github_mirrors/attachment
3
0
Fork 1
mirror of https://github.com/openappsec/attachment.git synced 2025-12-31 05:39:07 +03:00
Code Issues Packages Projects Releases Wiki Activity

increase timeout

Browse Source
This commit is contained in:
wiaamm
2025-12-03 02:14:34 +02:00
parent 77a31c3842
commit 19bbd5a553
2 changed files with 17 additions and 18 deletions
Download Patch File Download Diff File Expand all files Collapse all files

25
attachments/kong/plugins/open-appsec-waf-kong-plugin/handler.lua
View File

@@ -72,12 +72,15 @@ function NanoHandler.access(conf)
local contains_body = has_content_length and 1 or 0 local contains_body = has_content_length and 1 or 0
local verdict, response = nano.send_data(session_id, session_data, meta_data, req_headers, contains_body, nano.HttpChunkType.HTTP_REQUEST_FILTER) local verdict, response = nano.send_data(session_id, session_data, meta_data, req_headers, contains_body, nano.HttpChunkType.HTTP_REQUEST_FILTER)
-- Restart GC after send_data completes (was stopped in handle_start_transaction)
collectgarbage("restart")
if verdict == nano.AttachmentVerdict.DROP then if verdict == nano.AttachmentVerdict.DROP then
kong.ctx.plugin.blocked = true kong.ctx.plugin.blocked = true
kong.ctx.plugin.inspection_complete = true kong.ctx.plugin.inspection_complete = true
local result = nano.handle_custom_response(session_data, response) local result = nano.handle_custom_response(session_data, response)
nano.fini_session(session_data) nano.fini_session(session_data)
nano.cleanup_all()
kong.ctx.plugin.session_id = nil kong.ctx.plugin.session_id = nil
kong.ctx.plugin.session_data = nil kong.ctx.plugin.session_data = nil
return result return result
@@ -92,7 +95,6 @@ function NanoHandler.access(conf)
kong.ctx.plugin.inspection_complete = true kong.ctx.plugin.inspection_complete = true
local result = nano.handle_custom_response(session_data, response) local result = nano.handle_custom_response(session_data, response)
nano.fini_session(session_data) nano.fini_session(session_data)
nano.cleanup_all()
kong.ctx.plugin.session_id = nil kong.ctx.plugin.session_id = nil
kong.ctx.plugin.session_data = nil kong.ctx.plugin.session_data = nil
return result return result
@@ -112,7 +114,6 @@ function NanoHandler.access(conf)
kong.ctx.plugin.inspection_complete = true kong.ctx.plugin.inspection_complete = true
local result = nano.handle_custom_response(session_data, response) local result = nano.handle_custom_response(session_data, response)
nano.fini_session(session_data) nano.fini_session(session_data)
nano.cleanup_all()
kong.ctx.plugin.session_id = nil kong.ctx.plugin.session_id = nil
kong.ctx.plugin.session_data = nil kong.ctx.plugin.session_data = nil
return result return result
@@ -137,7 +138,6 @@ function NanoHandler.access(conf)
kong.ctx.plugin.inspection_complete = true kong.ctx.plugin.inspection_complete = true
local result = nano.handle_custom_response(session_data, response) local result = nano.handle_custom_response(session_data, response)
nano.fini_session(session_data) nano.fini_session(session_data)
nano.cleanup_all()
kong.ctx.plugin.session_id = nil kong.ctx.plugin.session_id = nil
kong.ctx.plugin.session_data = nil kong.ctx.plugin.session_data = nil
return result return result
@@ -177,7 +177,6 @@ function NanoHandler.access(conf)
kong.ctx.plugin.inspection_complete = true kong.ctx.plugin.inspection_complete = true
local result = nano.handle_custom_response(session_data, response) local result = nano.handle_custom_response(session_data, response)
nano.fini_session(session_data) nano.fini_session(session_data)
nano.cleanup_all()
kong.ctx.plugin.session_id = nil kong.ctx.plugin.session_id = nil
kong.ctx.plugin.session_data = nil kong.ctx.plugin.session_data = nil
return result return result
@@ -219,12 +218,11 @@ function NanoHandler.header_filter(conf)
if verdict == nano.AttachmentVerdict.DROP then if verdict == nano.AttachmentVerdict.DROP then
ctx.blocked = true ctx.blocked = true
ctx.inspection_complete = true ctx.inspection_complete = true
local custom_result = nano.handle_custom_response(ctx.session_data, response) local result = nano.handle_custom_response(ctx.session_data, response)
nano.fini_session(ctx.session_data) nano.fini_session(ctx.session_data)
nano.cleanup_all()
ctx.session_id = nil ctx.session_id = nil
ctx.session_data = nil ctx.session_data = nil
return custom_result return result
end end
end end
@@ -290,13 +288,12 @@ function NanoHandler.body_filter(conf)
if verdict == nano.AttachmentVerdict.DROP then if verdict == nano.AttachmentVerdict.DROP then
ctx.blocked = true ctx.blocked = true
ctx.inspection_complete = true ctx.inspection_complete = true
local custom_result = nano.handle_custom_response(ctx.session_data, response) local result = nano.handle_custom_response(ctx.session_data, response)
nano.fini_session(ctx.session_data) nano.fini_session(ctx.session_data)
nano.cleanup_all()
collectgarbage("collect") collectgarbage("collect")
ctx.session_id = nil ctx.session_id = nil
ctx.session_data = nil ctx.session_data = nil
return custom_result return result
end end
else else
kong.log.err("nano.send_body failed: ", tostring(result), " - cleaning up session") kong.log.err("nano.send_body failed: ", tostring(result), " - cleaning up session")
@@ -323,13 +320,12 @@ function NanoHandler.body_filter(conf)
if verdict == nano.AttachmentVerdict.DROP then if verdict == nano.AttachmentVerdict.DROP then
ctx.blocked = true ctx.blocked = true
ctx.inspection_complete = true ctx.inspection_complete = true
local custom_result = nano.handle_custom_response(ctx.session_data, response) local result = nano.handle_custom_response(ctx.session_data, response)
nano.fini_session(ctx.session_data) nano.fini_session(ctx.session_data)
nano.cleanup_all()
collectgarbage("collect") collectgarbage("collect")
ctx.session_id = nil ctx.session_id = nil
ctx.session_data = nil ctx.session_data = nil
return custom_result return result
else else
ngx.arg[1] = nil -- Discard chunk ngx.arg[1] = nil -- Discard chunk
ctx.inspection_complete = true ctx.inspection_complete = true
@@ -378,7 +374,6 @@ function NanoHandler.log(conf)
if ctx.session_id and ctx.session_data and not ctx.inspection_complete then if ctx.session_id and ctx.session_data and not ctx.inspection_complete then
kong.log.err("Emergency cleanup for session ", ctx.session_id) kong.log.err("Emergency cleanup for session ", ctx.session_id)
nano.fini_session(ctx.session_data) nano.fini_session(ctx.session_data)
nano.cleanup_all()
collectgarbage("collect") collectgarbage("collect")
ctx.inspection_complete = true ctx.inspection_complete = true
ctx.session_id = nil ctx.session_id = nil

10
attachments/kong/plugins/open-appsec-waf-kong-plugin/nano_ffi.lua
View File

@@ -94,6 +94,7 @@ function nano.handle_custom_response(session_data, response)
end end
local response_type = nano_attachment.get_web_response_type(attachment, session_data, response) local response_type = nano_attachment.get_web_response_type(attachment, session_data, response)
kong.log.err("Block response - type: ", response_type)
if response_type == nano.WebResponseType.RESPONSE_CODE_ONLY then if response_type == nano.WebResponseType.RESPONSE_CODE_ONLY then
local code = nano_attachment.get_response_code(response) local code = nano_attachment.get_response_code(response)
@@ -101,12 +102,13 @@ function nano.handle_custom_response(session_data, response)
kong.log.warn("Invalid response code received: ", code, " - using 403 instead") kong.log.warn("Invalid response code received: ", code, " - using 403 instead")
code = 403 code = 403
end end
kong.log.debug("Response code only: ", code) kong.log.err("Response code only: ", code)
return kong.response.exit(code, "") return kong.response.exit(code, "")
end end
if response_type == nano.WebResponseType.REDIRECT_WEB_RESPONSE then if response_type == nano.WebResponseType.REDIRECT_WEB_RESPONSE then
local location = nano_attachment.get_redirect_page(attachment, session_data, response) local location = nano_attachment.get_redirect_page(attachment, session_data, response)
kong.log.err("Redirect response to: ", location)
return kong.response.exit(307, "", { ["Location"] = location }) return kong.response.exit(307, "", { ["Location"] = location })
end end
@@ -120,7 +122,7 @@ function nano.handle_custom_response(session_data, response)
kong.log.warn("Invalid response code received: ", code, " - using 403 instead") kong.log.warn("Invalid response code received: ", code, " - using 403 instead")
code = 403 code = 403
end end
kong.log.debug("Block page response with code: ", code) kong.log.err("Block page response with code: ", code, ", page length: ", #block_page)
return kong.response.exit(code, block_page, { ["Content-Type"] = "text/html" }) return kong.response.exit(code, block_page, { ["Content-Type"] = "text/html" })
end end
@@ -291,6 +293,8 @@ function nano.handle_start_transaction()
table.insert(nano.allocated_metadata, metadata) table.insert(nano.allocated_metadata, metadata)
-- Temporarily stop GC to ensure metadata isn't collected before it's used
-- Handler will restart GC after send_data completes
collectgarbage("stop") collectgarbage("stop")
return metadata return metadata
@@ -434,7 +438,7 @@ function nano.fini_session(session_data)
-- This prevents memory leaks from responses, headers, metadata, etc. -- This prevents memory leaks from responses, headers, metadata, etc.
nano.cleanup_all() nano.cleanup_all()
kong.log.info("Successfully finalized session ", session_data, " for worker ", worker_id) kong.log.err("Successfully finalized session ", session_data, " for worker ", worker_id)
return true return true
end end