add getter functions for timeout

attachments/kong/plugins/open-appsec-waf-kong-plugin/handler.lua

@@ -89,13 +89,14 @@ function NanoHandler.access(conf)
                         local chunk_size = 8192
                         local chunk_count = 0
                         local start_time = ngx.now()
+                        local timeout_sec = nano.get_request_processing_timeout_sec()
                         
                         while true do
                             ngx.update_time()
                             local current_time = ngx.now()
                             local elapsed = current_time - start_time
                             
-                            if elapsed > 3 then
+                            if elapsed > timeout_sec then
                                 kong.log.warn("Request body reading timeout after ", elapsed, " seconds")
                                 file:close()
                                 return
@@ -245,9 +246,10 @@ function NanoHandler.body_filter(conf)
 
     if not ctx.body_filter_start_time then
         ctx.body_filter_start_time = ngx.now()
+        ctx.body_filter_timeout_sec = nano.get_response_processing_timeout_sec()
     end
     local elapsed_time = ngx.now() - ctx.body_filter_start_time
-    if elapsed_time > 3 then
+    if elapsed_time > ctx.body_filter_timeout_sec then
         kong.log.warn("Body filter timeout after ", elapsed_time, " seconds - failing open")
         ctx.cleanup_needed = true
         -- Send buffered chunks before timeout
@@ -316,7 +318,6 @@ function NanoHandler.body_filter(conf)
     if eof then
         kong.log.err("End of response body reached in body_filter, eof=true")
         
-        -- Call end_inspection if we haven't gotten ACCEPT verdict yet
         if ctx.body_seen or ctx.expect_body == false then
             kong.log.err("Calling end_inspection for response")
             local verdict, response = nano.end_inspection(session_id, session_data, nano.HttpChunkType.HTTP_RESPONSE_END)

attachments/kong/plugins/open-appsec-waf-kong-plugin/lua_attachment_wrapper.c

@@ -507,6 +507,30 @@ static int lua_free_verdict_response(lua_State *L) {
     return 0;
 }
 
+static int lua_get_request_processing_timeout_msec(lua_State *L) {
+    NanoAttachment* attachment = (NanoAttachment*)lua_touserdata(L, 1);
+    if (!attachment) {
+        lua_pushinteger(L, 3000);
+        return 1;
+    }
+
+    uint32_t timeout = GetRequestProcessingTimeout(attachment);
+    lua_pushinteger(L, timeout);
+    return 1;
+}
+
+static int lua_get_response_processing_timeout_msec(lua_State *L) {
+    NanoAttachment* attachment = (NanoAttachment*)lua_touserdata(L, 1);
+    if (!attachment) {
+        lua_pushinteger(L, 3000);
+        return 1;
+    }
+
+    uint32_t timeout = GetResponseProcessingTimeout(attachment);
+    lua_pushinteger(L, timeout);
+    return 1;
+}
+
 static const struct luaL_Reg nano_attachment_lib[] = {
     {"init_nano_attachment", lua_init_nano_attachment},
     {"get_web_response_type", lua_get_web_response_type},
@@ -529,6 +553,8 @@ static const struct luaL_Reg nano_attachment_lib[] = {
     {"free_verdict_response", lua_free_verdict_response},
     {"send_body", lua_send_body},
     {"end_inspection", lua_end_inspection},
+    {"get_request_processing_timeout_msec", lua_get_request_processing_timeout_msec},
+    {"get_response_processing_timeout_msec", lua_get_response_processing_timeout_msec},
     {NULL, NULL}
 };
 

attachments/kong/plugins/open-appsec-waf-kong-plugin/nano_ffi.lua

@@ -489,4 +489,30 @@ function nano.end_inspection(session_id, session_data, chunk_type)
     return verdict, response
 end
 
+function nano.get_request_processing_timeout_sec()
+    local worker_id = ngx.worker.id()
+    local attachment = nano.attachments[worker_id]
+
+    if not attachment then
+        kong.log.warn("Attachment not available for worker ", worker_id, " - using default timeout")
+        return 3
+    end
+
+    local timeout_msec = nano_attachment.get_request_processing_timeout_msec(attachment)
+    return timeout_msec / 1000.0
+end
+
+function nano.get_response_processing_timeout_sec()
+    local worker_id = ngx.worker.id()
+    local attachment = nano.attachments[worker_id]
+
+    if not attachment then
+        kong.log.warn("Attachment not available for worker ", worker_id, " - using default timeout")
+        return 3
+    end
+
+    local timeout_msec = nano_attachment.get_response_processing_timeout_msec(attachment)
+    return timeout_msec / 1000.0
+end
+
 return nano

attachments/nano_attachment/nano_attachment.c

@@ -622,3 +622,22 @@ freeCompressedBody(NanoAttachment *attachment, HttpSessionData *session_data, Ht
 {
     nano_free_compressed_body(attachment, bodies, session_data);
 }
+
+uint32_t
+GetRequestProcessingTimeout(NanoAttachment *attachment)
+{
+    if (attachment == NULL) {
+        return 3000;
+    }
+    return attachment->req_max_proccessing_ms_time;
+}
+
+uint32_t
+GetResponseProcessingTimeout(NanoAttachment *attachment)
+{
+    if (attachment == NULL) {
+        return 3000;
+    }
+    return attachment->res_max_proccessing_ms_time;
+}
+

core/include/attachments/nano_attachment.h

@@ -266,4 +266,28 @@ freeCompressedBody(
     HttpBody *bodies
 );
 
+///
+/// @brief Gets the request processing timeout in milliseconds.
+///
+/// This function retrieves the configured timeout value for request processing
+/// from the NanoAttachment configuration.
+///
+/// @param attachment A pointer to the NanoAttachment structure.
+///
+/// @return The request processing timeout in milliseconds.
+///
+uint32_t GetRequestProcessingTimeout(NanoAttachment *attachment);
+
+///
+/// @brief Gets the response processing timeout in milliseconds.
+///
+/// This function retrieves the configured timeout value for response processing
+/// from the NanoAttachment configuration.
+///
+/// @param attachment A pointer to the NanoAttachment structure.
+///
+/// @return The response processing timeout in milliseconds.
+///
+uint32_t GetResponseProcessingTimeout(NanoAttachment *attachment);
+
 #endif // __NANO_ATTACHMENT_H__