add missing file

expose HasMatches bool in posteval hook
2024-01-16 17:18:54 +01:00 · 2024-01-16 11:38:28 +01:00
3 changed files with 7 additions and 6 deletions
--- a/pkg/acquisition/modules/appsec/appsec_runner.go
+++ b/pkg/acquisition/modules/appsec/appsec_runner.go
@ -120,7 +120,7 @@ func (r *AppsecRunner) processRequest(tx appsec.ExtendedTransaction, request *ap
 		request.Tx.ProcessLogging()
 		//We don't close the transaction here, as it will reset coraza internal state and break variable tracking

-		err := r.AppsecRuntime.ProcessPostEvalRules(request)
+		err := r.AppsecRuntime.ProcessPostEvalRules(request, in != nil)
 		if err != nil {
 			r.logger.Errorf("unable to process PostEval rules: %s", err)
 		}
--- a/pkg/appsec/appsec.go
+++ b/pkg/appsec/appsec.go
@ -39,7 +39,7 @@ func (h *Hook) Build(hookStage int) error {
 	case hookPreEval:
 		ctx = GetPreEvalEnv(&AppsecRuntimeConfig{}, &ParsedRequest{})
 	case hookPostEval:
-		ctx = GetPostEvalEnv(&AppsecRuntimeConfig{}, &ParsedRequest{})
+		ctx = GetPostEvalEnv(&AppsecRuntimeConfig{}, &ParsedRequest{}, false)
 	case hookOnMatch:
 		ctx = GetOnMatchEnv(&AppsecRuntimeConfig{}, &ParsedRequest{}, types.Event{})
 	}
@ -370,10 +370,10 @@ func (w *AppsecRuntimeConfig) ProcessPreEvalRules(request *ParsedRequest) error
 	return nil
 }

-func (w *AppsecRuntimeConfig) ProcessPostEvalRules(request *ParsedRequest) error {
+func (w *AppsecRuntimeConfig) ProcessPostEvalRules(request *ParsedRequest, hasMatches bool) error {
 	for _, rule := range w.CompiledPostEval {
 		if rule.FilterExpr != nil {
-			output, err := exprhelpers.Run(rule.FilterExpr, GetPostEvalEnv(w, request), w.Logger, w.Logger.Level >= log.DebugLevel)
+			output, err := exprhelpers.Run(rule.FilterExpr, GetPostEvalEnv(w, request, hasMatches), w.Logger, w.Logger.Level >= log.DebugLevel)
 			if err != nil {
 				return fmt.Errorf("unable to run appsec post_eval filter %s : %w", rule.Filter, err)
 			}
@ -390,7 +390,7 @@ func (w *AppsecRuntimeConfig) ProcessPostEvalRules(request *ParsedRequest) error
 		}
 		// here means there is no filter or the filter matched
 		for _, applyExpr := range rule.ApplyExpr {
-			_, err := exprhelpers.Run(applyExpr, GetPostEvalEnv(w, request), w.Logger, w.Logger.Level >= log.DebugLevel)
+			_, err := exprhelpers.Run(applyExpr, GetPostEvalEnv(w, request, hasMatches), w.Logger, w.Logger.Level >= log.DebugLevel)
 			if err != nil {
 				log.Errorf("unable to apply appsec post_eval expr: %s", err)
 				continue
--- a/pkg/appsec/waf_helpers.go
+++ b/pkg/appsec/waf_helpers.go
@ -35,12 +35,13 @@ func GetPreEvalEnv(w *AppsecRuntimeConfig, request *ParsedRequest) map[string]in
 	}
 }

-func GetPostEvalEnv(w *AppsecRuntimeConfig, request *ParsedRequest) map[string]interface{} {
+func GetPostEvalEnv(w *AppsecRuntimeConfig, request *ParsedRequest, hasMatches bool) map[string]interface{} {
 	return map[string]interface{}{
 		"IsInBand":    request.IsInBand,
 		"IsOutBand":   request.IsOutBand,
 		"DumpRequest": request.DumpRequest,
 		"req":         request.HTTPRequest,
+		"HasMatches":  hasMatches,
 	}
 }
Author	SHA1	Message	Date
Sebastien Blot	795b468849	add missing file	2024-01-16 17:18:54 +01:00
Sebastien Blot	73d478f351	expose HasMatches bool in posteval hook	2024-01-16 11:38:28 +01:00