up
This commit is contained in:
bui
parent
6a47b9e97d
commit
a8321b5cc5
2 changed files with 8 additions and 8 deletions
|
|
@ -46,13 +46,15 @@ func (r *WaapRunner) Run(t *tomb.Tomb) error {
|
|||
log.Infof("now response is -> %s", r.WaapRuntime.Response.Action)
|
||||
//inband WAAP rules
|
||||
err = r.WaapRuntime.ProcessInBandRules(request)
|
||||
if err != nil {
|
||||
r.logger.Errorf("unable to process InBand rules: %s", err)
|
||||
continue
|
||||
}
|
||||
elapsed := time.Since(startParsing)
|
||||
WafInbandParsingHistogram.With(prometheus.Labels{"source": request.RemoteAddr}).Observe(elapsed.Seconds())
|
||||
|
||||
//generate reponse for the remediation component, based on the WAAP config + inband rules evaluation
|
||||
//@tko : this should move in the WaapRuntimeConfig as it knows what to do with the interruption and the expected remediation
|
||||
//response := waf.NewResponseRequest(r.WaapRuntime.InBandTx.Tx, interrupt, request.UUID, err)
|
||||
|
||||
err = r.WaapRuntime.ProcessOnMatchRules(request)
|
||||
if err != nil {
|
||||
r.logger.Errorf("unable to process OnMatch rules: %s", err)
|
||||
|
|
|
|||
|
|
@ -65,6 +65,7 @@ type WaapRuntimeConfig struct {
|
|||
OutOfBandTx ExtendedTransaction //is it a good idea ?
|
||||
InBandTx ExtendedTransaction //is it a good idea ?
|
||||
Response WaapTempResponse
|
||||
//should we store matched rules here ?
|
||||
}
|
||||
|
||||
type WaapConfig struct {
|
||||
|
|
@ -181,10 +182,7 @@ func (w *WaapRuntimeConfig) ProcessOnMatchRules(request ParsedRequest) error {
|
|||
|
||||
for _, rule := range w.CompiledOnMatch {
|
||||
if rule.FilterExpr != nil {
|
||||
output, err := expr.Run(rule.FilterExpr, map[string]interface{}{
|
||||
//"rules": rules, //is it still useful ?
|
||||
"req": request,
|
||||
})
|
||||
output, err := expr.Run(rule.FilterExpr, GetHookEnv(w, request))
|
||||
if err != nil {
|
||||
return fmt.Errorf("unable to run filter %s : %w", rule.Filter, err)
|
||||
}
|
||||
|
|
@ -275,12 +273,12 @@ func (w *WaapRuntimeConfig) RemoveOutbandRuleByID(id int) error {
|
|||
}
|
||||
|
||||
func (w *WaapRuntimeConfig) SetAction(action string) error {
|
||||
log.Infof("setting to %s", action)
|
||||
//log.Infof("setting to %s", action)
|
||||
switch action {
|
||||
case "allow":
|
||||
w.Response.Action = action
|
||||
w.Response.HTTPResponseCode = w.Config.PassedHTTPCode
|
||||
//how should we handle this ?
|
||||
//@tko how should we handle this ? it seems bouncer only understand bans, but it might be misleading ?
|
||||
case "deny", "ban", "block":
|
||||
w.Response.Action = "ban"
|
||||
w.Response.HTTPResponseCode = w.Config.BlockedHTTPCode
|
||||
|
|
|
|||
Loading…
Reference in a new issue