github_mirrors/attachment
3
0
Fork 1
mirror of https://github.com/openappsec/attachment.git synced 2025-12-31 13:49:09 +03:00
Code Issues Packages Projects Releases Wiki Activity

remove finilizing session

Browse Source
This commit is contained in:
wiaamm
2025-11-30 00:40:52 +02:00
parent 674e4a69f3
commit 1dbbe338e1
1 changed files with 19 additions and 25 deletions
Download Patch File Download Diff File Expand all files Collapse all files

44
attachments/kong/plugins/open-appsec-waf-kong-plugin/handler.lua
View File

@@ -186,32 +186,22 @@ function NanoHandler.body_filter(conf)
if not ctx.body_buffer_chunk then if not ctx.body_buffer_chunk then
ctx.body_buffer_chunk = 0 ctx.body_buffer_chunk = 0
ctx.body_filter_start_time = ngx.now() * 1000 ctx.body_filter_start_time = ngx.now() * 1000
ctx.body_filter_timeout = false
ctx.failed_nano_send = false
ctx.num_body_filter_calls = 0 ctx.num_body_filter_calls = 0
ctx.last_chunk_hash = nil ctx.last_chunk_hash = nil
end end
ctx.num_body_filter_calls = ctx.num_body_filter_calls + 1 ctx.num_body_filter_calls = ctx.num_body_filter_calls + 1
if ctx.failed_nano_send then
return
end
local current_time = ngx.now() * 1000 local current_time = ngx.now() * 1000
if current_time - ctx.body_filter_start_time > 150000 then if current_time - ctx.body_filter_start_time > 150000 then
if not ctx.body_filter_timeout then kong.log.warn("body_filter timeout exceeded (2.5 minutes), failing open")
ctx.body_filter_timeout = true
ctx.failed_nano_send = true if not ctx.session_finalized then
kong.log.warn("body_filter timeout exceeded (2.5 minutes), failing open") nano.fini_session(session_data)
nano.cleanup_all()
-- Finalize session on timeout ctx.session_finalized = true
if not ctx.session_finalized then
nano.fini_session(session_data)
nano.cleanup_all()
ctx.session_finalized = true
end
end end
return return
end end
@@ -296,18 +286,22 @@ function NanoHandler.body_filter(conf)
return custom_result return custom_result
end end
else else
-- Nano send failed - fail open, pass chunk through uninspected -- Nano send failed - finalize session immediately and fail open
kong.log.warn("nano.send_body failed, failing open: ", result) kong.log.warn("nano.send_body failed, finalizing session and failing open: ", result)
ctx.body_buffer_chunk = ctx.body_buffer_chunk + 1
ctx.failed_nano_send = true if not ctx.session_finalized then
ctx.last_chunk_hash = chunk_hash nano.fini_session(session_data)
-- CRITICAL: Pass chunk through to client nano.cleanup_all()
-- ngx.arg[1] is already set to chunk by Kong, don't need to modify ctx.session_finalized = true
end
-- Pass chunk through uninspected
return
end end
end end
if eof or (ctx.expect_body == false and not ctx.body_seen) then if eof or (ctx.expect_body == false and not ctx.body_seen) then
if not ctx.body_filter_timeout and not ctx.failed_nano_send then if not ctx.session_finalized then
local ok, result = pcall(function() local ok, result = pcall(function()
return {nano.end_inspection(session_id, session_data, nano.HttpChunkType.HTTP_RESPONSE_END)} return {nano.end_inspection(session_id, session_data, nano.HttpChunkType.HTTP_RESPONSE_END)}
end) end)