add loggers
This commit is contained in:
alteredCoder
parent
8ba692b115
commit
7d8c931d00
2 changed files with 50 additions and 32 deletions
|
|
@ -55,11 +55,11 @@ func LogWaapEvent(evt *types.Event) {
|
||||||
log.Infof("%s", evt.Waap)
|
log.Infof("%s", evt.Waap)
|
||||||
}
|
}
|
||||||
|
|
||||||
func AccumulateTxToEvent(tx experimental.FullTransaction, kind string, evt *types.Event) error {
|
func (r *WafRunner) AccumulateTxToEvent(tx experimental.FullTransaction, kind string, evt *types.Event) error {
|
||||||
log.Infof("TX %v", &tx)
|
r.logger.Infof("TX %v", &tx)
|
||||||
if tx.IsInterrupted() {
|
if tx.IsInterrupted() {
|
||||||
log.Infof("interrupted() = %t", tx.IsInterrupted())
|
r.logger.Infof("interrupted() = %t", tx.IsInterrupted())
|
||||||
log.Infof("interrupted.action = %s", tx.Interruption().Action)
|
r.logger.Infof("interrupted.action = %s", tx.Interruption().Action)
|
||||||
if evt.Meta == nil {
|
if evt.Meta == nil {
|
||||||
evt.Meta = map[string]string{}
|
evt.Meta = map[string]string{}
|
||||||
}
|
}
|
||||||
|
|
@ -69,7 +69,7 @@ func AccumulateTxToEvent(tx experimental.FullTransaction, kind string, evt *type
|
||||||
evt.Meta["waap_interrupted"] = "1"
|
evt.Meta["waap_interrupted"] = "1"
|
||||||
evt.Meta["waap_action"] = tx.Interruption().Action
|
evt.Meta["waap_action"] = tx.Interruption().Action
|
||||||
}
|
}
|
||||||
//log.Infof("TX %s", spew.Sdump(tx.MatchedRules()))
|
//r.logger.Infof("TX %s", spew.Sdump(tx.MatchedRules()))
|
||||||
for _, rule := range tx.MatchedRules() {
|
for _, rule := range tx.MatchedRules() {
|
||||||
if rule.Message() == "" {
|
if rule.Message() == "" {
|
||||||
continue
|
continue
|
||||||
|
|
|
||||||
|
|
@ -17,7 +17,6 @@ import (
|
||||||
"github.com/crowdsecurity/crowdsec/pkg/types"
|
"github.com/crowdsecurity/crowdsec/pkg/types"
|
||||||
"github.com/crowdsecurity/crowdsec/pkg/waf"
|
"github.com/crowdsecurity/crowdsec/pkg/waf"
|
||||||
"github.com/crowdsecurity/go-cs-lib/pkg/trace"
|
"github.com/crowdsecurity/go-cs-lib/pkg/trace"
|
||||||
"github.com/davecgh/go-spew/spew"
|
|
||||||
"github.com/google/uuid"
|
"github.com/google/uuid"
|
||||||
"github.com/pkg/errors"
|
"github.com/pkg/errors"
|
||||||
"github.com/prometheus/client_golang/prometheus"
|
"github.com/prometheus/client_golang/prometheus"
|
||||||
|
|
@ -38,6 +37,7 @@ type WafRunner struct {
|
||||||
outOfBandWaf coraza.WAF
|
outOfBandWaf coraza.WAF
|
||||||
UUID string
|
UUID string
|
||||||
RulesCollections []*waf.WafRulesCollection
|
RulesCollections []*waf.WafRulesCollection
|
||||||
|
logger *log.Entry
|
||||||
}
|
}
|
||||||
|
|
||||||
type WafSourceConfig struct {
|
type WafSourceConfig struct {
|
||||||
|
|
@ -45,6 +45,7 @@ type WafSourceConfig struct {
|
||||||
ListenPort int `yaml:"listen_port"`
|
ListenPort int `yaml:"listen_port"`
|
||||||
Path string `yaml:"path"`
|
Path string `yaml:"path"`
|
||||||
WafRoutines int `yaml:"waf_routines"`
|
WafRoutines int `yaml:"waf_routines"`
|
||||||
|
Debug bool `yaml:"debug"`
|
||||||
configuration.DataSourceCommonCfg `yaml:",inline"`
|
configuration.DataSourceCommonCfg `yaml:",inline"`
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -230,13 +231,30 @@ func (w *WafSource) Configure(yamlConfig []byte, logger *log.Entry) error {
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return errors.Wrap(err, "Cannot create WAF")
|
return errors.Wrap(err, "Cannot create WAF")
|
||||||
}
|
}
|
||||||
|
wafUUID := uuid.New().String()
|
||||||
|
wafLogger := &log.Entry{}
|
||||||
|
if w.config.Debug {
|
||||||
|
var clog = log.New()
|
||||||
|
if err := types.ConfigureLogger(clog); err != nil {
|
||||||
|
log.Fatalf("While creating bucket-specific logger : %s", err)
|
||||||
|
}
|
||||||
|
clog.SetLevel(log.DebugLevel)
|
||||||
|
wafLogger = clog.WithFields(log.Fields{
|
||||||
|
"uuid": wafUUID,
|
||||||
|
})
|
||||||
|
} else {
|
||||||
|
wafLogger = log.WithFields(log.Fields{
|
||||||
|
"uuid": wafUUID,
|
||||||
|
})
|
||||||
|
}
|
||||||
|
|
||||||
runner := WafRunner{
|
runner := WafRunner{
|
||||||
outOfBandWaf: outofbandwaf,
|
outOfBandWaf: outofbandwaf,
|
||||||
inBandWaf: inbandwaf,
|
inBandWaf: inbandwaf,
|
||||||
inChan: w.InChan,
|
inChan: w.InChan,
|
||||||
UUID: uuid.New().String(),
|
UUID: wafUUID,
|
||||||
RulesCollections: rulesCollections,
|
RulesCollections: rulesCollections,
|
||||||
|
logger: wafLogger,
|
||||||
}
|
}
|
||||||
w.WafRunners[nbRoutine] = runner
|
w.WafRunners[nbRoutine] = runner
|
||||||
}
|
}
|
||||||
|
|
@ -310,10 +328,10 @@ func (w *WafSource) Dump() interface{} {
|
||||||
return w
|
return w
|
||||||
}
|
}
|
||||||
|
|
||||||
func processReqWithEngine(tx experimental.FullTransaction, r waf.ParsedRequest, wafType string) (*corazatypes.Interruption, experimental.FullTransaction, error) {
|
func (r *WafRunner) processReqWithEngine(tx experimental.FullTransaction, parsedRequest waf.ParsedRequest, wafType string) (*corazatypes.Interruption, experimental.FullTransaction, error) {
|
||||||
var in *corazatypes.Interruption
|
var in *corazatypes.Interruption
|
||||||
if tx.IsRuleEngineOff() {
|
if tx.IsRuleEngineOff() {
|
||||||
log.Printf("engine is off")
|
r.logger.Printf("engine is off")
|
||||||
return nil, nil, nil
|
return nil, nil, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -329,25 +347,25 @@ func processReqWithEngine(tx experimental.FullTransaction, r waf.ParsedRequest,
|
||||||
//txx := experimental.ToFullInterface(tx)
|
//txx := experimental.ToFullInterface(tx)
|
||||||
//txx = tx.(experimental.FullTransaction)
|
//txx = tx.(experimental.FullTransaction)
|
||||||
//txx.RemoveRuleByID(1)
|
//txx.RemoveRuleByID(1)
|
||||||
tx.ProcessConnection(r.ClientIP, 0, "", 0)
|
tx.ProcessConnection(parsedRequest.ClientIP, 0, "", 0)
|
||||||
|
|
||||||
//tx.ProcessURI(r.URL.String(), r.Method, r.Proto) //FIXME: get it from the headers
|
//tx.ProcessURI(parsedRequest.URL.String(), parsedRequest.Method, parsedRequest.Proto) //FIXME: get it from the headers
|
||||||
tx.ProcessURI(r.URI, r.Method, r.Proto) //FIXME: get it from the headers
|
tx.ProcessURI(parsedRequest.URI, parsedRequest.Method, parsedRequest.Proto) //FIXME: get it from the headers
|
||||||
|
|
||||||
for k, vr := range r.Headers {
|
for k, vr := range parsedRequest.Headers {
|
||||||
for _, v := range vr {
|
for _, v := range vr {
|
||||||
tx.AddRequestHeader(k, v)
|
tx.AddRequestHeader(k, v)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
if r.ClientHost != "" {
|
if parsedRequest.ClientHost != "" {
|
||||||
tx.AddRequestHeader("Host", r.ClientHost)
|
tx.AddRequestHeader("Host", parsedRequest.ClientHost)
|
||||||
// This connector relies on the host header (now host field) to populate ServerName
|
// This connector relies on the host header (now host field) to populate ServerName
|
||||||
tx.SetServerName(r.ClientHost)
|
tx.SetServerName(parsedRequest.ClientHost)
|
||||||
}
|
}
|
||||||
|
|
||||||
if r.TransferEncoding != nil {
|
if parsedRequest.TransferEncoding != nil {
|
||||||
tx.AddRequestHeader("Transfer-Encoding", r.TransferEncoding[0])
|
tx.AddRequestHeader("Transfer-Encoding", parsedRequest.TransferEncoding[0])
|
||||||
}
|
}
|
||||||
|
|
||||||
in = tx.ProcessRequestHeaders()
|
in = tx.ProcessRequestHeaders()
|
||||||
|
|
@ -356,7 +374,7 @@ func processReqWithEngine(tx experimental.FullTransaction, r waf.ParsedRequest,
|
||||||
//spew.Dump(tx.MatchedRules())
|
//spew.Dump(tx.MatchedRules())
|
||||||
|
|
||||||
for _, rule := range tx.MatchedRules() {
|
for _, rule := range tx.MatchedRules() {
|
||||||
log.Infof("Rule %d disruptive: %t", rule.Rule().ID(), rule.Disruptive())
|
r.logger.Infof("Rule %d disruptive: %t", rule.Rule().ID(), rule.Disruptive())
|
||||||
if rule.Message() == "" {
|
if rule.Message() == "" {
|
||||||
continue
|
continue
|
||||||
}
|
}
|
||||||
|
|
@ -367,9 +385,9 @@ func processReqWithEngine(tx experimental.FullTransaction, r waf.ParsedRequest,
|
||||||
return in, tx, nil
|
return in, tx, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
ct := r.Headers.Get("content-type")
|
ct := parsedRequest.Headers.Get("content-type")
|
||||||
if r.Body != nil && len(r.Body) != 0 {
|
if parsedRequest.Body != nil && len(parsedRequest.Body) != 0 {
|
||||||
it, _, err := tx.WriteRequestBody(r.Body)
|
it, _, err := tx.WriteRequestBody(parsedRequest.Body)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, nil, errors.Wrap(err, "Cannot read request body")
|
return nil, nil, errors.Wrap(err, "Cannot read request body")
|
||||||
}
|
}
|
||||||
|
|
@ -405,7 +423,7 @@ func (r *WafRunner) Run(t *tomb.Tomb) error {
|
||||||
for {
|
for {
|
||||||
select {
|
select {
|
||||||
case <-t.Dying():
|
case <-t.Dying():
|
||||||
log.Infof("Waf Runner is dying")
|
r.logger.Infof("Waf Runner is dying")
|
||||||
return nil
|
return nil
|
||||||
case request := <-r.inChan:
|
case request := <-r.inChan:
|
||||||
var evt *types.Event
|
var evt *types.Event
|
||||||
|
|
@ -459,9 +477,9 @@ func (r *WafRunner) Run(t *tomb.Tomb) error {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
in, expTx, err := processReqWithEngine(expTx, request, InBand)
|
in, expTx, err := r.processReqWithEngine(expTx, request, InBand)
|
||||||
request.Tx = expTx
|
request.Tx = expTx
|
||||||
log.Infof("-> %s", spew.Sdump(in))
|
//log.Infof("-> %s", spew.Sdump(in))
|
||||||
|
|
||||||
response := waf.NewResponseRequest(expTx, in, request.UUID, err)
|
response := waf.NewResponseRequest(expTx, in, request.UUID, err)
|
||||||
|
|
||||||
|
|
@ -477,7 +495,7 @@ func (r *WafRunner) Run(t *tomb.Tomb) error {
|
||||||
"req": request,
|
"req": request,
|
||||||
})
|
})
|
||||||
if err != nil {
|
if err != nil {
|
||||||
log.Errorf("unable to run PreEval filter: %s", err)
|
r.logger.Errorf("unable to run PreEval filter: %s", err)
|
||||||
continue
|
continue
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -487,7 +505,7 @@ func (r *WafRunner) Run(t *tomb.Tomb) error {
|
||||||
continue
|
continue
|
||||||
}
|
}
|
||||||
default:
|
default:
|
||||||
log.Errorf("Filter must return a boolean, can't filter")
|
r.logger.Errorf("Filter must return a boolean, can't filter")
|
||||||
continue
|
continue
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
@ -502,7 +520,7 @@ func (r *WafRunner) Run(t *tomb.Tomb) error {
|
||||||
"CancelEvent": response.CancelEvent,
|
"CancelEvent": response.CancelEvent,
|
||||||
})
|
})
|
||||||
if err != nil {
|
if err != nil {
|
||||||
log.Errorf("unable to apply filter: %s", err)
|
r.logger.Errorf("unable to apply filter: %s", err)
|
||||||
continue
|
continue
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
@ -519,7 +537,7 @@ func (r *WafRunner) Run(t *tomb.Tomb) error {
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return fmt.Errorf("cannot create event from waap context : %w", err)
|
return fmt.Errorf("cannot create event from waap context : %w", err)
|
||||||
}
|
}
|
||||||
err = AccumulateTxToEvent(expTx, InBand, evt)
|
err = r.AccumulateTxToEvent(expTx, InBand, evt)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return fmt.Errorf("cannot convert transaction to event : %w", err)
|
return fmt.Errorf("cannot convert transaction to event : %w", err)
|
||||||
}
|
}
|
||||||
|
|
@ -531,9 +549,9 @@ func (r *WafRunner) Run(t *tomb.Tomb) error {
|
||||||
// Process outBand
|
// Process outBand
|
||||||
outBandTx := r.outOfBandWaf.NewTransactionWithID(request.UUID)
|
outBandTx := r.outOfBandWaf.NewTransactionWithID(request.UUID)
|
||||||
expTx = outBandTx.(experimental.FullTransaction)
|
expTx = outBandTx.(experimental.FullTransaction)
|
||||||
in, expTx, err = processReqWithEngine(expTx, request, OutOfBand)
|
in, expTx, err = r.processReqWithEngine(expTx, request, OutOfBand)
|
||||||
if err != nil { //things went south
|
if err != nil { //things went south
|
||||||
log.Errorf("Error while processing request : %s", err)
|
r.logger.Errorf("Error while processing request : %s", err)
|
||||||
continue
|
continue
|
||||||
}
|
}
|
||||||
request.Tx = expTx
|
request.Tx = expTx
|
||||||
|
|
@ -546,7 +564,7 @@ func (r *WafRunner) Run(t *tomb.Tomb) error {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
err = AccumulateTxToEvent(expTx, InBand, evt)
|
err = r.AccumulateTxToEvent(expTx, InBand, evt)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return fmt.Errorf("cannot convert transaction to event : %w", err)
|
return fmt.Errorf("cannot convert transaction to event : %w", err)
|
||||||
}
|
}
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue