr, GetHookEnv(*w, request))
+			_, err := expr.Run(applyExpr, GetHookEnv(w, request))
 			if err != nil {
 				log.Errorf("unable to apply filter: %s", err)
 				continue
@@ -275,7 +275,24 @@ func (w *WaapRuntimeConfig) RemoveOutbandRuleByID(id int) error {
 }
 
 func (w *WaapRuntimeConfig) SetAction(action string) error {
+	log.Infof("setting to %s", action)
+	switch action {
+	case "allow":
 		w.Response.Action = action
+		w.Response.HTTPResponseCode = w.Config.PassedHTTPCode
+		//how should we handle this ?
+	case "deny", "ban", "block":
+		w.Response.Action = "ban"
+		w.Response.HTTPResponseCode = w.Config.BlockedHTTPCode
+	case "log":
+		w.Response.Action = action
+		w.Response.HTTPResponseCode = w.Config.PassedHTTPCode
+	case "captcha":
+		w.Response.Action = action
+		w.Response.HTTPResponseCode = w.Config.BlockedHTTPCode
+	default:
+		return fmt.Errorf("unknown action %s", action)
+	}
 	return nil
 
 }